welcome hpws docs hp-ux webservers home contact hp support
hp logo - invent  hp-ux web server suite

Release Notes
HP-UX Apache-based Web Server A.2.0.58.00
on HP-UX 11.0 and 11i for PA-RISC

TABLE OF CONTENTS

What's New Previous Releases Features - Secure Socket Layer (SSL) - Dynamic Shared Objects (DSOs) - Standard Features in HP-UX Apache-based Web Server - Utilities Documentation Miscellaneous Known Bugs Legal Notices Note: Please refer to /opt/hpws/LICENSES/ to view HP's license, terms, and warranty for all components. For the latest information on all HP-UX Apache-based Web Servers, see http://www.hp.com/go/webserver/. By default, the HP-UX Apache-based Web Server runs under port number 80, while the secure web server runs under port 443.

WHAT'S NEW

HP-UX Apache-based Web Server A.2.0.58.00: This release of HP-UX Apache-based Server is primarily a security and bug fix release. - Apache upgraded to 2.0.58 The following security vulnerabilities have been fixed in this release. mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Reported by Mark Dowd of McAfee Avert Labs. More details are available at <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747">http://cve.mitre.org/cgi-bin/c vename.cgi?name=CVE-2006-3747</a> mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. More details are available at <a href="">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357 Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. More details are available at <a href="">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352 - mod_perl supports perl 5.8.8 - mod_jk upgraded to 1.2.15 - mod_jk2 upgraded to 2.0.5 - PHP extension, oci8 upgraded to 1.1 - Bug Fixes Added a new Apache module, mod_auth_kerb. Added a new PHP extension, openssl. Added OCSP support for mod_ssl. auth_ldap is no longer shipped with HP-UX Web Server Suite. mod_perl fixed to display the entire process name on inclusion of <Perl> directive in the configuration file. Openldap fixed to prevent core dump on loading and unloading of ldap.sl, a PHP extension. mod_jk2 now recognises ipv6 addresses. The PHP extension pgsql.sl now links to the latest version of libpq. Running multiple instances of Apache has been documented. libtool fixed to not refer to /CLO/BUILD_ENV. SSL admin guide updated with the updatecrl option. mod_ssl doesn't conflict with RSA's sslc library. The correct version of Openssl binary is now displayed on the command prompt. mod_ldap fixed to prevent segmentation fault when used for authentication.

