Rich Bowen [Tue, 26 May 2026 10:11:21 +0000 (10:11 +0000)]
docs: Modernize install.xml
- Remove mirrors reference and binary releases (both retired)
- Update all external links to https
- Update version examples to current 2.4.66/2.4.67
- Replace two-step gzip/tar with single tar xzf
- Reword download section for source builds
- Consolidate verification link to verification.html
- Remove minimizing language (easy, simple, simply)
- Add language="sh" to all highlight blocks
- Update disk space: 200 MB build (was 50), 50 MB installed (was 10)
- Replace deprecated ntpdate/xntpd with systemd-timesyncd/chrony
- Remove outdated Perl 5.003 version floor
- Update release examples from dead 2.0/2.2 to 2.4/2.6
- Update 'Mac OS X, Solaris' to 'macOS'
- Requirements intro: 'building' → 'building and running'
Stefan Eissing [Tue, 26 May 2026 07:42:30 +0000 (07:42 +0000)]
*) mod_http2: update to version 2.0.40
Fix error handling on upload requests when server runs out of file
handles that left beam bucket callbacks in place, potentially using
no longer valid references. Only applies on platforms with pipes
and file descriptor limits not healthy for a network server.
Rich Bowen [Mon, 25 May 2026 20:20:58 +0000 (20:20 +0000)]
docs: Add SVG source for RewriteCond syntax diagram, regenerate PNG
Recreate syntax_rewritecond as editable SVG with color-coded callouts
for TestString, CondPattern, and [Flags]. Matches style of RewriteRule
syntax diagram.
Rich Bowen [Mon, 25 May 2026 19:04:07 +0000 (19:04 +0000)]
docs: Add SVG source for rewrite_process_uri, regenerate PNG
Recreate the ruleset processing flowchart as editable SVG. Adds
explicit 'no more rules' exit path and names RewriteCond in the
conditions diamond for clarity. Regenerate PNG from SVG source.
Rich Bowen [Mon, 25 May 2026 18:41:54 +0000 (18:41 +0000)]
docs: Add backreference flow diagram (Figure 3) in rewrite/tech
Add SVG source and regenerated PNG for mod_rewrite_fig2 showing how
backreferences flow: $N from RewriteRule Pattern (matched first) to
all RewriteCond TestStrings and Substitution; %N from last matched
CondPattern to Substitution. Insert as Figure 3 in tech.html. Add
crosslink from intro.html backreferences section to the new diagram.
Remove obsolete GIF.
Rich Bowen [Mon, 25 May 2026 18:21:52 +0000 (18:21 +0000)]
docs: Insert mod_rewrite overview flowchart as Figure 1 in rewrite/tech
Add new per-request rewrite process diagram (Figure 1) showing both
per-server and per-directory phases with RewriteCond evaluation.
Renumber existing ruleset diagram to Figure 2.
Rich Bowen [Mon, 25 May 2026 18:19:46 +0000 (18:19 +0000)]
docs: Add SVG source for rewrite overview flowchart
Add editable SVG source for mod_rewrite_fig1. Regenerate PNG from SVG.
Insert as Figure 1 in rewrite/tech.html showing the full per-request
rewrite process (per-server rules, redirect check, per-directory rules,
including RewriteCond evaluation). Remove obsolete GIF. Renumber existing
diagram to Figure 2.
Rich Bowen [Mon, 25 May 2026 17:48:18 +0000 (17:48 +0000)]
docs: Normalize "server-variables" to "server variables" in mod_rewrite
Remove hyphenation from "Server-Variables"/"server-variables" in
mod/mod_rewrite.xml and rewrite/flags.xml — no RFC precedent exists
for the hyphenated form (RFC 3875 uses "meta-variables"). Rework the
module summary to clarify that HTTP headers and timestamps are a
subset of server variables, not separate categories. Link the term
to its definition in RewriteCond.
Rich Bowen [Mon, 25 May 2026 17:21:11 +0000 (17:21 +0000)]
docs: Clarify DPI flag wording re: PATH_INFO vs URL-path
The opening sentence of the DPI|discardpath section implied PATH_INFO
was a "portion of" the URL-path/URI, while the next sentence described
it as a separate value concatenated to the URL-path/URI. Reword to
make clear that PATH_INFO is appended, not an inherent component.
