IBM Support

IBM HTTP Server for i upgrading to Apache 2.4.12

News


Abstract

IBM HTTP Server for i upgrading to Apache 2.4.12

Content

You are in: IBM i Technology Updates  > Web Integration on i > News of Web Integration on IBM i > IBM HTTP Server for i upgrading to Apache 2.4.12

We have upgraded IBM HTTP Server for i on i 7.2 from Apache 2.4.2 to Apache 2.4.12 to include the new enhancements and features of Apache 2.4. This is not a major version change for HTTP Server on i 7.2 so:

1) No configuration related changes that require user to modify existing httpd.conf after moving to Apache 2.4.12 on i 7.2

2) HTTP Server module APIs are updated in Apache 2.4.12 but that does not affect user plug-in modules (IBM and 3rd party) which means existing plug-in modules are not required to be recompiled when moving to Apache 2.4.12.

3) No updates to IBM i provided HTTP Server APIs

          Configuration APIs - QHTTPSVR/H (QZHBCONF)

          CGI APIs - QSYSINC/H (QZHBCGI)

New PCRE regular expression library

Users may have problems when moving directives like RewriteRule with regular expressions which worked well on other platform to HTTP server for i. This is because there are some limitations of ILE Runtime POSIX regular expression library on IBM i such as it does not support '/w' , '/d' meta string and backreferences etc. Some new features in Apache 2.4.12 such as "Named groups and backreferences" , new mod_proxy_html module etc can not work with the POSIX regular expression library on IBM i.

Based on these requirements, we have upgraded HTTP Server for i on i 7.2 to use Open source PCRE regular expression library (based on pcre 8.34) in order to get the same behavior and new supports as Apache HTTP server on other platforms. 

Following are the two web sites about the POSIX and PCRE regular expression standards.

http://www.pcre.org/

http://pubs.opengroup.org/onlinepubs/007908799/xbd/re.html

Module Enhancements

Apache 2.4.12 has some updates and enhancements to existing Apache 2.4 modules. Below are some major enhancements in our HTTP server for IBM i 7.2.  

Core module

Add the ability to do explicit matching on weak and strong ETags as per RFC2616 Section 13.3.3.

1) The ap_expr add the ability to base64 encode and base64 decode strings and to generate their SHA1 and MD5 hash.

2) Add missing HTTP status codes(i.e. 208, 429, 431 etc) registered with IANA.

3) Add ap_log_data_(), ap_log_rdata_(), ap_log_cdata_() and ap_log_csdata_() APIs for logging buffers (Currently they are not used by any existing modules , but  can be used by user plug-in modules if needed).

4) Support custom ErrorDocuments for HTTP 501 and 414 status codes.

5) Named groups and backreferences

Support named groups and backreferences within the <LocationMatch>, <DirectoryMatch> and <FilesMatch> directives. 

Named groups and backreferences are captured and written to the environment with the corresponding name prefixed with "MATCH_" and in upper case. This allows elements of URLs to be referenced from within expressions and modules like mod_rewrite. In order to prevent confusion, numbered (unnamed) backreferences are ignored. Use named groups instead.

For example:

<LocationMatch "^/combined/(?<sitename>host\d)/$">

    Options ALL

    Require all granted

    RewriteEngine On

    RewriteCond "%{env:MATCH_SITENAME}"  "^host1"

    RewriteRule ^/(.*)$ /success.html [R,L]

</LocationMatch>

If the request is: http://sys:port/combined/host1/ then the request will be redirected to http://sys:port/success.html, otherwise  404 will be returned.

mod_headers

1) Add 'setifempty' command to Header and RequestHeader directives.

2) Add 'Header note header-name note-name' for copying a response headers value into a note.

3) Allow for format specifiers in the replacement string when using Header edit. 

4) The Header and RequestHeader directives allow the "value" parameter to contain an ap_expr  expression if prefixed with "expr=". For example: Header set Set-Cookie testcookie "expr=-z %{req:Cookie}" 

Note: %l, %i, %b format string will NOT be supported on IBM i due to system limitations.

mod_proxy
  • 1) Add ability to configure the sticky session separator via new added Balancer parameter stickysessionsep.
  • 2) Add balancer parameter failontimeout to allow server admin to configure an IO timeout as an error in the balancer.
  • 3) Support web-socket tunnels via mod_proxy_wstunnel.
  • 4) <ProxyMatch>: Named groups and back references support.
  • 5) Add BalancerMember parameter "enablereuse" as the inverse of  "disablereuse". 

mod_cgi

1) Add IASP support to pre-start CGI jobs.

An optional third parameter has been added for directives StartCGI and StartThreadedCGI to allow user specify IASP name for pre-start CGI jobs.

2) Support sending POST Transfer-encoding: chunked header to CGI.

We have added full support in i 7.2 to allow a client to post "Transfer-encoding: chunked" header to CGI program. 

  • mod_dir

    1) Add support for the value 'disabled' in FallbackResource directive.

    2) Add new directive DirectoryCheckHandler to allow a Apache 2.2-like behavior, skipping execution when a handler is already set.

mod_cache

  • 1) The “on”option of directive "CacheDisable" is now case insensitive.
  • 2) Avoid sending 304 responses during failed revalidation's.
  • 3) Avoid sending 304 responses to unconditional request when an CacheLock error -“Cache locked for url, not caching response: xxx”occurs during the cache revalidation.
  • mod_rewrite

    1) Add new  'AllowAnyURI' option in directive RewriteOptions.

