Significant Changes
This page documents changes to the WASD VMS Hypertext Services Package that
have some effect on configuration or behaviour. It lists changes from version
3.1 onwards, the first to be made available as freeware.
Updating?
Beware!
Version 8.5
(June 2004)
- WASD 10th Anniversary
Although there had been some coding going on during the previous year, the
first official entry in WASD's version log is 20-JUN-1994, v1.0, with
the first freeware release some eighteen months later at 03-JAN-1996,
v3.1. And it's been under continuous development and refinement (and
bugfixing :^) for that full ten years - a substantial portion of
the entire history of the "Web". Thanks to a whole swag of people for
support, suggestions, problem reports and general encouragement; especially to
my understanding spouse for her continuing patience.
- IP version 6 (IPv6) is now supported concurrently with IP version 4
(IPv4). All networking functionality, service creation, proxy HTTP, SSL, FTP
and RFC1413 authorization is IPv6 enabled, along with the HTTPDMON and
QDLOGSTATS utilities. During the integration of IPv6 the full TCP/IP
networking codebase underwent significant refinement. Note that the IPv6
functionality has not been used extensively in the field - use with caution at
first!
- ACME authentication for Alpha VMS 7.3 and later is now available.
Two OpenVMS ACME agents are currently available, "VMS" (SYSUAF) and
"MSV1_0" (Microsoft domain authentication used by Advanced Server). Others,
including Kerberos and LDAP, have been suggested as candidates for development
and future release. The [AuthSYSUAFuseACME] configuration directive allows all
SYSUAF authentication to be performed by the ACME services on applicable
platforms.
- RMS has been eliminated from file content and proxy cache file access,
providing improved latency and efficiency. VAR and VFC record format files are
now converted to stream format using non-RMS routines and this alone returns a
600% improvement in throughput (yes 6x!)
- Path mapping now notes the device on-disk structure (ODS) for all PASS
rules and applies that to the syntax of the path being mapped to the
file-system. This can still be overridden using SET ods= mapping rules.
- A scripting process now performs a SET DEFAULT to the directory the
script is located in before script activation. The mapping rule SET
script=default= allows this to be explicitly set on a per-path basis. A
script=default=# mapping suppresses the SET DEFAULT (for backward
compatibility).
- On applicable platforms a scripting process now performs a SET
PROCESS /PARSE=EXTENDED or SET PROCESS /PARSE=TRADITIONAL depending on whether
the script path is located on an EFS (ODS-5) volume or not.
- It is now possible to set SSI document parsing availability and
capabilities on a per-path basis using SET ssi=exec=<string>.
- The SET response=[keyword|<string>] rule allows some
control over the response header generation.
- Scripts can now generate SSI markup as output and pass that to the
server's internal SSI engine for parsing and subsequent HTML output. The CGI
response extension header field Script-Control: X-content-handler: SSI
activates this functionality.
Version 8.4
(January 2004)
- The package now can be deployed on IA64 (Itanium) based
systems running HP OpenVMS Industry Standard 64 Evaluation Release
Version 8.1. Clusters of Alpha, IA64 and VAX systems can use the one,
fully-integrated installation. All supported WASD functionality is present,
with additional support package availability (e.g. Perl, PHP) dependent on any
underlying software support on the IA64 system. SSL (Secure Socket Layer)
functionality can provided through the HP-supplied IA64 SSL product or the WASD
OpenSSL kit (for IA64).
- DCL scripting supports the VMS 7.3-2 (and later) Extended DCL
(EDCL) maximum command-line length (4095 characters, up from 255) and symbol
size (8192 characters, up from 1024). These extents are of course ultimately
constrained by the command mailbox quota (configurable).
- The server now supports the "Range:
bytes=<range>[,<range>]" request header field and will
provide a 206 partial content response for non variable record length files and
for cached files. The server will also proxy such requests and responses (but
does not cache them).
- The previously file-only caching facility has been extended to allow
script, SSI document and even "general network" output optionally to
be cached. This is intended to provide efficiencies for sites where
relatively static pages are being generated using environments such as PHP and
Perl. Additional SET cache= mapping rules allows this to be tailored on
a per-path basis.
- The HTTPD$CONFIG [CacheGuardPeriod] directive allows the default period
of fifteen seconds to be extended. This HTTPD$MAP rule SET
cache=guard=<period> provides this on a per-path basis. During
this period subsequent reloads using request header fields to specify
no-caching will not result in the entry being revalidated or flushed.
- For those that consider a Web server should be a NETWORK service
the server process (along with any associated script processes) can now run as
network mode. The STARTUP.COM procedure accepts a WASD_NETWORK parameter and
starts the detached server using the required /NETWORK qualifier. Scripts
requiring to differentiate between standard and DECnet activation may require
some minor revision (see CGI_SYMBOLS.COM for one possible mechanism).
- The $GRANTID system service used to support /NETWORK mode operation
requires the server image to be installed with CMKRNL privilege. The revised
STARTUP.COM provides this.
