02 January 2002. Current version is 1.3h.0102.a
History of Changes to SRE-http
This contains a history of changes to the SRE-http web server, starting
with the update from ver 1.2N to 1.3B. The earlier history of changes
can be found in the CHANGES0.DOC and CHANGES1.DOC files on the SRE-http
home page (http://www.srehttp.org/archives/); where:
CHANGES0.DOC covers 1.0 to 1.2D.
CHANGES1.DOC covers 1.2D to 1.2N
Please keep an eye on the SRE-http home page for update information!
NOTE: we have discontinued further development of the GoServe based
line of SREhttp products. Instead, we are porting old software,
and writing new software, for SRE2002.
For the details, see www.srehttp.org/sre2002
============================
1 June 1998 --- Upgrade from ver 1.2N to ver 1.3A.
Ver 1.3A is conditionally compliant with the http/1.1 specs. In terms of
functionality, there were not a lot of changes between 1.2n and 1.3a.
However, numerous changes were made "under the hood" to provide better
caching information (for downstream proxy servers), to improve support
for conditional gets, and to more carefully handle maintained connections.
In addition, a few options were enhanced, a few rarely used options
were discarded, and the code was generally tightened up. Hopefully, all
of the bugs introduced by this tightening up have been detected, but
we wouldn't bet on it (though the current track record is encouraging).
Please do contact danielh@crosslink.net as soon as you hit what you
suspect may be a bug.
Changes include:
* BACKUPSERVERPROC is no longer a parameter -- to specify a different
load balancing procedure, you can replace the backsrvr.srf library file
(i.e.; in \GOSERVE\LIB).
* The HOSTS_IP variable was dropped. We now recommend including numeric IP
address in your hosts. list (just to be safe).
* If an http 1.1 client does NOT send a host: header (or include host
info in the uri), return a 400 error (this is dictated by the http/1.1
spec).
* public_Urls now supported by a seperate thread.
the PUBLIC_URLS are no longer listed in INITFILT.80 -- a PUBURLS.IN
file (in the GoServe/SRE-http data directory) is used instead (see
PUBURLS.DOC for details)
Note: you can use the Simple Mode configurator to modify PUBURLS.IN,
(the intermediate configurator can NOT be used to modify
PUBURLS.IN).
Note: you suppress public_urls with the never_publicurls option in
SREFILTR.80.
* you can have multiple entries in NOEXT_TYPE variable.
* NOEXT_TYPE=DIR now means NOEXT_TYPE=REDIR (local "appending of /" is no
longer supported). You can also have several NOEXT_TYPE options --
which will be attempted in order listed.
* HEAD is no longer treated differently then GET -- except goserve will
suppress the body of the response.
Addons may find this confusing, so a head_to_get parameter
has been added.
* upon recieving a request, SRE-http will check for
several not understood conditions (expect: 100-continue,
or not known encoding), and return an appropriate error message.
* chunked coding now understood (see srefprc.doc for a description of
the sref_chunk and sref_unchunk macrospace procedures)
* do_send_pieces is no longer supported
* sref_value(,,'REQ') changed (now in varstore thread, with a 50 request
history list)
* the SREFAST and SREFQUIK "alternative" filters have been dropped.
Instead, a "proxy-like' front-end (SREPROXY.80) is now recommended
(see SREPROXY.DOC).
* support for GZIP encoding has been added. See the description of
SUPRRESS_GZIP_TE, in INITFILT.DOC, for details.
* a few minor changes to the intermediate configurator
* "digest" authentication is now supported (in addition to "basic"
authentication) -- see the digest_auth parameter in initfilt.doc
for details.
* a Content-Md5 request header (useful for integrity checking) can now be
added to almost all responses.
* GET method CGI-BIN request can now have up to 1000 characters in the options list
(the stuff after a ?)
* added a configuration utility to report on the access privileges, aliases,
etc. of a selector
=========================
* SRE-http addons and version 1.3 A (and above)
One of the biggest change that http/1.1 has over 1.0 is a concerted
attempt to support proxy servers spread all over the net, and deepen
the use of conditional retrievals. For this purpose, several new headers
should be added to all responses (and several older headers should be
used more frequently).
