Rich Bowen [Fri, 15 May 2026 15:23:39 +0000 (15:23 +0000)]
Consolidates advice about crafting regular expressions in one place,
rather than having it duplicated in two docs. Gives example of using !
to negate a match, and notes that in the event of a not-match,
backreferences are not defined (because they didn't match) and points to
the backrefs section for further discussion.
Note that there's still probably a case to be made for a separate
regular expression reference, since neither `man perlre` nor Jeffrey's book
are likely to be in the possession of our audience.
(References patch on bz#70024 but takes it rather a different direction,
since that patch was not accurate.)
Joe Orton [Fri, 15 May 2026 10:31:10 +0000 (10:31 +0000)]
Remove mod_dav_lock, which was useful only to provide drop-in
locking for mod_dav_svn from Apache Subversion older than 1.2.0.
mod_dav_svn from 1.2.0 onwards provides a locking mechanism.
Remove mod_dav_lock from cmake and Windows build system:
* CMakeLists.txt: Remove mod_dav_lock from MODULE_LIST,
mod_dav_lock_extra_sources and mod_dav_lock_extra_libs.
* Apache.dsw, Apache-apr2.dsw: Remove mod_dav_lock project
and dependency entries.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Github: closes #646
Joe Orton [Fri, 15 May 2026 06:57:49 +0000 (06:57 +0000)]
mod_ssl: Set auth type to \"ClientCert\" after authentication
When client certificate authentication has been performed r->ap_auth_type was
never populated and env AUTH_TYPE was empty.
We now set auth type to \"ClientCert\".
PR: 45058
Submitted by: Michael Osipov <michaelo@apache.org>
Github: closes #645
Joe Orton [Fri, 15 May 2026 06:56:04 +0000 (06:56 +0000)]
CI: Add *.md to the ignore list. (the "**" syntax is correct
here, per https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#filter-pattern-cheat-sheet)
Rich Bowen [Thu, 14 May 2026 20:30:43 +0000 (20:30 +0000)]
rewrite guide: document REDIRECT_ prefix for [E=] environment variables
flags.xml: expand the [E] flag section with a note box explaining
that per-directory rewrites rename env vars with a REDIRECT_ prefix
after internal redirect, with an example showing how to reference the
renamed variable and a note about prefix stacking.
env.xml: add cross-reference from the REDIRECT_ variables section
back to rewrite/flags.html#flag_e for mod_rewrite-specific details.
tech.xml: new "URL Encoding and Decoding" section explaining that
httpd unescapes the URI before pattern matching, how to use
%{THE_REQUEST} for the raw form, AllowEncodedSlashes options, and
a summary of the [B]/[BNP]/[NE] flags with links to flags.xml.
flags.xml: add cross-references to tech.html#encoding from the [B],
[BNP], and [NE] flag sections. Restore section headers for flag_bnp
and flag_bctls that were inadvertently dropped.
Add note to the "Forcing HTTPS" recipe in remapping.xml explaining
that %{HTTPS} queries mod_ssl directly and reports "off" when SSL is
terminated upstream. Provides the X-Forwarded-Proto alternative with
a security warning about trusting forwarded headers.
These pages were replaced by reorganized content in avoid.xml,
remapping.xml, rewritemap.xml, and flags.xml during the redundancy
cleanup. Each stub contained only a deprecation notice with pointers
to the new locations, and no other page in the guide links to them.
Removes 54 files (English sources, translations, built HTML, meta).
We will *not* be deleting these in 2.4 but some day when 2.6 branches,
they'll get dropped. The versions in 2.4 are already marked as
deprecated, with a "will go away in the future" message, so by that
time, this should take care of itself.
Rich Bowen [Thu, 14 May 2026 19:17:27 +0000 (19:17 +0000)]
rewrite guide: document mod_rewrite vs mod_alias processing order
tech.xml: new "Module Processing Order" section explaining that
mod_rewrite runs before mod_alias in server/vhost context (hook
priority, not config order), and that per-directory context reverses
this. Includes a concrete example and practical guidance.
avoid.xml: add cross-reference note to the "Simple Redirection"
section warning about the order inconsistency.
Rich Bowen [Mon, 11 May 2026 19:50:14 +0000 (19:50 +0000)]
Rewrite guide: harmonize seealso blocks across all files
Every document in the rewrite guide now cross-references all sibling
documents (htaccess, flags, tech, intro, remapping, rewritemap, vhosts,
avoid) consistently. Removed commented-out self-references.
Rich Bowen [Mon, 11 May 2026 19:31:10 +0000 (19:31 +0000)]
Rewrite guide: deduplicate HTTPS redirect recipe
avoid.xml had a full VirtualHost example for HTTP-to-HTTPS that was
identical to remapping.xml's version. Replace with a brief paragraph
and cross-reference to remapping.html#https-redirect, which covers
both the Redirect and .htaccess mod_rewrite approaches.