- The /PERSONA=IDENT=<username> facility is now available to those
using the PERSONA_MACRO build (required for detached scripting processes under
VAX VMS versions earlier than 6.2).
- Script activation code has been revised to support command-line
definition files (.CLD) to specifiy a script. The order in which an un-typed
script is now searched for is .COM, .CLD, .EXE and then [DclScriptRunTime]
specified.
- Scripting will now allow parameters to be added to the command-line
activation on a per-path basis using the SET
script=command=<string> mapping rule.
- The HTTPD$MSG [Language] directive now allows a specified character set
to be associated with that language's messages.
- Reverse proxy now supports the rewriting of a 302
"Location:.." response URL using the SET
proxy=reverse=location=<string> mapping rule.
- Reverse proxy also supports a specialized authorization and
verification scheme known as proxy verify. For detailed information
consult the description found in the [SRC.HTTPD]PROXYVERIFY.C module.
- Some control over the number of concurrent client requests in progress
may be exercised using the client_current_gt: conditional to adjust
mapping and subsequent processing.
- New SET mapping rules,
cache=[no]cgi,
cache=expires=<period>,
cache=[no]file,
cache=guard=<integer>,
cache=maxkbytes=<integer>,
cache=[no]net,
cache=[no]nph,
cache=[no]query,
cache=[no]ssi,
map=root=<string>,
map=set=[no]ignore,
map=set=[no]request,
proxy=reverse=location=<string>,
proxy=reverse=verify,
response=header=<[append|full|none]>,
script=command=<string>.
- There is a new command-line utility HTADMIN to assist with the
maintenance of $HTA authorization databases.
- There have been some format refinements (or at least changes ;^) to
some Server Admin report items.
Version 8.3
(July 2003)
- WASD string matching (mapping rule, authorization rules, conditionals)
now supports Posix EGREP style regular expressions. Must be enabled using the
[RegEx] configuration directive and introduced using a leading "^"
character.
- Wildcard string matching (the WASD traditional method) has had
efficiency improvements implemented.
- "Specified" wildcard substitution allows mapping rules to
omit some matched portions and change the order of substituted portions when
processing result strings.
- A new Server Administration report menu item [Match]. This provides
direct access to the server string matching routines and allows the site
administrator to experiment with string matching and substitution.
- The file cache now allow the storage of permanent entries, as
well as the traditional volatile ones. Permanent entries are intended
for the most static but frequently accessed of all site files (e.g. site logos,
graphics, home pages, etc.) and are not flushed or revalidated in the same way
as static ones. The SET cache=perm mapping rule specifies the paths
associated with these resources.
- Additional meta-config conditionals; notepad:,
regex:, request:, restart:.
- Additional mapping SET rules;
cache=[no]perm, cache=max=<integer>,
notepad=[+]<string>.
- Authorization break-in detection and evasion has been reworked so it
behaves in the same way as VMS LGI_BRK_LIM, LGI_BRK_TMO and LGI_HID_TIM
parameters. Two new parameters, [AuthFailurePeriod] and [AuthFailureTimeout],
in addition to the existing [AuthFailureLimit] are used to implement this. If
all or any are set to zero they assume the equivalent LGI_.. parameter value.
- A combination of VMS and rights ID authentication functionality
previously not possible is now provided using /SYSUAF=(VMS,ID).
- The instance functionality introduced with 8.0 has finally
demonstrated itself to the author's satisfaction. The test environment is a 4
CPU AlphaServer 4100 running OpenVMS 7.3-1 and Compaq TCP/IP Services 5.3-18.
A bug that exhibited itself on multiple CPU systems finally has been identified
and fixed.
- The common and combined log formats now include the HTTP protocol in
the request URL. The user format directives now allow 'PR' to specify the same
datum.
- The QDLOGSTATS utility now allows the use of Posix EGREP style regular
expressions when matching the various components of the log file.
- The CGIUTL (v1.10.n) shipping with the 8.3 package has a change in
behaviour for /MULTIPART /FIELD=<name> multipart/form-data POST decoding.
Previously the representative symbol names were
WWW_FORM_name_MIME_data, now they are (the more consistent)
CGIUTL_name_MIME_data. Allowing for this change may require
modification to scripts that use this functionality.
Version 8.2
(April 2003)
- New mapping rules,
dir=style[=default|original|anchor|htdir],
html=[bodytag|header|headertag|footer|footertag]=..,
cgiplusin=[none|cr|lf|crlf|eof],
proxy=[no]forwarded[=by|for|address],
proxy=[no]xforwardedfor[=enabled|address|unknown],
script=query=none,
script=path=find,
script=as=$?,
[no]search=none.
The plus variation on the exisiting script=params=+(name=value)
concatenates to any previously set script parameters.
- The html= path SETings can be used to set body, header and
footer tags and text for incorporation in directory listings, error reports
and selected other facilities. These also are available to scripts via the
HTML_name CGI variables.
