Apache 1.3.3 merge + proxy_segv fix

49 files changed, 9126 insertions, 2485 deletions

diff --git a/usr.sbin/httpd/ABOUT_APACHE b/usr.sbin/httpd/ABOUT_APACHE
index b2e2c6d61f6..8f54e59e8de 100644
--- a/usr.sbin/httpd/ABOUT_APACHE
+++ b/usr.sbin/httpd/ABOUT_APACHE
@@ -3,7 +3,7 @@
 
                          http://www.apache.org/
 
-                               June 1997
+                             September 1998
 
 The Apache Project is a collaborative software development effort aimed
 at creating a robust, commercial-grade, featureful, and freely-available
@@ -65,33 +65,39 @@ December 1, 1995.
 Less than a year after the group was formed, the Apache server passed
 NCSA's httpd as the #1 server on the Internet.
 
-============================================================================
+ ============================================================================
 
-Current Apache Group in alphabetical order as of 1 August 1997:
+Current Apache Group in alphabetical order as of 23 September 1998:
 
    Brian Behlendorf       Organic Online, California 
-   Ken Coar               Process Software Corporation, New England, USA 
-   Mark J. Cox            UKWeb, UK 
+   Ken Coar               IBM Corporation, Research Triangle Park, NC, USA
+   Mark J. Cox            C2Net Europe, UK 
+   Lars Eilebrecht        Kreuztal, Germany 
    Ralf S. Engelschall    Munich, Germany.
    Roy T. Fielding        UC Irvine, California 
-   Dean Gaudet            Steam Tunnel Operations, California 
+   Dean Gaudet            Transmeta Corporation, California 
    Rob Hartill            Internet Movie DB, UK 
+   Ben Hyde               Gensym, Massachusetts
    Jim Jagielski          jaguNET ISP, Maryland 
    Alexei Kosut           Stanford University, California 
+   Martin Kraemer         Munich, Germany
    Ben Laurie             Freelance Consultant, UK 
-   Chuck Murcko           The Topsail Group, Pennsylvania 
+   Doug MacEachern        Freelance Consultant, Summer Seasons, Earth
    Aram W. Mirzadeh       Qosina Corporation, New York 
    Sameer Parekh          C2Net, California 
-   Paul Sutton            UKWeb, UK 
    Marc Slemko            Canada 
+   Cliff Skolnick         Freelance, California
+   Bill Stoddard          IBM Corp., Research Triangle Park, NC
+   Paul Sutton            C2Net Europe, UK 
    Randy Terbush          Zyzzyva ISP, Nebraska 
    Dirk-Willem van Gulik  Freelance Consultant, Italy 
-   Andrew Wilson          Freelance Consultant, UK 
 
 Apache Emeritae (old group members now off doing other things)
 
-   Robert S. Thau         MIT, Massachusetts
+   Chuck Murcko           The Topsail Group, Pennsylvania 
    David Robinson         Cambridge University, UK
+   Robert S. Thau         MIT, Massachusetts
+   Andrew Wilson          Freelance Consultant, UK 
    
 Other major contributors
 
@@ -100,34 +106,36 @@ Other major contributors
    Paul Richards (convinced the group to use remote CVS after 1.0),
    Kevin Hughes (creator of all those nifty icons),
    Henry Spencer (author of the regex library), Garey Smiley (OS/2 port),
-   Howard Fear (mod_include), Florent Guillaume (language negotiation)
+   Howard Fear (mod_include), Florent Guillaume (language negotiation), 
+   Ambarish Malpani (NT port).
 
 Many 3rd-party modules, frequently used and recommended, are also
 freely-available and linked from the related projects page:
-<http://www.zyzzyva.com/module_registry/>, and their authors frequently
+<http://modules.apache.org/>, and their authors frequently
 contribute ideas, patches, and testing.  In particular, Doug MacEachern
 (mod_perl) and Rasmus Lerdorf (mod_php).
 
 Hundreds of people have made individual contributions to the Apache
 project.  Patch contributors are listed in the src/CHANGES file.
-Frequent contributors have included Petr Lampa, Tom Tromey,
-James H. Cloos Jr., Ed Korthof, Nathan Neulinger, Jason S. Clary,
-Jason A. Dour, Michael Douglass, Tony Sanders, Martin Kraemer,
-Brian Tao, Michael Smith, Adam Sussman, Nathan Schrenk, Matthew Gray,
-and John Heidemann.
+Frequent contributors have included Petr Lampa, Tom Tromey, James H.
+Cloos Jr., Ed Korthof, Nathan Neulinger, Jason S. Clary, Jason A. Dour,
+Michael Douglass, Tony Sanders, Brian Tao, Michael Smith, Adam Sussman,
+Nathan Schrenk, Matthew Gray, and John Heidemann.
 
-============================================================================
+ ============================================================================
 
-How to join the Apache Group
+How to become involved in the Apache project
 
 There are several levels of contributing.  If you just want to send
 in an occasional suggestion/fix, then you can just use the bug reporting
-form at <http://www.apache.org/bugdb.cgi>.  You can also subscribe to the
-announcements mailing list (apache-announce@apache.org) which we use to
-broadcast information about new releases, bugfixes, and upcoming events.
-
-If you'd like to become an active member of the Apache Group (the group
-of volunteers who vote on changes to the distributed server), then
+form at <http://www.apache.org/bug_report.html>.  You can also subscribe
+to the announcements mailing list (apache-announce@apache.org) which we
+use to broadcast information about new releases, bugfixes, and upcoming
+events.  There's a lot of information about the development process (much
+of it in serious need of updating) to be found at <http://dev.apache.org/>.
+
+If you'd like to become an active contributor to the Apache project (the
+group of volunteers who vote on changes to the distributed server), then
 you need to start by subscribing to the new-httpd@apache.org mailing list.
 One warning though: traffic is high, 1000 to 1500 messages/month.
 To subscribe to the list, send "subscribe new-httpd" in the body of
@@ -140,9 +148,17 @@ a while before trying to jump in to development.
    directions.  If you have user/configuration questions, send them
    to the USENET newsgroup "comp.infosystems.www.servers.unix".
 
-The Apache Group is a meritocracy -- the more work you have done, the more
+There is a core group of contributors (informally called the "core")
+which was formed from the project founders and is augmented from time
+to time when core members nominate outstanding contributors and the
+rest of the core members agree.  The core group focus is more on
+"business" issues and limited-circulation things like security problems
+than on mainstream code development.  The term "The Apache Group"
+technically refers to this core of project contributors.
+
+The Apache project is a meritocracy -- the more work you have done, the more
 you are allowed to do.  The group founders set the original rules, but
-they can be changed by vote of the active members.  There is a core group
+they can be changed by vote of the active members.  There is a group
 of people who have logins on our server (hyperreal.com) and access to the
 CVS repository.  Everyone has access to the CVS snapshots.  Changes to
 the code are proposed on the mailing list and usually voted on by active
@@ -155,24 +171,23 @@ messages a day flow over the list, and are typically very conversational in
 tone. We discuss new features to add, bug fixes, user problems, developments
 in the web server community, release dates, etc.  The actual code development
 takes place on the developers' local machines, with proposed changes
-communicated using a patch (output of a context "diff -c3 oldfile newfile"
+communicated using a patch (output of a unified "diff -u oldfile newfile"
 command), and committed to the source repository by one of the core
-developers using remote CVS.
+developers using remote CVS.  Anyone on the mailing list can vote on a
+particular issue, but we only count those made by active members or people
+who are known to be experts on that part of the server.  Vetoes must be
+accompanied by a convincing explanation.
 
 New members of the Apache Group are added when a frequent contributor is
 nominated by one member and unanimously approved by the voting members.
 In most cases, this "new" member has been actively contributing to the
 group's work for over six months, so it's usually an easy decision.
-Anyone on the mailing list can vote on a particular issue, but we only
-count those made by active members or people who are known to be experts
-on that part of the server.  Vetoes must be accompanied by a convincing
-explanation.
 
-The above describes our past and current (as of June 1997) guidelines,
+The above describes our past and current (as of April 1998) guidelines,
 which will probably change over time as the membership of the group
 changes and our development/coordination tools improve.
 
-============================================================================
+ ============================================================================
 
 Why Apache Is Free
 
@@ -216,7 +231,7 @@ as described in the LICENSE file.
 
 Thanks for using Apache!
 
-============================================================================
+ ============================================================================
 Roy Fielding, June 1997
 
 If you are interested in other WWW history, see <http://www.webhistory.org/>
diff --git a/usr.sbin/httpd/Announcement b/usr.sbin/httpd/Announcement
index cfbc34f504a..9382397d10c 100644
--- a/usr.sbin/httpd/Announcement
+++ b/usr.sbin/httpd/Announcement
@@ -1,22 +1,32 @@
-Apache 1.3.2 Released
+Apache 1.3.3 Released
 =====================
 
 The Apache Group is pleased to announce the release of version
-1.3.2 of the Apache HTTP server.  
-
-The changes in this release consist of Unix portability fixes,
-DoS issues, and assorted other minor features or fixes.  Users
-should review the CHANGES file and decide on their upgrade plans;
-We consider Apache 1.3.2 to be the most stable version of Apache
-available.
-
-Apache 1.3.2 is available for download from
+1.3.3 of the Apache HTTP server.
+
+This new Apache version is a bugfix release, primarily to fix a
+serious problem with server error reporting introduced in 1.3.2.
+This affected the functionality of most custom ErrorDocuments and
+of some modules that depend on special error output (e.g., mod_speling).
+A side-effect bug that resulted in incorrect error reporting of
+nonexistent .htaccess files has also been fixed.
+
+Additional changes in this release consist of new supported platforms,
+Win32 and Unix portability fixes, ErrorDocument environment enhancements,
+improved protocol behavior to match the HTTP/1.1 revised specification,
+and assorted other features or fixes.  Users should review the CHANGES file
+and decide on their upgrade plans.  We consider Apache 1.3.3 to be the
+most stable version of Apache available and we strongly recommend that
+users of older versions, especially of the 1.1.x and 1.2.x family, upgrade
+as soon as possible.
+
+Apache 1.3.3 is available for download from
 
     http://www.apache.org/dist/
 
-Please see the CHANGES file in the same directory for a full list
-of changes.  The distribution is also available via any of the
-mirrors listed at
+Please see the CHANGES_1.3 file in the same directory for a full
+list of changes.  The distribution is also available via any of
+the mirrors listed at
 
     http://www.apache.org/mirrors/
 
@@ -26,10 +36,10 @@ For an overview of new features in 1.3 please see
 
 In general, Apache 1.3 offers several substantial improvements
 over version 1.2, including better performance, reliability and a
-wider-range of supported platforms, including Windows 95 and NT
+wider range of supported platforms, including Windows 95 and NT
 (which both fall under the "Win32" label).
 
-Apache is the most popular web-server in the known universe; over
+Apache is the most popular web server in the known universe; over
 half of the servers on the Internet are running Apache or one of
 its variants.
 
@@ -40,6 +50,5 @@ levels and should still be considered to be of beta quality.  Any
 Win32 stability or security problems do not impact, in any way,
 Apache on other platforms.  With the continued donation of time
 and resources by individuals and companies, we hope that the Win32
-version of Apache will grow stronger through the 1.3.x release
-cycle.
+version of Apache will grow stronger through the 1.3.x release cycle.
 
diff --git a/usr.sbin/httpd/INSTALL b/usr.sbin/httpd/INSTALL
index 75d492877f9..1fc381e8844 100644
--- a/usr.sbin/httpd/INSTALL
+++ b/usr.sbin/httpd/INSTALL
@@ -271,7 +271,7 @@
       (-) mod_speling ...... Correction of misspelled URLs
      Directory Handling
       (+) mod_dir .......... Directory and directory default file handling
-      (+) mod_auto_index ... Automated directory index file generation
+      (+) mod_autoindex .... Automated directory index file generation
      Access Control
       (+) mod_access ....... Access Control (user, host, network)
       (+) mod_auth ......... HTTP Basic Authentication (user, passwd)
@@ -435,8 +435,11 @@
         $ PREFIX/sbin/apachectl start
  
      and then you should be able to request your first document via URL
-     http://localhost/. Then stop the server again by running:
-  
+     http://localhost/ (when you built and installed Apache as root or at
+     least used the --without-confadjust option) or http://localhost:8080/
+     (when you built and installed Apache as a regular user). Then stop the
+     server again by running: 
+
         $ PREFIX/sbin/apachectl stop
  
   7. Customizing the package
@@ -449,7 +452,7 @@
         $ vi PREFIX/etc/access.conf
         $ vi PREFIX/etc/srm.conf
  
-     Have a look at the Apache manual under http://localhost/manual/ or
+     Have a look at the Apache manual under htdocs/manual/ or
      http://www.apache.org/docs/ for a complete reference of available
      configuration directives.
 
diff --git a/usr.sbin/httpd/README.NT b/usr.sbin/httpd/README.NT
index e7f7c7438e0..db2a23e6733 100644
--- a/usr.sbin/httpd/README.NT
+++ b/usr.sbin/httpd/README.NT
@@ -31,10 +31,6 @@ platform such as Solaris, FreeBSD, or Linux.
 
 Apache on Win32 should still be considered beta quality code.  It does not
 meet the normal standards of stability and security that Unix releases do.
-There is also a much greater chance of security holes being present in the
-Win32 version of Apache, due to the frequent discrepancies between the public
-documentation for the various Windows system calls and file system types
-and the reality of what is included in Windows system software.
 
 Installation or Compilation Instructions
 ----------------------------------------
diff --git a/usr.sbin/httpd/README.configure b/usr.sbin/httpd/README.configure
index 87eeb113347..e8d0ddc2271 100644
--- a/usr.sbin/httpd/README.configure
+++ b/usr.sbin/httpd/README.configure
@@ -13,7 +13,7 @@
   The basic goal is to provide the following commonly known and expected
   procedure for out-of-the-box building and installing a package like Apache:
 
-    $ gunzip <apache-1.3.X.tar.gz | tar xvf -
+    $ gunzip <apache_1.3.X.tar.gz | tar xvf -
     $ ./configure --prefix=PREFIX [...]
     $ make
     $ make install
@@ -224,7 +224,7 @@
     [optionally you now have the chance to prepare or add more 
      third-party modules to the Apache source tree]
 
-    $ cd ../apache-1.3.X
+    $ cd ../apache_1.3.X
     $ ./configure --prefix=/path/to/apache \
                   --activate-module=src/modules/perl/libperl.a \
                   [--enable-shared=perl]
@@ -242,17 +242,17 @@
 
     $ gunzip <apache_1.3.X.tar.gz | tar xvf -
     $ gunzip <php-3.0.tar.gz | tar xvf -
-    $ cd apache-1.3.X
+    $ cd apache_1.3.X
     $ ./configure --prefix=/path/to/apache
     $ cd ../php-3.0
-    $ ./configure --with-apache=../apache-1.3.X
+    $ ./configure --with-apache=../apache_1.3.X
     $ make
     $ make install
 
     [optionally you now have the chance to prepare or add more 
      third-party modules to the Apache source tree]
 
-    $ cd ../apache-1.3.X
+    $ cd ../apache_1.3.X
     $ ./configure --prefix=/path/to/apache \
                   --activate-module=src/modules/php3/libphp3.a
     $ make 
@@ -262,17 +262,17 @@
 
     $ gunzip <apache_1.3.X.tar.gz | tar xvf -
     $ gunzip <php-3.0.tar.gz | tar xvf -
-    $ cd apache-1.3.X
+    $ cd apache_1.3.X
     $ ./configure --prefix=/path/to/apache
     $ cd ../php-3.0
-    $ ./configure --with-shared-apache=../apache-1.3.X
+    $ ./configure --with-shared-apache=../apache_1.3.X
     $ make
     $ make install
 
     [optionally you now have the chance to prepare or add more 
      third-party modules to the Apache source tree]
 
-    $ cd ../apache-1.3.X
+    $ cd ../apache_1.3.X
     $ ./configure --prefix=/path/to/apache \
                   --activate-module=src/modules/php3/libphp3.a \
                   --enable-shared=php3
diff --git a/usr.sbin/httpd/conf/access.conf-dist b/usr.sbin/httpd/conf/access.conf-dist
index 8e17b5360f1..c965cdb7569 100644
--- a/usr.sbin/httpd/conf/access.conf-dist
+++ b/usr.sbin/httpd/conf/access.conf-dist
@@ -10,15 +10,28 @@
 
 # Originally by Rob McCool
 
+# First, we configure the "default" to be a very restrictive set of 
+# permissions.  
+
+<Directory />
+Options FollowSymLinks
+AllowOverride None
+</Directory>
+
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+
 # This should be changed to whatever you set DocumentRoot to.
 
-<Directory /usr/local/etc/httpd/htdocs>
+<Directory "@@ServerRoot@@/htdocs">
 
 # This may also be "None", "All", or any combination of "Indexes",
 # "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
 
 # Note that "MultiViews" must be named *explicitly* --- "Options All"
-# doesn't give it to you (or at least, not yet).
+# doesn't give it to you.
 
 Options Indexes FollowSymLinks
 
@@ -35,10 +48,10 @@ allow from all
 
 </Directory>
 
-# /usr/local/etc/httpd/cgi-bin should be changed to whatever your ScriptAliased
+# @@ServerRoot@@/cgi-bin should be changed to whatever your ScriptAliased
 # CGI directory exists, if you have that configured.
 
-<Directory /usr/local/etc/httpd/cgi-bin>
+<Directory "@@ServerRoot@@/cgi-bin">
 AllowOverride None
 Options None
 </Directory>
@@ -54,6 +67,18 @@ Options None
 #allow from .your_domain.com
 #</Location>
 
+# Allow remote server configuration reports, with the URL of
+#  http://servername/server-info (requires that mod_info.c be loaded).
+# Change the ".your_domain.com" to match your domain to enable.
+
+#<Location /server-info>
+#SetHandler server-info
+
+#order deny,allow
+#deny from all
+#allow from .your_domain.com
+#</Location>
+
 # There have been reports of people trying to abuse an old bug from pre-1.1
 # days.  This bug involved a CGI script distributed as a part of Apache.
 # By uncommenting these lines you can redirect these attacks to a logging 
diff --git a/usr.sbin/httpd/conf/highperformance.conf-dist b/usr.sbin/httpd/conf/highperformance.conf-dist
index 4c03fba5287..fb7c72563ba 100644
--- a/usr.sbin/httpd/conf/highperformance.conf-dist
+++ b/usr.sbin/httpd/conf/highperformance.conf-dist
@@ -43,7 +43,7 @@ ErrorLog logs/error_log
 </Directory>
 
 # If this was a real internet server you'd probably want to uncomment this:
-#<Directory @@ServerRoot@@/htdocs>
+#<Directory "@@ServerRoot@@/htdocs">
 #    order allow,deny
 #    allow from all
 #</Directory>
diff --git a/usr.sbin/httpd/conf/httpd.conf-dist b/usr.sbin/httpd/conf/httpd.conf-dist
index fb0c28605ea..264d9f0b52f 100644
--- a/usr.sbin/httpd/conf/httpd.conf-dist
+++ b/usr.sbin/httpd/conf/httpd.conf-dist
@@ -7,6 +7,19 @@
 
 # Originally by Rob McCool
 
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Please read the file README.DSO in the Apache 1.3 distribution for more
+# details about the DSO mechanism and run `httpd -l' for the list of already
+# built-in (statically linked and thus always available) modules in your httpd
+# binary.
+#
+# Example:
+# LoadModule foo_module libexec/mod_foo.so
+
 # ServerType is either inetd, or standalone.
 
 ServerType standalone
@@ -20,10 +33,10 @@ Port 80
 
 # HostnameLookups: Log the names of clients or just their IP numbers
 #   e.g.   www.apache.org (on) or 204.62.129.132 (off)
-# You should probably turn this off unless you are going to actually
-# use the information in your logs, or with a CGI.  Leaving this on
-# can slow down access to your site.
-HostnameLookups on
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on.
+
+HostnameLookups off
 
 # If you wish httpd to run as a different user or group, you must run
 # httpd as root initially and it will switch.  
@@ -32,27 +45,25 @@ HostnameLookups on
 #  On SCO (ODT 3) use User nouser and Group nogroup
 #  On HPUX you may not be able to use shared memory as nobody, and the
 #  suggested workaround is to create a user www and use that user.
+#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
+#  when the value of (unsigned)Group is above 60000; 
+#  don't use Group #-1 on these systems!
+
 User nobody
 Group #-1
 
-# The following directive disables keepalives and HTTP header flushes for
-# Netscape 2.x and browsers which spoof it. There are known problems with
-# these
-
-BrowserMatch Mozilla/2 nokeepalive
-
 # ServerAdmin: Your address, where problems with the server should be
 # e-mailed.
 
 ServerAdmin you@your.address
 
 # ServerRoot: The directory the server's config, error, and log files
-# are kept in
+# are kept in.
 # NOTE!  If you intend to place this on a NFS (or otherwise network)
 # mounted filesystem then please read the LockFile documentation,
 # you will save yourself a lot of trouble.
 
-ServerRoot /usr/local/etc/httpd
+ServerRoot "@@ServerRoot@@"
 
 # BindAddress: You can support virtual hosts with this option. This option
 # is used to tell the server which IP address to listen to. It can either
@@ -66,10 +77,35 @@ ServerRoot /usr/local/etc/httpd
 
 ErrorLog logs/error_log
 
-# TransferLog: The location of the transfer log file. If this does not
-# start with /, ServerRoot is prepended to it.
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+
+LogLevel warn
+
+# The following directives define some format nicknames for use with
+# a CustomLog directive (see below).
+
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# The location of the access logfile (Common Logfile Format).
+# If this does not start with /, ServerRoot is prepended to it.
 
-TransferLog logs/access_log
+CustomLog logs/access_log common
+
+# If you would like to have an agent and referer logfile uncomment the
+# following directives.
+
+#CustomLog logs/referer_log referer
+#CustomLog logs/agent_log agent
+
+# If you prefer a single logfile with access, agent and referer information
+# (Combined Logfile Format) you can use the following directive.
+
+#CustomLog logs/access_log combined
 
 # PidFile: The file the server should log its pid to
 PidFile logs/httpd.pid
@@ -78,7 +114,23 @@ PidFile logs/httpd.pid
 # Not all architectures require this.  But if yours does (you'll know because
 # this file is created when you run Apache) then you *must* ensure that
 # no two invocations of Apache share the same scoreboard file.
-ScoreBoardFile logs/apache_status
+ScoreBoardFile logs/apache_runtime_status
+
+# The LockFile directive sets the path to the lockfile used when Apache
+# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
+# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
+# its default value. The main reason for changing it is if the logs
+# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
+# DISK. The PID of the main server process is automatically appended to
+# the filename. 
+#
+#LockFile logs/accept.lock
+
+# ExtendedStatus controls whether Apache will generate "full" status
+# information (ExtendedStatus On) or just basic information (ExtendedStatus
+# Off) when the server-status Handler is called. The default is Off.
+#
+#ExtendedStatus On
 
 # ServerName allows you to set a host name which is sent back to clients for
 # your server if it's different than the one the program would get (i.e. use
@@ -87,9 +139,27 @@ ScoreBoardFile logs/apache_status
 # Note: You cannot just invent host names and hope they work. The name you 
 # define here must be a valid DNS name for your host. If you don't understand
 # this, ask your network administrator.
+# If your host doesn't have a registered DNS name, enter its IP address here.
+# You will have to access it by its address (e.g., http://123.45.67.89)
+# anyway, and this will make redirections work in a sensible way.
 
 #ServerName new.host.name
 
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (error documents, ftp directory listings,
+# mod_status and mod_info output etc., but not SSI generated documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+ServerSignature on
+
+# UseCanonicalName:  (new for 1.3)  With this setting turned on, whenever
+# Apache needs to construct a self-referencing URL (a url that refers back
+# to the server the response is coming from) it will use ServerName and
+# Port to form a "canonical" name.  With this setting off, Apache will
+# use the hostname:port that the client supplied, when possible.  This
+# also affects SERVER_NAME and SERVER_PORT in CGIs.
+UseCanonicalName on
+
 # CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each
 # document that was negotiated on the basis of content. This asks proxy
 # servers not to cache the document. Uncommenting the following line disables
@@ -157,9 +227,16 @@ MaxRequestsPerChild 30
 
 #ProxyRequests On
 
+# Enable/disable the handling of HTTP/1.1 "Via:" headers.
+# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+# Set to one of: Off | On | Full | Block
+#ProxyVia on
+
 # To enable the cache as well, edit and uncomment the following lines:
+# (no cacheing without CacheRoot)
+
+#CacheRoot @@ServerRoot@@/proxy
 
-#CacheRoot /usr/local/etc/httpd/proxy
 #CacheSize 5
 #CacheGcInterval 4
 #CacheMaxExpire 24
diff --git a/usr.sbin/httpd/conf/mime.types b/usr.sbin/httpd/conf/mime.types
index b662c16b67c..6408d6a8eea 100644
--- a/usr.sbin/httpd/conf/mime.types
+++ b/usr.sbin/httpd/conf/mime.types
@@ -1,5 +1,11 @@
-# This is a comment. I love comments.
+# This file controls what MIME types are sent to the client for the
+# given file extensions.  Sending the correct MIME type to the client
+# is important so they know how to handle the content of the file.
+# Extra types can either be added here or by using an AddType directive
+# in your config files. For more information about MIME types
+# please read RFC 2045, 2046, 2047, 2048, and 2077.
 
+# MIME type			Extension
 application/activemessage
 application/andrew-inset
 application/applefile
@@ -20,6 +26,7 @@ application/powerpoint		ppt
 application/remote-printing
 application/rtf			rtf
 application/slate
+application/smil		smi smil sml
 application/wita
 application/wordperfect5.1
 application/x-bcpio		bcpio
@@ -32,6 +39,7 @@ application/x-dvi		dvi
 application/x-gtar		gtar
 application/x-gzip
 application/x-hdf		hdf
+application/x-javascript	js
 application/x-koan		skp skd skt skm
 application/x-latex		latex
 application/x-mif		mif
@@ -54,7 +62,7 @@ application/x-wais-source	src
 application/zip			zip
 audio/basic			au snd
 audio/midi			mid midi kar
-audio/mpeg			mpga mp2
+audio/mpeg			mpga mp2 mp3
 audio/x-aiff			aif aiff aifc
 audio/x-pn-realaudio		ram
 audio/x-pn-realaudio-plugin	rpm
@@ -79,20 +87,26 @@ message/external-body
 message/news
 message/partial
 message/rfc822
+model/iges			igs iges
+model/vrml			wrl vrml
+model/mesh			msh mesh silo
 multipart/alternative
 multipart/appledouble
 multipart/digest
 multipart/mixed
 multipart/parallel
+text/css			css
 text/html			html htm
 text/plain			txt
 text/richtext			rtx
 text/tab-separated-values	tsv
 text/x-setext			etx
 text/x-sgml			sgml sgm
+text/xml			xml dtd
 video/mpeg			mpeg mpg mpe
 video/quicktime			qt mov
 video/x-msvideo			avi
 video/x-sgi-movie		movie
 x-conference/x-cooltalk		ice
-x-world/x-vrml			wrl vrml
+
+# This is a comment. I love comments.
diff --git a/usr.sbin/httpd/conf/srm.conf-dist b/usr.sbin/httpd/conf/srm.conf-dist
index 40102cd03ce..d71d148b987 100644
--- a/usr.sbin/httpd/conf/srm.conf-dist
+++ b/usr.sbin/httpd/conf/srm.conf-dist
@@ -12,7 +12,7 @@
 # documents. By default, all requests are taken from this directory, but
 # symbolic links and aliases may be used to point to other locations.
 
-DocumentRoot /usr/local/etc/httpd/htdocs
+DocumentRoot "@@ServerRoot@@/htdocs"
 
 # UserDir: The name of the directory which is appended onto a user's home
 # directory if a ~user request is recieved.
@@ -84,13 +84,30 @@ HeaderName HEADER
 # IndexIgnore is a set of filenames which directory indexing should ignore
 # Format: IndexIgnore name1 name2...
 
-IndexIgnore */.??* *~ *# */HEADER* */README* */RCS
+IndexIgnore .??* *~ *# HEADER* README* RCS
 
 # AccessFileName: The name of the file to look for in each directory
 # for access control information.
 
 AccessFileName .htaccess
 
+# The following lines prevent .htaccess files from being viewed by
+# Web clients.  Since .htaccess files often contain authorization
+# information, access is disallowed for security reasons.  Comment
+# these lines out if you want Web visitors to see the contents of
+# .htaccess files.  If you change the AccessFileName directive above,
+# be sure to make the corresponding changes here.
+
+<Files .htaccess>
+order allow,deny
+deny from all
+</Files>
+
+# TypesConfig describes where the mime.types file (or equivalent) is
+# to be found.
+
+TypesConfig conf/mime.types
+
 # DefaultType is the default MIME type for documents which the server
 # cannot find the type of from filename extensions.
 
@@ -135,12 +152,12 @@ LanguagePriority en fr de
 # require it to be present in the URL.  So "/icons" isn't aliased in this
 # example.
 
-#Alias /icons/ /usr/local/etc/httpd/icons/
+Alias /icons/ "@@ServerRoot@@/icons/"
 
 # ScriptAlias: This controls which directories contain server scripts.
 # Format: ScriptAlias fakename realname
 
-#ScriptAlias /cgi-bin/ /usr/local/etc/httpd/cgi-bin/
+#ScriptAlias /cgi-bin/ "@@ServerRoot@@/cgi-bin/"
 
 # If you want to use server side includes, or CGI outside
 # ScriptAliased directories, uncomment the following lines.
@@ -149,6 +166,11 @@ LanguagePriority en fr de
 # make certain files to be certain types.
 # Format: AddType type/subtype ext1
 
+# For example, the PHP3 module (not part of the Apache distribution)
+# will typically use:
+#AddType application/x-httpd-php3 .phtml
+#AddType application/x-httpd-php3-source .phps
+
 # AddHandler allows you to map certain file extensions to "handlers",
 # actions unrelated to filetype. These can be either built into the server
 # or added with the Action command (see below)
@@ -204,3 +226,25 @@ LanguagePriority en fr de
 #    3) external redirects
 #ErrorDocument 402 http://some.other_server.com/subscription_info.html
 #
+
+# mod_mime_magic allows the server to use various hints from the file itself
+# to determine its type.
+#MimeMagicFile conf/magic
+
+# The following directives disable keepalives and HTTP header flushes.
+# The first directive disables it for Netscape 2.x and browsers which
+# spoof it. There are known problems with these.
+# The second directive is for Microsoft Internet Explorer 4.0b2
+# which has a broken HTTP/1.1 implementation and does not properly
+# support keepalive when it is used on 301 or 302 (redirect) responses.
+
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+
+# The following directive disables HTTP/1.1 responses to browsers which
+# are in violation of the HTTP/1.0 spec by not being able to grok a
+# basic 1.1 response.
+
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
diff --git a/usr.sbin/httpd/htdocs/manual/ebcdic.html b/usr.sbin/httpd/htdocs/manual/ebcdic.html
index 3ce6116c0ff..a8ce553d44e 100644
--- a/usr.sbin/httpd/htdocs/manual/ebcdic.html
+++ b/usr.sbin/httpd/htdocs/manual/ebcdic.html
@@ -25,8 +25,8 @@
   Version 1.3 of the Apache HTTP Server is the first version which
   includes a port to a (non-ASCII) mainframe machine which uses
   the EBCDIC character set as its native codeset.<BR>
-  (It is the SIEMENS NIXDORF family of mainframes running the
-  <A HREF="http://www.sni.de/servers/bs2osd/osdbc_us.htm">BS2000/OSD
+  (It is the SIEMENS family of mainframes running the
+  <A HREF="http://www.siemens.de/servers/bs2osd/osdbc_us.htm">BS2000/OSD
   operating system</A>. This mainframe OS nowadays features a
   SVR4-derived POSIX subsystem).
  </P>
@@ -107,9 +107,9 @@
 	indicate which part of the HTTP protocol has to be
 	converted and which part doesn't <EM>etc.</EM>
     <DT><CODE><STRONG>#ifdef _OSD_POSIX</STRONG></CODE>
-    <DD>Code which is needed for the BS2000 SIEMENS NIXDORF
+    <DD>Code which is needed for the SIEMENS BS2000/OSD
 	mainframe platform only. This deals with include file
-	differences and socket implementations topics which are
+	differences and socket implementation topics which are
 	only required on the BS2000/OSD platform.
    </DL>
    </LI><BR>
@@ -403,7 +403,7 @@
 
   <TR>
    <TD ALIGN=LEFT>mod_mime_magic
-   <TD ALIGN=CENTER>-
+   <TD ALIGN=CENTER>?
    <TD>not ported yet
   </TR>
 
@@ -479,7 +479,7 @@
   <TR>
    <TD ALIGN=LEFT><A HREF="http://www.php.net/">mod_php3</A>
    <TD ALIGN=CENTER>+
-   <TD>mod_php3 runs fine, with LDAP and GD libraries
+   <TD>mod_php3 runs fine, with LDAP and GD and FreeType libraries
   </TR>
 
   <TR>
diff --git a/usr.sbin/httpd/htdocs/manual/misc/FAQ.html b/usr.sbin/httpd/htdocs/manual/misc/FAQ.html
index ec8c8a1b07b..767a5759eb0 100644
--- a/usr.sbin/httpd/htdocs/manual/misc/FAQ.html
+++ b/usr.sbin/httpd/htdocs/manual/misc/FAQ.html
@@ -3,8 +3,7 @@
  <HEAD>
   <TITLE>Apache Server Frequently Asked Questions</TITLE>
  </HEAD>
-
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
  <BODY
   BGCOLOR="#FFFFFF"
   TEXT="#000000"
@@ -15,13 +14,13 @@
   <DIV ALIGN="CENTER">
  <IMG SRC="../images/sub.gif" ALT="[APACHE DOCUMENTATION]">
  <H3>
-  Apache HTTP Server Version 1.2
+  Apache HTTP Server Version 1.3
  </H3>
 </DIV>
 
   <H1 ALIGN="CENTER">Apache Server Frequently Asked Questions</H1>
   <P>
-  $Revision: 1.1 $ ($Date: 1998/03/25 07:08:35 $)
+  $Revision: 1.2 $ ($Date: 1998/10/11 19:45:05 $)
   </P>
   <P>
   The latest version of this FAQ is always available from the main
@@ -81,8 +80,11 @@
 <!--   the simple fact that older versions of Apache (and new ones  -->
 <!--   that have been upgraded without upgrading the mime.types     -->
 <!--   file) don't have the type listed at all.                     -->
-<!-- - Why is my .htaccess ignored?                                 -->
 <!-- - RewriteRule /~fraggle/* /cgi-bin/fraggle.pl does not work    -->
+<!-- - how do I disable authentication for a subdirectory?          -->
+<!--   (A: you can't but "satisfy any; allow from all" can be close -->
+<!-- - '400 malformed request' on Win32 might mean stale proxy; see -->
+<!--   PR #2300.                                                    -->
 <UL>
  <LI><STRONG>Background</STRONG>
   <OL START=1>
@@ -115,7 +117,7 @@
         work?&quot;  What to do in case of problems</A>
    </LI>
    <LI><A HREF="#compatible">How compatible is Apache with my existing
-    NCSA 1.3 setup?</A>
+        NCSA 1.3 setup?</A>
    </LI>
    <LI><A HREF="#CGIoutsideScriptAlias">How do I enable CGI execution
         in directories other than the ScriptAlias?</A>
@@ -130,154 +132,184 @@
    </LI>
    <LI><A HREF="#ssi-part-iii">How can I have my script output parsed?</A>
    </LI>
+   <LI><A HREF="#ssi-part-iv">SSIs don't work for VirtualHosts and/or 
+        user home directories</A>
+   </LI>
    <LI><A HREF="#proxy">Does or will Apache act as a Proxy server?</A>
    </LI>
    <LI><A HREF="#multiviews">What are &quot;multiviews&quot;?</A>
    </LI>
    <LI><A HREF="#fdlim">Why can't I run more than &lt;<EM>n</EM>&gt;
-    virtual hosts?</A>
+        virtual hosts?</A>
    </LI>
-   <LI><A HREF="#freebsd-setsize">Can I increase FD_SETSIZE on FreeBSD?</A>
+   <LI><A HREF="#freebsd-setsize">Can I increase <SAMP>FD_SETSIZE</SAMP>
+        on FreeBSD?</A>
    </LI>
-   <LI><A HREF="#limitGET">Why do I keep getting &quot;access denied&quot; for
-    form POST requests?</A>
+   <LI><A HREF="#POSTnotallowed">Why do I keep getting &quot;Method Not 
+        Allowed&quot; for form POST requests?</A>
    </LI>
    <LI><A HREF="#passwdauth">Can I use my <SAMP>/etc/passwd</SAMP> file
-    for Web page authentication?</A>
+        for Web page authentication?</A>
    </LI>
    <LI><A HREF="#errordoc401">Why doesn't my <CODE>ErrorDocument
-    401</CODE> work?</A>
+        401</CODE> work?</A>
    </LI>
    <LI><A HREF="#errordocssi">How can I use <CODE>ErrorDocument</CODE>
-   and SSI to simplify customized error messages?</A>
+        and SSI to simplify customized error messages?</A>
    </LI>
    <LI><A HREF="#setgid">Why do I get &quot;<SAMP>setgid: Invalid
-    argument</SAMP>&quot; at startup?</A>
+        argument</SAMP>&quot; at startup?</A>
    </LI>
    <LI><A HREF="#cookies1">Why does Apache send a cookie on every response?</A>
    </LI>
    <LI><A HREF="#cookies2">Why don't my cookies work, I even compiled in
-    <SAMP>mod_cookies</SAMP>?</A>
+        <SAMP>mod_cookies</SAMP>?</A>
    </LI>
    <LI><A HREF="#jdk1-and-http1.1">Why do my Java app[let]s give me plain text
-    when I request an URL from an Apache server?</A>
+        when I request an URL from an Apache server?</A>
    </LI>
    <LI><A HREF="#putsupport">Why can't I publish to my Apache server
-    using PUT on Netscape Gold and other programs?</A>
+        using PUT on Netscape Gold and other programs?</A>
    </LI>
    <LI><A HREF="#fastcgi">Why isn't FastCGI included with Apache any
-    more?</A>
+        more?</A>
    </LI>
    <LI><A HREF="#nodelay">Why am I getting &quot;<SAMP>httpd: could not
-    set socket option TCP_NODELAY</SAMP>&quot; in my error log?</A>
+        set socket option TCP_NODELAY</SAMP>&quot; in my error log?</A>
    </LI>
    <LI><A HREF="#peerreset">Why am I getting &quot;<SAMP>connection
-    reset by peer</SAMP>&quot; in my error log?</A>
+        reset by peer</SAMP>&quot; in my error log?</A>
    </LI>
    <LI><A HREF="#nph-scripts">How can I get my script's output without
-    Apache buffering it?  Why doesn't my server push work?</A>
+        Apache buffering it?  Why doesn't my server push work?</A>
    </LI>
    <LI><A HREF="#linuxiovec">Why do I get complaints about redefinition
-    of &quot;<CODE>struct iovec</CODE>&quot; when compiling under Linux?</A>
+        of &quot;<CODE>struct iovec</CODE>&quot; when compiling under Linux?</A>
    </LI>
    <LI><A HREF="#wheres-the-dump">The errorlog says Apache dumped core,
-    but where's the dump file?</A>
+        but where's the dump file?</A>
    </LI>
    <LI><A HREF="#dnsauth">Why isn't restricting access by host or domain name
-    working correctly?</A>
+        working correctly?</A>
    </LI>
    <LI><A HREF="#SSL-i">Why doesn't Apache include SSL?</A>
    </LI>
    <LI><A HREF="#HPUX-core">Why do I get core dumps under HPUX using
-    HP's ANSI C compiler?</A>
+        HP's ANSI C compiler?</A>
    </LI>
    <LI><A HREF="#midi">How do I get Apache to send a MIDI file so the
-    browser can play it?</A>
+        browser can play it?</A>
    </LI>
    <LI><A HREF="#cantbuild">Why won't Apache compile with my
-    system's <SAMP>cc</SAMP>?</A>
+        system's <SAMP>cc</SAMP>?</A>
    </LI>
-   <LI><A HREF="#addlog">How do I add browsers and referrers to my
-    logs?</A>
+   <LI><A HREF="#addlog">How do I add browsers and referrers to my logs?</A>
    </LI>
    <LI><A HREF="#bind8.1">Why do I get an error about an undefined
-    reference to &quot;<SAMP>__inet_ntoa</SAMP>&quot; or other
-    <SAMP>__inet_*</SAMP> symbols?</A>
+        reference to &quot;<SAMP>__inet_ntoa</SAMP>&quot; or other
+        <SAMP>__inet_*</SAMP> symbols?</A>
    </LI>
    <LI><A HREF="#set-servername">Why does accessing directories only work
-    when I include the trailing "/"
-    (<EM>e.g.</EM>,&nbsp;<SAMP>http://foo.domain.com/~user/</SAMP>) but
-    not when I omit it
-    (<EM>e.g.</EM>,&nbsp;<SAMP>http://foo.domain.com/~user</SAMP>)?</A>
+        when I include the trailing &quot;/&quot;
+        (<EM>e.g.</EM>,&nbsp;<SAMP>http://foo.domain.com/~user/</SAMP>) but
+        not when I omit it
+        (<EM>e.g.</EM>,&nbsp;<SAMP>http://foo.domain.com/~user</SAMP>)?</A>
    </LI>
    <LI><A HREF="#user-authentication">How do I set up Apache to require
-    a username and password to access certain documents?</A>
+        a username and password to access certain documents?</A>
    </LI>
    <LI><A HREF="#remote-user-var">Why is the environment variable
-   <SAMP>REMOTE_USER</SAMP> not set?</A>
+        <SAMP>REMOTE_USER</SAMP> not set?</A>
    </LI>
    <LI><A HREF="#remote-auth-only">How do I set up Apache to allow access
-    to certain documents only if a site is either a local site
-    <EM>or</EM> the user supplies a password and username?</A>
+        to certain documents only if a site is either a local site
+        <EM>or</EM> the user supplies a password and username?</A>
    </LI>
    <LI><A HREF="#no-info-directives">Why doesn't mod_info list any
-    directives?</A>
-   <LI><A HREF="#linux-shmget">When I run it under Linux I get "shmget:
-    function not found", what should I do?</A>
+        directives?</A>
+   </LI>
+   <LI><A HREF="#linux-shmget">When I run it under Linux I get &quot;shmget:
+        function not found&quot;, what should I do?</A>
    </LI>
    <LI><A HREF="#authauthoritative">Why does my authentication give
-    me a server error?</A>
+        me a server error?</A>
+   </LI>
    <LI><A HREF="#auth-on-same-machine">Do I have to keep the (mSQL)
-    authentication information on the same machine?</A>
+        authentication information on the same machine?</A>
    </LI>
    <LI><A HREF="#msql-slow">Why is my mSQL authentication terribly slow?</A>
    </LI>
    <LI><A HREF="#rewrite-more-config">Where can I find mod_rewrite rulesets
-    which already solve particular URL-related problems?</A>
+        which already solve particular URL-related problems?</A>
    </LI>
-   <LI><A HREF="#rewrite-article">Where can I find any published information about
-    URL-manipulations and mod_rewrite?</A>
+   <LI><A HREF="#rewrite-article">Where can I find any published information
+        about URL-manipulations and mod_rewrite?</A>
    </LI>
    <LI><A HREF="#rewrite-complexity">Why is mod_rewrite so difficult to learn
-    and seems so complicated?</A>
+        and seems so complicated?</A>
    </LI>
    <LI><A HREF="#rewrite-dontwork">What can I do if my RewriteRules don't work
-    as expected?</A>
+        as expected?</A>
    </LI>
    <LI><A HREF="#rewrite-prefixdocroot">Why don't some of my URLs get
-    prefixed with DocumentRoot when using mod_rewrite?</A>
+        prefixed with DocumentRoot when using mod_rewrite?</A>
    </LI>
    <LI><A HREF="#rewrite-nocase">How can I make all my URLs case-insensitive
-    with mod_rewrite?</A>
+        with mod_rewrite?</A>
    </LI>
    <LI><A HREF="#rewrite-virthost">Why are RewriteRules in my VirtualHost
-    parts ignored?</A>
+        parts ignored?</A>
    </LI>
    <LI><A HREF="#rewrite-envwhitespace">How can I use strings with whitespaces
-    in RewriteRule's ENV flag?</A>
+        in RewriteRule's ENV flag?</A>
    </LI>
    <LI><A HREF="#cgi-spec">Where can I find the &quot;CGI
-    specification&quot;?</A>
+        specification&quot;?</A>
    </LI>
    <LI><A HREF="#year2000">Is Apache Year 2000 compliant?</A>
    </LI>
-   <LI><A HREF="#namevhost">I upgraded to Apache 1.3b and now my
-    virtual hosts don't work!</A>
+   <LI><A HREF="#namevhost">I upgraded to Apache 1.3 and now my
+        virtual hosts don't work!</A>
    </LI>
    <LI><A HREF="#redhat">I'm using RedHat Linux and I have problems with httpd
-    dying randomly or not restarting properly</A>
-   </LI>
-   <li><a href="#stopping">I upgraded from an Apache version earlier
-    than 1.2.0 and suddenly I have problems with Apache dying randomly
-    or not restarting properly</a>
-   </li>
-   <li><a href="#redhat-htm">I'm using RedHat Linux and my .htm files are showing
-    up as html source rather than being formatted!</a>
-   </li>
-   <li><a href="#glibc-crypt">I'm using RedHat Linux 5.0, or some other glibc
-     based Linux system, and I get errors with the <code>crypt</code> function when
-     I attempt to build Apache 1.2.</a>
-    </li>
+        dying randomly or not restarting properly</A>
+   </LI>
+   <LI><A HREF="#stopping">I upgraded from an Apache version earlier
+        than 1.2.0 and suddenly I have problems with Apache dying randomly
+        or not restarting properly</A>
+   </LI>
+   <LI><A HREF="#redhat-htm">I'm using RedHat Linux and my .htm files are
+        showing up as HTML source rather than being formatted!</A>
+   </LI>
+   <LI><A HREF="#glibc-crypt">I'm using RedHat Linux 5.0, or some other
+        <SAMP>glibc</SAMP>-based Linux system, and I get errors with the
+        <CODE>crypt</CODE> function when I attempt to build Apache 1.2.</A>
+   </LI>
+   <LI><A HREF="#nfslocking">Server hangs, or fails to start, and/or error log
+        fills with &quot;<SAMP>fcntl: F_SETLKW: No record locks
+        available</SAMP>&quot; or similar messages</A>
+   </LI>
+   <LI><A HREF="#zoom">What's the best hardware/operating system/... How do
+        I get the most out of my Apache Web server?</A>
+   </LI>
+   <LI><A HREF="#regex">What are "regular expressions"?</A>
+   </LI>
+   <LI><A HREF="#broken-gcc">I'm using gcc and I get some compilation errors, 
+	what is wrong?</A>
+   </LI>
+   <LI><A HREF="#htaccess-work">My <CODE>.htaccess</CODE> files are being
+	ignored.</A>
+   </LI>
+   <LI><A HREF="#submit_patch">How do I submit a patch to the Apache Group?</A>
+   </LI>
+   <LI><A HREF="#aixccbug">Why am I getting "<SAMP>Expected &lt/Directory&gt;
+        but saw &lt;/Directory&gt;</SAMP>" when I try to start Apache?</A>
+   </LI>
+   <LI><A HREF="#domination">Why has Apache stolen my favourite site's
+        Internet address?</A>
+   </LI>
+   <LI><A HREF="#apspam">Why am I getting spam mail from the Apache site?</A>
+   </LI>
   </OL>
  </LI>
 </UL>
@@ -303,12 +335,11 @@
   Since it began, it has been completely rewritten, and includes many new
   features. Apache is, as of January 1997, the most popular WWW server on
   the Internet, according to the
-  <A
-   HREF="http://www.netcraft.com/Survey/"
-  >Netcraft Survey</A>.
+  <A HREF="http://www.netcraft.com/Survey/">Netcraft Survey</A>.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="why">
       <STRONG>Why was Apache created?</STRONG>
      </A>
@@ -320,6 +351,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="relate">
       <STRONG>How does The Apache Group's work relate to other
       server efforts, such as NCSA's?</STRONG>
@@ -332,6 +364,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="name">
       <STRONG>Why the name &quot;Apache&quot;?</STRONG>
       </A>
@@ -342,14 +375,13 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="compare">
       <STRONG>OK, so how does Apache compare to other servers?</STRONG>
      </A>
   <P>
   For an independent assessment, see
-  <A
-   HREF="http://webcompare.internet.com/chart.html"
-  >Web Compare</A>'s
+  <A HREF="http://webcompare.internet.com/chart.html">Web Compare</A>'s
   comparison chart.
   </P>
   <P>
@@ -364,31 +396,32 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="tested">
       <STRONG>How thoroughly tested is Apache?</STRONG>
      </A>
   <P>
-  Apache is run on over 500,000 Internet servers (as of July 1997). It has
+  Apache is run on over 1.2 million Internet servers (as of July 1998). It has
   been tested thoroughly by both developers and users. The Apache Group
   maintains rigorous standards before releasing new versions of their
-  server, and our server runs without a hitch on over one third of all
+  server, and our server runs without a hitch on over one half of all
   WWW servers available on the Internet.  When bugs do show up, we
   release patches and new versions as soon as they are available.
   </P>
   <P>
   The Apache project's web site includes a page with a partial list of
-  <A
-   HREF="http://www.apache.org/info/apache_users.html"
-  >sites running Apache</A>.
+  <A HREF="http://www.apache.org/info/apache_users.html">sites running
+  Apache</A>.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="future">
       <STRONG>What are the future plans for Apache?</STRONG>
      </A>
   <P>
   <UL>
-   <LI>to continue as a public domain HTTP server,
+   <LI>to continue to be an "open source" no-charge-for-use HTTP server,
    </LI>
    <LI>to keep up with advances in HTTP protocol and web developments in
     general,
@@ -399,9 +432,10 @@
     occasional users.
    </LI>
   </UL>
-  </P>
+  <P></P>
   <HR>
  </LI>
+
  <LI><A NAME="support">
       <STRONG>Whom do I contact for support?</STRONG>
      </A>
@@ -409,16 +443,15 @@
   There is no official support for Apache. None of the developers want to
   be swamped by a flood of trivial questions that can be resolved elsewhere.
   Bug reports and suggestions should be sent <EM>via</EM>
-  <A
-   HREF="http://www.apache.org/bug_report.html"
-  >the bug report page</A>.
+  <A HREF="http://www.apache.org/bug_report.html">the bug report page</A>.
   Other questions should be directed to the
-  <A
-   HREF="news:comp.infosystems.www.servers.unix"
-  ><SAMP>comp.infosystems.www.servers.unix</SAMP></A>
-  newsgroup, where some of the Apache team lurk,
-  in the company of many other httpd gurus who should be able
-  to help.
+  <A HREF="news:comp.infosystems.www.servers.unix"
+  >comp.infosystems.www.servers.unix</A> or <A HREF=
+  "news:comp.infosystems.www.servers.ms-windows"
+  >comp.infosystems.www.servers.ms-windows</A>
+  newsgroup (as appropriate for the platform you use), where some of the 
+  Apache team lurk, in the company of many other httpd gurus who 
+  should be able to help.
   </P>
   <P>
   Commercial support for Apache is, however, available from a number
@@ -426,44 +459,36 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="more">
       <STRONG>Is there any more information available on
       Apache?</STRONG>
      </A>
   <P>
   Indeed there is.  See the main
-  <A
-   HREF="http://www.apache.org/"
-  >Apache web site</A>.
+  <A HREF="http://www.apache.org/">Apache web site</A>.
   There is also a regular electronic publication called
-  <A
-   HREF="http://www.apacheweek.com/"
-   REL="Help"
-  ><CITE>Apache Week</CITE></A>
+  <A HREF="http://www.apacheweek.com/" REL="Help"><CITE>Apache Week</CITE></A>
   available.  Links to relevant <CITE>Apache Week</CITE> articles are
   included below where appropriate. There are also some 
-  <A
-   HREF="http://www.apache.org/info/apache_books.html"
+  <A HREF="http://www.apache.org/info/apache_books.html"
   >Apache-specific books</A> available.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="where">
       <STRONG>Where can I get Apache?</STRONG>
      </A>
   <P>
   You can find out how to download the source for Apache at the
   project's
-  <A
-   HREF="http://www.apache.org/"
-  >main web page</A>.
+  <A HREF="http://www.apache.org/">main web page</A>.
   </P>
   <HR>
  </LI>
 </OL>
-  <H3>
-   Technical Questions
-  </H3>
+  <H3>Technical Questions</H3>
 <OL START=11>
  <LI><A NAME="what2do">
       <STRONG>&quot;Why can't I ...?  Why won't ... work?&quot;  What to
@@ -482,16 +507,12 @@
     &amp; fix the problem yourself (such as file permissions or the like).
     The default location of the error log is
     <SAMP>/usr/local/apache/logs/error_log</SAMP>, but see the
-    <A
-     HREF="../mod/core.html#errorlog"
-    ><SAMP>ErrorLog</SAMP></A>
+    <A HREF="../mod/core.html#errorlog"><SAMP>ErrorLog</SAMP></A>
     directive in your config files for the location on your server.
     </P>
    </LI>
    <LI><STRONG>Check the
-    <A
-     HREF="http://www.apache.org/docs/misc/FAQ.html"
-    >FAQ</A>!</STRONG>
+    <A HREF="http://www.apache.org/docs/misc/FAQ.html">FAQ</A>!</STRONG>
     <P>
     The latest version of the Apache Frequently-Asked Questions list can
     always be found at the main Apache web site.
@@ -501,9 +522,7 @@
     <P>
     Most problems that get reported to The Apache Group are recorded in
     the
-    <A
-     HREF="http://bugs.apache.org/"
-    >bug database</A>.
+    <A HREF="http://bugs.apache.org/">bug database</A>.
     <EM><STRONG>Please</STRONG> check the existing reports, open
     <STRONG>and</STRONG> closed, before adding one.</EM>  If you find
     that your issue has already been reported, please <EM>don't</EM> add
@@ -519,8 +538,7 @@
     <P>
     A lot of common problems never make it to the bug database because
     there's already high Q&amp;A traffic about them in the
-    <A
-     HREF="news:comp.infosystems.www.servers.unix"
+    <A HREF="news:comp.infosystems.www.servers.unix"
     ><SAMP>comp.infosystems.www.servers.unix</SAMP></A>
     newsgroup.  Many Apache users, and some of the developers, can be
     found roaming its virtual halls, so it is suggested that you seek
@@ -535,9 +553,7 @@
     If you've gone through those steps above that are appropriate and
     have obtained no relief, then please <EM>do</EM> let The Apache
     Group know about the problem by
-    <A
-     HREF="http://www.apache.org/bug_report.html"
-    >logging a bug report</A>.
+    <A HREF="http://www.apache.org/bug_report.html">logging a bug report</A>.
     </P>
     <P>
     If your problem involves the server crashing and generating a core
@@ -550,7 +566,7 @@
       (dbx) where</CODE>
      </DD>
     </DL>
-    </P>
+    <P></P>
     <P>
     (Substitute the appropriate locations for your
     <SAMP>ServerRoot</SAMP> and your <SAMP>httpd</SAMP> and
@@ -561,6 +577,7 @@
   </OL>
   <HR>
  </LI>
+
  <LI><A NAME="compatible">
       <STRONG>How compatible is Apache with my existing NCSA 1.3
       setup?</STRONG>
@@ -583,15 +600,14 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="CGIoutsideScriptAlias">
       <STRONG>How do I enable CGI execution in directories other than
       the ScriptAlias?</STRONG>
      </A>
   <P>
   Apache recognizes all files in a directory named as a
-  <A
-   HREF="../mod/mod_alias.html#scriptalias"
-  ><SAMP>ScriptAlias</SAMP></A>
+  <A HREF="../mod/mod_alias.html#scriptalias"><SAMP>ScriptAlias</SAMP></A>
   as being eligible for execution rather than processing as normal
   documents.  This applies regardless of the file name, so scripts in a
   ScriptAlias directory don't need to be named
@@ -604,9 +620,7 @@
   directories where normal documents may also live, you must tell it how
   to recognize them - and also that it's okay to execute them.  For
   this, you need to use something like the
-  <A
-   HREF="../mod/mod_mime.html#addhandler"
-  ><SAMP>AddHandler</SAMP></A>
+  <A HREF="../mod/mod_mime.html#addhandler"><SAMP>AddHandler</SAMP></A>
   directive.
   </P>
   <P>
@@ -618,7 +632,7 @@
      <DD><CODE>AddHandler cgi-script .cgi</CODE>
      </DD>
     </DL>
-    </P>
+    <P></P>
     <P>
     The server will then recognize that all files in that location (and
     its logical descendants) that end in &quot;<SAMP>.cgi</SAMP>&quot;
@@ -626,28 +640,23 @@
     </P>
    </LI>
    <LI>Make sure that the directory location is covered by an
-    <A
-     HREF="../mod/core.html#options"
-    ><SAMP>Options</SAMP></A>
+    <A HREF="../mod/core.html#options"><SAMP>Options</SAMP></A>
     declaration that includes the <SAMP>ExecCGI</SAMP> option.
    </LI>
   </OL>
-  </P>
+  <P></P>
   <P>
-  In some situations it can be not conform to your local policy to actually
+  In some situations, you might not want to actually
   allow all files named &quot;<SAMP>*.cgi</SAMP>&quot; to be executable.
   Perhaps all you want is to enable a particular file in a normal directory to
   be executable. This can be alternatively accomplished 
-  <EM>via</EM>
-  <A
-   HREF="../mod/mod_rewrite.html"
-  ><SAMP>mod_rewrite</SAMP></A> 
+  <EM>via</EM> <A HREF="../mod/mod_rewrite.html"><SAMP>mod_rewrite</SAMP></A> 
   and the following steps:
   </P>
   <P>
   <OL>
    <LI>Locally add to the corresponding <SAMP>.htaccess</SAMP> file a ruleset
-       similar to this one:
+    similar to this one:
     <P>
     <DL>
      <DD><CODE>RewriteEngine on
@@ -657,19 +666,18 @@
       RewriteRule   ^quux\.cgi$  -  [T=application/x-httpd-cgi]</CODE>
      </DD>
     </DL>
-    </P>
+    <P></P>
    </LI>
    <LI>Make sure that the directory location is covered by an
-    <A
-     HREF="../mod/core.html#options"
-    ><SAMP>Options</SAMP></A>
-        declaration that includes the <SAMP>ExecCGI</SAMP> and
-        <SAMP>FollowSymLinks</SAMP> option.
+    <A HREF="../mod/core.html#options"><SAMP>Options</SAMP></A>
+    declaration that includes the <SAMP>ExecCGI</SAMP> and
+    <SAMP>FollowSymLinks</SAMP> option.
    </LI>
   </OL>
-  </P>
+  <P></P>
   <HR>
  </LI>
+
  <LI><A NAME="premature-script-headers">
       <STRONG>What does it mean when my CGIs fail with
       &quot;<SAMP>Premature end of script headers</SAMP>&quot;?</STRONG>
@@ -709,7 +717,7 @@
     }</CODE>
    </DD>
   </DL>
-  </P>
+  <P></P>
   <P>
   This is generally only necessary when you are calling external
   programs from your script that send output to stdout, or if there will
@@ -726,6 +734,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="ssi-part-i">
       <STRONG>How do I enable SSI (parsed HTML)?</STRONG>
      </A>
@@ -744,57 +753,48 @@
   resource-consumptive, and is not enabled by default.  It can also
   interfere with the cachability of your documents, which can put a
   further load on your server.  (see the
-  <A
-   HREF="#ssi-part-ii"
-  >next question</A>
-  for more information about this.)
+  <A HREF="#ssi-part-ii">next question</A> for more information about this.)
   </P>
   <P>
   To enable SSI processing, you need to
   </P>
   <UL>
    <LI>Build your server with the
-    <A
-     HREF="../mod/mod_include.html"
-    ><SAMP>mod_include</SAMP></A>
+    <A HREF="../mod/mod_include.html"><SAMP>mod_include</SAMP></A>
     module.  This is normally compiled in by default.
    </LI>
    <LI>Make sure your server configuration files have an
-    <A
-     HREF="../mod/core.html#options"
-    ><SAMP>Options</SAMP></A>
+    <A HREF="../mod/core.html#options"><SAMP>Options</SAMP></A>
     directive which permits <SAMP>Includes</SAMP>.
    </LI>
    <LI>Make sure that the directory where you want the SSI documents to
     live is covered by the &quot;server-parsed&quot; content handler,
     either explicitly or in some ancestral location.  That can be done
     with the following
-    <A
-     HREF="../mod/mod_mime.html#addhandler"
-    ><SAMP>AddHandler</SAMP></A>
+    <A HREF="../mod/mod_mime.html#addhandler"><SAMP>AddHandler</SAMP></A>
     directive:
     <P>
     <DL>
      <DD><CODE>AddHandler server-parsed .shtml</CODE>
      </DD>
     </DL>
-    </P>
+    <P></P>
+    <P>
     This indicates that all files ending in &quot;.shtml&quot; in that
     location (or its descendants) should be parsed.  Note that using
     &quot;.html&quot; will cause all normal HTML files to be parsed,
     which may put an inordinate load on your server.
+    </P>
    </LI>
   </UL>
   <P>
-  For additional information, see the <CITE>Apache Week</CITE> article
-  on
-  <A
-   HREF="http://www.apacheweek.com/features/ssi"
-   REL="Help"
+  For additional information, see the <CITE>Apache Week</CITE> article on
+  <A HREF="http://www.apacheweek.com/features/ssi" REL="Help"
   ><CITE>Using Server Side Includes</CITE></A>.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="ssi-part-ii">
       <STRONG>Why don't my parsed files get cached?</STRONG>
      </A>
@@ -814,14 +814,9 @@
   <P>
   You can work around this in some cases by causing an
   <SAMP>Expires</SAMP> header to be generated.  (See the
-  <A
-   HREF="../mod/mod_expires.html"
-   REL="Help"
-  ><SAMP>mod_expires</SAMP></A>
+  <A HREF="../mod/mod_expires.html" REL="Help"><SAMP>mod_expires</SAMP></A>
   documentation for more details.)  Another possibility is to use the
-  <A
-   HREF="../mod/mod_include.html#xbithack"
-   REL="Help"
+  <A HREF="../mod/mod_include.html#xbithack" REL="Help"
   ><SAMP>XBitHack Full</SAMP></A>
   mechanism, which tells Apache to send (under certain circumstances
   detailed in the XBitHack directive description) a
@@ -833,6 +828,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="ssi-part-iii">
       <STRONG>How can I have my script output parsed?</STRONG>
      </A>
@@ -851,19 +847,30 @@
   </P>
   <HR>
  </LI>
+
+ <LI><A NAME="ssi-part-iv">
+      <STRONG>SSIs don't work for VirtualHosts and/or 
+        user home directories.</STRONG>
+     </A>
+  <P>
+  This is almost always due to having some setting in your config file that
+  sets "Options Includes" or some other setting for your DocumentRoot
+  but not for other directories.  If you set it inside a Directory
+  section, then that setting will only apply to that directory.  
+  </P>
+ </LI>
+
  <LI><A NAME="proxy">
       <STRONG>Does or will Apache act as a Proxy server?</STRONG>
      </A>
   <P>
   Apache version 1.1 and above comes with a
-  <A
-   HREF="../mod/mod_proxy.html"
-  >proxy module</A>.
-  If compiled
-  in, this will make Apache act as a caching-proxy server.
+  <A HREF="../mod/mod_proxy.html">proxy module</A>.
+  If compiled in, this will make Apache act as a caching-proxy server.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="multiviews">
       <STRONG>What are &quot;multiviews&quot;?</STRONG>
      </A>
@@ -871,19 +878,15 @@
   &quot;Multiviews&quot; is the general name given to the Apache
   server's ability to provide language-specific document variants in
   response to a request.  This is documented quite thoroughly in the
-  <A
-   HREF="../content-negotiation.html"
-   REL="Help"
-  >content negotiation</A>
+  <A HREF="../content-negotiation.html" REL="Help">content negotiation</A>
   description page.  In addition, <CITE>Apache Week</CITE> carried an
   article on this subject entitled
-  &quot;<A
-         HREF="http://www.apacheweek.com/features/negotiation"
-         REL="Help"
+  &quot;<A HREF="http://www.apacheweek.com/features/negotiation" REL="Help"
         ><CITE>Content Negotiation Explained</CITE></A>&quot;.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="fdlim">
       <STRONG>Why can't I run more than &lt;<EM>n</EM>&gt;
       virtual hosts?</STRONG>
@@ -902,9 +905,7 @@
   Each log file requires a file descriptor, which means that if you are
   using separate access and error logs for each virtual host, each
   virtual host needs two file descriptors.  Each
-  <A
-   HREF="../mod/core.html#listen"
-  ><SAMP>Listen</SAMP></A>
+  <A HREF="../mod/core.html#listen"><SAMP>Listen</SAMP></A>
   directive also needs a file descriptor.
   </P>
   <P>
@@ -921,39 +922,43 @@
   </P>
   <OL>
    <LI>Reduce the number of
-       <A
-        HREF="../mod/core.html#listen"
-       ><SAMP>Listen</SAMP></A>
-       directives.  If there are no other servers running on the machine
-       on the same port then you normally don't
-       need any Listen directives at all.  By default Apache listens to
-       all addresses on port 80.
+    <A HREF="../mod/core.html#listen"><SAMP>Listen</SAMP></A>
+    directives.  If there are no other servers running on the machine
+    on the same port then you normally don't
+    need any Listen directives at all.  By default Apache listens to
+    all addresses on port 80.
    </LI>
    <LI>Reduce the number of log files.  You can use
-       <A
-        HREF="../mod/mod_log_config.html"
-       ><SAMP>mod_log_config</SAMP></A>
-       to log all requests to a single log file while including the name
-       of the virtual host in the log file.  You can then write a
-       script to split the logfile into separate files later if
-       necessary.
+    <A HREF="../mod/mod_log_config.html"><SAMP>mod_log_config</SAMP></A>
+    to log all requests to a single log file while including the name
+    of the virtual host in the log file.  You can then write a
+    script to split the logfile into separate files later if
+    necessary.  Such a script is provided with the Apache 1.3 distribution
+    in the <SAMP>src/support/split-logfile</SAMP> file.
    </LI>
    <LI>Increase the number of file descriptors available to the server
-       (see your system's documentation on the <CODE>limit</CODE> or
-       <CODE>ulimit</CODE> commands).  For some systems, information on
-       how to do this is available in the
-       <A
-        HREF="perf.html"
-       >performance hints</A>
-       page.  There is a specific note for
-       <A HREF="#freebsd-setsize">FreeBSD</A> below.
+    (see your system's documentation on the <CODE>limit</CODE> or
+    <CODE>ulimit</CODE> commands).  For some systems, information on
+    how to do this is available in the
+    <A HREF="perf.html">performance hints</A> page.  There is a specific
+    note for <A HREF="#freebsd-setsize">FreeBSD</A> below.
+    <P>
+    For Windows 95, try modifying your <SAMP>C:\CONFIG.SYS</SAMP> file to
+    include a line like
+    </P>
+    <DL>
+     <DD><CODE>FILES=300</CODE>
+     </DD>
+    </DL>
+    <P>
+    Remember that you'll need to reboot your Windows 95 system in order
+    for the new value to take effect.
+    </P>
    </LI>
    <LI>&quot;Don't do that&quot; - try to run with fewer virtual hosts
    </LI>
    <LI>Spread your operation across multiple server processes (using
-    <A
-     HREF="../mod/core.html#listen"
-    ><SAMP>Listen</SAMP></A>
+    <A HREF="../mod/core.html#listen"><SAMP>Listen</SAMP></A>
     for example, but see the first point) and/or ports.
    </LI>
   </OL>
@@ -977,9 +982,10 @@
   defaults to 256.  This means that you will have trouble usefully using
   more than 256 file descriptors in Apache.  This can be increased, but
   doing so can be tricky.
-
+  </P>
+  <P>
   If you are using a version prior to 2.2, you need to recompile your
-  kernel with a larger FD_SETSIZE.  This can be done by adding a 
+  kernel with a larger <SAMP>FD_SETSIZE</SAMP>.  This can be done by adding a 
   line such as:
   </P>
   <DL>
@@ -987,18 +993,19 @@
    </DD>
   </DL>
   <P>
-  To your kernel config file.  Starting at version 2.2, this is no
+  to your kernel config file.  Starting at version 2.2, this is no
   longer necessary.
   </P>
   <P>
   If you are using a version of 2.1-stable from after 1997/03/10 or
   2.2 or 3.0-current from before 1997/06/28, there is a limit in
   the resolver library that prevents it from using more file descriptors
-  than what FD_SETSIZE is set to when libc is compiled.  To increase
-  this, you have to recompile libc with a higher FD_SETSIZE.
+  than what <SAMP>FD_SETSIZE</SAMP> is set to when libc is compiled.  To
+  increase this, you have to recompile libc with a higher
+  <SAMP>FD_SETSIZE</SAMP>.
   </P>
   <P>
-  In FreeBSD 3.0, the default FD_SETSIZE has been increased to
+  In FreeBSD 3.0, the default <SAMP>FD_SETSIZE</SAMP> has been increased to
   1024 and the above limitation in the resolver library
   has been removed.
   </P>
@@ -1012,34 +1019,21 @@
   <HR>
  </LI>
 