Also add glossary links for URL-path (trunk only).
Rich Bowen [Mon, 25 May 2026 16:34:57 +0000 (16:34 +0000)]
Add crosslinks between env.html and expr.html
env.html now references expr.html for the modern expression-based
approach to conditional headers, access control, and logging.
The CGI variables section links to the complete variable reference
on expr.html (including REQUEST_URI, REMOTE_ADDR, etc.).
expr.html now links back to env.html for how environment variables
are set (SetEnv, SetEnvIf, [E=...]) and for the special-purpose
variable list.
Rich Bowen [Tue, 19 May 2026 14:38:15 +0000 (14:38 +0000)]
mod_brotli: clarify that numeric directive values are powers of two
BrotliCompressionWindow and BrotliCompressionMaxInputBlock accept
log2 values, but the docs just said "a value between N and M" without
explaining what those numbers mean in practice. Clarify that the
actual sizes are 2^value bytes, with concrete examples (e.g., 18 =
256 KB, 24 = 16 MB). Also improve BrotliCompressionQuality description
with practical guidance. Add examples to all three directives.
Rich Bowen [Fri, 15 May 2026 20:54:41 +0000 (20:54 +0000)]
flags.xml: Add example for UNC flag
Show a Windows UNC path rewrite using a variable in the substitution,
explaining that the flag prevents Apache from collapsing the leading
double slash. Note that the flag is Windows-only and unnecessary when
the substitution starts with literal double slashes.
Rich Bowen [Fri, 15 May 2026 20:03:35 +0000 (20:03 +0000)]
flags.xml: Add examples and security warnings for UnsafeAllow3F and UnsafePrefixStat
Both flags were introduced to address CVE-2024-38474 and CVE-2024-38475
respectively. Add practical examples showing common scenarios where each
flag is needed (PHP front controller for UnsafeAllow3F; backreference-
starting substitution for UnsafePrefixStat), along with warning notes
linking to the relevant CVEs and advising restraint in their use.
Rich Bowen [Fri, 15 May 2026 19:40:03 +0000 (19:40 +0000)]
howto/htaccess.xml: Note that AllowOverride defaults to None
Users frequently miss that .htaccess files are disabled by default
(AllowOverride None since 2.3.9). Add an explicit note after the
AllowOverride explanation so this is immediately visible.
Rich Bowen [Fri, 15 May 2026 19:31:59 +0000 (19:31 +0000)]
Add PATH_INFO glossary entry, link first mention in each doc
Define PATH_INFO in glossary.xml with an example
(/app/index.php/extra/path), reference to AcceptPathInfo directive,
and RFC 3875 section 4.1.5 citation.
Convert the first prose mention of PATH_INFO in 14 files to
<glossary ref="pathinfo"> links. Subsequent mentions within the same
document are left as <code> or plain text to avoid link spam.
Skipped mod_ext_filter.xml (only occurrence is inside the compound
variable name DOCUMENT_PATH_INFO) and mod_ssl.xml (inside a <pre>
block where markup links are inappropriate).
Rich Bowen [Fri, 15 May 2026 19:19:49 +0000 (19:19 +0000)]
flags.xml: Add example and security warning for UnsafeAllow3F
Show the common real-world trigger: a PHP front controller with a
query string in the substitution (index.php?route=\$1) that breaks
when a request contains %3F. Add a warning note linking to
CVE-2024-38474, advising users to prefer URL restructuring over
enabling the flag where possible.
Rich Bowen [Fri, 15 May 2026 18:50:14 +0000 (18:50 +0000)]
Remove dead "Comments" link from See also sidebar
The comments system was removed long ago, but the link to
#comments_section remained in the See also sidebar on every page.
The target anchor no longer exists (common.xsl already has
"<!-- Comments section used to be here -->"), making this a dead link.
Remove from manualpage.xsl, synopsis.xsl, and overrideindex.xsl.
The lang/*/messages "comments" strings are left in place (harmless,
and removing them would require touching all 11 language files).
Merge paragraphs 2 and 3 of the module summary into a single paragraph
that flows naturally from the introduction without repeating the module
name at the start of each sentence.