- Use of SYSUAF authenticated security profile (/PROFILE) against a
HTTPD$AUTH path can now be made to be applied via the authorization rule (rather
than using the set [no]profile mapping rules). The startup keyword
/PROFILE=BYRULE directs the server only to apply security profiles if the
authorization rule has such a directive.
- CGI output processing has been relaxed to accept any CGI response
header field in any order provided that one of Content-Type:,
Location: or Status: occurs somewhere in the response (i.e.
actually is CGI compliant). To allow RTEs to be built using certain
processing environments (e.g. PostScript) the CGI engine now will build (no
matter how inefficient) single byte records into composite new-line delimited
"real" records before processing.
- Run-Time Environment (RTE) scripting attempts to reuse processes that
were previously processing the same script and if possible path (to allow the
RTE to cache these if desired). Not finding any available the Least Recently
Used (LRU) RTE is then activated in an attempt to allow more
recently/frequently ones to keep their cache.
- The HTML_name CGI variables are available to scripts and Server
Side Includes (SSI) documents reflecting the content of any set html=
rules, and the GATEWAY_EOF, _EOT and _ESC CGI variables provide the CGI
processing sentinal strings to environments that cannot access the contents of
the corresponding logical names.
- HTTPD$MSG message configuration files now allow multiple,
comma-separated and wildcard [Language]s to be specified.
- Authentication agents can issue a "100 REASON any
text" callout response to provide an explicit reason for
authentication failure.
- Server processes created during startup under VMS 6.2 and later have a
YYYYMMDDHHMMSS timestamp as part of the process (SYS$OUTPUT) log name.
- A change that occured in OpenSSL 0.9.7 certificate Distinguished Name
(DN) record format from /email to /emailAddress is now allowed
for.
- Courtesy of Dick Munroe (munroe@csworks.com); the CGIUTL utility has
received some significant enhancements, convert-osu-to-wasd.pl and
framework.pl conversion utilities (see [EXAMPLE]), and
SERVER_NEUTRAL_CGI.COM CGI wrapper (see [SRC.OTHER]).
- There have been small refinements to the 8.1 environment installation,
update and support utilities.
- The favicon.ico can be mapped into any relevant service using
the HTTPD$MAP rule pass /favicon.ico /ht_root/favicon.ico
- Document and script LINK/VLINK colours have been changed to a more
muted blue (#0000ff to #0000cc). It was suggested, and I agree, that this is
easier on the eye and generally works better.
Version 8.1.1
(January 2003)
- A minor, couple of bugfixes and documentation release.
- I didn't what these nuisance-value issues complicating an already
significant upgrade. The SECHAN utility during batch startup could prevent the
server starting due to an illegal I/O request (enabling ctrl-T). Using the
/DO= functionality could occasionally fail with a NOSYSLCK error and report
4294967295 servers notified (hmmm, that seems a magic number ;^)
This was due to a race condition.
- The set script=query=relaxed mapping rule allows unbalanced
name-value pairs in form-url-encoded query strings to be ignored by the server
and passed on to the script for processing.
- The QDLOGSTATS utility has been enhanced.
- A new method of selectively updating a site's files using a full archive
is available using the [INSTALL]SELECT.COM procedure. This will eliminate the
need for package update kits to be supplied (saving me time) while still
allowing only those files required to be updated to be restored.
Version 8.1
(December 2002)
- Versions prior to 8.1 have been shown to have some security issues with
directory tree structure and permissions, and a too-liberal default ([EXAMPLE])
configuration. Problematic server functionality has also been addressed.
Whether updating or installing from scratch, please (re)read the
[doc.misc]wasd_advisory_020925.txt
and the revised Technical Overview section
7 - Securing The Site. Be
prepared for some minor issues related to changes in package security profile.
- You must use the full environment of 8.1, including the new
startup procedures, otherwise package behaviour is indeterminate. Ensure that
HTTPD$CONFIG directive [DclDetachProcess] is set to enable to
allow the server to use the scripting account (HTTP$NOBODY).
- A number of problems present in the v8.0 release have been resolved.
This includes some bugs but also functionality issues.
- WASD SSL (Secure Socket Layer) functionality can now be provided
through the Compaq SSL for OpenVMS Alpha product on VMS versions 7.2-2
and later. The WASD HTTPd can be compiled against this toolkit, and/or linked
against it's sharable libraries. This provides a considerable saving in
executable size and memory consumption when multiple SSL application are in use
against this product. It also aligns WASD with the emerging Open Source
Security architecture for OpenVMS. The WASD OpenSSL kits will continue to
be released to support platforms that cannot use the Compaq SSL product.
- INSTALL and UPDATE procedures now detect SSL toolkits available to WASD
and request whether an SSL enabled version of the server should be built. This
eliminates the second step of @UPDATE SSL previously required.
- "Skeleton-Key" authentication has been provided to allow
non-configured access to the Server Administration facility for novice
administrators on newly installed sites (amongst other uses).