PREVIOUS RELEASES

This release of HP-UX Apache-based Server is primarily a security and bug fix release. - The following security vulnerabilities have been fixed in this release. The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field. More details are available at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390 The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. More details are available at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969 - Bug Fixes Apache is fixed to solve the problem of Content-Length header not being present in HEAD response when used as a front-end server mod_perl fixed to honor Perl's $| "OUTPUT_AUTOFLUSH" for STDOUT Apache is fixed to stop without errors in Chrooted environment mod_proxy is fixed to solve the problem of data loss with httpd-2.0.55 reverse proxy method=post. This release of HP-UX Apache-based Web Server is a security and bug fix release. - Apache upgraded to 2.0.55 The following security vulnerabilities have been fixed in this release. Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. More details are available at <a href="">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491 Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. More details are available at <a href="">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1268">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1268 The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. More details are available at <a href="">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728 Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." More details are available at <a href="">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088 - Bug Fixes Added support for Nested mutexes. To enable C++ modules, the following 3 lines must be added to the httpd.conf file, if not present. For 11iv2 IA 64-bit platforms, the directives to load the standard C++ libraries are provided. LoadFile /usr/lib/hpux64/libunwind.so LoadFile /usr/lib/hpux64/libCsup.so LoadFile /usr/lib/hpux64/libstd_v2.so For 11iv2 IA 32-bit platforms, the directives to load the standard C++ libraries are provided. LoadFile /usr/lib/hpux32/libunwind.so LoadFile /usr/lib/hpux32/libCsup.so LoadFile /usr/lib/hpux32/libstd_v2.so For all other flavors, the directives to load the classic C++ libraries are provided. LoadFile /usr/lib/libCsup.sl LoadFile /usr/lib/libstream.sl LoadFile /usr/lib/libstd.sl NOTE: To use the LoadFile directive, the following patches are required. For 11iv1: PHSS_30968 - ld(1) and linker tools cumulative patch PHSS_32573 - s700_800 11.11 HP aC++ -AA runtime libraries (aCC A.03.61) For 11.00: PHSS_30969 s700_800 11.00 ld(1) and linker tools cumulative patch PHSS_32574 s700_800 11.X HP aC++ -AA runtime libraries (aCC A.03.61) For 11iv2: No patches are required Please note that the LoadFile directive must precede the LoadModule directive for C++ modules. Note : There is a known problem with mod_perl. mod_perl does not honor Perl's $| (OUTPUT_AUTOFLUSH) for STDOUT. The fix for this problem could not be included in this release and will be available in the next release. Please contact your RCE if you need the fix. HP-UX Apache-based Web Server A.2.0.54.02: This release of HP-UX Apache-based Web Server is a bug fix release. mod_ssl in Apache webserver 2.0.54.00 and earlier, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. The MySQL extension for PHP is provided as an external library on HP-UX 11i and HP-UX 11iv2 32 bit versions. HP-UX Apache-based Web Server A.2.0.54.00: This release of HP-UX Apache-based Web Server is a bug fix release. - Apache upgraded to 2.0.54 - mod_jk upgraded to 1.2.10 - OpenSSL upgraded to 0.9.7g - mod_perl supports perl 5.8.3 - PHP upgraded to 5.0.4 HP-UX Apache-based Web Server 2.0.53: This release of HP-UX Apache-based Web Server is primarily a security and defect fix release. - Apache upgraded to 2.0.53 Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters. More details are available at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942 HP-UX Apache-based Web Server 2.0.52: This release of HP-UX Apache-based Web Server is primarily a security and bug fix release. - Apache upgraded to 2.0.52 The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool. More details are available at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786 Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables. More details are available at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747 The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault). More details are available at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop. More details are available at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748 The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. More details are available at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809 Vulnerability in Apache 2.0.51 prevents the merging of the Satisfy directive, which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. More details are available at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0811 - mod_perl upgraded to 1.99_16 HP-UX Apache-based Web Server 2.0.50: This release of HP-UX Apache-based Web Server is primarily a security and bug fix release with two enhancements. - Apache upgraded to 2.0.50 A remotely triggered memory leak in http header parsing can allow a denial of service attack due to excessive memory consumption. [CAN-2004-0493] More details are available at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493 Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length. [CAN-2004-0488] More details are available at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488 - PHP upgraded to 4.3.8 The memory_limit functionality, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. [CAN-2004-0594] More details are available at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594 The strip_tags function, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. [CAN-2004-0595] More details are available at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595 - Apache(mod_ssl): Extended support for 'RequestHeader' directive When the Proxy feature is used, the RequestHeader directive can be used to send any environment variables/values to the backend server. - Apache(mod_ssl): Support for updating CRL without re-starting the web server A new option 'updatecrl' was added to apachectl. This new option will allow to update the Certificate Revocation List without taking down the web server. - Bug fixes: mod_ssl: Fix a SEGV that occurs when small cache size is specified. mod_cgi: Fix a hang problem with scripts that used timeouts (ex. ping) HP-UX Apache-based Web Server 2.0.49.00: This release of HP-UX Apache-based Web Server is primarily a security and bug fix release which addresses the following vulnerablities and problems: - Apache upgraded to 2.0.49: Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators. More details are available at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020 Starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections. More details are available at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174 Memory leak in mod_ssl allows a remote denial of service attack against a SSL-enabled server by sending plain HTTP requests to the SSL port. More details are available at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113 Bug fixes: mod_ssl: Send the "Close Notify" alert message before closing the socket. mod_ssl: Support for recognizing SSL variables in mod_rewrite. mod_ssl: Disable extra session caching in OpenSSL to prevent memory leak. mod_ssl: Changed SSLMutex to use 'pthread' and 'shm' as an option. Apache : Fix segmentation violation when no Listen directive is specified. - OpenSSL upgraded to 0.9.7.d The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. More details are available at <a href=":">http://cve.mitre.org/">http://cve.mitre.org/: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079"> CAN-2004-0079</a> The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. More details are available at <a href=":">http://cve.mitre.org/">http://cve.mitre.org/: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112"> CAN-2004-0112</a> PKCS7-S/MIME encryption fails with memory fault core dump - C++ plug-in modules C++ plug-in modules on IPF should now be built with the Standard C++ runtime libraries. This is a change from previous versions which used Classic C++ runtime libraries. Plug-ins for PA should continue to use the Classic C++ runtime libraries. From more information see, Apache Admin Guide

FEATURES

The HP-UX Apache-based Web Server A.2.0.58.00 is a 32-bit product for HP-UX, based on Apache HTTP Server 2.0 (version 2.0.58) software from the Apache Software Foundation (ASF). The HP-UX Apache-based Web Server is built with the "worker" Multi-Processing Module (MPM). This module implements a hybrid, multi-process, multi-threaded server and provides high scalability with improved performance. In the worker MPM a single control process is responsible for launching child processes. Each child process creates a fixed number of threads as specified in the ThreadsPerChild directive. The individual threads then listen for connections and serve them when they arrive. MaxRequestsPerChild controls how frequently the server recycles processes by killing old ones and launching new ones. The server adjusts to handle load by increasing or decreasing the number of processes. The HP-UX Apache-based Web Server is an HTTP/1.1 compliant server which implements the latest protocols, including RFC2616. It is precompiled and preconfigured to run on HP-UX 11.0 and 11i for PA-RISC.