- <LI><A NAME="limitGET">
-      <STRONG>Why do I keep getting &quot;access denied&quot; for form POST
-      requests?</STRONG>
+ <LI><A NAME="POSTnotallowed">
+      <STRONG>Why do I keep getting &quot;Method Not Allowed&quot; for 
+      form POST requests?</STRONG>
      </A>
   <P>
-  The most common cause of this is a <SAMP>&lt;Limit&gt;</SAMP> section
-  that only names the <SAMP>GET</SAMP> method.  Look in your
-  configuration files for something that resembles the following and
-  would affect the location where the POST-handling script resides:
-  </P>
-  <P>
-  <DL>
-   <DD><CODE>&lt;Limit GET&gt;
-    <BR>&nbsp;&nbsp;&nbsp;&nbsp;:</CODE>
-   </DD>
-  </DL>
-  </P>
-  <P>
-  Change that to <CODE>&lt;Limit&nbsp;GET&nbsp;POST&gt;</CODE> and the problem
-  will probably go away.  Better yet, remove the
-  <CODE>&lt;Limit&gt;</CODE> and <CODE>&lt;/Limit&gt;</CODE> lines
-  altogether unless you're <EM>specifically</EM> trying to limit by
-  method (<SAMP>GET</SAMP>, <SAMP>PUT</SAMP>, <EM>et cetera</EM>).  If
-  you don't have a <CODE>&lt;Limit&gt;</CODE> container, the
-  restrictions apply equally to <EM>all</EM> methods.
+  This is almost always due to Apache not being configured to treat the
+  file you are trying to POST to as a CGI script.  You can not POST 
+  to a normal HTML file; the operation has no meaning.  See the FAQ 
+  entry on <A HREF="#CGIoutsideScriptAlias">CGIs outside ScriptAliased
+  directories</A> for details on how to configure Apache to treat the
+  file in question as a CGI.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="passwdauth">
       <STRONG>Can I use my <SAMP>/etc/passwd</SAMP> file
       for Web page authentication?</STRONG>
@@ -1094,6 +1088,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="errordoc401">
       <STRONG>Why doesn't my <CODE>ErrorDocument 401</CODE> work?</STRONG>
      </A>
@@ -1101,16 +1096,15 @@
   You need to use it with a URL in the form
   &quot;<SAMP>/foo/bar</SAMP>&quot; and not one with a method and
   hostname such as &quot;<SAMP>http://host/foo/bar</SAMP>&quot;.  See the
-  <A
-   HREF="../mod/core.html#errordocument"
-  ><SAMP>ErrorDocument</SAMP></A>
+  <A HREF="../mod/core.html#errordocument"><SAMP>ErrorDocument</SAMP></A>
   documentation for details.  This was incorrectly documented in the past.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="errordocssi">
       <STRONG>How can I use <CODE>ErrorDocument</CODE>
-   and SSI to simplify customized error messages?</STRONG>
+      and SSI to simplify customized error messages?</STRONG>
      </A>
   <P>
   Have a look at <A HREF="custom_errordocs.html">this document</A>.
@@ -1121,48 +1115,40 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="setgid">
       <STRONG>Why do I get &quot;<SAMP>setgid: Invalid
       argument</SAMP>&quot; at startup?</STRONG>
      </A>
   <P>
   Your
-  <A
-   HREF="../mod/core.html#group"
-  ><SAMP>Group</SAMP></A>
+  <A HREF="../mod/core.html#group"><SAMP>Group</SAMP></A>
   directive (probably in <SAMP>conf/httpd.conf</SAMP>) needs to name a
   group that actually exists in the <SAMP>/etc/group</SAMP> file (or
   your system's equivalent).
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="cookies1">
       <STRONG>Why does Apache send a cookie on every response?</STRONG>
      </A>
   <P>
   Apache does <EM>not</EM> send automatically send a cookie on every
   response, unless you have re-compiled it with the
-  <A
-   HREF="../mod/mod_cookies.html"
-  ><SAMP>mod_cookies</SAMP></A>
-  module.
-  This module was distributed with Apache prior to 1.2.
-  This module may help track users, and uses cookies to do this. If
-  you are not using the data generated by <SAMP>mod_cookies</SAMP>, do
-  not compile it into Apache. Note that in 1.2 this module was renamed
-  to the more correct name
-  <A
-   HREF="../mod/mod_usertrack.html"
-  ><SAMP>mod_usertrack</SAMP></A>,
-  and cookies
-  have to be specifically enabled with the
-  <A
-    HREF="../mod/mod_usertrack.html#cookietracking"
+  <A HREF="../mod/mod_usertrack.html"><SAMP>mod_usertrack</SAMP></A>
+  module, and specifically enabled it with the
+  <A HREF="../mod/mod_usertrack.html#cookietracking"
   ><SAMP>CookieTracking</SAMP></A>
   directive.
+  This module has been in Apache since version 1.2.
+  This module may help track users, and uses cookies to do this. If
+  you are not using the data generated by <SAMP>mod_usertrack</SAMP>, do
+  not compile it into Apache. 
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="cookies2">
       <STRONG>Why don't my cookies work, I even compiled in
       <SAMP>mod_cookies</SAMP>?
@@ -1171,9 +1157,7 @@
   <P>
   Firstly, you do <EM>not</EM> need to compile in
   <SAMP>mod_cookies</SAMP> in order for your scripts to work (see the
-  <A
-   HREF="#cookies1"
-  >previous question</A>
+  <A HREF="#cookies1">previous question</A>
   for more about <SAMP>mod_cookies</SAMP>). Apache passes on your
   <SAMP>Set-Cookie</SAMP> header fine, with or without this module. If
   cookies do not work it will be because your script does not work
@@ -1182,6 +1166,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="jdk1-and-http1.1">
       <STRONG>Why do my Java app[let]s give me plain text when I request
       an URL from an Apache server?</STRONG>
@@ -1224,16 +1209,16 @@
     BrowserMatch JDK/1.0 force-response-1.0</CODE>
    </DD>
   </DL>
-  </P>
+  <P></P>
   <P>
   More information about this issue can be found in the
-  <A
-   HREF="http://www.apache.org/info/jdk-102.html"
+  <A HREF="http://www.apache.org/info/jdk-102.html"
   ><CITE>Java and HTTP/1.1</CITE></A>
   page at the Apache web site.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="putsupport">
       <STRONG>Why can't I publish to my Apache server using PUT on
       Netscape Gold and other programs?</STRONG>
@@ -1244,12 +1229,12 @@
   There are several available, but they may have security problems.
   Using FTP uploads may be easier and more secure, at least for now.
   For more information, see the <CITE>Apache Week</CITE> article
-  <A
-   HREF="http://www.apacheweek.com/features/put"
+  <A HREF="http://www.apacheweek.com/features/put"
   ><CITE>Publishing Pages with PUT</CITE></A>.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="fastcgi">
       <STRONG>Why isn't FastCGI included with Apache any more?</STRONG>
      </A>
@@ -1257,8 +1242,7 @@
   The simple answer is that it was becoming too difficult to keep the
   version being included with Apache synchronized with the master copy
   at the
-  <A
-   HREF="http://www.fastcgi.com/servers/apache/"
+  <A HREF="http://www.fastcgi.com/servers/apache/"
   >FastCGI web site</A>.  When a new version of Apache was released, the
   version of the FastCGI module included with it would soon be out of date.
   </P>
@@ -1268,6 +1252,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="nodelay">
       <STRONG>Why am I getting &quot;<SAMP>httpd: could not set socket
       option TCP_NODELAY</SAMP>&quot; in my error log?</STRONG>
@@ -1280,6 +1265,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="peerreset">
       <STRONG>Why am I getting &quot;<SAMP>connection reset by
       peer</SAMP>&quot; in my error log?</STRONG>
@@ -1294,68 +1280,27 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="nph-scripts">
       <STRONG>How can I get my script's output without Apache buffering
       it?  Why doesn't my server push work?</STRONG>
      </A>
   <P>
-  In order to improve network performance, Apache buffers script output
-  into relatively large chunks.  If you have a script that sends
-  information in bursts (eg. as partial-done messages in a multi-commit
-  database transaction or any type of server push), the client will 
-  not necessarily get the output as the script is generating it.
-  </P>
-  <P>
-  To avoid this, Apache recognizes scripts whose names begin with
-  &quot;<SAMP>nph-</SAMP>&quot; as <EM>non-parsed-header</EM> scripts.
-  That is, Apache won't buffer their output, but connect it directly to
-  the socket going back to the client.
-  </P>
-  <P>
-  While this will probably do what you want, there <EM>are</EM> some
-  disadvantages to it:
-  </P>
-  <UL>
-   <LI><STRONG>YOU</STRONG> (the script) are responsible for generating
-     <STRONG>ALL</STRONG> of the HTTP headers, and no longer
-     <EM>just</EM> the &quot;<SAMP>Content-type</SAMP>&quot; or
-     &quot;<SAMP>Location</SAMP>&quot; headers
-   </LI>
-   <LI>Unless your script generates its output carefully, you will see a
-    performance penalty as excessive numbers of packets go back and forth
-   </LI>
-  </UL>
-  <P>
-  As an example how you might handle the former (in a Perl script):
+  As of Apache 1.3, CGI scripts are essentially not buffered.  Every time
+  your script does a "flush" to output data, that data gets relayed on to
+  the client.  Some scripting languages, for example Perl, have their own
+  buffering for output - this can be disabled by setting the <CODE>$|</CODE>
+  special variable to 1.  Of course this does increase the overall number
+  of packets being transmitted, which can result in a sense of slowness for 
+  the end user.
   </P>
-  <P>
-  <DL>
-   <DD><CODE>if ($0 =~ m:^(.*/)*nph-[^/]*$:) {
-    <BR>
-    &nbsp;&nbsp;&nbsp;&nbsp;
-    $HTTP_headers&nbsp;=&nbsp;
-    &quot;HTTP/1.1&nbsp;200&nbsp;OK\015\012&quot;;
-    <BR>
-    &nbsp;&nbsp;&nbsp;&nbsp;
-    $HTTP_headers&nbsp;.=&nbsp;
-    &quot;Connection:&nbsp;close\015\012&quot;;
-    <BR>
-    &nbsp;&nbsp;&nbsp;&nbsp;
-    print&nbsp;$HTTP_headers;
-    <BR>
-    }</CODE>
-   </DD>
-  </DL>
-  </P>
-  <P>
-  and then follow with your normal non-<SAMP>nph</SAMP> headers.
-  </P>
-  <P>Note that in version 1.3, all CGI scripts will be unbuffered
-  so the only difference between nph scripts and normal scripts is
+  <P>Prior to 1.3, you needed to use "nph-" scripts to accomplish non-buffering.
+  Today, the only difference between nph scripts and normal scripts is
   that nph scripts require the full HTTP headers to be sent.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="linuxiovec">
       <STRONG>Why do I get complaints about redefinition
       of &quot;<CODE>struct iovec</CODE>&quot; when
@@ -1377,9 +1322,10 @@
     This hurts performance and should only be used as a last resort.
    </LI>
   </UL>
-  </P>
+  <P></P>
   <HR>
  </LI>
+
  <LI><A NAME="wheres-the-dump">
       <STRONG>The errorlog says Apache dumped core, but where's the dump
       file?</STRONG>
@@ -1406,8 +1352,7 @@
   <A HREF="../mod/core.html#serverroot">ServerRoot</A>
   directory. As of Apache version 1.3, the location can be set <EM>via</EM>
   the
-  <A
-   HREF="../mod/core.html#coredumpdirectory"
+  <A HREF="../mod/core.html#coredumpdirectory"
   ><SAMP>CoreDumpDirectory</SAMP></A>
   directive to a different directory. Make sure that this directory is
   writable by the user the server runs as (as opposed to the user the server
@@ -1415,6 +1360,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="dnsauth">
       <STRONG>Why isn't restricting access by host or domain name
       working correctly?</STRONG>
@@ -1449,7 +1395,7 @@
      <DD><CODE>EXTRA_CFLAGS=-DMAXIMUM_DNS</CODE>
      </DD>
     </DL>
-    </P>
+    <P></P>
     <P>
     This will cause Apache to be very paranoid about making sure a
     particular host address is <EM>really</EM> assigned to the name it
@@ -1461,6 +1407,7 @@
   </OL>
   <HR>
  </LI>
+
  <LI><A NAME="SSL-i">
       <STRONG>Why doesn't Apache include SSL?</STRONG>
      </A>
@@ -1476,24 +1423,22 @@
   </P>
   <P>
   Some SSL implementations of Apache are available, however; see the
-  &quot;<A
-         HREF="http://www.apache.org/related_projects.html"
+  &quot;<A HREF="http://www.apache.org/related_projects.html"
         >related projects</A>&quot;
   page at the main Apache web site.
   </P>
   <P>
   You can find out more about this topic in the <CITE>Apache Week</CITE>
   article about
-  <A
-   HREF="http://www.apacheweek.com/features/ssl"
-   REL="Help"
+  <A HREF="http://www.apacheweek.com/features/ssl" REL="Help"
   ><CITE>Apache and Secure Transactions</CITE></A>.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="HPUX-core">
        <STRONG>Why do I get core dumps under HPUX using HP's ANSI
-               C compiler?</STRONG>
+       C compiler?</STRONG>
       </A>
   <P>
   We have had numerous reports of Apache dumping core when compiled
@@ -1502,6 +1447,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="midi">
       <STRONG>How do I get Apache to send a MIDI file so the browser can
       play it?</STRONG>
@@ -1527,7 +1473,7 @@
      <DD><CODE>AddType audio/x-midi .mid .midi .kar</CODE>
      </DD>
     </DL>
-    </P>
+    <P></P>
     <P>
     Note that this may break browsers that <EM>do</EM> recognize the
     <SAMP>audio/midi</SAMP> MIME type unless they're prepared to also
@@ -1537,9 +1483,10 @@
   </OL>
   <HR>
  </LI>
+
  <LI><A NAME="cantbuild">
-       <STRONG>Why won't Apache compile with my system's
-       <SAMP>cc</SAMP>?</STRONG>
+      <STRONG>Why won't Apache compile with my system's
+      <SAMP>cc</SAMP>?</STRONG>
      </A>
   <P>
   If the server won't compile on your system, it is probably due to one
@@ -1583,27 +1530,22 @@
   platforms there are.  If you have verified that none of the above
   issues is the cause of your problem, and it hasn't been reported
   before, please submit a
-  <A
-   HREF="http://www.apache.org/bug_report.html"
-  >problem report</A>.
+  <A HREF="http://www.apache.org/bug_report.html">problem report</A>.
   Be sure to include <EM>complete</EM> details, such as the compiler
   &amp; OS versions and exact error messages.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="addlog">
       <STRONG>How do I add browsers and referrers to my logs?</STRONG>
      </A>
   <P>
   Apache provides a couple of different ways of doing this.  The
   recommended method is to compile the
-  <A
-   HREF="../mod/mod_log_config.html"
-  ><SAMP>mod_log_config</SAMP></A>
+  <A HREF="../mod/mod_log_config.html"><SAMP>mod_log_config</SAMP></A>
   module into your configuration and use the
-  <A
-   HREF="../mod/mod_log_config.html#customlog"
-  ><SAMP>CustomLog</SAMP></A>
+  <A HREF="../mod/mod_log_config.html#customlog"><SAMP>CustomLog</SAMP></A>
   directive.
   </P>
   <P>
@@ -1625,14 +1567,13 @@
   <P>
   You may want to check out the <CITE>Apache Week</CITE> article
   entitled:
-  &quot;<A
-         HREF="http://www.apacheweek.com/features/logfiles"
-         REL="Help"
+  &quot;<A HREF="http://www.apacheweek.com/features/logfiles" REL="Help"
         ><CITE>Gathering Visitor Information: Customising Your
          Logfiles</CITE></A>&quot;.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="bind8.1">
       <STRONG>Why do I get an error about an undefined reference to
       &quot;<SAMP>__inet_ntoa</SAMP>&quot; or other
@@ -1673,18 +1614,19 @@
     EXTRA_LIBS=-lbind</CODE>
    </DD>
   </DL>
-  </P>
+  <P></P>
   <HR>
  </LI>
+
  <LI><A NAME="set-servername">
       <STRONG>Why does accessing directories only work when I include
-      the trailing "/"
+      the trailing &quot;/&quot;
       (<EM>e.g.</EM>,&nbsp;<SAMP>http://foo.domain.com/~user/</SAMP>)
       but not when I omit it
       (<EM>e.g.</EM>,&nbsp;<SAMP>http://foo.domain.com/~user</SAMP>)?</STRONG>
      </A>
   <P>
-  When you access a directory without a trailing "/", Apache needs
+  When you access a directory without a trailing &quot;/&quot;, Apache needs
   to send what is called a redirect to the client to tell it to
   add the trailing slash.  If it did not do so, relative URLs would
   not work properly.  When it sends the redirect, it needs to know
@@ -1700,6 +1642,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="user-authentication">
       <STRONG>How do I set up Apache to require a username and
       password to access certain documents?</STRONG>
@@ -1712,39 +1655,32 @@
   </P>
   <P>
   For an explanation on how to implement these restrictions, see
-  <A
-   HREF="http://www.apacheweek.com/"
-  ><CITE>Apache Week</CITE></A>'s
+  <A HREF="http://www.apacheweek.com/"><CITE>Apache Week</CITE></A>'s
   articles on
-  <A
-   HREF="http://www.apacheweek.com/features/userauth"
+  <A HREF="http://www.apacheweek.com/features/userauth"
   ><CITE>Using User Authentication</CITE></A>
   or
-  <A
-   HREF="http://www.apacheweek.com/features/dbmauth"
+  <A HREF="http://www.apacheweek.com/features/dbmauth"
   ><CITE>DBM User Authentication</CITE></A>.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="remote-user-var">
-         <STRONG>Why is the environment variable 
-         <SAMP>REMOTE_USER</SAMP> not set?</STRONG>
-         </A>
+      <STRONG>Why is the environment variable 
+      <SAMP>REMOTE_USER</SAMP> not set?</STRONG>
+     </A>
   <P>
   This variable is set and thus available in SSI or CGI scripts <STRONG>if and
   only if</STRONG> the requested document was protected by access
   authentication.  For an explanation on how to implement these restrictions,
   see
-  <A
-   HREF="http://www.apacheweek.com/"
-  ><CITE>Apache Week</CITE></A>'s
+  <A HREF="http://www.apacheweek.com/"><CITE>Apache Week</CITE></A>'s
   articles on
-  <A
-   HREF="http://www.apacheweek.com/features/userauth"
+  <A HREF="http://www.apacheweek.com/features/userauth"
   ><CITE>Using User Authentication</CITE></A>
   or
-  <A
-   HREF="http://www.apacheweek.com/features/dbmauth"
+  <A HREF="http://www.apacheweek.com/features/dbmauth"
   ><CITE>DBM User Authentication</CITE></A>.
   </P>
   <P>
@@ -1756,6 +1692,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="remote-auth-only">
       <STRONG>How do I set up Apache to allow access to certain
       documents only if a site is either a local site <EM>or</EM>
@@ -1787,7 +1724,7 @@
     satisfy any</CODE>
    </DD>
   </DL>
-  </P>
+  <P></P>
   <P>
   See the <A HREF="#user-authentication">user authentication</A>
   question and the <A HREF="../mod/mod_access.html">mod_access</A>
@@ -1795,14 +1732,12 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="no-info-directives">
       <STRONG>Why doesn't mod_info list any directives?</STRONG>
      </A>
   <P>
-  The
-  <A
-   HREF="../mod/mod_info.html"
-  ><SAMP>mod_info</SAMP></A>
+  The <A HREF="../mod/mod_info.html"><SAMP>mod_info</SAMP></A>
   module allows you to use a Web browser to see how your server is
   configured.  Among the information it displays is the list modules and
   their configuration directives.  The &quot;current&quot; values for
@@ -1812,18 +1747,17 @@
   reloaded, the display will will not match the values actively in use.
   If the files and the path to the files are not readable by the user as
   which the server is running (see the
-  <A
-   HREF="../mod/core.html#user"
-  ><SAMP>User</SAMP></A>
+  <A HREF="../mod/core.html#user"><SAMP>User</SAMP></A>
   directive), then <SAMP>mod_info</SAMP> cannot read them in order to
   list their values.  An entry <EM>will</EM> be made in the error log in
   this event, however.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="linux-shmget">
-      <STRONG>When I run it under Linux I get "shmget:
-      function not found", what should I do?</STRONG>
+      <STRONG>When I run it under Linux I get &quot;shmget:
+      function not found&quot;, what should I do?</STRONG>
      </A>
   <P>
   Your kernel has been built without SysV IPC support.  You will have to
@@ -1846,6 +1780,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="authauthoritative">
       <STRONG>Why does my authentication give me a server error?</STRONG>
      </A>
@@ -1902,6 +1837,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="auth-on-same-machine">
       <STRONG>Do I have to keep the (mSQL) authentication information
       on the same machine?</STRONG>
@@ -1922,6 +1858,7 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="msql-slow">
       <STRONG>Why is my mSQL authentication terribly slow?</STRONG>
      </A>
@@ -1936,66 +1873,60 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="rewrite-more-config">
-          <STRONG>Where can I find mod_rewrite rulesets which already solve
-          particular URL-related problems?</STRONG>
+      <STRONG>Where can I find mod_rewrite rulesets which already solve
+      particular URL-related problems?</STRONG>
      </A>
   <P>
   There is a collection of 
-  <A
-      HREF="http://www.engelschall.com/pw/apache/rewriteguide/"
+  <A HREF="http://www.engelschall.com/pw/apache/rewriteguide/"
   >Practical Solutions for URL-Manipulation</A>
   where you can
   find all typical solutions the author of 
-  <A
-   HREF="../mod/mod_rewrite.html"
-  ><SAMP>mod_rewrite</SAMP></A> 
+  <A HREF="../mod/mod_rewrite.html"><SAMP>mod_rewrite</SAMP></A> 
   currently knows of. If you have more
   interesting rulesets which solve particular problems not currently covered in
   this document, send it to 
-  <A
-      HREF="mailto:rse@apache.org"
-  >Ralf S. Engelschall</A>
+  <A HREF="mailto:rse@apache.org">Ralf S. Engelschall</A>
   for inclusion. The
   other webmasters will thank you for avoiding the reinvention of the wheel.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="rewrite-article">
-          <STRONG>Where can I find any published information about URL-manipulations and
-          mod_rewrite?</STRONG>
+      <STRONG>Where can I find any published information about
+      URL-manipulations and mod_rewrite?</STRONG>
      </A>
   <P>
   There is an article from 
-  <A
-      HREF="mailto:rse@apache.org"
+  <A HREF="mailto:rse@apache.org"
   >Ralf S. Engelschall</A>
   about URL-manipulations based on
-  <A
-   HREF="../mod/mod_rewrite.html"
-  ><SAMP>mod_rewrite</SAMP></A> 
+  <A HREF="../mod/mod_rewrite.html"><SAMP>mod_rewrite</SAMP></A> 
   in the &quot;iX Multiuser Multitasking Magazin&quot; issue #12/96. The
   german (original) version
   can be read online at 
-  <A
-      HREF="http://www.heise.de/ix/artikel/9612149/"
-  >http://www.heise.de/ix/artikel/9612149/</A>,
+  &lt;<A HREF="http://www.heise.de/ix/artikel/9612149/"
+      >http://www.heise.de/ix/artikel/9612149/</A>&gt;,
   the English (translated) version can be found at 
-  <A
-      HREF="http://www.heise.de/ix/artikel/E/9612149/"
-  >http://www.heise.de/ix/artikel/E/9612149/</A>.
+  &lt;<A HREF="http://www.heise.de/ix/artikel/E/9612149/"
+      >http://www.heise.de/ix/artikel/E/9612149/</A>&gt;.
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="rewrite-complexity">
-          <STRONG>Why is mod_rewrite so difficult to learn and seems so
-          complicated?</STRONG>
+      <STRONG>Why is mod_rewrite so difficult to learn and seems so
+      complicated?</STRONG>
      </A>
   <P>
   Hmmm... there are a lot of reasons. First, mod_rewrite itself is a powerful
-  module which can help you in really <STRONG>all</STRONG> aspects of URL rewriting, so
-  it can be no trivial module per definition. To accomplish its hard job it
-  uses software leverage and makes use of a powerful regular expression
+  module which can help you in really <STRONG>all</STRONG> aspects of URL
+  rewriting, so it can be no trivial module per definition. To accomplish
+  its hard job it uses software leverage and makes use of a powerful regular
+  expression
   library by Henry Spencer which is an integral part of Apache since its
   version 1.2.  And regular expressions itself can be difficult to newbies,
   while providing the most flexible power to the advanced hacker. 
@@ -2013,9 +1944,10 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="rewrite-dontwork">
-          <STRONG>What can I do if my RewriteRules don't work as expected?
-          </STRONG>
+      <STRONG>What can I do if my RewriteRules don't work as expected?
+      </STRONG>
      </A>
   <P>
   Use &quot;<SAMP>RewriteLog somefile</SAMP>&quot; and
@@ -2025,13 +1957,14 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="rewrite-prefixdocroot"><STRONG>Why don't some of my URLs
       get prefixed with DocumentRoot when using mod_rewrite?</STRONG>
      </A>
   <P>
   If the rule starts with <SAMP>/somedir/...</SAMP> make sure that really no
   <SAMP>/somedir</SAMP> exists on the filesystem if you don't want to lead the
-  URL to match this directory, i.e. there must be no root directory named
+  URL to match this directory, <EM>i.e.</EM>, there must be no root directory named
   <SAMP>somedir</SAMP> on the filesystem. Because if there is such a
   directory, the URL will not get prefixed with DocumentRoot. This behaviour
   looks ugly, but is really important for some other aspects of URL
@@ -2039,9 +1972,10 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="rewrite-nocase">
-          <STRONG>How can I make all my URLs case-insensitive with mod_rewrite?
-          </STRONG>
+      <STRONG>How can I make all my URLs case-insensitive with mod_rewrite?
+      </STRONG>
      </A>
   <P>
   You can't! The reason is: First, case translations for arbitrary length URLs
@@ -2061,9 +1995,9 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="rewrite-virthost">
-          <STRONG> Why are RewriteRules in my VirtualHost parts ignored?
-          </STRONG>
+      <STRONG> Why are RewriteRules in my VirtualHost parts ignored?</STRONG>
      </A>
   <P>
   Because you have to enable the engine for every virtual host explicitly due
@@ -2072,21 +2006,24 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="rewrite-envwhitespace">
-          <STRONG> How can I use strings with whitespaces in RewriteRule's ENV
-          flag?</STRONG>
+      <STRONG> How can I use strings with whitespaces in RewriteRule's ENV
+      flag?</STRONG>
      </A>
   <P>
   There is only one ugly solution: You have to surround the complete flag
   argument by quotation marks (<SAMP>"[E=...]"</SAMP>). Notice: The argument
   to quote here is not the argument to the E-flag, it is the argument of the
-  Apache config file parser, i.e. the third argument of the RewriteRule here.
+  Apache config file parser, <EM>i.e.</EM>, the third argument of the RewriteRule here.
   So you have to write <SAMP>"[E=any text with whitespaces]"</SAMP>.
   </P>
   <HR>
  </LI>
- <LI><A NAME="cgi-spec"><STRONG>Where can I find the &quot;CGI
-      specification&quot;?</STRONG></A>
+
+ <LI><A NAME="cgi-spec">
+      <STRONG>Where can I find the &quot;CGI specification&quot;?</STRONG>
+     </A>
   <P>
   The Common Gateway Interface (CGI) specification can be found at
   the original NCSA site 
@@ -2095,8 +2032,15 @@
   This version hasn't been updated since 1995, and there have been
   some efforts to update it.  
   </P>
+  <P>
+  A new draft is being worked on with the intent of making it an informational
+  RFC; you can find out more about this project at
+  &lt;<A HREF="http://web.golux.com/coar/cgi/"
+      ><SAMP>http://web.golux.com/coar/cgi/</SAMP></A>&gt;.
+  </P>
   <HR>
  </LI>
+
  <LI><A NAME="year2000">
       <STRONG>Is Apache Year 2000 compliant?</STRONG>
      </A>
@@ -2118,12 +2062,9 @@
   <P>
   Some aspects of Apache's output may use two-digit years, such as the
   automatic listing of directory contents provided by
-  <A
-   HREF="../mod/mod_autoindex.html"
-  ><SAMP>mod_autoindex</SAMP></A>
+  <A HREF="../mod/mod_autoindex.html"><SAMP>mod_autoindex</SAMP></A>
   with the
-  <A
-   HREF="../mod/mod_autoindex.html#indexoptions"
+  <A HREF="../mod/mod_autoindex.html#indexoptions"
   ><SAMP>FancyIndexing</SAMP></A>
   option enabled, but it is improper to depend upon such displays for
   specific syntax.  And even that issue is being addressed by the
@@ -2142,8 +2083,9 @@
   </P>
   <HR>
  </LI>
+
  <LI><A NAME="namevhost">
-      <STRONG>I upgraded to Apache 1.3b and now my virtual hosts don't
+      <STRONG>I upgraded to Apache 1.3 and now my virtual hosts don't
       work!</STRONG>
      </A>
   <P>
@@ -2155,8 +2097,7 @@
   </P>
   <P>
   Apache 1.3b2 introduced a new directive,
-  <A
-   HREF="http://www.apache.org/docs/mod/core.html#namevirtualhost"
+  <A HREF="http://www.apache.org/docs/mod/core.html#namevirtualhost"
   ><SAMP>NameVirtualHost</SAMP></A>,
   which simplifies the rules quite a bit.  However, changing the rules
   like this means that your existing name-based
@@ -2190,94 +2131,294 @@
   <HR>
  </LI>
 
- <li><a name="redhat"><strong>I'm using RedHat Linux and I have problems with httpd
-    dying randomly or not restarting properly</strong></a>
-
-    <p>RedHat Linux versions 4.x (and possibly earlier) rpms contain
-    various nasty scripts which do not stop or restart Apache properly.
-    These can affect you even if you're not running the RedHat supplied
-    rpms.
-
-    <p> If you're using the default install then you're probably running
-    Apache 1.1.3, which is outdated.  From RedHat's ftp site you can
-    pick up a more recent RPM for Apache 1.2.x.  This will solve one of
-    the problems.
-
-    <p> If you're using a custom built Apache rather than the RedHat rpms
-    then you should <code>rpm -e apache</code>.  In particular you want
-    the mildly broken <code>/etc/logrotate.d/apache</code> script to be
-    removed, and you want the broken <code>/etc/rc.d/init.d/httpd</code>
-    (or <code>httpd.init</code>) script to be removed.  The latter is
-    actually fixed by the apache-1.2.5 rpms but if you're building your
-    own Apache then you probably don't want the RedHat files.
-
-    <p>We can't stress enough how important it is for folks, <i>especially
-    vendors</i> to follow the <a href="../stopping.html">stopping Apache
-    directions</a> given in our documentation.  In RedHat's defense,
-    the broken scripts were necessary with Apache 1.1.x because the
-    Linux support in 1.1.x was very poor, and there were various race
-    conditions on all platforms.  None of this should be necessary with
-    Apache 1.2 and later.
-    </p>
-    <hr>
-  </li>
-
-  <li><a name="stopping"><strong>I upgraded from an Apache version earlier
-    than 1.2.0 and suddenly I have problems with Apache dying randomly
-    or not restarting properly</strong></a>
-
-    <p>You should read <a href="#redhat">the previous note</a> about
-    problems with RedHat installations.  It is entirely likely that your
-    installation has start/stop/restart scripts which were built for
-    an earlier version of Apache.  Versions earlier than 1.2.0 had
-    various race conditions that made it necessary to use
-    <code>kill -9</code> at times to take out all the httpd servers.
-    But that should not be necessary any longer.  You should follow
-    the <a href="../stopping.html">directions on how to stop
-    and restart Apache</a>.
-
-    <p>As of Apache 1.3 there is a script
-    <code>src/support/apachectl</code> which, after a bit of
-    customization, is suitable for starting, stopping, and restarting
-    your server.
-    </p>
-    <hr>
-
-  </li>
-
-  <li><a name="redhat-htm"><strong>I'm using RedHat Linux and my .htm files are showing
-    up as html source rather than being formatted!</strong></a>
-
-    <p>RedHat messed up and forgot to put a content type for <code>.htm</code>
-    files into <code>/etc/mime.types</code>.  Edit <code>/etc/mime.types</code>,
-    find the line containing <code>html</code> and add <code>htm</code> to it.
-    Then restart your httpd server:
-    <pre>
-	kill -HUP `cat /var/run/httpd.pid`
-    </pre>
-    Then <b>clear your browsers' caches</b>.  (Many browsers won't re-examine
-    the content type after they've reloaded a page.)
-    </p>
-    <hr>
-
-  <li><a name="glibc-crypt"><strong>I'm using RedHat Linux 5.0, or some other glibc
-    based Linux system, and I get errors with the <code>crypt</code> function when
-    I attempt to build Apache 1.2.</strong></a>
-
-    <p>glibc puts the crypt function into a separate library.  Edit your
-    <code>src/Configuration</code> file and set this:
-    <pre>
-	EXTRA_LIBS=-lcrypt
-    </pre>
-    </p>
-    <hr>
+ <LI><A NAME="redhat">
+      <STRONG>I'm using RedHat Linux and I have problems with httpd
+      dying randomly or not restarting properly</STRONG>
+     </A>
 
+  <P>
+  RedHat Linux versions 4.x (and possibly earlier) RPMs contain
+  various nasty scripts which do not stop or restart Apache properly.
+  These can affect you even if you're not running the RedHat supplied
+  RPMs.
+  </P>
+  <P>
+  If you're using the default install then you're probably running
+  Apache 1.1.3, which is outdated.  From RedHat's ftp site you can
+  pick up a more recent RPM for Apache 1.2.x.  This will solve one of
+  the problems.
+  </P>
+  <P>
+  If you're using a custom built Apache rather than the RedHat RPMs
+  then you should <CODE>rpm -e apache</CODE>.  In particular you want
+  the mildly broken <CODE>/etc/logrotate.d/apache</CODE> script to be
+  removed, and you want the broken <CODE>/etc/rc.d/init.d/httpd</CODE>
+  (or <CODE>httpd.init</CODE>) script to be removed.  The latter is
+  actually fixed by the apache-1.2.5 RPMs but if you're building your
+  own Apache then you probably don't want the RedHat files.
+  </P>
+  <P>
+  We can't stress enough how important it is for folks, <EM>especially
+  vendors</EM> to follow the <A HREF="../stopping.html">stopping Apache
+  directions</A> given in our documentation.  In RedHat's defense,
+  the broken scripts were necessary with Apache 1.1.x because the
+  Linux support in 1.1.x was very poor, and there were various race
+  conditions on all platforms.  None of this should be necessary with
+  Apache 1.2 and later.
+  </P>
+  <HR>
+ </LI>
+
+ <LI><A NAME="stopping">
+      <STRONG>I upgraded from an Apache version earlier
+      than 1.2.0 and suddenly I have problems with Apache dying randomly
+      or not restarting properly</STRONG>
+     </A>
+
+  <P>
+  You should read <A HREF="#redhat">the previous note</A> about
+  problems with RedHat installations.  It is entirely likely that your
+  installation has start/stop/restart scripts which were built for
+  an earlier version of Apache.  Versions earlier than 1.2.0 had
+  various race conditions that made it necessary to use
+  <CODE>kill -9</CODE> at times to take out all the httpd servers.
+  But that should not be necessary any longer.  You should follow
+  the <A HREF="../stopping.html">directions on how to stop
+  and restart Apache</A>.
+  </P>
+  <P>As of Apache 1.3 there is a script
+  <CODE>src/support/apachectl</CODE> which, after a bit of
+  customization, is suitable for starting, stopping, and restarting
+  your server.
+  </P>
+  <HR>
+ </LI>
+
+ <LI><A NAME="redhat-htm">
+      <STRONG>I'm using RedHat Linux and my .htm files are showing
+      up as HTML source rather than being formatted!</STRONG>
+     </A>
+
+  <P>
+  RedHat messed up and forgot to put a content type for <CODE>.htm</CODE>
+  files into <CODE>/etc/mime.types</CODE>.  Edit <CODE>/etc/mime.types</CODE>,
+  find the line containing <CODE>html</CODE> and add <CODE>htm</CODE> to it.
+  Then restart your httpd server:
+  </P>
+  <DL>
+   <DD><CODE>kill -HUP `cat /var/run/httpd.pid`</CODE>
+   </DD>
+  </DL>
+  <P>
+  Then <STRONG>clear your browsers' caches</STRONG>.  (Many browsers won't
+  re-examine the content type after they've reloaded a page.)
+  </P>
+  <HR>
+ </LI>
+
+ <LI><A NAME="glibc-crypt">
+      <STRONG>I'm using RedHat Linux 5.0, or some other 
+      <SAMP>glibc</SAMP>-based Linux system, and I get errors with the
+      <CODE>crypt</CODE> function when I attempt to build Apache 1.2.</STRONG>
+     </A>
+
+  <P>
+  <SAMP>glibc</SAMP> puts the <CODE>crypt</CODE> function into a separate
+  library.  Edit your <CODE>src/Configuration</CODE> file and set this:
+  </P>
+  <DL>
+   <DD><CODE>EXTRA_LIBS=-lcrypt</CODE>
+   </DD>
+  </DL>
+  <P>
+  Then re-run <SAMP>src/Configure</SAMP> and re-execute the make.
+  </P>
+  <HR>
+ </LI>
+
+ <LI><A NAME="nfslocking">
+      <STRONG>Server hangs, or fails to start, and/or error log
+      fills with &quot;<SAMP>fcntl: F_SETLKW: No record locks
+      available</SAMP>&quot; or similar messages</STRONG>
+     </A>
+
+  <P>
+  These are symptoms of a fine locking problem, which usually means that
+  the server is trying to use a synchronization file on an NFS filesystem.
+  </P>
+  <P>
+  Because of its parallel-operation model, the Apache Web server needs to
+  provide some form of synchronization when accessing certain resources.
+  One of these synchronization methods involves taking out locks on a file,
+  which means that the filesystem whereon the lockfile resides must support
+  locking.  In many cases this means it <EM>can't</EM> be kept on an
+  NFS-mounted filesystem.
+  </P>
+  <P>
+  To cause the Web server to work around the NFS locking limitations, include
+  a line such as the following in your server configuration files:
+  </P>
+  <DL>
+   <DD><CODE>LockFile /var/run/apache-lock</CODE>
+   </DD>
+  </DL>
+  <P>
+  The directory should not be generally writable (<EM>e.g.</EM>, don't use
+  <SAMP>/var/tmp</SAMP>).
+  See the <A HREF="../mod/core.html#lockfile"><SAMP>LockFile</SAMP></A>
+  documentation for more information.
+  </P>
+  <HR>
+ </LI>
+ <LI><A NAME="zoom">
+      <STRONG>What's the best hardware/operating system/... How do
+      I get the most out of my Apache Web server?</STRONG>
+     </A>
+  <P>
+  Check out Dean Gaudet's
+  <A HREF="http://www.apache.org/docs/misc/perf-tuning.html"
+  >performance tuning page</A>.
+  </P>
+  <HR>
+ </LI>
+ <LI><A NAME="regex">
+      <STRONG>What are "regular expressions"?</STRONG></A>
+   <P>
+   Regular expressions are a way of describing a pattern - for example, "all 
+   the words that begin with the letter A" or "every 10-digit phone number" 
+   or even "Every sentence with two commas in it, and no capital letter Q".  
+   Regular expressions (aka "regexp"s) are useful in Apache because they 
+   let you apply certain attributes against collections of files or resources 
+   in very flexible ways - for example, all .gif and .jpg files under
+   any "images" directory could be written as /.*\/images\/.*[jpg|gif]/.
+   </P>
+   <P>
+   The best overview around is probably the one which comes with
+   Perl.  We implement a simple subset of Perl's regexp support, but
+   it's still a good way to learn what they mean.  You can start by
+   going to the
+   <A
+    HREF="http://www.perl.com/CPAN-local/doc/manual/html/pod/perlre.html#Version_8_Regular_Expresions"
+   >CPAN page on regular expressions</A>, and branching out from there.
+   </P>
+  <HR>
+ </LI>
+ <LI><A NAME="broken-gcc"><STRONG>I'm using gcc and I get some
+	compilation errors, what is wrong?</STRONG></A>
+    <P>
+    GCC parses your system header files and produces a modified subset which
+    it uses for compiling.  This behaviour ties GCC tightly to the version
+    of your operating system.  So, for example, if you were running IRIX 5.3
+    when you built GCC and then upgrade to IRIX 6.2 later, you will have to
+    rebuild GCC.  Similarly for Solaris 2.4, 2.5, or 2.5.1 when you upgrade
+    to 2.6.  Sometimes you can type "gcc -v" and it will tell you the version
+    of the operating system it was built against.
+    </P>
+    <P>
+    If you fail to do this, then it is very likely that Apache will fail
+    to build.  One of the most common errors is with <CODE>readv</CODE>,
+    <CODE>writev</CODE>, or <CODE>uio.h</CODE>.  This is <STRONG>not</STRONG> a
+    bug with Apache.  You will need to re-install GCC.
+    </P>
+   <HR>
+  </LI>
+  <LI><A NAME="htaccess-work">
+       <STRONG>My <CODE>.htaccess</CODE> files are being ignored.</STRONG></A>
+   <P>
+   This is almost always due to your <A HREF="../mod/core.html#allowoverride">
+   AllowOverride</A> directive being set incorrectly for the directory in 
+   question.  If it is set to <CODE>None</CODE> then .htaccess files will 
+   not even be looked for.  If you do have one that is set, then be certain 
+   it covers the directory you are trying to use the .htaccess file in.  
+   This is normally accomplished by ensuring it is inside the proper 
+   <A HREF="../mod/core.html#directory">Directory</A> container.
+   </P>
+   <HR>
+  </LI>
+  <LI><A NAME="submit_patch">
+       <STRONG>How do I submit a patch to the Apache Group?</STRONG></A>
+   <P>
+   The Apache Group encourages patches from outside developers. There are 2
+   main "types"
+   of patches: small bugfixes and general improvements. Bugfixes should be
+   submitting using the
+   Apache <A HREF="http://www.apache.org/bug_report.html">bug report page</A>.
+   Improvements, modifications, and additions should follow the instructions
+   below.
+   </P>
+   <P>
+   In general, the first course of action is to be a member of the
+   <SAMP>new-httpd@apache.org</SAMP> mailing list. This indicates to the Group
+   that
+   you are closely following the latest Apache developments. Your patch file
+   should be
+   generated using either '<CODE>diff&nbsp;-c</CODE>' or
+   '<CODE>diff&nbsp;-u</CODE>' against the
+   latest CVS tree. To submit your patch, send email to
+   <SAMP>new-httpd@apache.org</SAMP>
+   with a <SAMP>Subject:</SAMP> line that starts with <SAMP>[PATCH]</SAMP> and
+   includes a general description of the patch. In the body of the message, the
+   patch should be clearly described and then included at the end of the
+   message.
+   If the patch-file is long, you can note a URL to the file instead of the
+   file itself. Use of MIME enclosures/attachments should be avoided.
+   </P>
+   <P>
+   Be prepared to respond to any questions about your patches and possibly
+   defend
+   your code. If your patch results in a lot of discussion, you may be asked to
+   submit an updated patch that incorporate all changes and suggestions.
+   </P>
+   <HR>
+  </LI>
+  <LI><A NAME="aixccbug"><STRONG>Why am I getting "<SAMP>Expected
+       &lt/Directory&gt; but saw &lt;/Directory&gt;</SAMP>" when
+       I try to start Apache?</STRONG></A>
+   <P>
+   This is a known problem with certain versions of the AIX C compiler.
+   IBM are working on a solution, and the issue is being tracked by
+   <A HREF="http://bugs.apache.org/index/full/2312">problem report #2312</A>.
+   </P>
+   <HR>
+  </LI>
+  <LI><A NAME="domination"><STRONG>Why has Apache stolen my favourite site's
+       Internet address?</STRONG></A>
+   <P>
+   The simple answer is: "It hasn't."  This misconception is usually
+   caused by the site in question having migrated to the Apache Web
+   server software, but not having migrated the site's content yet.  When
+   Apache is installed, the default page that gets installed tells the
+   Webmaster the installation was successful.  The expectation is that
+   this default page will be replaced with the site's real content.
+   If it doesn't, complain to the Webmaster, not to the Apache project --
+   we just make the software and aren't responsible for what people
+   do (or don't do) with it.
+   </P>
+   <HR>
+  </LI>
+  <LI><A NAME="apspam"><STRONG>Why am I getting spam mail from the
+       Apache site?</STRONG></A>
+   <P>
+   The short answer is: "You aren't."  Usually when someone thinks the
+   Apache site is originating spam, it's because they've traced the
+   spam to a Web site, and the Web site says it's using Apache.  See the
+   <A HREF="#domination">previous FAQ entry</A> for more details on this
+   phenomenon.
+   </P>
+   <P>
+   No marketing spam originates from the Apache site.  The only mail
+   that comes from the site goes only to addresses that have been
+   <EM>requested</EM> to receive the mail.
+   </P>
+   <HR>
+  </LI>
   <!-- Don't forget to add HR tags at the end of each list item.. -->
 
 </OL>
- <HR>
+<HR>
+
 <H3 ALIGN="CENTER">
- Apache HTTP Server Version 1.2
+ Apache HTTP Server Version 1.3
 </H3>
 
 <A HREF="./"><IMG SRC="../images/index.gif" ALT="Index"></A>
diff --git a/usr.sbin/httpd/htdocs/manual/mod/core.html b/usr.sbin/httpd/htdocs/manual/mod/core.html
index 27c2a6c00da..f8734d1d9d7 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/core.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/core.html
@@ -15,139 +15,212 @@
 <DIV ALIGN="CENTER">
  <IMG SRC="../images/sub.gif" ALT="[APACHE DOCUMENTATION]">
  <H3>
-  Apache HTTP Server Version 1.2
+  Apache HTTP Server Version 1.3
  </H3>
 </DIV>
 
 
-<H1 ALIGN="CENTER">Apache Core Features</h1>
-
+<H1 ALIGN="CENTER">Apache Core Features</H1>
+<P>
 These configuration parameters control the core Apache features, and are
 always available.
+</P>
+<H2>Directives</H2>
+<UL>
+<LI><A HREF="#accessconfig">AccessConfig</A>
+<LI><A HREF="#accessfilename">AccessFileName</A>
+<LI><A HREF="#addmodule">AddModule</A>
+<LI><A HREF="#allowoverride">AllowOverride</A>
+<LI><A HREF="#authname">AuthName</A>
+<LI><A HREF="#authtype">AuthType</A>
+<LI><A HREF="#bindaddress">BindAddress</A>
+<LI><A HREF="#bs2000account">BS2000Account</A>
+<LI><A HREF="#clearmodulelist">ClearModuleList</A>
+<LI><A HREF="#contentdigest">ContentDigest</A>
+<LI><A HREF="#coredumpdirectory">CoreDumpDirectory</A>
+<LI><A HREF="#defaulttype">DefaultType</A>
+<LI><A HREF="#directory">&lt;Directory&gt;</A>
+<LI><A HREF="#directorymatch">&lt;DirectoryMatch&gt;</A>
+<LI><A HREF="#documentroot">DocumentRoot</A>
+<LI><A HREF="#errordocument">ErrorDocument</A>
+<LI><A HREF="#errorlog">ErrorLog</A>
+<LI><A HREF="#files">&lt;Files&gt;</A>
+<LI><A HREF="#filesmatch">&lt;FilesMatch&gt;</A>
+<LI><A HREF="#group">Group</A>
+<LI><A HREF="#hostnamelookups">HostNameLookups</A>
+<LI><A HREF="#identitycheck">IdentityCheck</A>
+<LI><A HREF="#ifdefine">&lt;IfDefine&gt;</A>
+<LI><A HREF="#ifmodule">&lt;IfModule&gt;</A>
+<LI><A HREF="#include">Include</A>
+<LI><A HREF="#keepalive">KeepAlive</A>
+<LI><A HREF="#keepalivetimeout">KeepAliveTimeout</A>
+<LI><A HREF="#limit">&lt;Limit&gt;</A>
+<LI><A HREF="#limitrequestbody">LimitRequestBody</A>
+<LI><A HREF="#limitrequestfields">LimitRequestFields</A>
+<LI><A HREF="#limitrequestfieldsize">LimitRequestFieldsize</A>
+<LI><A HREF="#limitrequestline">LimitRequestLine</A>
+<LI><A HREF="#listen">Listen</A>
+<LI><A HREF="#listenbacklog">ListenBacklog</A>
+<LI><A HREF="#location">&lt;Location&gt;</A>
+<LI><A HREF="#locationmatch">&lt;LocationMatch&gt;</A>
+<LI><A HREF="#lockfile">LockFile</A>
+<LI><A HREF="#loglevel">LogLevel</A>
+<LI><A HREF="#maxclients">MaxClients</A>
+<LI><A HREF="#maxkeepaliverequests">MaxKeepAliveRequests</A>
+<LI><A HREF="#maxrequestsperchild">MaxRequestsPerChild</A>
+<LI><A HREF="#maxspareservers">MaxSpareServers</A>
+<LI><A HREF="#minspareservers">MinSpareServers</A>
+<LI><A HREF="#namevirtualhost">NameVirtualHost</A>
+<LI><A HREF="#options">Options</A>
+<LI><A HREF="#pidfile">PidFile</A>
+<LI><A HREF="#port">Port</A>
+<LI><A HREF="#require">require</A>
+<LI><A HREF="#resourceconfig">ResourceConfig</A>
+<LI><A HREF="#rlimitcpu">RLimitCPU</A>
+<LI><A HREF="#rlimitmem">RLimitMEM</A>
+<LI><A HREF="#rlimitnproc">RLimitNPROC</A>
+<LI><A HREF="#satisfy">Satisfy</A>
+<LI><A HREF="#scoreboardfile">ScoreBoardFile</A>
+<LI><A HREF="#sendbuffersize">SendBufferSize</A>
+<LI><A HREF="#serveradmin">ServerAdmin</A>
+<LI><A HREF="#serveralias">ServerAlias</A>
+<LI><A HREF="#servername">ServerName</A>
+<LI><A HREF="#serverpath">ServerPath</A>
+<LI><A HREF="#serverroot">ServerRoot</A>
+<LI><A HREF="#serversignature">ServerSignature</A>
+<LI><A HREF="#servertokens">ServerTokens</A>
+<LI><A HREF="#servertype">ServerType</A>
+<LI><A HREF="#startservers">StartServers</A>
+<LI><A HREF="#threadsperchild">ThreadsPerChild</A>
+<LI><A HREF="#timeout">TimeOut</A>
+<LI><A HREF="#usecanonicalname">UseCanonicalName</A>
+<LI><A HREF="#user">User</A>
+<LI><A HREF="#virtualhost">&lt;VirtualHost&gt;</A>
+</UL>
+<HR>
 
-
-<ul>
-<li><A HREF="#accessconfig">AccessConfig</A>
-<li><A HREF="#accessfilename">AccessFileName</A>
-<li><A HREF="#addmodule">AddModule</A>
-<li><A HREF="#allowoverride">AllowOverride</A>
-<li><A HREF="#authname">AuthName</A>
-<li><A HREF="#authtype">AuthType</A>
-<li><A HREF="#bindaddress">BindAddress</A>
-<li><A HREF="#clearmodulelist">ClearModuleList</A>
-<li><A HREF="#defaulttype">DefaultType</A>
-<li><A HREF="#directory">&lt;Directory&gt;</A>
-<li><A HREF="#documentroot">DocumentRoot</A>
-<li><A HREF="#errordocument">ErrorDocument</A>
-<li><A HREF="#errorlog">ErrorLog</A>
-<li><A HREF="#files">&lt;Files&gt;</A>
-<li><A HREF="#group">Group</A>
-<li><A HREF="#hostnamelookups">HostNameLookups</A>
-<li><A HREF="#identitycheck">IdentityCheck</A>
-<li><A HREF="#ifmodule">&lt;IfModule&gt;</A>
-<li><A HREF="#keepalive">KeepAlive</A>
-<li><A HREF="#keepalivetimeout">KeepAliveTimeout</A>
-<li><A HREF="#limit">&lt;Limit&gt;</A>
-<li><A HREF="#listen">Listen</A>
-<li><A HREF="#location">&lt;Location&gt;</A>
-<li><A HREF="#lockfile">LockFile</A>
-<li><A HREF="#maxclients">MaxClients</A>
-<li><A HREF="#maxkeepaliverequests">MaxKeepAliveRequests</a>
-<li><A HREF="#maxrequestsperchild">MaxRequestsPerChild</A>
-<li><A HREF="#maxspareservers">MaxSpareServers</A>
-<li><A HREF="#minspareservers">MinSpareServers</A>
-<li><A HREF="#options">Options</A>
-<li><A HREF="#pidfile">PidFile</A>
-<li><A HREF="#port">Port</A>
-<li><A HREF="#require">require</A>
-<li><A HREF="#resourceconfig">ResourceConfig</A>
-<li><A HREF="#rlimitcpu">RLimitCPU</A>
-<li><A HREF="#rlimitmem">RLimitMEM</A>
-<li><A HREF="#rlimitnproc">RLimitNPROC</A>
-<li><A HREF="#satisfy">Satisfy</A>
-<li><A HREF="#scoreboardfile">ScoreBoardFile</A>
-<li><A HREF="#sendbuffersize">SendBufferSize</A>
-<li><A HREF="#serveradmin">ServerAdmin</A>
-<li><A HREF="#serveralias">ServerAlias</A>
-<li><A HREF="#servername">ServerName</A>
-<li><A HREF="#serverpath">ServerPath</A>
-<li><A HREF="#serverroot">ServerRoot</A>
-<li><A HREF="#servertype">ServerType</A>
-<li><A HREF="#startservers">StartServers</A>
-<li><A HREF="#timeout">TimeOut</A>
-<li><A HREF="#user">User</A>
-<li><A HREF="#virtualhost">&lt;VirtualHost&gt;</A>
-</ul>
-<hr>
-
-<A name="accessconfig"><h2>AccessConfig directive</h2></A>
+<H2><A NAME="accessconfig">AccessConfig directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt AccessConfig} directive&gt; -->
-<strong>Syntax:</strong> AccessConfig <em>filename</em><br>
-<strong>Default:</strong> <code>AccessConfig conf/access.conf</code><br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> AccessConfig <EM>filename</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>AccessConfig conf/access.conf</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The server will read this file for more directives after reading the
-<A HREF="#resourceconfig">ResourceConfig</A> file. <em>Filename</em> is
+<A HREF="#resourceconfig">ResourceConfig</A> file. <EM>Filename</EM> is
 relative to the <A HREF="#serverroot">ServerRoot</A>.
 This feature can be disabled using:
-<blockquote><code>AccessConfig /dev/null</code></blockquote>
+<BLOCKQUOTE><CODE>AccessConfig /dev/null</CODE></BLOCKQUOTE>
 Historically, this file only contained
 <A HREF="#directory">&lt;Directory&gt;</A> sections; in fact it can now
-contain any server directive allowed in the <em>server config</em> context.
-<p><hr>
+contain any server directive allowed in the <EM>server config</EM> context.
+<P><HR>
 
-<A name="accessfilename"><h2>AccessFileName directive</h2></A>
+<H2><A NAME="accessfilename">AccessFileName directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt AccessFileName} directive&gt; -->
-<strong>Syntax:</strong> AccessFileName <em>filename</em><br>
-<strong>Default:</strong> <code>AccessFileName .htaccess</code><br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> AccessFileName <EM>filename filename ...</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>AccessFileName .htaccess</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> AccessFileName can accept more than
+one filename only in Apache 1.3 and later<P>
 
-When returning a document to the client the server looks for an
-access control file with this name in every directory of the path to
+When returning a document to the client the server looks for the first existing
+access control file from this list of names in every directory of the path to
 the document, if access control files are enabled for that directory.
 
 For example:
-<blockquote><code>AccessFileName .acl</code></blockquote>
+<BLOCKQUOTE><CODE>AccessFileName .acl</CODE></BLOCKQUOTE>
 before returning the document /usr/local/web/index.html, the
 server will read /.acl, /usr/.acl, /usr/local/.acl and /usr/local/web/.acl
 for directives, unless they have been disabled with
-<blockquote><code>
-&lt;Directory /&gt;<br>
-AllowOverride None<br>
-&lt;/Directory&gt;</code></blockquote><p><hr>
+<BLOCKQUOTE><CODE>
+&lt;Directory /&gt;<BR>
+AllowOverride None<BR>
+&lt;/Directory&gt;</CODE></BLOCKQUOTE><P><HR>
 
-<A name="addmodule"><h2>AddModule directive</h2></A>
+<H2><A NAME="addmodule">AddModule directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt AddModule} directive&gt; -->
-<strong>Syntax:</strong> AddModule <em>module module ...</em><br>
-<strong>Context:</strong> server config <br>
-<strong>Status:</strong> core<br>
-<strong>Compatibility:</strong> AddModule is only available in Apache 1.2 and later<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> AddModule <EM>module module ...</EM><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config <BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> AddModule is only available in
+Apache 1.2 and later<P>
 
 The server can have modules compiled in which are not actively in use.
 This directive can be used to enable the use of those modules.  The
 server comes with a pre-loaded list of active modules; this list can
 be cleared with the <A HREF="#clearmodulelist">ClearModuleList</A>
-directive.<p><hr>
+directive.<P><HR>
 
-<A name="allowoverride"><h2>AllowOverride directive</h2></A>
+<H2><A NAME="allowoverride">AllowOverride directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt AllowOverride} directive&gt; -->
-<strong>Syntax:</strong> AllowOverride <em>override override ...</em><br>
-<strong>Default:</strong> <code>AllowOverride All</code><br>
-<strong>Context:</strong> directory<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> AllowOverride <EM>override override ...</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>AllowOverride All</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> directory<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 When the server finds an .htaccess file (as specified by
 <A HREF="#accessfilename">AccessFileName</A>) it needs to know which
-directives declared in that file can override earlier access information.<p>
+directives declared in that file can override earlier access information.<P>
 
-<em>Override</em> can be set to <code>None</code>, in which case the server
-will not read the file, <code>All</code> in which case the server will
+<EM>Override</EM> can be set to <CODE>None</CODE>, in which case the server
+will not read the file, <CODE>All</CODE> in which case the server will
 allow all the directives, or one or more of the following:
-<dl>
-<dt>AuthConfig
-<dd>
+<DL>
+<DT>AuthConfig
+<DD>
 <!--%plaintext &lt;?INDEX {\tt AuthConfig} override&gt; -->
 Allow use of the authorization directives
 (<A HREF="mod_auth_dbm.html#authdbmgroupfile">AuthDBMGroupFile</A>,
@@ -155,9 +228,9 @@ Allow use of the authorization directives
 <A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A>,
 <A HREF="#authname">AuthName</A>, <A HREF="#authtype">AuthType</A>,
 <A HREF="mod_auth.html#authuserfile">AuthUserFile</A>,
-<A HREF="#require">require</A>, etc.).
-<dt>FileInfo
-<dd>
+<A HREF="#require">require</A>, <EM>etc.</EM>).
+<DT>FileInfo
+<DD>
 <!--%plaintext &lt;?INDEX {\tt FileInfo} override&gt; -->
 Allow use of the directives controlling document types
 (<A HREF="mod_mime.html#addencoding">AddEncoding</A>,
@@ -165,40 +238,52 @@ Allow use of the directives controlling document types
 <A HREF="mod_mime.html#addtype">AddType</A>,
 <A HREF="#defaulttype">DefaultType</A>,
 <A HREF="#errordocument">ErrorDocument</A>,
-<A HREF="mod_negotiation.html#languagepriority">LanguagePriority</A>, etc.).
-<dt>Indexes
-<dd>
+<A HREF="mod_negotiation.html#languagepriority">LanguagePriority</A>, <EM>etc.</EM>).
+<DT>Indexes
+<DD>
 <!--%plaintext &lt;?INDEX {\tt Indexes} override&gt; -->
 Allow use of the directives controlling directory indexing
-(<A HREF="mod_dir.html#adddescription">AddDescription</A>,
-<A HREF="mod_dir.html#addicon">AddIcon</A>,
-<A HREF="mod_dir.html#addiconbyencoding">AddIconByEncoding</A>,
-<A HREF="mod_dir.html#addiconbytype">AddIconByType</A>,
-<A HREF="mod_dir.html#defaulticon">DefaultIcon</A>,
+(<A HREF="mod_autoindex.html#adddescription">AddDescription</A>,
+<A HREF="mod_autoindex.html#addicon">AddIcon</A>,
+<A HREF="mod_autoindex.html#addiconbyencoding">AddIconByEncoding</A>,
+<A HREF="mod_autoindex.html#addiconbytype">AddIconByType</A>,
+<A HREF="mod_autoindex.html#defaulticon">DefaultIcon</A>,
 <A HREF="mod_dir.html#directoryindex">DirectoryIndex</A>,
-<A HREF="mod_dir.html#fancyindexing">FancyIndexing</A>,
-<A HREF="mod_dir.html#headername">HeaderName</A>,
-<A HREF="mod_dir.html#indexignore">IndexIgnore</A>,
-<A HREF="mod_dir.html#indexoptions">IndexOptions</A>,
-<A HREF="mod_dir.html#readmename">ReadmeName</A>, etc.).
-<dt>Limit
-<dd>
+<A HREF="mod_autoindex.html#fancyindexing">FancyIndexing</A>,
+<A HREF="mod_autoindex.html#headername">HeaderName</A>,
+<A HREF="mod_autoindex.html#indexignore">IndexIgnore</A>,
+<A HREF="mod_autoindex.html#indexoptions">IndexOptions</A>,
+<A HREF="mod_autoindex.html#readmename">ReadmeName</A>, <EM>etc.</EM>).
+<DT>Limit
+<DD>
 <!--%plaintext &lt;?INDEX {\tt Limit} override&gt; -->
 Allow use of the directives controlling host access (allow, deny and order).
-<dt>Options
-<dd>
+<DT>Options
+<DD>
 <!--%plaintext &lt;?INDEX {\tt Options} override&gt; -->
 Allow use of the directives controlling specific directory features
 (<A HREF="#options">Options</A> and
 <A HREF="mod_include.html#xbithack">XBitHack</A>).
-</dl><p><hr>
+</DL><P><HR>
 
-<A name="authname"><h2>AuthName directive</h2></A>
+<H2><A NAME="authname">AuthName directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt AuthName} directive&gt; -->
-<strong>Syntax:</strong> AuthName <em>auth-domain</em><br>
-<strong>Context:</strong> directory, .htaccess<br>
-<strong>Override:</strong> AuthConfig<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> AuthName <EM>auth-domain</EM><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
+<A
+ HREF="directive-dict.html#Override"
+ REL="Help"
+><STRONG>Override:</STRONG></A> AuthConfig<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 This directive sets the name of the authorization realm for a directory.
 This realm is given to the client so that the user knows which username and
@@ -206,133 +291,353 @@ password to send.
 It must be accompanied by <A HREF="#authtype">AuthType</A> and
 <A HREF="#require">require</A> directives, and directives such as
 <A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and
-<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> to work.<p><hr>
+<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> to work.<P><HR>
 
-<A name="authtype"><h2>AuthType directive</h2></A>
+<H2><A NAME="authtype">AuthType directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt AuthType} directive&gt; -->
-<strong>Syntax:</strong> AuthType <em>type</em><br>
-<strong>Context:</strong> directory, .htaccess<br>
-<strong>Override:</strong> AuthConfig<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> AuthType <EM>type</EM><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
+<A
+ HREF="directive-dict.html#Override"
+ REL="Help"
+><STRONG>Override:</STRONG></A> AuthConfig<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 This directive selects the type of user authentication for a directory.
-Only <code>Basic</code> is currently implemented.
+Only <CODE>Basic</CODE> and <CODE>Digest</CODE> are currently implemented.
 <!--%plaintext &lt;?INDEX {\tt Basic} authentication scheme&gt; -->
 It must be accompanied by <A HREF="#authname">AuthName</A> and
 <A HREF="#require">require</A> directives, and directives such as
 <A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and
-<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> to work.<p><hr>
+<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> to work.<P><HR>
 
-<A name="bindaddress"><h2>BindAddress directive</h2></A>
+<H2><A NAME="bindaddress">BindAddress directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt BindAddress} directive&gt; -->
-<strong>Syntax:</strong> BindAddress <em>saddr</em><br>
-<strong>Default:</strong> <code>BindAddress *</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> BindAddress <EM>saddr</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>BindAddress *</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 A Unix&#174; http server can either listen for connections to every
 IP address of the server machine, or just one IP address of the server
-machine. <em>Saddr</em> can be
+machine. <EM>Saddr</EM> can be
 
-<menu>
-<li>*
-<li>An IP address
-<li>A fully-qualified Internet domain name
-</menu>
+<MENU>
+<LI>*
+<LI>An IP address
+<LI>A fully-qualified Internet domain name
+</MENU>
 If the value is *, then the server will listen for connections on
 every IP address, otherwise it will only listen on the IP address
-specified. <p>
+specified. <P>
+
+Only one <CODE>BindAddress</CODE> directive can be used. For more
+control over which address and ports Apache listens to, use the
+<CODE><A HREF="#listen">Listen</A></CODE> directive instead of
+<CODE>BindAddress</CODE>.<P>
 
-This option can be used as an alternative method for supporting
-<A HREF="../virtual-host.html">virtual hosts</A> instead of using
-<A HREF="#virtualhost">&lt;VirtualHost&gt;</A> sections.
+<CODE>BindAddress</CODE> can be used as an alternative method for
+supporting <A HREF="../vhosts/index.html">virtual hosts</A> using
+multiple independent servers, instead of using <CODE><A
+HREF="#virtualhost">&lt;VirtualHost&gt;</A></CODE> sections.
 
-<p><strong>See Also:</strong>
-<a href="../dns-caveats.html">DNS Issues</a><br>
-<strong>See Also:</strong>
-<a href="../bind.html">Setting which addresses and ports Apache uses</a></p>
+<P><STRONG>See Also:</STRONG>
+<A HREF="../dns-caveats.html">DNS Issues</A><BR>
+<STRONG>See Also:</STRONG>
+<A HREF="../bind.html">Setting which addresses and ports Apache uses</A></P>
 
-<hr>
+<HR>
+
+<H2><A NAME="bs2000account">BS2000Account directive</A></H2>
+<!--%plaintext &lt;?INDEX {\tt BS2000Account} directive&gt; -->
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> BS2000Account <EM>account</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <EM>none</EM><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> BS2000Account is only available for
+BS2000 machines, as of Apache 1.3 and later.<P>
+
+The <CODE>BS2000Account</CODE> directive is available for BS2000 hosts
+only. It must be used to define the account number for the non-privileged
+apache server user (which was configured using the
+<A HREF="#user">User</A> directive).
+This is required by the BS2000 POSIX subsystem (to change the underlying
+BS2000 task environment by performing a sub-LOGON) to prevent CGI scripts
+from accessing resources of the privileged account which started the
+server, usually <SAMP>SYSROOT</SAMP>.<BR>
+Only one <CODE>BS2000Account</CODE> directive can be used. <P>
+
+<P><STRONG>See Also:</STRONG>
+<A HREF="../ebcdic.html">Apache EBCDIC port</A></P>
 
-<A name="clearmodulelist"><h2>ClearModuleList directive</h2></A>
+<HR>
+
+<H2><A NAME="clearmodulelist">ClearModuleList directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt ClearModuleList} directive&gt; -->
-<strong>Syntax:</strong> ClearModuleList<br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<br>
-<strong>Compatibility:</strong> ClearModuleList is only available in Apache 1.2 and later<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ClearModuleList<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> ClearModuleList is only available in
+Apache 1.2 and later<P>
 
 The server comes with a built-in list of active modules.  This
 directive clears the list.  It is assumed that the list will then be
-re-populated using the <A HREF="#addmodule">AddModule</A> directive.<p><hr>
+re-populated using the <A HREF="#addmodule">AddModule</A> directive.<P><HR>
 
-<A name="defaulttype"><h2>DefaultType directive</h2></A>
+<H2><A NAME="contentdigest">ContentDigest directive</A></H2>
+<!--%plaintext &lt;?INDEX {\tt ContentDigest} directive&gt; -->
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ContentDigest <EM>on|off</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>ContentDigest off</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host, directory,
+.htaccess<BR>
+<A
+ HREF="directive-dict.html#Override"
+ REL="Help"
+><STRONG>Override:</STRONG></A> AuthConfig<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> experimental<P>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> ContentDigest is only available in
+Apache 1.1 and later<P>
+
+This directive enables the generation of <CODE>Content-MD5</CODE> headers
+as defined in RFC1864 respectively RFC2068.<P>
+
+MD5 is an algorithm for computing a "message digest" (sometimes called
+"fingerprint") of arbitrary-length data, with a high degree of confidence
+that any alterations in the data will be reflected in alterations in the
+message digest.<P>
+
+The <CODE>Content-MD5</CODE> header provides an end-to-end message
+integrity check (MIC) of the entity-body. A proxy or client may check this
+header for detecting accidental modification of the entity-body
+in transit.
+Example header:
+<PRE>   Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==</PRE><P>
+
+Note that this can cause performance problems on your server
+since the message digest is computed on every request
+(the values are not cached).<P>
+
+<CODE>Content-MD5</CODE> is only sent for documents served by the
+core, and not by any module.  For example, SSI documents, output from
+CGI scripts, and byte range responses do not have this header.
+
+<HR>
+
+<H2><A NAME="coredumpdirectory">CoreDumpDirectory directive</A></H2>
+<!--%plaintext &lt;?INDEX {\tt CoreDumpDirectory} directive&gt; -->
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> CoreDumpDirectory <EM>directory</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> the same location as ServerRoot<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
+
+This controls the directory to which Apache attempts to switch before
+dumping core.  The default is in the <A HREF="#serverroot">ServerRoot</A>
+directory, however since this should not be writable by the user
+the server runs as, core dumps won't normally get written.  If you
+want a core dump for debugging, you can use this directive to place
+it in a different location.<P><HR>
+
+<H2><A NAME="defaulttype">DefaultType directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt DefaultType} directive&gt; -->
-<strong>Syntax:</strong> DefaultType <em>mime-type</em><br>
-<strong>Default:</strong> <code>DefaultType text/html</code><br>
-<strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
-<strong>Override:</strong> FileInfo<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> DefaultType <EM>MIME-type</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>DefaultType text/html</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host, directory,
+.htaccess<BR>
+<A
+ HREF="directive-dict.html#Override"
+ REL="Help"
+><STRONG>Override:</STRONG></A> FileInfo<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 There will be times when the server is asked to provide a document
-whose type cannot be determined by its MIME types mappings.<p>
+whose type cannot be determined by its MIME types mappings.<P>
 
 The server must inform the client of the content-type of the document, so in
 the event of an unknown type it uses the <CODE>DefaultType</CODE>. For
 example:
-<blockquote><code>DefaultType image/gif</code></blockquote>
+<BLOCKQUOTE><CODE>DefaultType image/gif</CODE></BLOCKQUOTE>
 would be appropriate for a directory which contained many gif images
-with filenames missing the .gif extension.<p><hr>
+with filenames missing the .gif extension.<P><HR>
 
-<A name="directory"><h2>&lt;Directory&gt; directive</h2></A>
+<H2><A NAME="directory">&lt;Directory&gt; directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt Directory} section directive&gt; -->
-<strong>Syntax:</strong> &lt;Directory <em>directory</em>&gt; ... &lt;/Directory&gt; <br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> Core. <p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> &lt;Directory <EM>directory</EM>&gt;
+ ... &lt;/Directory&gt; <BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> Core. <P>
 
 &lt;Directory&gt; and &lt;/Directory&gt; are used to enclose a group of
 directives which will apply only to the named directory and sub-directories
 of that directory. Any directive which is allowed in a directory
-context may be used. <em>Directory</em> is either the full path to a directory,
+context may be used. <EM>Directory</EM> is either the full path to a directory,
 or a wild-card string. In a wild-card string, `?' matches any single character,
-and `*' matches any sequences of characters. Example:
-<pre>
+and `*' matches any sequences of characters.  As of Apache 1.3, you
+may also use `[]' character ranges like in the shell.  Also as of Apache 1.3
+none of the wildcards match a `/' character, which more closely mimics the
+behaviour of Unix shells.
+Example:
+<PRE>
    &lt;Directory /usr/local/httpd/htdocs&gt;
    Options Indexes FollowSymLinks
    &lt;/Directory&gt;
-</pre>
+</PRE>
 
-<p><strong>Apache 1.2 and above:</strong>
+<P><STRONG>Apache 1.2 and above:</STRONG>
 Extended regular expressions can also be used, with the addition of the
-<code>~</code> character. For example:</p>
+<CODE>~</CODE> character. For example:</P>
 
-<pre>
+<PRE>
    &lt;Directory ~ &quot;^/www/.*/[0-9]{3}&quot;&gt;
-</pre>
+</PRE>
 
-would match directories in /www/ that consisted of three numbers.<p>
+would match directories in /www/ that consisted of three numbers.
 
-<p>If multiple directory sections match the directory (or its parents) containing
+<P>If multiple (non-regular expression) directory sections match the
+directory (or its parents) containing
 a document, then the directives are applied in the order of shortest match
 first, interspersed with the directives from the
 <A HREF="#accessfilename">.htaccess</A> files. For example, with
-<blockquote><code>
-&lt;Directory /&gt;<br>
-AllowOverride None<br>
-&lt;/Directory&gt;<br><br>
-&lt;Directory /home/*&gt;<br>
-AllowOverride FileInfo<br>
-&lt;/Directory&gt;</code></blockquote>
-for access to the document <code>/home/web/dir/doc.html</code> the
+<BLOCKQUOTE><CODE>
+&lt;Directory /&gt;<BR>
+AllowOverride None<BR>
+&lt;/Directory&gt;<BR><BR>
+&lt;Directory /home/*&gt;<BR>
+AllowOverride FileInfo<BR>
+&lt;/Directory&gt;</CODE></BLOCKQUOTE>
+for access to the document <CODE>/home/web/dir/doc.html</CODE> the
 steps are:
-<menu>
-<li>Apply directive <code>AllowOverride None</code> (disabling
-<code>.htaccess</code> files).
-<li>Apply directive <code>AllowOverride FileInfo</code> (for directory
-<code>/home/web</code>).
-<li>Apply any FileInfo directives in <code>/home/web/.htaccess</code>
-</menu>
+<MENU>
+<LI>Apply directive <CODE>AllowOverride None</CODE> (disabling
+<CODE>.htaccess</CODE> files).
+<LI>Apply directive <CODE>AllowOverride FileInfo</CODE> (for directory
+<CODE>/home/web</CODE>).
+<LI>Apply any FileInfo directives in <CODE>/home/web/.htaccess</CODE>
+</MENU>
 
 <P>
+Regular expression directory sections are handled slightly differently
+by Apache 1.2 and 1.3.  In Apache 1.2 they are interspersed with the normal
+directory sections and applied in the order they appear in the configuration
+file.  They are applied only once, and apply when the shortest match
+possible occurs.  In Apache 1.3 regular expressions are not considered
+until after all of the normal sections have been applied.  Then all of
+the regular expressions are tested in the order they appeared in the
+configuration file.  For example, with
+<BLOCKQUOTE><CODE>
+&lt;Directory ~ abc$&gt;<BR>
+... directives here ...<BR>
+&lt;/Directory&gt;<BR>
+</CODE></BLOCKQUOTE>
+Suppose that the filename being accessed is
+<CODE>/home/abc/public_html/abc/index.html</CODE>.  The server
+considers each of <CODE>/</CODE>, <CODE>/home</CODE>, <CODE>/home/abc</CODE>,
+<CODE>/home/abc/public_html</CODE>, and <CODE>/home/abc/public_html/abc</CODE>
+in that order.   In Apache 1.2, when
+<CODE>/home/abc</CODE> is considered, the regular expression will match
+and be applied.  In Apache 1.3 the regular expression isn't considered
+at all at that point in the tree.  It won't be considered until after
+all normal &lt;Directory&gt;s and <CODE>.htaccess</CODE> files have
+been applied.  Then the regular expression will
+match on <CODE>/home/abc/public_html/abc</CODE> and be applied.
+
+<P>
+
 <STRONG>
 Note that the default Apache access for &lt;Directory /&gt; is
 <SAMP>Allow from All</SAMP>.  This means that Apache will serve any file
@@ -359,38 +664,114 @@ page for more details.
 The directory sections typically occur in the access.conf file, but they
 may appear in any configuration file. &lt;Directory&gt; directives cannot
 nest, and cannot appear in a <A HREF="#limit">&lt;Limit&gt;</A> section.
-<p><hr>
+<P>
+
+<STRONG>See also</STRONG>: <A HREF="../sections.html">How Directory,
+Location and Files sections work</A> for an explanation of how these
+different sections are combined when a request is received
+
+<HR>
+
+<H2><A NAME="directorymatch">&lt;DirectoryMatch&gt;</A></H2>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> &lt;DirectoryMatch <EM>regex</EM>&gt;
+ ... &lt;/DirectoryMatch&gt; <BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> Core.<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3 and later
+
+<P>&lt;DirectoryMatch&gt; and &lt;/DirectoryMatch&gt; are used to enclose a
+group of
+directives which will apply only to the named directory and sub-directories
+of that directory, the same as <A
+HREF="#directory">&lt;Directory&gt;</A>. However, it takes as an
+argument a regular expression. For example:</P>
+
+<PRE>
+   &lt;DirectoryMatch &quot;^/www/.*/[0-9]{3}&quot;&gt;
+</PRE>
+
+<P>would match directories in /www/ that consisted of three numbers.</P>
 
-<A NAME="documentroot"><h2>DocumentRoot directive</h2></A>
+<P><STRONG>See Also:</STRONG>
+<A HREF="#directory">&lt;Directory&gt;</A> for a description of how
+regular expressions are mixed in with normal &lt;Directory&gt;s.
+<BR>
+<STRONG>See also</STRONG>: <A HREF="../sections.html">How Directory,
+Location and Files sections work</A> for an explanation of how these
+different sections are combined when a request is received
+
+<HR>
+
+<H2><A NAME="documentroot">DocumentRoot directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt DocumentRoot} directive&gt; -->
-<strong>Syntax:</strong> DocumentRoot <em>directory-filename</em><br>
-<strong>Default:</strong> <code>DocumentRoot
-/usr/local/etc/httpd/htdocs</code><br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> DocumentRoot <EM>directory-filename</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>DocumentRoot
+/usr/local/apache/htdocs</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 This directive sets the directory from which httpd will serve files.
 Unless matched by a directive like Alias, the server appends the path
 from the requested URL to the document root to make the path to the
 document. Example:
-<blockquote><code>DocumentRoot /usr/web</code></blockquote>
-then an access to <code>http://www.my.host.com/index.html</code> refers
-to <code>/usr/web/index.html</code>.
+<BLOCKQUOTE><CODE>DocumentRoot /usr/web</CODE></BLOCKQUOTE>
+then an access to <CODE>http://www.my.host.com/index.html</CODE> refers
+to <CODE>/usr/web/index.html</CODE>.
 
 <P>There appears to be a bug in mod_dir which causes problems when the
-DocumentRoot has a trailing slash (i.e. "DocumentRoot /usr/web/") so
+DocumentRoot has a trailing slash (<EM>i.e.</EM>, "DocumentRoot /usr/web/") so
 please avoid that.
 
-<p><hr>
+<P><HR>
 
-<A name="errordocument"><h2>ErrorDocument directive</h2></A>
+<H2><A NAME="errordocument">ErrorDocument directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt ErrorDocument} directive&gt; -->
-<strong>Syntax:</strong> ErrorDocument <em>error-code document</em><br>
-<strong>Context</strong> server config, virtual host, directory, .htaccess<br>
-<strong>Status:</strong> core<br>
-<strong>Override:</strong> FileInfo<br>
-<strong>Compatibility:</strong> The directory and .htaccess contexts
-are only available in Apache 1.1 and later.<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ErrorDocument <EM>error-code document</EM><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host, directory,
+.htaccess<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Override"
+ REL="Help"
+><STRONG>Override:</STRONG></A> FileInfo<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> The directory and .htaccess contexts
+are only available in Apache 1.1 and later.<P>
 
 In the event of a problem or error, Apache can be configured to do
 one of four things,
@@ -402,496 +783,1383 @@ one of four things,
 <LI>redirect to an external URL to handle the problem/error
 </OL>
 
-<P>The first option is the default, while options 2-4 are configured 
-using the <CODE>ErrorDocument</CODE> directive, which is followed by 
+<P>The first option is the default, while options 2-4 are configured
+using the <CODE>ErrorDocument</CODE> directive, which is followed by
 the HTTP response code and a message or URL.
 
-<P><em>Messages</em> in this context begin with a single quote
-(<code>"</code>), which does not form part of the message itself. 
-Apache will sometimes offer additional information regarding the 
-problem/error. 
+<P><EM>Messages</EM> in this context begin with a single quote
+(<CODE>"</CODE>), which does not form part of the message itself.
+Apache will sometimes offer additional information regarding the
+problem/error.
 
 <P>URLs can begin with a slash (/) for local URLs, or be a full
 URL which the client can resolve. Examples:
-<blockquote><code>
-ErrorDocument 500 http://foo.example.com/cgi-bin/tester<br>
-ErrorDocument 404 /cgi-bin/bad_urls.pl<br>
-ErrorDocument 401 /subscription_info.html<br>
+<BLOCKQUOTE><CODE>
+ErrorDocument 500 http://foo.example.com/cgi-bin/tester<BR>
+ErrorDocument 404 /cgi-bin/bad_urls.pl<BR>
+ErrorDocument 401 /subscription_info.html<BR>
 ErrorDocument 403 "Sorry can't allow you access today
-</code></blockquote>
+</CODE></BLOCKQUOTE>
 
-<P>Note that when you specify an <CODE>ErrorDocument</CODE> that 
-points to a remote URL (ie. anything with a method such as "http" in 
+<P>Note that when you specify an <CODE>ErrorDocument</CODE> that
+points to a remote URL (ie. anything with a method such as "http" in
 front of it) Apache will send a redirect to the client to tell it
-where to find the document, even if the document ends up being 
+where to find the document, even if the document ends up being
 on the same server..  This has several implications, the
 most important being that <STRONG>if you use an "ErrorDocument 401"
 directive then it must refer to a local document.</STRONG>  This results
 from the nature of the HTTP basic authentication scheme.
 
 <P>See Also: <A HREF="../custom-error.html">documentation of customizable
-responses.</A><p><hr>
+responses.</A><P><HR>
 
-<A name="errorlog"><h2>ErrorLog directive</h2></A>
+<H2><A NAME="errorlog">ErrorLog directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt ErrorLog} directive&gt; -->
-<strong>Syntax:</strong> ErrorLog <em>filename</em><br>
-<strong>Default:</strong> <code>ErrorLog logs/error_log</code><br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ErrorLog ><EM>filename</EM>|<CODE>syslog[:facility]</CODE>
+<BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>ErrorLog logs/error_log</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The error log directive sets the name of the file to which the server will log
 any errors it encounters. If the filename does not begin with a slash (/)
 then it is assumed to be relative to the <A HREF="#serverroot">ServerRoot</A>.
-Example:
-<blockquote><code>ErrorLog /dev/null</code></blockquote>
-This effectively turns off error logging.<p>
+If the filename begins with a pipe (|) then it is assumed to be a command to
+spawn to handle the error log.
+
+<P><STRONG>Apache 1.3 and above:</STRONG>
+Using <CODE>syslog</CODE> instead of a filename enables logging via syslogd(8)
+if the system supports it. The default is to use syslog facility
+<CODE>local7</CODE>, but you can override this by using the
+<CODE>syslog:</CODE><EM>facility</EM> syntax where <EM>facility</EM> can be
+one of the names usually documented in syslog(1).
 
-SECURITY: See the <A HREF="../misc/security_tips.html">security tips</A> 
+<P>
+SECURITY: See the
+<A HREF="../misc/security_tips.html#serverroot">security tips</A>
 document for details on why your security could be compromised if
 the directory where logfiles are stored is writable by anyone other
 than the user that starts the server.
 
-<p><hr>
-
-<A name="files"><h2>&lt;Files&gt;</h2></A>
-<strong>Syntax:</strong> &lt;Files <em>filename</em>&gt;
-... &lt;/Files&gt;<br>
-<strong>Context:</strong> server config, virtual host, htaccess<br>
-<strong>Status:</strong> core<br>
-<strong>Compatibility:</strong> only available in Apache
-1.2 and above.<p>
-
-<p>The &lt;Files&gt; directive provides for access control by
-filename. It is comparable to the <a
-href="#directory">&lt;Directory&gt;</a> directive and
-<a href="#location">&lt;Location&gt;</a> directives. It
-should be matched with a &lt;/Files&gt; directive. Directives that
-apply to the filename given should be listed
-within. <code>&lt;Files&gt;</code> sections are processed in the
+<P><STRONG>See also:</STRONG> <A HREF="#loglevel">LogLevel</A>
+<P><HR>
+
+<H2><A NAME="files">&lt;Files&gt; directive</A></H2>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> &lt;Files <EM>filename</EM>&gt;
+... &lt;/Files&gt;<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host, .htaccess<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> only available in Apache
+1.2 and above.<P>
+
+<P>The &lt;Files&gt; directive provides for access control by
+filename. It is comparable to the <A
+HREF="#directory">&lt;Directory&gt;</A> directive and
+<A HREF="#location">&lt;Location&gt;</A> directives. It
+should be matched with a &lt;/Files&gt; directive.  The
+directives given within this section will be applied to any
+object with a basename (last component of filename) matching
+the specified filename.
+<CODE>&lt;Files&gt;</CODE> sections are processed in the
 order they appear in the configuration file, after the
-&lt;Directory&gt; sections and <code>.htaccess</code> files are
-read, but before &lt;Location&gt; sections.</p>
+&lt;Directory&gt; sections and <CODE>.htaccess</CODE> files are
+read, but before &lt;Location&gt; sections.  Note that
+&lt;Files&gt; can be nested inside &lt;Directory&gt;
+sections to restrict the portion of the filesystem they
+apply to.</P>
 
-<p>The <em>filename</em> argument should include a filename, or a 
+<P>The <EM>filename</EM> argument should include a filename, or a
 wild-card string, where `?' matches any single character, and `*' matches any
-sequences of characters. Extended regular expressions can also be used, with the addition of
-the <code>~</code> character. For example:</p>
+sequences of characters. Extended regular expressions can also be used,
+with the addition of
+the <CODE>~</CODE> character. For example:</P>
 
-<pre>
+<PRE>
    &lt;Files ~ &quot;\.(gif|jpe?g|png)$&quot;&gt;
-</pre>
+</PRE>
 
-would match most common Internet graphics formats.
+would match most common Internet graphics formats. In Apache 1.3 and
+later, <A HREF="#filesmatch">&lt;FilesMatch&gt;</A> is preferred,
+however.
 