- ODS-5 (Extended File System) volumes and naming conventions have been
supported since their release. Now SRI file name encodings (Process Software
MultiNet and TCPware NFS and other utilities), PATHWORKS (4/5) and Advanced
Server file name encodings (PATHWORKS 6, also used by Samba on ODS-2) can be
converted for direct use and display by the HTTPd. The path settings ODS=2,
ODS=5, ODS=ADS (syn. ODS=SMB), ODS=PWK and ODS=SRI control these mappings.
- DECnet scripting rules can now specify that the script be executed
under the account of an authenticated username (e.g. '/NODE"$"::/cgi-bin/').
The set script=as= mapping rule can also now be used with DECnet scripts.
- The ALERT path setting can now optionally specify when to provide the
alert; ALERT=MAP (immediately after mapping), ALERT=AUTH (after any
authorization) and ALERT=END (default, at end of request processing).
- Other new mapping rules, set auth=all, set alert=keyword,
set map=ellipsis, set query-string=, set report=4nn=nnn.
- Additional meta-config conditionals, mapped-path:,
path-translated:, script-name:, redirected:, pass:,
and additional keywords to ods:.
- Additional mapping conditionals, [MP], [PA], [PI], [RC], [RU], [ST]
that parallel the meta-config conditionals above (yes, I know these are
described as obsolete ;^).
- Scripts may now request the server to generate an error message on it's
behalf using extensions to the CGI/1.2 "Script-Control:" response
fields. This can give a very consistent look and feel to these responses.
- New utility SECHAN. This provides a collection of functionalities used
to maintain package security and access to various directories and files for
server and scripting accounts.
- Remember that when installing or modifying scripts they need to be
copied into [CGI-BIN] and [AXP-BIN or [VAX-BIN] (convenience logical CGI_EXE:)
to make them accessable to the server.
- The Compaq TCP/IP Services ECO that will allow instances to be
used in production has not yet been released (see immediately below).
Version 8.0
(July 2002)
- Instance support, where multiple server processes on a
single node participate in an integrated environment (not unlike clustering
itself) to share request load, provide rolling restart and a
"fail-through" capability. Load sharing allows multi-CPU systems to
significantly improve throughput. This instance implementation also
provides an enhanced level of cluster-wide serving awareness.
WARNING Compaq TCP/IP Services v5.n (at least) has a
problem with socket listen queuing that can cause services to "hang"
(should this happen just restart the server). Ensure you have the requisite
ECO installed before activating multiple instances on production systems!
- Mapping and authorization now share a consistent set of conditional
rules (similar in intent but different in implementation to the previous
mapping-only conditionals) that allows individual or blocks of rules to be
conditionally applied depending on request, system, environment and other
characteristics.
- Language-variant documents can be configured and selected by the server
depending on client browser language preference settings. For instance, a
directory may contain generic (EXAMPLE.HTML), French (EXAMPLE_FR.HTML),
English (EXAMPLE_EN.HTML) and German versions (EXAMPLE_DE.HTML) of the same
document. As indicated by preferences expressed in the
"Accept-Language:" request header field a German client will receive
the Deutsch version (EXAMPLE_DE.HTML), French the Française
version (EXAMPLE_FR.HTML), etc., with a fallback to the generic if no
appropriate document is available or the client has not specified a preference.
Can be applied to non-text files.
- Language character set conversion. Using the VMS standard National
Character Set (NCS) conversion library a document's character set may be
converted dynamically (and efficiently) from one to another as indicated by
preferences in the request "Accept-Charset:" header field. This has
particular application for non-Latin-1 sets such as the Cyrillics used by some
East European languages.
- Script response header processing (CGI and NPH detection) has been
refined to better handle non-record-oriented responses. This improves
behaviour when scripts use the likes of fwrite() under the current
DECC-RTL to provide portions of response header fields. It is not a total
solution however, with some concessions still required for record-oriented
output without explicit carriage-control.
- Proxy serving now supports FTP.
- Proxy can also now perform HTTP-to-SSL (Secure Sockets Layer)
gatewaying, allowing non-SSL-aware agents access to SSL services, as well as
HTTP-to-FTP, SSL-to-HTTP, and other combinations of protocol conversion.
- Additional configuration directives;
[AuthCacheEntriesMax],
[AuthCacheEntrySize],
[AuthSysUafPwdExpURL],
[AuthSysUafAcceptExpPwd],
[CharsetConvert],
[InstanceMax],
[LogPerInstance],
[ProxyCacheNoReloadSeconds],
[ServiceProxyHttpSsl..],
[SsiSizeMax]
- Additional mapping SET rules;
alert,
accept=lang,
auth=revalidate=hh:mm:ss,
auth=sysuaf=pwdexpurl=,
dir=access=,
http=accept-charset=,
http=accept-language=,
proxy=bind=IP-address,
proxy=chain=host:port,
script=params=(name=value[,name="quoted value"]).
The charset= rule also has an additional behaviour.
