Compatibility Notes with NCSA's Server

While Apache 0.8.x and beyond are for the most part a drop-in replacement for NCSA's httpd and earlier versions of Apache, there are a couple gotcha's to watch out for. These are mostly due to the fact that the parser for config and access control files was rewritten from scratch, so certain liberties the earlier servers took may not be available here. These are all easily fixable. If you know of other non-fatal problems that belong here, let us know.

Please also check the known bugs page.

  1. The basic mod_auth AuthGroupFile-specified group file format allows commas between user names - Apache does not.
    - added 12/1/96

  2. If you follow the NCSA guidelines for setting up access restrictions based on client domain, you may well have added entries for, AuthType, AuthName, AuthUserFile or AuthGroupFile. None of these are needed (or appropriate) for restricting access based on client domain.

    When Apache sees AuthType it (reasonably) assumes you are using some authorization type based on username and password.

    Please remove AuthType, it's unnecessary even for NCSA.

  3. AuthUserFile requires a full pathname. In earlier versions of NCSA httpd and Apache, you could use a filename relative to the .htaccess file. This could be a major security hole, as it made it trivially easy to make a ".htpass" file in the a directory easily accessible by the world. We recommend you store your passwords outside your document tree.

  4. OldScriptAlias is no longer supported.

  5. exec cgi="" produces reasonable malformed header responses when used to invoke non-CGI scripts.
    The NCSA code ignores the missing header. (bad idea)
    Solution: write CGI to the CGI spec or use exec cmd="" instead.

    We might add virtual support to exec cmd to make up for this difference.

  6. <Limit> silliness - in the old Apache 0.6.5, a directive of <Limit GET> would also restrict POST methods - Apache 0.8.8's new core is correct in not presuming a limit on a GET is the same limit on a POST, so if you are relying on that behavior you need to change your access configurations to reflect that.

  7. Icons for FancyIndexing broken - well, no, they're not broken, we've just upgraded the icons from flat .xbm files to pretty and much smaller .gif files, courtesy of Kevin Hughes at EIT. If you are using the same srm.conf from an old distribution, make sure you add the new AddIcon, AddIconByType, and DefaultIcon directives.

  8. Under IRIX, the "Group" directive in httpd.conf needs to be a valid group name (i.e., "nogroup") not the numeric group ID. The distribution httpd.conf, and earlier ones, had the default Group be "#-1", which was causing silent exits at startup.

  9. .asis files: Apache 0.6.5 did not require a Status header; it added one automatically if the .asis file contained a Location header. 0.8.14 requires a Status header.

  10. Apache versions before 1.2b1 will ignore the last line of configuration files if the last line does not have a trailing newline. This affects configuration files (httpd.conf, access.conf and srm.conf), and htpasswd and htgroup files.
  11. Apache does not permit commas delimiting the methods in <Limit>.
  12. Apache's <VirtualHost> treats all addresses as "optional" (i.e. the server should continue booting if it can't resolve the address). Whereas in NCSA the default is to fail booting unless an added optional keyword is included.
  13. Apache does not implement OnDeny use ErrorDocument instead.
More to come when we notice them....
Index Home