-<p>Note that unlike <a
-href="#directory"><code>&lt;Directory&gt;</code></a> and <a
-href="#location"><code>&lt;Location&gt;</code></a> sections,
-<code>&lt;Files&gt;</code> sections can be used inside .htaccess
+<P>Note that unlike <A
+HREF="#directory"><CODE>&lt;Directory&gt;</CODE></A> and <A
+HREF="#location"><CODE>&lt;Location&gt;</CODE></A> sections,
+<CODE>&lt;Files&gt;</CODE> sections can be used inside .htaccess
 files. This allows users to control access to their own files, at a
-file-by-file level. When used in an .htaccess file, if the
-<em>filename</em> does not begin with a <code>/</code> character,
-the directory being applied will be prefixed automatically.
+file-by-file level.
+
+<P>
+
+<STRONG>See also</STRONG>: <A HREF="../sections.html">How Directory,
+Location and Files sections work</A> for an explanation of how these
+different sections are combined when a request is received
+
+<HR>
+
+<H2><A NAME="filesmatch">&lt;FilesMatch&gt;</A></H2>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> &lt;FilesMatch <EM>regex</EM>&gt;
+... &lt;/FilesMatch&gt;<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host, .htaccess<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> only available in Apache
+1.3 and above.<P>
+
+<P>The &lt;FilesMatch&gt; directive provides for access control by
+filename, just as the <A HREF="#files">&lt;Files&gt;</A> directive
+does. However, it accepts a regular expression. For example:</P>
+
+<PRE>
+   &lt;FilesMatch &quot;\.(gif|jpe?g|png)$&quot;&gt;
+</PRE>
+
+<P>would match most common Internet graphics formats.</P>
 
-<p> <hr>
+<STRONG>See also</STRONG>: <A HREF="../sections.html">How Directory,
+Location and Files sections work</A> for an explanation of how these
+different sections are combined when a request is received
 
-<A name="group"><h2>Group directive</h2></A>
+<HR>
+
+<H2><A NAME="group">Group directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt Group} directive&gt; -->
-<strong>Syntax:</strong> Group <em>unix-group</em><br>
-<strong>Default:</strong> <code>Group #-1</code><br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> Group <EM>unix-group</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>Group #-1</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The Group directive sets the group under which the server will answer requests.
 In order to use this directive, the stand-alone server must be run initially
-as root. <em>Unix-group</em> is one of:
-<dl>
-<dt>A group name
-<dd>Refers to the given group by name.
-<dt># followed by a group number.
-<dd>Refers to a group by its number.
-</dl>
+as root. <EM>Unix-group</EM> is one of:
+<DL>
+<DT>A group name
+<DD>Refers to the given group by name.
+<DT># followed by a group number.
+<DD>Refers to a group by its number.
+</DL>
 
 It is recommended that you set up a new group specifically for running the
-server. Some admins use user <code>nobody</code>, but this is not always
-possible or desirable.<p>
+server. Some admins use user <CODE>nobody</CODE>, but this is not always
+possible or desirable.<P>
 
 Note: if you start the server as a non-root user, it will fail to change
 to the specified group, and will instead continue to run as the group of the
-original user. <p>
+original user. <P>
 
 Special note: Use of this directive in &lt;VirtualHost&gt; requires a
 properly configured <A HREF="../suexec.html">suEXEC wrapper</A>.
 When used inside a &lt;VirtualHost&gt; in this manner, only the group
 that CGIs are run as is affected.  Non-CGI requests are still processed
-as the group specified in the main Group directive.<p>
+as the group specified in the main Group directive.<P>
 
 SECURITY: See <A HREF="#user">User</A> for a discussion of the security
-considerations.<p><hr>
+considerations.<P><HR>
 
-<A name="hostnamelookups"><h2>HostNameLookups directive</h2></A>
+<H2><A NAME="hostnamelookups">HostNameLookups directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt HostNameLookups} directive&gt; -->
-<strong>Syntax:</strong> HostNameLookups <em>boolean</em><br>
-<strong>Default:</strong> <code>HostNameLookups on</code><br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<p>
-
-This directive enables DNS lookups so that host names can be logged.
-Having this directive set <code>on</code> also enables the use of names
-in &lt;Limit&gt; blocks for access control.<p>
-
-Heavily loaded sites should set this directive <code>off</code>, since DNS
-lookups can take considerable amounts of time. The utility <i>logresolve</i>,
-provided in the <i>/support</i> directory, can be used to look up host names
-from logged IP addresses offline.<p><hr>
-
-<A name="identitycheck"><h2>IdentityCheck directive</h2></A>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> HostNameLookups <EM>on | off | double</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>HostNameLookups off</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host, directory<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> <CODE>double</CODE> available only in
+Apache
+1.3 and above.<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> Default was <CODE>on</CODE> prior to
+Apache 1.3.<P>
+
+This directive enables DNS lookups so that host names can be logged (and
+passed to CGIs/SSIs in <CODE>REMOTE_HOST</CODE>).
+The value <CODE>double</CODE> refers to doing double-reverse DNS.
+That is, after a reverse lookup is performed, a forward lookup is then
+performed on that result.  At least one of the ip addresses in the forward
+lookup must match the original address.  (In "tcpwrappers" terminology
+this is called <CODE>PARANOID</CODE>.)<P>
+
+Regardless of the setting, when <A HREF="mod_access.html">mod_access</A>
+is used for controlling access by hostname, a double reverse lookup
+will be performed.  This is necessary for security.  Note that the
+result of this double-reverse isn't generally available unless
+you set <CODE>HostnameLookups double</CODE>.  For example, if only
+<CODE>HostnameLookups on</CODE> and a request is made to an object that
+is protected by hostname restrictions, regardless of whether the
+double-reverse fails or not, CGIs will still be passed the single-reverse
+result in <CODE>REMOTE_HOST</CODE>.<P>
+
+The default for this directive was previously <CODE>on</CODE> in
+versions of Apache prior to 1.3.  It was changed to <CODE>off</CODE>
+in order to save the network traffic for those sites that don't truly
+need the reverse lookups done.  It is also better for the end users
+because they don't have to suffer the extra latency that a lookup
+entails.
+Heavily loaded sites should leave this directive <CODE>off</CODE>, since DNS
+lookups can take considerable amounts of time. The utility <EM>logresolve</EM>,
+provided in the <EM>/support</EM> directory, can be used to look up host names
+from logged IP addresses offline.<P><HR>
+
+<H2><A NAME="identitycheck">IdentityCheck directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt IdentityCheck} directive&gt; -->
-<strong>Syntax:</strong> IdentityCheck <em>boolean</em><br>
-<strong>Default:</strong> <code>IdentityCheck off</code><br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> IdentityCheck <EM>boolean</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>IdentityCheck off</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host, directory<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 This directive enables RFC1413-compliant logging of the remote user name
 for each connection, where the client machine runs identd or something similar.
-This information is logged in the access log. <em>Boolean</em> is either
-<code>on</code> or <code>off</code>.<p>
+This information is logged in the access log. <EM>Boolean</EM> is either
+<CODE>on</CODE> or <CODE>off</CODE>.<P>
 
 The information should not be trusted in any way except for rudimentary usage
-tracking.<p>
+tracking.<P>
 
 Note that this can cause serious latency problems accessing your server
 since every request requires one of these lookups to be performed.  When
 firewalls are involved each lookup might possibly fail and add 30 seconds
 of latency to each hit.  So in general this is not very useful on public
 servers accessible from the Internet.
-<p><hr>
-
-<A NAME="ifmodule"><H2>&lt;IfModule&gt;</H2></A>
-<b>Syntax:</b> &lt;IfModule [!]<i>module-name</i>&gt; <i>...</i>
-&lt;/IfModule&gt;<br>
-<b>Default:</b> None<br>
-<b>Context:</b> all<br>
-<b>Status:</b> Core
-<strong>Compatibility:</strong> ScriptLog is only available in 1.2 and
+<P><HR>
+
+<H2><A NAME="ifdefine">&lt;IfDefine&gt; directive</A></H2>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> &lt;IfDefine [!]<EM>parameter-name</EM>&gt; <EM>...</EM>
+&lt;/IfDefine&gt;<BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> None<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> all<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> Core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> &lt;IfDefine&gt; is only available in 
+1.3.1 and later.<P>
+
+<P>
+
+The &lt;IfDefine <EM>test</EM>&gt;...&lt;/IfDefine&gt;
+section is used to mark directives that are conditional. The
+directives within an IfDefine section are only
+processed if the <EM>test</EM> is true. If <EM>test</EM>
+is false, everything between the start and end markers
+is ignored.<P>
+
+The <EM>test</EM> in the &lt;IfDefine&gt; section directive
+can be one of two forms:
+
+<UL>
+<LI><EM>parameter-name</EM>
+<LI><CODE>!</CODE><EM>parameter-name</EM>
+</UL>
+
+<P>In the former case, the directives between the start and end markers are
+only processed if the parameter named <EM>parameter-name</EM> is defined.
+The second format reverses the test, and only processes the directives if
+<EM>parameter-name</EM> is <STRONG>not</STRONG> defined.
+
+<P>The <EM>parameter-name</EM> argument is a define as given on the
+<CODE>httpd</CODE> command line via <CODE>-D</CODE><EM>parameter-</EM>, at the
+time the server was started.
+
+<P>&lt;IfDefine&gt; sections are nest-able, which can be used to implement
+simple multiple-parameter tests.
+
+Example:
+
+<PRE>
+  $ httpd -DReverseProxy ...
+
+  # httpd.conf
+  &lt;IfDefine ReverseProxy&gt;
+  LoadModule rewrite_module libexec/mod_rewrite.so
+  LoadModule proxy_module   libexec/libproxy.so
+  &lt;/IfDefine&gt;
+</PRE>
+
+<P> <HR>
+
+<H2><A NAME="ifmodule">&lt;IfModule&gt; directive</A></H2>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> &lt;IfModule [!]<EM>module-name</EM>&gt;
+ <EM>...</EM>
+&lt;/IfModule&gt;<BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> None<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> all<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> Core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> IfModule is only available in 1.2 and
 later.<P>
 
-<p>
+<P>
 
-The &lt;IfModule <i>test</i>&gt;...&lt;/IfModule&gt;
+The &lt;IfModule <EM>test</EM>&gt;...&lt;/IfModule&gt;
 section is used to mark directives that are conditional. The
 directives within an IfModule section are only
-processed if the <i>test</i> is true. If <i>test</i>
+processed if the <EM>test</EM> is true. If <EM>test</EM>
 is false, everything between the start and end markers
-is ignored.<p>
+is ignored.<P>
 
-The <i>test</i> in the &lt;IfModule&gt; section directive
+The <EM>test</EM> in the &lt;IfModule&gt; section directive
 can be one of two forms:
 
-<ul>
-<li><i>module name</i>
-<li>!<i>module name</i>
-</ul>
+<UL>
+<LI><EM>module name</EM>
+<LI>!<EM>module name</EM>
+</UL>
 
-<p>In the former case, the directives between the start and end markers
-are only processed if the module named <i>module name</i> is compiled
+<P>In the former case, the directives between the start and end markers
+are only processed if the module named <EM>module name</EM> is compiled
 in to Apache. The second format reverses the test, and only processes
-the directives if <i>module name</i> is <b>not</b> compiled in.
+the directives if <EM>module name</EM> is <STRONG>not</STRONG> compiled in.
 
-<p>The <i>module name</i> argument is a module name as given as the file
+<P>The <EM>module name</EM> argument is a module name as given as the file
 name of the module, at the time it was compiled. For example,
-<code>mod_rewrite.c</code>.
+<CODE>mod_rewrite.c</CODE>.
 
-<p>&lt;IfModule&gt; sections are nest-able, which can be used to implement
+<P>&lt;IfModule&gt; sections are nest-able, which can be used to implement
 simple multiple-module tests.
 
-<P> <hr>
+<P> <HR>
+
+<H2><A NAME="include">Include directive</A></H2>
+<STRONG>Syntax:</STRONG> Include <EM>filename</EM><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> Core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> Include is only available in Apache 1.3
+and later.
+<P>
+This directive allows inclusion of other configuration files from within the
+server configuration files.
+
+<P> <HR>
 
-<h2><a name="keepalive">KeepAlive</a></h2>
-<strong>Syntax: (Apache 1.1)</strong> KeepAlive <em>max-requests</em><br>
-<strong>Default: (Apache 1.1)</strong> <code>KeepAlive 5</code><br>
-<strong>Syntax: (Apache 1.2)</strong> KeepAlive <em>on/off</em><br>
-<strong>Default: (Apache 1.2)</strong> <code>KeepAlive On</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> Core<br>
-<strong>Compatibility:</strong> KeepAlive is only available in Apache
-1.1 and later.<p>
+<H2><A NAME="keepalive">KeepAlive directive</A></H2>
+<STRONG>Syntax: (Apache 1.1)</STRONG> KeepAlive <EM>max-requests</EM><BR>
+<STRONG>Default: (Apache 1.1)</STRONG> <CODE>KeepAlive 5</CODE><BR>
+<STRONG>Syntax: (Apache 1.2)</STRONG> KeepAlive <EM>on/off</EM><BR>
+<STRONG>Default: (Apache 1.2)</STRONG> <CODE>KeepAlive On</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> Core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> KeepAlive is only available in Apache
+1.1 and later.<P>
 
 This directive enables
-<a href="../keepalive.html">Keep-Alive</a>
+<A HREF="../keepalive.html">Keep-Alive</A>
 support.
 
-<p><strong>Apache 1.1</strong>: Set <em>max-requests</em>
+<P><STRONG>Apache 1.1</STRONG>: Set <EM>max-requests</EM>
 to the maximum number of requests you want Apache to entertain per
 request. A limit is imposed to prevent a client from hogging your
-server resources. Set this to <code>0</code> to disable support.
+server resources. Set this to <CODE>0</CODE> to disable support.
 
-<p><strong>Apache 1.2 and later</strong>: Set to "On" to enable
-persistent connections, "Off" to disable. See also the <a
-href="#maxkeepaliverequests">MaxKeepAliveRequests</a> directive.</p>
+<P><STRONG>Apache 1.2 and later</STRONG>: Set to "On" to enable
+persistent connections, "Off" to disable. See also the <A
+HREF="#maxkeepaliverequests">MaxKeepAliveRequests</A> directive.</P><HR>
 
-<h2><a name="keepalivetimeout">KeepAliveTimeout</a></h2>
-<strong>Syntax:</strong> KeepAliveTimeout <em>seconds</em><br>
-<strong>Default:</strong> <code>KeepAliveTimeout 15</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> Core<br>
-<strong>Compatibility:</strong> KeepAliveTimeout is only available in Apache
-1.1 and later.<p>
+<H2><A NAME="keepalivetimeout">KeepAliveTimeout directive</A></H2>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> KeepAliveTimeout <EM>seconds</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>KeepAliveTimeout 15</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> Core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> KeepAliveTimeout is only available in
+Apache 1.1 and later.<P>
 
 The number of seconds Apache will wait for a subsequent request before
 closing the connection. Once a request has been received, the timeout
-value specified by the <a
-href="#timeout"><code>Timeout</code></a> directive
+value specified by the <A
+HREF="#timeout"><CODE>Timeout</CODE></A> directive
 applies.
-<hr>
-
-<A name="listen"><h2>Listen</h2></A>
-<strong>Syntax:</strong>
-Listen [<em>IP address</em>:]<em>port number</em><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<br>
-<strong>Compatibility:</strong> Listen is only available in Apache
-1.1 and later.<p>
+<HR>
 
-<p>The Listen directive instructs Apache to listen to more than one IP
-address or port; by default it responds to requests on all IP
-interfaces, but only on the port given by the <a href="#port">Port</a>
-directive.</p>
-
-<p><strong>See Also:</strong>
-<a href="../dns-caveats.html">DNS Issues</a><br>
-<strong>See Also:</strong>
-<a href="../bind.html">Setting which addresses and ports Apache uses</a><br>
-<strong>See Also:</strong>
-<a href="../misc/known_bugs.html#listenbug">Known Bugs</a></p>
-<hr>
-
-<A name="limit"><h2>&lt;Limit&gt; directive</h2></A>
+<H2><A NAME="limit">&lt;Limit&gt; directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt Limit} section directive&gt; -->
-<strong>Syntax:</strong>
- &lt;Limit <em>method method</em> ... &gt; ... &lt;/Limit&gt;<br>
-<strong>Context:</strong> any<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A>
+ &lt;Limit <EM>method method</EM> ... &gt; ... &lt;/Limit&gt;<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> any<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 &lt;Limit&gt; and &lt;/Limit&gt; are used to enclose a group of
 access control directives which will then apply only to the specified
-access methods, where <em>method</em> is any valid HTTP method.
+access methods, where <EM>method</EM> is any valid HTTP method.
 Any directive except another &lt;Limit&gt; or
 <A HREF="#directory">&lt;Directory&gt;</A> may be used; the majority will be
 unaffected by the &lt;Limit&gt;. Example:
-<blockquote><code>
-&lt;Limit GET POST&gt;<br>
-require valid-user<br>
-&lt;/Limit&gt;</code></blockquote>
-If an access control directive appears outside a &lt;Limit&gt; directive,
-then it applies to all access methods.<p><hr>
-
-<h2><a name="location">&lt;Location&gt;</a></h2>
-
-<strong>Syntax:</strong> &lt;Location <em>URL</em>&gt;
-... &lt;/Location&gt;<br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<br>
-<strong>Compatibility:</strong> Location is only available in Apache
-1.1 and later.<p>
-
-<p>The &lt;Location&gt; directive provides for access control by
-URL. It is comparable to the <a
-href="#directory">&lt;Directory&gt;</a> directive, and
-should be matched with a &lt;/Location&gt; directive. Directives that
-apply to the URL given should be listed
-within. <code>&lt;Location&gt;</code> sections are processed in the
+<BLOCKQUOTE><CODE>
+&lt;Limit GET POST&gt;<BR>
+require valid-user<BR>
+&lt;/Limit&gt;</CODE></BLOCKQUOTE>
+
+If an access control directive appears outside a &lt;Limit&gt;
+directive, then it applies to all access methods. The method names
+listed can be one or more of: GET, POST, PUT, DELETE, CONNECT or
+OPTIONS. <STRONG>The method name is case-sensitive.</STRONG>
+If GET is used it will also restrict HEAD requests.
+<STRONG>If you wish to limit all methods, do not include any
+&lt;Limit&gt; directive at all.</STRONG>
+
+<P><HR>
+
+<H2><A NAME="limitrequestbody">LimitRequestBody directive</A></H2>
+<!--%plaintext &lt;?INDEX {\tt LimitRequestBody} directive&gt; -->
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> LimitRequestBody <EM>number</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>LimitRequestBody 0</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host, directory,
+.htaccess<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> LimitRequestBody is only available in
+Apache 1.3.2 and later.
+<P>
+
+<EM>Number</EM> is a long integer from 0 (meaning unlimited) to 2147483647
+(2GB).  The default value is defined by the compile-time constant
+<CODE>DEFAULT_LIMIT_REQUEST_BODY</CODE> (0 as distributed).
+<P>
+
+The LimitRequestBody directive allows the user to set a
+limit on the allowed size of an HTTP request message body within
+the context in which the directive is given (server, per-directory,
+per-file or per-location).  If the client request exceeds that limit,
+the server will return an error response instead of servicing the request.
+The size of a normal request message body will vary greatly depending
+on the nature of the resource and the methods allowed on that resource.
+CGI scripts typically use the message body for passing form information
+to the server.  Implementations of the PUT method will require a value
+at least as large as any representation that the server wishes
+to accept for that resource.
+<P>
+
+This directive gives the server administrator greater control over abnormal
+client request behavior, which may be useful for avoiding some forms
+of denial-of-service attacks.
+<P>
+
+<P><HR>
+
+<H2><A NAME="limitrequestfields">LimitRequestFields directive</A></H2>
+<!--%plaintext &lt;?INDEX {\tt LimitRequestFields} directive&gt; -->
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> LimitRequestFields <EM>number</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>LimitRequestFields 100</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> LimitRequestFields is only available in
+Apache 1.3.2 and later.
+<P>
+
+<EM>Number</EM> is an integer from 0 (meaning unlimited) to 32767.
+The default value is defined by the compile-time constant
+<CODE>DEFAULT_LIMIT_REQUEST_FIELDS</CODE> (100 as distributed).
+<P>
+
+The LimitRequestFields directive allows the server administrator to modify
+the limit on the number of request header fields allowed in an HTTP request.
+A server needs this value to be larger than the number of fields that a
+normal client request might include.  The number of request header fields
+used by a client rarely exceeds 20, but this may vary among different
+client implementations, often depending upon the extent to which a user
+has configured their browser to support detailed content negotiation.
+Optional HTTP extensions are often expressed using request header fields.
+<P>
+
+This directive gives the server administrator greater control over abnormal
+client request behavior, which may be useful for avoiding some forms
+of denial-of-service attacks.  The value should be increased if normal
+clients see an error response from the server that indicates too many
+fields were sent in the request.<P>
+
+<P><HR>
+
+<H2><A NAME="limitrequestfieldsize">LimitRequestFieldsize directive</A></H2>
+<!--%plaintext &lt;?INDEX {\tt LimitRequestFieldsize} directive&gt; -->
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> LimitRequestFieldsize <EM>number</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>LimitRequestFieldsize 8190</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> LimitRequestFieldsize is only available in
+Apache 1.3.2 and later.
+<P>
+
+<EM>Number</EM> is an integer size in bytes from 0 to the value of the
+compile-time constant <CODE>DEFAULT_LIMIT_REQUEST_FIELDSIZE</CODE>
+(8190 as distributed).
+<P>
+
+The LimitRequestFieldsize directive allows the server administrator to reduce
+the limit on the allowed size of an HTTP request header field below the
+normal input buffer size compiled with the server.  A server needs this
+value to be large enough to hold any one header field from a normal client
+request.  The size of a normal request header field will vary greatly
+among different client implementations, often depending upon the extent
+to which a user has configured their browser to support detailed
+content negotiation.
+<P>
+
+This directive gives the server administrator greater control over abnormal
+client request behavior, which may be useful for avoiding some forms
+of denial-of-service attacks.  Under normal conditions, the value should
+not be changed from the default.<P>
+
+<P><HR>
+
+<H2><A NAME="limitrequestline">LimitRequestLine directive</A></H2>
+<!--%plaintext &lt;?INDEX {\tt LimitRequestLine} directive&gt; -->
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> LimitRequestLine <EM>number</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>LimitRequestLine 8190</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> LimitRequestLine is only available in
+Apache 1.3.2 and later.
+<P>
+
+<EM>Number</EM> is an integer size in bytes from 0 to the value of the
+compile-time constant <CODE>DEFAULT_LIMIT_REQUEST_LINE</CODE>
+(8190 as distributed).
+<P>
+
+The LimitRequestLine directive allows the server administrator to reduce
+the limit on the allowed size of a client's HTTP request-line below the
+normal input buffer size compiled with the server.  Since the request-line
+consists of the HTTP method, URI, and protocol version, the
+LimitRequestLine directive places a restriction on the length of a
+request-URI allowed for a request on the server.  A server needs this
+value to be large enough to hold any of its resource names, including
+any information that might be passed in the query part of a GET request.
+<P>
+
+This directive gives the server administrator greater control over abnormal
+client request behavior, which may be useful for avoiding some forms
+of denial-of-service attacks.  Under normal conditions, the value should
+not be changed from the default.<P>
+
+<P><HR>
+
+<H2><A NAME="listen">Listen directive</A></H2>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A>
+Listen [<EM>IP address</EM>:]<EM>port number</EM><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> Listen is only available in Apache
+1.1 and later.<P>
+
+<P>The Listen directive instructs Apache to listen to more than one IP
+address or port; by default it responds to requests on all IP
+interfaces, but only on the port given by the <CODE><A
+HREF="#port">Port</A></CODE> directive.</P>
+
+<TT>Listen</TT> can be used instead of <TT><A
+HREF="#bindaddress">BindAddress</A></TT> and <TT>Port</TT>. It tells
+the server to accept incoming requests on the specified port or
+address-and-port combination. If the first format is used, with a port
+number only, the server listens to the given port on all interfaces,
+instead of the port given by the <TT>Port</TT> directive. If an IP
+address is given as well as a port, the server will listen on the
+given port and interface.  <P>
+
+Note that you may still require a <TT>Port</TT> directive so
+that URLs that Apache generates that point to your server still
+work.<P>
+
+Multiple Listen directives may be used
+to specify a number of addresses and ports to listen to. The server
+will respond to requests from any of the listed addresses and
+ports. 
+<P>
+
+For example, to make the server accept connections on both port
+80 and port 8000, use:
+<PRE>
+   Listen 80
+   Listen 8000
+</PRE>
+
+To make the server accept connections on two specified
+interfaces and port numbers, use
+<PRE>
+   Listen 192.170.2.1:80
+   Listen 192.170.2.5:8000
+</PRE>
+
+<P><STRONG>See Also:</STRONG>
+<A HREF="../dns-caveats.html">DNS Issues</A><BR>
+<STRONG>See Also:</STRONG>
+<A HREF="../bind.html">Setting which addresses and ports Apache uses</A><BR>
+<STRONG>See Also:</STRONG>
+<A HREF="http://www.apache.org/info/known_bugs.html#listenbug">Known Bugs</A>
+</P>
+<HR>
+
+<H2><A NAME="listenbacklog">ListenBacklog directive</A></H2>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ListenBacklog <EM>backlog</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>ListenBacklog 511</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> Core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> ListenBacklog is only available in Apache
+versions after 1.2.0.
+
+<P>The maximum length of the queue of pending connections.  Generally no
+tuning is needed or desired, however on some systems it is desirable
+to increase this when under a TCP SYN flood attack.  See
+the backlog parameter to the <CODE>listen(2)</CODE> system call.
+
+<P>This will often be limited to a smaller number by the operating
+system.  This varies from OS to OS.  Also note that many OSes do not
+use exactly what is specified as the backlog, but use a number based on
+(but normally larger than) what is set.
+<HR>
+
+<H2><A NAME="location">&lt;Location&gt; directive</A></H2>
+
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> &lt;Location <EM>URL</EM>&gt;
+... &lt;/Location&gt;<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> Location is only available in Apache
+1.1 and later.<P>
+
+<P>The &lt;Location&gt; directive provides for access control by
+URL. It is similar to the <A
+HREF="#directory">&lt;Directory&gt;</A> directive, and
+starts a subsection which is terminated with a &lt;/Location&gt;
+directive.  <CODE>&lt;Location&gt;</CODE> sections are processed in the
 order they appear in the configuration file, after the
-&lt;Directory&gt; sections and <code>.htaccess</code> files are
-read.</p>
-
-<p>Note that, due to the way HTTP functions, <em>URL prefix</em>
-should, save for proxy requests, be of the form <code>/path/</code>,
-and should not include the <code>http://servername</code>. It doesn't
-necessarily have to protect a directory (it can be an individual
-file, or a number of files), and can include wild-cards.  In a wild-card
-string, `?' matches any single character, and `*' matches any
-sequences of characters.
-
-<p><strong>Apache 1.2 and above:</strong>
+&lt;Directory&gt; sections and <CODE>.htaccess</CODE> files are
+read, and after the &lt;Files&gt; sections.</P>
+
+<P>Note that URLs do not have to line up with the filesystem at all,
+it should be emphasized that &lt;Location&gt; operates completely outside
+the filesystem.
+
+<P>For all origin (non-proxy) requests, the URL to be matched is
+of the form <CODE>/path/</CODE>, and you should not include any
+<CODE>http://servername</CODE> prefix.  For proxy requests, the URL
+to be matched is of the form <CODE>scheme://servername/path</CODE>,
+and you must include the prefix.
+
+<P>The URL may use wildcards In a wild-card string, `?' matches any
+single character, and `*' matches any sequences of characters.
+
+<P><STRONG>Apache 1.2 and above:</STRONG>
 Extended regular expressions can also be used, with the addition of
-the
-<code>~</code> character. For example:</p>
+the <CODE>~</CODE> character.
 
-<pre>
+For example:</P>
+
+<PRE>
    &lt;Location ~ &quot;/(extra|special)/data&quot;&gt;
-</pre>
+</PRE>
 
-<p>would match URLs that contained the substring "/extra/data" or
-"/special/data".</p>
+<P>would match URLs that contained the substring "/extra/data" or
+"/special/data".  In Apache 1.3 and above, a new directive
+<A HREF="#locationmatch">&lt;LocationMatch&gt;</A> exists which
+behaves identical to the regex version of
+<CODE>&lt;Location&gt;</CODE>.
 
-<p>The <code>Location</code> functionality is especially useful when
-combined with the <code><a
-href="mod_mime.html#sethandler">SetHandler</a></code> directive. For example, to enable status requests, but allow them only
+<P>The <CODE>Location</CODE> functionality is especially useful when
+combined with the <CODE><A
+HREF="mod_mime.html#sethandler">SetHandler</A></CODE> directive. For example,
+to enable status requests, but allow them only
 from browsers at foo.com, you might use:
 
-<pre>
+<PRE>
     &lt;Location /status&gt;
     SetHandler server-status
     order deny,allow
     deny from all
     allow from .foo.com
     &lt;/Location&gt;
-</pre>
-<hr>
+</PRE>
+
+<P><STRONG>Apache 1.3 and above note about / (slash)</STRONG>:  The slash
+character has special
+meaning depending on where in a URL it appears.  People may be used
+to its behaviour in the filesystem where multiple adjacent slashes are
+frequently collapsed to a single slash (<EM>i.e.</EM>, <CODE>/home///foo</CODE>
+is the same as <CODE>/home/foo</CODE>).  In URL-space this is not
+necessarily true.  The <CODE>&lt;LocationMatch&gt;</CODE> directive
+and the regex version of <CODE>&lt;Location&gt;</CODE> require you
+to explicitly specify multiple slashes if that is your intention.
+For example, <CODE>&lt;LocationMatch ^/abc&gt;</CODE> would match the
+request URL <CODE>/abc</CODE> but not the request URL <CODE>//abc</CODE>.
+The (non-regex) <CODE>&lt;Location&gt;</CODE> directive behaves
+similarly when used for proxy requests.  But when (non-regex)
+<CODE>&lt;Location&gt;</CODE> is used for non-proxy requests it will
+implicitly match multiple slashes with a single slash.  For example,
+if you specify <CODE>&lt;Location /abc/def&gt;</CODE> and the request
+is to <CODE>/abc//def</CODE> then it will match.
+
+<P>
+<STRONG>See also</STRONG>: <A HREF="../sections.html">How Directory,
+Location and Files sections work</A> for an explanation of how these
+different sections are combined when a request is received
+
+<HR>
+
+<H2><A NAME="locationmatch">&lt;LocationMatch&gt;</A></H2>
 
-<A NAME="lockfile"><H2>LockFile</H2></A>
-<strong>Syntax:</strong> LockFile <em>filename</em><BR>
-<strong>Default:</strong> <code>LockFile logs/accept.lock</code><BR>
-<strong>Context:</strong> server config<BR>
-<strong>Status:</strong> core<P>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> &lt;LocationMatch <EM>regex</EM>&gt;
+... &lt;/LocationMatch&gt;<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> LocationMatch is only available in 
+Apache 1.3 and later.<P>
+
+<P>The &lt;LocationMatch&gt; directive provides for access control by
+URL, in an identical manner to <A
+HREF="#location">&lt;Location&gt;</A>. However, it takes a regular
+expression as an argument instead of a simple string. For example:</P>
+
+<PRE>
+   &lt;LocationMatch &quot;/(extra|special)/data&quot;&gt;
+</PRE>
+
+<P>would match URLs that contained the substring "/extra/data" or
+"/special/data".</P>
+
+<STRONG>See also</STRONG>: <A HREF="../sections.html">How Directory,
+Location and Files sections work</A> for an explanation of how these
+different sections are combined when a request is received
+
+<HR>
+
+<H2><A NAME="lockfile">LockFile directive</A></H2>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> LockFile <EM>filename</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>LockFile logs/accept.lock</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The LockFile directive sets the path to the lockfile used when
 Apache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
 USE_FLOCK_SERIALIZED_ACCEPT.  This directive should normally be
 left at its default value.  The main reason for changing it is if
-the <code>logs</code> directory is NFS mounted, since the lockfile
-should be stored on a local disk if possible.  The PID of the main
-server process is automatically appended to the filename.
+the <CODE>logs</CODE> directory is NFS mounted, since <STRONG>the lockfile
+must be stored on a local disk</STRONG>.  The PID of the main
+server process is automatically appended to the filename. <P>
+
+<STRONG>SECURITY:</STRONG> It is best to avoid putting this file in a 
+world writable directory such as <CODE>/var/tmp</CODE> because someone 
+could create a denial of service attack and prevent the server from
+starting by creating a lockfile with the same name as the one the 
+server will try to create.<P>
+
+<P><HR>
 
+<H2><A NAME="loglevel">LogLevel directive</A></H2>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> LogLevel <EM>level</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>LogLevel error</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> LogLevel is only available in 1.3 or
+later.
+
+<P>LogLevel adjusts the verbosity of the messages recorded in the
+error logs (see <A HREF="#errorlog">ErrorLog</A> directive).
+The following <EM>level</EM>s are available, in order of
+decreasing significance:
+
+<P><TABLE>
+  <TR><TH ALIGN="LEFT"><STRONG>Level</STRONG>
+      <TH ALIGN="LEFT"><STRONG>Description</STRONG>
+  <TR><TH><TH ALIGN="LEFT"><STRONG>Example</STRONG>
+  <TR><TD><CODE>emerg</CODE>
+      <TD>Emergencies - system is unusable.
+  <TR><TD><TD>"Child cannot open lock file.  Exiting"    
+  <TR><TD><CODE>alert</CODE>
+      <TD>Action must be taken immediately.
+  <TR><TD><TD>"getpwuid: couldn't determine user name from uid"
+  <TR><TD><CODE>crit</CODE>
+      <TD>Critical Conditions.
+  <TR><TD><TD>"socket: Failed to get a socket, exiting child"
+  <TR><TD><CODE>error</CODE>
+      <TD>Error conditions.
+  <TR><TD><TD>"Premature end of script headers"
+  <TR><TD><CODE>warn</CODE>
+      <TD>Warning conditions.
+  <TR><TD><TD>"child process 1234 did not exit, sending another SIGHUP"
+  <TR><TD><CODE>notice</CODE>
+      <TD>Normal but significant condition.
+  <TR><TD><TD>"httpd: caught SIGBUS, attempting to dump core in ..."
+  <TR><TD><CODE>info</CODE>
+      <TD>Informational.
+  <TR><TD><TD>"Server seems busy, (you may need to increase StartServers, or
+              Min/MaxSpareServers)..."
+  <TR><TD><CODE>debug</CODE>
+      <TD>Debug-level messages
+  <TR><TD><TD>"Opening config file ..."
+</TABLE>
+
+<P>When a particular level is specified, messages from all other levels
+of higher significance will be reported as well.  <EM>E.g.</EM>, when 
+<CODE>LogLevel info</CODE> is specified, then messages with log levels of
+<CODE>notice</CODE> and <CODE>warn</CODE> will also be posted.
+<P>
+Using a level of at least <CODE>crit</CODE> is recommended.
 <P><HR>
 
-<A name="maxclients"><h2>MaxClients</h2></A>
+<H2><A NAME="maxclients">MaxClients directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt MaxClients} directive&gt; -->
-<strong>Syntax:</strong> MaxClients <em>number</em><br>
-<strong>Default:</strong> <code>MaxClients 256</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> MaxClients <EM>number</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>MaxClients 256</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
-The MaxClients directive sets the limit on the number of simultaneous
+<P>The MaxClients directive sets the limit on the number of simultaneous
 requests that can be supported; not more than this number of child server
-processes will be created.<p><hr>
-
-<A name="maxkeepaliverequests"><h2>MaxKeepAliveRequests</h2></A>
-<strong>Syntax:</strong> MaxKeepAliveRequests <em>number</em><br>
-<strong>Default:</strong> <code>MaxKeepAliveRequests 100</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<br>
-<strong>Compatibility:</strong> Only available in Apache
+processes will be created.  To configure more than 256 clients, you must
+edit the HARD_SERVER_LIMIT entry in httpd.h and recompile.
+
+<P>Any connection attempts over the MaxClients limit will normally
+be queued, up to a number based on the <A HREF="#listenbacklog">
+ListenBacklog</A> directive.  Once a child process is freed at the
+end of a different request, the connection will then be serviced.
+
+<HR>
+
+<H2><A NAME="maxkeepaliverequests">MaxKeepAliveRequests directive</A></H2>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> MaxKeepAliveRequests <EM>number</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>MaxKeepAliveRequests 100</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> Only available in Apache
 1.2 and later.
 
-<p>The MaxKeepAliveRequests directive limits the number of requests
-allowed per connection when <a href="#keepalive">KeepAlive</a> is
-on. If it is set to "<code>0</code>", unlimited requests will be
+<P>The MaxKeepAliveRequests directive limits the number of requests
+allowed per connection when <A HREF="#keepalive">KeepAlive</A> is
+on. If it is set to "<CODE>0</CODE>", unlimited requests will be
 allowed. We recommend that this setting be kept to a high value for
-maximum server performance.
+maximum server performance.</P><HR>
 
-<A name="maxrequestsperchild"><h2>MaxRequestsPerChild directive</h2></A>
+<H2><A NAME="maxrequestsperchild">MaxRequestsPerChild directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt MaxRequestsPerChild} directive&gt; -->
-<strong>Syntax:</strong> MaxRequestsPerChild <em>number</em><br>
-<strong>Default:</strong> <code>MaxRequestsPerChild 0</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> MaxRequestsPerChild <EM>number</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>MaxRequestsPerChild 0</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The MaxRequestsPerChild directive sets the limit on the number of requests
 that an individual child server process will handle. After MaxRequestsPerChild
 requests, the child process will die. If MaxRequestsPerChild is 0, then
-the process will never expire.<p>
+the process will never expire.<P>
 
 Setting MaxRequestsPerChild to a non-zero limit has two beneficial effects:
-<ul>
-<li>it limits the amount of memory that process can consume by (accidental)
+<UL>
+<LI>it limits the amount of memory that process can consume by (accidental)
 memory leakage;
-<li> by giving processes a finite lifetime, it helps reduce the
+<LI> by giving processes a finite lifetime, it helps reduce the
 number of processes when the server load reduces.
-</ul><p><hr>
+</UL>
+
+<P>This directive has no effect on Win32.
+
+<P><HR>
 
-<A name="maxspareservers"><h2>MaxSpareServers directive</h2></A>
+<H2><A NAME="maxspareservers">MaxSpareServers directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt MaxSpareServers} directive&gt; -->
-<strong>Syntax:</strong> MaxSpareServers <em>number</em><br>
-<strong>Default:</strong> <code>MaxSpareServers 10</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> MaxSpareServers <EM>number</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>MaxSpareServers 10</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
-The MaxSpareServers directive sets the desired maximum number of <em>idle</em>
+The MaxSpareServers directive sets the desired maximum number of <EM>idle</EM>
 child server processes. An idle process is one which is not handling
 a request. If there are more than MaxSpareServers idle, then the parent
-process will kill off the excess processes.<p>
+process will kill off the excess processes.<P>
 
 Tuning of this parameter should only be necessary on very busy sites.
-Setting this parameter to a large number is almost always a bad idea.<p>
+Setting this parameter to a large number is almost always a bad idea.<P>
+
+This directive has no effect when used with the Apache Web server on a
+Microsoft Windows platform.
+
+<P>
 
 See also <A HREF="#minspareservers">MinSpareServers</A> and
-<A HREF="#startservers">StartServers</A>.<p><hr>
+<A HREF="#startservers">StartServers</A>.<P><HR>
 
-<A name="minspareservers"><h2>MinSpareServers directive</h2></A>
+<H2><A NAME="minspareservers">MinSpareServers directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt MinSpareServers} directive&gt; -->
-<strong>Syntax:</strong> MinSpareServers <em>number</em><br>
-<strong>Default:</strong> <code>MinSpareServers 5</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> MinSpareServers <EM>number</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>MinSpareServers 5</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
-The MinSpareServers directive sets the desired minimum number of <em>idle</em>
+The MinSpareServers directive sets the desired minimum number of <EM>idle</EM>
 child server processes. An idle process is one which is not handling
 a request. If there are fewer than MinSpareServers idle, then the parent
-process creates new children at a maximum rate of 1 per second.<p>
+process creates new children at a maximum rate of 1 per second.<P>
 
 Tuning of this parameter should only be necessary on very busy sites.
-Setting this parameter to a large number is almost always a bad idea.<p>
+Setting this parameter to a large number is almost always a bad idea.<P>
+
+This directive has no effect on Microsoft Windows.
+
+<P>
 
 See also <A HREF="#maxspareservers">MaxSpareServers</A> and
-<A HREF="#startservers">StartServers</A>.<p><hr>
+<A HREF="#startservers">StartServers</A>.<P><HR>
+
+<H2><A NAME="namevirtualhost">NameVirtualHost directive</A></H2>
+<!--%plaintext &lt;?INDEX {\tt NameVirtualHost} directive&gt; -->
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> NameVirtualHost <EM>addr</EM>[:<EM>port</EM>]<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> NameVirtualHost is only available in
+Apache 1.3 and later<P>
+
+The NameVirtualHost directive is a required directive if you want to configure
+<A HREF="../vhosts/index.html">name-based virtual hosts</A>.<P>
+
+Although <EM>addr</EM> can be hostname it is recommended that you always use
+an IP address, <EM>e.g.</EM>
 
-<A name="options"><h2>Options directive</h2></A>
+<BLOCKQUOTE><CODE>NameVirtualHost 111.22.33.44</CODE></BLOCKQUOTE>
+
+With the NameVirtualHost directive you specify the address to which your
+name-based virtual host names resolve.  If you have multiple name-based
+hosts on multiple addresses, repeat the directive for each address.<P>
+
+Note: the "main server" and any _default_ servers will <STRONG>never</STRONG>
+be served for a request to a NameVirtualHost IP Address (unless for some
+reason you specify NameVirtualHost but then don't define any VirtualHosts
+for that address).<P>
+
+Optionally you can specify a port number on which the name-based
+virtual hosts should be used, <EM>e.g.</EM>
+
+<BLOCKQUOTE><CODE>NameVirtualHost 111.22.33.44:8080</CODE></BLOCKQUOTE>
+
+<STRONG>See also:</STRONG>
+<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A>
+<HR>
+<H2><A NAME="options">Options directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt Options} directive&gt; -->
-<strong>Syntax:</strong> Options <em>[+|-]option [+|-]option ...</em><br>
-<strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
-<strong>Override:</strong> Options<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> Options <EM>[+|-]option [+|-]option ...</EM><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host, directory,
+.htaccess<BR>
+<A
+ HREF="directive-dict.html#Override"
+ REL="Help"
+><STRONG>Override:</STRONG></A> Options<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The Options directive controls which server features are available in
-a particular directory. 
-<p>
-<em>option</em> can be set to <code>None</code>, in which case none of
+a particular directory.
+<P>
+<EM>option</EM> can be set to <CODE>None</CODE>, in which case none of
 the extra features are enabled, or one or more of the following:
-<dl>
-<dt>All
-<dd>All options except for MultiViews.
-<dt>ExecCGI
-<dd>
+<DL>
+<DT>All
+<DD>All options except for MultiViews. This is the default setting.
+<DT>ExecCGI
+<DD>
 <!--%plaintext &lt;?INDEX {\tt ExecCGI} option&gt; -->
 Execution of CGI scripts is permitted.
-<dt>FollowSymLinks
-<dd>
+<DT>FollowSymLinks
+<DD>
 <!--%plaintext &lt;?INDEX {\tt FollowSymLinks} option&gt; -->
 The server will follow symbolic links in this directory.
-<b>Note</b>: even though the server follows the symlink it does <i>not</i>
-change the pathname used to match against <code>&lt;Directory&gt;</code>
+<BR>
+<STRONG>Note</STRONG>: even though the server follows the symlink it
+does <EM>not</EM>
+change the pathname used to match against <CODE>&lt;Directory&gt;</CODE>
 sections.
-<dt>Includes
-<dd>
+<BR>
+<STRONG>Note</STRONG>: this option gets ignored if set inside a
+&lt;Location&gt; section.
+
+<DT>Includes
+<DD>
 <!--%plaintext &lt;?INDEX {\tt Includes} option&gt; -->
 Server-side includes are permitted.
-<dt>IncludesNOEXEC
-<dd>
+<DT>IncludesNOEXEC
+<DD>
 <!--%plaintext &lt;?INDEX {\tt IncludesNOEXEC} option&gt; -->
 Server-side includes are permitted, but the #exec command and
 #include of CGI scripts are disabled.
-<dt>Indexes
-<dd>
+<DT>Indexes
+<DD>
 <!--%plaintext &lt;?INDEX {\tt Indexes} option&gt; -->
 If a URL which maps to a directory is requested, and the there is no
-DirectoryIndex (e.g. index.html) in that directory, then the server will
+DirectoryIndex (<EM>e.g.</EM>, index.html) in that directory, then the server will
 return a formatted listing of the directory.
-<dt>MultiViews
-<dd>
+<DT>MultiViews
+<DD>
 <!--%plaintext &lt;?INDEX {\tt MultiViews} option&gt; -->
 <A HREF="../content-negotiation.html">Content negotiated</A> MultiViews are
 allowed.
-<dt>SymLinksIfOwnerMatch
-<dd>
+<DT>SymLinksIfOwnerMatch
+<DD>
 <!--%plaintext &lt;?INDEX {\tt SymLinksIfOwnerMatch} option&gt; -->
 The server will only follow symbolic links for which the target
 file or directory is owned by the same user id as the link.
-</dl>
+<BR>
+<STRONG>Note</STRONG>: this option gets ignored if set inside a
+&lt;Location&gt; section.
+</DL>
 
-Normally, if multiple <code>Options</code> could apply to a directory,
+Normally, if multiple <CODE>Options</CODE> could apply to a directory,
 then the most specific one is taken complete; the options are not
-merged. However if <i>all</i> the options on the <code>Options</code>
+merged. However if <EM>all</EM> the options on the <CODE>Options</CODE>
 directive are preceded by a + or - symbol, the options are
 merged. Any options preceded by a + are added to the options
 currently in force, and any options preceded by a - are removed from
@@ -899,257 +2167,404 @@ the options currently in force.  <P>
 
 For example, without any + and - symbols:
 
-<blockquote><code>
-&lt;Directory /web/docs&gt; <br>
-Options Indexes FollowSymLinks<br>
-&lt;/Directory&gt;<br>
-&lt;Directory /web/docs/spec&gt; <br>
-Options Includes<br>
+<BLOCKQUOTE><CODE>
+&lt;Directory /web/docs&gt; <BR>
+Options Indexes FollowSymLinks<BR>
+&lt;/Directory&gt;<BR>
+&lt;Directory /web/docs/spec&gt; <BR>
+Options Includes<BR>
 &lt;/Directory&gt;
-</code></blockquote>
-then only <code>Includes</code> will be set for the /web/docs/spec
-directory. However if the second <code>Options</code> directive uses the +
-and - symbols:<p>
-
-<blockquote><code>
-&lt;Directory /web/docs&gt; <br>
-Options Indexes FollowSymLinks<br>
-&lt;/Directory&gt;<br>
-&lt;Directory /web/docs/spec&gt; <br>
-Options +Includes -Indexes<br>
+</CODE></BLOCKQUOTE>
+then only <CODE>Includes</CODE> will be set for the /web/docs/spec
+directory. However if the second <CODE>Options</CODE> directive uses the +
+and - symbols:<P>
+
+<BLOCKQUOTE><CODE>
+&lt;Directory /web/docs&gt; <BR>
+Options Indexes FollowSymLinks<BR>
+&lt;/Directory&gt;<BR>
+&lt;Directory /web/docs/spec&gt; <BR>
+Options +Includes -Indexes<BR>
 &lt;/Directory&gt;
-</code></blockquote>
-then the options <code>FollowSymLinks</code> and <code>Includes</code>
-are set for the /web/docs/spec directory.
-<hr>
+</CODE></BLOCKQUOTE>
+then the options <CODE>FollowSymLinks</CODE> and <CODE>Includes</CODE>
+are set for the /web/docs/spec directory.<P>
 
-<A name="pidfile"><h2>PidFile directive</h2></A>
+<STRONG>Note:</STRONG> Using <CODE>-IncludesNOEXEC</CODE> or
+<CODE>-Includes</CODE>
+disables server-side includes completely regardless of the previous setting.<P>
+
+The default in the absence of any other settings is <CODE>All</CODE>.<P>
+<HR>
+
+<H2><A NAME="pidfile">PidFile directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt PidFile} directive&gt; -->
-<strong>Syntax:</strong> PidFile <em>filename</em><br>
-<strong>Default:</strong> <code>PidFile logs/httpd.pid</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> PidFile <EM>filename</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>PidFile logs/httpd.pid</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The PidFile directive sets the file to which the server records the
 process id of the daemon. If the filename does not begin with a slash (/)
 then it is assumed to be relative to the <A HREF="#serverroot">ServerRoot</A>.
-The PidFile is only used in <A HREF="#servertype">standalone</A> mode.<p>
+The PidFile is only used in <A HREF="#servertype">standalone</A> mode.<P>
 
 It is often useful to be able to send the server a signal, so that it closes
 and then reopens its <A HREF="#errorlog">ErrorLog</A> and TransferLog, and
 re-reads its configuration files. This is done by sending a SIGHUP (kill -1)
-signal to the process id listed in the PidFile.<p>
+signal to the process id listed in the PidFile.<P>
 
 The PidFile is subject to the same warnings about log file placement and
-<a href="../misc/security_tips.html">security</a>.
+<A HREF="../misc/security_tips.html#serverroot">security</A>.
 
-<p><hr>
+<P><HR>
 
-<A name="port"><h2>Port directive</h2></A>
+<H2><A NAME="port">Port directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt Port} directive&gt; -->
-<strong>Syntax:</strong> Port <em>number</em><br>
-<strong>Default:</strong> <code>Port 80</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> Port <EM>number</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>Port 80</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
-<em>Number</em> is a number from 0 to 65535; some port numbers (especially below
-1024) are reserved for particular protocols. See <code>/etc/services</code>
+<EM>Number</EM> is a number from 0 to 65535; some port numbers
+(especially below
+1024) are reserved for particular protocols. See <CODE>/etc/services</CODE>
 for a list of some defined ports; the standard port for the http protocol
-is 80.<p>
+is 80.<P>
 
 The Port directive has two behaviors, the first of which is necessary for
 NCSA backwards compatibility (and which is confusing in the context of
-Apache).<p>
-
-<ul>
-<li>
-In the absence of any <a href="#listen">Listen</a> or
-<a href="#bindaddress">BindAddress</a> directives specifying a port number,
-the Port directive sets the network port on which the server listens.
+Apache).<P>
+
+<UL>
+<LI>
+In the absence of any <A HREF="#listen">Listen</A> or
+<A HREF="#bindaddress">BindAddress</A> directives specifying a port number,
+a Port directive given in the "main server"
+(<EM>i.e.</EM>, outside any <A HREF="#virtualhost">&lt;VirtualHost&gt</A> section)
+sets the network port on which the server listens.
 If there are any Listen or BindAddress directives specifying
-<code>:number</code> then Port has no effect on what address the server
+<CODE>:number</CODE> then Port has no effect on what address the server
 listens at.
 
-<li>The Port directive
-sets the <code>SERVER_PORT</code> environment variable (for
-<a href="mod_cgi.html">CGI</a> and <a href="mod_include.html">SSI</a>),
+<LI>The Port directive
+sets the <CODE>SERVER_PORT</CODE> environment variable (for
+<A HREF="mod_cgi.html">CGI</A> and <A HREF="mod_include.html">SSI</A>),
 and is used when the server must generate a URL that refers to itself
-(for example when creating an external redirect to itself).  
-</ul>
+(for example when creating an external redirect to itself).  This
+behaviour is modified by
+<A HREF="#usecanonicalname">UseCanonicalName</A>.
+</UL>
 
 In no event does a Port setting affect
-what ports a <a href="#virtualhost">VirtualHost</a> responds on, the
-VirtualHost directive itself is used for that.<p>
+what ports a <A HREF="#virtualhost">VirtualHost</A> responds on, the
+VirtualHost directive itself is used for that.<P>
 
 The primary behaviour of Port should be considered to be similar to that of
-the <a href="#servername">ServerName</a> directive.  The ServerName
-and Port together specify what you consider to be the <i>canonical</i>
-address of the server.<p>
+the <A HREF="#servername">ServerName</A> directive.  The ServerName
+and Port together specify what you consider to be the <EM>canonical</EM>
+address of the server.
+(See also <A HREF="#usecanonicalname">UseCanonicalName</A>.)<P>
 
 Port 80 is one of Unix's special ports. All ports numbered
-below 1024 are reserved for system use, i.e. regular (non-root) users cannot
+below 1024 are reserved for system use, <EM>i.e.</EM>, regular (non-root) users cannot
 make use of them; instead they can only use higher port numbers.
 To use port 80, you must start the server from the root account.
 After binding to the port and before accepting requests, Apache will change
-to a low privileged user as set by the <A HREF="#user">User directive</A>.<p>
+to a low privileged user as set by the <A HREF="#user">User directive</A>.<P>
 
 If you cannot use port 80, choose any other unused port. Non-root users
-will have to choose a port number higher than 1023, such as 8000.<p>
+will have to choose a port number higher than 1023, such as 8000.<P>
 
 SECURITY: if you do start the server as root, be sure
 not to set <A HREF="#user">User</A> to root. If you run the server as
 root whilst handling connections, your site may be open to a major security
-attack.<p><hr>
+attack.<P><HR>
 
-<A name="require"><h2>require directive</h2></A>
+<H2><A NAME="require">require directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt require} directive&gt; -->
-<strong>Syntax:</strong> require <em>entity-name entity entity...</em><br>
-<strong>Context:</strong> directory, .htaccess<br>
-<strong>Override:</strong> AuthConfig<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> require <EM>entity-name entity entity...</EM><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
+<A
+ HREF="directive-dict.html#Override"
+ REL="Help"
+><STRONG>Override:</STRONG></A> AuthConfig<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 This directive selects which authenticated users can access a directory.
 The allowed syntaxes are:
-<ul>
-<li>require user <em>userid userid ...</em><p>
-Only the named users can access the directory.<p>
-<li>require group <em>group-name group-name ...</em><p>
-Only users in the named groups can access the directory.<p>
-<li>require valid-user<p>
+<UL>
+<LI>require user <EM>userid userid ...</EM><P>
+Only the named users can access the directory.<P>
+<LI>require group <EM>group-name group-name ...</EM><P>
+Only users in the named groups can access the directory.<P>
+<LI>require valid-user<P>
 All valid users can access the directory.
-</ul>
-<p>
-If <code>require</code> appears in a <A HREF="#limit">&lt;Limit&gt;</A>
+</UL>
+<P>
+If <CODE>require</CODE> appears in a <A HREF="#limit">&lt;Limit&gt;</A>
 section, then it restricts access to the named methods, otherwise
 it restricts access for all methods. Example:
-<blockquote><code>
-AuthType Basic<br>
-AuthName somedomain<br>
-AuthUserFile /web/users<br>
-AuthGroupFile /web/groups<br>
-&lt;Limit GET POST&gt;<br>
-require group admin<br>
+<BLOCKQUOTE><CODE>
+AuthType Basic<BR>
+AuthName somedomain<BR>
+AuthUserFile /web/users<BR>
+AuthGroupFile /web/groups<BR>
+&lt;Limit GET POST&gt;<BR>
+require group admin<BR>
 &lt;/Limit&gt;
-</code></blockquote>
+</CODE></BLOCKQUOTE>
 
 Require must be accompanied by <A HREF="#authname">AuthName</A> and
 <A HREF="#authtype">AuthType</A> directives, and directives such as
 <A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and
 <A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> (to define users and
-groups) in order to work correctly.<p><hr>
+groups) in order to work correctly.<P><HR>
 
-<A name="resourceconfig"><h2>ResourceConfig directive</h2></A>
+<H2><A NAME="resourceconfig">ResourceConfig directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt ResourceConfig} directive&gt; -->
-<strong>Syntax:</strong> ResourceConfig <em>filename</em><br>
-<strong>Default:</strong> <code>ResourceConfig conf/srm.conf</code><br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ResourceConfig <EM>filename</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>ResourceConfig conf/srm.conf</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The server will read this file for more directives after reading the
-httpd.conf file. <em>Filename</em> is relative to the
+httpd.conf file. <EM>Filename</EM> is relative to the
 <A HREF="#serverroot">ServerRoot</A>.
 This feature can be disabled using:
-<blockquote><code>ResourceConfig /dev/null</code></blockquote>
+<BLOCKQUOTE><CODE>ResourceConfig /dev/null</CODE></BLOCKQUOTE>
 Historically, this file contained most directives except for server
 configuration directives and <A HREF="#directory">&lt;Directory&gt;</A>
 sections; in fact it can now contain any server directive allowed in the
-<em>server config</em> context.<p>
+<EM>server config</EM> context.<P>
 
-See also <A HREF="#accessconfig">AccessConfig</A>.<p><hr>
+See also <A HREF="#accessconfig">AccessConfig</A>.<P><HR>
 
-<A name="rlimit"> </A>
-<A name="rlimitcpu"><h2>RLimitCPU directive</h2></A>
+<H2><A NAME="rlimit">RLimitCPU</A> <A NAME="rlimitcpu">directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt RLimitCPU} directive&gt; -->
-<strong>Syntax:</strong> RLimitCPU <em># or 'max'</em> <em>[# or 'max']</em><br>
-<strong>Default:</strong> <code>Unset uses operating system defaults</code><br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<br>
-<strong>Compatibility:</strong> RLimitCPU is only available in Apache 1.2 and later<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> RLimitCPU <EM># or 'max'</EM>
+ <EM>[# or 'max']</EM>
+<BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <EM>Unset; uses operating system defaults</EM>
+<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> RLimitCPU is only available in Apache 1.2
+and later<P>
 
-Takes 1 or 2 parameters. The first parameter sets the soft resource limit for all
-processes and the second parameter sets the maximum resource limit. Either parameter
-can be a number, or <em>max</em> to indicate to the server that the limit should
-be set to the maximum allowed by the operating system configuration. Raising the
-maximum resource limit requires that the server is running as root, or in the initial
-startup phase.<p>
+Takes 1 or 2 parameters. The first parameter sets the soft resource limit
+for all processes and the second parameter sets the maximum resource limit.
+Either parameter can be a number, or <EM>max</EM> to indicate to the server
+that the limit should be set to the maximum allowed by the operating system
+configuration. Raising the maximum resource limit requires that the server
+is running as root, or in the initial startup phase.<P>
 
-CPU resource limits are expressed in seconds per process.<p>
+CPU resource limits are expressed in seconds per process.<P>
 
-See also <A HREF="#rlimitmem">RLimitMEM</A> or <A HREF="#rlimitnproc">RLimitNPROC</A>.<p><hr>
+See also <A HREF="#rlimitmem">RLimitMEM</A> or
+<A HREF="#rlimitnproc">RLimitNPROC</A>.<P><HR>
 
-<A name="rlimitmem"><h2>RLimitMEM directive</h2></A>
+<H2><A NAME="rlimitmem">RLimitMEM directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt RLimitMEM} directive&gt; -->
-<strong>Syntax:</strong> RLimitMEM <em># or 'max'</em> <em>[# or 'max']</em><br>
-<strong>Default:</strong> <code>Unset uses operating system defaults</code><br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<br>
-<strong>Compatibility:</strong> RLimitMEM is only available in Apache 1.2 and later<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> RLimitMEM <EM># or 'max'</EM>
+ <EM>[# or 'max']</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <EM>Unset; uses operating system defaults</EM>
+<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> RLimitMEM is only available in Apache 1.2
+and later<P>
 
-Takes 1 or 2 parameters. The first parameter sets the soft resource limit for all
-processes and the second parameter sets the maximum resource limit. Either parameter
-can be a number, or <em>max</em> to indicate to the server that the limit should
-be set to the maximum allowed by the operating system configuration. Raising the
-maximum resource limit requires that the server is running as root, or in the initial
-startup phase.<p>
+Takes 1 or 2 parameters. The first parameter sets the soft resource limit for
+all processes and the second parameter sets the maximum resource limit. Either
+parameter can be a number, or <EM>max</EM> to indicate to the server that the
+limit should be set to the maximum allowed by the operating system
+configuration. Raising the maximum resource limit requires that the
+server is running as root, or in the initial startup phase.<P>
 
-Memory resource limits are expressed in bytes per process.<p>
+Memory resource limits are expressed in bytes per process.<P>
 
-See also <A HREF="#rlimitcpu">RLimitCPU</A> or <A HREF="#rlimitnproc">RLimitNPROC</A>.<p><hr>
+See also <A HREF="#rlimitcpu">RLimitCPU</A> or
+<A HREF="#rlimitnproc">RLimitNPROC</A>.<P><HR>
 
-<A name="rlimitnproc"><h2>RLimitNPROC directive</h2></A>
+<H2><A NAME="rlimitnproc">RLimitNPROC directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt RLimitNPROC} directive&gt; -->
-<strong>Syntax:</strong> RLimitNPROC <em># or 'max'</em> <em>[# or 'max']</em><br>
-<strong>Default:</strong> <code>Unset uses operating system defaults</code><br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<br>
-<strong>Compatibility:</strong> RLimitNPROC is only available in Apache 1.2 and later<p>
-
-Takes 1 or 2 parameters. The first parameter sets the soft resource limit for all
-processes and the second parameter sets the maximum resource limit. Either parameter
-can be a number, or <em>max</em> to indicate to the server that the limit should
-be set to the maximum allowed by the operating system configuration. Raising the
-maximum resource limit requires that the server is running as root, or in the initial
-startup phase.<p>
-
-Process limits control the number of processes per user.<p>
-
-Note: If CGI processes are <b>not</b> running under userids other than the
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> RLimitNPROC <EM># or 'max'</EM>
+ <EM>[# or 'max']</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <EM>Unset; uses operating system defaults</EM>
+<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> RLimitNPROC is only available in Apache
+1.2 and later<P>
+
+Takes 1 or 2 parameters. The first parameter sets the soft resource limit
+for all processes and the second parameter sets the maximum resource limit.
+Either parameter can be a number, or <EM>max</EM> to indicate to the server
+that the limit should be set to the maximum allowed by the operating system
+configuration. Raising the maximum resource limit requires that the server
+is running as root, or in the initial startup phase.<P>
+
+Process limits control the number of processes per user.<P>
+
+Note: If CGI processes are <STRONG>not</STRONG> running under userids other
+than the
 web server userid, this directive will limit the number of processes that the
 server itself can create. Evidence of this situation will be indicated by
-<b><em>cannot fork</em></b> messages in the error_log.<p>
+<STRONG><EM>cannot fork</EM></STRONG> messages in the error_log.<P>
 
-See also <A HREF="#rlimitmem">RLimitMEM</A> or <A HREF="#rlimitcpu">RLimitCPU</A>.
+See also <A HREF="#rlimitmem">RLimitMEM</A> or
+<A HREF="#rlimitcpu">RLimitCPU</A>.
 
-<p><hr>
+<P><HR>
 
-<A name="satisfy"><h2>Satisfy</h2></A>
+<H2><A NAME="satisfy">Satisfy directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt Satisfy} directive&gt; -->
-<strong>Syntax:</strong> Satisfy <em>'any' or 'all'</em><br>
-<strong>Default:</strong> Satisfy all<br>
-<strong>Context:</strong> directory, .htaccess<br>
-<strong>Status:</strong> core<br>
-<strong>Compatibility:</strong> Satisfy is only available in Apache 1.2 and later<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> Satisfy <EM>'any' or 'all'</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> Satisfy all<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> Satisfy is only available in Apache 1.2
+and later<P>
 
 Access policy if both allow and require used. The parameter can be
-either <em>'all'</em> or <em>'any'</em>. This directive is only useful
+either <EM>'all'</EM> or <EM>'any'</EM>. This directive is only useful
 if access to a particular area is being restricted by both
-username/password <i>and</i> client host address. In this case the
+username/password <EM>and</EM> client host address. In this case the
 default behavior ("all") is to require that the client passes the
-address access restriction <i>and</i> enters a valid username and
+address access restriction <EM>and</EM> enters a valid username and
 password. With the "any" option the client will be granted access if
 they either pass the host restriction or enter a valid username and
 password. This can be used to password restrict an area, but to let
 clients from particular addresses in without prompting for a password.
 
 
-<p><hr>
+<P><HR>
 
-<A name="scoreboardfile"><h2>ScoreBoardFile directive</h2></A>
+<H2><A NAME="scoreboardfile">ScoreBoardFile directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt ScoreBoardFile} directive&gt; -->
-<strong>Syntax:</strong> ScoreBoardFile <em>filename</em><br>
-<strong>Default:</strong> <code>ScoreBoardFile logs/apache_status</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ScoreBoardFile <EM>filename</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>ScoreBoardFile logs/apache_status</CODE>
+<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The ScoreBoardFile directive is required on some architectures to place
 a file that the server will use to communicate between its children and
@@ -1157,169 +2572,414 @@ the parent.  The easiest way to find out if your architecture requires
 a scoreboard file is to run Apache and see if it creates the file named
 by the directive.  If your architecture requires it then you must ensure
 that this file is not used at the same time by more than one invocation
-of Apache.<p>
+of Apache.<P>
 
 If you have to use a ScoreBoardFile then you may see improved speed by
 placing it on a RAM disk.  But be careful that you heed the same warnings
 about log file placement and
-<a href="../misc/security_tips.html">security</a>.<p>
+<A HREF="../misc/security_tips.html">security</A>.<P>
 
-Apache 1.2 and above:<p>
+Apache 1.2 and above:<P>
 
-Linux 1.x users might be able to add <code>-DHAVE_SHMGET</code> to
-the <code>EXTRA_CFLAGS</code> in your <code>Configuration</code>.  This
+Linux 1.x users might be able to add
+<CODE>-DHAVE_SHMGET -DUSE_SHMGET_SCOREBOARD</CODE> to
+the <CODE>EXTRA_CFLAGS</CODE> in your <CODE>Configuration</CODE>.  This
 might work with some 1.x installations, but won't work with all of
-them.<p>
+them. (Prior to 1.3b4, <CODE>HAVE_SHMGET</CODE> would have sufficed.)<P>
 
-SVR4 users should consider adding <code>-DHAVE_SHMGET</code> to the
-<code>EXTRA_CFLAGS</code> in your <code>Configuration</code>.  This
+SVR4 users should consider adding
+<CODE>-DHAVE_SHMGET -DUSE_SHMGET_SCOREBOARD</CODE> to the
+<CODE>EXTRA_CFLAGS</CODE> in your <CODE>Configuration</CODE>.  This
 is believed to work, but we were unable to test it in time for 1.2
-release.<p>
+release. (Prior to 1.3b4, <CODE>HAVE_SHMGET</CODE> would have sufficed.)<P>
 
-<strong>See Also</strong>:
-<a href="../stopping.html">Stopping and Restarting Apache</a></p>
+<STRONG>See Also</STRONG>:
+<A HREF="../stopping.html">Stopping and Restarting Apache</A></P>
 
-<p><hr>
+<P><HR>
 
-<A name="sendbuffersize"><h2>SendBufferSize directive</h2></A>
+<H2><A NAME="sendbuffersize">SendBufferSize directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt SendBufferSize} directive&gt; -->
-<strong>Syntax:</strong> SendBufferSize <em>bytes</em><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> SendBufferSize <EM>bytes</EM><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The server will set the TCP buffer size to the number of bytes
 specified. Very useful to increase past standard OS defaults on high
-speed high latency (i.e. 100ms or so, such as transcontinental
+speed high latency (<EM>i.e.</EM>, 100ms or so, such as transcontinental
 fast pipes)
-<p><hr>
+<P><HR>
 
-<A name="serveradmin"><h2>ServerAdmin directive</h2></A>
+<H2><A NAME="serveradmin">ServerAdmin directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt ServerAdmin} directive&gt; -->
-<strong>Syntax:</strong> ServerAdmin <em>email-address</em><br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ServerAdmin <EM>email-address</EM><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The ServerAdmin sets the e-mail address that the server includes in any
-error messages it returns to the client.<p>
+error messages it returns to the client.<P>
 
-It may be worth setting up a dedicated address for this, e.g.
-<blockquote><code>ServerAdmin www-admin@foo.bar.com</code></blockquote>
-as users do not always mention that they are talking about the server!<p><hr>
+It may be worth setting up a dedicated address for this, <EM>e.g.</EM>
+<BLOCKQUOTE><CODE>ServerAdmin www-admin@foo.bar.com</CODE></BLOCKQUOTE>
+as users do not always mention that they are talking about the server!<P><HR>
 
-<A name="serveralias"><h2>ServerAlias directive</h2></A>
+<H2><A NAME="serveralias">ServerAlias directive</A></H2>
 
-<strong>Syntax:</strong> ServerAlias <em>host1 host2 ...</em><br>
-<strong>Context:</strong> virtual host<br>
-<strong>Status:</strong> core<br>
-<strong>Compatibility:</strong> ServerAlias is only available in Apache
-1.1 and later.<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ServerAlias <EM>host1 host2 ...</EM><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> ServerAlias is only available in Apache
+1.1 and later.<P>
 
 The ServerAlias directive sets the alternate names for a host, for use
 with
-<a href="../host.html">Host-header based virtual hosts</a>.
-<p><strong>See Also</strong>:
-<a href="../vhosts-in-depth.html">In-depth description of Virtual Host matching</a></p>
+<A HREF="../vhosts/name-based.html">name-based virtual hosts</A>.
+
+<P><STRONG>See also:</STRONG>
+<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A>
 
-<hr>
+<HR>
 
-<A name="servername"><h2>ServerName directive</h2></A>
+<H2><A NAME="servername">ServerName directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt ServerName} directive&gt; -->
-<strong>Syntax:</strong> ServerName <em>fully-qualified domain name</em><br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ServerName <EM>fully-qualified domain name</EM>
+<BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The ServerName directive sets the hostname of the server; this is only
 used when creating redirection URLs. If it is not specified, then the
 server attempts to deduce it from its own IP address; however this may
 not work reliably, or may not return the preferred hostname. For example:
-<blockquote><code>ServerName www.wibble.com</code></blockquote>
+<BLOCKQUOTE><CODE>ServerName www.wibble.com</CODE></BLOCKQUOTE>
 would be used if the canonical (main) name of the actual machine
-were <code>monster.wibble.com</code>.<p>
-<p><strong>See Also</strong>:
-<a href="../dns-caveats.html">DNS Issues</a></p>
-<hr>
+were <CODE>monster.wibble.com</CODE>.<P>
+<P><STRONG>See Also</STRONG>:<BR>
+<A HREF="../dns-caveats.html">DNS Issues</A><BR>
+<A HREF="#usecanonicalname">UseCanonicalName</A><BR>
+</P>
+<HR>
 
-<A name="serverpath"><h2>ServerPath directive</h2></A>
+<H2><A NAME="serverpath">ServerPath directive</A></H2>
 
-<strong>Syntax:</strong> ServerPath <em>pathname</em><br>
-<strong>Context:</strong> virtual host<br>
-<strong>Status:</strong> core<br>
-<strong>Compatibility:</strong> ServerPath is only available in Apache
-1.1 and later.<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ServerPath <EM>pathname</EM><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> ServerPath is only available in Apache
+1.1 and later.<P>
 
 The ServerPath directive sets the legacy URL pathname for a host, for
-use with <a href="../host.html">Host-header based virtual hosts</a>.
-<p><strong>See Also</strong>:
-<a href="../vhosts-in-depth.html">In-depth description of Virtual Host matching</a></p>
-<hr>
+use with <A HREF="../vhosts/index.html">name-based virtual hosts</A>.
 
-<A name="serverroot"><h2>ServerRoot directive</h2></A>
+<P><STRONG>See also:</STRONG>
+<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A>
+
+<HR>
+
+<H2><A NAME="serverroot">ServerRoot directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt ServerRoot} directive&gt; -->
-<strong>Syntax:</strong> ServerRoot <em>directory-filename</em><br>
-<strong>Default:</strong> <code>ServerRoot /usr/local/etc/httpd</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ServerRoot <EM>directory-filename</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>ServerRoot /usr/local/apache</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The ServerRoot directive sets the directory in which the server lives.
-Typically it will contain the subdirectories <code>conf/</code> and
-<code>logs/</code>. Relative paths for other configuration files are taken
-as relative to this directory.<br>
-See also <a href="../invoking.html">the <code>-d</code> option to httpd</a>.<p><hr>
+Typically it will contain the subdirectories <CODE>conf/</CODE> and
+<CODE>logs/</CODE>. Relative paths for other configuration files are taken
+as relative to this directory.<P>
+
+See also <A HREF="../invoking.html">the <CODE>-d</CODE> option to httpd</A>.<P>
+See also <A HREF="../misc/security_tips.html#serverroot">the security tips</A>
+for information on how to properly set permissions on the ServerRoot.<P>
 
-<A name="servertype"><h2>ServerType directive</h2></A>
+<HR>
+
+<H2><A NAME="serversignature">ServerSignature directive</A></H2>
+<!--%plaintext &lt;?INDEX {\tt ServerSignature} directive&gt; -->
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ServerSignature <EM>Off | On | EMail</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>ServerSignature Off</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host, directory,
+.htaccess<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> ServerSignature is only available in
+Apache
+1.3 and later.<P>
+
+The ServerSignature directive allows the configuration of a trailing
+footer line under server-generated documents (error messages,
+mod_proxy ftp directory listings, mod_info output, ...). The reason
+why you would want to enable such a footer line is that in a chain
+of proxies, the user often has no possibility to tell which of the
+chained servers actually produced a returned error message.<BR>
+The <SAMP>Off</SAMP> setting, which is the default, suppresses the
+error line (and is therefore compatible with the behavior of
+Apache-1.2 and below). The <SAMP>On</SAMP> setting simply adds a
+line with the server version number and <A
+HREF="#servername">ServerName</A> of the serving virtual host, and
+the <SAMP>EMail</SAMP> setting additionally creates a "mailto:"
+reference to the <A HREF="#serveradmin">ServerAdmin</A> of the
+referenced document.
+
+<HR>
+
+<H2><A NAME="servertokens">ServerTokens directive</A></H2>
+<!--%plaintext &lt;?INDEX {\tt ServerTokens} directive&gt; -->
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ServerTokens <EM>Minimal|OS|Full</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>ServerTokens Full</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config <BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> ServerTokens is only available
+ in Apache 1.3 and later
+
+<P>
+This directive controls whether <SAMP>Server</SAMP> response header
+field which is sent back to clients includes a description of the generic
+OS-type of the server as well as information about compiled-in modules.
+</P>
+<DL>
+ <DT><CODE>ServerTokens Min[imal]</CODE>
+ </DT>
+ <DD>Server sends (<EM>e.g.</EM>): <SAMP>Server: Apache/1.3.0</SAMP>
+ </DD>
+ <DT><CODE>ServerTokens OS</CODE>
+ </DT>
+ <DD>Server sends (<EM>e.g.</EM>): <SAMP>Server: Apache/1.3.0 (Unix)</SAMP>
+ </DD>
+ <DT><CODE>ServerTokens Full</CODE> (or not specified)
+ </DT>
+ <DD>Server sends (<EM>e.g.</EM>): <SAMP>Server: Apache/1.3.0 (Unix) PHP/3.0
+  MyMod/1.2</SAMP>
+ </DD>
+</DL>
+<P>
+This setting applies to the entire server, and cannot be enabled or
+disabled on a virtualhost-by-virtualhost basis.
+</P>
+
+<HR>
+
+<H2><A NAME="servertype">ServerType directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt ServerType} directive&gt; -->
-<strong>Syntax:</strong> ServerType <em>type</em><br>
-<strong>Default:</strong> <code>ServerType standalone</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ServerType <EM>type</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>ServerType standalone</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The ServerType directive sets how the server is executed by the system.
-<em>Type</em> is one of
-<dl>
-<dt>inetd
-<dd>The server will be run from the system process inetd; the command to start
-the server is added to <code>/etc/inetd.conf</code>
-<dt>standalone
-<dd>The server will run as a daemon process; the command to start the server
-is added to the system startup scripts. (<code>/etc/rc.local</code> or
-<code>/etc/rc3.d/...</code>.)
-</dl>
+<EM>Type</EM> is one of
+<DL>
+<DT>inetd
+<DD>The server will be run from the system process inetd; the command to start
+the server is added to <CODE>/etc/inetd.conf</CODE>
+<DT>standalone
+<DD>The server will run as a daemon process; the command to start the server
+is added to the system startup scripts. (<CODE>/etc/rc.local</CODE> or
+<CODE>/etc/rc3.d/...</CODE>.)
+</DL>
 
 Inetd is the lesser used of the two options. For each http
 connection received, a new copy of the server is started from scratch;
 after the connection is complete, this program exits. There is a high price to
 pay per connection, but for security reasons, some admins prefer this option.
-<p>
+<FONT COLOR="red">Inetd mode is no longer recommended and does not always
+work properly.  Avoid it if at all possible.</FONT>
+<P>
 
 Standalone is the most common setting for ServerType since
 it is far more efficient. The server is started once, and services all
 subsequent connections. If you intend running Apache to serve a busy site,
-standalone will probably be your only option.<p>
-
-SECURITY: if you are paranoid about security, run in inetd mode. Security
-cannot be guaranteed in either, but whilst most people are happy to use
-standalone, inetd is probably least prone to attack.<p><hr>
-
-<A name="startservers"><h2>StartServers directive</h2></A>
+standalone will probably be your only option.<P>
+<HR>
+<H2><A NAME="startservers">StartServers directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt StartServers} directive&gt; -->
-<strong>Syntax:</strong> StartServers <em>number</em><br>
-<strong>Default:</strong> <code>StartServers 5</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> StartServers <EM>number</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>StartServers 5</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The StartServers directive sets the number of child server processes created
 on startup. As the number of processes is dynamically controlled depending
-on the load, there is usually little reason to adjust this parameter.<p>
+on the load, there is usually little reason to adjust this parameter.<P>
+
+<P>When running under Microsoft Windows, this directive has no effect.
+   There is always one child which handles all requests. Within the
+   child requests are handled by separate threads. The
+   <A HREF="#threadsperchild">ThreadsPerChild</A> directive controls 
+   the maximum number of child threads handling requests, which will
+   have a similar effect to the setting of <SAMP>StartServers</SAMP>
+   on Unix.
+
+<P>
 
 See also <A HREF="#minspareservers">MinSpareServers</A> and
-<A HREF="#maxspareservers">MaxSpareServers</A>.<p><hr>
+<A HREF="#maxspareservers">MaxSpareServers</A>.<P><HR>
 
-<A name="timeout"><h2>TimeOut directive</h2></A>
+<H2><A NAME="threadsperchild">ThreadsPerChild</A></H2>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ThreadsPerChild <EM>number</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>ThreadsPerChild 50</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core (Windows)<BR>
+<STRONG>Compatibility:</STRONG> Available only with Apache 1.3 and later
+with Windows
+
+<P>This directive tells the server how many threads it should use. This
+   is the maximum number of connections the server can handle at once; be
+   sure and set this number high enough for your site if you get a lot of
+   hits.
+
+<P>This directive has no effect on Unix systems.  Unix users should look
+   at <A HREF="#startservers">StartServers</A> and <A
+   HREF="#maxrequestsperchild">MaxRequestsPerChild</A>.</P>
+
+<HR>
+
+<H2><A NAME="timeout">TimeOut directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt TimeOut} directive&gt; -->
-<strong>Syntax:</strong> TimeOut <em>number</em><br>
-<strong>Default:</strong> <code>TimeOut 300</code><br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> TimeOut <EM>number</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>TimeOut 300</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The TimeOut directive currently defines the amount of time Apache will
 wait for three things:
@@ -1328,7 +2988,7 @@ wait for three things:
   <LI>The total amount of time it takes to receive a GET request.
   <LI>The amount of time between receipt of TCP packets on a POST or
       PUT request.
-  <LI>The amount of time between ACKs on transmissions of TCP packets 
+  <LI>The amount of time between ACKs on transmissions of TCP packets
       in responses.
 </OL>
 
@@ -1339,119 +2999,213 @@ situations.  It is not set any lower by default because there may
 still be odd places in the code where the timer is not reset when
 a packet is sent.
 