- Mapping SET rules may now be appended to any rule that contains both a
template and result. Hence a final match can also be used to set path
characteristics as in pass /documents/* /ods5_device/docs/*
ods=5
- Additional /DO=INSTANCE=integer
and /DO=PROXY=STOP=SCAN command-line directives.
- The retirement of the WWWRKOUT utility. The addition of two other
utilities; WB (WASD Bench, a $QIO-driven analogue to Apache Bench :^) and
CALOGS (Consolidate Access LOGS).
- Request body handling (POST and PUT) has been revised to process the
body in discrete chunks eliminating the requirement for the server to buffer
the entire content in virtual memory. This effectively removes any processing
limitation on request body size.
- Ever found it annoying not being able to easily read a file you know
contains text but they file type is not configured or is configured for
something else? Well, from a directory listing just click on the icon. For
non-textual file types the icon is now an anchor returning the file as a
plain-text document (regardless of it's real content)!
- Activity statistics are now stored in a permanent global section
allowing activity graphs to span startups to a maximum of 28 days activity.
Peak load is displayed on the request histogram, and server exit and startup
events are indicated using vertical lines of different colours.
- Plenty of "under-the-hood" changes supporting the new
instance functionality and the greater cluster awareness (in preparation
for cluster-wide (perhaps even galaxy-wide :^) scripting and other
sharing in forthcoming versions).
Version 7.2.1
(November 2001)
- A minor, basically bugfix release.
- One notable functionality item, persona scripting support (non-server
account) for VAX VMS versions that do not support the $PERSONA services (i.e.
6.0 and 6.1). The PERSONA.MAR module performs a similar function by
explicitly manipulating the process structures in kernel mode, operating in a
well accepted but basically unsupported fashion! Check the build and
scripting documentation for further details.
Version 7.2
(July 2001)
- X.509 certificate authorization for SSL transactions. This allows
authorization credentials to be established via client certificate without the
use of username/password dialogs.
- For SSL servers it is now possible to use private keys without embedded
passwords. As the SSL service is started the server prompts via HTTPDMON and
OPCOM (if enabled) for the private key password. It can be supplied using a
/DO=SSL=KEY=PASSWORD directive.
- Authorization via the RFC1413 "identification protocol".
- Remote user to local SYSUAF user "proxy" access.
- Control of request processing, known as
"throttling", sets limits on the number of concurrent requests being
processed before new requests are queued. Can be used to limit instances of
resource intensive processing as in the case of some scripts, etc.
- CGIplus/RTE has a lower overhead, higher efficiency and throughput
(50% to 100% increase) CGI variable transfer mode. Historically CGI
variables have been transfered one per record, now termed "record"
mode. It is also possible to transfer variables as a single I/O, or in
"struct" mode. CGILIB now enables this by default. Just relink as
necessary.
- Scripts are no longer automatically run-down if a client disconnects
while processing. The [DclBitBucketTimeout] period must expire first. This
results in most scripts and/or the associated process continuing to be
available for use with another request, a significant efficiency improvement.
- Improved script run-down handling. Scripts executing images are
$FORCEXed before processes are deleted, allowing exit handlers to gain control
for more elegant releasing of resources, etc.
- It is now possible to specify a maximum CPU time limit on a per-script
basis using the SET SCRIPT=CPU=hh:mm:ss mapping rule. This may be
particularly useful in allowing for run-away user scripts.
- Only selected HTTP status code reports need to be customized using the
[ErrorReportPath] directive, those remaining still being handled internally.
- The EXEC rule now allows not only directories to be specified as script
repositories but also file types. This allows files with a particular
extension to be designated as executable scripts no matter where that occur in
the specified path (and can be used to map ex-Purveyor scripts for example).
- "Monitor" data and "control" directives (/DO=) now
communicate via shared memory in a global section. This is significantly more
efficient and versatile. (Note that images must be installed with PRMGBL,
SHMEM (VAX only) and SHRGBL).
Version 7.1.1
(January 2001)
- A minor release corresponding to the closing of OpenVMS Freeware CD V5
submissions.
- The usual bugfixes :^)
- CGILIB has been updated for the new CGI interface requirements
of Compaq Secure Web Server (CSWS) V1.0-1 (based on Apache 1.3.12).
- A "standard" area for script scratch space ... with the
server cleaning up behind those that fail to. See the Scripting
Environment, Introduction.
- QDLOGSTATS can now be used as a script and will provide an HTML
form-based interface page.
Version 7.1
(November 2000)
- Scripting process creation has been moved from LIB$SPAWN() to
SYS$CREPRC(). This allows some interesting new features including detached
processes and scripts executing under non-server accounts (on VMS versions 6.2
and later), including user accounts. Subprocess scripting is still the
default (i.e. it is backward compatible). Check the "Scripting
Overview, Introduction" for the details.
- Selected server administration menu and command-line /DO= directives
can now be simultaneously applied to all servers on a node or across a cluster.
To see this in action, even with only one existing server on a single node, do
a $ @HT_ROOT:[000000]FREEWARE_DEMO and then
access the system's server Administration Menu.