Given that Goserve is not about to change drastically, I chose to implement
this by having all (or almost all) transfers of content to the client done
through a single procedure; a procedure I've named SREF_GOS. For standard
uses of sre-http (i.e.; returning documents, ssi'ed or otherwise) this
change is invisible to the server administrator -- the only detectable
difference being a more complete set of response headers is now sent out
with all responses.
However, addon writers may issue 'FILE or 'VAR commands from within their
addons. This can still be done, but the http/1.1 headers won't be added.
Therefore, I recommend that addons be rewritten, with
'FILE type a/b name foo.bar'
calls replaced with
foo=sref_gos('FILE TYPE a/b name foo.bar')
(and similarly for all 'VAR calls).
This should be pretty easy. Actually, if you are leaving the addon with
return 'FILE type atype/asubtype name foo.bar'
you don't need to make any changes!
For further discussion of SREF_GOS, please see SREFPRC.DOC
=========================
Note: "official" release of SRE-http ver 1.3A occured on 1 June 1998 as
"Ver 1.3A 698a"
=========================
9 June 1998: Vera 1.3a 698b
* File names containing spaces were not being handled properly. This has been fixed
in several places.
* SREPROXY was not properly handling !SENDAS_CHECK_TYPE requests.
10 June 1998: Vera 1.3a 698c
* Fixed some more problems with "spaces in file names" (in the !DIR utility)
* Slight modification to the default "document not found" message (added selector
name).
17 June 1998: Vera 1.3a 698d
* When a username matches both a site and host specific entry, the host specific
entry is used.
* Spaces in usernames are now converted to underscore ("_", without the
quotes) characters.
* ADD_USER_NAME was not working -- it's now fixed.
* New feature: you can now specify "host specific" username files (they augment
the USERS.IN file). See USERCHK.RXX for details.
Note that, given sufficient demand, a "read from disk, not from memory" feature
may added to the "host specific" username files (this will save memory
when you have large, but infrequently used, host specific username files).
19 June 1998: Vera 1.3a 698e
* Fixed a bad bug that occurred if more then one CUSTOM_INITS was
specified.
* Minor changes to documentation
25 June 1998: Vera 1.3a 698f
* Fixed a bad bug when AUTO_HEADER='ALWAYS'
* Added note to SREHTTP.FAQ on how to use advanced-options to send "thank you"
notes after file downloads.
* Slight modification to default "document not found" response when a directory
was requested.
* You can now add extra headers when you use SENDFILE (see SREHTTP.HTM for details).
For example, you can instruct SENDFILE to send a 'refresh: 2 ; url=file.ext'
response header.
26 June 1998: Vera 1.3a 698g
* More improvements to SENDFILE -- you can now "sequentially send" (as a
multipart-mixed document) several files (by including multiple FILE=
options in the SENDFILE? request)
* A small bug was fixed in SREF_MULTI_SEND (on occassion, a Transfer-Encoding
response header was inappropriately sent).
26 June 1998: Ver 1.3a 698h
* Fixed a small bug in SENDFILE (introduced in version 698g) --
it should now recognize SENDFILE?sel as being SENDFILE?file=sel
4 July 1998: Ver 1.3a 798a
* Fixed a rare but serious bug that killed SRE whenever a PUBURLS.IN file
was not specified.
7 July 1998: Ver 1.3a 798b
* 4 July bug fix was not complete -- zero length puburls.in file caused a problem.
Now they don't.
13 July 1998: Ver 1.3a 798c
* When launching daemons, the SRE_LIBDIR was not being found, which can cause fatal errors.
The best solution is to add a SRE_LIBDIR=d:\goserve\lib to your config.sys (where
d:\goserve\lib should be the name of the "sre-http library directory". As a second
best solution, SRE-http will now search for all directories for a file name, if
the SRE_LIBDIR can not be found in the environment.