-<p><hr>
+<P><HR>
+
+<H2><A NAME="usecanonicalname">UseCanonicalName directive</A></H2>
+<!--%plaintext &lt;?INDEX {\tt UseCanonicalName} directive&gt; -->
+<A HREF="directive-dict.html#Syntax" REL="Help">
+<STRONG>Syntax:</STRONG></A> UseCanonicalName <EM>on|off</EM><BR>
+<A HREF="directive-dict.html#Default" REL="Help">
+<STRONG>Default:</STRONG></A> <CODE>UseCanonicalName on</CODE><BR>
+<A HREF="directive-dict.html#Context" REL="Help">
+<STRONG>Context:</STRONG></A> server config, virtual host, directory, .htaccess
+<BR>
+<A HREF="directive-dict.html#Override" REL="Help">
+<STRONG>Override:</STRONG></A> AuthConfig<BR>
+<A HREF="directive-dict.html#Compatibility" REL="Help">
+<STRONG>Compatibility:</STRONG></A> UseCanonicalName is only available in
+Apache 1.3 and later<P>
+
+In many situations Apache has to construct a <EM>self-referential</EM>
+URL.  That is, a URL which refers back to the same server.
+With <CODE>UseCanonicalName on</CODE> (and in all versions prior to
+1.3) Apache will use the <A HREF="#servername">ServerName</A> and <A
+HREF="#port">Port</A> directives to construct a canonical name for the
+server.  This name is used in all self-referential URLs, and for the
+values of <CODE>SERVER_NAME</CODE> and <CODE>SERVER_PORT</CODE> in CGIs.
+
+<P>With <CODE>UseCanonicalName off</CODE> Apache will form
+self-referential URLs using the hostname and port supplied
+by the client if any are supplied (otherwise it will use the
+canonical name).  These values are the same that are used to
+implement <A HREF="../vhosts/name-based.html">name based virtual
+hosts</A>, and are available with the same clients.  The CGI variables
+<CODE>SERVER_NAME</CODE> and <CODE>SERVER_PORT</CODE> will be constructed
+from the client supplied values as well.
+
+<P>An example where this may be useful is on an intranet server where
+you have users connecting to the machine using short names such as
+<CODE>www</CODE>.  You'll notice that if the users type a shortname,
+and a URL which is a directory, such as <CODE>http://www/splat</CODE>,
+<EM>without the trailing slash</EM> then Apache will redirect them to
+<CODE>http://www.domain.com/splat/</CODE>.  If you have authentication
+enabled, this will cause the user to have to reauthenticate twice (once
+for <CODE>www</CODE> and once again for <CODE>www.domain.com</CODE>).
+But if <CODE>UseCanonicalName</CODE> is set off, then Apache will redirect
+to <CODE>http://www/splat/</CODE>.
+
+<P><STRONG>Warning:</STRONG> if CGIs make assumptions about the values of
+<CODE>SERVER_NAME</CODE> they may be broken by this option.  The client
+is essentially free to give whatever value they want as a hostname.
+But if the CGI is only using <CODE>SERVER_NAME</CODE> to construct
+self-referential URLs then it should be just fine.
+
+<P><STRONG>See also:</STRONG>
+<A HREF="#servername">ServerName</A>,
+<A HREF="#port">Port</A>
+
+<P><HR>
 
-<A name="user"><h2>User directive</h2></A>
+<H2><A NAME="user">User directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt User} directive&gt; -->
-<strong>Syntax:</strong> User <em>unix-userid</em><br>
-<strong>Default:</strong> <code>User #-1</code><br>
-<strong>Context:</strong> server config, virtual host<br>
-<strong>Status:</strong> core<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> User <EM>unix-userid</EM><BR>
+<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>User #-1</CODE><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config, virtual host<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<P>
 
 The User directive sets the userid as which the server will answer requests.
 In order to use this directive, the standalone server must be run initially
-as root. <em>Unix-userid</em> is one of:
-<dl>
-<dt>A username
-<dd>Refers to the given user by name.
-<dt># followed by a user number.
-<dd>Refers to a user by their number.
-</dl>
+as root. <EM>Unix-userid</EM> is one of:
+<DL>
+<DT>A username
+<DD>Refers to the given user by name.
+<DT># followed by a user number.
+<DD>Refers to a user by their number.
+</DL>
 
 The user should have no privileges which result in it being able to access
 files which are not intended to be visible to the outside world, and
 similarly, the user should not be able to execute code which is not
 meant for httpd requests. It is recommended that you set up a new user and
 group specifically for running the server. Some admins use user
-<code>nobody</code>, but this is not always possible or desirable.<p>
+<CODE>nobody</CODE>, but this is not always possible or desirable.
+For example mod_proxy's cache, when enabled, must be accessible to this user
+(see the <A HREF="mod_proxy.html#cacheroot"><CODE>CacheRoot</CODE>
+directive</A>).<P>
 
 Notes: If you start the server as a non-root user, it will fail to change
 to the lesser privileged user, and will instead continue to run as
 that original user. If you do start the server as root, then it is normal
-for the parent process to remain running as root.<p>
+for the parent process to remain running as root.<P>
 
 Special note: Use of this directive in &lt;VirtualHost&gt; requires a
 properly configured <A HREF="../suexec.html">suEXEC wrapper</A>.
 When used inside a &lt;VirtualHost&gt; in this manner, only the user
 that CGIs are run as is affected.  Non-CGI requests are still processed
-with the user specified in the main User directive.<p>
+with the user specified in the main User directive.<P>
 
 SECURITY: Don't set User (or <A HREF="#group">Group</A>) to
-<code>root</code> unless you know exactly what you are doing, and what the
-dangers are.<p><hr>
+<CODE>root</CODE> unless you know exactly what you are doing, and what the
+dangers are.<P><HR>
 
-<A name="virtualhost"><h2>&lt;VirtualHost&gt; directive</h2></A>
+<H2><A NAME="virtualhost">&lt;VirtualHost&gt; directive</A></H2>
 <!--%plaintext &lt;?INDEX {\tt VirtualHost} section directive&gt; -->
-<strong>Syntax:</strong> &lt;VirtualHost <em>addr</em>[:<em>port</em>] ...&gt; ...
-&lt;/VirtualHost&gt; <br>
-<strong>Context:</strong> server config<br>
-<strong>Status:</strong> Core.<br>
-<strong>Compatibility:</strong> Non-IP address-based Virtual Hosting only
-available in Apache 1.1 and later.<br>
-<strong>Compatibility:</strong> Multiple address support only available in
-Apache 1.2 and later.<p>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> &lt;VirtualHost <EM>addr</EM>[:<EM>port</EM>]
+ ...&gt; ...
+&lt;/VirtualHost&gt; <BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config<BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> Core.<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> Non-IP address-based Virtual Hosting only
+available in Apache 1.1 and later.<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> Multiple address support only available in
+Apache 1.2 and later.<P>
 
 &lt;VirtualHost&gt; and &lt;/VirtualHost&gt; are used to enclose a group of
 directives which will apply only to a particular virtual host.
-Any directive which is allowed in a virtual host context may be used. 
+Any directive which is allowed in a virtual host context may be used.
 When the server receives a request for a document on a particular virtual
 host, it uses the configuration directives enclosed in the &lt;VirtualHost&gt;
-section. <em>Addr</em> can be
-<menu>
-<li>The IP address of the virtual host
-<li>A fully qualified domain name for the IP address of the virtual host.
-</menu> Example:
-<blockquote>
-<code>
-&lt;VirtualHost 10.1.2.3&gt; <br>
-ServerAdmin webmaster@host.foo.com <br>
-DocumentRoot /www/docs/host.foo.com <br>
-ServerName host.foo.com <br>
-ErrorLog logs/host.foo.com-error_log <br>
-TransferLog logs/host.foo.com-access_log <br>
+section. <EM>Addr</EM> can be
+<MENU>
+<LI>The IP address of the virtual host
+<LI>A fully qualified domain name for the IP address of the virtual host.
+</MENU> Example:
+<BLOCKQUOTE>
+<CODE>
+&lt;VirtualHost 10.1.2.3&gt; <BR>
+ServerAdmin webmaster@host.foo.com <BR>
+DocumentRoot /www/docs/host.foo.com <BR>
+ServerName host.foo.com <BR>
+ErrorLog logs/host.foo.com-error_log <BR>
+TransferLog logs/host.foo.com-access_log <BR>
 &lt;/VirtualHost&gt;
-</code></blockquote>
+</CODE></BLOCKQUOTE>
 
-Each VirtualHost must correspond to a different IP address or a
+Each VirtualHost must correspond to a different IP address, different port
+number or a
 different host name for the server, in the latter case the server
 machine must be configured to accept IP packets for multiple
 addresses. (If the machine does not have multiple network interfaces,
-then this can be accomplished with the <code>ifconfig alias</code>
+then this can be accomplished with the <CODE>ifconfig alias</CODE>
 command (if your OS supports it), or with kernel patches like <A
-HREF="../misc/vif-info.html">VIF</A> (for SunOS(TM) 4.1.x)).<p>
+HREF="../misc/vif-info.html">VIF</A> (for SunOS(TM) 4.1.x)).<P>
 
-The special name <code>_default_</code> can be specified in which case
+The special name <CODE>_default_</CODE> can be specified in which case
 this virtual host will match any IP address that is not explicitly listed
 in another virtual host.  In the absence of any _default_ virtual host
 the "main" server config, consisting of all those definitions outside
-any VirtualHost section, is used when no match occurs.<p>
+any VirtualHost section, is used when no match occurs.<P>
 
-You can specify a <code>:port</code> to change the port that is matched.
+You can specify a <CODE>:port</CODE> to change the port that is matched.
 If unspecified then it defaults to the same port as the most recent
-<code><a href="#port">Port</a></code> statement of the main server.  You
-may also specify <code>:*</code> to match all ports on that address.
-(This is recommended when used with <code>_default_</code>.)<p>
+<CODE><A HREF="#port">Port</A></CODE> statement of the main server.  You
+may also specify <CODE>:*</CODE> to match all ports on that address.
+(This is recommended when used with <CODE>_default_</CODE>.)<P>
 
-<strong>SECURITY</strong>: See the
-<A HREF="../misc/security_tips.html">security tips</A> 
+<STRONG>SECURITY</STRONG>: See the
+<A HREF="../misc/security_tips.html">security tips</A>
 document for details on why your security could be compromised if
 the directory where logfiles are stored is writable by anyone other
 than the user that starts the server.
 
-<p><strong>See also:</strong>
-<A HREF="../dns-caveats.html">Warnings about DNS and Apache</a><br>
-<strong>See also:</strong>
-<A HREF="../virtual-host.html">Information on Virtual Hosts.
-(multihome)</A><br>
-<strong>See also:</strong>
-<a href="../host.html">Non-IP address-based Virtual Hosts</a><br>
-<strong>See also:</strong>
-<a href="../vhosts-in-depth.html">In-depth description of Virtual Host matching</a>
-</p>
+<P><STRONG>NOTE</STRONG>: The use of &lt;VirtualHost&gt; does
+<STRONG>not</STRONG> affect what addresses Apache listens on. You may
+need to ensure that Apache is listening on the correct addresses using
+either <A HREF="#bindaddress">BindAddress</A> or <A
+HREF="#listen">Listen</A>.
+
+<P><STRONG>See also:</STRONG>
+<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A><BR>
+<STRONG>See also:</STRONG>
+<A HREF="../dns-caveats.html">Warnings about DNS and Apache</A><BR>
+<STRONG>See also:</STRONG>
+<A HREF="../bind.html">Setting which addresses and ports Apache uses</A><BR>
+<STRONG>See also</STRONG>: <A HREF="../sections.html">How Directory,
+Location and Files sections work</A> for an explanation of how these
+different sections are combined when a request is received
+</P>
 
 <HR>
+
 <H3 ALIGN="CENTER">
- Apache HTTP Server Version 1.2
+ Apache HTTP Server Version 1.3
 </H3>
 
 <A HREF="./"><IMG SRC="../images/index.gif" ALT="Index"></A>
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html b/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html
index aacc963d3af..f4091df25da 100644
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html
+++ b/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html
@@ -476,7 +476,16 @@ IndexIgnore README .htaccess *~
 <A
  HREF="directive-dict.html#Syntax"
  REL="Help"
-><STRONG>Syntax:</STRONG></A> IndexOptions <EM>option option ...</EM><BR>
+><STRONG>Syntax:</STRONG></A> IndexOptions <EM>option option ...</EM>
+ (Apache 1.3.2 and earlier)
+<BR>
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> IndexOptions <EM>[+|-]option [+|-]option
+ ...</EM>
+ (Apache 1.3.3 and later)
+<BR>
 <A
  HREF="directive-dict.html#Context"
  REL="Help"
@@ -493,12 +502,20 @@ IndexIgnore README .htaccess *~
 <A
  HREF="directive-dict.html#Module"
  REL="Help"
-><STRONG>Module:</STRONG></A> mod_autoindex<P>
+><STRONG>Module:</STRONG></A> mod_autoindex
+<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> '+/-' syntax and merging of multiple
+ <SAMP>IndexOptions</SAMP> directives is only available with
+ Apache 1.3.3 and later
+<P>
 
 The IndexOptions directive specifies the behavior of the directory indexing.
 <EM>Option</EM> can be one of
 <DL>
-<DT>FancyIndexing
+<DT><A NAME="indexoptions:fancyindexing">FancyIndexing</A>
 <DD><!--%plaintext &lt;?INDEX {\tt FancyIndexing} index option&gt; -->
 This turns on fancy indexing of directories.
 <BLOCKQUOTE>
@@ -511,7 +528,7 @@ This turns on fancy indexing of directories.
  is combined with any <SAMP>IndexOptions</SAMP> directive already
  specified for the current scope.</STRONG>
 </BLOCKQUOTE>
-<DT>IconHeight[=pixels] (<EM>Apache 1.3 and later</EM>)
+<DT><A NAME="indexoptions:iconheight">IconHeight[=pixels] (<EM>Apache 1.3 and later</EM>)</A>
 <DD>
 <!--%plaintext &lt;?INDEX {\tt IconHeight} index option&gt; -->
 Presence of this option, when used with IconWidth, will cause the server
@@ -521,12 +538,12 @@ precalculate the page layout without having to wait until all the
 images have been loaded.  If no value is given for the option, it
 defaults to the standard height of the icons supplied with the Apache
 software.
-<DT>IconsAreLinks
+<DT><A NAME="indexoptions:iconsarelinks">IconsAreLinks</A>
 <DD>
 <!--%plaintext &lt;?INDEX {\tt IconsAreLinks} index option&gt; -->
 This makes the icons part of the anchor for the filename, for
 fancy indexing.
-<DT>IconWidth[=pixels] (<EM>Apache 1.3 and later</EM>)
+<DT><A NAME="indexoptions:iconwidth">IconWidth[=pixels] (<EM>Apache 1.3 and later</EM>)</A>
 <DD>
 <!--%plaintext &lt;?INDEX {\tt IconWidth} index option&gt; -->
 Presence of this option, when used with IconHeight, will cause the server
@@ -536,19 +553,19 @@ precalculate the page layout without having to wait until all the
 images have been loaded.  If no value is given for the option, it
 defaults to the standard width of the icons supplied with the Apache
 software.
-<DT>NameLength=[<EM>n</EM> | *] (<EM>Apache 1.3.2 and later</EM>)
+<DT><A NAME="indexoptions:namewidth">NameWidth=[<EM>n</EM> | *] (<EM>Apache 1.3.2 and later</EM>)</A>
 <DD>
-The NameLength keyword allows you to specify the width of the
+The NameWidth keyword allows you to specify the width of the
 filename column in bytes.  If the keyword value is '<SAMP>*</SAMP>',
 then the column is automatically sized to the length of the longest
 filename in the display.
-<DT>ScanHTMLTitles
+<DT><A NAME="indexoptions:scanhtmltitles">ScanHTMLTitles</A>
 <DD><!--%plaintext &lt;?INDEX {\tt ScanHTMLTitles} index option&gt; -->
 This enables the extraction of the title from HTML documents for fancy
 indexing. If the file does not have a description given by
 <A HREF="#adddescription">AddDescription</A> then httpd will read the
 document for the value of the TITLE tag.  This is CPU and disk intensive.
-<DT>SuppressColumnSorting
+<DT><A NAME="indexoptions:suppresscolumnsorting">SuppressColumnSorting</A>
 <DD>
 <!--%plaintext &lt;?INDEX {\tt SuppressColumnSorting} index option&gt; -->
 If specified, Apache will not make the column headings in a FancyIndexed
@@ -556,11 +573,11 @@ directory listing into links for sorting.  The default behaviour is
 for them to be links; selecting the column heading will sort the directory
 listing by the values in that column.
 <STRONG>Only available in Apache 1.3 and later.</STRONG>
-<DT>SuppressDescription
+<DT><A NAME="indexoptions:suppressdescription">SuppressDescription</A>
 <DD>
 <!--%plaintext &lt;?INDEX {\tt SuppressDescription} index option&gt; -->
 This will suppress the file description in fancy indexing listings.
-<DT>SuppressHTMLPreamble
+<DT><A NAME="indexoptions:suppresshtmlpreamble">SuppressHTMLPreamble</A>
 <DD>
 <!--%plaintext &lt;?INDEX {\tt SuppressHTMLPreamble} index option&gt; -->
 If the directory actually contains a file specified by the
@@ -573,17 +590,25 @@ cetera</EM>).  The SuppressHTMLPreamble option disables this behaviour,
 causing the module to start the display with the header file contents.
 The header file must contain appropriate HTML instructions in this case.
 If there is no header file, the preamble is generated as usual.
-<DT>SuppressLastModified
+<DT><A NAME="indexoptions:suppresslastmodified">SuppressLastModified</A>
 <DD>
 <!--%plaintext &lt;?INDEX {\tt SuppressLastModified} index option&gt; -->
 This will suppress the display of the last modification date, in fancy
 indexing listings.
-<DT>SuppressSize
+<DT><A NAME="indexoptions:suppresssize">SuppressSize</A>
 <DD>
 <!--%plaintext &lt;?INDEX {\tt SuppressSize} index option&gt; -->
 This will suppress the file size in fancy indexing listings.
 </DL>
-This default is that no options are enabled. If multiple IndexOptions
+<P>
+There are some noticeable differences in the behaviour of this
+directive in recent (post-1.3.0) versions of Apache.
+</P>
+<DL>
+<DT>Apache 1.3.2 and earlier:</DT>
+<DD>
+<P>
+The default is that no options are enabled. If multiple IndexOptions
 could apply to a directory, then the most specific one is taken complete;
 the options are not merged. For example:
 <BLOCKQUOTE><CODE>
@@ -595,7 +620,52 @@ IndexOptions ScanHTMLTitles <BR>
 &lt;/Directory&gt;
 </CODE></BLOCKQUOTE>
 then only <CODE>ScanHTMLTitles</CODE> will be set for the /web/docs/spec
-directory.<P><HR>
+directory.
+</P>
+</DD>
+<DT>Apache 1.3.3 and later:</DT>
+<DD>
+<P>
+Apache 1.3.3 introduced some significant changes in the handling of
+<SAMP>IndexOptions</SAMP> directives.  In particular,
+</P>
+<UL>
+ <LI>Multiple <SAMP>IndexOptions</SAMP> directives for a single
+  directory are now merged together.  The result of the example above
+  will now be the equivalent of
+  <CODE>IndexOptions&nbsp;FancyIndexing&nbsp;ScanHTMLTitles</CODE>.
+ </LI>
+ <LI>The addition of the incremental syntax (<EM>i.e.</EM>, prefixing
+  keywords with '+' or '-').
+ </LI>
+</UL>
+<P>
+Whenever a '+' or '-' prefixed keyword is encountered, it is applied
+to the current <SAMP>IndexOptions</SAMP> settings (which may have been
+inherited from an upper-level directory).  However, whenever an unprefixed
+keyword is processed, it clears all inherited options and any incremental
+settings encountered so far.  Consider the following example:
+</P>
+<BLOCKQUOTE><CODE>IndexOptions +ScanHTMLTitles -IconsAreLinks FancyIndexing
+<BR>
+IndexOptions +SuppressSize
+<BR>
+</CODE></BLOCKQUOTE>
+<P>
+The net effect is equivalent to
+<CODE>IndexOptions&nbsp;FancyIndexing&nbsp;+SuppressSize</CODE>, because
+the unprefixed <CODE>FancyIndexing</CODE> discarded the incremental
+keywords before it, but allowed them to start accumulating again
+afterward.
+</P>
+<P>
+To unconditionally set the <CODE>IndexOptions</CODE> for a
+particular directory, clearing the inherited settings, specify
+keywords without either '+' or '-' prefixes.
+</P>
+</DD>
+</DL>
+<HR>
 
 <H2><A NAME="readmename">ReadmeName</A></H2>
 <!--%plaintext &lt;?INDEX {\tt ReadmeName} directive&gt; -->
diff --git a/usr.sbin/httpd/htdocs/manual/new_features_1_3.html b/usr.sbin/httpd/htdocs/manual/new_features_1_3.html
index 8e955ceefc2..0963caa9d90 100644
--- a/usr.sbin/httpd/htdocs/manual/new_features_1_3.html
+++ b/usr.sbin/httpd/htdocs/manual/new_features_1_3.html
@@ -288,18 +288,37 @@ MIME-typing</A></STRONG>
         HREF="mod/mod_autoindex.html#indexoptions">IndexOptions</A>
         keyword.
 
-    <LI><A HREF="mod/mod_autoindex.html#indexoptions">
+    <LI><A HREF="mod/mod_autoindex.html#indexoptions:suppresshtmlpreamble">
         <CODE><STRONG>SuppressHTMLPreamble</STRONG></CODE></A> can be used if
         your README.html file includes its own HTML header.
 
-    <LI><STRONG><CODE>IconHeight</CODE> and <CODE>IconWidth</CODE></STRONG> let
-        you set
-        height and width attributes to the <CODE>&lt;IMG&gt;</CODE> tag in
-        directory listings.
+    <LI>The <A HREF="mod/mod_autoindex.html#indexoptions">
+        <CODE><STRONG>IndexOptions</STRONG></CODE></A> directive now allows
+        the use of incremental prefixes (+/- to add/remove the respective
+        keyword feature, as was already possible for the
+        <A HREF="mod/core.html#options">Options</A> directive) to its
+        keyword arguments. Multiple IndexOptions directives applying
+        to the same directory will now be merged.
+
+    <LI><A HREF="mod/mod_autoindex.html#indexoptions:iconheight"
+        ><STRONG><CODE>IconHeight</CODE></STRONG></A> and
+	<A HREF="mod/mod_autoindex.html#indexoptions:iconwidth"
+        ><STRONG><CODE>IconWidth</CODE></STRONG></A>
+        let you set height and width attributes to the
+        <CODE>&lt;IMG&gt;</CODE> tag in directory listings.
+
+    <LI>The new <A HREF="mod/mod_autoindex.html#indexoptions:namewidth"
+        ><STRONG><CODE>NameWidth</CODE></STRONG></A> keyword to the
+        <A HREF="mod/mod_autoindex.html#indexoptions">IndexOptions</A>
+	directive lets you set the number of columns for
+	<A HREF="mod/mod_autoindex.html#indexoptions:fancyindexing">"fancy"
+	directory listings</A>. If set to an '*' asterisk, the name width
+	will be adjusted automatically.
 
     <LI>The <A HREF="mod/mod_autoindex.html#fancyindexing"
         ><SAMP>FancyIndexing</SAMP></A> directive now correctly has
-        the same impact as <SAMP>IndexOptions&nbsp;FancyIndexing</SAMP>
+        the same impact as 
+        <A HREF="mod/mod_autoindex.html#indexoptions:fancyindexing"><SAMP>IndexOptions&nbsp;FancyIndexing</SAMP></A>
 	without replacing the effect of any existing <SAMP>IndexOptions</SAMP>
 	directive.
 
@@ -517,9 +536,9 @@ MIME-typing</A></STRONG>
     running BS2000/OSD</A></STRONG>
 <DD>As a premiere, this version of Apache comes with a beta version of
     a port to a mainframe machine which uses the EBCDIC character set
-    as its native codeset (It is the SIEMENS NIXDORF family of
-    mainframes running the BS2000/OSD operating system on a IBM/390
-    compatible processor This mainframe OS nowadays features a
+    as its native codeset (It is the SIEMENS family of mainframes
+    running the BS2000/OSD operating system on a IBM/390
+    compatible processor. This mainframe OS nowadays features a
     SVR4-like POSIX subsystem).
 
 <DT><STRONG><A HREF="mod/core.html#accessfilename"><CODE>AccessFileName</CODE>
diff --git a/usr.sbin/httpd/htdocs/manual/windows.html b/usr.sbin/httpd/htdocs/manual/windows.html
index 385be7cead4..8ddc4aad3e4 100644
--- a/usr.sbin/httpd/htdocs/manual/windows.html
+++ b/usr.sbin/httpd/htdocs/manual/windows.html
@@ -23,7 +23,7 @@
 <H1 ALIGN="CENTER">Using Apache With Microsoft Windows</H1>
 
 <P>This document explains how to install, configure and run
-   Apache 1.3 under Microsoft Windows. Please note that at
+   Apache 1.3b6 and later under Microsoft Windows. Please note that at
    this time, Windows support is entirely experimental, and is
    recommended only for experienced users. The Apache Group does not
    guarantee that this software will work as documented, or even at
@@ -53,6 +53,7 @@ to help with development, or to track down bugs), see the section on
   <LI><A HREF="#run">Running Apache for Windows</A>
   <LI><A HREF="#use">Using Apache for Windows</A>
   <LI><A HREF="#cmdline">Running Apache for Windows from the Command Line</A>
+  <LI><A HREF="#signal">Signalling Apache when running</A>
   <LI><A HREF="#comp">Compiling Apache for Windows</A>
 </UL>
 
@@ -189,8 +190,8 @@ with
 To run Apache from a console window, select the "Apache Server" option
 from the Start menu. This will open a console window and start Apache
 running inside it. The window will remain active until you stop
-Apache. To stop Apache running, press Control-C within the console
-window.
+Apache. To stop Apache running, see <A HREF="#signal>Signalling Apache
+when Running</SAMP>.
 
 <P>
 
@@ -362,6 +363,35 @@ and to remove the Apache service, use
 </PRE>
 
 
+<H2><A NAME="signal">Signalling Apache when running</A></H2>
+
+On Windows 95 Apache runs as a console application. You can tell a
+running Apache to stop by opening another console window and running
+
+<PRE>
+    apache -k shutdown
+</PRE>
+
+This should be used instead of pressing Control-C in the running
+Apache console window, because it lets Apache end any current
+transactions and cleanup gracefully.
+
+<P>
+
+You can also tell Apache to restart. This makes it re-read the
+configuration files. Any transactions in progress are allowed to
+complete without interruption. To restart Apache, run
+
+<PRE>
+    apache -k restart
+</PRE>
+
+Note for people familiar with the Unix version of Apache: these
+commands provide a Windows equivalent to <CODE>kill -TERM
+<i>pid</i></CODE> and <CODE>kill -USR1 <i>pid</i></CODE>. The command
+line option used, <CODE>-k</CODE>, was chosen as a reminder of the
+"kill" command used on Unix.
+
 <H2><A NAME="comp">Compiling Apache for Windows</A></H2>
 
 <P>Compiling Apache requires Microsoft Visual C++ 5.0 to be properly
diff --git a/usr.sbin/httpd/src/CHANGES b/usr.sbin/httpd/src/CHANGES
index f7cb6411f45..2d9899db077 100644
--- a/usr.sbin/httpd/src/CHANGES
+++ b/usr.sbin/httpd/src/CHANGES
@@ -1,20 +1,3380 @@
-Changes with Apache 1.2.6
+Changes with Apache 1.3.3
+
+  *) Added a complete implementation of the Expect header field as
+     specified in rev-05 of HTTP/1.1.  Disabled the 100 Continue
+     response when we already know the final status, which is mighty
+     useful for PUT responses that result in 302 or 401. [Roy Fielding]
+
+  *) Remove extra trailing whitespace from the getline results as part
+     of the protocol processing, which is extra nice because it works
+     between continuation lines, is almost no cost in the normal case
+     of no extra whitespace, and saves memory. [Roy Fielding]
+
+  *) Added new HTTP status codes and default response bodies from the
+     revised HTTP/1.1 (307, 416, 417), WebDAV (102, 207, 422, 423), and 
+     HTTP Extension Framework (510) specifications.  Did not add the
+     WebDAV 424 and 425 codes because they are bogus.  We don't use any
+     of these codes yet, but they are now available to 3rd-party modules.
+     [Roy Fielding]
+
+  *) Fix a possible race condition between timed-out requests and the
+     ap_bhalfduplex select that might result in an infinite loop on
+     platforms that do not validate the descriptor. [Roy Fielding]
+
+  *) WIN32: Add "-k shutdown" and "-k restart" options to signal a
+     running Apache server [Paul Sutton]
+
+  *) Fix mod_autoindex bug where directories got a size of "0k" instead
+     of "-".  [Martin Plechsmid <plechsmi@karlin.mff.cuni.cz>, Marc Slemko]
+     PR#3130
+
+  *) PORT: DRS 6000 machine. [Paul Debleecker <pdebleecker@jetair.be>]
+
+  *) Add the server signature text (from the core ServerSignature directive)
+     to the list of envariables available to scripts, SSI, and the like.
+     [Ken Coar]
+
+  *) PORT: Fix sys/resource.h handling for SCO 3.x platform.
+     [M. Laak <maert@proinv.ee>] PR#3108
+ 
+  *) Fallback from sysconf-based to plain HZ-based `ticks per second'
+     calculation in mod_status for all systems which don't have POSIX
+     sysconf() (like UTS 2.1) and not only for the NEXT platform.
+     [Dave Dykstra <dwd@bell-labs.com>] PR#3055
+
+  *) Fix `require ...' directive parsing in mod_auth, mod_auth_dbm and
+     mod_auth_db by using ap_getword_white() (which uses ap_isspace()) 
+     instead of ap_getword(..., ' ') (which parses only according to spaces 
+     but not tabs).  [James Morris <jmorris@intercode.com.au>, 
+     Ralf S. Engelschall] PR#3105
+
+  *) Fix the SERVER_NAME variable under sub-request situations (where
+     `UseCanonicalName off' is used) like CGI's called from SSI pages or
+     RewriteCond variables by adopting r->hostname to sub-requests.
+     [James Grinter <jrg@blodwen.demon.co.uk>] PR#3111
+
+  *) Fix stderr redirection under syslog-based error logging situation.
+     [Youichirou Koga <y-koga@jp.FreeBSD.org>] PR#3095
+
+  *) Document `ErrorLog syslog:facility' variant of error logging.
+     [Youichirou Koga <y-koga@jp.FreeBSD.org>] PR#3096
+
+  *) Fix http://localhost/ hints in top-level INSTALL document.
+     [Rob Jenson <robjen@spotch.com>, Ralf S. Engelschall] PR#3088
+
+  *) Quote paths in default configuration files.  [Wilfredo Sanchez]
+
+  *) PORT: Remove extra HAVE_SYS_RESOURCE_H define for RHAPSODY since
+     it is now taken care of properly by the header file tests.
+     [Wilfredo Sanchez <wsanchez@apple.com>]
+
+  *) Fix problem with scripts and filehandle inheritance on Win32.
+     [Ken Parzygnat <kparz@raleigh.ibm.com>]  PR#2884, 2910
+
+  *) Win32 name canonicalisation could end up using the server's
+     working directory to fill in some blanks.  [Ken Parzygnat
+     <kparz@raleigh.ibm.com>] PR#3001
+
+  *) Correct invalid assumption by ap_sub_req_lookup_file() that all
+     absolute paths begin with "/" -- because they don't on Win32.
+     [Ken Parzygnat <kparz@raleigh.ibm.com>] PR#2976, 3074
+
+  *) Add [REDIRECT_]VARIANTS environment variable to mod_speling
+     so that ErrorDocument 300 processors can reformat the list
+     if desired.  [Ken Coar] PR#2859
+
+  *) Add +/- incremental prefixes to IndexOptions keywords, and
+     enable merging of multiple IndexOptions directives.  [Ken Coar]
+
+  *) PORT: Allow GuessOS to recognize Unixware 7.0.1 [Steve Cameron
+     <steve.cameron@compaq.com>]
+
+  *) Reconstructed the loop through multiple htaccess file names so
+     that missing files are not confused with unreadable files.
+     [Roy Fielding]
+
+  *) The ap_pfopen and ap_pfdopen routines were failing to protect the
+     errno on an error, which leads to one error being mistaken for
+     another when reading non-existent .htaccess files.
+     [Jim Jagielski]
+
+  *) OS/2: The new header tests get things right, need to update
+     ap_config.h.  [Brian Havard]
+
+  *) The Perl %ENV hash will now be setup by default when using the
+     mod_include `perl' command [Doug MacEachern]
+
+  *) PORT: Add Pyramid DC/OSx support to configuration mechanism.
+     [Earle Ake <akee@wpdiss1.wpafb.af.mil>]
+
+  *) PORT: Fix sys/resource.h handling for Amdahl's UTS 2.1
+     [Dave Dykstra <dwd@bell-labs.com>] PR#3054
+
+  *) Correct comment in mod_log_config.c about its internals.
+     [Elf Sternberg <elf@halcyon.com>]
+
+  *) Avoid possible line overflow in Configure: Use an awkfile to
+     handle the creation of modules.c [Jim Jagielski]
+
+Changes with Apache 1.3.2
+
+  *) Fix bug in ap_remove_module(), which caused problems for dso's 
+     who were the top_module.  [Doug MacEachern]
+
+  *) Add support for Berkeley-DB/2.x (in addition to Berkeley-DB/1.x) to
+     mod_auth_db to both be friendly to users who wants to use this version
+     and to avoid problems under platforms where only version 2.x is present.
+     [Dan Jacobowitz <drow@false.org>, Ralf S. Engelschall]
+
+  *) When using ap_log_rerror(), make the error message available to the
+     *ERROR_NOTES envariables by default.  [Ken Coar]
+
+  *) BS2000 platform only: get rid of the nasty BS2000AuthFile.
+     You now must define a BS2000Account name for the server User.
+     This has fewer security implications than the old approach.
+     [Martin Kraemer]
+
+  *) Fix SHARED_CORE feature for HPUX platform: We now use extension `.sl'
+     instead of `.so' and `SHLIB_PATH' instead of `LD_LIBRARY_PATH' on this
+     platform to make the braindead HPUX linker happy. Notice, for the module
+     DSOs we don't have to use this, because these are loaded manually (and
+     not via HPUX' dld). [Ralf S. Engelschall] PR#2905, PR#2968
+
+  *) Remove 64 thread limit on Win32.
+     [Bill Stoddard <stoddard@raleigh.ibm.com>]
+
+  *) Remove redundant substitutions in top-level Makefile.tmpl.
+     [Ralf S. Engelschall]
+
+  *) Fix APACI's `Group' configuration adjustment - especially for Linux
+     platforms where `nogroup' exists in /etc/group. [Ralf S. Engelschall]
+ 
+  *) Make PrintPath work generically instead of having one version
+     strictly for OS/2. [Jim Jagielski, Brian Havard]
+
+  *) Fix the recently introduced C header file checking: We now use the C
+     pre-processor pass only (and no longer the complete compiler pass) to
+     determine whether a C header file exists or not. Because only this way
+     we're safe against inter-header dependencies (which caused horrible
+     portability problems). The only drawback is that we now have a CPP
+     configuration variable which has to be determined first (we do a similar
+     approach as GNU Autoconf does here). When all fails the user still has
+     the possibility to override it manually via APACI or src/Configuration.
+     As a fallback for the header check itself we can directly check the
+     existance of the file under /usr/include, too.
+     [Ralf S. Engelschall] PR#2777
+
+  *) PORT: Added RHAPSODY (Mac OS X Server) support. MAP_TMPFILE defined
+     as an alternate mechanism for mmap'd shared memory for RHAPSODY.
+     ap_private_extern defined to hide symbols that conflict with loaded
+     dynamic libraries on the NEXT and RHAPSODY platforms.
+     [Wilfredo Sanchez <wsanchez@apple.com>]
+
+  *) Delete PID file on clean shutdowns.
+     [Charles Randall <crandall@matchlogic.com>] PR#2947
+
+  *) Fix mod_auth_*.html documents: NSCA -> NCSA
+     [Youichirou Koga <y-koga@jp.FreeBSD.org>] PR#2991
+
+  *) Fix INSTALL document: www.gnu.ai.mit.edu -> www.gnu.org
+     [Karl Berry <karl@gnu.org>] PR#2994
+
+  *) Fix dbmmanage.1 manual page.
+     [Youichirou Koga <y-koga@jp.FreeBSD.org>] PR#2992
+     
+  *) Fix possible buffer overflow situation in suexec.c.
+     [Jeff Stewart <jws@purdue.edu>] PR#2790
+
+  *) Add some more LIBS for the SCO5 platform which are needed for the already
+     used -lprot. It's actually a bug in SCO5, of course.
+     [Ronald Record <rr@sco.com>] PR#2533
+
+  *) Fix documentation of ProxyPass/ProxyPassReverse according to the
+     trailing slash problem. [Jon Drukman <jsd@gamespot.com>] PR#2933
+  
+  *) Remove `-msym' option from LDFLAGS_SHLIB for the Digital UNIX (OSF/1)
+     platform, because it's only supported under version 4.0 and higher. But
+     because our GuessOS is still unaware of Digital UNIX versions and the
+     -msym is just to optimize the DSO statup time a little bit it's safe and
+     best when we leave it out now.  [Ralf S. Engelschall] PR#2969
+
+  *) Fix the ap_log_error_old(), ap_log_unixerr() and ap_log_printf()
+     functions: First all three functions no longer fail on strings containing
+     "%" chars and second ap_log_printf() no longer does a double-formatting
+     (instead it directly passes through the message to be formatted to the
+     real internal formatting function). [Ralf S. Engelschall] PR#2941
+
+  *) Allow "Include" directives anywhere in the server config
+     files (but not .htaccess files).  [Ken Coar] PR#2727
+
+  *) The proxy was refusing to serve CONNECT requests except to
+     port 443 (https://) and 563 (snews://). The new AllowCONNECT
+     directive allows the configuration of the ports to which a
+     CONNECT is allowed.  [Sameer Parekh, Martin Kraemer]
+
+  *) mod_expires will now act on content that is not sent from a file
+     on disk.  Previously it would never add an Expires: header to
+     any response that did not come from a file on disk; the only
+     case where it still doesn't (and can't) add one for that type of 
+     content is if you are using a modification date based setting.  
+     [Marc Slemko, Paul Phillips <paulp@go2net.com>]
+
+  *) Problems encountered during .htaccess parsing or CGI execution
+     that lead to a "500 Server Error" condition now provide explanatory
+     text (in the *ERROR_NOTES envariable) to ErrorDocument 500 scripts.
+     [Ken Coar] PR#1291
+
+  *) Add NameWidth keyword to IndexOptions directive so that the
+     width of the filename column is customisable.  [Ken Coar, Dean Gaudet]
+     PR#1949, 2324.
+
+  *) Recognize lowercase _and_ uppercase `uname' results under
+     SCO OpenServer. [David Coelho <drc@ppt.com>]
+
+  *) As duplicate "HTTP/1.0 200 OK" lines within the header seem to be
+     a common problem of (mis-administrated?) IIS servers, make the apache
+     proxy immune to these errors (and ignore the duplicates, but log
+     the fact to error_log). [Martin Kraemer], after the proposal in PR#2914 
+     
+  *) The <IfModule and <IfDefine block starting directives now only
+     allow exactly one argument. Previously, the optional negation
+     character '!' could be separated by whitespace without a syntax
+     error being reported, albeit defeating the IfModule functionality
+     (enclosed directives would ALWAYS be executed). By using the
+     stricter syntax, these hard-to-track errors can be avoided.
+     [Martin Kraemer]
+
+  *) Simplify handling of IndexOptions in mod_autoindex -- and BTW
+     cause the standalone FancyIndexing directive to logically OR
+     into any existing IndexOptions settings rather than wiping
+     them out.  [Ken Coar]
+
+  *) Changes in ftp proxy: make URL parsing simpler by using the
+     parsed_uri stuff.
+     + Add display of the "current directory" in cases where it's
+     different from the supplied path (e.g., ftp://user@host/ lives
+     in /home/user, not in /, therefore clicking on "../" in the
+     starting directory might send us to /home/).
+     + When ftp login fails, (esp. when a user name was part of the
+     URL already), we now return [401 Unauthorized ] to allow the
+     browser to pop up an authorization dialog. This makes passwords
+     slightly less visible (they don't appear in the regular log files)
+     and implements a functionality that other www proxy servers
+     already offered.
+     [Martin Kraemer]
+
+  *) Triggered by the recent "Via:" header changes, the proxy module would
+     dump core for replies with invalid headers (e.g., duplicate
+     "HTTP/1.0 200 OK" lines). These errors are now logged and the
+     core dump is avoided. Also, broken replies are not cached.
+     [Martin Kraemer] PR#2914
+
+  *) new `GprofDir' directive when compiled with -DGPROF, where gprof can
+     plop gmon.out profile data for each child [Doug MacEachern]
+   
+  *) Use the construct ``"$@"'' instead of ``$*'' in the generated
+     config.status script to be immune against arguments with whitespaces.
+     [Yves Arrouye <yves@apple.com>] PR#2866
+
+  *) Replace the inlined information grabbing stuff for the configuration
+     adjustment feature (no --without-confadjust) with calls to a new helper
+     script `buildinfo.sh' which is both more flexible and already proofed to
+     be more robust against platform differences. This mainly fixes the
+     recently occured ``sed: command garbled: ...'' problems.
+     [Ralf S. Engelschall] PR#2776, PR#2848
+
+  *) Make ab.c again pass ``gcc -Wall -Wshadow -Wpointer-arith -Wcast-align
+     -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''
+     without complains after we recently added the POST feature.
+     [Ralf S. Engelschall]
+
+  *) Renamed is_HTTP_xxx() macros to ap_is_HTTP_xxx() name. They are used inside
+     modules as API functions and we forgot them at the big symbol renaming.
+     [Ralf S. Engelschall]
+
+  *) Remove bad reference to non-existing SERVER_VERSION in mod_rewrite.html
+     [Youichirou Koga <y-koga@jp.FreeBSD.ORG>] PR#2895
+
+  *) Dynamically size the filename column of mod_autoindex output.
+     [Dean Gaudet]
+
+  *) Add the ability to do POST requests to the ab benchmarking tool.
+     [Kurt Sussman <kls@best.com>] PR#2871
+
+  *) Bump up MAX_ENV_FLAGS in mod_rewrite.h from the too conservatice limit of
+     5 to 10 because there are some users out there who always have 5 to 8
+     variables in one RewriteRule and had to patch mod_rewrite.h for every
+     release. So 15 should be now more than enough, even for them. (I never
+     needed more than 4 in my RewriteRules ;-)
+     [Ralf S. Engelschall]
+
+  *) Make the proxy generate and understand Via: headers
+     [Martin Kraemer]
+
+  *) Change the proxy to use tables instead of array_headers for
+     the header lines. [Martin Kraemer]
+
+  *) Make sure the config.status file is not overridden when just
+     ``configure --help'' is used. [Ralf S. Engelschall] PR#2844
+
+  *) Split MODULE_MAGIC_NUMBER into _MAJOR/_MINOR numbers. This should
+     provide a way to trace API changes that add functionality but do
+     not create a compatibility issue for precompiled modules, etc.
+     See include/ap_mmn.h for more details.  [Randy Terbush]
+
+  *) Fix suexec installation under `make install root=xxx' situation.
+     [Ralf S. Engelschall]
+
+  *) Extend the output of the -V switch to include the paths of all
+     compiled-in configuration files, if they were overridden at
+     compile time, for least astonishment of the user.
+     [Martin Kraemer]
+
+  *) When READing a request in ExtendedStatus mode, the "old"
+     vhost, request and client information is not displayed.
+     [Jim Jagielski]
+
+  *) STATUS is no longer available. Full status information now
+     run-time configurable using the ExtendedStatus directive.
+     [Jim Jagielski]
+
+  *) SECURITY: Eliminate O(n^2) space DoS attacks (and other O(n^2)
+     cpu time attacks) in header parsing.  Add ap_overlap_tables(),
+     a function which can be used to perform bulk update operations
+     on tables in a more efficient manner.  [Dean Gaudet]
+
+  *) SECURITY: Added compile-time and configurable limits for
+     various aspects of reading a client request to avoid some simple
+     denial of service attacks, including limits on maximum request-line
+     size (LimitRequestLine), number of header fields (LimitRequestFields),
+     and size of any one header field (LimitRequestFieldsize).  Also added
+     a configurable directive LimitRequestBody for limiting the size of the
+     request message body.  [Roy Fielding]
+
+  *) Make status module aware of DNS and logging states, even if
+     STATUS not defined.  [Jim Jagielski]
+
+  *) Fix a problem with the new OS/2 mutexes.  [Brian Havard]
+
+  *) Enhance mod_speling so that CheckSpelling can be used in
+     <Directory> containers and .htaccess files.  [Ken Coar]
+
+  *) API: new ap_custom_response() function for hooking into the
+     ErrorDocument mechanism at runtime [Doug MacEachern]
+
+  *) API: new ap_uuencode() function [Doug MacEachern]
+
+  *) API: scan_script_header_err_core() now "public" and renamed
+     ap_scan_script_header_err_core() [Doug MacEachern]
+
+  *) The 'status' module will now show the process pid's and their
+     state even without full STATUS accounting. [Jim Jagielski]
+
+  *) Restore the client IP address to the error log messages, this
+     was lost during the transition from 1.2 to 1.3.  Add a new
+     function ap_log_rerror() which takes a request_rec * and
+     formats it appropriately.  [Dean Gaudet] PR#2661
+
+  *) Cure ap_cfg_getline() of its nasty habit of compressing internal
+     whitespace in input lines -- including within quoted strings.
+     [Ken Coar]
+     but leading and trailing whitespace should continue to be
+     stripped [Martin Kraemer]
+
+  *) Cleanup of the PrintPath/PrintPathOS2 helper functions. Avoid
+     the ugly use of an env. variable and use command-line args for
+     alternate $PATH. Make more like advanced 'type's as well.
+     [Jim Jagielski]
+
+  *) The IRIXN32 Rule was being ignored. Configure now correctly adds
+     -n32 only if IRIXN32 says to. [Jim Jagielski, Alain St-Denis
+     <alain.st-denis@ec.gc.ca>] PR#2736
+
+  *) Clean up a warning in mod_proxy. [Ralf S. Engelschall]
+
+  *) Renamed __EMX__ (internal define of the gcc port under OS/2) to OS2
+     following the same idea as "MSVC vs WIN32". Additionally the src/os/emx/
+     directory was renamed to src/os/os2/ for consistency.
+     [Brian Havard, Ralf S. Engelschall]
+
+  *) Add new Rule SHARED_CHAIN which can be used to enable linking of DSO
+     files (here modules) against other DSO files (here shared libraries).
+     This is done by determining a subset of LIBS which can be safely used for
+     linking the DSOs, i.e. PIC libs and shared libs.  Currently the rule is
+     disabled for all platforms to avoid problems with this (experimental)
+     rule. But we provide it now for those people how ran into problems and
+     want to came out by forcing linking against DSOs.
+     [Ralf S. Engelschall] PR#2587
+
+  *) Fix suEXEC start message: Has to be of `notice' level to really get
+     printed together with the standard startup message because the `notice'
+     level is handled special inside ap_log_error() for startup messages.
+     [Ralf S. Engelschall] PR#2761 PR#2761 PR#2765
+
+  *) Add correct `model' MIME types from RFC2077 to mime.types file.
+     [Ralf S. Engelschall] PR#2732
+
+  *) Fixed examples in mod_rewrite.html document. 
+     [Youichirou Koga <y-koga@jp.FreeBSD.org>, Ralf S. Engelschall] PR#2756
+
+  *) Allow ap_read_request errors to propagate through the normal request
+     handling loop so that the connection can be properly closed with
+     lingering_close, thus avoiding a potential TCP reset that would
+     cause the client to miss the HTTP error response.  [Roy Fielding]
+
+  *) One more portability fix for APACI shadow tree support: Swap order of awk
+     and sed in top-level configure script to avoid sed fails on some
+     platforms (for instance SunOS 4.1.3 and NCR SysV) because of the
+     non-newline-termined output of Awk. [Ralf S. Engelschall] PR#2729
+
+  *) PORT: NEC EWS4800 support.
+     [MATSUURA Takanori <t-matsuu@protein.osaka-u.ac.jp>]
+
+  *) Fix a segfault in the proxy on OS/2.  [Brian Havard]
+
+  *) Fix Win32 part of ap_spawn_child() by providing a reasonable child_info
+     structure instead of just NULL. This fixes at least the RewriteMap
+     programs under Win32. [Marco De Michele <mdemichele@tin.it>] PR#2483
+
+  *) Add workaround to top-level `configure' script for brain dead 
+     `echo' commands which interpet escape sequences per default.
+     [Ralf S. Engelschall] PR#2654
+
+  *) Make sure that the path to the Perl interpreter is correctly
+     adjusted under `make install' also for the printenv CGI script.
+     [Ralf S. Engelschall] PR#2595
+ 
+  *) Update the mod_rewrite.html document to correctly reflect the situation
+     of the `proxy' (`[P]') feature. [Ralf S. Engelschall] PR#2679
+
+  *) Fix `install-includes' sub-target of `install' target in top-level
+     Makefile.tmpl: The umask+cp approach didn't work as expected (especially
+     for users which extracted the distribution under 'umask 077'), so replace
+     it by an explicit cp+chmod approach.
+     [Richard Lloyd, Curt Sampson, Ralf S. Engelschall] PR#2656 PR#2626
+ 
+  *) Fix `distclean' and `clean' targets in src/Makefile.tmpl to have same
+     behavior and to cleanup correctly even under enabled SHARED_CORE rule.
+     [Ralf S. Engelschall]
+
+  *) Use a more straight forward and thus less problematic Sed command in
+     src/helper/mkdir.sh script.  [Ralf S. Engelschall]
+
+  *) Make sure the `configure' scripts doesn't fail when trying to guess the
+     domainname of the machine and there are multiple `domainname' and
+     `search' entries in /etc/resolv.conf.
+     [Ralf S. Engelschall] PR#2710
+
+  *) Add note about the SHARED_CORE requirement on some platforms also to the
+     INSTALL file because a lot of users don't read htdocs/manual/dso.html
+     first. [Ralf S. Engelschall] PR#2701
+
+  *) Fix document "hyperlink" for dso.html in src/Configuration.tmpl
+     [Knut A.Syed <Knut.Syed@nhh.no>] PR#2674
+
+  *) Modify mod_rewrite to update the Vary response field if the URL rewriting
+     engine does any manipulations or decisions based upon request fields. 
+     [Ken Coar] PR#1644
+
+  *) Document the special APACI behavior for installation paths where
+     ``/apache'' is appended to paths under some (well defined, of course)
+     situations to prevent pollution of system locations with Apache files.
+     [Ralf S. Engelschall] PR#2660
+
+  *) Fixed problem with buffered response message not being sent for
+     the read_request error conditions of URI-too-long (414) and
+     malformed header fields (400).  [Roy Fielding] PR#2646
+
+  *) Add support for the Max-Forwards: header line required by RFC2068 for
+     the TRACE method. This allows apache to TRACE along a chain of proxies
+     up to a predetermined depth. [Martin Kraemer]
+
+  *) Fix SHARED_CORE rule: The CFLAGS_SHLIB variable is no longer doubled
+     (compilers complained) and the .so.V.R.P filename extension was adjusted
+     to correctly reflect the 1.3.2 version.
+     [Ralf S. Engelschall] PR#2644
+
+  *) SECURITY: Plug "..." and other canonicalization holes under OS/2.
+     [Brian Havard]
+  
+  *) PORT: implement serialized accepts for OS/2.  [Brian Havard]
+
+  *) mod_include had problems with the fsize and flastmod directives
+     under WIN32.  Fix also avoids the minor security hole of using
+     ".." paths for fsize and flastmod.
+     [Manoj Kasichainula <manojk@raleigh.ibm.com>] PR#2355
+
+  *) Fixed some Makefile dependency problems.  [Dean Gaudet]
+
+Changes with Apache 1.3.1
+
+  *) Disable the incorrect entry for application/msword in the 
+     mod_mime_magic "magic" file because it also matches other Office
+     documents.  [Ralf S. Engelschall] PR#2608
+
+  *) Fix broken RANLIB handling in src/Configure (the entry from
+     src/Configuration.tmpl was ignored) and additionally force RANLIB to
+     /bin/true under HP/UX where ranlib exists but is deprecated.
+     [Ralf S. Engelschall] PR#2627
+     
+  *) 'apachectl status' failed on some systems.
+     [Steve VanDevender <stevev@darkwing.uoregon.edu>, Lars Eilebrecht] PR#2613
+
+  *) Add new flags for ap_unparse_uri_components() to make it generate
+     the scheme://sitepart string only, or to omit the query string.
+     [Martin Kraemer]
+
+  *) WIN32: Canonicalize ServerRoot before checking to see if it
+     is a valid directory.  The failure to do this caused certain
+     ServerRoot settings (eg. "ServerRoot /apache") to be improperly
+     rejected.  [Marc Slemko]
+
+  *) Global renaming of C header files to both get rid of conflicts with third
+     party packages and to again reach consistency:
+       1. conf.h      -> ap_config.h
+       2. conf_auto.h -> ap_config_auto.h \ these are now merged
+       3. ap_config.h -> ap_config_auto.h / in the config process
+       4. compat.h    -> ap_compat.h
+       5. apctype.h   -> ap_ctype.h
+     Backward compatibility files for conf.h and compat.h were created.
+
+  *) mod_mmap_static will no longer take action on requests unless at 
+     least one "mmapfile" directive is present in the configuration. 
+     This experimental module has to do some black magic to operate 
+     inside the current API and thus creates side-effects for other 
+     modules under some circumstances.
+     [Ralf S. Engelschall]
+ 
+  *) Add conservative ticks around more egrep arguments in top-level configure
+     to avoid problems under brain-dead platforms like Digital UNIX (OSF1).
+     [Ralf S. Engelschall] PR#2596
+
+  *) mod_rewrite created RewriteLock files under the UID of the parent
+     process, thus the child processes had no write access to the files.
+     Now a chown() is done on the file to the uid of the children,
+     if applicable.  [Lars Eilebrecht, Ralf S. Engelschall] PR#2341
+
+  *) Autogenerate some HAVE_XXXXX_H defines in conf_auto.h (determined via
+     TestCompile) instead of defining them manually in conf.h based on less
+     accurate platform definitions.  This way we no longer have to fiddle with
+     OS-type and/or OS-version identifiers to discover whether a system header
+     file exists or not.  Instead we now directly check for the existence of
+     those esoteric ones. 
+     [Ralf S. Engelschall] PR#2093, PR#2361, PR#2377, PR#2434,
+                           PR#2524, PR#2525, PR#2533, PR#2569
+
+  *) mod_setenvif (BrowserMatch* and friends) will now match a missing
+     field with "^$".  [Ken Coar]
+
+  *) Set the RTLD_GLOBAL dlopen mode parameter to allow dynamically loaded
+     modules to load their own modules dynamically.  This improves mod_perl
+     and mod_php3 when these modules are loaded dynamically into Apache.
+     [Rasmus Lerdorf]
+
+  *) Cache a proxied request in the event that the client cancels the
+     transfer, provided that the configured percentage of the file has
+     already been transfered. It works for HTTP transfers only.  The 
+     new configuration directive is called CacheForceCompletion. 
+     [Glen Parker <glenebob@nwlink.com>] PR#2277
+
+  *) Add the "<!DOCTYPE HTML" magic cookie used by modern documents (and
+     required by HTML 3.2 and later) to mod_mime_magic's conf/magic.
+     [Anna Shergold <anna@inext.co.uk>]
+
+  *) Fix yet another signal-based race condition involving nested timers.
+     Signals suck.  [Dean Gaudet]
+
+  *) suexec's error messages have been clarified a little bit.  [Ken Coar]
+
+  *) Clean up some, but perhaps not all, 8-bit character set problems
+     with config file parsing, and URL parsing.  We now define
+     ap_isdigit(), ap_isupper(), ... which cast to an (unsigned char).
+     This should work on most modern unixes.
+     [Dean Gaudet] PR#800, 2282, 2553  (and others)
+
+  *) The "handler not found" error was issued in cases where the handler
+     really did exist, but was just declining to serve the request.
+     [John Van Essen <jve@gamers.org>] PR#2529
+
+  *) Add Dynamic Shared Object (DSO) support for SCO5 (OpenServer 5.0.x).
+     [Ronald Record <rr@sco.com>] PR#2533
+
+  *) The APACI libexecdir was not extended with an "apache/" subdir
+     if the installation prefix didn't already contain "apache", but
+     it should be because the DSO files are Apache-specific.  Now
+     libexecdir is treated the same way sysconfdir, datadir, localstatedir
+     and includedir are already treated.
+     [Charles Levert <charles@comm.polymtl.ca>] PR#2551
+
+  *) The <Limit> parsing routine was incorrectly treating methods as
+     case-insensitive.  [Ken Coar]
+
+  *) The ap_bprintf() code neglected to test if there was an error on
+     the connection.  ap_bflush() misdiagnosed a failure as a success.
+     [Dean Gaudet]
+
+  *) add support for #perl arg interpolation in mod_include
+     [Doug MacEachern]
+
+  *) API: Name changes of table_elts to ap_table_elts, is_table_empty
+     to ap_is_table_empty and bgetflag to ap_bgetflag. [Ben Laurie]
+
+  *) PORT: Add UnixWare 7 support
+     [Vadim Kostoglodoff <vadim@olly.ru>] PR#2463
+
+  *) Fix the Guess-DSO-flags-from-Perl stuff in src/Configure: "perl" was
+     used instead of "$PERL" which contains the correctly determined Perl
+     interpreter (important for instance on systems where "perl" and "perl5"
+     exists, like BSDI or FreeBSD, etc).
+     [Ralf S. Engelschall] PR#2505
+
+  *) Move the initial suEXEC-related startup message from plain
+     fprintf()/stderr to a delayed ap_log_error()-based one to avoid problems
+     when Apache is started from inetd (instead of standalone). Under this
+     situation startup messages on stderr lead to problems (the line is sent
+     to the client in front of the requested document).
+     [Ralf S. Engelschall] PR#871, PR#1318
+
+  *) Add a flag so ap_fnmatch() can be used for case-blind pattern matching.
+     [Ken Coar, Dean Gaudet]
+
+  *) WIN32: Don't collapse multiple slashes in PATH_INFO.
+     [Ben Laurie, Bill Stoddard <wgstodda@us.ibm.com>] PR#2274
+
+  *) WIN32 SECURITY: Eliminate trailing "."s in path components. These are
+     ignored by the Windows filesystem, and so can be used to bypass security.
+     [Ben Laurie, Alexei Kosut].
+
+  *) We now attempt to dump core when we get SIGILL. [Jim Jagielski]
+
+  *) PORT: remove broken test for MAP_FILE in http_main.c.
+     [Wilfredo Sanchez <wsanchez@apple.com>]
+
+  *) PORT: Change support/apachectl to use "kill -0 $pid" to test if the
+     httpd is running.  This should be more portable than figuring out
+     which of three dozen different versions of "ps" are installed.
+     [a cast of dozens]
+
+  *) WIN32: If we can't figure out how to execute a file in a script
+     directory, bail out of the request with an error message.  [W G Stoddard]
+
+  *) WIN32 SECURITY: Eliminate directories consisting of three or more dots;
+     these are treated by Win32 as if they are ".." but are not detected by
+     other machinery within Apache. This is something of a kludge but
+     eliminates a security hole. [Manoj Kasichainula, Ben Laurie]
+
+  *) Move ap_escape_quotes() from src/ap to src/main/util.c; it uses
+     pools and thus pollutes libap (until the pool stuff is moved there).
+     [Ken Coar]
+
+  *) IndexIgnore should be case-blind on Win32 (and any other case-aware
+     but case-insensitive platforms).  New #define for this added to conf.h
+     (CASE_BLIND_FILESYSTEM).  [Ken Coar] PR#2455
+
+  *) Enable DSO support for OpenBSD in general, not only for 2.x, because it
+     also works for OpenBSD 1.x. [Ralf S. Engelschall]
+
+  *) PORT: Fix compilation problem on ARM Linux.
+     [Sam Kington <sam@illuminated.co.uk>] PR#2443
+
+  *) Let APACI's configure script determine some configuration parameters
+     (Group, Port, ServerAdmin, ServerName) via some intelligent tests to
+     remove some of the classical hurdles for new users when setting up
+     Apache. This is done per default because it is useful for the average
+     user. Package authors can use the --without-confadjust option to disable
+     these configuration adjustments.
+     [Ralf S. Engelschall]
+
+  *) Added an EXTRA_DEPS configuration parameter which can be used
+     to add an extra Makefile dependency for the httpd target, for instance
+     to external third-party libraries, etc.
+     [Ralf S. Engelschall]
+
+  *) Add <IfDefine>..</IfDefine> sections to the core module (with same spirit
+     as <IfModule>..</IfModule> sections) which can be used to skip or process
+     contained commands dependend of ``-D PARAMETER'' options on the command
+     line. This can be used to achieve logical conditions like <IfDefine
+     ReverseProxy> instead of physically ones (e.g. <IfModule mod_proxy.c>)
+     and thus especially can be used for conditionally loading DSO-based
+     modules via LoadModule, etc. [Ralf S. Engelschall]
+
+  *) PORT: clean up a warning in mod_status for OS/2.  [Brian Havard]
+
+  *) Make table elements const. This may prevent obscure errors. [Ben Laurie]
+
+  *) Fix parsing of FTP `SIZE' responses in proxy module: The newline was not
+     truncated which forced following HTTP headers to be data in the HTTP
+     reponse. [Ralf S. Engelschall, Charles Fu <ccwf@bacchus.com>] 
+     PR#2412, 2367
+
+  *) Portability fix for APACI shadow tree support: Swap order of awk and sed
+     in top-level configure script to avoid sed fails on some platforms (for
+     instance SunOS 4.1.3 and NCR SysV) because of the non-newline-termined
+     output of Awk. [Bill Houle <bhoule@sandiegoca.ncr.com>] PR#2435
+
+  *) Improve performance of directory listings (mod_autoindex) by comparing
+     integer keys (last-modified and size) as integers rather than converting
+     them to strings first.  Also use a set of explicit byte tests rather
+     than strcmp() to check for parent directory-ness of an entry.  Oh, and
+     make sure the parent directory (if displayed) is *always* listed first
+     regardless of the sort key.  Overall performance winnage should be good
+     in CPU time, instruction cache, and memory usage, particularly for large
+     directories.  [Ken Coar]
+
+  *) Add a tiny but useful goody to APACI's configure script: The generation
+     of a config.status script (as GNU Autoconf does) which remembers the used
+     configure command and hence can be used to restore the configuration by
+     just re-running this script or for remembering the configuration between
+     releases.
+     [Ralf S. Engelschall]
+
+  *) Add httpd -t (test) option for running configuration syntax tests only.
+     If something is broken it complains and exits with a return code
+     non-equal to 0. This can be used manually by the user to check the Apache
+     configuration after editing and is also automatically used by apachectl
+     on (graceful) restart command to make sure Apache doesn't die on restarts
+     because of a configuration which is now broken since the last (re)start.
+     This way `apachectl restart' can be used inside cronjobs without having
+     to expect Apache to be falling down. Additionally the httpd -t can be run
+     via `apachectl configtest'.
+     [Ralf S. Engelschall] PR#2393
+  
+  *) Minor display fix for "install" target of top-level Makefile:
+     the displayed installation command was incorrect although the
+     executed command was correct. Now they are in sync.
+     [Ralf S. Engelschall] PR#2402
+
+  *) Correct initialization of variable `allowed_globals' in http_main.c
+     [Justin Bradford <justin@ukans.edu>] PR#2400
+
+  *) Apache would incorrectly downcase the entire Content-Type passed from
+     CGIs.  This affected server-push scripts and such which use
+     multipart/x-mixed-replace;boundary=ThisRandomString.
+     [Dean Gaudet] PR#2394
+
+  *) PORT: QNX update to properly guess 32-bit systems.
+     [Sean Boudreau <seanb@qnx.com>] PR#2390
+
+  *) Make sure the DSO emulation code for HPUX finds the proprietary shl_xxx()
+     functions which are in libdld under HPUX 9/10.
+     [Ralf S. Engelschall] PR#2378
+
+  *) Make sure the "install" target of the top-level Makefile doesn't break
+     because of a return code of 1 from an "if" (for instance under braindead
+     Ultrix the result code of an "if" construct is 1 if the "then" clause
+     didn't match). [Ralf S. Engelschall]
+
+  *) Add an additional "dummy" target to the "$(LIB)" target in generated
+     modules/xxx/Makefile's to avoid problems with SVR4 Make under "full-DSO"
+     situation (no libxxx.a built, only mod_xxx.so's) where LIB and OBJS are
+     empty. [Ralf S. Engelschall, Dean Gaudet, Martin Kraemer]
+
+  *) Replace two bad sprintf() calls with ap_snprintf() variants in
+     mod_rewrite. [Ralf S. Engelschall]
+
+  *) Fix missing usage description for MetaFiles directive.
+     [David MacKenzie <djm@va.pubnix.com>] PR#2384
+
+  *) mod_log_config wouldn't let vhosts use log formats defined in the
+     main server.  [Christof Damian <damian@mediaconsult.com>] PR#2090
+
+  *) mod_usertrack was corrupting the client hostname.  As part of the
+     fix, the cookie values were slightly extended to include the
+     fully qualified hostname of the client.
+     [Dean Gaudet] PR#2190, 2229, 2366
+
+  *) Fix a typo in pool debugging code.  [Alvaro Martinez Echevarria]
+
+  *) mod_unique_id did not work on alpha linux (in general on any
+     architecture that has 64-bit time_t).
+     [Alvaro Martinez Echevarria]
+
+  *) PORT: Make SCO 5 (and probably 3) compile again. [Ben Laurie]
+
+  *) PORT: NCR MPRAS systems have the same bug with SIGHUP restart that
+     Solaris systems experience.  So define WORKAROUND_SOLARIS_BUG.
+     [Klaus Weber <kweber@chephren.germany.ncr.com>] PR#1973
+
+  *) Change "Options None" to "Options FollowSymLinks" in the 
+     <Directory /> section of the default access.conf-dist
+     (and -win even though it doesn't matter there).  This has better
+     performance, and more intuitive semantics.  [Dean Gaudet]
+
+  *) PORT: Updated support for UTS 2.1.2.
+     [Dave Dykstra <dwd@bell-labs.com>] PR#2320
+
+  *) Fix symbol export list (src/support/httpd.exp) after recent
+     API changes in the child spawning area.
+     [Jens-Uwe Mager <jum@helios.de>]
+
+  *) Workaround for configure script and old `test' commands which do not
+     support the -x flag (for instance under platforms like Ultrix). This is
+     solved by another helper script findprg.sh which searches for Perl and
+     Awk like PrintPath but _via different names_.
+     [Ralf S. Engelschall]
+
+  *) Remove the system() call from htpasswd.c, which eliminates a system
+     dependancy.  ["M.D.Parker" <mdpc@netcom.com>] PR#2332
+
+  *) PORT: Fix compilation failures on NEXTSTEP.
+     [Rex Dieter <rdieter@math.unl.edu>] PR#2293, 2316
+
+  *) PORT: F_NDELAY is a typo, should have been FNDELAY.  There's also
+     O_NDELAY on various systems.  [Dave Dykstra <dwd@bell-labs.com>] PR#2313
+
+  *) PORT: helpers/GuessOS updates for various versions for NCR SVR4.
+     [juerg schreiner <j.schreiner@zh.ch>,
+     Bill Houle <Bill.Houle@SanDiegoCA.NCR.COM>] PR#2310
+
+  *) Fix recently introduced Win32 child spawning code in mod_rewrite.c which
+     was broken because of invalid ap_pstrcat() -> strcat() transformation.
+     [Ralf S. Engelschall]
+
+  *) Proxy Cache Fixes: account for directory sizes, fork off garbage collection
+     to continue in background, use predefined types (off_t, size_t, time_t),
+     log the current cache usage percentage at LogLevel debug
+     [Martin Kraemer, based on discussion between Dean Gaudet & Dirk vanGulik]
+
+Changes with Apache 1.3.0
+
+  *) Using a type map file as a custom error document was not possible.
+     [Lars Eilebrecht] PR#1031
+
+  *) Avoid problems with braindead Awks by additionally searching for gawk 
+     and nawk in APACI's configure script.
+     [Dave Dykstra <dwd@bell-labs.com>, Ralf S. Engelschall] PR#2319
+
+  *) Rename md5.h to ap_md5.h to avoid conflicts with native MD5 on
+     some systems. [Randy Terbush]
+
+  *) Change usage of perror()+fprintf(stderr,...) in mod_rewrite to
+     more proper ap_log_error() variants.
+     [Ralf S. Engelschall]
+
+  *) Make sure the argument for the --add-module option to APACI's configure
+     script is of type [path/to/]mod_xxx.c because all calculations inside
+     configure and src/Configure depend on this.
+     [Ralf S. Engelschall] PR#2307
+
+  *) Changes usage of perror/fprintf to stderr to more proper ap_log_error
+     in mod_mime, mod_log_referer, mod_log_agent, and mod_log_config.
+     [Brian Behlendorf]
+
+  *) Various OS/2 cleanups ["Brian Havard" <brianh@kheldar.apana.org.au>]
+
+  *) PORT: QNX needed a #include <sys/mman.h>; and now it uses flock
+     serialized accept to handle multiple sockets.
+     [Rob Saccoccio <robs@InfiniteTechnology.com>] PR#2295, 2296
+ 
+  *) Have NT properly set the directory for CGI scripts 
+     (& other spawned children)
+     [W G Stoddard <wgstodda@us.ibm.com>]
+
+  *) Propagate environment to CGI scripts correctly in Win32.
+     [W G Stoddard <wgstodda@us.ibm.com>] PR#2294
+
+  *) Some symbol renaming:
+     ap_spawn_child_err became ap_spawn_child
+     ap_spawn_child_err_buff became ap_bspawn_child
+     spawn_child was obsoleted and moved to compat.h
+     [Brian Behlendorf]
+
+  *) Upgrade the child spawning code in mod_rewrite for the RewriteMap
+     programs: ap_spawn_child_err() is used and the Win32 case now uses
+     CreateProcess() instead of a low-level execl() (which caused problems in
+     the past under Win32).
+     [Ralf S. Engelschall]
+
+  *) A few cosmetics and trivial enhancements to APXS to make the
+     generated Makefile more user friendly. [Ralf S. Engelschall]
+
+  *) Proxy Fix: The proxy special failure routine ap_proxyerror()
+     was updated to use the normal apache error processing, thereby allowing
+     proxy errors to be treated by ErrorDocument's as well. For this
+     purpose, a new module-to-core communication variable "error-notes"
+     was introduced; the proxy (and possibly other modules) communicates
+     its error text using this variable. Its content is copied to a new
+     cgi-env-var REDIRECT_ERROR_NOTES for use by ErrorDocuments.
+     The old proxy special error routine ap_proxy_log_uerror()
+     was replaced by regular ap_log_error() calls, many messages were made
+     more informative. 
+     [Martin Kraemer] PR#494, 1259
+
+  *) SECURITY: A possible buffer overflow in the ftp proxy was fixed.
+     [Martin Kraemer]
+
+  *) Transform the configure message "You need root privileges for suEXEC"
+     from a fatal error into a (more friendly) warning because the building
+     ("make") of Apache we can allow, of course. Root privileges are needed
+     only for the installation step ("make install"). So make sure the
+     user is aware of this fact but let him proceed as long as he can.
+     [Ralf S. Engelschall] PR#2288
+  
+  *) Renamed three more functions to common ap_ prefix which we missed at the
+     Big Symbol Renaming because they're #defines and not real C functions:
+     is_default_port(), default_port(), http_method().
+     [Ralf S. Engelschall]
+
+  *) A zero-length name after a $ in an SSI document should cause
+     just the $ to be in the expansion.  This was broken during the
+     security fixes in 1.2.5.  [Dean Gaudet] PR#1921, 2249
+
+  *) Call ap_destroy_sub_req() in ap_add_cgi_vars() to reclaim some
+     memory.  [Rob Saccoccio <robs@InfiniteTechnology.com>] PR#2252
+
+  *) Fix src/support/httpd.exp (DSO export file which is currently only
+     used under AIX) because of recent changes to function names.
+     [Ralf S. Engelschall]
+
+Changes with Apache 1.3b7
+
+  *) Make sure a MIME-type can be forced via a RewriteRule even when no
+     substitution takes place, for instance via the following rule:
+     ``RewriteRule ^myscript$ - [T=application/x-httpd-cgi]'' This was often
+     requested by users in the past to force a single script without a .cgi
+     extension and outside any cgi-bin dirs to be executed as a CGI program.
+     [Ralf S. Engelschall] PR#2254
+
+  *) A fix for protocol issues surrounding 400, 408, and
+     414 responses. [Ed Korthof]
+
+  *) Ignore MaxRequestsPerChild on WIN32. [Brian Behlendorf]
+
+  *) Fix discrepancy in proxy_ftp.c which was causing failures when 
+     trying to connect to certain ftpd's, such as anonftpd.  
+     [Rick Ohnemus <rick@ecompcon.com>]
+
+  *) Make mod_rewrite use ap_open_piped_log() for RewriteLog directive's
+     logfile instead of fiddling around itself with child spawning stuff.
+     [Ralf S. Engelschall]
+
+  *) Made RefererIgnore case-insensitive.
+
+  *) Mod_log_agent, mod_log_referer now use ap_open_piped_log for piped logs.
+     [Brian Behlendorf]
+
+  *) Replace use of spawn_child with ap_spawn_child_err_buff, to make everything
+     "safe" under Win32.  In: mod_include.c, mod_mime_magic.c
+     [Brian Behlendorf]
+
+  *) Improve RFC1413 support. [Bob Beck <beck@bofh.ucs.ualberta.ca>]
+
+  *) Fix support script `dbmmanage': It was unable to handle some sort
+     of passwords, especially passwords with "0" chars.
+     [Ralf S. Engelschall] PR#2242
 