Rich Bowen [Fri, 15 May 2026 18:10:54 +0000 (18:10 +0000)]
flags.xml: Add examples for [NS], [QSD], and [R] flags
These commonly-used flags had explanatory text but no configuration
examples. Add minimal, practical illustrations for each:
- [NS]: front controller pattern excluding subrequests
- [QSD]: redirect discarding the original query string
- [R]: 301 redirect to an external URL with path preserved
Rich Bowen [Fri, 15 May 2026 17:32:40 +0000 (17:32 +0000)]
rewrite/*.xml: Replace "URI" with "URL-path" or "URL" as appropriate
While URI and URL are functionally interchangeable in web contexts
(RFC 3986 subsumes both; every HTTP URL is a URI), the term "URI" is
ambiguous about whether the scheme://host:port portion is included.
"URL-path" — as defined in our own directive-dict.xml — makes explicit
that only the path component is meant, which is what mod_rewrite
actually operates on.
Changes across avoid.xml, flags.xml, rewritemap.xml, and tech.xml:
- "URI" → "URL-path" where the context is the path component only
(what RewriteRule patterns match against)
- "URI" → "URL" in the QSA/QSD/R sections where query strings are
part of the discussion (URL-path excludes query strings by definition)
- Kept "URI" in two places: the literal error message "Invalid URI in
request", and "URI translation" (an official httpd hook/phase name)
Rich Bowen [Fri, 15 May 2026 17:25:32 +0000 (17:25 +0000)]
flags.xml: Clarify DPI flag docs, replace "URI" with "URL-path", add example
In RFC terms, URI and URL are functionally interchangeable on the web
(all HTTP URLs are URIs; RFC 3986 subsumes both). However, in this
context the docs mean specifically the path component — no scheme, no
host, no port. "URL-path" (as defined in our own directive-dict.xml)
makes this unambiguous, and is consistent with the rest of the
mod_rewrite documentation which uses "URL-path" throughout.
Also add a concrete example showing DPI preventing PATH_INFO
duplication when rewriting a request.
Rich Bowen [Fri, 15 May 2026 16:42:03 +0000 (16:42 +0000)]
Consolidate "What is matched?" from mod_rewrite.xml into rewrite/intro.xml
Replace the detailed "What is matched?" note block in mod_rewrite.xml
with a concise summary linking to rewrite/intro.html#rewriterule.
Expand the RewriteRule Basics section in rewrite/intro.xml to cover:
- Pattern matches %-decoded URL-path (server context)
- Pattern matches directory-relative path (per-directory context),
with link to htaccess.html#path-stripping
- Pattern does NOT match hostname, port, or query string —
use RewriteCond with %{HTTP_HOST}, %{SERVER_PORT}, %{QUERY_STRING}
Part of: https://bz.apache.org/bugzilla/show_bug.cgi?id=70045
Rich Bowen [Fri, 15 May 2026 16:21:03 +0000 (16:21 +0000)]
Consolidate per-directory rewrite notes: remove duplication between mod_rewrite.xml and rewrite/htaccess.xml
The large "Per-directory Rewrites" note block in mod_rewrite.xml
duplicated content already covered (and better explained) in
rewrite/htaccess.xml. Replace it with a short link to the guide.
Migrate the useful tips that were unique to that block into
rewrite/htaccess.xml:
- ^/ never matches in per-directory context (path-stripping section)
- Use %{REQUEST_URI} to match the full URL-path, with example
- <Location>/<Files> are unsupported contexts (new section)
- <If> follows directory context rules (new section)
Part of: https://bz.apache.org/bugzilla/show_bug.cgi?id=70045
Rich Bowen [Fri, 15 May 2026 15:23:39 +0000 (15:23 +0000)]
Consolidates advice about crafting regular expressions in one place,
rather than having it duplicated in two docs. Gives example of using !
to negate a match, and notes that in the event of a not-match,
backreferences are not defined (because they didn't match) and points to
the backrefs section for further discussion.
Note that there's still probably a case to be made for a separate
regular expression reference, since neither `man perlre` nor Jeffrey's book
are likely to be in the possession of our audience.
(References patch on bz#70024 but takes it rather a different direction,
since that patch was not accurate.)
projects / thirdparty / apache / httpd.git / log