- The server administration menu now provides specific functionality for
maintaining service and message configuration.
- Proxy cache maintenance scans are now cluster-aware. A server
undertaking a scan locks the cache, preventing other servers from
simultaneously attempting to perform maintenance activities on the cache.
- Run-Time Environments are a persistant scripting mechanism designed to
support interpreters like Perl and Java, with the objective of reducing
response latency, increasing throughput and reducing system impact. This
version includes an example Perl RTE, which can give a performance
improvement of some twenty-five times on standard CGI Perl scripts! For
Perl distribution considerations this Perl RTE must be fully compiled and
linked locally.
- A new configuration directive [CgiStrictOutput] introduced in WASD 7.0
directs the server to report script responses that are neither CGI or NPH (i.e.
have none or a faulty response header). This is enabled in the 7.n
example configuration files. Site administrators that do completely new
installations may find their old scripts are now being reported as "ERROR
502 - External agent did not respond (or not acceptably)." Either
modify the script to supply an appropriate header (preferable) or disable the
configuration directive.
- There have been some other refinements to the scripting environment and
more detailed information provided in the Scripting Overview. It is
recommended site administrators and script authors review this.
- CGILIB has been modified to become an object module/library. Compared
to the code #include this is a more elegant method for delivering it's
functionality. More significant WASD scripts have been modified to support
this version (e.g. Conan, HyperShelf/Reader, WASDquery and others). The
#includable functionality is still available.
- Changes in VMS Apache BETA behaviour between 1.3.9 (T1.3-9AG)
and 1.3.12 (1.3-12) make some WASD Server and CGILIB code ineffective. As
far as the author can tell there is no way to send a binary stream from a
script via T1.3-12. Whether or not future changes to VMS Apache restores this
functionality cannot be determined at the current time.
- The CGIUTL scripting utility has been enhanced so that POSTed request
fields containing multiple lines (e.g. <TEXTAREA>s) can be processed into
DCL symbols one line per symbol.
- HyperShelf now allows a URL item type. This allows a URL to be
added to an ODL or BookShelf shelf file, providing a direct link to HTML/Web
resources external to the local host or Bookreader environment.
- The FETCH utility FTP processing has undergone a major revision and now
should present far fewer issues with some sites.
- A new utility QDLOGSTATS allows elementary server log statistics to be
generated on an ad hoc basis.
- Built and verified against OpenSSL 0.9.6
Version 7.0
(June 2000)
- A major release version number change due to more significant changes
to some server processing than could be justified as a minor version update.
- Extended file specification support. Under Alpha VMS V7.2ff the server
and relevant scripts are ODS-5 volume compliant. This has a number of
implications for server management and user activity. Please read the
relevant section of the Technical and Environment Overviews.
- Built and verified against OpenSSL 0.9.5
- Some VMS Apache-like CGI scripting compatibility characteristics
(based on the 1.3.9 BETA). These are intended to ease (or even remove
completely) script portability issues between the WASD and Apache environments.
CGILIB has also been modified to support VMS Apache (meaning WASD scripts using
CGILIB run unmodified under Apache CGI).
- The server will now generate OPCOM messages against various categories
of events, e.g. server startup/exit, authorization failure, server
administration (e.g. mapping reloads, etc.), configured using the [Opcom...]
configuration directives.
- Server error (and success) response page format improved (or at least
changed). More Apache-like, consistent, informative and (in the
author's opinion) aesthetically pleasing. There is now a simple mechanism
(based on per-server configuration or request path SETting) for providing basic
or detailed error responses.
- Three [...BodyTag] directives allow the <BODY> tags of server
generated pages (such as error reports, directory listings, etc.) to be
specified. This can provide a site with a significantly consistent
"look-and-feel". In addition the actual format and contents of
server error and success response pages may be specified using the HTTPD$MSG
configuration file.
- The [LogPerService] configuration directive used to generate a log file
using only the host name of a service (which can be problematic when virtual
services share the same name, e.g. WWW.domain.com). It now generates a unique
name based on as much of the full service IP name string as can be accomodated
by VMS syntax constraints. Previous behaviours can be retained by enabling
[LogPerServiceHostOnly] directive.
- Cookie-based session tracking is available using the [Track...]
directives.
- The [SearchScriptExclude] directive allows specified file types
(extensions) from being processed as implied keyword searches when a query
string is present.
- The directive [AuthRevalidateLoginCookie] activates a
cookie-based solution to consecutive authorization dialogs sometimes
occuring when [AuthRevalidateUserMinutes] is active.
- .HTA and .HTL authentication databases require renaming to .$HTA
and .$HTL (see Updating? Beware).
- The update facility has had slight aesthetic improvements (or at least
changes) and slightly simplified capabilities.
- Proxy services may now have proxy authentication applied to
them. This controls access to a proxy service using a separate and distinct
proxy authentication dialog supported by modern browsers.
- A new tool, ApacheBench © The Apache Group, as used in the
Apache Distribution, is included with this package (within licence conditions).