-  *) Increase the robustness of the child_main loop.  When unexpected
-     select() or accept() errors occur we exit() the child.  This deals
-     with many reported problems where apache would fill the error_log
-     with messages.  [Dean Gaudet] PR#1747, 1107, 588, 1787, 987, 588
+  *) WIN32: Clicking on "Last Modified" in a fancy index caused a crash. Fixed.
+     [Ben Laurie] PR#2238
+
+  *) WIN32: CGIs could cause a hang (because of a deadlock in the standard C
+     library), so CGI handling has been changed to use Win32 native handles
+     instead of C file descriptors.
+     [Ben Laurie and Bill Stoddard <wgstodda@us.ibm.com>] PR#1129, 1607
+
+  *) The proxy cache would store an incorrect content-length in the cached
+     file copy after a cache update. That resulted in repeated fetching
+     of the original copy instead of using the cached copy.
+     [Ernst Kloppenburg <kloppen@isr.uni-stuttgart.de>] PR#2094
+
+  *) The Makefiles assumed that DSO files are build via $(LD). This
+     is broken for two reasons: First we never defined at least LD=ld
+     somewhere to make sure this works (it was silently assumed that most Make
+     provide a built-in LD definition - ARGL!) and second using the generic LD
+     variable is not the truth. Instead a special variable named LD_SHLIB is
+     reasonable because although "ld" is usually the default, the command for
+     building DSO files can be "libtool" or even "cc" on some systems.
+     [Ralf S. Engelschall]
+
+  *) Replace the AddVersionPlatform directive with ServerTokens which
+     provides for more control over the format of the Server:
+     header line. SERVER_SUBVERSION is no longer supported;
+     all module should use the ap_add_version_component()
+     API function instead. [Jim Jagielski]
+
+  *) Support for the NCR MP/RAS 3.0
+     [John Withers <withers@semi.kcsc.mwr.irs.gov>]
+
+  *) The LDFLAGS_SHLIB_EXPORT variable of src/Configuration[.tmpl] was
+     not retrieved in src/Configure and thus was not useable.
+     [Ralf S. Engelschall]
+ 
+  *) Various Makefile consistency cleanups:
+     - make OSDIR also automatically be relative to src/ like INCDIR
+     - SUBDIRS is now generated in src/Makefile only and not in
+       Makefile.config because it is a local define for this location.
+     - remove BROKEN_BPRINTF_FLAGS because is it no longer used inside
+       any Makefile but make sure that at least the "-K inline" is kept in
+       CFLAGS for SCO 5.
+     - update the "depend" targets in Makefile.tmpl files to use $(OSDIR), too.
+     - updated the dependencies theirself
+     - removed not existing SHLIB variable from "clean" targets
+     - replaced SHLIB_OBJS/SHLIBS_OBJ consistently with OBJS_PIC because OBJS
+       already exists and OBJS_PIC are also just plain objects and have not
+       directly to do with "shared" things. The only difference is that they
+       contain PIC. So OBJS_PIC is the more canonical name.
+     - Updated the Makefile-dependency lines for OBJS_PIC
+     - Removed the Makefile-dependency line in Configure to avoid double
+       definitions
+     - replaced ugly xx-so.o/xx.so-o hack with a clean and consistent usage
+       of xxx.lo as GNU libtool does with its PIC objects
+     - reduce local complexity in modules Makefile.tmpl by moving the last
+       existing target "depend" to the generation section in Configure, too.
+     - removed the historical $(SPACER) which was used in the past together
+       with BROKEN_BPRINTF_FLAGS to avoid zig-zags in the build process. This
+       is no longer needed.
+     - force the build and run of the gen_xxx programs under main/ as the
+       first step before building the objects because it looks cleaner
+     [Ralf S. Engelschall]
+
+  *) WIN32: Make Win32 work again after the /dev/null DoS fix.
+     [Ben Laurie]
+
+  *) WIN32: Check for buffer overflows in ap_os_canonical_filename.
+     [Ben Laurie]
+
+  *) WIN32: Don't force ISAPI headers to finish with \n.
+     [Jim Patterson <Jim.Patterson@Cognos.COM>, Ben Laurie] PR#2060
+
+  *) When opening "configuration" files (like httpd.conf, htaccess
+     and htpasswd), Apache will not allow them to be non-/dev/null
+     device files. This closes a DoS hole. At the same time,
+     we use ap_pfopen to open these files to handle timeouts.
+     [Jim Jagielski, Martin Kraemer]
+
+  *) Apache will now log the reason its httpd children exit if they exit
+     due to an unexpected signal.  (It requires a new porting define,
+     SYS_SIGLIST, which if defined should point to a list of text
+     descriptions of the signals available.  See PORTING.)  [Dean Gaudet]
+
+  *) WIN32: chdir() doesn't make sense in a multithreaded environment 
+     like WIN32.  Before, Win32 CGI's could have had sporadic failures 
+     if a chdir call from one thread was made between another chdir call 
+     and a spawn in another thread.  So, for now don't chdir for CGI scripts 
+     in WIN32.  The current CGI "spec" is unclear as to whether it's 
+     necessary.  Long-term fix is to either serialize the chdir/spawn combo 
+     or use WIN32 native calls to spawn a process.  This temp fix was 
+     necessary to remove this as a showstopper for 1.3's release. 
+     [Brian Behlendorf]
+
+  *) Cleanup the suEXEC support in APACI and make it more safe:
+     1. Add big fat hint in INSTALL about risks and to read the
+        htdocs/manual/suexec.html document before using the suexec-related
+        configure options.
+     2. Make sure the user has at least provided one --suexec-xxxx option
+        (specifies suEXEC parameters) in addition to --enable-suexec option.
+        If only --enable-suexec is given APACI stops with a hint to INSTALL
+        and htdocs/manual/suexec.html documents.
+     3. Provide two additional --suexec-xxxx options to make the suEXEC
+        configuration complete (especially for package maintainers who else
+        had to patch the source tree) by providing ways to configure minimal
+        UID/GID and safe PATH, too.
+     [Ralf S. Engelschall]
+
+  *) Cleanup of the `configure --shadow' process:
+     - make sure the configure script creates its temporary files in the
+       shadow tree to avoid conflicts with parallel configure runs
+     - removed unnecessary option "-r" from "rm" call for Makefiles
+     - make sure the configure scripts creates the shadow-wrapper Makefile
+       only when no shadow trees already exists
+     - make sure "make distclean" removes the shadow-wrapper Makefile but only
+       when no more shadow trees exists
+     - overhauled mkshadow.sh script: now its more IFS-safe and approx. twice
+       as fast (in the past it needed 70sec, now it runs just 38sec)
+     - make sure CVS does not complain about the created files
+       Makefille.<gnutriple> and directories src.<gnutriple>
+     [Ralf S. Engelschall]
+
+  *) Added the ap_add_version_component() API routine and the
+     AddVersionPlatform core directive.  The first allows modules to
+     declare themselves in the Server response header field value,
+     augmenting the SERVER_SUBVERSION define in the Configuration file
+     with run-time settings (more useful in a loadable-module environment).
+     AddVersionPlatform inserts a comment such as "(UNIX)" or "(Win32)"
+     into the server version string.  [Ken Coar] PR#2056
+
+  *) Minor stability tweaks to avoid core dumps in ap_snprintf.
+     [Martin Kraemer]
+
+  *) Emit the "Accept-Range" header for the default handler.
+     [Brian Behlendorf] PR#1464
+
+  *) Add a note to httpd.conf-dist that apache will on some systems fail
+     to start when the Group # is set to a negative or large positive value.
+     [Martin Kraemer]
+
+  *) Make sure the module execution order is correct even when some modules
+     are loaded under runtime (`LoadModule') via the DSO mechanism:
+     1. The list of loaded modules is now a dynamically allocated one
+        and not the original statically list from modules.c
+     2. The loaded modules are now correctly setup by LoadModule for
+        later use by the AddModule command.
+     3. When the DSO mechanism for modules is used APACI's `install'
+        target now enables all created `LoadModule' lines per default because
+        this is both already expected by the user _and_ needed to avoid
+        confusion with the next point and reduces the Makefile.tmpl complexity
+     4. When the DSO mechanism for modules is used, APACI's `install'
+        target now additionally makes sure the module list is reconstructed
+        via a complete `ClearModuleList+AddModule...' entry.
+     5. The support tool `apxs' now also makes sure an AddModule command
+        is added in addition to the LoadModule command.
+     6. The modules.c generation was extended to now contain two
+        comments to make sure no one is confused by the confusing terminology
+        of loading/linking (we use load=link+load & link=activate instead of
+        the obvious load=activate & link=link :-( )
+     This way now there is no longer a difference under execution time between
+     statically and dynamically linked modules.
+     [Ralf S. Engelschall]
+
+  *) Fix the generated mod_xxx.c from "apxs -g -f xxx" after the
+     Big Symbol Renaming. [Ralf S. Engelschall]
+
+  *) Add a comment to mod_example.c showing the format of a FLAG command
+     handler.  [Ken Coar]
+
+  *) Standardized the time format in mod_status to match that of other 
+     places in the code (e.g. DATE_GMT).  PR#1551
+
+  *) Fix handling of %Z in timefmt strings for those platforms with no time
+     zone information in their tm struct. [Paul Eggert <eggert@twinsun.com>]
+     PR#754
+
+  *) Makes mod_rewrite, mod_log_config, mod_status and the ServerSignature 
+     feature compatible with 'UseCanonicalName off' by changing  
+     r->server->server_hostname to ap_get_server_name().  And I changed some 
+     functions which use r->server->port to use ap_get_server_port() instead, 
+     because if there's no Port directive in the config r->server->port is 0.
+     [Lars Eilebrecht]
+
+  *) get/set_module_config are trivial enough to be better off inline.  Worth
+     1.5% performance boost. [Dean Gaudet]
+
+  *) Fix off-by-one error in ap_proxy_date_canon() in proxy_util.c
+     when ensuring 'x' is at least 30-chars big. [Jim Jagielski,
+     Brian Behlendorf]
+
+  *) [BS2000 security] BS2000 needs an extra authentication to initialize
+     the task environment to the unprivileged User id. Otherwise CGI scripts
+     would have a way to gain super user access. [Martin Kraemer]
+
+  *) Fix debug log messages for BS2000/OSD: instead of logging the whole
+     absolute path, only log base name of logging source as is done
+     in unix. [Martin Kraemer]
+
+  *) Ronald Tschalaer's Accept-Encoding patch - preserve the "x-" in
+     the encoding type from the Accept-Encoding header (if it's there)
+     and use it in the response, as that's probably what it'll be expecting.
+     [Ronald.Tschalaer@psi.ch]
+
+  *) Fix to mod_alias: translate_alias_redir is dealing with
+     a URI, not a filename, so the check for drive letters for win32 
+     and emx is not necessary. [Dean Gaudet]
+
+  *) WIN32: Allow .cmd as an executable extension.
+     [Kari Likovuori <Kari.Likovuori@mol.fi>] PR#2146
+
+  *) Make Apache header files, and some variables, C++ friendly.
+     [Michael Anderson's <mka@redes.int.com.mx>]
+
+  *) Child processes can now "signal" (by exiting with a status
+     of APEXIT_CHILDFATAL) the parent process to abort and
+     shutdown the server if the error in the child process was
+     fatal enough. [Jim Jagielski]
+
+  *) mod_autoindex's find_itme() was sensitive to MIME type case.
+     [Jim Jagielski] PR#2112
+
+  *) Make sure the referer_log and agent_log entries in the default httpd.conf
+     file are also adjusted for the actual relative installation paths.
+     [Ralf S. Engelschall] PR#2175
+
+  *) WIN32: Extensive overhaul of the way UNCs are handled. [Ben Laurie]
+
+  *) WIN32: Make roots of filesystems (e.g. c:/) work. [Ben Laurie]
+     PR#1558
+
+  *) PORT: Various porting changes to support AIX 3.2, 4.1.5, 4.2 and 4.3.
+     Additionally the checks for finding the vendor DSO library were moved
+     from mod_so.c to Configure because first it needs $PLAT etc. and second
+     mod_so already uses an abstraction layer and does not fiddle with the
+     vendor functions itself.
+     [Jens-Uwe Mager, Ralf S. Engelschall]
+
+  *) PORT: Some optimization defines for NetBSD
+     [Jaromir Dolecek <dolecek@ics.muni.cz>] PR#2165
+
+  *) PORT: Dynamic Shared Object (DSO) support for NetBSD.
+     [Jaromir Dolecek <dolecek@ics.muni.cz>, Ralf S. Engelschall] PR#2158
+
+  *) Add Dynamic Shared Object (DSO) support for AIX (at least 4.2 but older
+     AIX variants should work fine, too. Even AIX 3.x should work). This is
+     accomplished by using the free DSO emulation code from Jens-Uwe Mager
+     which we put into a os/unix/os-dso-aix.c file.
+     [Ralf S. Engelschall]
+  
+  *) PORT: Fix compiler warnings under AIX >= 4.2 where the manual pages imply
+     that we should use NET_SIZE_T == int but the include files force size_t.
+     [Ralf S. Engelschall]
+
+  *) Fix two bugs in select() handling in http_main.c.
+     [Roy Fielding]
+
+  *) Suppress "error(0)" messages for ap_log_error() when the APLOG_NOERRNO
+     is unset (as it is in situations like timeouts) where it is unclear
+     whether errno is set or not.  [Martin Kraemer]
+
+  *) Just having APACI's localstatedir is too general and not enough for most
+     of the systems. 1.3b6 again required manual APACI patches by package
+     maintainers from RedHat and FreeBSD because for their filesystem layout a
+     little bit more flexibility in configuring the paths is needed. Hence we
+     provide three additional configure options (--runtimedir, --logfiledir,
+     --proxycachedir) which now can be used for more granular adjustments if
+     --localstatedir is not enough to fit the particular needs. As a nice
+     side-effect this reduces some subdir fiddling in configure+Makefile.tmpl.
+     [Ralf S. Engelschall]
+
+  *) Make the install root for "make install" in APACI's Makefile overrideable
+     by package authors.  This way we are even more friendly to package
+     maintainers (especially Debian and RedHat) who build for the real prefix
+     via "configure --prefix=/<real>" but use a different local prefix via
+     "make root=/tmp/apache install" for rolling the package without bristling
+     the target location on their system. 
+     [Ralf S. Engelschall]
+
+  *) Workaround sed limitations in APACI's configure script by now
+     substituting in chunks of 50 commands (because for instance HPUX's vendor
+     sed has a limit of max. 98 commands)
+     [Ralf S. Engelschall] PR#2136
+
+  *) Adding SOCKS5 support and fixing existing SOCKS4 support.
+     [Ralf S. Engelschall] PR#2140
+
+  *) Manually fix some symbols which were not renamed to prefix ap_ in the BIG
+     RENAMING process because they are defined as pre-processor macros instead
+     of real functions: bputc, bgetc, piped_log_write_fd, piped_log_read_fd
+     [Ralf S. Engelschall]
+
+  *) Workaround braindead AWK's when generating ap_config.h: The split() and
+     substr() functions cannot be nested under vendor AWK from Solaris 2.6.
+     [Ralf S. Engelschall] PR#2139
+
+  *) Various bugfixes and cleanups for the APACI configure script:
+     o fix IFS handling for _nested_ situation
+     o fix Perl interpreter search: take first one found instead of last one
+     o fix DSO consistency check
+     o print error messages to stderr instead of stdout
+     o add install-quiet for --shadow situation to Makefile stub
+     o reduce complexity by avoiding sed-hacks for rule and module list loops
+     [Ralf S. Engelschall]
+
+  *) Fix DEBUG_CGI situation in mod_cgi.c [David MacKenzie] PR#2114
+
+  *) Make sure the input field separator (IFS) shell variable is explicitly
+     initialized correctly before _every_ `for' loop and also restored after
+     the loops. [Ralf S. Engelschall]
+
+  *) Make sure that "make install" doesn't overwrite the `mime.types' and
+     `magic' files from an existing Apache installation. Because people often
+     customize these for own MIME and content types.
+     [Ralf S. Engelschall]
+
+  *) PORT: Dynamic Shared Object (DSO) support for OpenBSD 2.x
+     [Peter Galbavy, Ralf S. Engelschall] PR#2109
+
+  *) Fix the path to the ScoreBoardFile in the install-config target, too.
+     [Ralf S. Engelschall] PR#2105
+
+  *) Let "configure" clear out the users parameters (provided as shell
+     variables) to avoid side-effects in "src/Configure" when the user
+     exported them (which is not needed, but some users do it). 
+     [Ralf S. Engelschall] PR#2101
+
+  *) Provide backward compatibility from some old src/Configuration.tmpl
+     parameter names to the canonical Autoconf-style shell variable names. For
+     instance CFLAGS vs. EXTRA_CFLAGS. The EXTRA_xxx variants are accepted now
+     but a hint message is displayed. [Ralf S. Engelschall]
+  
+  *) Make sure that "make install" doesn't overwrite the DocumentRoot and
+     CGI scripts from an existing Apache installation. 
+     [Ralf S. Engelschall, Jim Jagielski] PR#2084
+
+  *) Make `configure --compat' more "compatible" by first 
+     let the libexecdir default to EPREFIX/libexec instead of EPREFIX/bin and
+     second by making sure the "avoid-bristling-suffix" /apache is not
+     appended to sysconfdir, datadir, localstatedir and includedir when
+     --compat is used. [Ralf S. Engelschall, Lars Eilebrecht]
+
+  *) NeXT required strdup() in support/logresolve.c
+     [Francisco Tomei <fatomei@sandburg.unm.edu>] PR#2082
+
+  *) AIX required sys/select.h in support/ab.c
+     [Jens Schleusener <Jens.Schleusener@dlr.de>] PR#2081
+
+  *) Fix the path to the MimeMagicFile in the install-config target, too.
+     [Ralf S. Engelschall] PR#2089
+
+  *) PORT: Added HP-UX 11 patches [Jeff Earickson <jaearick@colby.edu>]
+
+  *) If you start apache with the -S command line option it will dump
+     out the parsed vhost settings.  This is useful for folks trying
+     to figure out what is wrong with their vhost configuration.
+     (Other dumps may be added in the future.) [Dean Gaudet]
+
+  *) Add %pA, %pI, and %pp codes to ap_vformatter (and hence ap_bprintf,
+     ap_snprintf, and ap_psprintf).  See include/ap.h for docs.
+     [Dean Gaudet]
+
+  *) Because /usr/local/apache is the default prefix the ``configure
+     --compat'' option no longer has to set prefix, again. This way the
+     --compat option honors a leading --prefix option. [Lars Eilebrecht]
+
+  *) PORT: Cast the first argument of dlopen() in ap_os_dso_load()
+     to `char *' under OSF1 and FreeBSD 2.x where it is defined this way
+     to avoid "discard const" warnings. [Ralf S. Engelschall]
+
+  *) If a specific handler is set for a file yet the request still
+     ends up being handled by the default handler, log an error
+     message before handling it.  This catches things such as trying 
+     to use SSIs without mod_include enabled.  [Marc Slemko]
+
+  *) Fix error logging for the startup case where ap_log_error() still uses
+     stderr as the target. Now the default log level is honored here, too.
+     [Ralf S. Engelschall]
+    
+  *) PORT: Make sure some AWK's don't fail in src/Configure with "string too
+     long" errors when generating the MODULES entry for src/Makefile
+     [Ben Hyde, Ralf S. Engelschall]
+
+  *) Make sure src/Configure doesn't complain about the old directory
+     /usr/local/etc/httpd/ when APACI is used.  [Lars Eilebrecht]
+   
+Changes with Apache 1.3b6
+
+  *) PORT: Clean up warnings on Ultrix and HPUX.  [Ben Hyde]
+ 
+  *) Adding DSO support for the HP/UX platform by emulating the dlopen-style
+     interface via the similar but proprietary HP/UX shl_xxx-style system
+     calls. [Ralf S. Engelschall]
+
+  *) PORT: Updated UnixWare 2.0.x and 2.1.x entries for DSO support and made
+     APACI Makefile.tmpl "install" target more robust for sensible UnixWare
+     Make. [Ralf S. Engelschall]
+
+  *) ++++ THE BIG SYMBOL RENAMING ++++
+     To avoid symbol clashes with third-party code compiled into the server,
+     we globally applied the prefix "ap_" to the following classes of
+     functions:
+        - Apache provided general functions (e.g., ap_cpystrn)
+        - Public API functions (e.g., palloc, bgets)
+        - Private functions which we can't make static (because of
+          cross-object usage) but should be (e.g., new_connection)
+     For backward source compatibility a new header file named compat.h was
+     created which provides defines for the old symbol names and can be used
+     by third-party module authors.
+     [The Apache Group]
+
+  *) Added dynamic shared object (DSO) support for SVR4-derivates: The
+     problem under SVR4 is that there is no command flag to force the linker
+     to export the global symbols of the httpd executable therewith they are
+     available to the DSO's. Instead of problematic hacks like creating a
+     dummy.so file (containing dummy references to all global symbols) the
+     httpd binary is linked against, we use a clean trick stolen from Perl 5:
+     Placing the Apache core code itself into a DSO library named libhttpd.so.
+     This way the global symbols _HAVE_ to be exported and thus are available
+     to any manually loaded DSO's under runtime. To reduce the impact to the
+     user to null we go even further and create a stub httpd executable which
+     automatically keeps track of the DSO library loading itself and thus
+     hides the complete mechanism from the user. Although the generation of
+     this DSO library is automatically triggered for platforms which
+     essentially need it (mostly all SVR4-derivates) it can be also enabled
+     manually via the Rule SHARED_CORE. This can be interesting in the future
+     where we perhaps exploit this libhttpd.so mechanism for providing nifty
+     features like graceful upgrades, or whatever. 
+     [Ralf S. Engelschall, Martin Kraemer]
+
+  *) Build the libraries before building the rest of the tools. [Ben Hyde]
+
+  *) Add "distclean" target to src/-Makefiles to provide "make distclean" also
+     inside the src subtree (i.e. for non-APACI users). Following GNU Makefile
+     conventions while "clean" removes only stuff created by "all" targets,
+     "distclean" additionally removes the stuff from the configuration
+     process. This way "make distclean" (hence the name) provides a fresh
+     source tree as it was for distribution.
+     [Ralf S. Engelschall]
+
+  *) Allow top-level (APACI) Makefile to break on build errors
+     the same way the src/ subtree Makefiles breaks on them by replacing the
+     initial APACI sed-subdir-display-kludge with a more clean
+     variable-passing-solution: variable SDP can optionally hold the subdir
+     prefix which is consistently used for displaying the subdir movement.
+     This way even the top-level Makefile can stop correctly on errors as the
+     user expects. [Ralf S. Engelschall]
+
+  *) Fixed ordering of argument checks for RewriteBase directive.
+     [Todd Eigenschink <eigenstr@mixi.net>] PR#2045
+
+  *) Change Win32 IS_MODULE to SHARED_MODULE to match Unix' method of
+     indicating that a module is being compiled for dynamic loading. Also
+     remove #define IS_MODULE from modules and add SHARED_MODULE define
+     to the mak/dsp files. [Alexei Kosut]
+
+  *) Reduce logging level of "normal" warning messages to APLOG_INFO,
+     since we are now logging APLOG_WARNING by default. [Roy Fielding]
+
+  *) PORT: OS/2 tweak to deal with multiple .exe targets. [Brian Havard]
+ 
+  *) Add documentation file and src/Configuration.tmpl entry for the
+     experimental mod_mmap_static module. Because although it is and marked as
+     an experimental one it is distributed and thus should be documented and
+     prepared for configuration the same way as all others modules. 
+     [Ralf S. Engelschall]
+
+  *) Add query (-q) option to apxs support tool to be able to manually query
+     specific settings from apxs. This is needed for instance when you
+     manually want to access Apache's header files and you need to assemble
+     the -I option.  Now you can do -I`apxs -q INCLUDEDIR`.
+     [Ralf S. Engelschall]
+
+  *) Now src/Configure uses a fallback strategy for the shared object support
+     on platforms where no explicit information is available: If a Perl
+     installation exists we ask it about its shared object support and if it's
+     the dlopen-style one we shamelessly guess the compiler and linker flags
+     for creating shared objects from Perls knowledge. Of course, the user is
+     warning about what we are doing and informed that he should send us
+     the guessed flags when they work. [Ralf S. Engelschall]
+
+  *) Provide APACI --without-support option to be able to disable the build
+     and installation of the support tools from the src/support/ area.
+     Although its useful to have these installed per default we should provide
+     a way to compile and install without them for backward-compatibility.
+     [Ralf S. Engelschall]
+
+  *) Add of the new APache eXtenSion (apxs) support tool for building and
+     installing modules into an _already installed_ Apache package through the
+     dynamic shared object (DSO) mechanism [mod_so.c]. The trick here is that
+     this approach actually doesn't need the Apache source tree.  The
+     (APACI-installed) server package is enough, because this now includes the
+     Apache C header files (PREFIX/include) and the new APXS tool
+     (SBINDIR/apxs).  The intend is to provide a handy tool for third-party
+     module authors to build their Apache modules _OUTSIDE_ the Apache source
+     tree while avoiding them to fiddle around with the totally platform
+     dependend way of compiling DSO files. The tool supports all ranges of
+     modules, from trivial ones (single mod_foo.c) to complex ones (like PHP3
+     which has a mod_php3.c plus a pre-built libmodphp3-so.a) and even can
+     on-the-fly generate a minimalistic Makefile and sample module for the
+     first step to provide both a quick success event and to demonstrate the
+     APXS mechanism to module authors. [Ralf S. Engelschall]
+
+  *) Fix core dumps in use of CONNECT in proxy.  
+     [Rainer.Scherg@rexroth.de] PR#1326, #1573, #1942
+
+  *) Modify the log directives in httpd.conf-dist files to use CustomLog
+     so that users have examples of how CustomLog can be used.
+     [Lars Eilebrecht]
+
+  *) Add the new Apache Autoconf-style Interface (APACI) for the top-level of
+     the Apache distribution tree.  Until Apache 1.3 there was no real
+     out-of-the-box batch-capable build and installation procedure for the
+     complete Apache package. This is now provided by a top-level "configure"
+     script and a corresponding top-level "Makefile.tmpl" file.  The goal is
+     to provide a GNU Autoconf-style frontend which is capable to both drive
+     the old src/Configure stuff in batch and additionally installs the
+     package with a GNU-conforming directory layout. Any options from the old
+     configuration scheme are available plus a lot of new options for flexibly
+     customizing Apache. [Ralf S. Engelschall]
+
+  *) The floating point ap_snprintf code wasn't threadsafe.
+     Had to remove the HAVE_CVT macro in order to do threadsafe
+     calling of the ?cvt() floating point routines.  [Dean Gaudet]
+
+  *) PORT: Add the SCO_SV port. [Jim Jagielski] PR#1962
+
+  *) PORT: IRIX needs the -n32 flag iff using the 'cc' compiler
+     [Jim Jagielski] PR#1901
+
+  *) BUG: Configure was using TCC and CC inconsistantly. Make sure
+     Configure knows which CC we are using. [Jim Jagielski]
+
+  *) "Options +Includes" wasn't correctly merged if "+IncludesNoExec"
+     was defined in a parent directory. [Lars Eilebrecht]
+
+  *) API: ap_snprintf() code mutated into ap_vformatter(), which is
+     a generic printf-style routine that can call arbitrary output
+     routines.  Use this to replace http_bprintf.c.  Add new routines
+     psprintf(), pvsprintf() which allocate the exact amount of memory
+     required for a string from a pool.  Use psprintf() to clean up
+     various bits of code which used ap_snprintf()/pstrdup().
+     [Dean Gaudet]
+
+  *) PORT: HAVE_SNPRINTF doesn't do anything any longer.  This is because
+     ap_snprintf() has different semantics and formatting codes than
+     snprintf().  [Dean Gaudet]
+
+  *) SIGXCPU and SIGXFSZ are now reset to SIG_DFL at boot-time.  This
+     is necessary on at least Solaris where the /etc/rc?.d scripts
+     are run with these signals ignored, and "SIG_IGN" settings are
+     maintained across exec().
+     [Rein Tollevik <reint@sys.sol.no>] PR#2009
+
+  *) Fix the check for symbolic links in ``RewriteCond ... -l'': stat() was
+     used instead of lstat() and thus this flag didn't work as expected.
+     [Rein Tollevik <reint@sys.sol.no>] PR#2010
+
+  *) Fix the proxy pass-through feature of mod_rewrite for the case of
+     existing QUERY_STRING now that mod_proxy was recently changed because of
+     the new URL parsing stuff. [Ralf S. Engelschall]
+
+  *) A few changes to scoreboard definitions which helps gcc generate
+     better code.  [Dean Gaudet]
+
+  *) ANSI C doesn't guarantee that "int foo : 2" in a structure will
+     be a signed bitfield.  So mark a few bitfields as signed to
+     ensure correct code.  [Dean Gaudet]
+
+  *) The default for HostnameLookups was changed to Off, but there
+     was a problem and it wasn't taking effect. [Dean Gaudet]
+
+  *) PORT: Clean up undefined signals on some platforms (SCO, BeOS).
+     [Dean Gaudet]
+
+  *) After a SIGHUP the listening sockets in the parent weren't
+     properly marked for closure on fork().
+     [Jürgen Keil <jk@tools.de>] PR#2000
+ 
+  *) Allow %2F in two situations: 1) it is in the query part of the URI,
+     therefore not exposed to %2F -> '/' translations and 2) the request
+     is a proxy request, so we're not dealing with a local resource anyway.
+     Without this, the proxy would fail to work for any URL's with
+     %2f in them (occurs quite often in
+     http://.../cgi-bin/...?http%3A%2F%2F... references) [Martin Kraemer]
+
+  *) Protect against FD_SETSIZE mismatches.  [Dean Gaudet]
+
+  *) Make the shared object compilation command more portable by avoiding
+     the direct combination of `-c' & `-o' which is not honored by some
+     compilers like UnixWare's cc. [Ralf S. Engelschall]
+
+  *) WIN32: the proxy was creating filenames missing the last four
+     characters.  While this normally doesn't stop anything from 
+     working, it can result in extra collisions.  
+     [Tim Costello <tjcostel@socs.uts.edu.au>] PR#1890
+
+  *) Now mod_proxy uses the response string (in addition to the response status
+     code) from the already used FTP SIZE command to setup the Content-Length
+     header if available. [Ralf S. Engelschall] PR#1183
+
+  *) Reanimated the (still undocumented) proxy receive buffer size directive:
+     Renamed from ReceiveBufferSize to ProxyReceiveBufferSize because the old
+     name was really too generic, added documentation for this directive to
+     the mod_proxy.html and corrected the hyperlink to it in the
+     new_features_1.3.html document.  [Ralf S. Engelschall] PR#1348
+
+  *) Fix a bug in the src/helpers/fp2rp script and make it a little bit
+     faster [Martin Kraemer]
+  
+  *) Make Configure die when you give it an unknown command switch.
+     [Ben Hyde]
+
+  *) Add five new and fresh manpages for the support programs: dbmmanage.1,
+     suexec.8, htdigest.1, rotatelogs.8 and logresolve.8.  Now all up-to-date
+     and per default compiled support programs have manual pages - just to
+     document our stuff a little bit more and to be able to do really
+     Unix-like installations ;-) [Ralf S. Engelschall]
+
+  *) Major cleanups to the Configure script to make it and its generated
+     Makefiles again readable and maintainable: add SRCDIR option, removed
+     INCLUDES_DEPTH[0-2] kludge, cleanup of TARGET option, cleanup of
+     generated sections, consequently added Makefile headers with inheritance
+     information, added subdir movement messages for easier following where
+     the build process currently stays (more verbose then standard Make, less
+     verbose than GNU make), same style to comments in the Configure script,
+     added Apache license header, fixed a few bugs, etc. [Ralf S. Engelschall]
+     
+  *) Add the new ApacheBench program "ab" to src/support/: This is derived
+     from the ZeusBench benchmarking program and can be used to determine the
+     response performance of an Apache installation. This version is
+     officially licensed with Zeus Technology, Ltd. See the license agreement
+     statements in <199803171224.NAA24547@en1.engelschall.com> in apache-core.
+     [Ralf S. Engelschall]
+
+  *) API: Various core functions that are definately not part of the API
+     have been made static, and a few have been marked API_EXPORT.  Still
+     more have been marked CORE_EXPORT and are not intended for general
+     use by modules.  [Doug MacEachern, Dean Gaudet]
+
+  *) mod_proxy was not clearing the Proxy-Connection header from
+     requests; now it does.  This did not violate any spec, however 
+     causes poor interactions when you are talking to remote proxies.  
+     [Marc Slemko] PR#1741
+
+  *) Various cleanups to the command line interface and manual pages.
+     [Ralf S. Engelschall]
+
+  *) cfg_getline() was not properly handling lines that did not end
+     with a line termination character.  [Marc Slemko] PR#1869, 1909
+
+  *) Performance tweak to mod_log_config.  [Dmitry Khrustalev]
+
+  *) Clean up some undocumented behavior of mod_setenvif related to
+     "merging" two SetEnvIf directives when they match the same header
+     and regex.  Document that mod_setenvif will perform comparisons in
+     the order they appear in the config file.  Optimize mod_setenvif by
+     doing more work at config time rather than at runtime.
+     [Dean Gaudet]
+
+  *) src/include/ap_config.h now wraps it's #define's with #ifndef/#endif's
+     to allow for modules to overrule them and to reduce redefinition
+     warnings [Jim Jagielski]
+
+  *) [PORT] For A/UX change the OS-#define for -DAUX to -DAUX3.
+     [Jim Jagielski]
+
+  *) Making the hard-coded cross-module function call mime_find_ct() (from
+     mod_proxy to mod_mime) obsolete by making sure the API hook for MIME type
+     checking is really called even for proxy requests except for URLs with
+     HTTP schemes (because there we can optimize by not running the type
+     checking hooks due to the fact that the proxy gets the MIME Content-type
+     from the remote host later). This change cleans up mod_mime by removing
+     the ugly export kludge, makes the one-liner file mod_mime.h obsolete, and
+     especially unbundles mod_proxy and mod_mime. This way they both now can
+     be compiled as shared objects and are no longer tied together. 
+     [Ralf S. Engelschall]
+
+  *) util.c cleanup and speedup. [Dean Gaudet]
+
+  *) API: Clarification, pstrndup() will always copy n bytes of the source
+     and NUL terminate at the (n+1)st byte.  [Dean Gaudet]
+
+  *) Mark module command_rec and handler_rec structures const so that they
+     end up in the read-only data section (and are friendlier to systems
+     that don't do optimistic memory allocation on fork()). [Dean Gaudet]
+
+  *) Add check to the "Port" directive to make sure the specified 
+     port is in the appropriate range.  [Ben Hyde]
+
+  *) Performance improvements to invoke_handler().
+     [Dmitry Khrustalev <dima@bog.msu.su>]
+
+  *) Added support for building shared objects even for library-style modules
+     (which are built from more than one object file). This now provides the
+     ability to build mod_proxy as a shared object module. Additionally
+     modules like mod_example are now also supported for shared object
+     building because the generated Makefiles now no longer assume there is at
+     least one statically linked module. [Ralf S. Engelschall]
+
+  *) API: Clarify usage of content_type, handler, content_encoding,
+     content_language and content_languages fields in request_rec.  They
+     must always be lowercased; and the strings pointed to shouldn't
+     be modified (you must copy them to modify them).  Fix a few bugs
+     related to this.  [Dean Gaudet]
+
+  *) API: Clarification: except for RAW_ARGS, all command handlers can
+     treat the char * parameters as permanent, and modifiable.  There
+     is no need to pstrdup() them.  Clean up some needless pstrdup().
+     [Dean Gaudet]
+
+  *) Now mod_so keeps track of which module shared objects with which names
+     are loaded and thus avoids multiple loading and unloading and irritating
+     error_log messages. [Ralf S. Engelschall]
+
+  *) Prior to the existence of mod_setenv it was necessary to tweak the TZ
+     environment variable in the apache core.  But that tweaking interferes
+     with mod_setenv.  So don't tweak if the user has specified an explicit
+     TZ variable.  [Jay Soffian <jay@cimedia.com>] PR#1888
+
+  *) rputs() did not calculate r->sent_bodyct properly.
+     [Siegmund Stirnweiss <siegst@kat.ina.de>] PR#1900
+
+  *) The CGI spec says that REMOTE_HOST should be set to the remote hosts's
+     name, or left unset if this value is unavailable.  Apache was setting
+     it to the IP address when unavailable.
+     [Tony Finch <fanf@demon.net>] PR#1925
+
+  *) Various improvements to the configuration and build support for compiling
+     modules as shared objects. Especially Solaris 2.x, SunOS 4.1, IRIX and
+     OSF1 support with GCC and vendor compilers was added.  This way shared
+     object support is now provided out-of-the-box for FreeBSD, Linux,
+     Solaris, SunOS, IRIX and OSF1. In short: On all major platforms!
+     [Ralf S. Engelschall]
+
+  *) Minor cleanup in http_main -- split QNX and OS2 specific "mmap"
+     scoreboard code into separate #defines -- USE_POSIX_SCOREBOARD
+     and USE_OS2_SCOREBOARD.  [Dean Gaudet]
+
+  *) Fix one more special locking problem for RewriteMap programs in
+     mod_rewrite: According to the documentation of flock(), "Locks are on
+     files, not file descriptors.  That is, file descriptors duplicated
+     through dup(2) or fork(2) do not result in multiple instances of a lock,
+     but rather multiple references to a single lock. If a process holding a
+     lock on a file forks and the child explicitly unlocks the file, the
+     parent will lose its lock.". To overcome this we have to make sure the
+     RewriteLock file is opened _AFTER_ the childs were spawned which is now
+     the case by opening it in the child_init instead of the module_init API
+     hook. [Ralf S. Engelschall] PR#1029
+
+  *) Change to Location and LocationMatch semantics.  LocationMatch no
+     longer lets a single slash match multiple adjacent slashes in the
+     URL.  This change is for consistency with RewriteRule and
+     AliasMatch.  Multiple slashes have meaning in URLs that they do
+     not have in (some) filesystems.  Location on the other hand can
+     be considered a shorthand for a more complicated regex, and it
+     does match multiple slashes with a single slash -- which is
+     also consistent with the Alias directive.
+     [Dean Gaudet] related PR#1440
+
+  *) Fix bug with mod_mime_magic causing certain files, including files
+     of length 0, to result in no response from the server.
+     [Dean Gaudet]
+
+  *) The Configure script now generates src/include/ap_config.h which
+     contains the set of defines used when Apache is compiled on a platform.
+     This file can then be included by external modules before including
+     any Apache header files in case they are being built separately from
+     Apache.  Along with this change, a couple of minor changes were
+     made to make Apache's #defines coexist peacefully with any autoconf
+     defines an external module might have. [Rasmus Lerdorf]
+
+  *) Fix mod_rewrite for the ugly API case where <VirtualHost> sections exist
+     but without any RewriteXXXXX directives. Here mod_rewrite is given no
+     chance by the API to initialize its per-server configuration and thus
+     receives the wrong one from the main server. This is now avoided by
+     remembering the server together with the config structure while
+     configuring and later assuming there is no config when we see a
+     difference between the remembered server and the one calling us. 
+     [Ralf S. Engelschall] PR#1790
+
+  *) Fixed the DBM RewriteMap support for mod_rewrite: First the support now
+     is automatically disabled under configure time when the dbm_xxx functions
+     are not available. Second, two heavy source code errors in the DBM
+     support code were fixed.  This makes DBM RewriteMap's usable again after
+     a long time of brokenness. [Ralf S. Engelschall] PR#1696
+
+  *) Now all configuration files support Unix-style line-continuation via 
+     the trailing backslash ("\") character. This enables us to write down
+     complex or just very long directives in a more readable way.  The
+     backslash character has to be really the last character before the
+     newline and it has not been prefixed by another (escaping) backslash.
+     [Ralf S. Engelschall]
+
+  *) When using ProxyPass the ?querystring was not passed correctly.
+     [Joel Truher <truher@wired.com>]
+
+  *) To deal with modules being compiled and [dynamically] linked
+     at a different time from the core, the SERVER_VERSION and
+     SERVER_BUILT symbols have been abstracted through the new
+     API routines apapi_get_server_version() and apapi_get_server_built().
+     [Ken Coar]  PR#1448
+
+  *) WIN32: Preserve trailing slash in canonical path (and hence
+	   in PATH_INFO). [Paul Sutton, Ben Laurie]
+
+  *) PORT: USE_PTHREAD_SERIALIZED_ACCEPT has proven unreliable
+     depending on the rev of Solaris and what mixture of modules
+     are in use.  So it has been disabled, and Solaris is back to
+     using USE_FCNTL_SERIALIZED_ACCEPT.  Users may experiment with
+     USE_PTHREAD_SERIALIZED_ACCEPT at their own risk, it may speed
+     up static content only servers.  Or it may fail unpredictably.
+     [Dean Gaudet] PR#1779, 1854, 1904
+
+  *) mod_test_util_uri.c created which tests the logic in util_uri.c.
+     [Dean Gaudet]
+
+  *) API: Rewrite of absoluteURI handling, and in particular how
+     absoluteURIs match vhosts.  Unless a request is a proxy request, a
+     "http://host" url is treated as if a similar "Host:" header had been
+     supplied.  This change was made to support future HTTP/1.x protocols
+     which may require clients to send absoluteURIs for all requests.
+
+     In order to achieve this change subtle changes were made to the API.  In a
+     request_rec, r->hostlen has been removed.  r->unparsed_uri now exists so
+     that the unmodified uri can be retrieved easily.  r->proxyreq is not set
+     by the core, modules must set it during the post_read_request or
+     translate_names phase.
+
+     Plus changes to the virtualhost test suite for absoluteURI testing.
+
+     This fixes several bugs with the proxy proxying requests to vhosts
+     managed by the same httpd.
+     [Dean Gaudet]
+
+  *) API: Cleanup of code in http_vhost.c, and remove vhost matching
+     code from mod_rewrite.  The vhost matching is now performed by a
+     globally available function matches_request_vhost().  [Dean Gaudet]
+
+  *) Reduce memory usage, and speed up ServerAlias support.  As a
+     side-effect users can list multiple ServerAlias directives
+     and they're all considered.
+     [Chia-liang Kao <clkao@cirx.org>] PR#1531
+
+  *) The "poly" directive in image maps did not include the borders of the
+     polygon, whereas the "rect" directive does.  Fix this inconsistency.
+     [Konstantin Morshnev <moko@design.ru>] PR#1771
+
+  *) Make \\ behave as expected.  [Ronald.Tschalaer@psi.ch]
+
+  *) Add the `%a' construct to LogFormat and CustomLog to log the client IP
+     address. [Todd Eigenschink <eigenstr@mixi.net>] PR#1885
+
+  *) API: A new source module main/util_uri.c; It contains a routine
+     parse_uri_components() and friends which breaks a URI into its component
+     parts.  These parts are stored in a uri_components structure called
+     parsed_uri within each request_rec, and are available to all modules.
+     Additionally, an unparse routine is supplied which re-assembles the URI
+     components back to an URI, optionally hiding the username:password@ part
+     from ftp proxy requests, and other useful routines.  Within the structure,
+     you find on a ready-for-use basis:
+	scheme;     /* scheme ("http"/"ftp"/...) */
+	hostinfo;   /* combined [user[:password]@]host[:port] */
+	user;       /* user name, as in http://user:passwd@host:port/ */
+	password;   /* password, as in http://user:passwd@host:port/ */
+	hostname;   /* hostname from URI (or from Host: header) */
+	port_str;   /* port string (integer representation is in "port") */
+	path;       /* the request path (or "/" if only scheme://host was given) */
+	query;      /* Everything after a '?' in the path, if present */
+	fragment;   /* Trailing "#fragment" string, if present */
+     This is meant to serve as the platform for *BIG* savings in
+     code complexity for the proxy module (and maybe the vhost logic).
+     [Martin Kraemer]
+
+  *) Make all possible meta-construct expansions ($N, %N, %{NAME} and
+     ${map:key}) available for all location where a string is created in
+     mod_rewrite rewriting rulesets: 1st arg of RewriteCond, 2nd arg of
+     RewriteRule and for the [E=NAME:STRING] flag of RewriteRule. This way the
+     possible expansions are consequently usable at all string creation
+     locations. [Ralf S. Engelschall]
+
+  *) Fix initialization of RewriteLogLevel (default now is 0 as documented 
+     and not 1) and the per-virtual-server merging of directives. Now all
+     directives except `RewriteEngine' and `RewriteOption' are either
+     completely overridden (default) or completely inherited (when
+     `RewriteOptions inherit') is used. [Ralf S. Engelschall] PR#1325
+
+  *) Fix `RewriteMap' program lookup in situations where such maps are
+     defined but disabled (`RewriteEngine off') in per-server context. 
+     [Ralf S. Engelschall] PR#1431
+
+  *) Fix bug introduced in 1.3b4-dev, config with no Port setting would cause
+     server to bind to port 0 rather than 80.  [Dean Gaudet]
+
+  *) Fix long-standing problem with RewriteMap _programs_ under Unix derivates
+     (like SunOS and FreeBSD) which don't accept the locking of pipes
+     directly.  A new directive RewriteLock is introduced which can be used to
+     setup a separate locking file which then is used for synchronization.
+     [Ralf S. Engelschall] PR#1029
+
+  *) WIN32: The server root is obtained from the registry key
+     HKLM\SOFTWARE\Apache Group\Apache\<version> (version is currently
+     "1.3 beta"), unless overridden by the -d command line flag. The
+     value is stored by running "apache -i -d serverroot". [Paul Sutton]
+
+  *) Merged os/win32/mod_dll.c into modules/standard/mod_so.c to support
+     dynamic loading on Win32 and Unix via the same module. [Paul Sutton]
+
+  *) Now mod_rewrite no longer makes problematic assumptions on the characters
+     a username can contain when trying to expand it via /etc/passwd. 
+     [Ralf S. Engelschall]
+
+  *) The mod_setenvif BrowserMatch backwards compatibility command did not
+     work properly with spaces in the regex.  [Ronald Tschalaer] PR#1825
+
+  *) Add new RewriteMap types: First, `rnd' which is equivalent to the `txt'
+     type but with a special post-processing for the looked-up value: It
+     parses it into alternatives according to `|' chars and then only one
+     particular alternative is chosen randomly (this is an essential
+     functionality needed for balancing between backend-servers when using
+     Apache as a Reverse Proxy.  The looked up value here is a list of
+     servers). Second, `int' with the built-in maps named `tolower' and
+     `toupper' which can be used to map URL parts to a fixed case (this is an
+     essential feature to fix the case of server names when doing mass
+     virtual-hosting with the help of mod_rewrite instead of using
+     <VirtualHost> sections). [Ralf S. Engelschall, parts based on code from
+     Jay Soffian <jay@cimedia.com>] PR#1631
+
+  *) Add a new directive to mod_proxy similar to ProxyPass: `ProxyPassReverse'.
+     This directive lets Apache adjust the URL in Location-headers on HTTP
+     redirect responses sent by the remote server. This way the virtually
+     mapped area is no longer left on redirects and thus by-passed which is
+     especially essential when running Apache as a reverse proxy.  
+     [Ralf S. Engelschall]
+
+  *) Hide Proxy-Authorization from CGI/SSI/etc just like Authorization is
+     hidden. [Alvaro Martinez Echevarria]
+
+  *) Apache will, when started with the -X (single process) debugging flag,
+     honor the SIGINT or SIGQUIT signals again now. This capability got lost
+     a while ago during OS/2 signal handling changes.
+
+  *) [PORT] Work around the fact that NeXT runs on more than the
+     m68k chips in mod_status [Scott Anguish and Timothy Luoma
+     <luomat@peak.org>]
+
+  *) [PORT] Recognize FreeBSD versions so we can use the OS regex as well
+     as handling unsigned-chars for FreeBSD v3 and v2 [Andrey Chernov
+     <ache@nagual.pp.ru> and Jim] PR#1450
+
+  *) Use SA_RESETHAND or SA_ONESHOT when installing the coredump handlers.
+     In particular the handlers could trigger themselves into an infinite
+     loop if RLimitMem was used with a small amount of memory -- too small
+     for the signal stack frame to be set up.  [Dean Gaudet]
+
+  *) Fix problems with absoluteURIs introduced during 1.3b4.  [Dean Gaudet,
+     Alvaro Martinez Echevarria <alvaro@lander.es>]
+
+  *) Fix multiple UserDir problem introduced during 1.3b4-dev.
+     [Dean Gaudet] PR#1850
+
+  *) ap_cpystrn() had an off-by-1 error.
+     [Charles Fu <ccwf@klab.caltech.edu>] PR#1847
+
+  *) API: As Ken suggested the check_cmd_context() function and related
+     defines are non-static now so modules can use 'em.  [Martin Kraemer]
+
+  *) mod_info would occasionally produce an unpaired <tt> in its
+     output. Fixed. [Martin Kraemer]
+
+  *) By default AIX binds a process (and it's children) to a single
+     processor.  httpd children now unbind themselves from that cpu
+     and re-bind to one selected at random via bindprocessor()
+     [Doug MacEachern]
+
+  *) Linux 2.0 and above implement RLIMIT_AS, RLIMIT_DATA has almost no
+     effect.  Work around it by using RLIMIT_AS for the RLimitMEM
+     directive.  [Enrik Berkhan <enrik@inka.de>] PR#1816
+
+  *) mod_mime_magic error message should indicate the filename when
+     reads fail.  ["M.D.Parker" <mdpc@netcom.com>] PR#1827
+
+  *) Previously Apache would permit </Files> to end <FilesMatch> (and
+     similary for Location and Directory), now this is diagnosed as an
+     error.  Improve error messages for mismatched sections (<Files>,
+     <FilesMatch>, <Directory>, <DirectoryMatch>, ...).
+     [Dean Gaudet, Martin Kraemer]
+
+  *) <Files> is not permitted within <Location> (because of the
+     semantic ordering).  [Dean Gaudet] PR#379
+
+  *) <Files> with wildcards was broken by the change in wildcard
+     semantics (* does not match /).  To fix this, <Files> now
+     apply only to the basename of the request filename.  This
+     fixes some other inconsistencies in <Files> semantics
+     (such as <Files a*b> not working).  [Dean Gaudet] PR#1817
+
+  *) Removed bogus "dist.tar" target from Makefile.tmpl and make sure
+     backup files are removed on "clean" target [Ralf S. Engelschall]
 
   *) PORT: Add -lm to LIBS for HPUX.  [Dean Gaudet] PR#1639
 
+  *) Various errors from select() and accept() in child_main() would
+     result in an infinite loop.  It seems these two tickle kernel
+     or library bugs occasionally, and result in log spammage and
+     a generally bad scene.  Now the child exits immediately,
+     which seems to be a good workaround.
+     [Dean Gaudet] PR#1747, 1107, 588, 1787, 987, 588
+
+  *) Cleaned up some race conditions in unix child_main during
+     initialization. [Dean Gaudet]
+
   *) SECURITY: "UserDir /abspath" without a * in the path would allow
      remote users to access "/~.." and bypass access restrictions
      (but note /~../.. was handled properly).
      [Lauri Jesmin <jesmin@ut.ee>] PR#1701
 
+  *) API: os_is_path_absolute() now takes a const char * instead of a char *.
+     [Dean Gaudet]
+
+Changes with Apache 1.3b5
+
+  *) Source file dependencies in Makefile.tmpl files throughout the
+     source tree were updated to accurately reflect reality.
+     [Dean Gaudet]
+
+  *) Preserve the content encoding given by the AddEncoding directive
+     when the client doesn't otherwise specify an encoding.
+     [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>]
+
+  *) Sort out problems with canonical filename handling happening too late.
+     [Dean Gaudet, Ben Laurie]
+
+Changes with Apache 1.3b4
+
+  *) The module structure was modified to include a *dynamic_load_handle
+     in the STANDARD_MODULE_STUFF portion, and the MODULE_MAGIC_NUMBER
+     has been bumped accordingly.  [Paul Sutton]
+
+  *) All BrowserMatch directives mentioned in
+     htdocs/manual/known_client_problems.html are in the default
+     configuration files.  [Lars Eilebrecht]
+
+  *) MiNT port update. [Jan Paul Schmidt]
+
+  *) HTTP/1.1 requires x-gzip and gzip encodings be treated
+     equivalent, similarly for x-compress and compress.  Apache
+     now ignores a leading x- when comparing encodings.  It also
+     preserves the encoding the client requests (for example if
+     it requests x-gzip, then Apache will respond with x-gzip
+     in the Content-Encoding header).
+     [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>] PR#1772
+
+  *) Fix a memory leak on keep-alive connections.  [Igor Tatarinov]
+
+  *) Added mod_so module to support dynamic loading of modules on Unix
+     (like mod_dld for Win32). This replaces mod_dld.c. Use SharedModule
+     instead of AddModule in Configuration to build shared modules
+     [Sameer Parekh, Paul Sutton]
+
+  *) Minor cleanups to r->finfo handling in some modules.
+     [Dean Gaudet]
+
+  *) Abstract read()/write() to ap_read()/ap_write().
+     Makes it easier to add other types of IO code such as SFIO.
+     [Randy Terbush]
+
+  *) API: Generalize default_port manipulations to make support of
+     different protocols easier. [Ben Laurie, Randy Terbush]
+
+  *) There are many cases where users do not want Apache to form
+     self-referential urls using the "canonical" ServerName and Port.
+     The new UseCanonicalName directive (default on), if set to off
+     will cause Apache to use the client-supplied hostname and port.
+     API: Part of this change required a change to the construct_url()
+     prototype; and the addition of get_server_name() and
+     get_server_port().
+     [Michael Douglass <mikedoug@texas.net>, Dean Gaudet]
+     PR#315, 459, 485, 1433
+
+  *) Yet another rearrangement of the source tree.. now all the common
+     header files are in the src/include directory.  The -Imain -Iap
+     references in Makefiles have been changed to the simpler -Iinclude
+     instead.  In addition to simplifying the build a little bit, this
+     also makes it clear when a module is referencing something in a
+     other than kosher manner (e.g., the proxy including mod_mime.h).
+     Module-private header files (the proxy, mod_mime, the regex library,
+     and mod_rewrite) have not been moved to src/include; nor have
+     the OS-abstraction files.  [Ken Coar]
+
+  *) Fix a bug where r->hostname didn't have the :port stripped
+     from it.  [Dean Gaudet]
+
+  *) Tweaked the headers_out table size, and the subprocess_env
+     table size guess in rename_original_environment().  Added
+     MAKE_TABLE_PROFILE which can help discover make_table()
+     calls that use too small an initial guess, see alloc.c.
+     [Dean Gaudet]
+
+  *) Options and AllowOverride weren't properly merging in the main
+     server setting inside vhosts (only an issue when you have no
+     <Directory> or other section containing an Options that affects
+     a request).  Options +foo or -foo in the main_server wouldn't
+     affect the main_server's lookup defaults.  [Dean Gaudet]
+
+  *) Variable 'cwd' was being used pointlessly before being set.
+     [Ken Coar] PR#1738
+
+  *) r->allowed handling cleaned up in the standard modules.
+     [Dean Gaudet]
+
+  *) Some case-sensitivity issues cleaned up to be consistent with
+     RFC2068.  [Dean Gaudet]
+
+  *) SIGURG doesn't exist everywhere.
+     [Mark Andrew Heinrich <heinrich@tinderbox.Stanford.EDU>]
+
+  *) mod_unique_id was erroneously generating a second unique id when
+     an internal redirect occured.  Such redirects occur, for example,
+     when processing a DirectoryIndex match.  [Dean Gaudet]
+
+  *) API: table_add, table_merge, and table_set include implicit pstrdup()
+     of the key and value.  But in many cases this is not required
+     because the key/value is a constant, or the value has been built
+     by pstrcat() or other similar means.  New routines table_addn,
+     table_mergen, and table_setn have been added to the API, these
+     routines do not pstrdup() their arguments.  The core code and
+     standard modules were changed to take advantage of these routines.
+     The resulting server is up to 20% faster in some situations.
+
+     Note that it is easy to get code subtly wrong if you pass a key/value
+     which is in a pool other than the pool of the table.  The only
+     safe thing to do is to pass key/values which are in the pool of
+     the table, or in one of the ancestors of the pool of the table.
+     i.e. if the table is part of a subrequest, a value from the main
+     request's pool is OK since the subrequest pool is a sub_pool of the
+     main request's pool (and therefore has a lifespan at most as long as
+     the main pool).  There is debugging code which can detect improper
+     usage, enabled by defining POOL_DEBUG.  See alloc.c for more details.
+     [Dmitry Khrustalev <dima@bog.msu.su>, Dean Gaudet]
+
+  *) More mod_mime_magic cleanup:  fewer syscalls; should handle "files"
+     which don't exist on disk more gracefully; handles vhosts properly.
+     Update documentation to reflect the code -- if there's no
+     MimeMagicFile directive then the module is not enabled.
+     [Dean Gaudet]
+
+  *) PORT: Some older *nix dialects cannot automatically start scripts
+     which begin with a #! interpreter line (the shell starts the scripts
+     appropriately on these platforms). Apache now supports starting of
+     "hashbang-scripts" when the NEED_HASHBANG_EMUL define is set.
+     [Martin Kraemer, with code from peter@zeus.dialix.oz.au (Peter Wemm)
+     taken from tcsh]
+
+  *) API: "typedef array_header table" removed from alloc.h, folks should
+     have been writing to use table as if it were an opaque type, but even
+     some standard modules got this wrong.  By changing the definition
+     to "typedef struct table table" module authors will receive compile
+     time warnings that they're doing the wrong thing.  This change
+     facilitates future changes with more sophisticated table
+     structures.  Specifically, module authors should be using table_elts()
+     to get access to an array_header * for the table. [Dean Gaudet]
+
+  *) API: Renamed new_connection() to avoid namespace collision with LDAP
+     library routines.  [Ken Coar, Rasmus Lerdorf]
+
+  *) WIN32: mod_speling is now available on the Win32 platform.
+     [Marc Slemko]
+
+  *) For clarity the following compile time definition was changed:
+
+        SAFE_UNSERIALIZED_ACCEPT  ->   SINGLE_LISTEN_UNSERIALIZED_ACCEPT
+
+     Also, for example, HAVE_MMAP would mean to use mmap() scoreboards
+     and not be a general notice that the OS has mmap(). Now the
+     HAVE_MMAP/SHMGET #defines strictly are informational that the
+     OS has that method of shared memory; the type to use for
+     the scoreboard is a seperate #define (USE_MMAP_SCOREBOARD
+     and USE_SHMGET_SCOREBOARD). This allows outside modules to
+     determine if shared memory is available and allows Apache
+     to determine the best method to use for the scoreboard.
+     [Jim Jagielski]
+
+  *) PORT: UnixWare 2.1.2 SMP appears to require USE_FCNTL_SERIALIZED_ACCEPT,
+     as do various earlier versions.  It should be safe on all versions.
+     Unixware 1.x appears to have the same SIGHUP bug as solaris does with
+     the slack code.  A few other cleanups for Unixware.
+     [Tom Hughes <thh@cyberscience.com>] PR#1082, PR#1282, PR#1499, PR#1553
+
+  *) PORT: A/UX can handle single-listen accepts without mutex
+     locking, so we add SINGLE_LISTEN_UNSERIALIZED_ACCEPT. [Jim Jagielski]
+
+  *) When die() happens we need to eat any request body if one exists.
+     Otherwise we can't continue with a keepalive session.  This shows up
+     as a POST problem with MSIE 4.0, typically against pages which are
+     authenticated.  [Roy Fielding] PR#1399
+
+  *) If you define SECURITY_HOLE_PASS_AUTHORIZATION then the Authorization
+     header will be passed to CGIs.  This is generally a security hole, so
+     it's not a default.  [Marc Slemko] PR#549
+
+  *) Fix Y2K problem with date printing in suexec log.
+     [Paul Eggert <eggert@twinsun.com>] PR#1343
+
+  *) WIN32 deserves a pid file.  [Ben Hyde]
+
+  *) suexec errors now include the errno/description.  [Marc Slemko] PR#1543
+
+  *) PORT: OSF/1 now uses USE_FLOCK_SERIALIZED_ACCEPT to solve PR#467.
+     The choice of flock vs. fcntl was made based on timings which showed that
+     even on non-NFS, non-exported filesystems fcntl() was an order of
+     magnitude slower.  It also uses SINGLE_LISTEN_UNSERIALIZED_ACCEPT so
+     that single socket users will see no difference. [Dean Gaudet] PR#467
+
+  *) "File does not exist" error message was erroneously including the
+     errno.  [Marc Slemko]
+
+  *) Improve the warning message generated when a client drops the
+     connection (hits stop button, etc.) during a send.  [Roy Fielding]
+
+  *) Defining GPROF will disable profiling in the parent and enable it
+     in the children.  If you're profiling under Linux this is pretty much
+     necessary because SIGPROF is lost across a fork(). [Dean Gaudet]
+
+  *) htdigest and htpasswd needed slight tweaks to work on OS/2 and WIN32.
+     [Brian Havard]
+
+  *) The NeXT cc (which is gcc hacked up) doesn't appear to support some
+     gcc functionality.  Work around it.
+     [Keith Severson <keith@sssd.navy.mil>] PR#1613
+
+  *) Some linkers complain when .o files contain no functions.
+     [Keith Severson <keith@sssd.navy.mil>] PR#1614
+
+  *) Some const declarations in mod_imap.c that were added for debugging
+     purposes caused some compilers heartburn without adding any
+     significant value, so they've been removed.  [Ken Coar]
+
+  *) The src/main/*.h header files have had #ifndef wrappers added to
+     insulate them against duplicate calls if they get included through
+     multiple paths (e.g., in .c files as well as other .h files).
+     [Ken Coar]
+
+  *) The libap routines now have a header file for their prototypes,
+     src/ap/ap.h, to ease their use in non-httpd applications.  [Ken Coar]
+
+  *) mod_autoindex with a plaintext header file would emit the <PRE>
+     start-tag before the HTML preamble, rather than after the preamble
+     but before the header file contents.  [John Van Essen <jve@gamers.org>]
+     PR#1667
+
+  *) SECURITY: Fix a possible buffer overflow in logresolve.  This is
+     only an issue on systems without a MAXDNAME define or where
+     the resolver returns domain names longer than MAXDNAME.  [Marc Slemko]
+
+  *) SECURITY: Eliminate possible buffer overflow in cfg_getline, which
+     is used to read various types of files such as htaccess and
+     htpasswd files.  [Marc Slemko]
+
+  *) SECURITY: Ensure that the buffer returned by ht_time is always
+     properly null terminated.  [Marc Slemko]
+
+  *) The "Connection" header could be sent back with multiple "close"
+     tokens.  Not an error, but a waste.
+     [Ronald.Tschalaer@psi.ch] PR#1683
+
   *) mod_rewrite's RewriteLog should behave like mod_log_config, it
      shouldn't force hostname lookups.  [Dean Gaudet] PR#1684
 
