mod_fastcgi README ------------------ Copyright (c) 1996 Open Market, Inc. See the file "LICENSE.TERMS" for information on usage and redistribution of this file, and for a DISCLAIMER OF ALL WARRANTIES. Basic Directions ---------------- See the file mod_fastcgi.html for instructions on how to use this module. Known Bugs (listed in no particular order) ---------- 1. When the Apache server is running as root, AppClass sometimes believes the process manager will have permission to exec a file when, in fact, it won't. The symptom of this problem will be an appropriate entry in the server's error log. Requested Enhancements (listed in no particular order) ---------------------- 1. Remove old Unix Domain sockets from the IPC dir during startup. 2. Implement more reliable kill-off of FastCGI processes. The problem is that Apache only gives the FastCGI process manager 3 seconds to kill off all of its children; often this is not enough. One solution would be an Apache API change to allow the FastCGI process manager to run as the head of its own process group; this would allow killing all the children with one system call. 3. Implement the Authorizer role. This might reduce the current proliferation of mod_auth_* modules. 4. Support running FastCGI apps without AppClass. Design notes for this enhancement are contained in mod_fastcgi.c. 5. Implement a separate timeout for the communication with the FastCGI application. At present mod_fastcgi's timeout is for the communication with the client. A much shorter timeout would often be appropriate for the communication with the FastCGI application. One difficulty is that mod_fastcgi often interleaves client and application communication. 6. Implement a more aggressive buffering policy in mod_fastcgi. Support an option that buffers all of the client's input before connecting to the application and buffers all of the application's output before responding to the client. Such an option means that an application is never tied up by a slow client. 7. Implement session affinity. The issue here is where to get session information from. Apache doesn't handle this in a standard way and there's no way to customize short of writing C code to link into the server. (Authorizer role would allow the session-identifying code to run outside the server.) What's New: Version 1.4.3, 15 Jan 1997 --------------------------------------- 1. Fixed compilation warnings for various platforms, as well as conditional compilation for OS/2. What's New: Version 1.4.2, 12 Dec 1996 --------------------------------------- 1. mod_fastcgi.c is ported to Apache 1.2b. Any further development will proceed under this version of Apache web server. 2. As the result of porting, the "include virtual" construct of SSI will now work correctly using either or directive. What's New: Version 1.4.1, 4 Dec 1996 --------------------------------------- 1. Checks have been removed from the ScanCGIHeaders that provided for the presence of both Status and Location headers as being an error. Contradictory to CGI/1.1 Internet Draft, both of these headers are used by the current CGI applications. What's New: Version 1.4, 22 Nov 1996 --------------------------------------- 1. Added the -port option to AppClass, allowing TCP/IP communication. Added the -socket option to AppClass, allowing Unix domain communication via a configurable pathname. Added the ExternalAppClass directive, allowing TCP/IP communication with remote FastCGI applications. See the documentation for full information. 2. The handler had its own code for generating HTTP response headers; now it uses Apache's. This reduces the size of the module. More importantly, it fixes the bug in which "include virtual" sees the HTTP response headers. 3. The response header parser performed very little checking. Now the parser enforces the guidelines in the CGI/1.1 Internet-Draft: Status and Location are mutually exclusive, Location can only be a response to GET or HEAD, CGI response headers can't be repeated, etc. (The CGI response headers are the ones the handler interprets: Status, Location, and Content-type.) 4. The response header parser used to miss CGI headers with no whitespace after the colon, e.g. "Status:200 OK". 5. The response header parser sometimes interpreted the first line of content as an RFC822 continuation line. 6. The handler implemented a nonstandard version of Location which never used internal redirects. The handler now attempts to implement Location as specified in the CGI/1.1 Internet-Draft. The module documentation explains the new behavior. 7. Error log entries from the response header parser were pretty uninformative; they are better now. If a header is malformed, the log entry includes it. If the headers are unterminated rather than malformed, the log entry says that, and says how many bytes were received from the app. 8. When the application manager forked a new process, and that process ran into trouble before executing the first instruction of application code, the process used to exit with status = errno. This made certain configuration problems (e.g. incorrect file permissions when server parent is root) quite difficult to pin down. Now the failing child process opens up the error log and writes an informative entry before exiting. 9. The module now correctly handles a slash at the end of the DocumentRoot directive. This was a one-line fix. What's New: Version 1.3.3, 17 Oct 1996 --------------------------------------- 1. The module now registers its request handler under the name fastcgi-script in addition to the name application/x-httpd-fcgi. This was a one-line addition to the module, but had quite a large impact on the documentation and sample configuration. What's New: Version 1.3.2, 27 Sept 1996 --------------------------------------- 1. On some systems (SunOS, Linux?), fopen for append has a bug that strikes when two processes append to the same file. This bug causes the process manager to corrupt the error log. Work around the bug by calling open, then fdopen. A patch to Apache 1.1.1 is also required, as described in mod_fastcgi.html. (Reported by Bob Ramstad.) What's New: Version 1.3.1, 17 Sept 1996 --------------------------------------- 1. On Linux and SunOS, the Apache default user_id (-1) is not a legal value of uid_t, so cast it. (Reported by Bob Ramstad, Scott Langley, others.) 2. On some systems (Linux, some Solaris?, Irix?), connect requires write access to a Unix Domain socket, so provide it. (Reported by Scott Langley, freeform@wired.com, others.) 3. If you hit a .fcg file, but there's no AppClass defined, the error should be NOT_FOUND instead of SERVER_ERROR. (Reported by Michael Smith.) What's New: Version 1.3, 4 Sept 1996 -------------------------------------- 1. Module sometimes busy-waited in FastCgiDoWork. Fixed. 2. Module violated the Apache buff abstraction. Fixed. Might now work with SSL (not tested). As part of the fix, eliminated support for Apache 1.0x versions. 3. Module failed to chmod the Unix domain listening sockets it created, so protections were set according to the current umask. Fixed. 4. Module forked too many process manager processes: One per AppClass. When the Apache parent ran as root, these process manager processes ran as root. New process manager is a single process (only started if AppClass is used) and runs with same privileges as other children. The new process manager doesn't do any polling, so there's less system overhead than before. 5. AppClass insisted on getting at least two arguments. Fixed. 6. Module used setjmp/longjmp, causing compiler warnings on some platforms (e.g. Linux.) The module no longer uses setjmp/longjmp. 7. Module created listening sockets in /tmp, where they were sometimes wiped out by cleanup scripts. Added FastCgiIpcDir directive to give control over the location of listening sockets. 8. Module wrote error log entries without a timestamp. Fixed. 9. AppClass directive wrote error messages to stderr in addition to returning a char * message to the Apache core. Fixed. What's New: Version 1.2, 3 June 1996 -------------------------------------- 1. Ported from Apache-1.0-based code to Apache-1.1b2 internals by Ralf S. Engelschall Add version string: APACHEVERSION macro to mod_fastcgi.c 2. chown FastCGI socket to user_id and setuid to user_id for app class processes 3. Modify GetFromStream() by having it call an OS dependent function GetStreamSize(FILE *) which uses FILE internal data member. Linux users might need to modify GetStreamSize(). What's New: Version 1.1, 10 May 1996 -------------------------------------- Fixed two bugs: 1. If you specify a non-existent executable in the AppClass directive, or if the file exists and it does not have execute permission you get a constant stream of error messages telling you that "program terminated due to a signal". 2. The mod_fastcgi module should use the standard Apache error logging facility instead of writing to stderr. Version 1.0, 30 April 1996 --------------------------