14 July 1998: Ver 1.3a 798d
* SREF_VALUE's "request specific information" mode used to crash GoServe if
called by a daemon, or a post-filter. This has been fixed (it's not recommended,
but it won't crash goserve anymore)
18 July 1998: Ver 1.3a 798e
* Fixed a bug in the "search for procedure to load into macrospace" correction of 798c
(SRE was always looking in the E drive, rather then the current Goserve drive)
23 July 1998: Ver 1.3a 798f
* The DISPLAY_ENV parameter was not working -- it does now.
* Slight improvement to SREF_GET_URL procedure -- it how reports itself as http/1.1, and
you can send optional request headers.
17 August 1998: Ver 1.3a 898a
* Corrected a bug in COUNTER.RXX; if the "count" did not have spaces after it, COUNTER.RXX
would fail
* Corrected a bug in USERS.IN -- tabs can now be used to seperate username, password,
and privileges.
18 August 1998: Ver 1.3a 898b
* Fixed a small bug when a file's date was missing (i.e.; was set to 00/00/00)
26 August 1998: Ver 1.3a 898c
* Suppress printing of "reset variables" to error log if verbose<2.
* Fixed a small bug in the "check selector" option (checksel failed when there
was no public_urls file).
08 September 1998. Ver 1.3a 998a
* Changed some calls to FILEWRITE (rexxlib function) to avoid conflict with
similaly named filerexx function.
30 September 1998
Release of version 1.3B (as 1.3B.998b):
* Fixed a small problem with special commands.
* Fixed a small but when using SREF_VALUE on non-80 ports.
* Minor bug corrections/ optimizations in several of the
"independent threads" (such as SREFMON, POSTFCHK, ALIASCHK, etc.)
* Added a new special command: !RANGE. !RANGE is used to selectively
extract lines and bytes from a document. See RANGES.HTM for
a description, and see the RANGE_AT_END parameter in INITFILT.DOC.
* WILD_SELS_OKAY has been updated -- you can now instruct SRE-http to
display a directory style listing of multiple matches (as an
alternative to listing the "best match")
* NO_DNS variable has been added (to SREFMON.CMD) -- use it to suppress
clientname lookups (which can cause poor response times if your DNS is
slow).
* SRE-http is now Y2K compliant (note that SRE_http addons may not be
Y2K compliant)
* You can now suppress common log auditing of HEAD (or other method)
requests (see description of NOCODES in SREFLOGS.DOC).
* The "request number" is now sent to addons. One use of this: if your
provide the request number to SREF_VALUE when extracting "REQuest"
specific variables, SRE-http has to do a little less work.
10 October 1998: Ver 1.3B.1098a
* Added an "MD5 cache" daemon. It's optional, and will be used when
the MD5_CACHE parameter (in SREFMON.CMD) is set to a non-zero value.
See the description of MD5_CACHE in INITFILT.DOC for details.
12 October 1998: Ver 1.3B.1098b
* Added a "rename logfiles when they get too big" feature. This is
controlled with the LOGFILES_MAXSIZE parameter in SREFMON.CMD (see
the description in INITFILT.DOC for details). Note that the
log_toobig parameter (in postfchk.rxx) is no longer used -- thus,
warnings about "log file too large" will NO LONGER be written to
the PMPRINTF window.
12 October 1998: Ver 1.3B.1098c
* MInor changes to the SREF_VALUE and SREF_DMN_xxxx procedures (added some
error/status messages).
* Fixed a bug in SREPROXY.80 -- SREFILTR.80 was being called too frequently.
18 October 1998: Ver 1.3B.1098d
* Added some non-digit capabilities to COUNTER.RXX; and created a
macrospace procedure (SREF_DIGITS) that can be used to create
IMG elements for use in graphical displays of digits and
characters (see COUNTER.DOC for the details)
* Fixed an incompatability between SRE and the Sept 1998 version of
GoServe; which involved use of the EXTRACT command from daemons.
Thus, SRE-http ver 1.3b.1098d will work with this Sept 1998 version
of GOSERVE.EXE.
* REMOVE_PROCS option has been dropped (it has been superseded by the
dynamic loading capabilities of SRE-http).
22 October 1998: Ver 1.3B.1098e
* Fixed bug in the server side include (a Y2k related
bug that got introduced in ver 1.3b.1098a)
* Subtle improvements to SREPROXY.RXX (more efficient cache lookup).