+  *) "basic" auth needs a case-insensitive comparison.
+     [Ronald.Tschalaer@psi.ch] PR#1666
+
+  *) For maximum portability, the environment passed to CGIs should
+     only contain variables whose names match the regex
+     /[a-zA-Z][a-zA-Z0-9_]*/.  This is now enforced by stamping
+     underscores over any character outside the regex.  This
+     affects HTTP_* variables, in a way that should be backward
+     compatible for all the standard headers; and affects variables
+     set with SetEnv/BrowserMatch and similar directives.
+     [Dean Gaudet]
+
+  *) mod_speling returned incorrect HREF's when an ambigous match
+     was found. Noticed by <robinton@amtrash.comlink.de> (Soeren Ziehe)
+     [robinton@amtrash.comlink.de (Soeren Ziehe), Martin Kraemer]
+
+  *) PORT: Apache now compiles & runs on an EBCDIC mainframe
+     (the Siemens BS2000/OSD family) in the POSIX subsystem
+     [Martin Kraemer]
+
+  *) PORT: Fix problem killing children when terminating.  Allow ^C
+     to shut down the server.  [Brian Havard]
+
+  *) pstrdup() is implicit in calls to table_* functions, so there's
+     no need to do it before calling.  Clean up a few cases.
+     [Marc Slemko, Dean Gaudet]
+
+  *) new -C and -c command line arguments
+     usage:
+     -C "directive" : process directive before reading config files
+     -c "directive" : process directive after reading config files
+     example:
+     httpd -C "PerlModule Apache::httpd_conf"
+     [Doug MacEachern, Martin Kraemer]
+
+  *) WIN32: Fix the execution of CGIs that are scripts and called 
+     with path info that does not have an '=' in.
+     (eg. http://server/cgi-bin/printenv?foobar)  
+     [Marc Slemko] PR#1591
+
+  *) WIN32: Fix a call to os_canonical_filename so it doesn't try to 
+     mess with fake filenames.  This fixes proxy caching on 
+     win32. PR#1265
+
+  *) SECURITY: General mod_include cleanup, including fixing several
+     possible buffer overflows and a possible infinite loop.
+     [Dean Gaudet, Marc Slemko]
+
+  *) SECURITY: Numerous changes to mod_imap in a general cleanup
+     including fixing a possible buffer overflow.  [Dean Gaudet]
+
+  *) WIN32: overhaul of multithreading code. Shutdowns are now graceful
+     (connections are not dropped). Code can handle graceful restarts
+     (but there is as yet no way to signal this to Apache). Various
+     other cleanups. [Paul Sutton]
+
+  *) The aplog_error changes specific to 1.3 introduced a buffer
+     overrun in the (now legacy) log_printf function.  Fixed.
+     [Dean Gaudet]
+
+  *) mod_digest didn't properly deal with proxy authentication.  It
+     also lacked a case-insensitive comparision of the "Digest"
+     token.  [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>] PR#1599
+
+  *) A few cleanups in mod_status for efficiency.  [Dean Gaudet]
+
+  *) A few cleanups in mod_info to make it thread-safe, and remove an
+     off-by-5 bug that could hammer \0 on the stack. [Dean Gaudet]
+
+  *) no2slash() was O(n^2) in the length of the input.  Make it O(n).
+     [Dean Gaudet]
+
+  *) API: migration from strncpy() to our "enhanced" version called
+     ap_cpystrn() for performance and functionality reasons.
+     Located in libap.a.  [Jim Jagielski]
+
+  *) table_set() and table_unset() did not deal correctly with
+     multiple occurrences of the same key. [Stephen Scheck
+	 <sscheck@infonex.net>, Ben Laurie] PR#1604
+
+  *) The AuthName must now be enclosed in quotes if it is to contain
+     spaces.  [Ken Coar] PR#1195
+
+  *) API: new function: ap_escape_quotes(). [Ken Coar] PR#1195
+
+  *) WIN32: Work around optimiser bug that killed ISAPI in release
+     versions. [Ben Laurie] PR#1533
+
+  *) PORT: Update the MPE port [Mark Bixby, Jim Jagielski]
+
+  *) Interim (slow) fix for p->sub_pool critical sections in
+     alloc.c (affects win32 only).  [Ben Hyde]
+
+  *) non-WIN32 was missing destroy_mutex definition.  [Ben Hyde]
+
+  *) send_fd_length() did not calculate total_bytes_sent properly.
+     [Ben Reser <breser@regnow.com>] PR#1366
+
+  *) The bputc() macro was not properly integrated with the chunking
+     code; in many cases modules using bputc() could cause completely
+     bogus chunked output.  (Typically this will show up as problems
+     with Internet Explorer 4.0 reading a page, but other browsers
+     having no problem.) [Dean Gaudet]
+
+  *) Create LARGE_WRITE_THRESHOLD define which determines how many
+     bytes have to be supplied to bwrite() before it will consider
+     doing a writev() to assemble multiple buffers in one system
+     call.  This is critical for modules such as mod_include,
+     mod_autoindex, mod_php3 which all use bputc()/bputs() of smaller
+     strings in some cases.  The result would be extra effort
+     setting up writev(), and in many cases extra effort building
+     chunks.  The default is 31, it can be overriden at compile
+     time. [Dean Gaudet]
+
+  *) Move the gid switching code into the child so that log files
+     and pid files are opened with the root gid.
+     [Gregory A Lundberg <lundberg@vr.net>]
+
+  *) WIN32: Check for binaries by looking for the executable header
+     instead of counting control characters.
+	 [Jim Patterson <Jim.Patterson@Cognos.COM>] PR#1340
+
+  *) ap_snprintf() moved from main/util_snprintf.c to ap/ap_snprintf.c
+     so the functionality is available to applications other than the
+     server itself (like the src/support tools).  [Ken Coar]
+
+  *) ap_slack() moved out of main/util.c into ap/ap_slack.c as part of
+     the libap consolidation work.  [Ken Coar]
+
+  *) ap_snprintf() with a len of 0 behaved like sprintf().  This is not
+     useful, and isn't what the standards require.  Now it returns 0
+     and writes nothing.  [Dean Gaudet]
+
+  *) When an error occurs in fcntl() locking suggest the user look up
+     the docs for LockFile.  [Dean Gaudet]
+
+  *) Eliminate some dead code from writev_it_all().
+     [Igor Tatarinov <tatarino@prairie.NoDak.edu>]
+
+  *) mod_autoindex had an fread() without checking the result code.
+     It also wouldn't handle "AddIconByType (TXT,/icons/text.gif text/*"
+     (note the missing closing paren) properly.  [Dean Gaudet]
+
+  *) It appears the "257th byte" bug (see
+     htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
+     at the 256th byte as well.  Fixed.  [Dean Gaudet]
+
+  *) PORT: Fix mod_mime_magic under OS/2, no support for block devices.
+     [Brian Havard]
+
+  *) Fix memory corruption caused by allocating auth usernames in the
+     wrong pool.  [Dean Gaudet] PR#1500
+
+  *) Fix an off-by-1, and an unterminated string error in
+     mod_mime_magic.  [Dean Gaudet]
+
+  *) Fix a potential SEGV problem in mod_negotiation when dealing
+     with type-maps.  [Dean Gaudet]
+
+  *) Better glibc support under Linux.  [Dean Gaudet] PR#1542
+
+  *) "RedirectMatch gone /" would cause a SIGSEGV. [Dean Gaudet] PR#1319
+
+  *) WIN32: avoid overflows during file canonicalisations.
+     [malcolm@mgdev.demon.co.uk] PR#1378
+
+  *) WIN32: set_file_slot() didn't detect absolute paths. [Ben Laurie]
+     PR#1511, 1508
+
+  *) WIN32: mod_status display header didn't match fields. [Ben Laurie]
+
+  *) The pthread_mutex_* functions return an error code, and don't
+     set errno.  [Igor Tatarinov <tatarino@prairie.NoDak.edu>]
+
+  *) WIN32: Allow spaces to prefix the interpreter in #! lines.
+     [Ben Laurie] PR#1101
+
+  *) WIN32: Cure file leak in CGIs. [Peter Tillemans <pti@net4all.be>] PR#1523
+
+  *) proxy_ftp: the directory listings generated by the proxy ftp module
+     now have a title in which the path components are clickable and allow
+     quick navigation to the clicked-on directory on the currently listed
+     ftp server. This also fixes a bug where the ".." directory links would
+     sometimes refer to the wrong directory.  [Martin Kraemer]
+
+  *) WIN32: Allocate the correct amount of memory for the scoreboard.
+     [Ben Hyde] PR#1387
+
+  *) WIN32: Only lowercase the part of the path that is real. [Ben Laurie]
+     PR#1505
+
+  *) Fix problems with timeouts in inetd mode and -X mode.  [Dean Gaudet]
+
+  *) Fix the spurious "(0)unknown error: mmap_handler: mmap failed"
+     error messages. [Ben Hyde]
+
+Changes with Apache 1.3b3
+
+  *) WIN32: Work around brain-damaged spawn calls that can't deal
+     with spaces and slashes.  [Ben Laurie]
+
+  *) WIN32: Fix the code so CGIs can use socket calls on Windows.  
+     The problem was that certain undocumented environment variables
+	 needed for sockets to work under Win32 were not being passed.
+     [Frank Faubert <frank@sane.com>]
+
+  *) Add a "-V" command line flag to the httpd binary.  This 
+     flag shows some of the defines that Apache was compiled with.
+     It is useful for debugging purposes.  [Martin Kraemer]
+
+  *) Start separating the ap_*() routines into their own library, so they
+     can be used by items in src/support among other things.  
+     [Ken Coar] PR#512, 905, 1252, 1308 
+
+  *) Give a more informative error when no AuthType is set.
+     [Lars Eilebrecht]
+
+  *) Remove strtoul() use from mod_proxy because it isn't available
+     on all platforms.   [Marc Slemko] PR#1214
+
+  *) WIN32: Some Win32 systems terminated all responses after 16 kB. 
+     This turns out to be a bug in Winsock - select() doesn't always 
+     return the correct status.  [Ben Laurie]
+
+  *) Directives owned by http_core can now use the new check_cmd_context()
+     routine to ensure that they're not being used within a container
+     (e.g., <Directory>) where they're invalid.  [Martin Kraemer]
+
+  *) PORT: Recent changes made it necessary to add explicit prototype
+     for fgetc() and fgets() on SunOS 4.x.  [Martin Kraemer, Ben Hyde]
+
+  *) It was necessary to distinguish between resources which are
+     allocated in the parent, for cleanup in the parent, and resources
+     which are allocated in each child, for cleanup in each child.
+     A new pool was created which is passed to the module child_init
+     and child_exit functions; modules are free to register per-child
+     cleanups there.  This fixes a bug with reliable piped logs.
+     [Dean Gaudet]
+
+  *) mod_autoindex wasn't displaying the ReadmeName file at the bottom
+     unless it was also doing FancyIndexes, but it displayed the
+     HeaderName file at the top under all circumstances.  It now shows
+     the ReadmeName file for simple indices, too, as it should.  
+     [Ken Coar] PR#1373
+
+  *) http_core was mmap()ing even in cases where it wasn't going to
+     read the file.  [Ben Hyde <bhyde@gensym.com>]
+
+  *) Complete rewrite ;-) of mod_rewrite's URL rewriting engine:
+     Now the rewriting engine (the heart of mod_rewrite) is organized more
+     straight-forward, first time well documented and reduced to the really
+     essential parts. All redundant cases were stripped off and processing now
+     is the same for both per-server and per-directory context with only a
+     minimum difference (the prefix stripping in per-dir context). As a
+     side-effect some subtle restrictions and two recently discovered problems
+     are gone: Wrong escaping of QUERY_STRING on redirects in per-directory
+     context and restrictions on the substitution URL on redirects.
+     Additionally some minor source cleanups were done. 
+     [Ralf S. Engelschall] 
+
+  *) Lars Eilebrecht wrote a whole new set of Apache Vhost Internals
+     documentation, examples, explanations and caveats. They live in a new
+     subdirectory htdocs/manual/vhost/. [Lars Eilebrecht <sfx@unix-ag.org>]
+
+  *) If ap_slack fails to allocate above the low slack line it's a good
+     indication that further problems will occur; it's a better indication
+     than many external libraries give us when we actually run out of
+     descriptors.  So report it to the user once per restart.
+     [Dean Gaudet] PR#1181
+
+  *) Change mod_include and mod_autoindex to use Y2K-safe date formats
+     by default.  [Ken Coar]
+
+  *) Add a "SuppressColumnSorting" option to the IndexOptions list,
+     which will keep the column heading from being links for sorting
+     the display.  [Ken Coar, suggested by Brian Tiemann <btman@pacific.net>]
+     PR #1261
+
+  *) PORT: Update the LynxOS port.  [Marius Groeger <mag@sysgo.de>]
+
+  *) Fix logic error when issuing a mmap() failed message
+     with a non-zero MMAP_THRESHOLD.
+     [David Chambers <davidc@flosun.salk.edu>] PR#1294
+
+  *) Preserve handler value on ProxyPass'ed requests by not
+     calling find_types on a proxy'd request; fixes problems
+     where some ProxyPass'ed URLs weren't actually passed
+     to the proxy.
+     [Lars Eilebrecht] PR#870
+
+  *) Fix a byte ordering problem in mod_access which prevented
+     the old-style syntax (i.e. "a.b.c." to match a class C)
+     from working properly. [Dean Gaudet] PR#1248, 1328, 1384
+
+  *) Fix problem with USE_FLOCK_SERIALIZED_ACCEPT not working
+     properly. Each child needs to open the lockfile instead
+     of using the passed file-descriptor from the parent. 
+     [Jim Jagielski] PR#1056
+
+  *) Fix the error logging in mod_cgi; the recent error log changes
+     introduced a bug that prevented it from working correctly.
+     [M.D.Parker] PR#1352
+
+  *) Default to USE_FCNTL_SERIALIZED_ACCEPT on HPUX to properly 
+     handle multiple Listen directives.  [Marc Slemko] PR#872
+
+  *) Inherit a bugfix to fnmatch.c from FreeBSD sources.
+     ["[KOI8-R] áÎÄÒÅÊ þÅÒÎÏ×" <ache@nagual.pp.ru>] PR#1311
+
+  *) When a configuration parse complained about a bad directive,
+     the logger would use whatever (unrelated) value was in errno.
+     errno is now forced to EINVAL first in this case.  [Ken Coar]
+
+  *) A sed command in the Configure script pushed the edge of POSIXness,
+     breaking on some systems.  [Bhaba R.Misra <system@vt.edu>] PR#1368
+
+  *) Solaris >= 2.5 was totally broken due to a mess up using pthread
+     mutexes.  [Roy Fielding, Dean Gaudet]
+
+  *) OS/2 Port updated; it should be possible to build OS/2 from the same
+     sources as Unix now.  [Brian Havard <brianh@kheldar.apana.org.au>]
+
+  *) Fix a year formatting bug in mod_usertrack.
+     [Paul Eggert <eggert@twinsun.com>] PR#1342
+
+  *) A mild SIGTERM/SIGALRM race condition was eliminated.
+     [Dean Gaudet] PR#1211
+
+  *) Warn user that default path has changed if /usr/local/etc/httpd
+     is found on the system.  [Lars Eilebrecht]
+
+  *) Various mod_mime_magic bug fixes and cleanups: Uncompression
+     should work, it should work on WIN32, and a few resource
+     leaks and abort conditions are fixed.
+     [Dean Gaudet] PR#1205
+
+  *) PORT: On AIX 1.x files can't be named '@', fix the proxy cache
+     to use '%' instead of '@' in its encodings.
+     [David Schuler <schuld@btv.ibm.com>] PR#1317
+
+  *) Improve the warning message generated when the "server is busy".
+     [Dean Gaudet] PR#1293
+
+  *) PORT: All ports which don't otherwise define DEF_WANTHSREGEX will
+     get Spencer regex by default.  This is to avoid having to
+     discover bugs in operating system libraries.  [Dean Gaudet]
+
+  *) PORT: "Fix" PR#467 by generating warnings on systems which we have
+     not been able to get working USE_*_SERIALIZED_ACCEPT settings for.
+     Document this a bit more in src/PORTING.  [Dean Gaudet] PR#467
+
+  *) Ensure that one copy of config warnings makes it to the
+     error_log.  [Dean Gaudet]
+
+  *) Invent new structure and associated methods to handle config file
+     reading. Add "custom" hook to use config file cfg_getline() on
+     something which is not a FILE*  [Martin Kraemer]
+
+  *) Make single-exe Windows install. [Ben Laurie and Eric Esselink]
+
+  *) WIN32: Make CGI work under Win95. [Ben Laurie and Paul Sutton]
+
+  *) WIN32: Make index.html and friends work under Win95. [Ben Laurie]
+
+  *) PORT: Solaris 2.4 needs Spencer regex, the system regex is broken.
+	[John Line <jml4@cam.ac.uk>] PR#1321
+
+  *) Default pathname has been changed everywhere to /usr/local/apache
+     [Sameer <sameer@c2.net>]
+
+  *) PORT: AIX now uses USE_FCNTL_SERIALIZED_ACCEPT.
+	[David Bronder <David-Bronder@uiowa.edu>] PR#849
+
+  *) PORT: i386 AIX does not have memmove.
+     [David Schuler <schuld@btv.ibm.com>] PR#1267
+
+  *) PORT: HPUX now defaults to using Spencer regex.
+     [Philippe Vanhaesendonck <pvanhaes@be.oracle.com>,
+     Omar Del Rio <al112263@academ01.lag.itesm.mx>] PR#482, 1246
+
+  *) PORT: Some versions of NetBSD don't automatically define
+	    __NetBSD__.  Workaround by defining NETBSD.
+     [Chris Craft <ccraft@cncc.cc.co.us>] PR#977
+
+  *) PORT: UnixWare 2.x requires -lgen for syslog.
+     [Hans Snijder <hs@meganet.nl>] PR#1249
+
+  *) PORT: ULTRIX appears to not have syslog.
+     [Lars Eilebrecht <Lars.Eilebrecht@unix-ag.org>]
+
+  *) PORT: Basic Gemini port (treat it like unixware212).
+     ["Pavel Yakovlev (Paul McHacker)" <hac@tomcat.olly.ru>]
+
+  *) PORT: All SVR4 systems now use NET_SIZE_T = size_t, and
+	    use USE_SHMGET_SCOREBOARD.
+     [Martin Kraemer]
+
+  *) Various improvements in detecting config file errors (missing closing
+     directives for <Directory>, <Files> etc. blocks, prohibiting global
+     server settings in <VirtualHost> blocks, flagging unhandled multiple
+     arguments to <Directory>, <Files> etc.)
+     [Martin Kraemer]
+
+  *) Add support to suexec wrapper program for mod_unique_id's UNIQUE_ID
+     variable to provide this one to suexec'd CGIs, too.
+     [M.D.Parker <mdpc@netcom.com>] PR#1284
+
+  *) New support tool: src/support/split-logfile, a sample Perl script which
+     splits up a combined access log into separate files based on the
+     name of the virtual host (listed first in the log records by "%v").
+     [Ken Coar]
+
+Changes with Apache 1.3b2 (there is no 1.3b1)
+
+  *) TestCompile was not passing $LIBS [Dean Gaudet]
+
+  *) Makefile.tmpl was not using $CFLAGS in the link phase. 
+     [Martin Kraemer]
+
+  *) Add debugging code to alloc.c.  Defining ALLOC_DEBUG provides a
+     rudimentary memory debugger which can be used on live servers with
+     low impact -- it sets all allocated and freed memory bytes to 0xa5.
+     Defining ALLOC_USE_MALLOC will cause the alloc code to use malloc()
+     and free() for each object.  This is far more expensive and should
+     only be used for testing with tools such as Electric Fence and
+     Purify.  See main/alloc.c for more details.  [Dean Gaudet]
+
+  *) Configure uses a sh trap and didn't set its exitcode properly.
+     [Dean Gaudet] PR#1159
+
+  *) Yet another vhost revamp.  Add the NameVirtualHost directive which
+     explicitly lists the ip:port pairs that are to be used for name-vhosts.
+     From a given ip:port, regardless what the Host: header is, you can
+     only reach the vhosts defined on that ip:port.  The precedence of
+     vhosts was reversed to match other precedences in the config --
+     the earlier vhosts override the later vhosts.  All vhost matching was
+     moved into http_vhost.[ch].  [Dean Gaudet]
+
+  *) ap_inline can be used to force inlining.  GNUC __attribute__() can
+     be used for whatever reason is appropriate (i.e. format() warnings
+     for printf style functions).  Both are enabled only with
+     gcc >= 2.7.x (so that we have fewer support issues with older
+     versions).  [Dean Gaudet]
+
+  *) Fix support for Proxy Authentication (we were testing the response
+     status too early). [Marc Slemko]
+
+  *) CoreDumpDirectory directive directs where the core file is
+     written when a SIGSEGV, SIGBUS, SIGABORT or SIGABRT are
+     received.  [Marc Slemko, Dean Gaudet]
+
+  *) PORT: Support for Atari MINT.
+     [Jan Paul Schmidt <Jan.P.Schmidt@mni.fh-giessen.de>]
+
+  *) When booting, apache will now detach itself from stdin, stdout,
+     and stderr.  stderr will not be detached until after the config
+     files have been read so you will be able to see initial error
+     messages.  After that all errors are logged in the error_log.
+     This makes it more convenient to start apache via rsh, ssh,
+     or crontabs.  [Dean Gaudet] PR#523
+
+  *) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake.
+     Also removed the auto-generated link to www.apache.org that was the
+     source of so many misdirected bug reports.  [Roy Fielding, Marc Slemko]
+
+  *) send_fb would not detect aborted connections in some situations.
+     [Dean Gaudet]
+
+  *) mod_include would use uninitialized data when parsing certain
+     expressions involving && and ||. [Brian Slesinsky] PR#1139
+
+  *) mod_imap should only handle GET methods.  [Jay Bloodworth]
+
+  *) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
+
+  *) mod_autoindex improperly counted &escapes; as more than one
+     character in the description.  It also improperly truncated
+     descriptions that were exactly the maximum length.
+     [Martin Kraemer]
+
+  *) RedirectMatch was not properly escaping the result (PR#1155).  Also
+     "RedirectMatch /advertiser/(.*) $1" is now permitted.
+     [Dean Gaudet]
+
+  *) mod_include now uses symbolic names to check for request success
+     and return HTTP errors, and correctly handles all types of
+     redirections (previously it only did temporary redirect correctly).
+     [Ken Coar, Roy Fielding]
+
+  *) mod_userdir was modifying r->finfo in cases where it wasn't setting
+     r->filename.  Since those two are meant to be in sync with each other
+     this is a bug.  ["Paul B. Henson" <henson@intranet.csupomona.edu>]
+
+  *) PORT: Support Unisys SVR4, whose uname returns mostly useless data.
+     ["Kaufman, Steven E" <Steven.Kaufman@unisys.com>]
+
+  *) Inetd mode (which is buggy) uses timeouts without having setup the
+     jmpbuffer. [Dean Gaudet] PR#1064
+
+  *) Work around problem under Linux where a child will start looping
+     reporting a select error over and over.
+     [Rick Franchuk <rickf@transpect.net>] PR#1107, 987, 588
+
+  *) Fixed error in proxy_util.c when looping through multiple host IP
+     addresses. [Lars Eilebrecht] PR#974
+
+  *) If BUFFERED_LOGS is defined then mod_log_config will do atomic
+     buffered writes -- that is, it will buffer up to PIPE_BUF (i.e. 4k)
+     bytes before writing, but it will never split a log entry across a
+     buffer boundary.  [Dean Gaudet]
+
+  *) API: the short_score record has been split into two pieces, one which
+     the parent writes on, and one which the child writes on.  As part of
+     this change the get_scoreboard_info() function was removed, and
+     scoreboard_image was exported.  This change fixes a race condition
+     in file based scoreboard systems, and speeds up changes involving the
+     scoreboard in earlier 1.3 development.  [Dean Gaudet]
+
+  *) API: New register_other_child() API (see http_main.h) which allows
+     modules to register children with the parent for maintenance.  It
+     is disabled by defining NO_OTHER_CHILD.  [Dean Gaudet]
+
+  *) API: New piped_log API (see http_log.h) which implements piped logs,
+     and will use register_other_child to implement reliable piped logs
+     when it is available.  The reliable piped logs part can be disabled
+     by defining NO_RELIABLE_PIPED_LOGS.  At the moment reliable piped
+     logs is only available on Unix. [Dean Gaudet]
+
+  *) API: set_last_modified() broken into set_last_modified(), set_etag(), and
+     meets_conditions().  This allows conditional HTTP selection to be
+     handled separately from the storing of the header fields, and provides
+     the ability for CGIs to set their own ETags for conditional checking.
+     [Ken Coar, Roy Fielding]  PR#895
+
+  *) Changes to mod_log_config to allow naming of format strings.
+     Format nicknames are defined with "LogFormat fmt nickname", and can
+     be used with "LogFormat nickname" and "CustomLog logtarget nickname".
+     [Ken Coar]
+
+  *) New module, "mod_speling", which can help find files even when 
+     the URL is slightly misspelled. [Martin Kraemer, Alexei Kosut]
+
+  *) API: New function child_terminate() triggers the child process to
+     exit, while allowing the child finish what it needs to for the
+     current request first.  
+     [Doug MacEachern, Alexei Kosut]
+
+  *) Windows now defaults to using full status reports with mod_status.
+     [Alexei Kosut] PR #1094
+
+  *) *Really* disable all mod_rewrite operations if the engine is off.
+     Some things (like RewriteMaps) were checked/performed even if they
+     weren't supposed to be.  [Ken Coar] PR #991
+
+  *) Implement a new timer scheme which eliminates the need to call alarm() all
+     the time.  Instead a counter in the scoreboard for each child is used to
+     show when the child has made forward progress.  The parent samples this
+     counter every scoreboard maintenance cycle, and issues SIGALRM if no
+     progress has been made in the timeout period.  This reduces the static
+     request best-case syscall count to 22 from 29.  This scheme is only
+     used by systems with memory-based scoreboards.  [Dean Gaudet]
+
+  *) The proxy now properly handles CONNECT requests which are sent
+     to proxy servers when using ProxyRemote.  [Marc Slemko] PR#1024
+
+  *) A script called apachectl has been added to the support 
+     directory.  This script allows you to do things such as 
+     "apachectl start" and "apachectl restart" from the command
+     line.  [Marc Slemko]
+
+  *) Modules and core routines are now put into libraries, which
+     simplifies the link line tremendously (among other advantages).
+     [Paul Sutton]
+
+  *) Some of the MD5 names defined in Apache have been renamed to have
+     an `ap_' prefix to avoid conflicts with routines supplied by
+     external libraries.  [Ken Coar]
+
+  *) Removal of mod_auth_msql.c from the distribution. There are many
+     other options for databases today. Rather than offer one option,
+     offer none at this time. mod_auth_msql and other SQL database
+     authentication modules can be found at the Apache Module Registry.
+     http://modules.apache.org/ It would be nice to offer a generic
+     mod_auth_sql option in the near future.
+
+  *) PORT: BeOS support added [Alexei Kosut]
+
+  *) Configure no longer accepts the -make option, since it creates
+     Makefile on the fly based on Makefile.tmpl and Configuration.
+
+  *) Apache now gracefully shuts down when it receives a SIGTERM, instead
+     of forcibly killing off all its processes and exiting without
+     cleaning up. [Alexei Kosut]
+
+  *) API: A new field in the request_rec, r->mtime, has been added to
+     avoid gratuitous parsing of date strings.  It is intended to hold
+     the last-modified date of the resource (if applicable).  An
+     update_mtime() routine has also been added to advance it if
+     appropriate.  [Roy Fielding, Ken Coar]
+
+  *) SECURITY: If a htaccess file can not be read due to bad permissions,
+     deny access to the directory with a HTTP_FORBIDDEN.  The previous
+     behavior was to ignore the htaccess file if it could not be read.
+     This change may make some setups with unreadable htaccess files
+     stop working.  [Marc Slemko] PR#817
+
+  *) Add aplog_error() providing a mechanism to define levels of
+     verbosity to the server error logging. This addition also provides
+     the ability to log errors using syslogd. Error logging is configurable
+     on a per-server basis using the LogLevel directive. Conversion
+     of log_*() in progress. [Randy Terbush]
+
+  *) Further enhance aplog_error() to not log filename, line number, and
+     errno information when it isn't applicable. [Ken Coar, Dean Gaudet]
+
+  *) WIN32: Canonicalise filenames under Win32. Short filenames are
+     converted to long ones. Backslashes are converted to forward
+     slashes. Case is converted to lower. Parts of URLs that do not
+     correspond to files are left completely alone. [Ben Laurie]
+
+  *) PORT: 2 new OSs added to the list of ports:
+      Encore's UMAX V: Arieh Markel <amarkel@encore.com>
+      Acorn RISCiX: Stephen Borrill <sborrill@xemplar.co.uk>
+
+  *) Add the server version (SERVER_VERSION macro) to the "server
+     configured and running" entry in the error_log.  Also build an
+     object file at link-time that contains the current time
+     (SERVER_BUILT global const char[]), and include that in the
+     message.  [Ken Coar]
+
+  *) Set r->headers_out when sending responses from the proxy.
+     This fixes things such as the logging of headers sent from
+     the proxy.  [Marc Slemko] PR#659
+
+  *) support/httpd_monitor is no longer distributed because the 
+     scoreboard should not be file based if at all possible. Use
+     mod_status to see current server snapshot.
+
+  *) (set_file_slot): New function, allowing auth directives to be
+     independent of the server root, so the server documents can be
+     moved to a different directory or machine more easily.
+     [David J. MacKenzie]
+
+  *) If no TransferLog is given explicitly, decline
+     to log.  This supports coexistence with other logging modules,
+     such as the custom one that UUNET uses. [David J. MacKenzie]
+
+  *) Check for titles in server-parsed HTML files.
+     Ignore leading newlines and returns in titles.  The old behavior
+     of replacing a newline after <title> with a space causes the
+     title to be misaligned in the listing. [David J. MacKenzie]
+
+  *) Change mod_cern_meta to be configurable on a per-directory basis.
+     [David J. MacKenzie]
+
+  *) Add 'Include' directive to allow inclusion of configuration
+     files within configuration files. [Randy Terbush]
+
+  *) Proxy errors on connect() are logged to the error_log (nothing
+     new); now they include the IP address and port that failed
+     (*that's* new).   [Ken Coar, Marc Slemko] PR#352
+
+  *) Various architectures now define USE_MMAP_FILES which causes
+     the server to use mmap() for static files.  There are two
+     compile-time tunables MMAP_THRESHOLD (minimum number of bytes
+     required to use mmap(), default is 0), and MMAP_SEGMENT_SIZE (maximum
+     number of bytes written in one cycle from a single mmap()d object,
+     default 32768).  [Dean Gaudet]
+
+  *) API: Added post_read_request API phase which is run right after reading
+     the request from a client, or right after an internal redirect.  It is
+     useful for modules setting environment variables that depend only on
+     the headers/contents of the request.  It does not run during subrequests
+     because subrequests inherit pretty much everything from the main
+     request. [Dean Gaudet]
+
+  *) Added mod_unique_id which is used to generate a unique identifier for
+     each hit, available in the environment variable UNIQUE_ID.
+     [Dean Gaudet]
+
+  *) init_modules is now called after the error logs have been opened.  This
+     allows modules to emit information messages into the error logs.
+     [Dean Gaudet]
+
+  *) Fixed proxy-pass-through feature of mod_rewrite; Added error logging
+     information for case where proxy module is not available. [Marc Slemko]
+
+  *) PORT: Apache has need for mutexes to serialize its children around
+     accept.  In prior versions either fcntl file locking or flock file
+     locking were used.  The method is chosen by the definition of
+     USE_xxx_SERIALIZED_ACCEPT in conf.h.  xxx is FCNTL for fcntl(),
+     and FLOCK for flock().  New options have been added:
+	- SYSVSEM to use System V style semaphores
+	- PTHREAD to use POSIX threads (appears to work on Solaris only)
+	- USLOCK to use IRIX uslock
+     Based on timing various techniques, the following changes were made
+     to the defaults:
+	- Linux 2.x uses flock instead of fcntl
+	- Solaris 2.x uses pthreads
+	- IRIX uses SysV semaphores -- however multiprocessor IRIX boxes
+	    work far faster if you -DUSE_USLOCK_SERIALIZED_ACCEPT
+     [Dean Gaudet, Pierre-Yves Kerembellec <Pierre-Yves.Kerembellec@vtcom.fr>,
+     Martijn Koster <m.koster@pobox.com>]
+
+  *) PORT: The semantics of accept/select make it very desirable to use
+     mutexes to serialize accept when multiple Listens are in use.  But
+     in the case where only a single socket is open it is sometimes
+     redundant to serialize accept().  Not all unixes do a good job with
+     potentially dozens of children blocked on accept() on the same
+     socket.  It's now possible to define SINGLE_LISTEN_UNSERIALIZED_ACCEPT and
+     the server will avoid serialization when listening on only one socket,
+     and use serialization when listening on multiple sockets.
+     [Dean Gaudet] PR#467
+
+  *) Configure changes: TestLib replaced by TestCompile, which has
+     some additional capability (such as doing a sanity check of
+     the compiler and flags selected); the version of Solaris is now
+     available via the #define value of SOLARIS2; IRIX n32bit libs
+     now supported and selectable by new Configuration Rule: IRIXN32;
+     We no longer default to -O2 optimization.  [Jim Jagielski]
+
+  *) Updated Configure: Configuration now uses AddModule to specify
+     module source or binary file location, relative to src directory.
+     Modules can be dropped into modules/extra, or in their own 
+     directory, and modules can come with a Makefile or Configure can 
+     create one.  Modules can add compiler or library information to 
+     generated Makefiles. [Paul Sutton]
+
+  *) Source core re-organisation: distributed modules are now in 
+     modules/standard. All other source code is in main. OS-specific
+     code is in os/{unix,emx,win32} directories. [Paul Sutton]
+
+  *) mod_browser has been removed, since it's replaced by mod_setenvif.
+     [Ken Coar]
+
+  *) Fix another long-standing bug in sub_req_lookup_file where it would
+     happily skip past access checks on subdirectories looked up with
+     relative paths.  (It's used by mod_dir, mod_negotiation,
+     and mod_include.) [Dean Gaudet]
+
+  *) directory_walk optimization to reduce an O(N*M) loop to O(N+M) where
+     N is the number of <Directory> sections, and M is the number of
+     components in the filename of an object.
+
+     To achieve this optimization the following config changes were made:
+	- Wildcards (* and ?, not the regex forms) in <Directory>s,
+	  <Files>s, and <Location>s now treat a slash as a special
+	  character.  For example "/home/*/public_html" previously would
+	  match "/home/a/andrew/public_html", now it only matches things
+	  like "/home/bob/public_html".  This mimics /bin/sh behaviour.
+	- It's possible now to use [] wildcarding in <Directory>, <Files>
+	  or <Location>.
+	- Regex <Directory>s are applied after all non-regex <Directory>s.
+
+    [Dean Gaudet]
+
+  *) Fix a bug introduced in 1.3a1 directory_walk regarding .htaccess files
+     and corrupted paths.  [Dean Gaudet]
+
+  *) Enhanced and cleaned up the URL rewriting engine of mod_rewrite:
+     First the grouped parts of RewriteRule pattern matches (parenthesis!) can
+     be accessed now via backreferences $1..$9 in RewriteConds test-against
+     strings in addition to RewriteRules subst string. Second the grouped
+     parts of RewriteCond pattern matches (parenthesis!) can be accessed now
+     via backreferences %1..%9 both in following RewriteCond test-against
+     strings and RewriteRules subst string. This provides maximum flexibility
+     through the use of backreferences.
+     Additionally the rewriting engine was cleaned up by putting common
+     code to the new expand_backrefs_inbuffer() function. 
+     [Ralf S. Engelschall]
+
+  *) When merging the main server's <Directory> and <Location> sections into
+     a vhost, put the main server's first and the vhost's second.  Otherwise
+     the vhost can't override the main server.  [Dean Gaudet] PR#717
+
+  *) The <Directory> code would merge and re-merge the same section after
+     a match was found, possibly causing problems with some modules.
+     [Dean Gaudet]
+
+  *) ip-based vhosts are stored and queried using a hashing function, which
+     has been shown to improve performance on servers with many ip-vhosts.
+     Some other changes had to be made to accommodate this:
+	- the * address for vhosts now behaves like _default_
+	- the matching process now is:
+	    - match an ip-vhost directly via hash (possibly matches main
+		server)
+	    - if that fails, just pretend it matched the main server
+	    - if so far only the main server has been matched, perform
+		name-based lookups (ServerName, ServerAlias, ServerPath)
+		*only on name-based vhosts*
+	    - if they fail, look for _default_ vhosts
+     [Dean Gaudet, Dave Hankins <dhankins@sugarat.net>]
+
+  *) dbmmanage overhaul:
+     - merge dbmmanage and dbmmanage.new functionality, remove dbmmanage.new 
+     - tie() to AnyDBM_File which will use one of DB_File, NDBM_File or
+       GDBM_File (-ldb, -lndbm, -lgdbm) (trying each in that order)
+     - provide better seed for rand
+     - prompt for password as per getpass(3) (turn off echo, read from
+       /dev/tty, etc.)
+     - use "newstyle" crypt based on $Config{osname} ($^O)
+     - will not add a user if already in database, use new `update' command
+       instead
+     - added `check' command to check a users' password
+     - added `import' command to convert existing password text-files or 
+       dbm files exported with `view'
+     - more descriptive usage, general cleanup, 'use strict' clean, etc.
+     [Doug MacEachern]
+
+  *) Added psocket() which is a pool form of socket(), various places within
+     the proxy weren't properly blocking alarms while registering the cleanup
+     for its sockets.  bclose() now uses pclose() and pclosesocket().  There
+     was a bug where the client socket was being close()d twice due a still
+     registered cleanup.  [Dean Gaudet]
+
+  *) A few cleanups were made to reduce time(), getpid(), and signal() calls.
+     [Dean Gaudet]
+
+  *) PORT: AIX >= 4.2 requires -lm due to libc changes.
+     [Jason Venner <jason@idiom.com>] PR#667
+
+  *) Enable ``=""'' for RewriteCond directives to match against
+     the empty string. This is the preferred way instead of ``^$''.
+     [Ralf S. Engelschall]
+
+  *) Fixed an infinite loop in mod_imap for references above the server root
+     [Dean Gaudet] PR#748
+
+  *) mod_proxy now has a ReceiveBufferSize directive, similar to
+     SendBufferSize, so that the TCP window can be set appropriately
+     for LFNs. [Phillip A. Prindeville]
+
+  *) mod_browser has been replaced by the more general mod_setenvif
+     (courtesy of Paul Sutton).  BrowserMatch* directives are still
+     available, but are now joined by SetEnvIf*, UnSetEnvIf*, and
+     UnSetEnvIfZero directives.  [Ken Coar]
+
+  *) "HostnameLookups double" forces double-reverse DNS to succeed in
+     order for remote_host to be set (for logging, or for the env var
+     REMOTE_HOST).  The old define MAXIMUM_DNS has been deprecated.
+     [Dean Gaudet]
+
+  *) mod_access overhaul:
+     - Now understands network/netmask syntax (i.e.  10.1.0.0/255.255.0.0)
+	and cidr syntax (i.e. 10.1.0.0/16).  PR#762
+     - Critical path was sped up by pre-computing a few things at config
+	time.
+     - The undocumented syntax "allow user-agents" was removed,
+	the replacement is "allow from env=foobar" combined with mod_browser.
+     - When used with hostnames it now forces a double-reverse lookup
+	no matter what the directory settings are.  This double-reverse
+	doesn't affect any of the other routines that use the remote
+	hostname.  In particular it's still passed to CGIs and the log
+	without the double-reverse check.  Related PR#860.
+     [Dean Gaudet]
+
+  *) When a large bwrite() occurs (larger than the internal buffer size),
+     while there is already something in the buffer, apache will combine
+     the large write and the buffer into a single writev().  (This is
+     in anticipation of using mmap() for reading files.)
+     [Dean Gaudet]
+
+  *) In obscure cases where a partial socket write occurred while chunking,
+     Apache would omit the chunk header/footer on the next block.  Cleaned
+     up other bugs/inconsistencies in error conditions in buff.c.  Fixed
+     a bug where a long pause in DNS lookups could cause the last packet
+     of a response to be unduly delayed.  [Roy Fielding, Dean Gaudet]
+
+  *) API: Added child_exit function to module structure.  This is called
+     once per "heavy-weight process" just before a server child exit()'s 
+     e.g. when max_requests_per_child is reached, etc.
+     [Doug MacEachern, Dean Gaudet]
+
+  *) mod_include cleanup showed that handle_else was being used to handle
+     endif.  It didn't cause problems, but it was cleaned up too.
+     [Howard Fear]
+
+  *) mod_cern_meta would attempt to find meta files for the directory itself
+     in some cases, but not in others.  It now avoids it in all cases.
+     [Dean Gaudet]
+
+  *) mod_mime_magic would core dump if there was a decompression error.
+     [Martin Kraemer <Martin.Kraemer@mch.sni.de>] PR#904
+
+  *) PORT: some variants of DGUX require -lsocket -lnsl
+     [Alexander L Jones <alex@systems-options.co.uk>] PR#732
+
+  *) mod_autoindex now allows sorting of FancyIndexed directory listings
+     by the various fields (name, size, et cetera), either in ascending
+     or descending order.  Just click on the column header.  [Ken Coar]
+
+  *) PORT: Various tweaks to eliminate pointer-int casting warnings on 64-bit
+     CPUs like the Alpha.  Apache still stores ints in pointers, but that's
+     the relatively safe direction.  [Dean Gaudet] PR#344
+
+  *) PORT: QNX mmap() support for faster/more reliable scoreboard handling.
+     [Igor N Kovalenko <infoh@mail.wplus.net>] PR#683
+
+  *) child_main avoids an unneeded call to select() when there is only one
+     listening socket.  [Dean Gaudet]
+
+  *) In the event that the server is starved for idle servers it will
+     spawn 1, then 2, then 4, ..., then 32 servers each second,
+     doubling each second.  It'll also give a warning in the errorlog
+     since the most common reason for this is a poor StartServers
+     setting.  The define MAX_SPAWN_RATE can be used to raise/lower
+     the maximum.  [Dean Gaudet]
+
+  *) Apache now provides an effectively unbuffered connection for
+     CGI scripts.  This means that data will be sent to the client
+     as soon as the CGI pauses or stops output; previously, Apache would
+     buffer the output up to a fixed buffer size before sending, which
+     could result in the user viewing an empty page until the CGI finished
+     or output a complete buffer.  It is no longer necessary to use an
+     "nph-" CGI to get unbuffered output.  Given that most CGIs are written
+     in a language that by default does buffering (e.g. perl) this
+     shouldn't have a detrimental effect on performance.
+
+     "nph-" CGIs, which formerly provided a direct socket to the client
+     without any server post-processing, were not fully compatible with
+     HTTP/1.1 or SSL support.  As such they would have had to implement
+     the transport details, such as encryption or chunking, in order
+     to work properly in certain situations.  Now, the only difference
+     between nph and non-nph scripts is "non-parsed headers".
+     [Dean Gaudet, Sameer Parekh, Roy Fielding]
+
+  *) If a BUFF is switched from buffered to unbuffered reading the first
+     bread() will return whatever remained in the buffer prior to the
+     switch. [Dean Gaudet]
+
+Changes with Apache 1.3a1
+
+  *) Added another Configure helper script: TestLib. It determines
+     if a specified library exists.  [Jim Jagielski]
+
+  *) PORT: Allow for use of n32bit libraries under IRIX 6.x
+     [derived from patch from Jeff Hayes <jhayes@aw.sgi.com>]
+     PR#721
+
+  *) PORT: Some architectures use size_t for various lengths in network
+     functions such as accept(), and getsockname().  The definition
+     NET_SIZE_T is used to control this. [Dean Gaudet]
+
+  *) PORT: Linux: Attempt to detect glibc based systems and include crypt.h
+     and -lcrypt.  Test for various db libraries (dbm, ndbm, db) when
+     mod_auth_dbm or mod_auth_db are included.  [Dean Gaudet]
+
+  *) PORT: QNX doesn't have initgroups() which support/suexec.c uses.
+     [Igor N Kovalenko <infoh@mail.wplus.net>]
+
+  *) "force-response-1.0" now only applies to requests which are HTTP/1.0 to
+     begin with.  "nokeepalive" now works for HTTP/1.1 clients.  Added
+     "downgrade-1.0" which causes Apache to pretend it received a 1.0.
+     [Dean Gaudet] related PR#875
+
+  *) API: Correct child_init() slot declaration from int to void, to
+     match the init() declaration.  Update mod_example to use the new
+     hook.  [Ken Coar]
+
+  *) added transport handle slot (t_handle) to the BUFF structure
+     [Doug MacEachern]
+
+  *) get_client_block() returns wrong length if policy is
+     REQUEST_CHUNKED_DECHUNK.
+     [Kenichi Hori <ken@d2.bs1.fc.nec.co.jp>] PR#815
+
+  *) Support the image map format of FrontPage.  For example:
+        rect /url.hrm 10 20 30 40
+     ["Chris O'Byrne" <obyrne@iol.ie>] PR#807
+
+  *) PORT: -lresolv and -lsocks were in the wrong order for Solaris.
+     ["Darren O'Shaughnessy" <darren@aaii.oz.au>] PR#846
+
+  *) AddModuleInfo directive for mod_info which allows you to annotate
+     the output of mod_info.  ["Lou D. Langholtz" <ldl@usi.utah.edu>]
+
+  *) Added NoProxy directive to avoid using ProxyRemote for selected
+     addresses.  Added ProxyDomain directive to cause unqualified
+     names to be qualified by redirection.
+     [Martin Kraemer <Martin.Kraemer@mch.sni.de>]
+
+  *) Support Proxy Authentication, and don't pass the Proxy-Authorize
+     header to the remote host in the proxy. [Sameer Parekh and
+     Wallace]
+
+  *) Upgraded mod_rewrite from 3.0.6+ to latest officially available version
+     3.0.9. This upgrade includes: fixed deadlooping on rewriting to same
+     URLs, fixed rewritelog(), fixed forced response code handling on
+     redirects from within .htaccess files, disabled pipe locking under
+     braindead SunOS 4.1.x, allow env variables to be set even on rules with
+     no substitution, bugfixed situations where HostnameLookups is off, made
+     mod_rewrite more thread-safe for NT port and fixed problem when creating
+     an empty query string via "xxx?".
+         This update also removes the copyright of Ralf S. Engelschall,
+     i.e. now mod_rewrite no longer has a shared copyright. Instead is is
+     exclusively copyrighted by the Apache Group now. This happened because
+     the author now has gifted mod_rewrite exclusively to the Apache Group and 
+     no longer maintains an external version.
+     [Ralf S. Engelschall]
+
+  *) API: Added child_init function to module structure.  This is called
+     once per "heavy-weight process" before any requests are handled.
+     See http_config.h for more details.  [Dean Gaudet]
+
+  *) Anonymous_LogEmail was logging on each subrequest.
+     [Dean Gaudet] PR#421, 868
+
+  *) API: Added is_initial_req() which tests if the request being
+     processed is the initial request, or a subrequest.
+     [Doug MacEachern]
+
+  *) Extended SSI (mod_include) now handles additional relops for
+     string comparisons (<, >, <=, and >=).  [Bruno Wolff III] PR#41
+
+  *) Configure fixed to correctly propagate user-selected options and
+     settings (such as CC and OPTIM) to Makefiles other than
+     src/Makefile (notably support/Makefile).  [Ken Coar] PR#666, #834
+
+  *) IndexOptions SuppressHTMLPreamble now causes the actual HTML of
+     directory indices to start with the contents of the HeaderName file
+     if there is one.  If there isn't one, the behaviour is unchanged.
+     [Ken Coar, Roy Fielding, Andrey A. Chernov]
+
+  *) WIN32: Modules can now be dynamically loaded DLLs using the
+     LoadModule/LoadFile directives. Note that module DLLs must be
+     compiled with the multithreaded DLL version of the runtime library.
+     [Alexei Kosut and Ben Laurie]
+
+  *) Automatic indexing removed from mod_dir and placed into mod_autoindex.
+     This allows the admin to completely remove automatic indexing
+     from the server, while still supporting the basic functions of
+     trailing-slash redirects and DirectoryIndex files.  Note that if
+     you're carrying over an old Configuration file and you use directory
+     indexing then you'll want to add:
+
+     Module autoindex_module    mod_autoindex.o
+
+     before mod_dir in your Configuration.  [Dean Gaudet]
+
+  *) popendir/pclosedir created to properly protect directory scanning.
+     [Dean Gaudet] PR#525
+
+  *) AliasMatch, ScriptAliasMatch and RedirectMatch directives added,
+     giving regex support to mod_alias. <DirectoryMatch>, <LocationMatch>
+     and <FilesMatch> sections added to succeed <DirectoryMatch ~>, etc...
+     [Alexei Kosut]
+
+  *) The AccessFileName directive can now take more than one filename.
+     ["Lou D. Langholtz" <ldl@usi.utah.edu>]
+
+  *) The new mod_mime_magic can be used to "magically" determine the type
+     of a file if the extension is unknown.  Based on the unix file(1)
+     command.  [Ian Kluft <ikluft@cisco.com>]
+
+  *) We now determine and display the time spent processing a
+     request if desired.  [Jim Jagielski]
+
+  *) mod_status: PID field of "dead" child slots no longer displays
+     main httpd process's PID.  [Jim Jagielski]
+
+  *) Makefile.nt added - to build all the bits from the command line:
+        nmake -f Makefile.nt
+         Doesn't yet work properly. [Ben Laurie]
+
+  *) Default text of 404 error is now "Not Found" rather than the
+     potentially misleading "File Not Found".  [Ken Coar]
+
+  *) CONFIG: "HostnameLookups" now defaults to off because it is far better
+     for the net if we require people that actually need this data to
+     enable it.  [Linus Torvalds]
+
+  *) directory_walk() is an expensive function, keep a little more state to
+     avoid needless string counting.  Add two new functions make_dirstr_parent
+     and make_dirstr_prefix which replace all existing uses of make_dirstr.
+     The new functions are a little less general than make_dirstr, but
+     work more efficiently (less memory, less string counting).
+     [Dean Gaudet]
+
+  *) EXTRA_LFLAGS was changed to EXTRA_LDFLAGS (and LFLAGS was changed
+     to LDFLAGS) to avoid complications with lex rules in make files.
+     [Dean Gaudet] PR#372
+
+  *) run_method optimized to avoid needless scanning over NULLs in the
+     module list.  [Dean Gaudet]
+
+  *) Revamp of (unix) scoreboard management code such that it avoids
+     unnecessary traversals of the scoreboard on each hit.  This is
+     particularly important for high volume sites with a large
+     HARD_SERVER_LIMIT.  Some of the previous operations were O(n^2),
+     and are now O(n).  See also SCOREBOARD_MAINTENANCE_INTERVAL in
+     httpd.h. [Dean Gaudet]
+
+  *) In configurations using multiple Listen statements it was possible for
+     busy sockets to starve other sockets of service.  [Dean Gaudet]
+
+  *) Added hook so standalone_main can be replaced at compile time
+     (define STANDALONE_MAIN)
+     [Doug MacEachern]
+
+  *) Lowest-level read/write functions in buff.c will be replaced with
+     the SFIO library calls sfread/sfwrite if B_SFIO is defined at
+     compile time.  The default sfio discipline will behave as apache
+     would without sfio compiled in.
+     [Doug MacEachern]
+
+  *) Enhance UserDir directive (mod_userdir) to accept a list of
+     usernames for the 'disable' keyword, and add 'enable user...' to
+     selectively *en*able userdirs if they're globally disabled.
+     [Ken Coar]
+
+  *) If NETSCAPE_DBM_COMPAT is defined in EXTRA_CFLAGS then Apache
+     will work with Netscape dbm files.  (dbmmanage will probably not
+     work however.) [Alexander Spohr <aspohr@netmatic.com>] PR#444
+
+  *) Add a ListenBacklog directive to control the backlog parameter
+     passed to listen().  Also change the default to 511 from 512.
+     [Marc Slemko]
+
+  *) API: A new handler response DONE which informs apache that the
+     request has been handled and it can finish off quickly, similar to
+     how it handles errors. [Rob Hartill]
+
+  *) Turn off chunked encoding after sending terminating chunk/footer
+     so that we can't do it twice by accident. [Roy Fielding]
+
+  *) mod_expire also issues Cache-Control: max-age headers.
+     [Rob Hartill]
+
+  *) API: Added kill_only_once option for free_proc_chain so that it won't
+     aggressively try to kill off specific children.  For fastcgi.
+     [Stanley Gambarin <gambarin@OpenMarket.com>]
+
+  *) mod_auth deals with extra ':' delimited fields.  [Marc Slemko]
+
+  *) Added IconHeight and IconWidth to mod_dir's IndexOptions directive.
+     When used together, these cause mod_dir to emit HEIGHT and WIDTH
+     attributes in the FancyIndexing IMG tags.  [Ken Coar]
+
+  *) PORT: Sequent and SONY NEWS-OS support added.  [Jim Jagielski]
+
+  *) PORT: Added Windows NT support
+     [Ben Laurie and Ambarish Malpani <ambarish@valicert.com>]
+
+Changes with Apache 1.2.6
+
   *) mod_include when using XBitHack Full would send ETags in addition to
      sending Last-Modifieds.  This is incorrect HTTP/1.1 behaviour.
      [Dean Gaudet] PR#1133
@@ -48,7 +3408,7 @@ Changes with Apache 1.2.6
   *) table_set() and table_unset() did not deal correctly with
      multiple occurrences of the same key. [Stephen Scheck
      <sscheck@infonex.net>, Ben Laurie] PR#1604
-  
+
   *) send_fd_length() did not calculate total_bytes_sent properly in error
      cases.  [Ben Reser <breser@regnow.com>] PR#1366
 
@@ -209,7 +3569,7 @@ Changes with Apache 1.2.2 [not released]
      endif.  It didn't cause problems, but it was cleaned up too.
      [Howard Fear]
 
-  *) Last official synchonisation of mod_rewrite with author version (because
+  *) Last official synchronization of mod_rewrite with author version (because
      mod_rewrite is now directly developed by the author at the Apache Group):
      o added diff between mod_rewrite 3.0.6+ and 3.0.9
        minus WIN32/NT stuff, but plus copyright removement.
@@ -335,7 +3695,7 @@ Changes with Apache 1.2.1
 
   *) Update mod_rewrite from 3.0.5 to 3.0.6.  New ruleflag
      QSA=query_string_append.  Also fixed a nasty bug in per-dir context:
-     when a URL http://... was used in concunction with a special
+     when a URL http://... was used in conjunction with a special
      redirect flag, e.g. R=permanent, the permanent status was lost.
      [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>, Ralf S. Engelschall]
 
@@ -352,7 +3712,7 @@ Changes with Apache 1.2.1
 
   *) PORT: fix rlim_t problems with AIX 4.2. [Marc Slemko] PR#333
 
-  *) PORT: Update Unixware support for 2.1.2.
+  *) PORT: Update UnixWare support for 2.1.2.
      [Lawrence Rosenman <ler@lerctr.org>] PR#511
 
   *) PORT: NonStop-UX [Joachim Schmitz <schmitz_joachim@tandem.com>] PR#327
@@ -360,14 +3720,14 @@ Changes with Apache 1.2.1
   *) PORT: Update ConvexOS support for 11.5.
      [David DeSimone <fox@convex.com>] PR#399
 
-  *) PORT: Support for dec cc compiler under ultrix.
+  *) PORT: Support for DEC cc compiler under ULTRIX.
      ["P. Alejandro Lopez-Valencia" <alejolo@ideam.gov.co>] PR#388
 
   *) PORT: Support for Maxion/OS SVR4.2 Real Time Unix. [no name given] PR#383
 
   *) PORT: Workaround for AIX 3.x compiler bug in http_bprintf.c.  
      [Marc Slemko] PR#725
-  
+
   *) PORT: fix problem compiling http_bprintf.c with gcc under SCO
      [Marc Slemko] PR#695
 
@@ -378,13 +3738,13 @@ Changes with Apache 1.2b11
   *) Fixed open timestamp fd in proxy_cache.c [Chuck Murcko]
 
   *) Added undocumented perl SSI mechanism for -DUSE_PERL_SSI and mod_perl.
-     [Rob Hartill]
+     [Doug MacEachern, Rob Hartill]
 
   *) Proxy needs to use hard_timeout instead of soft_timeout when it is
      reading from one buffer and writing to another, at least until it has
      a custom timeout handler.  [Roy Fielding and Petr Lampa]
 
-  *) Fixed problem on Irix with servers hanging in IdentityCheck,
+  *) Fixed problem on IRIX with servers hanging in IdentityCheck,
      apparently due to a mismatch between sigaction and setjmp.
      [Roy Fielding] PR#502
 
@@ -582,7 +3942,7 @@ Changes with Apache 1.2b9  [never announced]
 
   *) Clean up Linux settings in conf.h by detecting 2.x versus 1.x.  For
      1.x the settings are those of pre-1.2b8.  For 2.x we include
-     HAVE_SHMGET (scoreboard in shared memory rather than file) and
+     USE_SHMGET_SCOREBOARD (scoreboard in shared memory rather than file) and
      HAVE_SYS_RESOURCE_H (enable the RLimit commands).
      [Dean Gaudet] PR#336, PR#340
 
@@ -591,7 +3951,7 @@ Changes with Apache 1.2b9  [never announced]
 
   *) Configure was finding non-modules on EXTRA_LIBS. [Frank Cringle] PR#380
 
-  *) Use /bin/sh5 on ultrix.  [P. Alejandro Lopez-Valencia] PR#369
+  *) Use /bin/sh5 on ULTRIX.  [P. Alejandro Lopez-Valencia] PR#369
 
   *) Add UnixWare compile/install instructions.  [Chuck Murcko]
 
@@ -627,7 +3987,7 @@ Changes with Apache 1.2b8
      spurious log messages, removing the nonblocking settings (they
      are not needed with the better timeout), and adding commentary
      about the NO_LINGCLOSE and USE_SO_LINGER issues.  NO_LINGCLOSE is
-     now the default for SunOS4, Unixware, NeXT, and Irix.  [Roy Fielding]
+     now the default for SunOS4, UnixWare, NeXT, and IRIX.  [Roy Fielding]
 
   *) Send error messages about setsockopt failures to the server error
      log instead of stderr.  [Roy Fielding]
@@ -639,7 +3999,7 @@ Changes with Apache 1.2b8
      of r->pool so that we can avoid waiting for free_proc_chain to cleanup
      in the middle of an SSI request.  [Dean Gaudet] PR #122
 
-  *) Fixed status of response when POST is received for a nonexistant URL
+  *) Fixed status of response when POST is received for a nonexistent URL
      (was sending 405, now 404) and when any method is sent with a
      full-URI that doesn't match the server and the server is not acting
      as a proxy (was sending 501, now 403).  [Roy Fielding]
@@ -648,7 +4008,7 @@ Changes with Apache 1.2b8
 
   *) Fix typo in command definition of AuthAuthoritative. [Ken Coar] PR #246
 
-  *) Defined HAVE_SHMGET for shared memory on Linux.  [Dean Gaudet]
+  *) Defined USE_SHMGET_SCOREBOARD for shared memory on Linux.  [Dean Gaudet]
 
   *) Report extra info from errno with many errors that cause httpd to exit.
      spawn_child, popenf, and pclosef now have valid errno returns in the
@@ -1005,12 +4365,12 @@ Changes with Apache 1.2b5
      recommended that previously installed versions of the wrapper
      be replaced with this version.  [Randy Terbush, Jason Dour]
 
-	- ~user execution now properly restricted to ~user's home
-	  directory and below.
-	- execution restricted to UID/GID > 100
-	- restrict passed environment to known variables
-	- call setgid() before initgroups() (portability fix)
-	- remove use of setenv() (portability fix)
+        - ~user execution now properly restricted to ~user's home
+          directory and below.
+        - execution restricted to UID/GID > 100
+        - restrict passed environment to known variables
+        - call setgid() before initgroups() (portability fix)
+        - remove use of setenv() (portability fix)
 
   *) Add HTTP/1.0 response forcing. [Ben Laurie]
 
@@ -1200,14 +4560,14 @@ Changes with Apache 1.2b2:
         4) Some code cleanup and clarification
 
   *) mod_include.c bugfixes:
-	1) Fixed an ommission that caused include variables to not
-	   be parsed in config errmsg directives [Howard Fear]
-	2) Remove HAVE_POSIX_REGEX cruft [Alexei Kosut]
-	3) Patch to fix compiler warnings [perrot@lal.in2p3.fr]
-	4) Allow backslash-escaping to all quoted text
-	   [Ben Yoshino <ben@wiliki.eng.hawaii.edu>]
-	5) Pass variable to command line if not set in XSSI's env
-	   [Howard Fear]
+        1) Fixed an ommission that caused include variables to not
+           be parsed in config errmsg directives [Howard Fear]
+        2) Remove HAVE_POSIX_REGEX cruft [Alexei Kosut]
+        3) Patch to fix compiler warnings [perrot@lal.in2p3.fr]
+        4) Allow backslash-escaping to all quoted text
+           [Ben Yoshino <ben@wiliki.eng.hawaii.edu>]
+        5) Pass variable to command line if not set in XSSI's env
+           [Howard Fear]
 
   *) Fix infinite loop when processing Content-language lines in
      type-map files. [Alexei Kosut]
@@ -1236,12 +4596,12 @@ Changes with Apache 1.2b2:
      and portable isdigit() test.  [Ben Laurie]
 
   *) Updated Configure for ...
-	OS/2	      (DEF_WANTHSREGEX=yes, other code changes)
+        OS/2          (DEF_WANTHSREGEX=yes, other code changes)
         *-dg-dgux*    (bad pattern match)
         QNX           (DEF_WANTHSREGEX=yes)
         *-sunos4*     (DEF_WANTHSREGEX=yes, -DUSEBCOPY)
         *-ultrix      (new)
-	*-unixware211 (new)
+        *-unixware211 (new)
      and added some user diagnostic info.  [Ben Laurie]
 
   *) In helpers/CutRule, replaced "cut" invocation with "awk" invocation
@@ -1249,8 +4609,8 @@ Changes with Apache 1.2b2:
 
   *) Updated helpers/GuessOS for ...
         SCO 5            (recognize minor releases)
-        SCO Unixware     (braindamaged uname, whatever-whatever-unixware2)
-	SCO UnixWare 2.1.1	(requires a separate set of #defines in conf.h)
+        SCO UnixWare     (braindamaged uname, whatever-whatever-unixware2)
+        SCO UnixWare 2.1.1      (requires a separate set of #defines in conf.h)
         IRIX64           (-sgi-irix64)
         ULTRIX           (-unknown-ultrix)
         SINIX            (-whatever-sysv4)
@@ -1294,8 +4654,8 @@ Changes with Apache 1.1.0:
   *) Bugs which were fixed:
         a) yet more mod_proxy bugs [Ben Laurie]
         b) CGI works again with inetd [Alexei Kosut]
-	c) Leading colons were stripped from passwords [osm@interguide.com]
-	d) Another fix to multi-method Limit problem [jk@tools.de]
+        c) Leading colons were stripped from passwords [osm@interguide.com]
+        d) Another fix to multi-method Limit problem [jk@tools.de]
 
 Changes with Apache 1.1b4:
 
@@ -1364,12 +4724,12 @@ Changes with Apache 1.1b3:
      value. [Alexei Kosut]
 
   *) Bugs which were fixed:
-	a) numerous mod_proxy bugs
-	b) CGI early-termination bug [Ben Laurie]
-	c) Keepalives not working with virtual hosts
-	d) RefererIgnore problems
-	e) closing fd's twice in mod_include (causing core dumps on
-	   Linux and elsewhere).
+        a) numerous mod_proxy bugs
+        b) CGI early-termination bug [Ben Laurie]
+        c) Keepalives not working with virtual hosts
+        d) RefererIgnore problems
+        e) closing fd's twice in mod_include (causing core dumps on
+           Linux and elsewhere).
 
 Changes with Apache 1.1b2:
 
@@ -1932,7 +5292,7 @@ Changes with Apache 0.8.2
      module (commented out in the default Configuration, and noted as
      an experiment, along with mod_dld). [Mark Cox]
 
-  *) Compiles on Ultrix (a continuing battle...). [Robert Thau]
+  *) Compiles on ULTRIX (a continuing battle...). [Robert Thau]
 
   *) Fixed nasty bug in SIGTERM handling [reported by Randy Terbush]
 
diff --git a/usr.sbin/httpd/src/Configure b/usr.sbin/httpd/src/Configure
index a8822c7dcfe..e961d076187 100644
--- a/usr.sbin/httpd/src/Configure
+++ b/usr.sbin/httpd/src/Configure
@@ -618,6 +618,12 @@ case "$PLAT" in
 	DEF_WANTHSREGEX=yes
 	LIBS="$LIBS -lsocket -lnsl -lc"
 	;;
+    pyramid-pyramid-svr4)
+	OS='SVR4'
+	CFLAGS="$CFLAGS -DSVR4 -DNO_LONG_DOUBLE"
+	DEF_WANTHSREGEX=yes
+	LIBS="$LIBS -lsocket -lnsl -lc"
+	;;
     DS/90\ 7000-*-sysv4*)
 	OS='UXP/DS'
 	CFLAGS="$CFLAGS -DUXPDS"
@@ -708,6 +714,12 @@ case "$PLAT" in
         DEF_WANTHSREGEX=yes
         LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb"
         ;;
+    drs6000*)
+        OS='DRS6000'
+        CFLAGS="$CFLAGS -DSVR4"
+        DEF_WANTHSREGEX=yes
+        LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb"
+        ;;
     *) # default: Catch systems we don't know about
         OS='Unknown and unsupported OS'
     	echo Sorry, but we cannot grok \"$PLAT\"
@@ -1499,7 +1511,7 @@ if [ "x$using_shlib" = "x1" ] ; then
         #    select the special subtarget for shared core generation
         SUBTARGET=target_shared
         #    determine additional suffixes for libhttpd.so
-        V=1 R=3 P=2
+        V=1 R=3 P=3
         if [ ".$SHLIB_SUFFIX_DEPTH" = .0 ]; then
             SHLIB_SUFFIX_LIST=""
         fi
@@ -1540,7 +1552,7 @@ fi
 ####################################################################
 ## Now create modules.c
 ##
-cat $tmpfile | sed 's/_module//' | awk >modules.c '
+$CAT > $awkfile <<'EOFM'
     BEGIN {
 	modules[n++] = "core"
 	pmodules[pn++] = "core"
@@ -1588,7 +1600,9 @@ cat $tmpfile | sed 's/_module//' | awk >modules.c '
 	print "  NULL"
 	print "};"
 	print ""
-    }'
+    }
+EOFM
+$CAT $tmpfile | sed 's/_module//' | awk -f $awkfile > modules.c 
 
 ####################################################################
 ## figure out which module dir require use to autocreate a Makefile.
diff --git a/usr.sbin/httpd/src/README.EBCDIC b/usr.sbin/httpd/src/README.EBCDIC
index 749ddc66765..e3361adadf3 100644
--- a/usr.sbin/httpd/src/README.EBCDIC
+++ b/usr.sbin/httpd/src/README.EBCDIC
@@ -2,8 +2,8 @@
 
 This version of Apache comes with a first-cut (working, but not
 fully tested) port to a mainframe machine which uses the EBCDIC
-character set as its native codeset (It is the SIEMENS NIXDORF
-family of mainframes running the BS2000 operating system. This
+character set as its native codeset (It is the SIEMENS family 
+of mainframes running the BS2000 operating system. This
 mainframe OS nowadays features a SVR4-like POSIX subsystem).
 
 The port was started initially to
@@ -22,7 +22,7 @@ decisions of the port to this machine.
   #ifdef CHARSET_EBCDIC     Code which is needed for any EBCDIC
 			    based machine
   #ifdef _OSD_POSIX         Code which is needed for the BS2000
-			    SIEMENS NIXDORF mainframe platform only.
+			    SIEMENS mainframe platform only.
 
 * The possibility to translate between ASCII and EBCDIC at the
   socket level (on BS2000 POSIX, there is a socket option which
@@ -88,56 +88,6 @@ decisions of the port to this machine.
   An example for the latter case is the wwwcount program which we ported
   as well.
 
-What works:
-- In the following list,
-    + means: works, tested
-    - means: doesn't work for some reason
-    ? means: compiled-in, but untested
-
-  http_core.c       +
-  mod_access.c      +
-  mod_actions.c     ?
-  mod_alias.c       +
-  mod_asis.c        ?
-  mod_auth.c        +
-  mod_auth_anon.c   +
-  mod_auth_db.c     ? with own libdb.a
-  mod_auth_dbm.c    ? with own libdb.a
-  mod_autoindex.c   +
-  mod_cern_meta.c   ?
-  mod_cgi.c         +
-  mod_digest.c      - / MD5 not ported yet
-  mod_dir.c         +
-  mod_env.c         +
-  mod_example.c     - / not tried yet
-  mod_expires.c     +
-  mod_headers.c     +
-  mod_imap.c        +
-  mod_include.c     +
-  mod_info.c        +
-  mod_log_agent.c   +
-  mod_log_config.c  +
-  mod_log_referer.c +
-  mod_mime.c        +
-  mod_mime_magic.c  - / not tried yet
-  mod_negotiation.c +
-  mod_proxy.c       +
-  mod_rewrite.c     ? / untested
-  mod_setenvif.c    +
-  mod_so.c          - / no shared libs
-  mod_speling.c     +
-  mod_status.c      +
-  mod_unique_id.c   +
-  mod_userdir.c     +
-  mod_usertrack.c   ? / untested
-
-Additional (third-party) modules:                    See:
-  mod_jserv.c       - / JAVA still being ported  http://java.apache.org/
-  mod_php.c         - / not ported yet           http://www.php.net/
-  mod_put.c         ? / untested                 http://hpwww.ec-lyon.fr/~vincent/apache/mod_put.html
-  mod_session.c     ? / untested                 ftp://hachiman.vidya.com/pub/apache/mod_session.tar.gz
-
-
 Notes:
     To use the mod_auth_db functionality, you will need a working libdb.a.
 On the system where I did the port none was available, so I ported the
@@ -145,4 +95,6 @@ standard db-1.85.14 with little problems. Note however that you will need
 a working perl5 as well if you want to use Apache's dbmmanage script to
 maintain db user databases.
 
-			    Martin Kraemer, 31-Mar-1998
+See also the ebcdic.html document which is part of the apache documentation.
+
+			    Martin Kraemer, 1-Oct-1998
diff --git a/usr.sbin/httpd/src/helpers/GuessOS b/usr.sbin/httpd/src/helpers/GuessOS
index 0029797bbc5..096df4fd965 100644
--- a/usr.sbin/httpd/src/helpers/GuessOS
+++ b/usr.sbin/httpd/src/helpers/GuessOS
@@ -3,10 +3,12 @@
 # Simple OS/Platform guesser. Similar to config.guess but
 # much, much smaller. Since it was developed for use with
 # Apache, it follows under Apache's regular licensing
-# with one specific addition: Any changes or additions
-# to this script should be Emailed to the Apache
-# group (apache@apache.org) in general and to
-# Jim Jagielski (jim@jaguNET.com) in specific.
+# (see http://www.apache.org/docs/LICENSE)  with one specific
+# addition: Any changes or additions to this script should be
+# Emailed to the Apache group (apache@apache.org) in general
+# and to Jim Jagielski (jim@apache.org) in specific.
+#
+# Blame Jim; he wrote it (plus a cast of dozens)
 #
 # Be as similar to the output of config.guess/config.sub
 # as possible.
@@ -50,12 +52,22 @@ if [ "x$XREL" != "x" ]; then
 	    4.2)
 		echo "whatever-whatever-unixware1"; exit 0
 		;;
+	    5)
+	    	case "$VERSION" in
+		    7*)
+			echo "${MACHINE}-whatever-unixware7"; exit 0
+			;;
+		esac
+		;;
 	esac
     fi
 fi
 # Now we simply scan though... In most cases, the SYSTEM info is enough
 #
 case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+    MiNT:*)
+        echo "m68k-atari-mint"; exit 0
+	;;
     A/UX:*)
 	echo "m68k-apple-aux3"; exit 0
 	;;
@@ -74,18 +86,15 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 
     HP-UX:*)
 	HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
-	case "$HPUXVER" in
-	    10.*)
-		echo "${MACHINE}-hp-hpux10."; exit 0
-		;;
-	    *)
-		echo "${MACHINE}-hp-hpux"; exit 0
-		;;
-	esac
+	echo "${MACHINE}-hp-hpux${HPUXVER}"; exit 0
 	;;
 
     IRIX:*)
-	echo "${MACHINE}-sgi-irix"; exit 0
+	if [ -f /usr/lib32/mips4/libm.so ]; then
+	    echo "${MACHINE}-sgi-irix32"; exit 0
+	else
+	    echo "${MACHINE}-sgi-irix"; exit 0
+	fi
 	;;
 
     IRIX64:*)
@@ -113,11 +122,13 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	;;
 
     FreeBSD:*:*:*486*)
-	echo "i486-whatever-freebsd"; exit 0
+	FREEBSDVERS=`echo ${RELEASE}|sed -e 's/[-(].*//'`
+	echo "i486-whatever-freebsd${FREEBSDVERS}"; exit 0
 	;;
 
     FreeBSD:*)
-	echo "${MACHINE}-whatever-freebsd"; exit 0
+	FREEBSDVERS=`echo ${RELEASE}|sed -e 's/[-(].*//'`
+	echo "${MACHINE}-whatever-freebsd${FREEBSDVERS}"; exit 0
 	;;
 
     NetBSD:*:*:*486*)
@@ -137,14 +148,11 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	;;
 
     QNX:*)
-	case "$VERSION" in
-	    423)
-		echo "${MACHINE}-qssl-qnx32"
-		;;
-	    *)
-		echo "${MACHINE}-qssl-qnx"
-		;;
-	esac
+	if [ "$VERSION" -gt 422 ]; then
+	    echo "${MACHINE}-qssl-qnx32"
+	else
+	    echo "${MACHINE}-qssl-qnx"
+	fi
 	exit 0
 	;;
 
@@ -153,7 +161,13 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	;;
 
     SunOS:5.*)
-	echo "${MACHINE}-sun-solaris2"; exit 0
+	SOLVER=`echo ${RELEASE}|awk -F. '{
+	    if (NF < 3)
+		printf "2%s0\n",$2
+	    else
+	    	printf "2%s%s\n",$2,$3
+	}'`
+	echo "${MACHINE}-sun-solaris2.${SOLVER}"; exit 0
 	;;
 
     SunOS:*)
@@ -164,16 +178,25 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-whatever-sysv4"; exit 0
 	;;
 
+    unix:3.0.9*:*:88k)
+	echo "${MACHINE}-encore-sysv4"; exit 0
+	;;
+
     *:4*:R4*:m88k)
 	echo "${MACHINE}-whatever-sysv4"; exit 0
 	;;
 
+    UnixWare:5:99*:*)
+	# Gemini, beta release of next rev of unixware
+	echo "${MACHINE}-whatever-unixware212"; exit 0
+	;;
+
     DYNIX/ptx:4*:*)
 	echo "${MACHINE}-whatever-sysv4"; exit 0
 	;;
 
-    *:4.0:3.0:3[34]?? | *:4.0:3.0:3[34]??,*)
-	echo "i486-ncr-sysv4"; exit 0
+    *:4.0:3.0:[345][0-9]?? | *:4.0:3.0:3[34]??[/,]* | library:*)
+	echo "x86-ncr-sysv4"; exit 0
 	;;
 
     ULTRIX:*)
@@ -184,14 +207,14 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-sni-sysv4"; exit 0
 	;;
 
+    POSIX*BS2000)
+	echo "${MACHINE}-sni-sysv4"; exit 0
+	;;
+
     machten:*)
        echo "${MACHINE}-tenon-${SYSTEM}"; exit 0;
        ;;
 
-    library:*)
-	echo "${MACHINE}-ncr-sysv4"; exit 0
-	;;
-
     ConvexOS:*:11.*:*)
 	echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
 	;;
@@ -200,10 +223,38 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-ccur-sysv4"; exit 0;
 	;;
     
+    UNIX_SV:*)
+	if [ -d /usr/nec ];then
+		echo "mips-nec-sysv4"; exit 0;
+	fi
+	;;
+
     NonStop-UX:4.[02]*:[BC]*:*)
 	echo "${MACHINE}-tandem-sysv4"; exit 0;
 	;;
 
+    Rhapsody:*:*:*)
+	case "${MACHINE}" in
+	    Power*) MACHINE=powerpc ;;
+	esac
+	echo "${MACHINE}-apple-rhapsody${RELEASE}"; exit 0
+	;;
+
+    "RISC iX":*)
+	echo "arm-whatever-riscix"; exit 0;
+	;;
+
+    *:4.0:2:*)
+	echo "whatever-unisys-sysv4"; exit 0;
+	;;
+
+    *:*:dcosx:NILE*)
+	echo "pyramid-pyramid-svr4"; exit 0;
+	;;
+
+    *:*:*:"DRS 6000")
+        echo "drs6000-whatever-whatever"; exit 0;
+	;;
 esac
 
 #
@@ -223,7 +274,21 @@ fi
 ISNEXT=`hostinfo 2>/dev/null`
 case "$ISNEXT" in
     *NeXT*)
-	echo "whatever-next-nextstep"; exit 0
+#	echo "whatever-next-nextstep"; exit 0
+
+#	Swiped from a friendly uname clone for NEXT/OPEN Step.
+     	NEXTOSVER="`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`"
+	if [ "$NEXTOSVER" -gt 3.3 ]
+     	then
+          NEXTOS="openstep"
+     	else
+          NEXTOS="nextstep"
+     	fi
+
+	NEXTREL="`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`" 
+	NEXTARCH=`arch`
+	echo "${NEXTARCH}-next-${NEXTOS}${NEXTREL}" ; exit 0
+
 	;;
 esac
 
diff --git a/usr.sbin/httpd/src/include/ap_config.h b/usr.sbin/httpd/src/include/ap_config.h
index e12639e81ab..60e35665ab6 100644
--- a/usr.sbin/httpd/src/include/ap_config.h
+++ b/usr.sbin/httpd/src/include/ap_config.h
@@ -372,7 +372,6 @@ typedef int pid_t;
 #define USE_MMAP_SCOREBOARD
 #define MAP_TMPFILE
 #define HAVE_RESOURCE
-#define HAVE_SYS_RESOURCE_H /* apaci should catch this but doesn't */
 #define HAVE_SNPRINTF
 #define JMP_BUF jmp_buf
 #define USE_LONGJMP
@@ -466,6 +465,7 @@ typedef int rlim_t;
 #define NO_WRITEV
 #include <sys/time.h>
 #define HAVE_SYSLOG 1
+#undef HAVE_SYS_RESOURCE_H
 
 #elif defined(SCO5)
 
@@ -615,6 +615,7 @@ extern char *crypt();
 #define WEXITSTATUS(status)	(int)((status).w_retcode)
 #define WTERMSIG(status)	(int)((status).w_termsig)
 #define strftime(buf,bufsize,fmt,tm)    ascftime(buf,fmt,tm)
+#undef HAVE_SYS_RESOURCE_H /* exists but does not provide *rlimit funcs */
 #include <sys/types.h>
 #include <sys/time.h>     
 
@@ -645,6 +646,7 @@ extern char *crypt();
 typedef quad_t rlim_t;
 #endif
 #define USE_FLOCK_SERIALIZED_ACCEPT
+#define SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 #define HAVE_SYSLOG 1
 #define SYS_SIGLIST sys_siglist
 
@@ -706,8 +708,6 @@ typedef int rlim_t;
 #define NEED_STRNCASECMP
 #define NO_SETSID
 #define NO_TIMES
-/* ap_config_auto.h gets this wrong, force sys/select.h to be included */
-#define HAVE_SYS_SELECT_H
 #define CASE_BLIND_FILESYSTEM
 /* Add some drive name support */
 #define chdir _chdir2
diff --git a/usr.sbin/httpd/src/include/ap_mmn.h b/usr.sbin/httpd/src/include/ap_mmn.h
index 718dcd21136..5ad482c319d 100644
--- a/usr.sbin/httpd/src/include/ap_mmn.h
+++ b/usr.sbin/httpd/src/include/ap_mmn.h
@@ -159,6 +159,9 @@
  *			  4. compat.h    -> ap_compat.h
  *			  5. apctype.h   -> ap_ctype.h
  * 19980806 (1.3.2-dev) - add ap_log_rerror()
+ *                      - add ap_scan_script_header_err_core()
+ *                      - add ap_uuencode()
+ *                      - add ap_custom_response()
  * 19980811 (1.3.2-dev)	- added limit_req_line, limit_req_fieldsize, and
  *			  limit_req_fields to server_rec.
  *			  added limit_req_body to core_dir_config and
diff --git a/usr.sbin/httpd/src/include/httpd.h b/usr.sbin/httpd/src/include/httpd.h
index 0323072bf0a..d93a896a2db 100644
--- a/usr.sbin/httpd/src/include/httpd.h
+++ b/usr.sbin/httpd/src/include/httpd.h
@@ -410,7 +410,7 @@ extern "C" {
  * Example: "Apache/1.1.0 MrWidget/0.1-alpha" 
  */
 
-#define SERVER_BASEVERSION "Apache/1.3.2"	/* SEE COMMENTS ABOVE */
+#define SERVER_BASEVERSION "Apache/1.3.3"	/* SEE COMMENTS ABOVE */
 #define SERVER_VERSION  SERVER_BASEVERSION
 enum server_token_type {
     SrvTk_MIN,		/* eg: Apache/1.3.0 */
@@ -427,7 +427,7 @@ API_EXPORT(const char *) ap_get_server_built(void);
  * For a final release, 'betaseq' should be set to '99'.
  * For example, Apache 1.4.2 should be '1040299'
  */
-#define APACHE_RELEASE 1030299
+#define APACHE_RELEASE 1030399
 
 #define SERVER_PROTOCOL "HTTP/1.1"
 #ifndef SERVER_SUPPORT
@@ -443,10 +443,15 @@ API_EXPORT(const char *) ap_get_server_built(void);
 
 /* ----------------------- HTTP Status Codes  ------------------------- */
 
-#define RESPONSE_CODES 38
+/* The size of the static array in http_protocol.c for storing
+ * all of the potential response status-lines (a sparse table).
+ * A future version should dynamically generate the table at startup.
+ */
+#define RESPONSE_CODES 54
 
 #define HTTP_CONTINUE                      100
 #define HTTP_SWITCHING_PROTOCOLS           101
+#define HTTP_PROCESSING                    102
 #define HTTP_OK                            200
 #define HTTP_CREATED                       201
 #define HTTP_ACCEPTED                      202
@@ -454,12 +459,14 @@ API_EXPORT(const char *) ap_get_server_built(void);
 #define HTTP_NO_CONTENT                    204
 #define HTTP_RESET_CONTENT                 205
 #define HTTP_PARTIAL_CONTENT               206
+#define HTTP_MULTI_STATUS                  207
 #define HTTP_MULTIPLE_CHOICES              300
 #define HTTP_MOVED_PERMANENTLY             301
 #define HTTP_MOVED_TEMPORARILY             302
 #define HTTP_SEE_OTHER                     303
 #define HTTP_NOT_MODIFIED                  304
 #define HTTP_USE_PROXY                     305
+#define HTTP_TEMPORARY_REDIRECT            307
 #define HTTP_BAD_REQUEST                   400
 #define HTTP_UNAUTHORIZED                  401
 #define HTTP_PAYMENT_REQUIRED              402
@@ -476,6 +483,10 @@ API_EXPORT(const char *) ap_get_server_built(void);
 #define HTTP_REQUEST_ENTITY_TOO_LARGE      413
 #define HTTP_REQUEST_URI_TOO_LARGE         414
 #define HTTP_UNSUPPORTED_MEDIA_TYPE        415
+#define HTTP_RANGE_NOT_SATISFIABLE         416
+#define HTTP_EXPECTATION_FAILED            417
+#define HTTP_UNPROCESSABLE_ENTITY          422
+#define HTTP_LOCKED                        423
 #define HTTP_INTERNAL_SERVER_ERROR         500
 #define HTTP_NOT_IMPLEMENTED               501
 #define HTTP_BAD_GATEWAY                   502
@@ -483,6 +494,7 @@ API_EXPORT(const char *) ap_get_server_built(void);
 #define HTTP_GATEWAY_TIME_OUT              504
 #define HTTP_VERSION_NOT_SUPPORTED         505
 #define HTTP_VARIANT_ALSO_VARIES           506
+#define HTTP_NOT_EXTENDED                  510
 
 #define DOCUMENT_FOLLOWS    HTTP_OK
 #define PARTIAL_CONTENT     HTTP_PARTIAL_CONTENT
@@ -740,6 +752,13 @@ struct request_rec {
  * that way, a sub request's list can (temporarily) point to a parent's list
  */
     const struct htaccess_result *htaccess;
+
+/* Things placed at the end of the record to avoid breaking binary
+ * compatibility.  It would be nice to remember to reorder the entire
+ * record to improve 64bit alignment the next time we need to break
+ * binary compatibility for some other reason.
+ */
+    unsigned expecting_100;     /* is client waiting for a 100 response? */
 };
 
 
diff --git a/usr.sbin/httpd/src/main/alloc.c b/usr.sbin/httpd/src/main/alloc.c
index 67b4c224b67..e85a85aa3d2 100644
--- a/usr.sbin/httpd/src/main/alloc.c
+++ b/usr.sbin/httpd/src/main/alloc.c
@@ -1744,6 +1744,7 @@ API_EXPORT(FILE *) ap_pfopen(pool *a, const char *name, const char *mode)
     FILE *fd = NULL;
     int baseFlag, desc;
     int modeFlags = 0;
+    int saved_errno;
 
 #ifdef WIN32
     modeFlags = _S_IREAD | _S_IWRITE;
@@ -1766,22 +1767,26 @@ API_EXPORT(FILE *) ap_pfopen(pool *a, const char *name, const char *mode)
     else {
 	fd = fopen(name, mode);
     }
-
+    saved_errno = errno;
     if (fd != NULL)
 	ap_note_cleanups_for_file(a, fd);
     ap_unblock_alarms();
+    errno = saved_errno;
     return fd;
 }
 
 API_EXPORT(FILE *) ap_pfdopen(pool *a, int fd, const char *mode)
 {
     FILE *f;
+    int saved_errno;
 
     ap_block_alarms();
     f = ap_fdopen(fd, mode);
+    saved_errno = errno;
     if (f != NULL)
 	ap_note_cleanups_for_file(a, f);
     ap_unblock_alarms();
+    errno = saved_errno;
     return f;
 }
 
@@ -2217,6 +2222,10 @@ API_EXPORT(int) ap_bspawn_child(pool *p, int (*func) (void *, child_info *), voi
     HANDLE hPipeInputWrite  = NULL;
     HANDLE hPipeErrorRead   = NULL;
     HANDLE hPipeErrorWrite  = NULL;
+    HANDLE hPipeInputWriteDup = NULL;
+    HANDLE hPipeOutputReadDup = NULL;
+    HANDLE hPipeErrorReadDup  = NULL;
+    HANDLE hCurrentProcess;
     int pid = 0;
     child_info info;
 
@@ -2255,6 +2264,57 @@ API_EXPORT(int) ap_bspawn_child(pool *p, int (*func) (void *, child_info *), voi
 	}
 	return 0;
     }
+    /*
+     * When the pipe handles are created, the security descriptor
+     * indicates that the handle can be inherited.  However, we do not
+     * want the server side handles to the pipe to be inherited by the
+     * child CGI process. If the child CGI does inherit the server
+     * side handles, then the child may be left around if the server
+     * closes its handles (e.g. if the http connection is aborted),
+     * because the child will have a valid copy of handles to both
+     * sides of the pipes, and no I/O error will occur.  Microsoft
+     * recommends using DuplicateHandle to turn off the inherit bit
+     * under NT and Win95.
+     */
+    hCurrentProcess = GetCurrentProcess();
+    if ((pipe_in && !DuplicateHandle(hCurrentProcess, hPipeInputWrite,
+				     hCurrentProcess,
+				     &hPipeInputWriteDup, 0, FALSE,
+				     DUPLICATE_SAME_ACCESS))
+	|| (pipe_out && !DuplicateHandle(hCurrentProcess, hPipeOutputRead,
+					 hCurrentProcess, &hPipeOutputReadDup,
+					 0, FALSE, DUPLICATE_SAME_ACCESS))
+	|| (pipe_err && !DuplicateHandle(hCurrentProcess, hPipeErrorRead,
+					 hCurrentProcess, &hPipeErrorReadDup,
+					 0, FALSE, DUPLICATE_SAME_ACCESS))) {
+	if (pipe_in) {
+	    CloseHandle(hPipeInputRead);
+	    CloseHandle(hPipeInputWrite);
+	}
+	if (pipe_out) {
+	    CloseHandle(hPipeOutputRead);
+	    CloseHandle(hPipeOutputWrite);
+	}
+	if (pipe_err) {
+	    CloseHandle(hPipeErrorRead);
+	    CloseHandle(hPipeErrorWrite);
+	}
+	return 0;
+    }
+    else {
+	if (pipe_in) {
+	    CloseHandle(hPipeInputWrite);
+	    hPipeInputWrite = hPipeInputWriteDup;
+	}
+	if (pipe_out) {
+	    CloseHandle(hPipeOutputRead);
+	    hPipeOutputRead = hPipeOutputReadDup;
+	}
+	if (pipe_err) {
+	    CloseHandle(hPipeErrorRead);
+	    hPipeErrorRead = hPipeErrorReadDup;
+	}
+    }
 
     /* The script writes stdout to this pipe handle */
     info.hPipeOutputWrite = hPipeOutputWrite;  
diff --git a/usr.sbin/httpd/src/main/buff.c b/usr.sbin/httpd/src/main/buff.c
index 0501b1a7377..a8cb2515160 100644
--- a/usr.sbin/httpd/src/main/buff.c
+++ b/usr.sbin/httpd/src/main/buff.c
@@ -562,14 +562,22 @@ static int saferead(BUFF *fb, char *buf, int nbyte)
 #endif
 
 
-/* note we assume the caller has ensured that fb->fd_in <= FD_SETSIZE */
+/* Test the descriptor and flush the output buffer if it looks like
+ * we will block on the next read.
+ *
+ * Note we assume the caller has ensured that fb->fd_in <= FD_SETSIZE
+ */
 API_EXPORT(void) ap_bhalfduplex(BUFF *fb)
 {
     int rv;
     fd_set fds;
     struct timeval tv;
 
-    if (fb->incnt > 0 || fb->outcnt == 0) {
+    /* We don't need to do anything if the connection has been closed
+     * or there is something readable in the incoming buffer
+     * or there is nothing flushable in the output buffer.
+     */
+    if (fb == NULL || fb->fd_in < 0 || fb->incnt > 0 || fb->outcnt == 0) {
 	return;
     }
     /* test for a block */
@@ -579,7 +587,8 @@ API_EXPORT(void) ap_bhalfduplex(BUFF *fb)
 	tv.tv_sec = 0;
 	tv.tv_usec = 0;
 	rv = ap_select(fb->fd_in + 1, &fds, NULL, NULL, &tv);
-    } while (rv < 0 && errno == EINTR);
+    } while (rv < 0 && errno == EINTR && !(fb->flags & B_EOUT));
+
     /* treat any error as if it would block as well */
     if (rv != 1) {
 	ap_bflush(fb);
diff --git a/usr.sbin/httpd/src/main/http_config.c b/usr.sbin/httpd/src/main/http_config.c
index 307e9044d1e..50f865712b1 100644
--- a/usr.sbin/httpd/src/main/http_config.c
+++ b/usr.sbin/httpd/src/main/http_config.c
@@ -1206,7 +1206,7 @@ int ap_parse_htaccess(void **result, request_rec *r, int override,
     char *filename = NULL;
     const struct htaccess_result *cache;
     struct htaccess_result *new;
-    void *dc;
+    void *dc = NULL;
 
 /* firstly, search cache */
     for (cache = r->htaccess; cache != NULL; cache = cache->next)
@@ -1224,41 +1224,39 @@ int ap_parse_htaccess(void **result, request_rec *r, int override,
     parms.path = ap_pstrdup(r->pool, d);
 
     /* loop through the access names and find the first one */
-    while (!f && access_name[0]) {
-	char *w = ap_getword_conf(r->pool, &access_name);
-	filename = ap_make_full_path(r->pool, d, w);
-	f = ap_pcfg_openfile(r->pool, filename);
-    }
-    if (f) {
-	dc = ap_create_per_dir_config(r->pool);
 
-	parms.config_file = f;
+    while (access_name[0]) {
+        filename = ap_make_full_path(r->pool, d,
+                                     ap_getword_conf(r->pool, &access_name));
 
-	errmsg = ap_srm_command_loop(&parms, dc);
+        if ((f = ap_pcfg_openfile(r->pool, filename)) != NULL) {
 
-	ap_cfg_closefile(f);
+            dc = ap_create_per_dir_config(r->pool);
 
-	if (errmsg) {
-	    ap_log_rerror(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, r, "%s: %s",
-                        filename, errmsg);
-	    ap_table_setn(r->notes, "error-notes", errmsg);
-            return HTTP_INTERNAL_SERVER_ERROR;
-	}
+            parms.config_file = f;
 
-	*result = dc;
-    }
-    else {
-	if (errno == ENOENT || errno == ENOTDIR)
-	    dc = NULL;
-	else {
-	    ap_log_rerror(APLOG_MARK, APLOG_CRIT, r,
-			"%s pcfg_openfile: unable to check htaccess file, ensure it is readable",
-			filename);
-	    ap_table_setn(r->notes, "error-notes",
-			  "Server unable to read htaccess file, denying "
-			  "access to be safe");
-	    return HTTP_FORBIDDEN;
-	}
+            errmsg = ap_srm_command_loop(&parms, dc);
+
+            ap_cfg_closefile(f);
+
+            if (errmsg) {
+                ap_log_rerror(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, r,
+                              "%s: %s", filename, errmsg);
+                return HTTP_INTERNAL_SERVER_ERROR;
+            }
+            *result = dc;
+            break;
+        }
+        else if (errno != ENOENT && errno != ENOTDIR) {
+            ap_log_rerror(APLOG_MARK, APLOG_CRIT, r,
+                          "%s pcfg_openfile: unable to check htaccess file, "
+                          "ensure it is readable",
+                          filename);
+            ap_table_setn(r->notes, "error-notes",
+                          "Server unable to read htaccess file, denying "
+                          "access to be safe");
+            return HTTP_FORBIDDEN;
+        }
     }
 