It allows ad hoc server benchmarking and stress-testing (requires VMS
7.n or greater).
- Additional information and a Perl module for using Perl within the
CGIplus environment has been provided.
- There are now a few coloured icons in the HT_ROOT:[RUNTIME.HTTPD]
available if the b/w ones seem a bit lifeless ;^)
Version 6.1
(December 1999)
- NETLIB is no longer supported/required. The remaining TCP/IP packages
for VMS, Compaq TCP/IP (UCX), Multinet and TCPware, all support the BG driver
interface (UCX $QIOs) so this can be used exclusively.
- Authentication agents provide "easily" created,
external authentication/authorization functionality. These are essentially
CGI/CGIplus scripts (with all the attendant programming simplicity of this
environment) specially invoked by the server for authorization purposes.
Working examples, including an OSU CEL-compatible authenticator, are provided.
- CGI and CGIplus scripting support for callouts. These provide
direct script-server dialogs, allowing various capabilities.
- Virtual hosting is far more comprehensive than in the base version of
6.0 (although it was actually reworked for v6.0.2). It now supports mappings
against the request "Host:" header field, as well as for multi-homed
hosts.
- OpenSSL v0.9.4 has been built and tested against v6.0 and v6.1, with
build and update procedures modified to support it. SSLeay is no longer
supported against this version (though may continue to link and work).
- The Server Side Includes processor now supports OSU-specific directives
to provide transparent integration of OSU .HTMLX documents into the
WASD environment.
- A new USER mapping rule provides /~username/ mappings using
the default device and directory from the SYSUAF.
- As from v6.0.2 SYSUAF authentication honours NETWORK and REMOTE access
account restrictions a new mechanism was required to support nil-access
accounts. This is implemented using a new rights identifier, WASD_NIL_ACCESS.
- Administration Menu reports now allow a SHOW PROCESS
/ALL to be performed on HTTPd processes (server, subprocess and
DECnet scripts). The latter also allow individual deletion from the same report.
- The CGILIB source code has been considerably extended to support
response generation, CGI callouts, Purveyor environment.
- The server can be used to cause the browser to cancel authentication
against a particular path. Use "/what/ever/path?httpd=cancel", clear
the fields and OK it. Then go backwards and access the original path, which
should reprompt for authorization.
- Documentation now only supplied in HTML and PostScript formats.
Plain-text and Bookreader formats are no longer generated, to help reduce the
size of the distribution, and as a reflection of the diminishing importance of
these formats.
Version 6.0
(June 1999)
- Proxy HTTP and FTP serving, with local HTTP caching.
- Authentication and authorization environment extension and refinement.
- Much improved WATCH detail for DCL, SSL and authorization.
-
|
|
SSL now supported using the OpenSSL 0.9.3 toolkit (with initial backward
compatibility with previous SSLeay releases).
|
OpenSSL now has integrated VMS support (largely thanks to Richard Levitte
(levitte@lp.se)). WASD SSL packages include
only object libraries, application objects, and support procedures (i.e.
sufficient to support WASD's SSL). If a full OpenSSL toolkit is desired it
should be obtained separately from
http://www.openssl.org/ or
http://www.free.lp.se/openssl/
and built locally.
- CGILIB.C source code library for easing the production of CGI C
Language scripts.
- ISAPI scripting environment.
- New TMAILER script (WASD drop-in replacement for the OSU TMAIL script).
- New CGIUTL utility, assisting with scripting at the DCL level
(particularly processing POSTed requests).
- Improved FETCH script/utility.
- Statement concerning Year 2000 and related
issues. WASD HTTPd v6.0 has had it's directory listing dates extended to
include a four digit year component.
Version 5.3
(November 1998)
- This release has some internal modifications improving performance and
granularity of processing under high loads. CGI scripting performance has also
been improved, and CGIplus is 75% faster in response.
- The WATCH facility, accessable from the administration menu, provides
an online, real-time, in-browser-window view of request processing in the
running server. Being able to observe live processing on an ad hoc basis,
without changing server configuration or shutting-down/restarting the server
process, makes this facility a great configuration and problem resolution tool.
- While virtual service support has been possible for some time, v5.3
extends this with a specific virtual server rule syntax and server startup
procedures easing the support of virtual servers, multiple server processes on
the one system, and multiple server systems within a cluster. Check the new
STARTUP.COM and
STARTUP_SERVER.COM
functionality.
- A new SET mapping rule allows ad hoc characteristics to be set against
a particular path or file template. File caching, stream-LF conversion,
character set, content-type, expiry, invalid-RMS-character can currently be set
on a per-path basis.
- Local-format error reporting, using CGI scripting, Server Side Include
documents, or even "flat" HTML files, can now be configured using
the [ErrorReportPath] configuration directive.
- SSL services may now use a server-common, or each a service-specific
certificate (in line with other virtual service improvements).
- The [AddType] configuration directive now allows a character set to be
specified with the content-type.