23 October 1998: Ver 1.3B.1098f
* Fixed a small bug in SREPROXY.RXX (introduced in 1098e)
10 November 1998: Ver 1.3B.1198a
* Fixed a bug in SREPROXY.80 that caused failure to updated changed files (outdated
cached file was being inappropriately returned).
27 November 1998: Ver 1.3B.1198b
* Minor modifications (to SREFILTR.80) to facilitate the STARTSRE.CMD addon's
capability of restarting GoServe if a "bad error" is detected.
02 December 1998: Ver 1.3B.1298a
* Modified the MEDIATYP.RXX file -- you can now have entries of the form:
type=type/subtype exts=ex1,ext2
(old style entries will still work). See MEDIATYP.RXX for the details.
* Some modifications to SREHTTP.FAQ.
09 December 1998: Ver 1.3B.1298b
* Corrected a number of non-fatal coding errors.
10 December 1998: Ver 1.3B.1298c
* Modified SREFLOGS.INI -- for SCHED and NOURL entries, you no longer need to specify the .n
"stem" identifier.
10 December 1998: Ver 1.3B.1298d
* Corrected some more non-fatal coding errors.
* A frames-based "documenation guide" is now included (see SREHTTPF.HTM).
* Post-filter will now report "bad common log" files.
* Install is now more insistent about 4.02t.
15 December 1998: Ver 1.3B.1298e
* Made a few minor modifications
* Added a new feature: MTCHFILE.RXX. This is meant to be used with NOT_FOUND_URL
files -- it will produce a list of the "best matching filenames" to the
"not found" request selector. See MTCHFILE.DOC, or MTCHFILE.HTM, for
details.
17 December 1998: Ver 1.3B.1298f
* A few modifications to SREF_VALUE and the SREF_DAEMON procedures.
22 December 1998: Ver 1.3B.1298g
* Corrected an SSI bug -- replace rules on footers was incorrect.
* Corrected a CHECKLOG bug -- YES was not being interpreted correctly (YES
is now synonymous with ALWAYS)
* Corrected a virtual directory bug -- host specific virtual directory entries
with limitation lists were being incorrectly ignored.
* Further improvements to the "frame aware" documentation guide (SREHTTPF.HTM).
* A few minor optimizations to the SSI procedure.
26 December 1998: Ver 1.3B.1298h
* Minor improvements to EDITSREF and EDITINIT
* Improved the SSI caching, with more structure to the cached file
allowing quicker retrieval. This can yield significant improvement
on the throughput of larger files with a few "dynamic" SSI's (such
as current time and creation date).
* Renamed SREHTTPF.HTM (the "documenation guide" framset containing
document) to DOCGUIDE.HTM.
* Minor modifications to several help files.
11 January 1999: Ver 1.3B.0199.a
* Fixed a fatal bug that occurred when the PUBURLS.IN file was missing
* Fixed a bug that rendered NEVER_PUBLICURLS useless
* Allowed for the USER_LOGON_PROC to "let SRE-http do it" (see description of
USER_LOGON_PROC in INITFILT.DOC for details.
* Minor modification to facilitate the STARTSRE.CMD addon.
14 January 1998: Ver 1.3b.0199.b
* Modified COUNTER.RXX facility -- you can now add
after/before each
character (thanks to Steve Ryckman).
25 January 1999: Ver 1.3b.0199c
* A few minor bug fixes (200 used instead of 404 on MTCHFILE.SHT
responses)
* CHECK_404 beta addon now available (CHK404.ZIP)
26 January 1999: Ver 1.3b.0199d
* Fixed a bug that manifested in the
SSI (and perhaps elsewhere).
28 January 1999: Ver 1.3b.0199e
* Fixed an uncommon (but potentially fatal) bug in the unchunking procedure.
10 February 1999: Ver 1.3b.0299a
* Fixed a bug in the COUNTER.RXX facility -- the COUNTER_IMAGE_DIR parameter
was being ignored.