 /* cache it */
diff --git a/usr.sbin/httpd/src/main/http_core.c b/usr.sbin/httpd/src/main/http_core.c
index de5a7e04aab..320f907e6f1 100644
--- a/usr.sbin/httpd/src/main/http_core.c
+++ b/usr.sbin/httpd/src/main/http_core.c
@@ -2670,8 +2670,20 @@ static int core_translate(request_rec *r)
 				 (r->uri + r->server->pathlen), NULL);
     }
     else {
-        r->filename = ap_pstrcat(r->pool, conf->ap_document_root, r->uri,
-				 NULL);
+	/*
+         * Make sure that we do not mess up the translation by adding two
+         * /'s in a row.  This happens under windows when the document
+         * root ends with a /
+         */
+        if ((conf->ap_document_root[strlen(conf->ap_document_root)-1] == '/')
+	    && (*(r->uri) == '/')) {
+	    r->filename = ap_pstrcat(r->pool, conf->ap_document_root, r->uri+1,
+				     NULL);
+	}
+	else {
+	    r->filename = ap_pstrcat(r->pool, conf->ap_document_root, r->uri,
+				     NULL);
+	}
     }
 
     return OK;
@@ -2743,7 +2755,6 @@ static int default_handler(request_rec *r)
 	    emsg = ap_pstrcat(r->pool, emsg, r->filename, r->path_info, NULL);
 	}
 	ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r, emsg);
-	ap_table_setn(r->notes, "error-notes", emsg);
 	return HTTP_NOT_FOUND;
     }
     if (r->method_number != M_GET) {
diff --git a/usr.sbin/httpd/src/main/http_log.c b/usr.sbin/httpd/src/main/http_log.c
index 094bbfc5746..3c380862563 100644
--- a/usr.sbin/httpd/src/main/http_log.c
+++ b/usr.sbin/httpd/src/main/http_log.c
@@ -154,7 +154,7 @@ static const TRANS priorities[] = {
     {NULL,	-1},
 };
 
-static int error_log_child (void *cmd, child_info *pinfo)
+static int error_log_child(void *cmd, child_info *pinfo)
 {
     /* Child process code for 'ErrorLog "|..."';
      * may want a common framework for this, since I expect it will
@@ -165,23 +165,23 @@ static int error_log_child (void *cmd, child_info *pinfo)
     ap_cleanup_for_exec();
 #ifdef SIGHUP
     /* No concept of a child process on Win32 */
-    signal (SIGHUP, SIG_IGN);
+    signal(SIGHUP, SIG_IGN);
 #endif /* ndef SIGHUP */
 #if defined(WIN32)
-    child_pid = spawnl (_P_NOWAIT, SHELL_PATH, SHELL_PATH, "/c", (char *)cmd, NULL);
+    child_pid = spawnl(_P_NOWAIT, SHELL_PATH, SHELL_PATH, "/c", (char *)cmd, NULL);
     return(child_pid);
 #elif defined(OS2)
     /* For OS/2 we need to use a '/' */
-    execl (SHELL_PATH, SHELL_PATH, "/c", (char *)cmd, NULL);
+    execl(SHELL_PATH, SHELL_PATH, "/c", (char *)cmd, NULL);
 #else    
-    execl (SHELL_PATH, SHELL_PATH, "-c", (char *)cmd, NULL);
+    execl(SHELL_PATH, SHELL_PATH, "-c", (char *)cmd, NULL);
 #endif    
-    exit (1);
+    exit(1);
     /* NOT REACHED */
     return(child_pid);
 }
 
-static void open_error_log (server_rec *s, pool *p)
+static void open_error_log(server_rec *s, pool *p)
 {
     char *fname;
 
@@ -190,9 +190,9 @@ static void open_error_log (server_rec *s, pool *p)
 
 	if (!ap_spawn_child(p, error_log_child, (void *)(s->error_fname+1),
 			    kill_after_timeout, &dummy, NULL, NULL)) {
-	    perror ("ap_spawn_child");
-	    fprintf (stderr, "Couldn't fork child for ErrorLog process\n");
-	    exit (1);
+	    perror("ap_spawn_child");
+	    fprintf(stderr, "Couldn't fork child for ErrorLog process\n");
+	    exit(1);
 	}
 
 	s->error_log = dummy;
@@ -219,8 +219,8 @@ static void open_error_log (server_rec *s, pool *p)
     }
 #endif
     else {
-	fname = ap_server_root_relative (p, s->error_fname);
-        if(!(s->error_log = ap_pfopen(p, fname, "a"))) {
+	fname = ap_server_root_relative(p, s->error_fname);
+        if (!(s->error_log = ap_pfopen(p, fname, "a"))) {
             perror("fopen");
             fprintf(stderr,"httpd: could not open error log file %s.\n", fname);
             exit(1);
@@ -228,18 +228,18 @@ static void open_error_log (server_rec *s, pool *p)
     }
 }
 
-void ap_open_logs (server_rec *s_main, pool *p)
+void ap_open_logs(server_rec *s_main, pool *p)
 {
     server_rec *virt, *q;
     int replace_stderr;
 
-    open_error_log (s_main, p);
+    open_error_log(s_main, p);
 
     replace_stderr = 1;
     if (s_main->error_log) {
 	/* replace stderr with this new log */
 	fflush(stderr);
-	if (dup2(fileno(s_main->error_log), 2) == -1) {
+	if (dup2(fileno(s_main->error_log), STDERR_FILENO) == -1) {
 	    ap_log_error(APLOG_MARK, APLOG_CRIT, s_main,
 		"unable to replace stderr with error_log");
 	} else {
@@ -262,20 +262,23 @@ void ap_open_logs (server_rec *s_main, pool *p)
 		if (q->error_fname != NULL &&
 		    strcmp(q->error_fname, virt->error_fname) == 0)
 		    break;
-	    if (q == virt) open_error_log (virt, p);
-	    else virt->error_log = q->error_log;
+	    if (q == virt)
+		open_error_log(virt, p);
+	    else 
+		virt->error_log = q->error_log;
 	}
 	else
 	    virt->error_log = s_main->error_log;
     }
 }
 
-API_EXPORT(void) ap_error_log2stderr (server_rec *s) {
-    if(fileno(s->error_log) != STDERR_FILENO)
-        dup2(fileno(s->error_log),STDERR_FILENO);
+API_EXPORT(void) ap_error_log2stderr(server_rec *s) {
+    if (   s->error_log != NULL
+        && fileno(s->error_log) != STDERR_FILENO)
+        dup2(fileno(s->error_log), STDERR_FILENO);
 }
 
-static void log_error_core (const char *file, int line, int level,
+static void log_error_core(const char *file, int line, int level,
 			   const server_rec *s, const request_rec *r,
 			   const char *fmt, va_list args)
 {
@@ -423,7 +426,7 @@ static void log_error_core (const char *file, int line, int level,
 #endif
 }
     
-API_EXPORT(void) ap_log_error (const char *file, int line, int level,
+API_EXPORT(void) ap_log_error(const char *file, int line, int level,
 			      const server_rec *s, const char *fmt, ...)
 {
     va_list args;
@@ -440,27 +443,35 @@ API_EXPORT(void) ap_log_rerror(const char *file, int line, int level,
 
     va_start(args, fmt);
     log_error_core(file, line, level, r->server, r, fmt, args);
-    if (ap_table_get(r->notes, "error-notes") == NULL) {
-	char errstr[MAX_STRING_LEN];
-
-	ap_vsnprintf(errstr, sizeof(errstr), fmt, args);
-	ap_table_set(r->notes, "error-notes", errstr);
+    /*
+     * IF the error level is 'warning' or more severe,
+     * AND there isn't already error text associated with this request,
+     * THEN make the message text available to ErrorDocument and
+     * other error processors.  This can be disabled by stuffing
+     * something, even an empty string, into the "error-notes" cell
+     * before calling this routine.
+     */
+    if (((level & APLOG_LEVELMASK) <= APLOG_WARNING)
+	&& (ap_table_get(r->notes, "error-notes") == NULL)) {
+	ap_table_setn(r->notes, "error-notes",
+		      ap_pvsprintf(r->pool, fmt, args));
     }
     va_end(args);
 }
 
-void ap_log_pid (pool *p, char *fname)
+void ap_log_pid(pool *p, char *fname)
 {
     FILE *pid_file;
     struct stat finfo;
     static pid_t saved_pid = -1;
     pid_t mypid;
 
-    if (!fname) return;
+    if (!fname) 
+	return;
 
-    fname = ap_server_root_relative (p, fname);
+    fname = ap_server_root_relative(p, fname);
     mypid = getpid();
-    if (mypid != saved_pid && stat(fname,&finfo) == 0) {
+    if (mypid != saved_pid && stat(fname, &finfo) == 0) {
       /* USR1 and HUP call this on each restart.
        * Only warn on first time through for this pid.
        *
@@ -475,28 +486,28 @@ void ap_log_pid (pool *p, char *fname)
 		   );
     }
 
-    if(!(pid_file = fopen(fname,"w"))) {
+    if(!(pid_file = fopen(fname, "w"))) {
 	perror("fopen");
-        fprintf(stderr,"httpd: could not log pid to file %s\n", fname);
+        fprintf(stderr, "httpd: could not log pid to file %s\n", fname);
         exit(1);
     }
-    fprintf(pid_file,"%ld\n",(long)mypid);
+    fprintf(pid_file, "%ld\n", (long)mypid);
     fclose(pid_file);
     saved_pid = mypid;
 }
 
-API_EXPORT(void) ap_log_error_old (const char *err, server_rec *s)
+API_EXPORT(void) ap_log_error_old(const char *err, server_rec *s)
 {
     ap_log_error(APLOG_MARK, APLOG_ERR, s, "%s", err);
 }
 
-API_EXPORT(void) ap_log_unixerr (const char *routine, const char *file,
+API_EXPORT(void) ap_log_unixerr(const char *routine, const char *file,
 			      const char *msg, server_rec *s)
 {
     ap_log_error(file, 0, APLOG_ERR, s, "%s", msg);
 }
 
-API_EXPORT(void) ap_log_printf (const server_rec *s, const char *fmt, ...)
+API_EXPORT(void) ap_log_printf(const server_rec *s, const char *fmt, ...)
 {
     va_list args;
     
@@ -505,7 +516,7 @@ API_EXPORT(void) ap_log_printf (const server_rec *s, const char *fmt, ...)
     va_end(args);
 }
 
-API_EXPORT(void) ap_log_reason (const char *reason, const char *file, request_rec *r) 
+API_EXPORT(void) ap_log_reason(const char *reason, const char *file, request_rec *r) 
 {
     ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
 		"access to %s failed for %s, reason: %s",
@@ -514,7 +525,7 @@ API_EXPORT(void) ap_log_reason (const char *reason, const char *file, request_re
 		reason);
 }
 
-API_EXPORT(void) ap_log_assert (const char *szExp, const char *szFile, int nLine)
+API_EXPORT(void) ap_log_assert(const char *szExp, const char *szFile, int nLine)
 {
     fprintf(stderr, "[%s] file %s, line %d, assertion \"%s\" failed\n",
 	    ap_get_time(), szFile, nLine, szExp);
@@ -530,9 +541,9 @@ API_EXPORT(void) ap_log_assert (const char *szExp, const char *szFile, int nLine
 
 #ifndef NO_RELIABLE_PIPED_LOGS
 /* forward declaration */
-static void piped_log_maintenance (int reason, void *data, ap_wait_t status);
+static void piped_log_maintenance(int reason, void *data, ap_wait_t status);
 
-static int piped_log_spawn (piped_log *pl)
+static int piped_log_spawn(piped_log *pl)
 {
     int pid;
 
@@ -545,32 +556,32 @@ static int piped_log_spawn (piped_log *pl)
 	 * XXX: close all the relevant stuff, but hey, it could be broken. */
 	RAISE_SIGSTOP(PIPED_LOG_SPAWN);
 	/* we're now in the child */
-	close (STDIN_FILENO);
-	dup2 (pl->fds[0], STDIN_FILENO);
-
-	ap_cleanup_for_exec ();
-	signal (SIGCHLD, SIG_DFL);	/* for HPUX */
-	signal (SIGHUP, SIG_IGN);
-	execl (SHELL_PATH, SHELL_PATH, "-c", pl->program, NULL);
-	fprintf (stderr,
+	close(STDIN_FILENO);
+	dup2(pl->fds[0], STDIN_FILENO);
+
+	ap_cleanup_for_exec();
+	signal(SIGCHLD, SIG_DFL);	/* for HPUX */
+	signal(SIGHUP, SIG_IGN);
+	execl(SHELL_PATH, SHELL_PATH, "-c", pl->program, NULL);
+	fprintf(stderr,
 	    "piped_log_spawn: unable to exec %s -c '%s': %s\n",
 	    SHELL_PATH, pl->program, strerror (errno));
-	exit (1);
+	exit(1);
     }
     if (pid == -1) {
-	fprintf (stderr,
+	fprintf(stderr,
 	    "piped_log_spawn: unable to fork(): %s\n", strerror (errno));
-	ap_unblock_alarms ();
+	ap_unblock_alarms();
 	return -1;
     }
     ap_unblock_alarms();
     pl->pid = pid;
-    ap_register_other_child (pid, piped_log_maintenance, pl, pl->fds[1]);
+    ap_register_other_child(pid, piped_log_maintenance, pl, pl->fds[1]);
     return 0;
 }
 
 
-static void piped_log_maintenance (int reason, void *data, ap_wait_t status)
+static void piped_log_maintenance(int reason, void *data, ap_wait_t status)
 {
     piped_log *pl = data;
 
@@ -578,30 +589,30 @@ static void piped_log_maintenance (int reason, void *data, ap_wait_t status)
     case OC_REASON_DEATH:
     case OC_REASON_LOST:
 	pl->pid = -1;
-	ap_unregister_other_child (pl);
+	ap_unregister_other_child(pl);
 	if (pl->program == NULL) {
 	    /* during a restart */
 	    break;
 	}
-	if (piped_log_spawn (pl) == -1) {
+	if (piped_log_spawn(pl) == -1) {
 	    /* what can we do?  This could be the error log we're having
 	     * problems opening up... */
-	    fprintf (stderr,
+	    fprintf(stderr,
 		"piped_log_maintenance: unable to respawn '%s': %s\n",
-		pl->program, strerror (errno));
+		pl->program, strerror(errno));
 	}
 	break;
     
     case OC_REASON_UNWRITABLE:
 	if (pl->pid != -1) {
-	    kill (pl->pid, SIGTERM);
+	    kill(pl->pid, SIGTERM);
 	}
 	break;
     
     case OC_REASON_RESTART:
 	pl->program = NULL;
 	if (pl->pid != -1) {
-	    kill (pl->pid, SIGTERM);
+	    kill(pl->pid, SIGTERM);
 	}
 	break;
 
@@ -611,67 +622,67 @@ static void piped_log_maintenance (int reason, void *data, ap_wait_t status)
 }
 
 
-static void piped_log_cleanup (void *data)
+static void piped_log_cleanup(void *data)
 {
     piped_log *pl = data;
 
     if (pl->pid != -1) {
-	kill (pl->pid, SIGTERM);
+	kill(pl->pid, SIGTERM);
     }
-    ap_unregister_other_child (pl);
-    close (pl->fds[0]);
-    close (pl->fds[1]);
+    ap_unregister_other_child(pl);
+    close(pl->fds[0]);
+    close(pl->fds[1]);
 }
 
 
-static void piped_log_cleanup_for_exec (void *data)
+static void piped_log_cleanup_for_exec(void *data)
 {
     piped_log *pl = data;
 
-    close (pl->fds[0]);
-    close (pl->fds[1]);
+    close(pl->fds[0]);
+    close(pl->fds[1]);
 }
 
 
-API_EXPORT(piped_log *) ap_open_piped_log (pool *p, const char *program)
+API_EXPORT(piped_log *) ap_open_piped_log(pool *p, const char *program)
 {
     piped_log *pl;
 
-    pl = ap_palloc (p, sizeof (*pl));
+    pl = ap_palloc(p, sizeof (*pl));
     pl->p = p;
-    pl->program = ap_pstrdup (p, program);
+    pl->program = ap_pstrdup(p, program);
     pl->pid = -1;
     ap_block_alarms ();
-    if (pipe (pl->fds) == -1) {
+    if (pipe(pl->fds) == -1) {
 	int save_errno = errno;
 	ap_unblock_alarms();
 	errno = save_errno;
 	return NULL;
     }
-    ap_register_cleanup (p, pl, piped_log_cleanup, piped_log_cleanup_for_exec);
-    if (piped_log_spawn (pl) == -1) {
+    ap_register_cleanup(p, pl, piped_log_cleanup, piped_log_cleanup_for_exec);
+    if (piped_log_spawn(pl) == -1) {
 	int save_errno = errno;
-	ap_kill_cleanup (p, pl, piped_log_cleanup);
-	close (pl->fds[0]);
-	close (pl->fds[1]);
-	ap_unblock_alarms ();
+	ap_kill_cleanup(p, pl, piped_log_cleanup);
+	close(pl->fds[0]);
+	close(pl->fds[1]);
+	ap_unblock_alarms();
 	errno = save_errno;
 	return NULL;
     }
-    ap_unblock_alarms ();
+    ap_unblock_alarms();
     return pl;
 }
 
-API_EXPORT(void) ap_close_piped_log (piped_log *pl)
+API_EXPORT(void) ap_close_piped_log(piped_log *pl)
 {
-    ap_block_alarms ();
-    piped_log_cleanup (pl);
-    ap_kill_cleanup (pl->p, pl, piped_log_cleanup);
-    ap_unblock_alarms ();
+    ap_block_alarms();
+    piped_log_cleanup(pl);
+    ap_kill_cleanup(pl->p, pl, piped_log_cleanup);
+    ap_unblock_alarms();
 }
 
 #else
-static int piped_log_child (void *cmd, child_info *pinfo)
+static int piped_log_child(void *cmd, child_info *pinfo)
 {
     /* Child process code for 'TransferLog "|..."';
      * may want a common framework for this, since I expect it will
@@ -681,10 +692,10 @@ static int piped_log_child (void *cmd, child_info *pinfo)
 
     ap_cleanup_for_exec();
 #ifdef SIGHUP
-    signal (SIGHUP, SIG_IGN);
+    signal(SIGHUP, SIG_IGN);
 #endif
 #if defined(WIN32)
-    child_pid = spawnl (_P_NOWAIT, SHELL_PATH, SHELL_PATH, "/c", (char *)cmd, NULL);
+    child_pid = spawnl(_P_NOWAIT, SHELL_PATH, SHELL_PATH, "/c", (char *)cmd, NULL);
     return(child_pid);
 #elif defined(OS2)
     /* For OS/2 we need to use a '/' */
@@ -692,24 +703,24 @@ static int piped_log_child (void *cmd, child_info *pinfo)
 #else
     execl (SHELL_PATH, SHELL_PATH, "-c", (char *)cmd, NULL);
 #endif
-    perror ("exec");
-    fprintf (stderr, "Exec of shell for logging failed!!!\n");
+    perror("exec");
+    fprintf(stderr, "Exec of shell for logging failed!!!\n");
     return(child_pid);
 }
 
 
-API_EXPORT(piped_log *) ap_open_piped_log (pool *p, const char *program)
+API_EXPORT(piped_log *) ap_open_piped_log(pool *p, const char *program)
 {
     piped_log *pl;
     FILE *dummy;
 
     if (!ap_spawn_child(p, piped_log_child, (void *)program,
 			kill_after_timeout, &dummy, NULL, NULL)) {
-	perror ("ap_spawn_child");
-	fprintf (stderr, "Couldn't fork child for piped log process\n");
+	perror("ap_spawn_child");
+	fprintf(stderr, "Couldn't fork child for piped log process\n");
 	exit (1);
     }
-    pl = ap_palloc (p, sizeof (*pl));
+    pl = ap_palloc(p, sizeof (*pl));
     pl->p = p;
     pl->write_f = dummy;
 
@@ -717,8 +728,8 @@ API_EXPORT(piped_log *) ap_open_piped_log (pool *p, const char *program)
 }
 
 
-API_EXPORT(void) ap_close_piped_log (piped_log *pl)
+API_EXPORT(void) ap_close_piped_log(piped_log *pl)
 {
-    ap_pfclose (pl->p, pl->write_f);
+    ap_pfclose(pl->p, pl->write_f);
 }
 #endif
diff --git a/usr.sbin/httpd/src/main/http_main.c b/usr.sbin/httpd/src/main/http_main.c
index 2b6833f1542..defbca0b5bf 100644
--- a/usr.sbin/httpd/src/main/http_main.c
+++ b/usr.sbin/httpd/src/main/http_main.c
@@ -999,6 +999,10 @@ static void usage(char *bin)
     fprintf(stderr, "  -l               : list compiled-in modules\n");
     fprintf(stderr, "  -S               : show parsed settings (currently only vhost settings)\n");
     fprintf(stderr, "  -t               : run syntax test for configuration files only\n");
+#ifdef WIN32
+    fprintf(stderr, "  -k shutdown      : tell running Apache to shutdown\n");
+    fprintf(stderr, "  -k restart       : tell running Apache to do a graceful restart\n");
+#endif
     exit(1);
 }
 
@@ -2542,17 +2546,41 @@ static int volatile generation;
 
 #ifdef WIN32
 /*
- * signal_parent() tells the parent process to wake up and do something.
- * Once woken it will look at shutdown_pending and restart_pending to decide
- * what to do. If neither variable is set, it will do a shutdown. This function
- * if called by start_shutdown() or start_restart() in the parent's process
- * space, so that the variables get set. However it can also be called 
- * by child processes to force the parent to exit in an emergency.
+ * Signalling Apache on NT.
+ *
+ * Under Unix, Apache can be told to shutdown or restart by sending various
+ * signals (HUP, USR, TERM). On NT we don't have easy access to signals, so
+ * we use "events" instead. The parent apache process goes into a loop
+ * where it waits forever for a set of events. Two of those events are
+ * called
+ *
+ *    apPID_shutdown
+ *    apPID_restart
+ *
+ * (where PID is the PID of the apache parent process). When one of these
+ * is signalled, the Apache parent performs the appropriate action. The events
+ * can become signalled through internal Apache methods (e.g. if the child
+ * finds a fatal error and needs to kill its parent), via the service
+ * control manager (the control thread will signal the shutdown event when
+ * requested to stop the Apache service), from the -k Apache command line,
+ * or from any external program which finds the Apache PID from the
+ * httpd.pid file.
+ *
+ * The signal_parent() function, below, is used to signal one of these events.
+ * It can be called by any child or parent process, since it does not
+ * rely on global variables.
+ *
+ * On entry, type gives the event to signal. 0 means shutdown, 1 means 
+ * graceful restart.
  */
 
-static void signal_parent(void)
+static void signal_parent(int type)
 {
     HANDLE e;
+    char *signal_name;
+    extern char signal_shutdown_name[];
+    extern char signal_restart_name[];
+
     /* after updating the shutdown_pending or restart flags, we need
      * to wake up the parent process so it can see the changes. The
      * parent will normally be waiting for either a child process
@@ -2564,21 +2592,28 @@ static void signal_parent(void)
 	return;
     }
 
-    APD1("*** SIGNAL_PARENT SET ***");
+    switch(type) {
+    case 0: signal_name = signal_shutdown_name; break;
+    case 1: signal_name = signal_restart_name; break;
+    default: return;
+    }
 
-    e = OpenEvent(EVENT_ALL_ACCESS, FALSE, "apache-signal");
+    APD2("signal_parent signalling event \"%s\"", signal_name);
+
+    e = OpenEvent(EVENT_ALL_ACCESS, FALSE, signal_name);
     if (!e) {
-	/* Um, problem, can't signal the main loop, which means we can't
+	/* Um, problem, can't signal the parent, which means we can't
 	 * signal ourselves to die. Ignore for now...
 	 */
 	ap_log_error(APLOG_MARK, APLOG_EMERG|APLOG_WIN32ERROR, server_conf,
-	    "OpenEvent on apache-signal event");
+	    "OpenEvent on %s event", signal_name);
 	return;
     }
     if (SetEvent(e) == 0) {
 	/* Same problem as above */
 	ap_log_error(APLOG_MARK, APLOG_EMERG|APLOG_WIN32ERROR, server_conf,
-	    "SetEvent on apache-signal event");
+	    "SetEvent on %s event", signal_name);
+	CloseHandle(e);
 	return;
     }
     CloseHandle(e);
@@ -2586,24 +2621,19 @@ static void signal_parent(void)
 #endif
 
 /*
- * start_shutdown() and start_restart(), below, are a first stab at
+ * ap_start_shutdown() and ap_start_restart(), below, are a first stab at
  * functions to initiate shutdown or restart without relying on signals. 
  * Previously this was initiated in sig_term() and restart() signal handlers, 
  * but we want to be able to start a shutdown/restart from other sources --
  * e.g. on Win32, from the service manager. Now the service manager can
- * call start_shutdown() or start_restart() as appropiate. 
- *
- * These should only be called from the parent process itself, since the
- * parent process will use the shutdown_pending and restart_pending variables
- * to determine whether to shutdown or restart. The child process should
- * call signal_parent() directly to tell the parent to die -- this will
- * cause neither of those variable to be set, which the parent will
- * assume means something serious is wrong (which it will be, for the
- * child to force an exit) and so do an exit anyway.
+ * call ap_start_shutdown() or ap_start_restart() as appropiate.  Note that
+ * these functions can also be called by the child processes, since global
+ * variables are no longer used to pass on the required action to the parent.
  */
 
 void ap_start_shutdown(void)
 {
+#ifndef WIN32
     if (shutdown_pending == 1) {
 	/* Um, is this _probably_ not an error, if the user has
 	 * tried to do a shutdown twice quickly, so we won't
@@ -2612,24 +2642,23 @@ void ap_start_shutdown(void)
 	return;
     }
     shutdown_pending = 1;
-
-#ifdef WIN32
-    signal_parent();	    /* get the parent process to wake up */
+#else
+    signal_parent(0);	    /* get the parent process to wake up */
 #endif
 }
 
 /* do a graceful restart if graceful == 1 */
 void ap_start_restart(int graceful)
 {
+#ifndef WIN32
     if (restart_pending == 1) {
 	/* Probably not an error - don't bother reporting it */
 	return;
     }
     restart_pending = 1;
     is_graceful = graceful;
-
-#ifdef WIN32
-    signal_parent();	    /* get the parent process to wake up */
+#else
+    signal_parent(1);	    /* get the parent process to wake up */
 #endif /* WIN32 */
 }
 
@@ -4633,11 +4662,13 @@ int REALMAIN(int argc, char *argv[])
  *
  * Signalling between the parent and working process uses a Win32
  * event. Each child has a unique name for the event, which is
- * passed to it with the -c argument when the child is spawned. The
+ * passed to it with the -Z argument when the child is spawned. The
  * parent sets (signals) this event to tell the child to die.
  * At present all children do a graceful die - they finish all
  * current jobs _and_ empty the listen queue before they exit.
- * A non-graceful die would need a second event.
+ * A non-graceful die would need a second event. The -Z argument in
+ * the child is also used to create the shutdown and restart events,
+ * since the prefix (apPID) contains the parent process PID.
  *
  * The code below starts with functions at the lowest level -
  * worker threads, and works up to the top level - the main()
@@ -5001,17 +5032,37 @@ extern void main_control_server(void *); /* in hellop.c */
 event *exit_event;
 mutex *start_mutex;
 
+#define MAX_SIGNAL_NAME 30  /* Long enough for apPID_shutdown, where PID is an int */
+char signal_name_prefix[MAX_SIGNAL_NAME];
+char signal_restart_name[MAX_SIGNAL_NAME]; 
+char signal_shutdown_name[MAX_SIGNAL_NAME];
+
 #define MAX_SELECT_ERRORS 100
 
+/*
+ * Initialise the signal names, in the global variables signal_name_prefix, 
+ * signal_restart_name and signal_shutdown_name.
+ */
+
+void setup_signal_names(char *prefix)
+{
+    ap_snprintf(signal_name_prefix, sizeof(signal_name_prefix), prefix);    
+    ap_snprintf(signal_shutdown_name, sizeof(signal_shutdown_name), 
+	"%s_shutdown", signal_name_prefix);    
+    ap_snprintf(signal_restart_name, sizeof(signal_restart_name), 
+	"%s_restart", signal_name_prefix);    
+
+    APD2("signal prefix %s", signal_name_prefix);
+}
+
+/*
+ * worker_main() is main loop for the child process. The loop in
+ * this function becomes the controlling thread for the actually working
+ * threads (which run in a loop in child_sub_main()).
+ */
+
 void worker_main(void)
 {
-    /*
-     * I am writing this stuff specifically for NT.
-     * have pulled out a lot of the restart and
-     * graceful restart stuff, because that is only
-     * useful on Unix (not sure it even makes sense
-     * in a multi-threaded env.
-     */
     int nthreads;
     fd_set main_fds;
     int srv;
@@ -5059,7 +5110,13 @@ void worker_main(void)
 
     reinit_scoreboard(pconf);
 
-    //ap_acquire_mutex(start_mutex);
+    /*
+     * Wait until we have permission to start accepting connections.
+     * start_mutex is used to ensure that only one child ever
+     * goes into the listen/accept loop at once. Also wait on exit_event,
+     * in case we (this child) is told to die before we get a chance to
+     * serve any requests.
+     */
     hObjects[0] = (HANDLE)start_mutex;
     hObjects[1] = (HANDLE)exit_event;
     rv = WaitForMultipleObjects(2, hObjects, FALSE, INFINITE);
@@ -5085,7 +5142,7 @@ void worker_main(void)
 	ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, NULL,
 		    "No sockets were created for listening");
 
-	signal_parent();	/* tell parent to die */
+	signal_parent(0);	/* tell parent to die */
 
 	ap_destroy_pool(pchild);
 	cleanup_scoreboard();
@@ -5114,15 +5171,11 @@ void worker_main(void)
 
     /* spawn off the threads */
     child_handles = (thread *) alloca(nthreads * sizeof(int));
-    {
-	int i;
-
-	for (i = 0; i < nthreads; i++) {
-	    child_handles[i] = create_thread((void (*)(void *)) child_main, (void *) i);
-	}
-	if (nthreads > max_daemons_limit) {
-	    max_daemons_limit = nthreads;
-	}
+    for (i = 0; i < nthreads; i++) {
+	child_handles[i] = create_thread((void (*)(void *)) child_main, (void *) i);
+    }
+    if (nthreads > max_daemons_limit) {
+	max_daemons_limit = nthreads;
     }
 
     while (1) {
@@ -5288,22 +5341,21 @@ void worker_main(void)
     clean_parent_exit(0);
 }				/* standalone_main */
 
-/* Spawn a child Apache process. The child process has the command
- * line arguments from argc and argv[], plus a -Z argument giving the
- * name of an event. The child should open and poll or wait on this
- * event. When it is signalled, the child should die.  prefix is a
- * prefix string for the event name.
+/*
+ * Spawn a child Apache process. The child process has the command line arguments from
+ * argc and argv[], plus a -Z argument giving the name of an event. The child should
+ * open and poll or wait on this event. When it is signalled, the child should die.
+ * prefix is a prefix string for the event name.
  * 
- * The child_num argument on entry contains a serial number for this
- * child (used to create a unique event name). On exit, this number
- * will have been incremented by one, ready for the next call.
+ * The child_num argument on entry contains a serial number for this child (used to create
+ * a unique event name). On exit, this number will have been incremented by one, ready
+ * for the next call. 
  *
  * On exit, the value pointed to be *ev will contain the event created
  * to signal the new child process.
  *
- * The return value is the handle to the child process if successful,
- * else -1. If -1 is returned the error will already have been logged
- * by ap_log_error(). 
+ * The return value is the handle to the child process if successful, else -1. If -1 is
+ * returned the error will already have been logged by ap_log_error().
  */
 
 int create_event_and_spawn(int argc, char **argv, event **ev, int *child_num, char *prefix)
@@ -5311,8 +5363,15 @@ int create_event_and_spawn(int argc, char **argv, event **ev, int *child_num, ch
     char buf[40], mod[200];
     int i, rv;
     char **pass_argv = (char **) alloca(sizeof(char *) * (argc + 3));
-
-    ap_snprintf(buf, sizeof(buf), "%s_%d", prefix, ++(*child_num));
+    
+    /* We need an event to tell the child process to kill itself when
+     * the parent is doing a shutdown/restart. This will be named
+     * apPID_CN where PID is the parent Apache process PID and 
+     * N is a unique child serial number. prefix contains
+     * the "apPID" part. The child will get the name of this
+     * event as its -Z command line argument.
+     */
+    ap_snprintf(buf, sizeof(buf), "%s_C%d", prefix, ++(*child_num));
     _flushall();
     *ev = CreateEvent(NULL, TRUE, FALSE, buf);
     if (!*ev) {
@@ -5409,10 +5468,11 @@ int master_main(int argc, char **argv)
     int *child;
     int child_num = 0;
     int rv, cld;
-    char buf[100];
+    char signal_prefix_string[100];
     int i;
     time_t tmstart;
-    HANDLE signal_event;	/* used to signal shutdown/restart to parent */
+    HANDLE signal_shutdown_event;	/* used to signal shutdown to parent */
+    HANDLE signal_restart_event;	/* used to signal a restart to parent */
     HANDLE process_handles[MAX_PROCESSES];
     HANDLE process_kill_events[MAX_PROCESSES];
     int current_live_processes = 0; /* number of child process we know about */
@@ -5425,22 +5485,34 @@ int master_main(int argc, char **argv)
     is_graceful = 0;
     ++generation;
 
-    signal_event = OpenEvent(EVENT_ALL_ACCESS, FALSE, "apache-signal");
-    if (!signal_event) {
+    ap_snprintf(signal_prefix_string, sizeof(signal_prefix_string),
+	        "ap%d", getpid());
+    setup_signal_names(signal_prefix_string);
+
+    signal_shutdown_event = CreateEvent(NULL, TRUE, FALSE, signal_shutdown_name);
+    if (!signal_shutdown_event) {
+	ap_log_error(APLOG_MARK, APLOG_EMERG|APLOG_WIN32ERROR, server_conf,
+		    "Cannot create shutdown event %s", signal_shutdown_name);
+	exit(1);
+    }
+    APD2("master_main: created event %s", signal_shutdown_name);
+    signal_restart_event = CreateEvent(NULL, TRUE, FALSE, signal_restart_name);
+    if (!signal_restart_event) {
+	CloseHandle(signal_shutdown_event);
 	ap_log_error(APLOG_MARK, APLOG_EMERG|APLOG_WIN32ERROR, server_conf,
-		    "Cannot open apache-signal event");
+		    "Cannot create restart event %s", signal_restart_name);
 	exit(1);
     }
+    APD2("master_main: created event %s", signal_restart_name);
 
-    sprintf(buf, "Apache%d", getpid());
-    start_mutex = ap_create_mutex(buf);
+    start_mutex = ap_create_mutex(signal_prefix_string);
     ev = (event **) alloca(sizeof(event *) * nchild);
     child = (int *) alloca(sizeof(int) * (nchild+1));
 
     while (processes_to_create--) {
 	service_set_status(SERVICE_START_PENDING);
 	if (create_process(process_handles, process_kill_events, 
-	    &current_live_processes, &child_num, buf, argc, argv) < 0) {
+	    &current_live_processes, &child_num, signal_prefix_string, argc, argv) < 0) {
 	    goto die_now;
 	}
     }
@@ -5461,8 +5533,6 @@ int master_main(int argc, char **argv)
 	ap_set_version();
 	ap_init_modules(pconf, server_conf);
 	version_locked++;
-	if (!is_graceful)
-	    reinit_scoreboard(pconf);
 
 	restart_pending = shutdown_pending = 0;
 
@@ -5478,15 +5548,17 @@ int master_main(int argc, char **argv)
 		ap_log_error(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO, server_conf,
  			"master_main: no child processes alive! creating one");
 		if (create_process(process_handles, process_kill_events, 
-		    &current_live_processes, &child_num, buf, argc, argv) < 0) {
+		    &current_live_processes, &child_num, signal_prefix_string, 
+		    argc, argv) < 0) {
 		    goto die_now;
 		}
 		if (processes_to_create) {
 		    processes_to_create--;
 		}
 	    }
-	    process_handles[current_live_processes] = signal_event;
-	    rv = WaitForMultipleObjects(current_live_processes+1, (HANDLE *)process_handles, 
+	    process_handles[current_live_processes] = signal_shutdown_event;
+	    process_handles[current_live_processes+1] = signal_restart_event;
+	    rv = WaitForMultipleObjects(current_live_processes+2, (HANDLE *)process_handles, 
 			FALSE, INFINITE);
 	    if (rv == WAIT_FAILED) {
 		/* Something serious is wrong */
@@ -5495,13 +5567,35 @@ int master_main(int argc, char **argv)
 		shutdown_pending = 1;
 		break;
 	    }
-	    ap_assert(rv != WAIT_TIMEOUT);
+	    if (rv == WAIT_TIMEOUT) {
+		/* Hey, this cannot happen */
+		ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
+		    "WaitForMultipeObjects with INFINITE wait exited with WAIT_TIMEOUT");
+		shutdown_pending = 1;
+	    }
+
 	    cld = rv - WAIT_OBJECT_0;
 	    APD4("main process: wait finished, cld=%d handle %d (max=%d)", cld, process_handles[cld], current_live_processes);
 	    if (cld == current_live_processes) {
-		/* stop_event is signalled, we should exit now */
-		if (ResetEvent(signal_event) == 0)
-		    APD1("main process: *** ERROR: ResetEvent(stop_event) failed ***");
+		/* shutdown event signalled, we should exit now */
+		if (ResetEvent(signal_shutdown_event) == 0) {
+		    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_WIN32ERROR, server_conf,
+			"ResetEvent(signal_shutdown_event)");
+		    /* Continue -- since we are doing a shutdown anyway */
+		}
+		shutdown_pending = 1;
+		APD3("main process: stop_event signalled: shutdown_pending=%d, restart_pending=%d",
+		    shutdown_pending, restart_pending);
+		break;
+	    }
+	    if (cld == current_live_processes+1) {
+		/* restart event signalled, we should exit now */
+		if (ResetEvent(signal_restart_event) == 0) {
+		    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_WIN32ERROR, server_conf,
+			"ResetEvent(signal_restart_event)");
+		    /* Continue -- hopefully the restart will fix the problem */
+		}
+		restart_pending = 1;
 		APD3("main process: stop_event signalled: shutdown_pending=%d, restart_pending=%d",
 		    shutdown_pending, restart_pending);
 		break;
@@ -5510,7 +5604,8 @@ int master_main(int argc, char **argv)
 	    cleanup_process(process_handles, process_kill_events, cld, &current_live_processes);
 	    APD2("main_process: child in slot %d died", rv);
 	    if (processes_to_create) {
-		create_process(process_handles, process_kill_events, &current_live_processes, &child_num, buf, argc, argv);
+		create_process(process_handles, process_kill_events, &current_live_processes, 
+			&child_num, signal_prefix_string, argc, argv);
 		processes_to_create--;
 	    }
 	}
@@ -5527,7 +5622,6 @@ int master_main(int argc, char **argv)
 		    ap_log_error(APLOG_MARK,APLOG_WIN32ERROR, server_conf,
 			"SetEvent for child process in slot #%d", i);
 	    }
-
 	    break;
 	}
 	if (restart_pending) {
@@ -5539,7 +5633,8 @@ int master_main(int argc, char **argv)
 	    for (i = 0; i < nchild; ++i) {
 		if (current_live_processes >= MAX_PROCESSES)
 		    break;
-		create_process(process_handles, process_kill_events, &current_live_processes, &child_num, buf, argc, argv);
+		create_process(process_handles, process_kill_events, &current_live_processes, 
+		    &child_num, signal_prefix_string, argc, argv);
 		processes_to_create--;
 	    }
 	    for (i = 0; i < children_to_kill; i++) {
@@ -5559,7 +5654,8 @@ int master_main(int argc, char **argv)
     APD2("*** main process shutdown, processes=%d ***", current_live_processes);
 
 die_now:
-    CloseHandle(signal_event);
+    CloseHandle(signal_restart_event);
+    CloseHandle(signal_shutdown_event);
 
     tmstart = time(NULL);
     while (current_live_processes && ((tmstart+60) > time(NULL))) {
@@ -5579,7 +5675,6 @@ die_now:
  	    "forcing termination of child #%d (handle %d)", i, process_handles[i]);
 	TerminateProcess((HANDLE) process_handles[i], 1);
     }
-    service_set_status(SERVICE_STOPPED);
 
     /* cleanup pid file on normal shutdown */
     {
@@ -5597,9 +5692,61 @@ die_now:
     }
 
     ap_destroy_mutex(start_mutex);
+
+    service_set_status(SERVICE_STOPPED);
     return (0);
 }
 
+/*
+ * Send signal to a running Apache. On entry signal should contain
+ * either "shutdown" or "restart"
+ */
+
+void send_signal(pool *p, char *signal)
+{
+    char prefix[20];
+    FILE *fp;
+    int nread;
+    char *fname;
+    int end;
+
+    fname = ap_server_root_relative (p, ap_pid_fname);
+
+    fp = fopen(fname, "r");
+    if (!fp) {
+	printf("Cannot read apache PID file %s\n", fname);
+	return;
+    }
+    prefix[0] = 'a';
+    prefix[1] = 'p';
+
+    nread = fread(prefix+2, 1, sizeof(prefix)-3, fp);
+    if (nread == 0) {
+	fclose(fp);
+	printf("PID file %s was empty\n", fname);
+	return;
+    }
+    fclose(fp);
+
+    /* Terminate the prefix string */
+    end = 2 + nread - 1;
+    while (end > 0 && (prefix[end] == '\r' || prefix[end] == '\n'))
+	end--;
+    prefix[end + 1] = '\0';
+
+    setup_signal_names(prefix);
+
+    if (!strcasecmp(signal, "shutdown"))
+	ap_start_shutdown();
+    else if (!strcasecmp(signal, "restart"))
+	ap_start_restart(1);
+    else
+	printf("Unknown signal name \"%s\". Use either shutdown or restart.\n",
+	    signal);
+
+    return;
+}
+
 #ifdef WIN32
 __declspec(dllexport)
      int apache_main(int argc, char *argv[])
@@ -5613,6 +5760,7 @@ int REALMAIN(int argc, char *argv[])
     int run_as_service = 1;
     int install = 0;
     int configtestonly = 0;
+    char *signal_to_send = NULL;
     
     common_init();
 
@@ -5637,7 +5785,7 @@ int REALMAIN(int argc, char *argv[])
 
     ap_setup_prelinked_modules();
 
-    while ((c = getopt(argc, argv, "D:C:c:Xd:f:vVhlZ:iusSt")) != -1) {
+    while ((c = getopt(argc, argv, "D:C:c:Xd:f:vVhlZ:iusStk:")) != -1) {
         char **new;
 	switch (c) {
 	case 'c':
@@ -5659,7 +5807,9 @@ int REALMAIN(int argc, char *argv[])
 	    cp = strchr(optarg, '_');
 	    ap_assert(cp);
 	    *cp = 0;
-	    start_mutex = ap_open_mutex(optarg);
+	    setup_signal_names(optarg);
+	    start_mutex = ap_open_mutex(signal_name_prefix);
+	    ap_assert(start_mutex);
 	    child = 1;
 	    break;
 	case 'i':
@@ -5674,6 +5824,9 @@ int REALMAIN(int argc, char *argv[])
 	case 'S':
 	    ap_dump_settings = 1;
 	    break;
+	case 'k':
+	    signal_to_send = optarg;
+	    break;
 #endif /* WIN32 */
 	case 'd':
 	    ap_cpystrn(ap_server_root, ap_os_canonical_filename(pconf, optarg), sizeof(ap_server_root));
@@ -5718,7 +5871,12 @@ int REALMAIN(int argc, char *argv[])
         exit(0);
     }
 
-    if (!child) {
+    if (signal_to_send) {
+	send_signal(pconf, signal_to_send);
+	exit(0);
+    }
+
+    if (!child && !ap_dump_settings && !install) {
 	ap_log_pid(pconf, ap_pid_fname);
     }
     ap_set_version();
diff --git a/usr.sbin/httpd/src/main/http_protocol.c b/usr.sbin/httpd/src/main/http_protocol.c
index 98f58517ea8..e28df5c4636 100644
--- a/usr.sbin/httpd/src/main/http_protocol.c
+++ b/usr.sbin/httpd/src/main/http_protocol.c
@@ -551,6 +551,17 @@ static int getline(char *s, int n, BUFF *in, int fold)
         total += retval;        /* and how long s has become               */
 
         if (*pos == '\n') {     /* Did we get a full line of input?        */
+            /*
+             * Trim any extra trailing spaces or tabs except for the first
+             * space or tab at the beginning of a blank string.  This makes
+             * it much easier to check field values for exact matches, and
+             * saves memory as well.  Terminate string at end of line.
+             */
+            while (pos > (s + 1) && (*(pos - 1) == ' ' || *(pos - 1) == '\t')) {
+                --pos;          /* trim extra trailing spaces or tabs      */
+                --total;        /* but not one at the beginning of line    */
+                ++n;
+            }
             *pos = '\0';
             --total;
             ++n;
@@ -767,8 +778,6 @@ static void get_mime_headers(request_rec *r)
         while (*value == ' ' || *value == '\t')
             ++value;            /* Skip to start of value   */
 
-        /* XXX: should strip trailing whitespace as well */
-
 	ap_table_addn(tmp_headers, copy, value);
     }
 
@@ -778,8 +787,9 @@ static void get_mime_headers(request_rec *r)
 request_rec *ap_read_request(conn_rec *conn)
 {
     request_rec *r;
-    int access_status;
     pool *p;
+    const char *expect;
+    int access_status;
 
     p = ap_make_sub_pool(conn->pool);
     r = ap_pcalloc(p, sizeof(request_rec));
@@ -846,6 +856,23 @@ request_rec *ap_read_request(conn_rec *conn)
     }
     else {
         ap_kill_timeout(r);
+
+        if (r->header_only) {
+            /*
+             * Client asked for headers only with HTTP/0.9, which doesn't send
+             * headers! Have to dink things just to make sure the error message
+             * comes through...
+             */
+            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+                          "client sent invalid HTTP/0.9 request: HEAD %s",
+                          r->uri);
+            r->header_only = 0;
+            r->status = HTTP_BAD_REQUEST;
+            ap_send_error_response(r, 0);
+            ap_bflush(r->connection->client);
+            ap_log_transaction(r);
+            return r;
+        }
     }
 
     r->status = HTTP_OK;                         /* Until further notice. */
@@ -860,6 +887,49 @@ request_rec *ap_read_request(conn_rec *conn)
 
     conn->keptalive = 0;        /* We now have a request to play with */
 
+    if ((!r->hostname && (r->proto_num >= HTTP_VERSION(1,1))) ||
+        ((r->proto_num == HTTP_VERSION(1,1)) &&
+         !ap_table_get(r->headers_in, "Host"))) {
+        /*
+         * Client sent us an HTTP/1.1 or later request without telling us the
+         * hostname, either with a full URL or a Host: header. We therefore
+         * need to (as per the 1.1 spec) send an error.  As a special case,
+         * HTTP/1.1 mentions twice (S9, S14.23) that a request MUST contain
+         * a Host: header, and the server MUST respond with 400 if it doesn't.
+         */
+        r->status = HTTP_BAD_REQUEST;
+        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+                      "client sent HTTP/1.1 request without hostname "
+                      "(see RFC2068 section 9, and 14.23): %s", r->uri);
+        ap_send_error_response(r, 0);
+        ap_bflush(r->connection->client);
+        ap_log_transaction(r);
+        return r;
+    }
+    if (((expect = ap_table_get(r->headers_in, "Expect")) != NULL) &&
+        (expect[0] != '\0')) {
+        /*
+         * The Expect header field was added to HTTP/1.1 after RFC 2068
+         * as a means to signal when a 100 response is desired and,
+         * unfortunately, to signal a poor man's mandatory extension that
+         * the server must understand or return 417 Expectation Failed.
+         */
+        if (strcasecmp(expect, "100-continue") == 0) {
+            r->expecting_100 = 1;
+        }
+        else {
+            r->status = HTTP_EXPECTATION_FAILED;
+            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
+                          "client sent an unrecognized expectation value of "
+                          "Expect: %s", expect);
+            ap_send_error_response(r, 0);
+            ap_bflush(r->connection->client);
+            (void) ap_discard_request_body(r);
+            ap_log_transaction(r);
+            return r;
+        }
+    }
+
     if ((access_status = ap_run_post_read_request(r))) {
         ap_die(access_status, r);
         ap_log_transaction(r);
@@ -895,6 +965,7 @@ void ap_set_sub_req_protocol(request_rec *rnew, const request_rec *r)
     rnew->err_headers_out = ap_make_table(rnew->pool, 5);
     rnew->notes           = ap_make_table(rnew->pool, 5);
 
+    rnew->expecting_100   = r->expecting_100;
     rnew->read_length     = r->read_length;
     rnew->read_body       = REQUEST_NO_BODY;
 
@@ -988,7 +1059,8 @@ API_EXPORT(int) ap_get_basic_auth_pw(request_rec *r, const char **pw)
 static char *status_lines[] = {
     "100 Continue",
     "101 Switching Protocols",
-#define LEVEL_200  2
+    "102 Processing",
+#define LEVEL_200  3
     "200 OK",
     "201 Created",
     "202 Accepted",
@@ -996,14 +1068,17 @@ static char *status_lines[] = {
     "204 No Content",
     "205 Reset Content",
     "206 Partial Content",
-#define LEVEL_300  9
+    "207 Multi-Status",
+#define LEVEL_300 11
     "300 Multiple Choices",
     "301 Moved Permanently",
-    "302 Moved Temporarily",
+    "302 Found",
     "303 See Other",
     "304 Not Modified",
     "305 Use Proxy",
-#define LEVEL_400 15
+    "306 unused",
+    "307 Temporary Redirect",
+#define LEVEL_400 19
     "400 Bad Request",
     "401 Authorization Required",
     "402 Payment Required",
@@ -1020,14 +1095,26 @@ static char *status_lines[] = {
     "413 Request Entity Too Large",
     "414 Request-URI Too Large",
     "415 Unsupported Media Type",
-#define LEVEL_500 31
+    "416 Requested Range Not Satisfiable",
+    "417 Expectation Failed",
+    "418 unused",
+    "419 unused",
+    "420 unused",
+    "421 unused",
+    "422 Unprocessable Entity",
+    "423 Locked",
+#define LEVEL_500 43
     "500 Internal Server Error",
     "501 Method Not Implemented",
     "502 Bad Gateway",
     "503 Service Temporarily Unavailable",
     "504 Gateway Time-out",
     "505 HTTP Version Not Supported",
-    "506 Variant Also Varies"
+    "506 Variant Also Negotiates"
+    "507 unused",
+    "508 unused",
+    "509 unused",
+    "510 Not Extended",
 };
 
 /* The index is found by its offset from the x00 code of each level.
@@ -1441,7 +1528,7 @@ API_EXPORT(int) ap_should_client_block(request_rec *r)
     if (r->read_length || (!r->read_chunked && (r->remaining <= 0)))
         return 0;
 
-    if (r->proto_num >= HTTP_VERSION(1,1)) {
+    if (r->expecting_100 && r->proto_num >= HTTP_VERSION(1,1)) {
         /* sending 100 Continue interim response */
         ap_bvputs(r->connection->client,
                SERVER_PROTOCOL, " ", status_lines[0], "\015\012\015\012",
@@ -1653,6 +1740,11 @@ API_EXPORT(int) ap_discard_request_body(request_rec *r)
     if ((rv = ap_setup_client_block(r, REQUEST_CHUNKED_PASS)))
         return rv;
 
+    /* If we are discarding the request body, then we must already know
+     * the final status code, therefore disable the sending of 100 continue.
+     */
+    r->expecting_100 = 0;
+
     if (ap_should_client_block(r)) {
         char dumpbuf[HUGE_STRING_LEN];
 
@@ -2127,132 +2219,177 @@ void ap_send_error_response(request_rec *r, int recursive_error)
                   "</TITLE>\n</HEAD><BODY>\n<H1>", h1, "</H1>\n",
                   NULL);
 
-        if ((error_notes = ap_table_get(r->notes, "error-notes"))) {
-            ap_bputs(error_notes, fd);
-        }
-        else
-            switch (status) {
-            case REDIRECT:
-            case MOVED:
-                ap_bvputs(fd, "The document has moved <A HREF=\"",
-                          ap_escape_html(r->pool, location), "\">here</A>.<P>\n", NULL);
-                break;
-            case HTTP_SEE_OTHER:
-                ap_bvputs(fd, "The answer to your request is located <A HREF=\"",
-                          ap_escape_html(r->pool, location), "\">here</A>.<P>\n", NULL);
-                break;
-            case HTTP_USE_PROXY:
-                ap_bvputs(fd, "This resource is only accessible through the proxy\n",
-                ap_escape_html(r->pool, location), "<BR>\nYou will need to ",
-                     "configure your client to use that proxy.<P>\n", NULL);
-                break;
-            case HTTP_PROXY_AUTHENTICATION_REQUIRED:
-            case AUTH_REQUIRED:
-                ap_bputs("This server could not verify that you\n", fd);
-                ap_bputs("are authorized to access the document you\n", fd);
-                ap_bputs("requested.  Either you supplied the wrong\n", fd);
-                ap_bputs("credentials (e.g., bad password), or your\n", fd);
-                ap_bputs("browser doesn't understand how to supply\n", fd);
-                ap_bputs("the credentials required.<P>\n", fd);
-                break;
-            case BAD_REQUEST:
-                ap_bputs("Your browser sent a request that\n", fd);
-                ap_bputs("this server could not understand.<P>\n", fd);
-                break;
-            case HTTP_FORBIDDEN:
-                ap_bvputs(fd, "You don't have permission to access ",
-                  ap_escape_html(r->pool, r->uri), "\non this server.<P>\n",
-                          NULL);
-                break;
-            case NOT_FOUND:
-                ap_bvputs(fd, "The requested URL ", ap_escape_html(r->pool, r->uri),
-                          " was not found on this server.<P>\n", NULL);
-                break;
-            case METHOD_NOT_ALLOWED:
-                ap_bvputs(fd, "The requested method ", r->method, " is not allowed "
-                          "for the URL ", ap_escape_html(r->pool, r->uri),
-                          ".<P>\n", NULL);
-                break;
-            case NOT_ACCEPTABLE:
-                ap_bvputs(fd,
-                 "An appropriate representation of the requested resource ",
-                          ap_escape_html(r->pool, r->uri),
-                          " could not be found on this server.<P>\n", NULL);
-                /* fall through */
-            case MULTIPLE_CHOICES:
-                {
-                    const char *list;
-                    if ((list = ap_table_get(r->notes, "variant-list")))
-                        ap_bputs(list, fd);
-                }
-                break;
-            case LENGTH_REQUIRED:
-                ap_bvputs(fd, "A request of the requested method ", r->method,
-                          " requires a valid Content-length.<P>\n", NULL);
-                break;
-            case PRECONDITION_FAILED:
-                ap_bvputs(fd, "The precondition on the request for the URL ",
-                ap_escape_html(r->pool, r->uri), " evaluated to false.<P>\n",
-                          NULL);
-                break;
-            case NOT_IMPLEMENTED:
-                ap_bvputs(fd, ap_escape_html(r->pool, r->method), " to ",
-                          ap_escape_html(r->pool, r->uri), " not supported.<P>\n", NULL);
-                break;
-            case BAD_GATEWAY:
-                ap_bputs("The proxy server received an invalid\015\012", fd);
-                ap_bputs("response from an upstream server.<P>\015\012", fd);
-                break;
-            case VARIANT_ALSO_VARIES:
-                ap_bvputs(fd, "A variant for the requested entity  ",
-                          ap_escape_html(r->pool, r->uri), " is itself a ",
-                          "transparently negotiable resource.<P>\n", NULL);
-                break;
-            case HTTP_REQUEST_TIME_OUT:
-                ap_bputs("I'm tired of waiting for your request.\n", fd);
-                break;
-            case HTTP_GONE:
-                ap_bvputs(fd, "The requested resource<BR>",
-                          ap_escape_html(r->pool, r->uri),
-                          "<BR>\nis no longer available on this server ",
-                          "and there is no forwarding address.\n",
-                  "Please remove all references to this resource.\n", NULL);
-                break;
-            case HTTP_REQUEST_ENTITY_TOO_LARGE:
-                ap_bvputs(fd, "The requested resource<BR>",
-                          ap_escape_html(r->pool, r->uri), "<BR>\n",
-                          "does not allow request data with ", r->method,
-                          " requests, or the amount of data provided in\n",
-                          "the request exceeds the capacity limit.\n", NULL);
-                break;
-            case HTTP_REQUEST_URI_TOO_LARGE:
-                ap_bputs("The requested URL's length exceeds the capacity\n", fd);
-                ap_bputs("limit for this server.\n", fd);
-                break;
-            case HTTP_UNSUPPORTED_MEDIA_TYPE:
-                ap_bputs("The supplied request data is not in a format\n", fd);
-                ap_bputs("acceptable for processing by this resource.\n", fd);
-                break;
-            case HTTP_SERVICE_UNAVAILABLE:
-                ap_bputs("The server is temporarily unable to service your\n", fd);
-                ap_bputs("request due to maintenance downtime or capacity\n", fd);
-                ap_bputs("problems. Please try again later.\n", fd);
-                break;
-            case HTTP_GATEWAY_TIME_OUT:
-                ap_bputs("The proxy server did not receive a timely response\n", fd);
-                ap_bputs("from the upstream server.<P>\n", fd);
-                break;
-            default:            /* HTTP_INTERNAL_SERVER_ERROR */
-                ap_bputs("The server encountered an internal error or\n", fd);
-                ap_bputs("misconfiguration and was unable to complete\n", fd);
-                ap_bputs("your request.<P>\n", fd);
-                ap_bputs("Please contact the server administrator,\n ", fd);
-                ap_bputs(ap_escape_html(r->pool, r->server->server_admin), fd);
-                ap_bputs(" and inform them of the time the error occurred,\n", fd);
-                ap_bputs("and anything you might have done that may have\n", fd);
-                ap_bputs("caused the error.<P>\n", fd);
-                break;
-            }
+	switch (status) {
+	case HTTP_MOVED_PERMANENTLY:
+	case HTTP_MOVED_TEMPORARILY:
+	case HTTP_TEMPORARY_REDIRECT:
+	    ap_bvputs(fd, "The document has moved <A HREF=\"",
+		      ap_escape_html(r->pool, location), "\">here</A>.<P>\n",
+		      NULL);
+	    break;
+	case HTTP_SEE_OTHER:
+	    ap_bvputs(fd, "The answer to your request is located <A HREF=\"",
+		      ap_escape_html(r->pool, location), "\">here</A>.<P>\n",
+		      NULL);
+	    break;
+	case HTTP_USE_PROXY:
+	    ap_bvputs(fd, "This resource is only accessible "
+		      "through the proxy\n",
+		      ap_escape_html(r->pool, location),
+		      "<BR>\nYou will need to ",
+		      "configure your client to use that proxy.<P>\n", NULL);
+	    break;
+	case HTTP_PROXY_AUTHENTICATION_REQUIRED:
+	case AUTH_REQUIRED:
+	    ap_bputs("This server could not verify that you\n", fd);
+	    ap_bputs("are authorized to access the document you\n", fd);
+	    ap_bputs("requested.  Either you supplied the wrong\n", fd);
+	    ap_bputs("credentials (e.g., bad password), or your\n", fd);
+	    ap_bputs("browser doesn't understand how to supply\n", fd);
+	    ap_bputs("the credentials required.<P>\n", fd);
+	    break;
+	case BAD_REQUEST:
+	    ap_bputs("Your browser sent a request that\n", fd);
+	    ap_bputs("this server could not understand.<P>\n", fd);
+	    if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
+		ap_bvputs(fd, error_notes, "<P>\n", NULL);
+	    }
+	    break;
+	case HTTP_FORBIDDEN:
+	    ap_bvputs(fd, "You don't have permission to access ",
+		      ap_escape_html(r->pool, r->uri),
+		      "\non this server.<P>\n", NULL);
+	    break;
+	case NOT_FOUND:
+	    ap_bvputs(fd, "The requested URL ",
+		      ap_escape_html(r->pool, r->uri),
+		      " was not found on this server.<P>\n", NULL);
+	    break;
+	case METHOD_NOT_ALLOWED:
+	    ap_bvputs(fd, "The requested method ", r->method,
+		      " is not allowed "
+		      "for the URL ", ap_escape_html(r->pool, r->uri),
+		      ".<P>\n", NULL);
+	    break;
+	case NOT_ACCEPTABLE:
+	    ap_bvputs(fd,
+		      "An appropriate representation of the "
+		      "requested resource ",
+		      ap_escape_html(r->pool, r->uri),
+		      " could not be found on this server.<P>\n", NULL);
+	    /* fall through */
+	case MULTIPLE_CHOICES:
+	    {
+		const char *list;
+		if ((list = ap_table_get(r->notes, "variant-list")))
+		    ap_bputs(list, fd);
+	    }
+	    break;
+	case LENGTH_REQUIRED:
+	    ap_bvputs(fd, "A request of the requested method ", r->method,
+		      " requires a valid Content-length.<P>\n", NULL);
+	    if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
+		ap_bvputs(fd, error_notes, "<P>\n", NULL);
+	    }
+	    break;
+	case PRECONDITION_FAILED:
+	    ap_bvputs(fd, "The precondition on the request for the URL ",
+		      ap_escape_html(r->pool, r->uri),
+		      " evaluated to false.<P>\n", NULL);
+	    break;
+	case NOT_IMPLEMENTED:
+	    ap_bvputs(fd, ap_escape_html(r->pool, r->method), " to ",
+		      ap_escape_html(r->pool, r->uri),
+		      " not supported.<P>\n", NULL);
+	    break;
+	case BAD_GATEWAY:
+	    ap_bputs("The proxy server received an invalid\015\012", fd);
+	    ap_bputs("response from an upstream server.<P>\015\012", fd);
+	    break;
+	case VARIANT_ALSO_VARIES:
+	    ap_bvputs(fd, "A variant for the requested entity  ",
+		      ap_escape_html(r->pool, r->uri), " is itself a ",
+		      "transparently negotiable resource.<P>\n", NULL);
+	    break;
+	case HTTP_REQUEST_TIME_OUT:
+	    ap_bputs("I'm tired of waiting for your request.\n", fd);
+	    break;
+	case HTTP_GONE:
+	    ap_bvputs(fd, "The requested resource<BR>",
+		      ap_escape_html(r->pool, r->uri),
+		      "<BR>\nis no longer available on this server ",
+		      "and there is no forwarding address.\n",
+		      "Please remove all references to this resource.\n",
+		      NULL);
+	    break;
+	case HTTP_REQUEST_ENTITY_TOO_LARGE:
+	    ap_bvputs(fd, "The requested resource<BR>",
+		      ap_escape_html(r->pool, r->uri), "<BR>\n",
+		      "does not allow request data with ", r->method,
+		      " requests, or the amount of data provided in\n",
+		      "the request exceeds the capacity limit.\n", NULL);
+	    break;
+	case HTTP_REQUEST_URI_TOO_LARGE:
+	    ap_bputs("The requested URL's length exceeds the capacity\n"
+	             "limit for this server.<P>\n", fd);
+	    if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
+		ap_bvputs(fd, error_notes, "<P>\n", NULL);
+	    }
+	    break;
+	case HTTP_UNSUPPORTED_MEDIA_TYPE:
+	    ap_bputs("The supplied request data is not in a format\n"
+	             "acceptable for processing by this resource.\n", fd);
+	    break;
+	case HTTP_RANGE_NOT_SATISFIABLE:
+	    ap_bputs("None of the range-specifier values in the Range\n"
+	             "request-header field overlap the current extent\n"
+	             "of the selected resource.\n", fd);
+	    break;
+	case HTTP_EXPECTATION_FAILED:
+	    ap_bvputs(fd, "The expectation given in the Expect request-header"
+	              "\nfield could not be met by this server.<P>\n"
+	              "The client sent<PRE>\n    Expect: ",
+	              ap_table_get(r->headers_in, "Expect"), "\n</PRE>\n"
+	              "but we only allow the 100-continue expectation.\n",
+	              NULL);
+	    break;
+	case HTTP_UNPROCESSABLE_ENTITY:
+	    ap_bputs("The server understands the media type of the\n"
+	             "request entity, but was unable to process the\n"
+	             "contained instructions.\n", fd);
+	    break;
+	case HTTP_LOCKED:
+	    ap_bputs("The requested resource is currently locked.\n"
+	             "The lock must be released or proper identification\n"
+	             "given before the method can be applied.\n", fd);
+	    break;
+	case HTTP_SERVICE_UNAVAILABLE:
+	    ap_bputs("The server is temporarily unable to service your\n"
+	             "request due to maintenance downtime or capacity\n"
+	             "problems. Please try again later.\n", fd);
+	    break;
+	case HTTP_GATEWAY_TIME_OUT:
+	    ap_bputs("The proxy server did not receive a timely response\n"
+	             "from the upstream server.\n", fd);
+	    break;
+	case HTTP_NOT_EXTENDED:
+	    ap_bputs("A mandatory extension policy in the request is not\n"
+                     "accepted by the server for this resource.\n", fd);
+	    break;
+	default:            /* HTTP_INTERNAL_SERVER_ERROR */
+	    ap_bvputs(fd, "The server encountered an internal error or\n"
+	             "misconfiguration and was unable to complete\n"
+	             "your request.<P>\n"
+	             "Please contact the server administrator,\n ",
+	             ap_escape_html(r->pool, r->server->server_admin),
+	             " and inform them of the time the error occurred,\n"
+	             "and anything you might have done that may have\n"
+	             "caused the error.<P>\n", NULL);
+	    if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
+		ap_bvputs(fd, error_notes, "<P>\n", NULL);
+	    }
+	    break;
+	}
 
         if (recursive_error) {
             ap_bvputs(fd, "<P>Additionally, a ",
diff --git a/usr.sbin/httpd/src/main/http_request.c b/usr.sbin/httpd/src/main/http_request.c
index 62918edc2ea..918dc9226bf 100644
--- a/usr.sbin/httpd/src/main/http_request.c
+++ b/usr.sbin/httpd/src/main/http_request.c
@@ -188,8 +188,10 @@ static int get_path_info(request_rec *r)
     }
 
 #ifdef WIN32
-    /* If the path is x:/, then convert it to x:/., coz that's what stat needs to work properly */
-    if(strlen(path) == 3 && path[1] == ':') {
+    /* If the path is x:/, then convert it to x:/., coz that's what stat
+     * needs to work properly
+     */
+    if (strlen(path) == 3 && path[1] == ':') {
 	strcpy(buf,path);
 	buf[3]='.';
 	buf[4]='\0';
@@ -674,6 +676,7 @@ API_EXPORT(request_rec *) ap_sub_req_lookup_uri(const char *new_file,
     char *udir;
 
     rnew = make_sub_request(r);
+    rnew->hostname       = r->hostname;
     rnew->request_time   = r->request_time;
     rnew->connection     = r->connection;
     rnew->server         = r->server;
@@ -751,6 +754,7 @@ API_EXPORT(request_rec *) ap_sub_req_lookup_file(const char *new_file,
     char *fdir;
 
     rnew = make_sub_request(r);
+    rnew->hostname       = r->hostname;
     rnew->request_time   = r->request_time;
     rnew->connection     = r->connection;
     rnew->server         = r->server;
@@ -826,7 +830,14 @@ API_EXPORT(request_rec *) ap_sub_req_lookup_file(const char *new_file,
          * file may not have a uri associated with it -djg
          */
         rnew->uri = "INTERNALLY GENERATED file-relative req";
+#ifdef WIN32
+        rnew->filename = ((new_file[0] == '/'
+                           || (ap_isalpha(new_file[0])
+                               && new_file[1] == ':'
+                               && new_file[2] == '/')) ?
+#else
         rnew->filename = ((new_file[0] == '/') ?
+#endif
                           ap_pstrdup(rnew->pool, new_file) :
                           ap_make_full_path(rnew->pool, fdir, new_file));
         rnew->per_dir_config = r->server->lookup_defaults;
@@ -1013,39 +1024,6 @@ static void process_request_internal(request_rec *r)
 {
     int access_status;
 
-    /*
-     * Kluge to be reading the assbackwards field outside of protocol.c, but
-     * we've got to check for this sort of nonsense somewhere...
-     */
-
-    if (r->assbackwards && r->header_only) {
-        /*
-         * Client asked for headers only with HTTP/0.9, which doesn't send
-         * headers!  Have to dink things even to make sure the error message
-         * comes through...
-         */
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "client sent illegal HTTP/0.9 request: %s", r->uri);
-        r->header_only = 0;
-        ap_die(BAD_REQUEST, r);
-        return;
-    }
-
-    if ((!r->hostname && (r->proto_num >= HTTP_VERSION(1,1))) ||
-        ((r->proto_num == HTTP_VERSION(1,1)) && !ap_table_get(r->headers_in, "Host"))) {
-        /*
-         * Client sent us a HTTP/1.1 or later request without telling us the
-         * hostname, either with a full URL or a Host: header. We therefore
-         * need to (as per the 1.1 spec) send an error.  As a special case,
-	 * HTTP/1.1 mentions twice (S9, S14.23) that a request MUST contain
-	 * a Host: header, and the server MUST respond with 400 if it doesn't.
-         */
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-               "client sent HTTP/1.1 request without hostname (see RFC2068 section 9, and 14.23): %s", r->uri);
-        ap_die(BAD_REQUEST, r);
-        return;
-    }
-
     /* Ignore embedded %2F's in path for proxy requests */
     if (!r->proxyreq && r->parsed_uri.path) {
 	access_status = ap_unescape_url(r->parsed_uri.path);
diff --git a/usr.sbin/httpd/src/main/util.c b/usr.sbin/httpd/src/main/util.c
index 6ea60371380..eee03233261 100644
--- a/usr.sbin/httpd/src/main/util.c
+++ b/usr.sbin/httpd/src/main/util.c
@@ -738,6 +738,7 @@ API_EXPORT(configfile_t *) ap_pcfg_openfile(pool *p, const char *name)
     poolfile_t *new_pfile;
     FILE *file;
     struct stat stbuf;
+    int saved_errno;
 
     if (name == NULL) {
         ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, NULL,
@@ -747,9 +748,11 @@ API_EXPORT(configfile_t *) ap_pcfg_openfile(pool *p, const char *name)
 
     file = ap_pfopen(p, name, "r");
 #ifdef DEBUG
+    saved_errno = errno;
     ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, NULL,
                 "Opening config file %s (%s)",
                 name, (file == NULL) ? strerror(errno) : "successful");
+    errno = saved_errno;
 #endif
     if (file == NULL)
         return NULL;
@@ -761,10 +764,12 @@ API_EXPORT(configfile_t *) ap_pcfg_openfile(pool *p, const char *name)
 #else
         strcmp(name, "/dev/null") != 0) {
 #endif
+	saved_errno = errno;
         ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, NULL,
                     "Access to file %s denied by server: not a regular file",
                     name);
         ap_pfclose(p, file);
+	errno = saved_errno;
         return NULL;
     }
 
diff --git a/usr.sbin/httpd/src/main/util_script.c b/usr.sbin/httpd/src/main/util_script.c
index 270d377867f..9ee38bf8edd 100644
--- a/usr.sbin/httpd/src/main/util_script.c
+++ b/usr.sbin/httpd/src/main/util_script.c
@@ -262,6 +262,7 @@ API_EXPORT(void) ap_add_common_vars(request_rec *r)
 #endif
 
     ap_table_addn(e, "PATH", env_path);
+    ap_table_setn(e, "SERVER_SIGNATURE", ap_psignature("", r));
     ap_table_addn(e, "SERVER_SOFTWARE", ap_get_server_version());
     ap_table_addn(e, "SERVER_NAME", ap_get_server_name(r));
     ap_table_addn(e, "SERVER_PORT",
@@ -458,8 +459,6 @@ API_EXPORT(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
 	    ap_kill_timeout(r);
 	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
 			  "Premature end of script headers: %s", r->filename);
-	    ap_table_setn(r->notes, "error-notes",
-			  "Premature end of script headers");
 	    return HTTP_INTERNAL_SERVER_ERROR;
 	}
 
@@ -543,8 +542,6 @@ API_EXPORT(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
 	    ap_kill_timeout(r);
 	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
 			  "%s: %s", malformed, r->filename);
-	    ap_table_setn(r->notes, "error-notes",
-			  ap_pstrdup(r->pool, malformed));
 	    return HTTP_INTERNAL_SERVER_ERROR;
 	}
 
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_util.c b/usr.sbin/httpd/src/modules/proxy/proxy_util.c
index 524f4e04856..a2dfd0e8ed7 100644
--- a/usr.sbin/httpd/src/modules/proxy/proxy_util.c
+++ b/usr.sbin/httpd/src/modules/proxy/proxy_util.c
@@ -1,5 +1,5 @@
 /* ====================================================================
- * Copyright (c) 1996,1997 The Apache Group.  All rights reserved.
+ * Copyright (c) 1996-1998 The Apache Group.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -20,9 +20,14 @@
  *
  * 4. The names "Apache Server" and "Apache Group" must not be used to
  *    endorse or promote products derived from this software without
- *    prior written permission.
+ *    prior written permission. For written permission, please contact
+ *    apache@apache.org.
  *
- * 5. Redistributions of any form whatsoever must retain the following
+ * 5. Products derived from this software may not be called "Apache"
+ *    nor may "Apache" appear in their names without prior written
+ *    permission of the Apache Group.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
  *    acknowledgment:
  *    "This product includes software developed by the Apache Group
  *    for use in the Apache HTTP server project (http://www.apache.org/)."
@@ -51,43 +56,72 @@
  */
 
 /* Utility routines for Apache proxy */
-
 #include "mod_proxy.h"
 #include "http_main.h"
-#include "md5.h"
+#include "ap_md5.h"
+#include "multithread.h"
+#include "http_log.h"
+#include "util_uri.h"
+#include "util_date.h"	/* get ap_checkmask() decl. */
+
+static int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r);
+static int proxy_match_domainname(struct dirconn_entry *This, request_rec *r);
+static int proxy_match_hostname(struct dirconn_entry *This, request_rec *r);
+static int proxy_match_word(struct dirconn_entry *This, request_rec *r);
 
 /* already called in the knowledge that the characters are hex digits */
-int
-proxy_hex2c(const char *x)
+int ap_proxy_hex2c(const char *x)
 {
     int i, ch;
 
+#ifndef CHARSET_EBCDIC
     ch = x[0];
-    if (isdigit(ch)) i = ch - '0';
-    else if (isupper(ch)) i = ch - ('A' - 10);
-    else i = ch - ('a' - 10);
+    if (ap_isdigit(ch))
+	i = ch - '0';
+    else if (ap_isupper(ch))
+	i = ch - ('A' - 10);
+    else
+	i = ch - ('a' - 10);
     i <<= 4;
 
     ch = x[1];
-    if (isdigit(ch)) i += ch - '0';
-    else if (isupper(ch)) i += ch - ('A' - 10);
-    else i += ch - ('a' - 10);
+    if (ap_isdigit(ch))
+	i += ch - '0';
+    else if (ap_isupper(ch))
+	i += ch - ('A' - 10);
+    else
+	i += ch - ('a' - 10);
     return i;
+#else /*CHARSET_EBCDIC*/
+    return (1 == sscanf(x, "%2x", &i)) ? os_toebcdic[i&0xFF] : 0;
+#endif /*CHARSET_EBCDIC*/
 }
 
-void
-proxy_c2hex(int ch, char *x)
+void ap_proxy_c2hex(int ch, char *x)
 {
+#ifndef CHARSET_EBCDIC
     int i;
 
     x[0] = '%';
     i = (ch & 0xF0) >> 4;
-    if (i >= 10) x[1] = ('A' - 10) + i;
-    else x[1] = '0' + i;
+    if (i >= 10)
+	x[1] = ('A' - 10) + i;
+    else
+	x[1] = '0' + i;
 
     i = ch & 0x0F;
-    if (i >= 10) x[2] = ('A' - 10) + i;
-    else x[2] = '0' + i;
+    if (i >= 10)
+	x[2] = ('A' - 10) + i;
+    else
+	x[2] = '0' + i;
+#else /*CHARSET_EBCDIC*/
+    static const char ntoa[] = { "0123456789ABCDEF" };
+    ch &= 0xFF;
+    x[0] = '%';
+    x[1] = ntoa[(os_toascii[ch]>>4)&0x0F];
+    x[2] = ntoa[os_toascii[ch]&0x0F];
+    x[3] = '\0';
+#endif /*CHARSET_EBCDIC*/
 }
 
 /*
@@ -101,12 +135,12 @@ proxy_c2hex(int ch, char *x)
  * those which must not be touched.
  */
 char *
-proxy_canonenc(pool *p, const char *x, int len, enum enctype t, int isenc)
+     ap_proxy_canonenc(pool *p, const char *x, int len, enum enctype t, int isenc)
 {
-    int i, j, ispath, ch;
+    int i, j, ch;
     char *y;
-    const char *allowed;  /* characters which should not be encoded */
-    const char *reserved;  /* characters which much not be en/de-coded */
+    const char *allowed;	/* characters which should not be encoded */
+    const char *reserved;	/* characters which much not be en/de-coded */
 
