Rich Bowen [Sat, 30 May 2026 22:29:02 +0000 (22:29 +0000)]
Switch HTML output from XHTML 1.0 Strict to HTML5
Change output method to "html" and emit <!DOCTYPE html> instead of
the XHTML 1.0 Strict doctype. Remove XHTML namespace declarations
and xml:lang attributes from all XSL stylesheets. Remove explicit
Content-Type meta tag (now auto-generated by the HTML serializer).
This resolves validate-xhtml failures caused by HTML5 features
(aria-* attributes, inline SVG) that are invalid under the
XHTML 1.0 Strict DTD.
Stefan Eissing [Fri, 29 May 2026 09:09:41 +0000 (09:09 +0000)]
*) mod_http2: update to version 2.0.42
Fix excessive file description use for non-TLS frontend connections when
sending files. Fixes <https://github.com/icing/mod_h2/issues/325>
Rich Bowen [Tue, 26 May 2026 10:11:21 +0000 (10:11 +0000)]
docs: Modernize install.xml
- Remove mirrors reference and binary releases (both retired)
- Update all external links to https
- Update version examples to current 2.4.66/2.4.67
- Replace two-step gzip/tar with single tar xzf
- Reword download section for source builds
- Consolidate verification link to verification.html
- Remove minimizing language (easy, simple, simply)
- Add language="sh" to all highlight blocks
- Update disk space: 200 MB build (was 50), 50 MB installed (was 10)
- Replace deprecated ntpdate/xntpd with systemd-timesyncd/chrony
- Remove outdated Perl 5.003 version floor
- Update release examples from dead 2.0/2.2 to 2.4/2.6
- Update 'Mac OS X, Solaris' to 'macOS'
- Requirements intro: 'building' → 'building and running'
Stefan Eissing [Tue, 26 May 2026 07:42:30 +0000 (07:42 +0000)]
*) mod_http2: update to version 2.0.40
Fix error handling on upload requests when server runs out of file
handles that left beam bucket callbacks in place, potentially using
no longer valid references. Only applies on platforms with pipes
and file descriptor limits not healthy for a network server.
Rich Bowen [Mon, 25 May 2026 20:20:58 +0000 (20:20 +0000)]
docs: Add SVG source for RewriteCond syntax diagram, regenerate PNG
Recreate syntax_rewritecond as editable SVG with color-coded callouts
for TestString, CondPattern, and [Flags]. Matches style of RewriteRule
syntax diagram.
Rich Bowen [Mon, 25 May 2026 19:04:07 +0000 (19:04 +0000)]
docs: Add SVG source for rewrite_process_uri, regenerate PNG
Recreate the ruleset processing flowchart as editable SVG. Adds
explicit 'no more rules' exit path and names RewriteCond in the
conditions diamond for clarity. Regenerate PNG from SVG source.
Rich Bowen [Mon, 25 May 2026 18:41:54 +0000 (18:41 +0000)]
docs: Add backreference flow diagram (Figure 3) in rewrite/tech
Add SVG source and regenerated PNG for mod_rewrite_fig2 showing how
backreferences flow: $N from RewriteRule Pattern (matched first) to
all RewriteCond TestStrings and Substitution; %N from last matched
CondPattern to Substitution. Insert as Figure 3 in tech.html. Add
crosslink from intro.html backreferences section to the new diagram.
Remove obsolete GIF.
Rich Bowen [Mon, 25 May 2026 18:21:52 +0000 (18:21 +0000)]
docs: Insert mod_rewrite overview flowchart as Figure 1 in rewrite/tech
Add new per-request rewrite process diagram (Figure 1) showing both
per-server and per-directory phases with RewriteCond evaluation.
Renumber existing ruleset diagram to Figure 2.
Rich Bowen [Mon, 25 May 2026 18:19:46 +0000 (18:19 +0000)]
docs: Add SVG source for rewrite overview flowchart
Add editable SVG source for mod_rewrite_fig1. Regenerate PNG from SVG.
Insert as Figure 1 in rewrite/tech.html showing the full per-request
rewrite process (per-server rules, redirect check, per-directory rules,
including RewriteCond evaluation). Remove obsolete GIF. Renumber existing
diagram to Figure 2.
Rich Bowen [Mon, 25 May 2026 17:48:18 +0000 (17:48 +0000)]
docs: Normalize "server-variables" to "server variables" in mod_rewrite
Remove hyphenation from "Server-Variables"/"server-variables" in
mod/mod_rewrite.xml and rewrite/flags.xml — no RFC precedent exists
for the hyphenated form (RFC 3875 uses "meta-variables"). Rework the
module summary to clarify that HTTP headers and timestamps are a
subset of server variables, not separate categories. Link the term
to its definition in RewriteCond.