16 February 1999: Ver 1.3b.0299b
* Minor bug fix in MAILIT (for some sendmail servers, EHLO request was not working).
25 February 1999-- Version 1.3c released as 1.3c.0399.a.
There is no major change between 1.3c and 1.3b, but the cumulation of small changes
are sufficient to warrant a change in the "minor version" number.
* Added a "pre-reply" procedure -- a hook that allows you to make "last second" changes
to a response. See PREREPLY.DOC for the details.
* Minor documentation fixes.
* Fixed minor problem with "/~username" requests (they redirected to /homedir/username/, now
the redirect to "/~username/")
1 March 1999: Ver 1.3c.0399.b
* Small bug fixes & modifcations in various library routines
* Fixed a slow but steady memory leak (in the "variable storage"
thread). Also, modified testvalu.sht and testvalu.cmd to
allow looking up parameters from prior requests
(the 100 most recent prior requests).
* sreLite, a smaller-faster-less_feature_rich variant of SRE-http is now
available on the SRE-http home page at:
http://www.srehttp.org/srelite/
sreLite supports a subset of the SRE-http options; including CGI-BIN, most addons,
some ssi's, and selector specific access controls. It can be used when speed is
important, but you want to stay within the SRE "environment".
* MTCHFILE will now check the DIR_EXCLUSION list before displaying "possible matches".
* A security hole, via the TESTVALU addon, has been fixed (now, only SUPERUSERS can use
TESTVALU).
* Updated the SREF_VALUE procedure, and the TESTVALU addon, to better handle requests
for INItializaton parameters (SREF_VALUES is now much smarter about parsing out
the several "sre-http prefixes" that may be used).
4 March 1999: Ver 1.3c.0399.c
* Fixed "wild card replacements" -- they should now work with more then
one wildcard.
* Added a new feature to wild card "matching" -- a | at the end of a
"haystack" has a special meaning:
"no / or \ can be covered by the final *".
Thus, if the selector is
animals/cats/food.1
then
animals/*food.1 will yield a match,
but
animals/*food.1| will NOT yield a match (since "cats/" contains a /)
The purpose of this feature is to "limit" wildcard matches to a single
subdirectory (that is, to prevent matches to items in deeper portions of
the directory tree)
7 March 1999: Ver 1.3c.0399.d
* Fixed bug (introduced in 1.3c.0399.c) that could (when NOURLS.
were specified in SREFLOGS.INI) inadvertently suppress all common-log
entries.
20 March 1999: Ver 1.3d.0399.e
There were two major changes: SRE-http has a new home page, and the
configuration files/directories have been substantially modified.
NEW home page:
The SRE-http home page was moved from http://rpbcam.crosslink.net/srehttp
to http://www.srehttp.org (38.152.44.14).
PLEASE NOTE THIS CHANGE -- IT MIGHT HAVE SLIPPED THROUGH SOME OF THE DOCUMENTATION!
Changes in configuration files were made.
These include:
* a /CFGS directory is now the default directory for configuration files
* /CFGS/INIT_STA.80 is now used to contain parameters that used
to be in SREFILTR.80
* you can use /CFGS/CFGLIST.CFG to specify host entries, and to
specify host & port specific configuration files
(ALIASES, ACCESS, INITFILT, PUBURL, REPSTRGS, USERS, and VIRTUAL)
* /CFGS/SCHEDULE.CFG should now be used for "scheduled events"
(rather then SREFLOGS.INI)
For details, see "USE_CFGS.DOC"
Other changes include:
* Modified documentation to note the new SRE-http home page
* As noted above, CFGS\INIT_STA.80SREFILTR.80 now contains parameters that used to be in
SREFILTR.80
* Modified INSTALL.CMD -- you can now have it skip installation of COUNTER.RXX and
BYBROWSR.RXX
* You can now specify subdirectories in the FILE field of COUNTER.RXX (see COUNTER.DOC).
* Fixed some problems with COUNTER.RXX (i.e; it would not display characters).
Note: these fixes do NOT require reinstalling COUNTER.RXX
(they occurred in a macrospace procedure used by COUNTER.RXX).
