George Gallen gave me a piece from Apache webserver,
and i saw some stuff to on same site after posting!.
>From quick judgement, since i just wanted to correct
the security stuff, i should stick with 1.3.x which i
currently run.
2.0 seems to be some kind of makeover.
Found some explanation here:
http://httpd.apache.org/docs-2.0/upgrading.html
>From George Gallen:
"Apache 2.0 offers numerous enhancements, improvements
and performance boosts over the 1.3 codebase. The most
visible and noteworthy addition is the ability to run
Apache in a hybrid thread/process mode on any platform
that supports both threads and processes. This has
shown to improve the scalability of the Apache HTTP
Server significantly in our testing. Apache 2.0 also
includes support for filtered I/O. This allows modules
to modify the output of other modules before it is
sent to the client. We have also included support for
IPv6 on any platform that supports IPv6."
from the website.
--- Tru64 User <tru64user_at_yahoo.com> wrote:
> Greetings,
>
> What is the main difference between the two apache
> fronts out there, v2.0.x and 1.3.x?
>
> I can see that they are promoting both by coming up
> with updates for 1.3.x [1.3.24 to 1.3.26] and 2.0.x
>
> I would imagine if 2.0.x superseded 1.3.x, they
> would
> just issue a fix on the 2.0.x and suggest upgrades
> of
> the 1.3.x users to 2.0.x
>
> Sorry for posting purely apache qtn. here....just
> looking for a faster response.
>
> _Thanks
>
> Richard
>
>
> NOTE FROM APACHE WEBSITE:
> Versions of the Apache web server up to and
> including
> 1.3.24 and 2.0 up to and including 2.0.36 contain a
> bug in the routines which deal with invalid requests
> which are encoded using chunked encoding. This bug
> can
> be triggered remotely by sending a carefully crafted
> invalid request. This functionality is enabled by
> default.
>
> In most cases the outcome of the invalid request is
> that the child process dealing with the request will
> terminate. At the least, this could help a remote
> attacker launch a denial of service attack as the
> parent process will eventually have to replace the
> terminated child process, and starting new children
> uses non-trivial amounts of resources.
>
> The Apache Software Foundation has released versions
> 1.3.26 and 2.0.39 to address and fix this issue.
> These
> version are available for download;
>
>
> =====
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com
=====
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
Received on Thu Jun 20 2002 - 17:43:00 NZST