Rich Bowen [Mon, 11 May 2026 17:29:33 +0000 (17:29 +0000)]
AI-Assisted survey of the last 20 years of users@ identified a number of
questions that we *could* answer in this Rewrite Guide, but are not yet
doing so. This is more recipe-based, Q&A stuff, and none of it is
terribly high priority, but gives an opportunity to give high-quality
answers to common questions and combat some misinformation.
Rich Bowen [Mon, 11 May 2026 17:18:52 +0000 (17:18 +0000)]
Rewrite guide: merge www-resolve into canonicalhost section
The two sections covered the same hostname canonicalization concept
from slightly different angles. Merge the "Remove www" recipe and
SEO rationale into the existing canonicalhost section and remove
the standalone www-resolve section.
Rich Bowen [Mon, 11 May 2026 17:12:49 +0000 (17:12 +0000)]
Rewrite guide: merge duplicate SSRF warning in flags.xml [P] section
The [P] flag section had two nearly identical security warnings.
Merge into a single comprehensive warning that names the SSRF
vulnerability explicitly and includes the mitigation advice from
both.
The same concept (directory prefix is stripped before matching in
per-directory context) was explained in full across three files with
near-identical comparison tables. Now htaccess.xml owns the complete
explanation; intro.xml and tech.xml each have a brief mention with a
cross-reference.
Moved the subrequest/reprocessing detail from tech.xml into
htaccess.xml where it bridges into the looping discussion — most
users will never read the tech doc.
tech.xml retains its unique content about the two API phases
(URL-to-filename hook and Fixup hook).
Rich Bowen [Mon, 11 May 2026 16:29:45 +0000 (16:29 +0000)]
Rewrite guide: trim [L] flag section, eliminate looping duplication
The [L] section in flags.xml spent 4 paragraphs re-explaining the
per-directory looping behavior that is covered definitively in
htaccess.xml#loops. Replace with a 3-line summary and cross-references
to [END] and the Per-directory Rewrites document.Rewrite guide: trim [L] flag section, eliminate looping duplication
The [L] section in flags.xml spent 4 paragraphs re-explaining the
per-directory looping behavior that is covered definitively in
htaccess.xml#loops. Replace with a 3-line summary and cross-references
to [END] and the Per-directory Rewrites document.
Rich Bowen [Mon, 11 May 2026 13:02:01 +0000 (13:02 +0000)]
Add back in the classic quotes that we dropped a decade ago. They added a certain casual conversation nature, and set the right tone for the rest of the guide.
Update Brazilian Portuguese translations for htaccess, index,
new_features_2_0, and new_features_2_2 docs. Convert all pt-br
files from ISO-8859-1 to UTF-8 encoding, including build
infrastructure (designations.xml, lang-targets.xml, manual.pt-br.xsl,
and the pt-br language strings file).
remapping.xml had two sections (front-controller and fallback-resource)
that duplicated the advice in avoid.xml. Replace front-controller with
a brief cross-reference to avoid.xml and htaccess.xml; remove the
fallback-resource section entirely (it also referenced pre-2.2.16
Apache, which is no longer relevant).
Update htaccess.xml cross-reference link to point to
avoid.html#fallback-resource (its canonical home).
Rich Bowen [Mon, 11 May 2026 12:08:42 +0000 (12:08 +0000)]
Rewrite guide: replace index.xml with structured overview
The index page was duplicating content from intro.xml (module
capabilities, complexity warnings). Replace with a concise intro
paragraph and a definition-list TOC that describes how the guide
is organized. Rename the mod_rewrite reference link to
"The Reference Manual."
Add TODO.md tracking the remaining cross-file redundancies to
resolve (path stripping, [L]/[END] looping, FallbackResource,
duplicate warnings, etc.). Will be removed when cleanup is complete.
Rich Bowen [Thu, 7 May 2026 20:27:14 +0000 (20:27 +0000)]
docs: Rewrite AccessFileName and AllowOverride opening paragraphs for clarity. We should not be giving examples of configuration that is objectively a terrible idea -- removed that example. (Bug 70025)
Joe Orton [Thu, 7 May 2026 13:16:53 +0000 (13:16 +0000)]
mod_ssl: Expose serialNumber (2.5.4.5) as standard env var from certificate DN
serialNumber (2.5.4.5) is a standard LDAP attribute embedded in the subject's
and/or issuer's DN, extract it by standard means from the DN and expose
via StdEnvVars.
PR: 35154 Co-authored-by: Michael Osipov <michaelo@apache.org>
Submitted by: Benjamin Demarteau <benjamin.demarteau@liege.be>
Github: closes #644
Rich Bowen [Wed, 6 May 2026 18:30:37 +0000 (18:30 +0000)]
Fixes bz70027 - per-directory links to the Glossary, rather than
definining it as htaccess files, which is only part of the story.
Also removes an example that I honestly cannot figure out what it is
supposed to be illustrating. It may be worth adding a better example
here at some point.
projects / thirdparty / apache / httpd.git / log