Secure Socket Layer (SSL)

The HP-UX Apache-based Web Server is delivered with 128-bit strong encryption capability. The base Apache HTTP Server includes an SSL module (mod_ssl) to provide secure communication via the Secure Socket Layer and Transport Layer Security protocols. The SSL module (mod_ssl) uses the Open Source toolkit OpenSSL for performing the cryptographic operations. SSL tuning information is available in SSL Admin Guide SSL connections to the HP-UX Apache-based Web Server use a default dummy server certificate. Note that you must obtain certificates from authorized agencies for commercial purposes. After obtaining a certificate, make the necessary changes in /opt/hpws/apache/conf/ssl.conf to use it. The default dummy key certificate does not include a PEM ENCODED Pass Phrase. The SSL Admin Guide contains instructions on adding and removing a PEM Pass Phrase for a server key. By default, the HP-UX Apache-based Web Server runs under port number 80, while the secure web server runs under port 443.

Dynamic Shared Objects (DSOs)

The HP-UX Apache-based Web Server supports Dynamic Shared Objects (DSO), a special type of shared library. The HP-UX Apache-based Web Server can load or unload DSOs as needed. All standard Apache modules are compiled as DSOs in the HP-UX Apache-based Web Server to provide maximum flexibility. These can be added or removed dynamically at runtime. You can customize the HP-UX Apache-based Web Server by writing your own DSOs using Apache's module APIs. New APIs are available in Apache 2.x over what was provided in Apache 1.3. Changes were also made to the APIs that were carried forward from Apache 1.3 to Apache 2.x. For example, many data types were moved to the Apache Portable Runtime (APR) library. As a result, Apache 1.3 modules will require some modification for Apache 2.x. Changes to the Apache API have also ocurred since the previous releases of HP Apache-based Web Server 2.x. Any modules written and compiled for the previous releases of may also need to be reviewed. See the Apache Admin Guide for more information For documentation on developing new Apache 2.x modules and on porting existing Apache 1.3 modules, please see the Migration guide HP Apache-based Web Server version 1.3.x to HP-UX Web Server Suite. Other online resources can be found at http://apr.apache.org and http://httpd.apache.org/docs-2.0/developer.

