Changes between Mathopd 1.4 and Mathopd 1.5 The string "[!]" after a change means: this change introduces an incompatibility with previous versions of this software. The string "[RFC2616]" after a change means: this change was made in order to attain HTTP/1.1 compliance. A list of changes follows. cgi.c: All headers are now converted into HTTP_ environment variables, not just some. (With the exception that HTTP_CONTENT_LENGTH and HTTP_CONTENT_TYPE are not set, because these are already in other variables, and HTTP_AUTHORIZATION is not set if the user is authenticated by Mathopd.) Headers with the same name that occur multiple times in a request are now concatenated. Previous versions did not do this, which meant, for instance, that if two "Cookie" headers where received, one of those would be lost. The value of GATEWAY_INTERFACE is now set. If the user is authenticated by Mathopd, the value of AUTH_TYPE is set. The value of SERVER_NAME is set to the value of the Host: header sent by the client. This appears to make the most sense, especially for virtual servers that are created with "AnyHost". The server no longer allows scripts to run under the same user-id as ourselves. Previously, we would not run a script if neither ScriptUser nor RunScriptAsOwner were set. But that does not catch cases where ScriptUser == User or other anomalies. [!] If the "StayRoot" flag is Off, CGI scripts can only run if there is no ScriptUser or RunScriptsAsOwner. Previous versions would ignore these keywords. [!] The setting of PATH_INFO and PATH_TRANSLATED is now independent on whether we run as a pure CGI program or an 'External' script. The SCRIPT_FILENAME variable now contains what would be in PATH_TRANSLATED for external scripts. [!] External scripts can now be called with added command-line arguments. The DNS lookup code has been removed. This means that REMOTE_HOST will never be set. [!] The ChildLog is now strftime-expanded, just like the other logs. config.c: The following keywords have been added:- NumHeaders ExtraHeaders ScriptTimeout ScriptBufSize PathInfo AutoIndexCommand Backlog TimeTaken LocalAddress LocalPort MicroTime Clobber Wait [!] SanitizePath The following keywords have been removed:- DNSLookups [!] Name [!] The "Virtual" keyword may now be used in a global context as well. If used that way, the virtual server(s) that it defines will be inherited by all subsequent Server blocks. The value for the User parameter is now immediately checked at configuration time, and the user and group IDs are stored then. The ScriptUser gets a similar treatment. [!] core.c: Connections are timed out properly. The server no longer tries to accept() from a server socket if there is no room for any new connection. The connections are now stored in several linked lists, rather than just one. This causes a significant speed increase, especially if the server is run with NumConnections set to a very high number. (It is not very efficient to loop over 1000 idle connections every time.) As a side-effect of the above, if a connection comes in, and no free connections are available, mathopd clobbers the connection that has been idle for the longest period of time. Previously a more or less random connection would be clobbered. On certain systems, Mathopd can use sendfile() to send the contents of a file to the client. At this moment this is known to work on FreeBSD-4 and Linux 2.4 systems. Previous Mathopd versions would 'clobber' connections that are idle when it starts to run out of other connections. This behaviour can now be turned off using the Clobber keyword. There is a separate timeout for connections that are idling in a keep-alive state between requests, via the "Wait" keyword. [!] dump.c: Some extra statistics counters were added. The per-server 'accepted' counters are merged into one. The 'handled' counters have gone, since these will now always equal the 'accepted' counters. An 'internal dump' has been added to allow dumping to a file in /tmp, rather than dumping to an HTTP client. This is triggered by the SIGWINCH signal. imap.c: Imagemap files are now limited to 1000 lines or less, since processing these can be quite expensive in terms of CPU time. [!] log.c: The server no longer logs to standard error if the '-n' command-line option is set, because that interferes with the ChildLog for forked requests. To get the old behaviour, run Mathopd with the '-t' ('tee') option. [!] Time stamps in the request log are more accurate. Previous versions would stop logging after the log files were rotated and /dev/stdout or /dev/stderr had been specified as log file. This has been corrected. main.c: The server no longer closes all file descriptors if the '-n' flag is specified. All initialization for child processes (i.e. CGI scripts) is now done in the main process, rather than the child process. This change makes it possible to use vfork() rather than fork() to create child processes. This dramatically improves CGI performances on some platforms. The second argument to the listen() call is now dynamic via the Backlog keyword. request.c: The "Range" and "If-Range" headers are now handled properly. The server now understands and implements the "If-Unmodified-Since" header. [RFC2616] If the first line after the Request-Line starts with a space, it is no longer treated as a continuation of the Request-Line. The server now returns a 400 rather than 404 error if a virtual server cannot be found. [RFC2616] Mathopd now understands requests with an absolute URI in the Request-Line. [RFC2616] The "Transfer-Encoding" header is parsed. [RFC2616] Despite the above, POST requests to Mathopd that contain a message body must have a Content-Length as well, and no Transfer-Encoding. If a length is not present we return a 411 error. (Content-Length is required because CGI does not specify what one should do with input that arrives in chunks.) If the AutoIndexCommand is set for a control block, that command is executed when a request is made for a directory and there is no index, as specified by IndexNames. The command may be a CGI script or an External; it may even be a plain file, but that is probably not very useful. The server now limits the size of Request-URIs (to 400 characters, but this can be changed by redefining STRLEN when compiling the program.) If the Request-URI is too long, a 414 error is returned. Note that the size of the query part (the bit that follows the '?' character) is not limited by this factor. Mathopd now closes the connection upon receipt of a 'HTTP/0.9' request, that is, a request that does not contain a HTTP version. Thus, we now support HTTP/0.9 requests, in the sense that such requests are treated as an error. There are no HTTP/0.9 browsers left so this should not be a problem. [!] The files specified by Error401File etc. can now be CGI scripts. Anything that is requested is now opened immediately. Previous versions would call stat() first, which is a time-consuming process. As a side-effect, all files that are served by Mathopd must now be readable, including compiled CGI programs. [!] If the request included an "Expect: 100-continue" header, the client is apparently sending a request-body next, and no part of the request-body has been received, the server sends a "100-continue" response. [RFC2616] Mathopd now closes the connection after it has processed a GET or HEAD request that contained a message body. Previous versions would treat the message body as a new request. Mathopd no longer generates Last-Modified dates that are in the future, and ignores If-Modified-Since dates in the future. [RFC2616] Mathopd can now (optionally) allow //, /./ and /../ in URL paths. Thanks for Peter Pentchev for suggesting this and providing initial patches. stub.c: This is a new file that contains code to pass data from and to clients and CGI scripts. Originally this code was in the 'phpstub' program, but it has since been mutilated beyond all recognition. sendfile.c: This is a new file. It contains hooks into the sendfile() function. See the comments about sendfile above for details.