News
Abstract
IBM HTTP Server for i upgrading to Apache 2.4.20
Content
You are in: IBM i Technology Updates > Web Integration on i > News of Web Integration on IBM i > IBM HTTP Server for i upgrading to Apache 2.4.20
We have upgraded IBM HTTP Server on i 7.2 & 7.3 from Apache 2.4.12 to Apache 2.4.20 to include the new enhancements and features of Apache 2.4. This is not a major version change for HTTP Server on i 7.2 & 7.3 so:
1) No configuration related changes that require user to modify existing httpd.conf after moving to Apache 2.4.20.
2) HTTP Server module APIs are updated in Apache 2.4.20 but that does not affect user plug-in modules (IBM and 3rd party) which means existing plug-in modules are not required to be recompiled when moving to Apache 2.4.20.
3) No updates to IBM i provided HTTP Server APIs
Configuration APIs - QHTTPSVR/H (QZHBCONF)
CGI APIs - QSYSINC/H (QZHBCGI)
Module Enhancements
Apache 2.4.20 has some updates and enhancements to existing Apache 2.4 modules. Below are some major enhancements in our HTTP server for IBM i 7.2 & 7.3.
Core module
(1) Add expression support to ErrorDocument.
(2) If explicitly configured, use the KeepAliveTimeout value of the virtual host which handled the latest request on the connection, or by default the one of the first virtual host bound to the same IP:port.
(3) Add CGIPassAuth directive to control whether HTTP authorization headers are passed to scripts as CGI variables.
(4) Avoid a possible truncation of the faulty header included in the HTML response when LimitRequestFieldSize is reached.
(5) Add QualifyRedirectURL directive to control whether the REDIRECT_URL environent variable is fully qualified.
(6) Add expression support to SetHandler.
mod_authz_host
Add a new "forward-dns" authorization type, not relying on reverse DNS lookups.
mod_cache
Accept HT (Horizontal Tab) when parsing cache related header fields as described in RFC7230.
mod_dir
Allow FallbackResource to work when a directory is requested and there is no autoindex nor DirectoryIndex.
mod_logio
Add LogIOTrackTTFB directive and %^FB logformat to log the time taken to start writing response headers.
mod_log_config
(1) Add "%{UNIT}T" format to output request duration in seconds, milliseconds or microseconds depending on UNIT ("s", "ms", "us").
(2) Add GlobalLog directive to allow a globally defined log to be inherited by virtual hosts that define a CustomLog.
mod_proxy
Don't put the worker in error state for 500 or 503 errors returned by the backend unless failonstatus is configured to.
mod_rewrite
(1) Improve relative substitutions in per-directory/htaccess context for directories found by mod_userdir and mod_alias. These no longer require RewriteBase to be specified.
(2) Allow cookies set by mod_rewrite to contain ':' by accepting ';' as an alternate separator.
(3) Add QSL|qslast flag to allow rewrites to files with literal question marks in their names.
mod_include
Add variable DOCUMENT_ARGS, with the arguments to the request for the SSI document.
DOCUMENT_ARGS
This variable contains the query string of the active SSI document, or the empty string if a query string is not included. For subrequests invoked through the include SSI directive, QUERY_STRING will represent the query string of the subrequest and DOCUMENT_ARGS will represent the query string of the SSI document.
mod_ibm_ssl (IBM i 7.3 and later)
Add SSLFallbackProtection directive to enable/disable TLS_FALLBACK_SCSV as currently defined by RFC7507(https://tools.ietf.org/html/rfc7507).
ON (default)
TLS_FALLBACK_SCSV is permitted.
OFF
TLS_FALLBACK_SCSV is NOT permitted.
New modules
No new modules are added to HTTP server for i.
Note: there is a new module mod_http2 which provides HTTP/2 (RFC 7540) support was added to the Apache HTTP Server since 2.4.16. This module is still experimental. Its behaviors, directives, and defaults are subject to more change from release to release relative to other standard modules. This module is not supported in HTTP server for i because it is experimental module. We will support it in future when it becomes a standard stable module.
PTF support for Apache 2.4.20
i 7.2: IBM HTTP Server for i Group SF99713 - level 18
i 7.3: IBM HTTP Server for i Group SF99722 - level 5
References
http://httpd.apache.org/docs/2.4/new_features_2_4.html
http://httpd.apache.org/security/vulnerabilities_24.html
Was this topic helpful?
Document Information
Modified date:
30 January 2020
UID
ibm11168786