 /* N.B. in addition to :@&=, this allows ';' in an http path
  * and '?' in an ftp path -- this may be revised
@@ -115,48 +149,52 @@ proxy_canonenc(pool *p, const char *x, int len, enum enctype t, int isenc)
  * it may be form-encoded. (Although RFC 1738 doesn't allow this -
  * it only permits ; / ? : @ = & as reserved chars.)
  */
-    if (t == enc_path) allowed = "$-_.+!*'(),;:@&=";
-    else if (t == enc_search) allowed = "$-_.!*'(),;:@&=";
-    else if (t == enc_user) allowed = "$-_.+!*'(),;@&=";
-    else if (t == enc_fpath) allowed = "$-_.+!*'(),?:@&=";
-    else /* if (t == enc_parm) */ allowed = "$-_.+!*'(),?/:@&=";
-
-    if (t == enc_path) reserved = "/";
-    else if (t == enc_search) reserved = "+";
-    else reserved = "";
+    if (t == enc_path)
+	allowed = "$-_.+!*'(),;:@&=";
+    else if (t == enc_search)
+	allowed = "$-_.!*'(),;:@&=";
+    else if (t == enc_user)
+	allowed = "$-_.+!*'(),;@&=";
+    else if (t == enc_fpath)
+	allowed = "$-_.+!*'(),?:@&=";
+    else			/* if (t == enc_parm) */
+	allowed = "$-_.+!*'(),?/:@&=";
+
+    if (t == enc_path)
+	reserved = "/";
+    else if (t == enc_search)
+	reserved = "+";
+    else
+	reserved = "";
 
-    y = palloc(p, 3*len+1);
-    ispath = (t == enc_path);
+    y = ap_palloc(p, 3 * len + 1);
 
-    for (i=0, j=0; i < len; i++, j++)
-    {
+    for (i = 0, j = 0; i < len; i++, j++) {
 /* always handle '/' first */
 	ch = x[i];
-	if (ind(reserved, ch) != -1)
-	{
+	if (strchr(reserved, ch)) {
 	    y[j] = ch;
 	    continue;
 	}
 /* decode it if not already done */
-	if (isenc && ch == '%')
-	{
-	    if (!isxdigit(x[i+1]) || !isxdigit(x[i+2]))
+	if (isenc && ch == '%') {
+	    if (!isxdigit(x[i + 1]) || !isxdigit(x[i + 2]))
 		return NULL;
-	    ch = proxy_hex2c(&x[i+1]);
+	    ch = ap_proxy_hex2c(&x[i + 1]);
 	    i += 2;
-	    if (ch != 0 && ind(reserved, ch) != -1)
-	    {  /* keep it encoded */
-		proxy_c2hex(ch, &y[j]);
+	    if (ch != 0 && strchr(reserved, ch)) {	/* keep it encoded */
+		ap_proxy_c2hex(ch, &y[j]);
 		j += 2;
 		continue;
 	    }
 	}
 /* recode it, if necessary */
-	if (!isalnum(ch) && ind(allowed, ch) == -1)
-	{
-	    proxy_c2hex(ch, &y[j]);
+	if (!ap_isalnum(ch) && !strchr(allowed, ch)) {
+	    ap_proxy_c2hex(ch, &y[j]);
 	    j += 2;
-	} else y[j] = ch;
+	}
+	else
+	    y[j] = ch;
     }
     y[j] = '\0';
     return y;
@@ -173,84 +211,92 @@ proxy_canonenc(pool *p, const char *x, int len, enum enctype t, int isenc)
  * Returns an error string.
  */
 char *
-proxy_canon_netloc(pool *pool, char **const urlp, char **userp,
-    char **passwordp, char **hostp, int *port)
+     ap_proxy_canon_netloc(pool *p, char **const urlp, char **userp,
+			char **passwordp, char **hostp, int *port)
 {
     int i;
-    char *p, *host, *url=*urlp;
+    char *strp, *host, *url = *urlp;
+    char *user = NULL, *password = NULL;
 
-    if (url[0] != '/' || url[1] != '/') return "Malformed URL";
+    if (url[0] != '/' || url[1] != '/')
+	return "Malformed URL";
     host = url + 2;
     url = strchr(host, '/');
     if (url == NULL)
 	url = "";
     else
-	*(url++) = '\0';  /* skip seperating '/' */
+	*(url++) = '\0';	/* skip seperating '/' */
 
-    if (userp != NULL)
-    {
-	char *user=NULL, *password = NULL;
-	p = strchr(host, '@');
+    /* find _last_ '@' since it might occur in user/password part */
+    strp = strrchr(host, '@');
 
-	if (p != NULL)
-	{
-	    *p = '\0';
-	    user = host;
-	    host = p + 1;
+    if (strp != NULL) {
+	*strp = '\0';
+	user = host;
+	host = strp + 1;
 
 /* find password */
-	    p = strchr(user, ':');
-	    if (p != NULL)
-	    {
-		*p = '\0';
-		password = proxy_canonenc(pool, p+1, strlen(p+1), enc_user, 1);
-		if (password == NULL)
-		    return "Bad %-escape in URL (password)";
-	    }
-
-	    user = proxy_canonenc(pool, user, strlen(user), enc_user, 1);
-	    if (user == NULL) return "Bad %-escape in URL (username)";
+	strp = strchr(user, ':');
+	if (strp != NULL) {
+	    *strp = '\0';
+	    password = ap_proxy_canonenc(p, strp + 1, strlen(strp + 1), enc_user, 1);
+	    if (password == NULL)
+		return "Bad %-escape in URL (password)";
 	}
+
+	user = ap_proxy_canonenc(p, user, strlen(user), enc_user, 1);
+	if (user == NULL)
+	    return "Bad %-escape in URL (username)";
+    }
+    if (userp != NULL) {
 	*userp = user;
+    }
+    if (passwordp != NULL) {
 	*passwordp = password;
     }
 
-    p = strchr(host, ':');
-    if (p != NULL)
-    {
-	*(p++) = '\0';
-	
-	for (i=0; p[i] != '\0'; i++)
-	    if (!isdigit(p[i])) break;
+    strp = strrchr(host, ':');
+    if (strp != NULL) {
+	*(strp++) = '\0';
+
+	for (i = 0; strp[i] != '\0'; i++)
+	    if (!ap_isdigit(strp[i]))
+		break;
 
-	if (i == 0 || p[i] != '\0')
+	if (i == 0 || strp[i] != '\0')
 	    return "Bad port number in URL";
-	*port = atoi(p);
-	if (*port > 65535) return "Port number in URL > 65535";
+	*port = atoi(strp);
+	if (*port > 65535)
+	    return "Port number in URL > 65535";
     }
-    str_tolower(host); /* DNS names are case-insensitive */
-    if (*host == '\0') return "Missing host in URL";
+    ap_str_tolower(host);		/* DNS names are case-insensitive */
+    if (*host == '\0')
+	return "Missing host in URL";
 /* check hostname syntax */
-    for (i=0; host[i] != '\0'; i++)
-	if (!isdigit(host[i]) && host[i] != '.')
+    for (i = 0; host[i] != '\0'; i++)
+	if (!ap_isdigit(host[i]) && host[i] != '.')
 	    break;
- /* must be an IP address */
-    if (host[i] == '\0' && (inet_addr(host) == -1 || inet_network(host) == -1))
-	    return "Bad IP address in URL";
+    /* must be an IP address */
+#ifdef WIN32
+    if (host[i] == '\0' && (inet_addr(host) == -1))
+#else
+    if (host[i] == '\0' && (ap_inet_addr(host) == -1 || inet_network(host) == -1))
+#endif
+    {
+	return "Bad IP address in URL";
+    }
 
+/*    if (strchr(host,'.') == NULL && domain != NULL)
+   host = pstrcat(p, host, domain, NULL);
+ */
     *urlp = url;
     *hostp = host;
 
     return NULL;
 }
 
-static const char *lwday[7]=
+static const char * const lwday[7] =
 {"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"};
-static const char *wday[7]=
-{"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
-static const char *months[12]=
-{"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov",
- "Dec"};
 
 /*
  * If the date is a valid RFC 850 date or asctime() date, then it
@@ -259,264 +305,339 @@ static const char *months[12]=
  * sscanf and sprintf. However, if the date is already correctly
  * formatted, then it exits very quickly.
  */
-char *
-proxy_date_canon(pool *p, char *x)
+const char *
+     ap_proxy_date_canon(pool *p, const char *x)
 {
     int wk, mday, year, hour, min, sec, mon;
     char *q, month[4], zone[4], week[4];
-    
+
     q = strchr(x, ',');
     /* check for RFC 850 date */
-    if (q != NULL && q - x > 3 && q[1] == ' ')
-    {
+    if (q != NULL && q - x > 3 && q[1] == ' ') {
 	*q = '\0';
-	for (wk=0; wk < 7; wk++)
-	    if (strcmp(x, lwday[wk]) == 0) break;
+	for (wk = 0; wk < 7; wk++)
+	    if (strcmp(x, lwday[wk]) == 0)
+		break;
 	*q = ',';
-	if (wk == 7) return x;  /* not a valid date */
+	if (wk == 7)
+	    return x;		/* not a valid date */
 	if (q[4] != '-' || q[8] != '-' || q[11] != ' ' || q[14] != ':' ||
-	    q[17] != ':' || strcmp(&q[20], " GMT") != 0) return x;
-	if (sscanf(q+2, "%u-%3s-%u %u:%u:%u %3s", &mday, month, &year,
-		   &hour, &min, &sec, zone) != 7) return x;
-	if (year < 70) year += 2000;
-	else year += 1900;
-    } else
-    {
+	    q[17] != ':' || strcmp(&q[20], " GMT") != 0)
+	    return x;
+	if (sscanf(q + 2, "%u-%3s-%u %u:%u:%u %3s", &mday, month, &year,
+		   &hour, &min, &sec, zone) != 7)
+	    return x;
+	if (year < 70)
+	    year += 2000;
+	else
+	    year += 1900;
+    }
+    else {
 /* check for acstime() date */
 	if (x[3] != ' ' || x[7] != ' ' || x[10] != ' ' || x[13] != ':' ||
-	    x[16] != ':' || x[19] != ' ' || x[24] != '\0') return x;
+	    x[16] != ':' || x[19] != ' ' || x[24] != '\0')
+	    return x;
 	if (sscanf(x, "%3s %3s %u %u:%u:%u %u", week, month, &mday, &hour,
-		   &min, &sec, &year) != 7) return x;
-	for (wk=0; wk < 7; wk++)
-	    if (strcmp(week, wday[wk]) == 0) break;
-	if (wk == 7) return x;
+		   &min, &sec, &year) != 7)
+	    return x;
+	for (wk = 0; wk < 7; wk++)
+	    if (strcmp(week, ap_day_snames[wk]) == 0)
+		break;
+	if (wk == 7)
+	    return x;
     }
 
 /* check date */
-    for (mon=0; mon < 12; mon++) if (strcmp(month, months[mon]) == 0) break;
-    if (mon == 12) return x;
+    for (mon = 0; mon < 12; mon++)
+	if (strcmp(month, ap_month_snames[mon]) == 0)
+	    break;
+    if (mon == 12)
+	return x;
 
-    if (strlen(x)+1 < 30) {
-        x = palloc(p, 30);
-    }
-    /* format: "Wed, 17 Dec 1997 00:53:40 GMT" (29 chars data) */
-    ap_snprintf(x, 30, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", wday[wk], mday,
-	    months[mon], year, hour, min, sec);
-    return x;
+    q = ap_palloc(p, 30);
+    ap_snprintf(q, 30, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", ap_day_snames[wk], mday,
+		ap_month_snames[mon], year, hour, min, sec);
+    return q;
+}
+
+
+/* NOTE: This routine is taken from http_protocol::getline()
+ * because the old code found in the proxy module was too
+ * difficult to understand and maintain.
+ */
+/* Get a line of protocol input, including any continuation lines
+ * caused by MIME folding (or broken clients) if fold != 0, and place it
+ * in the buffer s, of size n bytes, without the ending newline.
+ *
+ * Returns -1 on error, or the length of s.
+ *
+ * Note: Because bgets uses 1 char for newline and 1 char for NUL,
+ *       the most we can get is (n - 2) actual characters if it
+ *       was ended by a newline, or (n - 1) characters if the line
+ *       length exceeded (n - 1).  So, if the result == (n - 1),
+ *       then the actual input line exceeded the buffer length,
+ *       and it would be a good idea for the caller to puke 400 or 414.
+ */
+static int proxy_getline(char *s, int n, BUFF *in, int fold)
+{
+    char *pos, next;
+    int retval;
+    int total = 0;
+
+    pos = s;
+
+    do {
+        retval = ap_bgets(pos, n, in);     /* retval == -1 if error, 0 if EOF */
+
+        if (retval <= 0)
+            return ((retval < 0) && (total == 0)) ? -1 : total;
+
+        /* retval is the number of characters read, not including NUL      */
+
+        n -= retval;            /* Keep track of how much of s is full     */
+        pos += (retval - 1);    /* and where s ends                        */
+        total += retval;        /* and how long s has become               */
+
+        if (*pos == '\n') {     /* Did we get a full line of input?        */
+            *pos = '\0';
+            --total;
+            ++n;
+        }
+        else
+            return total;       /* if not, input line exceeded buffer size */
+
+        /* Continue appending if line folding is desired and
+         * the last line was not empty and we have room in the buffer and
+         * the next line begins with a continuation character.
+         */
+    } while (fold && (retval != 1) && (n > 1)
+                  && (ap_blookc(&next, in) == 1)
+                  && ((next == ' ') || (next == '\t')));
+
+    return total;
 }
 
+
 /*
  * Reads headers from a buffer and returns an array of headers.
  * Returns NULL on file error
+ * This routine tries to deal with too long lines and continuation lines.
+ * @@@: XXX: FIXME: currently the headers are passed thru un-merged. 
+ * Is that okay, or should they be collapsed where possible?
  */
-array_header *
-proxy_read_headers(pool *pool, char *buffer, int size, BUFF *f)
+table *ap_proxy_read_headers(request_rec *r, char *buffer, int size, BUFF *f)
 {
-    int gotcr, len, i, j;
-    array_header *resp_hdrs;
-    struct hdr_entry *hdr;
-    char *p;
+    table *resp_hdrs;
+    int len;
+    char *value, *end;
+    char field[MAX_STRING_LEN];
 
-    resp_hdrs = make_array(pool, 10, sizeof(struct hdr_entry));
-    hdr = NULL;
+    resp_hdrs = ap_make_table(r->pool, 20);
 
-    gotcr = 1;
-    for (;;)
-    {
-	len = bgets(buffer, size, f);
-	if (len == -1) return NULL;
-	if (len == 0) break;
-	if (buffer[len-1] == '\n')
-	{
-	    buffer[--len] = '\0';
-	    i = 1;
-	} else
-	    i = 0;
-
-	if (!gotcr || buffer[0] == ' ' || buffer[0] == '\t')
-	{
-	    /* a continuation header */
-	    if (hdr == NULL)
-	    {
-		/* error!! */
-		if (!i)
-		{
-		    i = bskiplf(f);
-		    if (i == -1) return NULL;
-		}
-		gotcr = 1;
-		continue;
+    /*
+     * Read header lines until we get the empty separator line, a read error,
+     * the connection closes (EOF), or we timeout.
+     */
+    while ((len = proxy_getline(buffer, size, f, 1)) > 0) {
+	
+	if (!(value = strchr(buffer, ':'))) {     /* Find the colon separator */
+
+	    /* Buggy MS IIS servers sometimes return invalid headers
+	     * (an extra "HTTP/1.0 200, OK" line sprinkled in between
+	     * the usual MIME headers). Try to deal with it in a sensible
+	     * way, but log the fact.
+	     * XXX: The mask check is buggy if we ever see an HTTP/1.10 */
+
+	    if (!ap_checkmask(buffer, "HTTP/#.# ###*")) {
+		/* Nope, it wasn't even an extra HTTP header. Give up. */
+		return NULL;
 	    }
-	    hdr->value = pstrcat(pool, hdr->value, buffer, NULL);
+
+	    ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, r->server,
+			 "proxy: Ignoring duplicate HTTP header "
+			 "returned by %s (%s)", r->uri, r->method);
+	    continue;
 	}
-	else if (gotcr && len == 0) break;
-	else
-	{
-	    p = strchr(buffer, ':');
-	    if (p == NULL)
-	    {
-		/* error!! */
-		if (!gotcr)
-		{
-		    i = bskiplf(f);
-		    if (i == -1) return NULL;
-		}
-		gotcr = 1;
-		hdr = NULL;
-		continue;
+
+        *value = '\0';
+        ++value;
+	/* XXX: RFC2068 defines only SP and HT as whitespace, this test is
+	 * wrong... and so are many others probably.
+	 */
+        while (ap_isspace(*value))
+            ++value;            /* Skip to start of value   */
+
+	/* should strip trailing whitespace as well */
+	for (end = &value[strlen(value)-1]; end > value && ap_isspace(*end); --end)
+	    *end = '\0';
+
+        ap_table_add(resp_hdrs, buffer, value);
+
+	/* the header was too long; at the least we should skip extra data */
+	if (len >= size - 1) { 
+	    while ((len = proxy_getline(field, MAX_STRING_LEN, f, 1))
+		    >= MAX_STRING_LEN - 1) {
+		/* soak up the extra data */
 	    }
-	    hdr = push_array(resp_hdrs);
-	    *(p++) = '\0';
-	    hdr->field = pstrdup(pool, buffer);
-	    while (*p == ' ' || *p == '\t') p++;
-	    hdr->value = pstrdup(pool, p);
-	    gotcr = i;
+	    if (len == 0) /* time to exit the larger loop as well */
+		break;
 	}
     }
-
-    hdr = (struct hdr_entry *)resp_hdrs->elts;
-    for (i=0; i < resp_hdrs->nelts; i++)
-    {
-	p = hdr[i].value;
-	j = strlen(p);
-	while (j > 0 && (p[j-1] == ' ' || p[j-1] == '\t')) j--;
-	p[j] = '\0';
-    }
-
     return resp_hdrs;
 }
 
-long int
-proxy_send_fb(BUFF *f, request_rec *r, BUFF *f2, struct cache_req *c)
+long int ap_proxy_send_fb(BUFF *f, request_rec *r, cache_req *c)
 {
+    int  ok = 1;
     char buf[IOBUFSIZE];
-    long total_bytes_sent;
-    register int n,o,w;
+    long total_bytes_rcv;
+    register int n, o, w;
     conn_rec *con = r->connection;
-    
-    total_bytes_sent = 0;
+    int alt_to = 1;
+
+    total_bytes_rcv = 0;
+    if (c)
+        c->written = 0;
+
+#ifdef CHARSET_EBCDIC
+    /* The cache copy is ASCII, not EBCDIC, even for text/html) */
+    ap_bsetflag(f, B_ASCII2EBCDIC|B_EBCDIC2ASCII, 0);
+    if (c != NULL && c->fp != NULL)
+	ap_bsetflag(c->fp, B_ASCII2EBCDIC|B_EBCDIC2ASCII, 0);
+    ap_bsetflag(con->client, B_ASCII2EBCDIC|B_EBCDIC2ASCII, 0);
+#endif
 
     /* Since we are reading from one buffer and writing to another,
      * it is unsafe to do a soft_timeout here, at least until the proxy
      * has its own timeout handler which can set both buffers to EOUT.
      */
-    hard_timeout("proxy send body", r);
 
-    while (!con->aborted && f != NULL) {
-	n = bread(f, buf, IOBUFSIZE);
-	if (n == -1) /* input error */
-	{
-	    if (f2 != NULL) f2 = proxy_cache_error(c);
-	    break;
-	}
-	if (n == 0) break; /* EOF */
-        o=0;
-	total_bytes_sent += n;
+    ap_kill_timeout(r);
+
+#ifdef WIN32
+    /* works fine under win32, so leave it */
+    ap_hard_timeout("proxy send body", r);
+    alt_to = 0;
+#else
+    /* CHECKME! Since hard_timeout won't work in unix on sends with partial
+     * cache completion, we have to alternate between hard_timeout
+     * for reads, and soft_timeout for send.  This is because we need
+     * to get a return from ap_bwrite to be able to continue caching.
+     * BUT, if we *can't* continue anyway, just use hard_timeout.
+     */
 
-	if (f2 != NULL)
-	    if (bwrite(f2, buf, n) != n) f2 = proxy_cache_error(c);
-	
-        while(n && !con->aborted) {
-            w = bwrite(con->client, &buf[o], n);
-            if (w <= 0) {
-                if (f2 != NULL) {
-                    pclosef(c->req->pool, c->fp->fd);
-                    c->fp = NULL; 
-                    unlink(c->tempfile);
-                }
-                break;
-            }
-	    reset_timeout(r); /* reset timeout after successful write */
-            n-=w;
-            o+=w;
+    if (c) {
+        if (c->len <= 0 || c->cache_completion == 1) {
+            ap_hard_timeout("proxy send body", r);
+            alt_to = 0;
         }
+    } else {
+        ap_hard_timeout("proxy send body", r);
+        alt_to = 0;
     }
-    if (!con->aborted)
-        bflush(con->client);
-    
-    kill_timeout(r);
-    return total_bytes_sent;
-}
+#endif
 
-/*
- * Read a header from the array, returning the first entry
- */
-struct hdr_entry *
-proxy_get_header(array_header *hdrs_arr, const char *name)
-{
-    struct hdr_entry *hdrs;
-    int i;
+    while (ok) {
+        if (alt_to)
+            ap_hard_timeout("proxy send body", r);
 
-    hdrs = (struct hdr_entry *)hdrs_arr->elts;
-    for (i = 0; i < hdrs_arr->nelts; i++)
-        if (hdrs[i].field != NULL && strcasecmp(name, hdrs[i].field) == 0)
-	    return &hdrs[i];
+	/* Read block from server */
+	n = ap_bread(f, buf, IOBUFSIZE);
 
-    return NULL;
-}
+        if (alt_to)
+            ap_kill_timeout(r);
+        else
+            ap_reset_timeout(r);
 
-/*
- * Add to the header reply, either concatenating, or replacing existin
- * headers. It stores the pointers provided, so make sure the data
- * is not subsequently overwritten
- */
-struct hdr_entry *
-proxy_add_header(array_header *hdrs_arr, char *field, char *value,
-	   int rep)
-{
-    int i;
-    struct hdr_entry *hdrs;
-
-    hdrs = (struct hdr_entry *)hdrs_arr->elts;
-    if (rep)
-	for (i = 0; i < hdrs_arr->nelts; i++)
-	    if (hdrs[i].field != NULL && strcasecmp(field, hdrs[i].field) == 0)
-	    {
-		hdrs[i].value = value;
-		return hdrs;
-	    }
-	
-    hdrs = push_array(hdrs_arr);
-    hdrs->field = field;
-    hdrs->value = value;
+	if (n == -1) {		/* input error */
+	    if (c != NULL)
+		c = ap_proxy_cache_error(c);
+	    break;
+	}
+	if (n == 0)
+	    break;		/* EOF */
+	o = 0;
+	total_bytes_rcv += n;
+
+	/* Write to cache first. */
+        if (c != NULL && c->fp != NULL) {
+            if (ap_bwrite(c->fp, &buf[0], n) != n) {
+                c = ap_proxy_cache_error(c);
+            } else {
+                c->written += n;
+            }
+        }
 
-    return hdrs;
-}
+	/* Write the block to the client, detect aborted transfers */
+        while (n && !con->aborted) {
+            if (alt_to)
+                ap_soft_timeout("proxy send body", r);
 
-void
-proxy_del_header(array_header *hdrs_arr, const char *field)
-{
-    int i;
-    struct hdr_entry *hdrs;
+            w = ap_bwrite(con->client, &buf[o], n);
 
-    hdrs = (struct hdr_entry *)hdrs_arr->elts;
+            if (alt_to)
+                ap_kill_timeout(r);
+            else
+                ap_reset_timeout(r);
 
-    for (i = 0; i < hdrs_arr->nelts; i++)
-	if (hdrs[i].field != NULL && strcasecmp(field, hdrs[i].field) == 0)
-	    hdrs[i].value = NULL;
+            if (w <= 0) {
+                if (c != NULL && c->fp != NULL) {
+                    /* when a send failure occurs, we need to decide
+                     * whether to continue loading and caching the
+                     * document, or to abort the whole thing
+                     */
+                    ok = (c->len > 0) &&
+                         (c->cache_completion > 0) &&
+                         (c->len * c->cache_completion < total_bytes_rcv);
+
+                    if (! ok) {
+                        ap_pclosef(c->req->pool, c->fp->fd);
+                        c->fp = NULL;
+                        unlink(c->tempfile);
+			c = NULL;
+                    }
+                }
+                con->aborted = 1;
+                break;
+            }
+            n -= w;
+            o += w;
+        }
+    }
+
+    if (!con->aborted)
+	ap_bflush(con->client);
+
+    ap_kill_timeout(r);
+    return total_bytes_rcv;
 }
 
 /*
- * Sends response line and headers
+ * Sends response line and headers.  Uses the client fd and the 
+ * headers_out array from the passed request_rec to talk to the client
+ * and to properly set the headers it sends for things such as logging.
+ * 
  * A timeout should be set before calling this routine.
  */
-void
-proxy_send_headers(BUFF *fp, const char *respline, array_header *hdrs_arr)
+void ap_proxy_send_headers(request_rec *r, const char *respline, table *t)
 {
-    struct hdr_entry *hdrs;
     int i;
-
-    hdrs = (struct hdr_entry *)hdrs_arr->elts;
-
-    bputs(respline, fp);
-    bputs("\015\012", fp);
-    for (i = 0; i < hdrs_arr->nelts; i++)
-    {
-        if (hdrs[i].field == NULL) continue;
-	bvputs(fp, hdrs[i].field, ": ", hdrs[i].value, "\015\012", NULL);
+    BUFF *fp = r->connection->client;
+    table_entry *elts = (table_entry *) ap_table_elts(t)->elts;
+
+    ap_bputs(respline, fp);
+    ap_bputs(CRLF, fp);
+
+    for (i = 0; i < ap_table_elts(t)->nelts; ++i) {
+	if (elts[i].key != NULL) {
+	    ap_bvputs(fp, elts[i].key, ": ", elts[i].val, CRLF, NULL);
+	    /* FIXME: @@@ This used to be ap_table_set(), but I think
+	     * ap_table_addn() is correct. MnKr */
+	    ap_table_addn(r->headers_out, elts[i].key, elts[i].val);
+	}
     }
 
-    bputs("\015\012", fp);
+    ap_bputs(CRLF, fp);
 }
 
 
@@ -526,225 +647,627 @@ proxy_send_headers(BUFF *fp, const char *respline, array_header *hdrs_arr)
  * The return returns 1 if the token val is found in the list, or 0
  * otherwise.
  */
-int
-proxy_liststr(const char *list, const char *val)
+int ap_proxy_liststr(const char *list, const char *val)
 {
     int len, i;
     const char *p;
 
     len = strlen(val);
 
-    while (list != NULL)
-    {
+    while (list != NULL) {
 	p = strchr(list, ',');
-	if (p != NULL)
-	{
+	if (p != NULL) {
 	    i = p - list;
-	    do p++; while (isspace(*p));
-	} 
+	    do
+		p++;
+	    while (ap_isspace(*p));
+	}
 	else
 	    i = strlen(list);
 
-	while (i > 0 && isspace(list[i-1])) i--;
-	if (i == len && strncasecmp(list, val, len) == 0) return 1;
+	while (i > 0 && ap_isspace(list[i - 1]))
+	    i--;
+	if (i == len && strncasecmp(list, val, len) == 0)
+	    return 1;
 	list = p;
     }
     return 0;
 }
 
-void
-proxy_hash(const char *it, char *val,int ndepth,int nlength)
+#ifdef WIN32
+
+/*
+ * On NT, the file system is NOT case sensitive. So, a == A
+ * need to map to smaller set of characters
+ */
+void ap_proxy_hash(const char *it, char *val, int ndepth, int nlength)
 {
-    MD5_CTX context;
+    AP_MD5_CTX context;
     unsigned char digest[16];
-    char tmp[22];
+    char tmp[26];
     int i, k, d;
     unsigned int x;
-    static const char table[64]=
-"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_@";
+    static const char enc_table[32] = "abcdefghijklmnopqrstuvwxyz012345";
+
+    ap_MD5Init(&context);
+    ap_MD5Update(&context, (const unsigned char *) it, strlen(it));
+    ap_MD5Final(digest, &context);
+
+/* encode 128 bits as 26 characters, using a modified uuencoding */
+/* the encoding is 5 bytes -> 8 characters
+ * i.e. 128 bits is 3 x 5 bytes + 1 byte -> 3 * 8 characters + 2 characters
+ */
+    for (i = 0, k = 0; i < 15; i += 5) {
+	x = (digest[i] << 24) | (digest[i + 1] << 16) | (digest[i + 2] << 8) | digest[i + 3];
+	tmp[k++] = enc_table[x >> 27];
+	tmp[k++] = enc_table[(x >> 22) & 0x1f];
+	tmp[k++] = enc_table[(x >> 17) & 0x1f];
+	tmp[k++] = enc_table[(x >> 12) & 0x1f];
+	tmp[k++] = enc_table[(x >> 7) & 0x1f];
+	tmp[k++] = enc_table[(x >> 2) & 0x1f];
+	x = ((x & 0x3) << 8) | digest[i + 4];
+	tmp[k++] = enc_table[x >> 5];
+	tmp[k++] = enc_table[x & 0x1f];
+    }
+/* one byte left */
+    x = digest[15];
+    tmp[k++] = enc_table[x >> 3];	/* use up 5 bits */
+    tmp[k++] = enc_table[x & 0x7];
+    /* now split into directory levels */
+
+    for (i = k = d = 0; d < ndepth; ++d) {
+	memcpy(&val[i], &tmp[k], nlength);
+	k += nlength;
+	val[i + nlength] = '/';
+	i += nlength + 1;
+    }
+    memcpy(&val[i], &tmp[k], 26 - k);
+    val[i + 26 - k] = '\0';
+}
 
-    MD5Init(&context);
-    MD5Update(&context, (const unsigned char *)it, strlen(it));
-    MD5Final(digest, &context);
+#else
+
+void ap_proxy_hash(const char *it, char *val, int ndepth, int nlength)
+{
+    AP_MD5_CTX context;
+    unsigned char digest[16];
+    char tmp[22];
+    int i, k, d;
+    unsigned int x;
+#if defined(AIX) && defined(__ps2__)
+    /* Believe it or not, AIX 1.x does not allow you to name a file '@',
+     * so hack around it in the encoding. */
+    static const char enc_table[64] =
+	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_%";
+#else
+    static const char enc_table[64] =
+	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_@";
+#endif
+
+    ap_MD5Init(&context);
+    ap_MD5Update(&context, (const unsigned char *) it, strlen(it));
+    ap_MD5Final(digest, &context);
 
 /* encode 128 bits as 22 characters, using a modified uuencoding */
 /* the encoding is 3 bytes -> 4 characters
  * i.e. 128 bits is 5 x 3 bytes + 1 byte -> 5 * 4 characters + 2 characters
  */
-    for (i=0, k=0; i < 15; i += 3)
-    {
-	x = (digest[i] << 16) | (digest[i+1] << 8) | digest[i+2];
-	tmp[k++] = table[x >> 18];
-	tmp[k++] = table[(x >> 12) & 0x3f];
-	tmp[k++] = table[(x >> 6) & 0x3f];
-	tmp[k++] = table[x & 0x3f];
+    for (i = 0, k = 0; i < 15; i += 3) {
+	x = (digest[i] << 16) | (digest[i + 1] << 8) | digest[i + 2];
+	tmp[k++] = enc_table[x >> 18];
+	tmp[k++] = enc_table[(x >> 12) & 0x3f];
+	tmp[k++] = enc_table[(x >> 6) & 0x3f];
+	tmp[k++] = enc_table[x & 0x3f];
     }
 /* one byte left */
     x = digest[15];
-    tmp[k++] = table[x >> 2];  /* use up 6 bits */
-    tmp[k++] = table[(x << 4) & 0x3f];
+    tmp[k++] = enc_table[x >> 2];	/* use up 6 bits */
+    tmp[k++] = enc_table[(x << 4) & 0x3f];
     /* now split into directory levels */
 
-    for(i=k=d=0 ; d < ndepth ; ++d)
-	{
-	strncpy(&val[i],&tmp[k],nlength);
-	k+=nlength;
-	val[i+nlength]='/';
-	i+=nlength+1;
-	}
-    memcpy(&val[i],&tmp[k],22-k);
-    val[i+22-k]='\0';
+    for (i = k = d = 0; d < ndepth; ++d) {
+	memcpy(&val[i], &tmp[k], nlength);
+	k += nlength;
+	val[i + nlength] = '/';
+	i += nlength + 1;
+    }
+    memcpy(&val[i], &tmp[k], 22 - k);
+    val[i + 22 - k] = '\0';
 }
 
+#endif /* WIN32 */
+
 /*
  * Converts 8 hex digits to a time integer
  */
-int
-proxy_hex2sec(const char *x)
+int ap_proxy_hex2sec(const char *x)
 {
     int i, ch;
     unsigned int j;
 
-    for (i=0, j=0; i < 8; i++)
-    {
+    for (i = 0, j = 0; i < 8; i++) {
 	ch = x[i];
 	j <<= 4;
-	if (isdigit(ch)) j |= ch - '0';
-	else if (isupper(ch)) j |= ch - ('A' - 10);
-	else j |= ch - ('a' - 10);
+	if (ap_isdigit(ch))
+	    j |= ch - '0';
+	else if (ap_isupper(ch))
+	    j |= ch - ('A' - 10);
+	else
+	    j |= ch - ('a' - 10);
     }
-    if (j == 0xffffffff) return -1;  /* so that it works with 8-byte ints */
-    else return j;
+    if (j == 0xffffffff)
+	return -1;		/* so that it works with 8-byte ints */
+    else
+	return j;
 }
 
 /*
  * Converts a time integer to 8 hex digits
  */
-void
-proxy_sec2hex(int t, char *y)
+void ap_proxy_sec2hex(int t, char *y)
 {
     int i, ch;
-    unsigned int j=t;
+    unsigned int j = t;
 
-    for (i=7; i >= 0; i--)
-    {
+    for (i = 7; i >= 0; i--) {
 	ch = j & 0xF;
 	j >>= 4;
-	if (ch >= 10) y[i] = ch + ('A' - 10);
-	else y[i] = ch + '0';
+	if (ch >= 10)
+	    y[i] = ch + ('A' - 10);
+	else
+	    y[i] = ch + '0';
     }
     y[8] = '\0';
 }
 
-void
-proxy_log_uerror(const char *routine, const char *file, const char *err,
-	   server_rec *s)
-{
-    char *p, *q;
-
-    q = get_time();
-    p = strerror(errno);
 
-    if (err != NULL)
-    {
-	fprintf(s->error_log, "[%s] %s\n", q, err);
-	if (file != NULL)
-	    fprintf(s->error_log, "- %s: %s: %s\n", routine, file, p);
-	else
-	    fprintf(s->error_log, "- %s: %s\n", routine, p);
-    } else
-    {
-	if (file != NULL)
-	    fprintf(s->error_log, "[%s] %s: %s: %s\n", q, routine, file, p);
-	else
-	    fprintf(s->error_log, "[%s] %s: %s\n", q, routine, p);
-    }
-
-    fflush(s->error_log);
-}
-
-BUFF *
-proxy_cache_error(struct cache_req *c)
+cache_req *ap_proxy_cache_error(cache_req *c)
 {
-    proxy_log_uerror("write", c->tempfile, "proxy: error writing to cache file",
-        c->req->server);
-    pclosef(c->req->pool, c->fp->fd);
-    c->fp = NULL; 
+    ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
+		 "proxy: error writing to cache file %s", c->tempfile);
+    ap_pclosef(c->req->pool, c->fp->fd);
+    c->fp = NULL;
     unlink(c->tempfile);
     return NULL;
 }
 
-int
-proxyerror(request_rec *r, const char *message)
+int ap_proxyerror(request_rec *r, const char *message)
 {
-    r->status = SERVER_ERROR;
+    ap_table_setn(r->notes, "error-notes",
+		  ap_pstrcat(r->pool, 
+			     "The proxy server could not handle the request "
+			     "<EM><A HREF=\"", r->uri, "\">",
+			     r->method, "&nbsp;", r->uri, "</A></EM>.<P>\n"
+			     "Reason: <STRONG>", message, "</STRONG>", NULL));
     r->status_line = "500 Proxy Error";
-    r->content_type = "text/html";
-
-    send_http_header(r);
-    soft_timeout("proxy error", r);
-
-    rvputs(r, "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\015\012\
-<html><head><title>Proxy Error</title><head>\015\012<body><h1>Proxy Error\
-</h1>\015\012The proxy server could not handle this request.\
-\015\012<p>\015\012Reason: <b>", message, "</b>\015\012</body><html>\015\012",
-	   NULL);
-
-    kill_timeout(r);
-    return OK;
+    return HTTP_INTERNAL_SERVER_ERROR;
 }
 
 /*
  * This routine returns its own error message
  */
 const char *
-proxy_host2addr(const char *host, struct hostent *reqhp)
+     ap_proxy_host2addr(const char *host, struct hostent *reqhp)
 {
     int i;
     struct hostent *hp;
-    static struct hostent hpbuf;
-    static u_long ipaddr;
-    static char* charpbuf[2];
+    static APACHE_TLS struct hostent hpbuf;
+    static APACHE_TLS u_long ipaddr;
+    static APACHE_TLS char *charpbuf[2];
 
-    for (i=0; host[i] != '\0'; i++)
-	if (!isdigit(host[i]) && host[i] != '.')
+    for (i = 0; host[i] != '\0'; i++)
+	if (!ap_isdigit(host[i]) && host[i] != '.')
 	    break;
 
-    if (host[i] != '\0')
-    {
+    if (host[i] != '\0') {
 	hp = gethostbyname(host);
 	if (hp == NULL)
 	    return "Host not found";
-    } else
-    {
-	ipaddr = inet_addr(host);
-	hp = gethostbyaddr((char *)&ipaddr, sizeof(u_long), AF_INET);
+    }
+    else {
+	ipaddr = ap_inet_addr(host);
+	hp = gethostbyaddr((char *) &ipaddr, sizeof(u_long), AF_INET);
 	if (hp == NULL) {
 	    memset(&hpbuf, 0, sizeof(hpbuf));
 	    hpbuf.h_name = 0;
 	    hpbuf.h_addrtype = AF_INET;
 	    hpbuf.h_length = sizeof(u_long);
 	    hpbuf.h_addr_list = charpbuf;
-	    hpbuf.h_addr_list[0] = (char*)&ipaddr;
+	    hpbuf.h_addr_list[0] = (char *) &ipaddr;
 	    hpbuf.h_addr_list[1] = 0;
 	    hp = &hpbuf;
 	}
     }
-    memcpy(reqhp, hp, sizeof(struct hostent));
+    *reqhp = *hp;
     return NULL;
 }
 
-int
-proxy_doconnect(int sock, struct sockaddr_in *addr, request_rec *r)
+static const char *
+     proxy_get_host_of_request(request_rec *r)
+{
+    char *url, *user = NULL, *password = NULL, *err, *host;
+    int port = -1;
+
+    if (r->hostname != NULL)
+	return r->hostname;
+
+    /* Set url to the first char after "scheme://" */
+    if ((url = strchr(r->uri, ':')) == NULL
+	|| url[1] != '/' || url[2] != '/')
+	return NULL;
+
+    url = ap_pstrdup(r->pool, &url[1]);	/* make it point to "//", which is what proxy_canon_netloc expects */
+
+    err = ap_proxy_canon_netloc(r->pool, &url, &user, &password, &host, &port);
+
+    if (err != NULL)
+	ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r,
+		     "%s", err);
+
+    r->hostname = host;
+
+    return host;		/* ought to return the port, too */
+}
+
+/* Return TRUE if addr represents an IP address (or an IP network address) */
+int ap_proxy_is_ipaddr(struct dirconn_entry *This, pool *p)
+{
+    const char *addr = This->name;
+    long ip_addr[4];
+    int i, quads;
+    long bits;
+
+    /* if the address is given with an explicit netmask, use that */
+    /* Due to a deficiency in ap_inet_addr(), it is impossible to parse */
+    /* "partial" addresses (with less than 4 quads) correctly, i.e.  */
+    /* 192.168.123 is parsed as 192.168.0.123, which is not what I want. */
+    /* I therefore have to parse the IP address manually: */
+    /*if (proxy_readmask(This->name, &This->addr.s_addr, &This->mask.s_addr) == 0) */
+    /* addr and mask were set by proxy_readmask() */
+    /*return 1; */
+
+    /* Parse IP addr manually, optionally allowing */
+    /* abbreviated net addresses like 192.168. */
+
+    /* Iterate over up to 4 (dotted) quads. */
+    for (quads = 0; quads < 4 && *addr != '\0'; ++quads) {
+	char *tmp;
+
+	if (*addr == '/' && quads > 0)	/* netmask starts here. */
+	    break;
+
+	if (!ap_isdigit(*addr))
+	    return 0;		/* no digit at start of quad */
+
+	ip_addr[quads] = strtol(addr, &tmp, 0);
+
+	if (tmp == addr)	/* expected a digit, found something else */
+	    return 0;
+
+	if (ip_addr[quads] < 0 || ip_addr[quads] > 255) {
+	    /* invalid octet */
+	    return 0;
+	}
+
+	addr = tmp;
+
+	if (*addr == '.' && quads != 3)
+	    ++addr;		/* after the 4th quad, a dot would be illegal */
+    }
+
+    for (This->addr.s_addr = 0, i = 0; i < quads; ++i)
+	This->addr.s_addr |= htonl(ip_addr[i] << (24 - 8 * i));
+
+    if (addr[0] == '/' && ap_isdigit(addr[1])) {	/* net mask follows: */
+	char *tmp;
+
+	++addr;
+
+	bits = strtol(addr, &tmp, 0);
+
+	if (tmp == addr)	/* expected a digit, found something else */
+	    return 0;
+
+	addr = tmp;
+
+	if (bits < 0 || bits > 32)	/* netmask must be between 0 and 32 */
+	    return 0;
+
+    }
+    else {
+	/* Determine (i.e., "guess") netmask by counting the */
+	/* number of trailing .0's; reduce #quads appropriately */
+	/* (so that 192.168.0.0 is equivalent to 192.168.)        */
+	while (quads > 0 && ip_addr[quads - 1] == 0)
+	    --quads;
+
+	/* "IP Address should be given in dotted-quad form, optionally followed by a netmask (e.g., 192.168.111.0/24)"; */
+	if (quads < 1)
+	    return 0;
+
+	/* every zero-byte counts as 8 zero-bits */
+	bits = 8 * quads;
+
+	if (bits != 32)		/* no warning for fully qualified IP address */
+	    fprintf(stderr, "Warning: NetMask not supplied with IP-Addr; guessing: %s/%ld\n",
+		    inet_ntoa(This->addr), bits);
+    }
+
+    This->mask.s_addr = htonl(INADDR_NONE << (32 - bits));
+
+    if (*addr == '\0' && (This->addr.s_addr & ~This->mask.s_addr) != 0) {
+	fprintf(stderr, "Warning: NetMask and IP-Addr disagree in %s/%ld\n",
+		inet_ntoa(This->addr), bits);
+	This->addr.s_addr &= This->mask.s_addr;
+	fprintf(stderr, "         Set to %s/%ld\n",
+		inet_ntoa(This->addr), bits);
+    }
+
+    if (*addr == '\0') {
+	This->matcher = proxy_match_ipaddr;
+	return 1;
+    }
+    else
+	return (*addr == '\0');	/* okay iff we've parsed the whole string */
+}
+
+/* Return TRUE if addr represents an IP address (or an IP network address) */
+static int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r)
+{
+    int i;
+    int ip_addr[4];
+    struct in_addr addr;
+    struct in_addr *ip_list;
+    char **ip_listptr;
+    const char *found;
+    const char *host = proxy_get_host_of_request(r);
+
+    if (host == NULL)   /* oops! */
+       return 0;
+
+    memset(&addr, '\0', sizeof addr);
+    memset(ip_addr, '\0', sizeof ip_addr);
+
+    if (4 == sscanf(host, "%d.%d.%d.%d", &ip_addr[0], &ip_addr[1], &ip_addr[2], &ip_addr[3])) {
+	for (addr.s_addr = 0, i = 0; i < 4; ++i)
+	    addr.s_addr |= htonl(ip_addr[i] << (24 - 8 * i));
+
+	if (This->addr.s_addr == (addr.s_addr & This->mask.s_addr)) {
+#if DEBUGGING
+	    fprintf(stderr, "1)IP-Match: %s[%s] <-> ", host, inet_ntoa(addr));
+	    fprintf(stderr, "%s/", inet_ntoa(This->addr));
+	    fprintf(stderr, "%s\n", inet_ntoa(This->mask));
+#endif
+	    return 1;
+	}
+#if DEBUGGING
+	else {
+	    fprintf(stderr, "1)IP-NoMatch: %s[%s] <-> ", host, inet_ntoa(addr));
+	    fprintf(stderr, "%s/", inet_ntoa(This->addr));
+	    fprintf(stderr, "%s\n", inet_ntoa(This->mask));
+	}
+#endif
+    }
+    else {
+	struct hostent the_host;
+
+	memset(&the_host, '\0', sizeof the_host);
+	found = ap_proxy_host2addr(host, &the_host);
+
+	if (found != NULL) {
+#if DEBUGGING
+	    fprintf(stderr, "2)IP-NoMatch: hostname=%s msg=%s\n", host, found);
+#endif
+	    return 0;
+	}
+
+	if (the_host.h_name != NULL)
+	    found = the_host.h_name;
+	else
+	    found = host;
+
+	/* Try to deal with multiple IP addr's for a host */
+	for (ip_listptr = the_host.h_addr_list; *ip_listptr; ++ip_listptr) {
+	    ip_list = (struct in_addr *) *ip_listptr;
+	    if (This->addr.s_addr == (ip_list->s_addr & This->mask.s_addr)) {
+#if DEBUGGING
+		fprintf(stderr, "3)IP-Match: %s[%s] <-> ", found, inet_ntoa(*ip_list));
+		fprintf(stderr, "%s/", inet_ntoa(This->addr));
+		fprintf(stderr, "%s\n", inet_ntoa(This->mask));
+#endif
+		return 1;
+	    }
+#if DEBUGGING
+	    else {
+		fprintf(stderr, "3)IP-NoMatch: %s[%s] <-> ", found, inet_ntoa(*ip_list));
+		fprintf(stderr, "%s/", inet_ntoa(This->addr));
+		fprintf(stderr, "%s\n", inet_ntoa(This->mask));
+	    }
+#endif
+	}
+    }
+
+    return 0;
+}
+
+/* Return TRUE if addr represents a domain name */
+int ap_proxy_is_domainname(struct dirconn_entry *This, pool *p)
+{
+    char *addr = This->name;
+    int i;
+
+    /* Domain name must start with a '.' */
+    if (addr[0] != '.')
+	return 0;
+
+    /* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */
+    for (i = 0; ap_isalnum(addr[i]) || addr[i] == '-' || addr[i] == '.'; ++i)
+	continue;
+
+#if 0
+    if (addr[i] == ':') {
+	fprintf(stderr, "@@@@ handle optional port in proxy_is_domainname()\n");
+	/* @@@@ handle optional port */
+    }
+#endif
+
+    if (addr[i] != '\0')
+	return 0;
+
+    /* Strip trailing dots */
+    for (i = strlen(addr) - 1; i > 0 && addr[i] == '.'; --i)
+	addr[i] = '\0';
+
+    This->matcher = proxy_match_domainname;
+    return 1;
+}
+
+/* Return TRUE if host "host" is in domain "domain" */
+static int proxy_match_domainname(struct dirconn_entry *This, request_rec *r)
+{
+    const char *host = proxy_get_host_of_request(r);
+    int d_len = strlen(This->name), h_len;
+
+    if (host == NULL)		/* some error was logged already */
+	return 0;
+
+    h_len = strlen(host);
+
+    /* @@@ do this within the setup? */
+    /* Ignore trailing dots in domain comparison: */
+    while (d_len > 0 && This->name[d_len - 1] == '.')
+	--d_len;
+    while (h_len > 0 && host[h_len - 1] == '.')
+	--h_len;
+    return h_len > d_len
+	&& strncasecmp(&host[h_len - d_len], This->name, d_len) == 0;
+}
+
+/* Return TRUE if addr represents a host name */
+int ap_proxy_is_hostname(struct dirconn_entry *This, pool *p)
+{
+    struct hostent host;
+    char *addr = This->name;
+    int i;
+
+    /* Host names must not start with a '.' */
+    if (addr[0] == '.')
+	return 0;
+
+    /* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */
+    for (i = 0; ap_isalnum(addr[i]) || addr[i] == '-' || addr[i] == '.'; ++i);
+
+#if 0
+    if (addr[i] == ':') {
+	fprintf(stderr, "@@@@ handle optional port in proxy_is_hostname()\n");
+	/* @@@@ handle optional port */
+    }
+#endif
+
+    if (addr[i] != '\0' || ap_proxy_host2addr(addr, &host) != NULL)
+	return 0;
+
+    This->hostentry = ap_pduphostent (p, &host);
+
+    /* Strip trailing dots */
+    for (i = strlen(addr) - 1; i > 0 && addr[i] == '.'; --i)
+	addr[i] = '\0';
+
+    This->matcher = proxy_match_hostname;
+    return 1;
+}
+
+/* Return TRUE if host "host" is equal to host2 "host2" */
+static int proxy_match_hostname(struct dirconn_entry *This, request_rec *r)
+{
+    char *host = This->name;
+    const char *host2 = proxy_get_host_of_request(r);
+    int h2_len;
+    int h1_len;
+
+    if (host == NULL || host2 == NULL)
+       return 0; /* oops! */
+
+    h2_len = strlen(host2);
+    h1_len = strlen(host);
+
+#if 0
+    unsigned long *ip_list;
+
+    /* Try to deal with multiple IP addr's for a host */
+    for (ip_list = *This->hostentry->h_addr_list; *ip_list != 0UL; ++ip_list)
+	if (*ip_list == ? ? ? ? ? ? ? ? ? ? ? ? ?)
+	    return 1;
+#endif
+
+    /* Ignore trailing dots in host2 comparison: */
+    while (h2_len > 0 && host2[h2_len - 1] == '.')
+	--h2_len;
+    while (h1_len > 0 && host[h1_len - 1] == '.')
+	--h1_len;
+    return h1_len == h2_len
+	&& strncasecmp(host, host2, h1_len) == 0;
+}
+
+/* Return TRUE if addr is to be matched as a word */
+int ap_proxy_is_word(struct dirconn_entry *This, pool *p)
+{
+    This->matcher = proxy_match_word;
+    return 1;
+}
+
+/* Return TRUE if string "str2" occurs literally in "str1" */
+static int proxy_match_word(struct dirconn_entry *This, request_rec *r)
+{
+    const char *host = proxy_get_host_of_request(r);
+    return host != NULL && strstr(host, This->name) != NULL;
+}
+
+int ap_proxy_doconnect(int sock, struct sockaddr_in *addr, request_rec *r)
 {
     int i;
 
-    hard_timeout("proxy connect", r);
-    do	i = connect(sock, (struct sockaddr *)addr, sizeof(struct sockaddr_in));
-    while (i == -1 && errno == EINTR);
-    if (i == -1) proxy_log_uerror("connect", NULL, NULL, r->server);
-    kill_timeout(r);
+    ap_hard_timeout("proxy connect", r);
+    do {
+	i = connect(sock, (struct sockaddr *) addr, sizeof(struct sockaddr_in));
+#ifdef WIN32
+	if (i == SOCKET_ERROR)
+	    errno = WSAGetLastError();
+#endif /* WIN32 */
+    } while (i == -1 && errno == EINTR);
+    if (i == -1) {
+	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
+		     "proxy connect to %s port %d failed",
+		     inet_ntoa(addr->sin_addr), ntohs(addr->sin_port));
+    }
+    ap_kill_timeout(r);
 
     return i;
 }
 
+/* This function is called by ap_table_do() for all header lines */
+/* (from proxy_http.c and proxy_ftp.c) */
+/* It is passed a table_do_args struct pointer and a MIME field and value pair */
+int ap_proxy_send_hdr_line(void *p, const char *key, const char *value)
+{
+    struct tbl_do_args *parm = (struct tbl_do_args *)p;
+
+    if (key == NULL || value == NULL || value[0] == '\0')
+	return 1;
+    if (!parm->req->assbackwards)
+	ap_rvputs(parm->req, key, ": ", value, CRLF, NULL);
+    if (parm->cache != NULL && parm->cache->fp != NULL &&
+	ap_bvputs(parm->cache->fp, key, ": ", value, CRLF, NULL) == -1)
+	    parm->cache = ap_proxy_cache_error(parm->cache);
+    return 1; /* tell ap_table_do() to continue calling us for more headers */
+}
+
+/* send a text line to one or two BUFF's; return line length */
+unsigned ap_proxy_bputs2(const char *data, BUFF *client, cache_req *cache)
+{
+    unsigned len = ap_bputs(data, client);
+    if (cache != NULL && cache->fp != NULL)
+	ap_bputs(data, cache->fp);
+    return len;
+}
+
diff --git a/usr.sbin/httpd/src/modules/standard/mod_auth.c b/usr.sbin/httpd/src/modules/standard/mod_auth.c
index c4ca529cf63..605ef9cfa65 100644
--- a/usr.sbin/httpd/src/modules/standard/mod_auth.c
+++ b/usr.sbin/httpd/src/modules/standard/mod_auth.c
@@ -264,7 +264,7 @@ static int check_user_access(request_rec *r)
 	method_restricted = 1;
 
 	t = reqs[x].requirement;
-	w = ap_getword(r->pool, &t, ' ');
+	w = ap_getword_white(r->pool, &t);
 	if (!strcmp(w, "valid-user"))
 	    return OK;
 	if (!strcmp(w, "user")) {
diff --git a/usr.sbin/httpd/src/modules/standard/mod_auth_db.c b/usr.sbin/httpd/src/modules/standard/mod_auth_db.c
index 26a994b7367..a4b5da96ce5 100644
--- a/usr.sbin/httpd/src/modules/standard/mod_auth_db.c
+++ b/usr.sbin/httpd/src/modules/standard/mod_auth_db.c
@@ -281,7 +281,7 @@ static int db_check_auth(request_rec *r)
 	    continue;
 
 	t = reqs[x].requirement;
-	w = ap_getword(r->pool, &t, ' ');
+	w = ap_getword_white(r->pool, &t);
 
 	if (!strcmp(w, "group") && sec->auth_dbgrpfile) {
 	    const char *orig_groups, *groups;
@@ -298,7 +298,7 @@ static int db_check_auth(request_rec *r)
 	    }
 	    orig_groups = groups;
 	    while (t[0]) {
-		w = ap_getword(r->pool, &t, ' ');
+		w = ap_getword_white(r->pool, &t);
 		groups = orig_groups;
 		while (groups[0]) {
 		    v = ap_getword(r->pool, &groups, ',');
diff --git a/usr.sbin/httpd/src/modules/standard/mod_auth_dbm.c b/usr.sbin/httpd/src/modules/standard/mod_auth_dbm.c
index b280513f232..d4a72b23977 100644
--- a/usr.sbin/httpd/src/modules/standard/mod_auth_dbm.c
+++ b/usr.sbin/httpd/src/modules/standard/mod_auth_dbm.c
@@ -266,7 +266,7 @@ static int dbm_check_auth(request_rec *r)
 	    continue;
 
 	t = reqs[x].requirement;
-	w = ap_getword(r->pool, &t, ' ');
+	w = ap_getword_white(r->pool, &t);
 
 	if (!strcmp(w, "group") && sec->auth_dbmgrpfile) {
 	    const char *orig_groups, *groups;
@@ -283,7 +283,7 @@ static int dbm_check_auth(request_rec *r)
 	    }
 	    orig_groups = groups;
 	    while (t[0]) {
-		w = ap_getword(r->pool, &t, ' ');
+		w = ap_getword_white(r->pool, &t);
 		groups = orig_groups;
 		while (groups[0]) {
 		    v = ap_getword(r->pool, &groups, ',');
diff --git a/usr.sbin/httpd/src/modules/standard/mod_autoindex.c b/usr.sbin/httpd/src/modules/standard/mod_autoindex.c
index 691b78d09b2..18f35cecce3 100644
--- a/usr.sbin/httpd/src/modules/standard/mod_autoindex.c
+++ b/usr.sbin/httpd/src/modules/standard/mod_autoindex.c
@@ -93,6 +93,7 @@ module MODULE_VAR_EXPORT autoindex_module;
 #define SUPPRESS_DESC 32
 #define SUPPRESS_PREAMBLE 64
 #define SUPPRESS_COLSORT 128
+#define NO_OPTIONS 256
 
 #define K_PAD 1
 #define K_NOPAD 0
@@ -130,6 +131,8 @@ typedef struct autoindex_config_struct {
 
     char *default_icon;
     int opts;
+    int incremented_opts;
+    int decremented_opts;
     int name_width;
     int name_adjust;
     int icon_width;
@@ -293,7 +296,11 @@ static const char *fancy_indexing(cmd_parms *cmd, void *d, int arg)
 
     cfg = (autoindex_config_rec *) d;
     curopts = cfg->opts;
-    newopts = (arg ? (curopts | FANCY_INDEXING) : (curopts & !FANCY_INDEXING));
+    if (curopts & NO_OPTIONS) {
+	return "FancyIndexing directive conflicts with existing "
+	       "IndexOptions None";
+    }
+    newopts = (arg ? (curopts | FANCY_INDEXING) : (curopts & ~FANCY_INDEXING));
     cfg->opts = newopts;
     return NULL;
 }
@@ -301,51 +308,97 @@ static const char *fancy_indexing(cmd_parms *cmd, void *d, int arg)
 static const char *add_opts(cmd_parms *cmd, void *d, const char *optstr)
 {
     char *w;
-    int opts = 0;
+    int opts;
+    int opts_add;
+    int opts_remove;
+    char action;
     autoindex_config_rec *d_cfg = (autoindex_config_rec *) d;
 
+    opts = d_cfg->opts;
+    opts_add = d_cfg->incremented_opts;
+    opts_remove = d_cfg->decremented_opts;
     while (optstr[0]) {
+	int option = 0;
+
 	w = ap_getword_conf(cmd->pool, &optstr);
+	if ((*w == '+') || (*w == '-')) {
+	    action = *(w++);
+	}
+	else {
+	    action = '\0';
+	}
 	if (!strcasecmp(w, "FancyIndexing")) {
-	    opts |= FANCY_INDEXING;
+	    option = FANCY_INDEXING;
 	}
 	else if (!strcasecmp(w, "IconsAreLinks")) {
-	    opts |= ICONS_ARE_LINKS;
+	    option = ICONS_ARE_LINKS;
 	}
 	else if (!strcasecmp(w, "ScanHTMLTitles")) {
-	    opts |= SCAN_HTML_TITLES;
+	    option = SCAN_HTML_TITLES;
 	}
 	else if (!strcasecmp(w, "SuppressLastModified")) {
-	    opts |= SUPPRESS_LAST_MOD;
+	    option = SUPPRESS_LAST_MOD;
 	}
 	else if (!strcasecmp(w, "SuppressSize")) {
-	    opts |= SUPPRESS_SIZE;
+	    option = SUPPRESS_SIZE;
 	}
 	else if (!strcasecmp(w, "SuppressDescription")) {
-	    opts |= SUPPRESS_DESC;
+	    option = SUPPRESS_DESC;
 	}
 	else if (!strcasecmp(w, "SuppressHTMLPreamble")) {
-	    opts |= SUPPRESS_PREAMBLE;
+	    option = SUPPRESS_PREAMBLE;
 	}
         else if (!strcasecmp(w, "SuppressColumnSorting")) {
-            opts |= SUPPRESS_COLSORT;
+            option = SUPPRESS_COLSORT;
 	}
 	else if (!strcasecmp(w, "None")) {
-	    opts = 0;
+	    if (action != '\0') {
+		return "Cannot combine '+' or '-' with 'None' keyword";
+	    }
+	    opts = NO_OPTIONS;
+	    opts_add = 0;
+	    opts_remove = 0;
 	}
 	else if (!strcasecmp(w, "IconWidth")) {
-	    d_cfg->icon_width = DEFAULT_ICON_WIDTH;
+	    if (action != '-') {
+		d_cfg->icon_width = DEFAULT_ICON_WIDTH;
+	    }
+	    else {
+		d_cfg->icon_width = 0;
+	    }
 	}
 	else if (!strncasecmp(w, "IconWidth=", 10)) {
+	    if (action != '\0') {
+		return "Cannot combine '+' or '-' with IconWidth=n";
+	    }
 	    d_cfg->icon_width = atoi(&w[10]);
 	}
 	else if (!strcasecmp(w, "IconHeight")) {
-	    d_cfg->icon_height = DEFAULT_ICON_HEIGHT;
+	    if (action != '-') {
+		d_cfg->icon_height = DEFAULT_ICON_HEIGHT;
+	    }
+	    else {
+		d_cfg->icon_height = 0;
+	    }
 	}
 	else if (!strncasecmp(w, "IconHeight=", 11)) {
+	    if (action != '\0') {
+		return "Cannot combine '+' or '-' with IconHeight=n";
+	    }
 	    d_cfg->icon_height = atoi(&w[11]);
 	}
+	else if (!strcasecmp(w, "NameWidth")) {
+	    if (action != '-') {
+		return "NameWidth with no value may only appear as "
+		       "'-NameWidth'";
+	    }
+	    d_cfg->name_width = DEFAULT_NAME_WIDTH;
+	    d_cfg->name_adjust = 0;
+	}
 	else if (!strncasecmp(w, "NameWidth=", 10)) {
+	    if (action != '\0') {
+		return "Cannot combine '+' or '-' with NameWidth=n";
+	    }
 	    if (w[10] == '*') {
 		d_cfg->name_adjust = 1;
 	    }
@@ -361,7 +414,25 @@ static const char *add_opts(cmd_parms *cmd, void *d, const char *optstr)
 	else {
 	    return "Invalid directory indexing option";
 	}
+	if (action == '\0') {
+	    opts |= option;
+	    opts_add = 0;
+	    opts_remove = 0;
+	}
+	else if (action == '+') {
+	    opts_add |= option;
+	    opts_remove &= ~option;
+	}
+	else {
+	    opts_remove |= option;
+	    opts_add &= ~option;
+	}
+    }
+    if ((opts & NO_OPTIONS) && (opts & ~NO_OPTIONS)) {
+	return "Cannot combine other IndexOptions keywords with 'None'";
     }
+    d_cfg->incremented_opts = opts_add;
+    d_cfg->decremented_opts = opts_remove;
     d_cfg->opts = opts;
     return NULL;
 }
@@ -414,6 +485,8 @@ static void *create_autoindex_config(pool *p, char *dummy)
     new->hdr_list = ap_make_array(p, 4, sizeof(struct item));
     new->rdme_list = ap_make_array(p, 4, sizeof(struct item));
     new->opts = 0;
+    new->incremented_opts = 0;
+    new->decremented_opts = 0;
 
     return (void *) new;
 }
@@ -436,7 +509,48 @@ static void *merge_autoindex_configs(pool *p, void *basev, void *addv)
     new->desc_list = ap_append_arrays(p, add->desc_list, base->desc_list);
     new->icon_list = ap_append_arrays(p, add->icon_list, base->icon_list);
     new->rdme_list = ap_append_arrays(p, add->rdme_list, base->rdme_list);
-    new->opts = add->opts;
+    if (add->opts & NO_OPTIONS) {
+	/*
+	 * If the current directory says 'no options' then we also
+	 * clear any incremental mods from being inheritable further down.
+	 */
+	new->opts = NO_OPTIONS;
+	new->incremented_opts = 0;
+	new->decremented_opts = 0;
+    }
+    else {
+	/*
+	 * If there were any non-incremental options selected for
+	 * this directory, they dominate and we don't inherit *anything.*
+	 * Contrariwise, we *do* inherit if the only settings here are
+	 * incremental ones.
+	 */
+	if (add->opts == 0) {
+	    new->incremented_opts = (base->incremented_opts 
+				     | add->incremented_opts)
+		                    & ~add->decremented_opts;
+	    new->decremented_opts = (base->decremented_opts
+				     | add->decremented_opts);
+	    /*
+	     * We may have incremental settings, so make sure we don't
+	     * inadvertently inherit an IndexOptions None from above.
+	     */
+	    new->opts = (base->opts & ~NO_OPTIONS);
+	}
+	else {
+	    /*
+	     * There are local non-incremental settings, which clear
+	     * all inheritance from above.  They *are* the new base settings.
+	     */
+	    new->opts = add->opts;;
+	}
+	/*
+	 * We're guaranteed that there'll be no overlap between
+	 * the add-options and the remove-options.
+	 */
+	new->opts |= new->incremented_opts;
+	new->opts &= ~new->decremented_opts;
+    }
     new->name_width = add->name_width;
     new->name_adjust = add->name_adjust;
 
@@ -455,7 +569,7 @@ struct ent {
     char *icon;
     char *alt;
     char *desc;
-    size_t size;
+    off_t size;
     time_t lm;
     struct ent *next;
     int ascending;
@@ -745,7 +859,7 @@ static struct ent *make_autoindex_entry(char *name, int autoindex_opts,
 
     p = (struct ent *) ap_pcalloc(r->pool, sizeof(struct ent));
     p->name = ap_pstrdup(r->pool, name);
-    p->size = 0;
+    p->size = -1;
     p->icon = NULL;
     p->alt = NULL;
     p->desc = NULL;
@@ -765,7 +879,7 @@ static struct ent *make_autoindex_entry(char *name, int autoindex_opts,
 		if (!(p->alt = find_alt(d, rr, 1))) {
 		    p->alt = "DIR";
 		}
-		p->size = 0;
+		p->size = -1;
 		p->name = ap_pstrcat(r->pool, name, "/", NULL);
 	    }
 	    else {
diff --git a/usr.sbin/httpd/src/modules/standard/mod_cgi.c b/usr.sbin/httpd/src/modules/standard/mod_cgi.c
index fd5906c4ec2..70f7956228f 100644
--- a/usr.sbin/httpd/src/modules/standard/mod_cgi.c
+++ b/usr.sbin/httpd/src/modules/standard/mod_cgi.c
@@ -433,7 +433,6 @@ static int cgi_handler(request_rec *r)
 			 &script_out, &script_in, &script_err)) {
 	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
 		    "couldn't spawn child process: %s", r->filename);
-	ap_table_setn(r->notes, "error-notes", "Couldn't spawn child process");
 	return HTTP_INTERNAL_SERVER_ERROR;
     }
 
diff --git a/usr.sbin/httpd/src/modules/standard/mod_digest.c b/usr.sbin/httpd/src/modules/standard/mod_digest.c
index 08e52f4ecfe..f44e7e3edea 100644
--- a/usr.sbin/httpd/src/modules/standard/mod_digest.c
+++ b/usr.sbin/httpd/src/modules/standard/mod_digest.c
@@ -159,7 +159,7 @@ static int get_digest_rec(request_rec *r, digest_header_rec * response)
 	return AUTH_REQUIRED;
     }
 
-    if (strcasecmp(scheme=ap_getword(r->pool, &auth_line, ' '), "Digest")) {
+    if (strcasecmp(scheme = ap_getword_white(r->pool, &auth_line), "Digest")) {
 	/* Client tried to authenticate using wrong auth scheme */
 	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
 		    "client used wrong authentication scheme: %s for %s", 
@@ -345,7 +345,7 @@ static int digest_check_auth(request_rec *r)
 	method_restricted = 1;
 
 	t = reqs[x].requirement;
-	w = ap_getword(r->pool, &t, ' ');
+	w = ap_getword_white(r->pool, &t);
 	if (!strcmp(w, "valid-user"))
 	    return OK;
 	else if (!strcmp(w, "user")) {
diff --git a/usr.sbin/httpd/src/modules/standard/mod_include.c b/usr.sbin/httpd/src/modules/standard/mod_include.c
index 612759ed6e9..3acc0c6f696 100644
--- a/usr.sbin/httpd/src/modules/standard/mod_include.c
+++ b/usr.sbin/httpd/src/modules/standard/mod_include.c
@@ -946,6 +946,7 @@ static int handle_perl(FILE *in, request_rec *r, const char *error)
         }
     }
     perl_stdout2client(r);
+    perl_setup_env(r);
     perl_call_handler(sub, r, av);
     return OK;
 }
diff --git a/usr.sbin/httpd/src/modules/standard/mod_log_config.c b/usr.sbin/httpd/src/modules/standard/mod_log_config.c
index 1fa8f498589..da6d2bcb458 100644
--- a/usr.sbin/httpd/src/modules/standard/mod_log_config.c
+++ b/usr.sbin/httpd/src/modules/standard/mod_log_config.c
@@ -202,10 +202,9 @@ static mode_t xfer_mode = (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
  * multi_log_state is our per-(virtual)-server configuration. We store
  * an array of the logs we are going to use, each of type config_log_state.
  * If a default log format is given by LogFormat, store in default_format
- * (backward compat. with mod_log_config). We also store a pointer to
- * the logs specified for the main server for virtual servers, so that
- * if this vhost has now logs defined, we can use the main server's
- * logs instead.
+ * (backward compat. with mod_log_config).  We also store for each virtual
+ * server a pointer to the logs specified for the main server, so that if this
+ * vhost has no logs defined, we can use the main server's logs instead.
  *
  * So, for the main server, config_logs contains a list of the log files
  * and server_config_logs in empty. For a vhost, server_config_logs
diff --git a/usr.sbin/httpd/src/modules/standard/mod_speling.c b/usr.sbin/httpd/src/modules/standard/mod_speling.c
index 53f8c1da34d..7d1b976d639 100644
--- a/usr.sbin/httpd/src/modules/standard/mod_speling.c
+++ b/usr.sbin/httpd/src/modules/standard/mod_speling.c
@@ -453,18 +453,21 @@ static int check_speling(request_rec *r)
             t = "";
 
             for (i = 0; i < candidates->nelts; ++i) {
+		char *vuri;
+		const char *reason;
 
+		reason = sp_reason_str[(int) (variant[i].quality)];
                 /* The format isn't very neat... */
-                t = ap_pstrcat(p, t, "<li><a href=\"", url,
-			       variant[i].name, r->path_info,
-			       r->parsed_uri.query ? "?" : "",
-			       r->parsed_uri.query ? r->parsed_uri.query : "",
-			       "\">", variant[i].name, r->path_info,
-			       r->parsed_uri.query ? "?" : "",
-			       r->parsed_uri.query ? r->parsed_uri.query : "",
-			       "</a> (",
-			       sp_reason_str[(int) (variant[i].quality)],
-			       ")\n", NULL);
+		vuri = ap_pstrcat(p, url, variant[i].name, r->path_info,
+				  (r->parsed_uri.query != NULL) ? "?" : "",
+				  (r->parsed_uri.query != NULL)
+				      ? r->parsed_uri.query : "",
+				  NULL);
+		ap_table_mergen(r->subprocess_env, "VARIANTS",
+				ap_pstrcat(p, "\"", vuri, "\";\"",
+					   reason, "\"", NULL));
+                t = ap_pstrcat(p, t, "<li><a href=\"", vuri,
+			       "\">", vuri, "</a> (", reason, ")\n", NULL);
 
                 /*
                  * when we have printed the "close matches" and there are
diff --git a/usr.sbin/httpd/src/modules/standard/mod_status.c b/usr.sbin/httpd/src/modules/standard/mod_status.c
index 2c24df1ff51..31e9aa41abb 100644
--- a/usr.sbin/httpd/src/modules/standard/mod_status.c
+++ b/usr.sbin/httpd/src/modules/standard/mod_status.c
@@ -240,10 +240,12 @@ static int status_handler(request_rec *r)
     unsigned long bcount = 0;
     unsigned long kbcount = 0;
     long req_time;
-#if defined(NEXT)
-    float tick = HZ;
-#elif !defined(NO_TIMES)
+#ifndef NO_TIMES
+#ifdef _SC_CLK_TCK
     float tick = sysconf(_SC_CLK_TCK);
+#else
+    float tick = HZ;
+#endif
 #endif
     int short_report = 0;
     int no_table_report = 0;
diff --git a/usr.sbin/httpd/src/os/bs2000/bs2login.c b/usr.sbin/httpd/src/os/bs2000/bs2login.c
index 361c59d92f7..afba7fd928b 100644
--- a/usr.sbin/httpd/src/os/bs2000/bs2login.c
+++ b/usr.sbin/httpd/src/os/bs2000/bs2login.c
@@ -67,9 +67,6 @@ static const char *bs2000_account = NULL;
 /* It stores the account name for later use */
 const char *os_set_account(pool *p, const char *account)
 {
-    if (bs2000_account != NULL && strcasecmp(bs2000_account, account) != 0)
-        return "BS2000Account: can be defined only once.";
-
     bs2000_account = ap_pstrdup(p, account);
     return NULL;
 }
diff --git a/usr.sbin/httpd/src/os/bs2000/ebcdic.c b/usr.sbin/httpd/src/os/bs2000/ebcdic.c
index d8c650c0ebc..4a268488de8 100644
--- a/usr.sbin/httpd/src/os/bs2000/ebcdic.c
+++ b/usr.sbin/httpd/src/os/bs2000/ebcdic.c
@@ -62,8 +62,7 @@
 /*
 	   Initial Port for  Apache-1.3 by <Martin.Kraemer@Mch.SNI.De>
 
-"BS2000 OSD" is a POSIX on a main frame.
-It is made by Siemens Nixdorf AG, Germany.
+"BS2000 OSD" is a POSIX on a main frame. It is made by Siemens AG, Germany.
 Within the POSIX subsystem, the same character set was chosen as in
 "native BS2000", namely EBCDIC.
 
diff --git a/usr.sbin/httpd/src/os/win32/registry.c b/usr.sbin/httpd/src/os/win32/registry.c
index 64aa72982a6..665f8ee67e7 100644
--- a/usr.sbin/httpd/src/os/win32/registry.c
+++ b/usr.sbin/httpd/src/os/win32/registry.c
@@ -28,7 +28,7 @@
 
 #define VENDOR   "Apache Group"
 #define SOFTWARE "Apache"
-#define VERSION  "1.3.2"
+#define VERSION  "1.3.3"
 
 #define REGKEY "SOFTWARE\\" VENDOR "\\" SOFTWARE "\\" VERSION
 
diff --git a/usr.sbin/httpd/src/os/win32/util_win32.c b/usr.sbin/httpd/src/os/win32/util_win32.c
index 47d8f7af9b5..3aac08767ce 100644
--- a/usr.sbin/httpd/src/os/win32/util_win32.c
+++ b/usr.sbin/httpd/src/os/win32/util_win32.c
@@ -23,7 +23,18 @@ static BOOL sub_canonical_filename(char *szCanon, unsigned nCanon,
     for (nSlashes = 0; s > szFile && s[-1] == '\\'; ++nSlashes, --s)
 	;
 
-    n = GetFullPathName(szFile, sizeof buf, buf, &szFilePart);
+    if (strlen(szFile)==2 && szFile[1]==':') {
+        /*
+         * If the file name is x:, do not call GetFullPathName
+         * because it will use the current path of the executable
+         */
+        strcpy(buf,szFile);
+        n = strlen(buf);
+        szFilePart = buf + n;
+    }
+    else {
+        n = GetFullPathName(szFile, sizeof buf, buf, &szFilePart);
+    }
     ap_assert(n);
     ap_assert(n < sizeof buf);
 
@@ -36,6 +47,8 @@ static BOOL sub_canonical_filename(char *szCanon, unsigned nCanon,
      * is no '\' in szInFile, it must just be a file name, so it should be
      * valid to use the name from GetFullPathName.  Be sure to adjust the
      * 's' variable so the rest of the code functions normally.
+     * Note it is possible to get here when szFile == 'x:', but that is OK
+     * because we will bail out of this routine early.
      */
     if (!s) {
         szFile = buf;
@@ -180,9 +193,21 @@ API_EXPORT(char *) ap_os_canonical_filename(pool *pPool, const char *szFile)
 
     buf[0] = ap_tolower(buf[0]);
 
-    ap_assert(strlen(buf)+nSlashes < sizeof buf);
-    while (nSlashes--) {
-        strcat(buf, "/");
+    if (nSlashes) {
+        /*
+         * If there were additional trailing slashes, add them back on.
+         * Be sure not to add more than were originally there though,
+         * by checking to see if sub_canonical_filename added one;
+         * this could happen in cases where the file name is 'd:/'
+         */
+        ap_assert(strlen(buf)+nSlashes < sizeof buf);
+
+        if (nSlashes && buf[strlen(buf)-1] == '/')
+            nSlashes--;
+
+        while (nSlashes--) {
+            strcat(buf, "/");
+        }
     }
 
     return ap_pstrdup(pPool, buf);
@@ -233,8 +258,13 @@ API_EXPORT(int) os_stat(const char *szPath, struct stat *pStat)
 	return stat(buf, pStat);
     }
 
+    /*
+     * Below removes the trailing /, however, do not remove
+     * it in the case of 'x:/' or stat will fail
+     */
     n = strlen(szPath);
-    if (szPath[n - 1] == '\\' || szPath[n - 1] == '/') {
+    if ((szPath[n - 1] == '\\' || szPath[n - 1] == '/') &&
+        !(n == 3 && szPath[1] == ':')) {
         char buf[_MAX_PATH];
         
         ap_assert(n < _MAX_PATH);
diff --git a/usr.sbin/httpd/src/support/dbmmanage b/usr.sbin/httpd/src/support/dbmmanage
index 824cda540d6..042c686497e 100644
--- a/usr.sbin/httpd/src/support/dbmmanage
+++ b/usr.sbin/httpd/src/support/dbmmanage
@@ -89,9 +89,9 @@ my $Is_Win32  = $^O eq "MSWin32";
 my %DB = ();
 my @range = ();
 my($mode, $flags) = $command =~ 
-    /^(?:view|check)$/ ? (undef, O_RDONLY) : (0644, O_RDWR|O_CREAT);
+    /^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT);
 
-tie %DB, "AnyDBM_File", $file, $flags, $mode;
+tie %DB, "AnyDBM_File", $file, $flags, $mode || die "Can't tie $file: $!";
 dbmc->$command();
 untie %DB;