Standard Features in HP-UX Apache-based Web Server

SECURITY Webproxy Webproxy is a secure reverse proxy solution that can enhance the security of any application service delivered through a web portal. It mediates between clients on the Internet and application servers on the intranet, providing a safe passage for application data between authenticated users and authorized resources. Scripts have been provided for easy setup and removal of the webproxy server. A Chroot jail is automatically created for each server. Webproxy is installed in /opt/hpws/apache/webproxy. Detailed information is included in the Webproxy Admin Guide Chroot Chroot causes the named directory to become the root directory, the starting point for path searches. A malicious user cannot get to the root file system. Our chroot includes SSL enhancements. We include a script, /opt/hpws/apache/util/chroot_os_cp.sh, that can be used to copying OS files to your chroot directory. HP-UX Bastille HP-UX Bastille is a security hardening/lockdown tool which can be used to enhance the security of the HP-UX operating system. The HP-UX Apache-based Web Server fully supports Bastille functionality. For more information about HP-UX Bastille, search for HP-UX Bastille at http://www.software.hp.com. OpenSSL 0.9.7g OpenSSL is a fully-featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols With full-strength cryptography worldwide. OpenSSL is installed in /opt/hpws/apache/bin/openssl. auth_ldap 1.5.4 Auth_ldap is a connector module between Apache and an LDAP directory server which allows Apache to authenticate HTTP clients by using entries in an LDAP directory. Auth_ldap supports iPlanet(Netscape) Directory Server and OpenLDAP Server and can be configured to use the stunnel program for secure SSL queries to the LDAP server. NOTE: All current auth_ldap users are encouraged to switch to mod_auth_ldap. auth_ldap is provided during this transition but may not be shipped in future releases. More information on setting up auth_ldap and stunnel can be found in LDAP Admin Guide mod_auth_ldap Mod_auth_ldap is a connector between Apache and an LDAP directory server which allows Apache to authenticate HTTP clients by using entries in an LDAP directory. Mod_auth_ldap supports iPlanet(Netscape) Directory Server and OpenLDAP Server and can be configured to use the stunnel program for secure SSL queries to the LDAP server. More information on setting up mod_auth_ldap, mod_ldap (mod_auth_ldap caching module), and stunnel can be found in LDAP Admin Guide suEXEC suEXEC provides the ability to run CGI and SSI programs under user IDs different from the user ID of the web-server. Normally, a CGI or SSI program executes as the same user who is running the web server. For more information, please see: suEXEC Admin Guide certmig The certmig utility makes it possible to share certificates between the Netscape Enterprise Server (4.x and above) and any server that supports PKCS#12 formats. The certmig utility is an extension of the pk12util utility, provided by the Mozilla community. In addition to the pk12util functionality, certmig lists and extracts certificates from Netscape certificate databases. Certmig is installed in /opt/hpws/apache/bin/certmig. For more information, see Certmig User Guide A helper script, test_certmig.sh, is located in /opt/hpws/apache/util directory. For more information on this script, see Utilities User Guide SCRIPTING mod_perl 1.99.16 mod_perl is an add-on Apache module that glues together the Perl runtime library, server software and an object-oriented Perl interface to Apache's C language API. It enables Apache modules to be written entirely in Perl and improves performance of Perl cgi scripts. The Prerequisites section in the Apache Admin Guide contains requirements for mod_perl. mod_perl is still under development because of its dependency on Apache's API. PHP 5.0.4 PHP is an HTML embedded, server-side, cross-platform, scripting language with support for database access. For more information on PHP, please see PHP Admin Guide and PHP User Guide. PHP Extensions Extensions provide additional functionality for PHP scripting. These include support for Oracle connectivity, XML parsing, Image manipulation and more. For more information, please see PHP Admin Guide. CONTENT MANAGEMENT FrontPage Server Extensions 2002 FrontPage Server Extensions enable FrontPage authoring on the server. Entire FrontPage-extended web sites or individual web pages can be published from a FrontPage client to the server or directly created and edited on the server itself. MS FrontPage Support is only available on HP-UX 11.0 and 11i (PA-RISC) systems. For more information, please see: Admin Guide for MS FrontPage Support WebDAV WebDAV ("Web-based Distributed Authoring and Versioning") is a set of extensions to the HTTP protocol which allows users to create, move, copy, and delete resources (files) and collections (directories) on a remote server. For example, WebDAV can be used to edit HTML files. This version of Apache provides class 1 and class 2 WebDAV using the mod_webdav module. More information on WebDAV is available at http://www.webdav.org/ or in the product FAQ. GENERAL MC/ServiceGuard Support HP-UX Apache-based Web Server is certified with MC/ServiceGuard. A toolkit that integrates HP-UX Apache with ServiceGuard is available in the ECMT, version B.02.00. The change to apachectl documented in the ECMT Release Notes, version B.02.00, in "Problems/Workarounds" is no longer required with this release of HP-UX Apache. The change is now incorporated into the HP-UX Apache product. mod_deflate This standard Apache module provides a filter to compress content from your server before sending it to the client. It can also decompress a gzip-compressed request body. For more information on mod_deflate requirements, please see: Apache Admin Guide apr_shm apr_shm is a library that abstracts the usage of shared memory on UNIX platforms. apr_shm support allows the SSLSessionCache directives to be used in the following manner: SSLSessionCache shmht:/opt/hpws/apache/logs/ssl_scache(51200) SSLSessionCache shmcb:/opt/hpws/apache/logs/ssl_scache(51200) 51200 represents the size of the shared memory being created and can be changed based on the system resources. Shmht refers to the hash table method of session caching and shmcb refers to the circular buffer method of session caching. Please note that either shmht or shmcb can be specified. Apache modules in C++ HP-UX Apache-based Web Server supports loading of Apache modules written in C++. More information regarding building and using C++ modules can be found in /opt/hpws/apache/build/examples/README and in the FAQ under Troubleshooting - "Why does my C++ module fail to load?". Automatic Restart of Apache/Tomcat/Webmin Apache/Tomcat/Webmin can be started automatically on reboot. More information on customization/configuration of this feature can be found in Apache Admin Guide. The Apache product is built with options that provide maximum flexibility to allow enabling of new modules or disabling of existing modules. The modules included by default as shared objects with the HP-UX Apache-based Web Server are listed below. These modules are located in the /opt/hpws/apache/modules/ directory. For a detailed description of the standard Apache modules, please see http://httpd.apache.org/docs-2.0/mod/index.html. * Modules marked with a "*" were not part of HP Apache-based Web Server 1.3. auth_ldap mod_access mod_actions mod_alias mod_asis mod_auth mod_auth_anon mod_auth_dbm * mod_auth_digest * mod_auth_ldap mod_autoindex * mod_cache * mod_case_filter * mod_case_filter_in mod_cern_meta mod_cgi * mod_cgid * mod_charset_lite * mod_dav * mod_dav_fs * mod_deflate mod_dir * mod_disk_cache mod_env mod_expires * mod_ext_filter * mod_file_cache * mod_log_forensic mod_headers mod_imap mod_include mod_info * mod_jk * mod_jk2 * mod_ldap mod_log_config * mod_mem_cache mod_mime mod_mime_magic mod_negotiation mod_perl mod_php4 mod_proxy * mod_proxy_connect * mod_proxy_ftp * mod_proxy_http mod_rewrite mod_setenvif mod_speling * mod_ssl mod_status * mod_suexec mod_unique_id mod_userdir mod_usertrack mod_vhost_alias

