1.52.1. RHBA-2011:1067: httpd bug fix and enhancement update
- Prior to this update, using any mod_ldap directive within a
VirtualHostcontext prevented the module from caching results for that particular virtual host. This update adapts the mod_ldap module to make sure that caching now works correctly in such configurations.
- BZ#552303, BZ#632407
- When the mod_proxy module was configured as a reverse proxy, multiple unrelated bugs may have prevented it from operating correctly, and may have led to incorrect handling of connection timeouts or even data corruption. With this update, various patches have been applied to address this issue, and the mod_proxy module can now serve as a reverse proxy as expected.
- When the mod_deflate module was configured to compress responses and an HTTP client prematurely terminated a connection, the previous version of the
httpdservice may have terminated unexpectedly with a segmentation fault. This update applies a patch that resolves this issue, and
httpdno longer crashes.
- Prior to this update, the mod_authnz_ldap module was unable to handle referrals from an LDAP server. This update introduces the
LDAPChaseReferralsdirective, which allows users to enable referral chasing.
- Previously, when the
OID() function was used as part of the
SSLRequiredirective, it was unable to parse certificate attributes of an unknown type. Consequent to this, strings that use the Abstract Syntax Notation One (ASN.1) notation were not rendered properly, and may have been incorrectly prefixed with a random string. This update adapts the
OID() function to parse all unknown attributes as ASN.1 strings, so that these strings are now rendered as expected.
- Due to incorrect handling of the SSL certificate cache, an attempt to use an SSL configuration with multiple
VirtualHostsections that use identical
ServerNamevalues rendered the
httpdservice unable to start. With this update, the underlying source code has been adapted to address this issue, and using multiple
VirtualHostsections with identical
ServerNamesvalues no longer prevents
- Due to incorrect handling of responses with multiple duplicate headers, when a user configured the
httpdservice to transform HTTP response headers by specifying
editas a value of the
Headerdirective, only one of the matching headers was retained. This has now been fixed, and the
editmode is now applied correctly across all HTTP response headers.
- When using the prefork Multi-Processing Module (MPM), children processes with persistent connections (that is, with the
KeepAlivedirective set to
On) kept processing new requests even when a graceful restart had been issued. This update applies a patch that corrects this error, and children processes with persistent connections no longer process new requests when a graceful restart is requested.
- Prior to this update, an attempt to use the
ProxyPassReversedirective with a
balancer://URL that included a path segment caused redirect responses to map the HTTP Location header paths incorrectly. This error has been fixed, and HTTP Location header paths are now mapped correctly.
- Previously, the
FilterProviderdirective of the mod_filter module was unable to match against non-standard HTTP response headers. With this update, the underlying source code has been adapted to address this issue, and the
FilterProviderdirective is now able to match against non-standard HTTP response headers as expected.
- When configured as a reverse proxy, the previous version of the mod_proxy module was unable to establish an SSL connection via an intermediary proxy configured using the
ProxyRemotedirective. This update adapts the mod_proxy module to support this configuration.
- Prior to this update, the mod_include module may have failed to parse certain Server Side Include (SSI) documents if the response contained attribute boundaries that were split across multiple buckets. This update corrects this error, and such SSI documents can now be parsed as expected.
- When using the mod_cache module, by default, the
CacheMaxExpiredirective is only applied to responses which do not specify their expiry date. Previously, it was not possible to limit the maximum expiry time for all resources. This update adapts the mod_cache module to provide support for
hardas a second argument of the
CacheMaxExpiredirective, allowing a maximum expiry time to be enforced for all resources.
- The mod_proxy_balancer load balancer module has been updated to provide support for the bybusyness scheduler algorithm.
- The mod_reqtimeout module has been added. When enabled, this module allows fine-grained timeouts to be applied during request parsing.
- The mod_proxy and mod_proxy_http modules have been updated to provide support for remote HTTPS proxy servers by using the