Rich Bowen [Mon, 25 May 2026 17:21:11 +0000 (17:21 +0000)]
docs: Clarify DPI flag wording re: PATH_INFO vs URL-path
The opening sentence of the DPI|discardpath section implied PATH_INFO
was a "portion of" the URL-path/URI, while the next sentence described
it as a separate value concatenated to the URL-path/URI. Reword to
make clear that PATH_INFO is appended, not an inherent component.
Also add glossary links for URL-path (trunk only).
Rich Bowen [Mon, 25 May 2026 16:34:57 +0000 (16:34 +0000)]
Add crosslinks between env.html and expr.html
env.html now references expr.html for the modern expression-based
approach to conditional headers, access control, and logging.
The CGI variables section links to the complete variable reference
on expr.html (including REQUEST_URI, REMOTE_ADDR, etc.).
expr.html now links back to env.html for how environment variables
are set (SetEnv, SetEnvIf, [E=...]) and for the special-purpose
variable list.
Rich Bowen [Tue, 19 May 2026 14:38:15 +0000 (14:38 +0000)]
mod_brotli: clarify that numeric directive values are powers of two
BrotliCompressionWindow and BrotliCompressionMaxInputBlock accept
log2 values, but the docs just said "a value between N and M" without
explaining what those numbers mean in practice. Clarify that the
actual sizes are 2^value bytes, with concrete examples (e.g., 18 =
256 KB, 24 = 16 MB). Also improve BrotliCompressionQuality description
with practical guidance. Add examples to all three directives.
Rich Bowen [Fri, 15 May 2026 20:54:41 +0000 (20:54 +0000)]
flags.xml: Add example for UNC flag
Show a Windows UNC path rewrite using a variable in the substitution,
explaining that the flag prevents Apache from collapsing the leading
double slash. Note that the flag is Windows-only and unnecessary when
the substitution starts with literal double slashes.
Rich Bowen [Fri, 15 May 2026 20:03:35 +0000 (20:03 +0000)]
flags.xml: Add examples and security warnings for UnsafeAllow3F and UnsafePrefixStat
Both flags were introduced to address CVE-2024-38474 and CVE-2024-38475
respectively. Add practical examples showing common scenarios where each
flag is needed (PHP front controller for UnsafeAllow3F; backreference-
starting substitution for UnsafePrefixStat), along with warning notes
linking to the relevant CVEs and advising restraint in their use.
Rich Bowen [Fri, 15 May 2026 19:40:03 +0000 (19:40 +0000)]
howto/htaccess.xml: Note that AllowOverride defaults to None
Users frequently miss that .htaccess files are disabled by default
(AllowOverride None since 2.3.9). Add an explicit note after the
AllowOverride explanation so this is immediately visible.
Rich Bowen [Fri, 15 May 2026 19:31:59 +0000 (19:31 +0000)]
Add PATH_INFO glossary entry, link first mention in each doc
Define PATH_INFO in glossary.xml with an example
(/app/index.php/extra/path), reference to AcceptPathInfo directive,
and RFC 3875 section 4.1.5 citation.
Convert the first prose mention of PATH_INFO in 14 files to
<glossary ref="pathinfo"> links. Subsequent mentions within the same
document are left as <code> or plain text to avoid link spam.
Skipped mod_ext_filter.xml (only occurrence is inside the compound
variable name DOCUMENT_PATH_INFO) and mod_ssl.xml (inside a <pre>
block where markup links are inappropriate).
Rich Bowen [Fri, 15 May 2026 19:19:49 +0000 (19:19 +0000)]
flags.xml: Add example and security warning for UnsafeAllow3F
Show the common real-world trigger: a PHP front controller with a
query string in the substitution (index.php?route=\$1) that breaks
when a request contains %3F. Add a warning note linking to
CVE-2024-38474, advising users to prefer URL restructuring over
enabling the flag where possible.
Rich Bowen [Fri, 15 May 2026 18:50:14 +0000 (18:50 +0000)]
Remove dead "Comments" link from See also sidebar
The comments system was removed long ago, but the link to
#comments_section remained in the See also sidebar on every page.
The target anchor no longer exists (common.xsl already has
"<!-- Comments section used to be here -->"), making this a dead link.
Remove from manualpage.xsl, synopsis.xsl, and overrideindex.xsl.
The lang/*/messages "comments" strings are left in place (harmless,
and removing them would require touching all 11 language files).
projects / thirdparty / apache / httpd.git / log
