codewolf writes "It has been reported to bugtraq by Domas Mituzas that a worm that exploits the Apache chunk bug has been found in the wild. Information on the worm can be found here. More information on the Apache bug can be found here, and patches can either be made by modifying your config file or upgrading your Apache version."

SharkaRockz writes "IBM recently donated the Web Service Invocation Framework (WSIF) to Apache.org. This article explains the WSIF donation and what it can do. WSIF is a simple Java API that allows both SOAP and non-SOAP services to be described and used in a common way thus allowing developers to make Web services without the constraints of SOAP."

CochiseWar writes "In this Linux-focused tutorial, you learn many suggestions, tips, and tricks for controlling Apache and modifying its behavior to best fit its running environment. Topics are operating system considerations, including platform and distribution choices, kernel compilation, and disk optimization; compiling Apache from scratch, including the benefits of custom compilation, the procedure, and some considerations at compile time; and suggestions for configuration, including run-time parameters, navigating the httpd.conf file, and static versus dynamic content situations."

cliffwoolley writes "The Apache Software Foundation has released new versions of both Apache 1.3 and 2.0. These versions are both security and bug-fix releases. They address and fix the issues noted in CAN-2002-0392 [CERT VU#944335] regarding a vulnerability in the handling of chunked transfer encoding. You can download the new releases here." This of course is for the exploit that we reported yesterday. It is hard to complain about a 24-hour response time for a bug.

chrisv writes "It appears that mod_perl 1.27 has been released Saturday, something that apparently went unnoticed or unmentioned until now. Change list here." While you are at it, go and try out mod_perl 1.99 for Apache 2.0.

Aaron writes "Versions of the Apache HTTP Server up to and including 1.3.24 and 2.0 up to and including 2.0.36 contain a bug in the routines which deal with invalid requests which are encoded using chunked encoding. In some cases it may be possible to cause a child process to terminate and restart, which consumes a non-trivial amount of resources. See the official announcement and stay tuned here for updated versions." This is in response to the rather uninformed and questionable security notice by ISS X-Force, about a bug that has already been mentioned on the public mailing lists for Apache and is fixed in CVS for Apache 2.0. I am also told that their patch doesn't fully solve the problem. I am sure though that by awaking us to the problem they will get a lot of great press just like any of the other companies currently using useless bug announcements as press releases.

bobm writes "I'm looking for feedback on any experience building a scaleable site. This would be a database driven site, not just a bunch of static pages. I've been looking for pointers to what other people have learned (either the easy way or hard way). I would like to keep it Apache based and am looking for feedback on the max # of children processes that you've been able to run, etc. Hardware-wise, I'm looking at using quad Xeons or even Sun E10K systems. I would like to stay non-clustered if possible."

groundhog00 writes "The ApacheCon US 2002 Conference has been announced and all submissions have been turned in for speakers. A final session speaker list should be available in late June/early July. Total, there have been over 150 abstracts submitted for the Las Vegas conference, and should include some very popular speakers. I've attended the last couple (US 2001 in San Jose, CA and the European 2000 in London, UK), and been a bit overwhelmed with the quality of material covered. The European 2000 conference sessions can be found here and the US 2001 San Jose session listings can be found here. Take a look at what has been offered, because there is a considerable amount of GREAT projects that have been featured in the past. Overall, the investment in those two conferences will last me a lifetime. "

groundhog00 writes "I posted some additional documentation on basic authentication using LDAP + Apache + mod_auth_ldap. Its an expansion on the PKI documentation project over on Petbrain. More is to come.
There have been several people who have been curious and looking to help. My plans for this PKI project is to try to document the 'systems' that can be included to comprise a full blown PKI implementation in the enterprise and how they might integrate on a very specific level. This is going to be a very involved process, so people with experience in certain areas of security and hardware involving biometrics are encouraged to help or give input as things go forward."

ClickNMix writes: "The latest version of PHP has been released here. With improved DomXML and Apache 2 support in with the usual bug fixes and improvements." There is still no production support for PHP or for that matter mod_perl in Apache 2.0 yet though.

mshiltonj writes "In case no one has noticed, the lastest Netcraft web server survey showed a marked shift in market share in just one month. Apache gained 2.63% and IIS fell 2.06%. However, the previous month showed an even larger change in Microsoft's favor, so Apache is (quickly) making up for lost ground, as discussed before. Was this turnaround due to the release of Apache 2.0? Sadly, in the last 12 months, Apache's market share has noticeably eroded, while IIS has gradually gained ground."

jayed_99 writes "mod_snake has been abandoned by its creater Jon Travis. He cites a lack of 'time or motivation.' Like mod_python, it embedds the Python interpreter into Apache. Unlike mod_python, it includes support for HTML-embedded python (a very nifty feature). It's still available here. Wouldn't you know this would happen two days after I decide to switch from mod_python to mod_snake?"

groundhog00 writes "Posted recently from was an Apache + Basic authentication and self-signed digital certificates article. I thought people might find interest in doing a more scalable solution using parts of the PKI structure with mod_auth_ldap and Apache to communicate with an OpenLDAP server to get basic scalable authentication AND digital certificates using OpenCA as the your homegrown certificate authority. Here are some documents for setting up the certificate authority and getting certificates installed using Internet Explorer 5.x and Netscape 4.x browsers. There will be LDAP configurations for Apache soon, but this is a pretty decent set of documents to start with."

Aaron writes "This is the second production quality 2.0 release from the Apache HTTPD Project sporting many bug fixes and improvements. In case you missed it the first time, Apache now supports many new features, including native support for Win32, BeOS, and Netware, in addition to traditional Unix platforms (Hint: we support Darwin). Download it directly or from a mirror."

emmetropia writes: "PHP 4.2.0 has been released, with experimental Apache 2 support, and lots of other improvements and fixes. Check it out!"

Dejected @Work writes: "At JavaOne it was hinted that Sun and the Apache Software Foundation have worked out how open source software could participate in the JCP (Java Community Process) but the precise resolution was not disclosed. This developerWorks interview with Jason Hunter (Apache rep. for the JCP) clear things up a little and specifically explains what this means for open source developers and the JCP."

AK47 writes "eWeek has a very positive review of Apache 2.0, entitled "Apache 2.0 Beats IIS at Its Own Game." They recommend the native Apache version on Windows over IIS for production use, citing superior security with no loss in performance."

nullroute writes: " BSDVault has posted a solid tutorial on using Self-signed Certificates with Apache. It is actually a combination of two tutorials. The first tutorial is Basic Authentication for Apache. The second is Self-signed X.509 Certificate Generation (OpenSSL)."

mbadolato writes: "php.net has the latest 4.2.0 Release Canditate, RC3. The release contains support for the recent Apache 2.0.35 release as well as numerous collected bug fixes. For more information, see the PHP QA website."

Neil Gunton writes "Having been hit by a load of spambots on my community site, I decided to write a Spambot Trap which uses Linux, Apache, mod_perl, MySQL, ipchains and Embperl to quickly block spambots that fall into the trap. "