* DOSEARCH (and related files) are no longer shipped with SRE-http --
but theyare available as a seperate addon
(http://www.srehttp.org/apps/dosearch/)
* Wildcarded passwords should now work more consistently
* "Secret" client privileges (that are not reported by SRE-http status programs)
can now be specified in USERS.IN (prefix the privilege with a ?)
* You can use CGGLIST.CFG to specify host specific COUNTER_FILE files, COUNTER.RXX
COUNTER_DIR directories, SENDFILE_FILE files, and RECORD_ALL_FILE files
* Post filter procedures are now passed the list of privileges and the list
of secret privileges. See POSTFILT.80 for an example.
* A new counter.rxx option, table_digits, modifies the action of the digits_Nobr
parameter (see counter.doc for the details).
1 April 1999: Ver 1.3d.0499.a
* Host specific parameters are now used in preference to default parameters
(for aliases, access control, and virtual directories)
* DYNPWD, a "dynamic password" addon, is now available --
it requires vers 1.3d.0499a
* MANAGER, a "file manager" addon, is now available.
7 April 1999: Ver 1.3d.0499.b
* Fixed a bug in the SREF_GET_URL procedure (it should now work with numeric ip addresses)
* DYNPWD is now incorporated into SRE-http
* SREF_MULTI_SEND will now use multipart/mixed with http/1.1 browsers, and
still use multipart/x-mixed-replace with 1.0 browsers
15 April 1999: Release of Ver 1.3e.0499.c
Ver 1.3e has one large change -- support for sending encrypted content.
An encryption method based on a "shared-secret" between the
client and server is currently supported. For details, see
ENCRYPT.DOC.
Other changes include:
* The PREREPLY procedure was being called improperly, a mistake that
would matter when SRE-http chose to use GZIP transfer-encoding .
* A new parameter, USER_PRIVS, has been added to INITFILT.80 -- this is
a list of privileges to be granted to all clients with valid
usernames and passwords (see INITFILT.DOC for details).
20 April 1999. Ver 1.3e.0499.d
* A new "javascript" based encryption algorithim is now available (SRE_B)--
see encrypt.doc for the details.
* Note that to use SRE_B,
you'll need to intsall the ENC_SREB.RSP file in your data directory.
* Similarly, to use SRE_A, you'll need to distribute DE_SREA.CMD
(a copy of which should be in your data directory).
* A potentially fatal bug, that occured when "!special" commands were issued,
has been fixed (this bug was introduced in ver 1.3d)
* Support for BlowFish encryption
* An javascript based encryption facility for FORM elements, and a macrospace
procedure to decrypt, are now available (see encrypt.doc, or
enc_test.sht, for details).
26 April 1999. Ver 1.3e.0499.e
* Fixed a rare, but nasty, bug in pre-reply and encryption procedures (would occassionally
delete a non-temporary file).
* Fixed a bug when using sref_multi_send and a pre-reply procedure.
* Modified the syntax of pre-reply procedures -- now you should NOT specify a changed
content-length; and a changed content-type requires a special action (see
PREPREPLY.DOC for the details)
* Fixed a small but in the SREF_GET_URL procedure (host: header was NOT being sent)
05 May 1999. Ver 1.3e.0599.a
* Digest authentication will now check several variants of the password,
thereby avoiding some (but not all) problems with case.
11 June 1999: Release of Ver 1.3f.0699.a
Ver 1.3f has several changes
* A new "realm-oriented" mechanism for assigning access, aliases,
virtual directories, etc. is now available.
This mechanism, which complements the use of the several .IN files
(such as ALIASES.IN and VIRTUAL.IN), uses a new configuration
file: ATTRIBS.CFG (in your CFGS/ subdirectory). See IN_FILES.DOC
for the details.
* An extended set of NCSA style SSI's is now available. These
extensions, which are modeled after the "xssi" extensions
supported by Apache, allow you to set parameters, and
provide an IF syntax for conditional SSI.
See XSSI.SHT for the details.
* The default access-control file is now named ACCESS.IN (instead of
ALL_FILE.CTL).
* The SSI caching algorithim has been optimized.
* '' quotes in