    2) Add new  'MergeBase' option in directive RewriteOptions to stop mergeing RewriteBase down to subdirectories.

    3) Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to %{REMOTE_ADDR}.

    4) Add RewriteOptions InheritDown, InheritDownBefore, and IgnoreInherit to allow RewriteRules to be pushed from parent scopes to child scopes without explicitly configuring each child scope.

  • mod_logio

    1) A new format string "%S" is added for recording bytes transferred (received and sent), including request and headers, cannot be zero.

  • mod_log_config

    1) Add two new log format strings "%{VARNAME}^ti" for trailer line(s) in the request sent to the server and "%{VARNAME}^to" for trailer line(s) in the response sent from the server. 

    2) Add support for log format string "%D" - The time taken to serve the request, in microseconds. Previously this is not supported on HTTP server for i.

    3) Add support for logging thread id in access log via log format string "%{tid}P". 

    4) Add new IBM i only log format string "%J" to record fully qualified CGI job information in access log.  

  • mod_ibm_ssl

    1) Add new TLSV1.x option for SSLVersion and SSLProxyVersion directive.

    2) Add two new directives SSLRenegotiation and SSLHandshakeTimeout.

    3) Support ServerAlias directive in SNI enabled name-based virtual host(Note: Wildcard ServerAlias is not supported).

  • New modules

    There are some new modules with useful functions in Apache 2.4.12, below are some basic introduction to the new modules supported in HTTP server on IBM i 7.2. For more detail information about those modules, refer to IBM i 7.2 knowledge Center and Apache website.

    mod_proxy_html

    This module provides an output filter to rewrite HTML links in a proxy situation, to ensure that links work for users outside the proxy. It serves the same purpose as Apache's ProxyPassReverse directive does for HTTP headers, and is an essential component of a reverse proxy.

    For example, if a company has an application server at appserver.example.com that is only visible from within the company's internal network, and a public webserver www.example.com, they may wish to provide a gateway to the application server at http://www.example.com/appserver/. When the application server links to itself, those links need to be rewritten to work through the gateway. mod_proxy_html serves to rewrite <a href="http://appserver.example.com/foo/bar.html">foobar</a> to <a href="http://www.example.com/appserver/foo/bar.html">foobar</a> making it accessible from outside.

    This can be simply achieved by adding below directives to your httpd.conf

    LoadModule proxy_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM

    LoadModule proxy_ftp_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM 

    LoadModule proxy_http_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM 

    LoadModule proxy_connect_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM

    LoadModule proxy_html_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM

    ProxyHTMLLinks a href

    ProxyRequests Off 

    ProxyPass /appserver/  http://appserver.example.com/

    <Location /appserver/>

        ProxyPassReverse /

        ProxyHTMLEnable On

        ProxyHTMLURLMap http://appserver.example.com/ /appserver/

        ProxyHTMLURLMap / /appserver/

    </Location>

  • mod_xml2enc

    This module provides enhanced internationalization support for markup-aware filter modules such as mod_proxy_html. It can automatically detect the encoding of input data and ensure they are correctly processed by the libxml2 parser, including converting to Unicode (UTF-8) where necessary. It can also convert data to an encoding of choice after markup processing, and will ensure the correct charset value is set in the HTTP Content-Type header.

    Currently only mod_proxy_html module may potentially use this module if you want to automatically set up internationalization support for mod_proxy_html. 

    See directive ProxyHTMLCharsetOut and ProxyHTMLEnable for detail.  Add below directive to your httpd.conf when you want to use this module:

    LoadModule xml2enc_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM 

    mod_macro

    This module provides macros within HTTP Server runtime configuration files, to ease the process of creating numerous similar configuration blocks. When the server starts up, the macros are expanded using the provided parameters, and the result is processed as along with the rest of the configuration file.

    See http://httpd.apache.org/docs/2.4/mod/mod_macro.html for examples.

    mod_proxy_wstunnel

    This module provides support for the tunnelling of web socket connections to a backend websockets server. The connection is automagically upgraded to a websocket connection via below HTTP request headers:

    Connection: Upgrade

    Upgrade: WebSocket

    This module requires mod_proxy to be loaded and used. Below examples show how to proxy requests to websocket server:

    ProxyPass "/ws2/"  "ws://echo.websocket.org/"

    ProxyPass "/wss2/" "wss://echo.websocket.org/"

  • List of new supported modules

  • Below is a list of new Apache 2.4.12 modules supported in HTTP server for i 7.2. For all modules that are not pre-loaded by HTTP server must be explicitly loaded by specifying LoadModule Module_identifier /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM in httpd.conf.

  • Module identifier Pre-load Module Description
    proxy_html_module No Rewrite HTML links in to ensure they are addressable from Clients' networks in a proxy context
    xml2enc_module No Enhanced charset/internationalisation support for libxml2-based filter modules(Currently only mod_proxy_html)
    macro_module Yes Provides macros within apache HTTP Server runtime configuration files
    proxy_wstunnel_module No Websockets support module for mod_proxy
  • PTF support for Apache 2.4.12

    i 7.2: IBM HTTP Server for i Group SF99713 - level 12  

  • References

    http://httpd.apache.org/docs/2.4/new_features_2_4.html

    http://httpd.apache.org/security/vulnerabilities_24.html

    http://www.pcre.org/

    http://www.websocket.org/

    http://en.wikipedia.org/wiki/WebSocket

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
30 January 2020

UID

ibm11169740