Utilities

The following utilities are part of this product. These are found in /opt/hpws/apache/util. For more information on the specific utility, please see Apache Utilities User Guide General Utilities User Guide altroot.sh Alternate Root Utility. After installing HP-UX Apache-based Web Server into the default /opt/hpws/apache/ directory, this script can be used to move it into another directory. cache_util.pl This interactive utility helps in the creation of cache.conf file for use with mod_file_cache. Performance of HP-UX Apache-based Web Server can be improved for serving of static content by using mod_file_cache. Frequently accessed static files can be pre-loaded into memory and served directly in order to avoid frequent disk access. Files to be cached by mod_file_cache are listed in cache.conf file. chroot_os_cp.sh Chroot Copy utility. This is a helper script that sets up chroot by copying typical files used by HP-UX Apache-based Web Server into the chroot directory. The copied set of files allows demo web pages to run. A very secure Apache may require some of these files to be deleted. If you need additional things to be done as part of chroot set-up, you are encouraged to customize this script for your site. mkcert.sh SSL Certificate Generation Utility. This script generates private keys, certificate signing requests, and certificates for the CA, server, and client. ports.sh Port List Utility. This script lists the ports being configured by the HP-UX Apache-based Web Server. In this distribution, there are ports being configured for Apache, Apache(SSL), Tomcat, mod_jk, Webmin, and LDAP. test_certmig.sh Certificate Migration Utility. This utility is a wrapper around certmig. It can be used to import, extract and list the certificates in an iPlanet 4.1.x Certificate database. For usage information, please type "/opt/hpws/apache/util/test_certmig.sh -h".

DOCUMENTATION

The Release Notes, Admin Guides and User Guides included in this bundle can be found in /opt/hpws/hp_docs/apache/ or if your server has been started with the default configuration, at http://yourserver.com/hp_docs/. The Migration Guides shipped with the HP-UX Webmin-based Admin can be found at /opt/hpws/hp_docs/ or if your server has been started with the default configuration, at http://yourserver.com/hp_docs/. The FAQ included shipped with the HP-UX Webmin-based Admin can be found at the following URL if the server was started with the default configuration: http://yourserver.com/hp_docs/faq/index.html For the latest information on the HP-UX Apache-based Web Server, including the most up-to-date version of the FAQ, see http://www.hp.com/go/webserver/ For the Apache 2.0 User's Manual, see http://yourserver.com/manual/ (included with the product bundle) or http://httpd.apache.org/docs-2.0/ For the OpenSSL User's Guide, see http://www.openssl.org/docs/ For the mod_ssl User's Guide, see http://www.modssl.org/docs/ For the PHP User's Guide, see http://www.php.net/docs.php

MISCELLANEOUS

For general information on Apache's HTTP Web Server, see http://httpd.apache.org/ For general information on mod_perl module, see http://perl.apache.org/ For the Apache Software Foundation, see http://www.apache.org/ For general information on PHP, see http://www.php.net/ For OpenLDAP SDK information and software, see http://www.openldap.org/ For iPlanet(Netscape) Directory Server on HP-UX see, http://www.software.hp.com For information about auth_ldap LDAP authentication module, http://www.rudedog.org/auth_ldap/ For information about WebDAV, http://www.webdav.org/ For background information on Bastille, http://www.bastille-linux.org/

KNOWN BUGS

For known bugs in this release, please see Apache Admin guide. ***************************************************************************