- Performance comparisons with OSU 3.3a are provided (as requested by
a few of the curious).
Version 5.2
(September 1998)
- This is really a very minor revision with two bug-fixes. It coincides
with the closing date for OpenVMS Freeware CD V4.
- DECnet scripting now supports connection reuse (as does OSU 3.3a)
improving latency and throughput of network-based CGI and OSU scripting.
The [DECnetReuseLifeTime] and [DECnetConnectListMax] configuration parameters
support this.
- The [AuthRevalidateUserMinutes] configuration parameter specifies
the maximum period between successive authenticated requests before the user is
forced to reenter the authentication information. Zero disables this
functionality.
- The [LogExcludeHosts] configuration parameter allows certain hosts
or ranges of hosts to be excluded from access logs. This can eliminate the
web-administrator's "noise" accesses, etc.
- The [StreamLFpaths] configuration parameter limits variable record
to stream-LF file conversion to specified paths.
- The [DirNoImpliedWildcard] configuration parameter allows selection of
directory listing behaviour for subdirectories with home pages.
- Improved HyperShelf/HyperReader behaviour in DECW$BOOK environments.
Version 5.1
(July 1998)
- The package's build support and distribution content has undergone a
significant overhaul. VMS V6.0, V6.1, V6.2 through to V7.1 should be supported
(almost) out-of-the box. Executables are no longer provided! All
installations and updates will require a link prior to any other activity.
To assist with this, along with installation and maintenance in
general, two procedures are provided:
- INSTALL.COM
- UPDATE.COM
- The HTTPd itself has generally undergone minimal change. A few
improvements to HTTP behaviour. A small number of bug-fixes.
- The Server Side Includes processor has been considerably extended,
providing facilities similar to Apache's XSSI. User-assignable variables
and the conditional processing of sections of a document provide the main
functionality.
- For servers providing multiple services a per-service access log may
now be generated. See configuration parameter [LogPerService].
- The server now allows a request to specify the content-type of a
returned file.
- Finer control in the use of SYSUAF authentication is now possible
using rights identifiers and the server /SYSUAF=ID qualifier.
- User CGI and OSU scripting is now supported within WASD's DECnet
scripting environment.
- SSL support is now provided using a package based on SSLeay v0.9.0b.
The server will still link and work with the 0.8.1 version.
- WASD script output has been changed to provide a more consistent
look-and-feel, including customizable colour schemes (consult the source
code for more information). Extensive use of HTML 3.2 tables provides heading
and button formatting (in the late '90s we should be expecting at least this
from our GUI browsers, and Lynx v2.8 still reproduces the pages quite
acceptably). A non-table-centric layout is also generally available. Logos and
other non-essential graphics have been eliminated improving the overall
efficiency and responsiveness.
Some scripts have had their behaviour or functionality slightly improved
(or at least changed ;^) In particular, the HyperReader script has
(arguably) better layout, robustness and non-English language document
friendliness.
Version 5.0
(March 1998)
- Secure Sockets Layer protocol (SSL), supported using SSLeay v0.8.1
(optional package).
- DECnet-based CGI and OSU-emulated scripting.
- Directory listing file size may now be configured to display in bytes,
kbytes and Mbytes. I like bytes,
try [DirLayout] I__L__R__S:b__D
- Of course new bugs have been introduced through the ongoing process of
fixing the old bugs, making refinements and introducing new capability
;^)
Version 4.5
(November 1997)
- Configurable, monitorable file data and revision time cache introduced.
- Configurable script run-time environments. Script interpreters such as
Perl may now be transparently activated to execute a particular script.
- Log files may now be configured to change according to a specified
period ... daily, weekly, or monthly, providing some automation in managing
file duration and size.
- Minor bugs fixed and minor refinements made.
-
Everybody else is powered by ... something-or-other, well now
we're
:^)
Version 4.4
(October 1997)
- Due to optimizations in critical sections of the server and the
elimination of debug code from production executables the server's
performance has significantly improved.
- The server can now support multi-homed hosts and multiple-port services
from the one process. Due to changes in connection request processing some
NETLIB supporting TCP/IP packages can no longer provide DNS lookup (it now
occurs at AST level, see the NETLIB documentation).
- Conditional rule mapping; applies rules only after certain criteria
other than the initial path match are met (e.g. client internet address,
browser-prefered language, browser-accepted content-type, browser
identification string, authenticated remote user, HTTP method).
- The server can optionally use the VMS security profile of a
SYSUAF-authenticated user name to determine whether access to a particular file
or directory is permitted.
- Configurable message database, supporting multiple, concurrent
languages.
- In addition to the common log format the server now supports the
common+server and combined pre-defined formats, as well as
user-defined formats.
- Some additional command-line server control functionality.
- Of course, the usual bugfixes (a couple of significant but not obvious
ones this time) and minor refinements.
Version 4.3
(August 1997)
- MadGoat NETLIB support. As well as native Digital TCP/IP Services
(UCX) support the server can now (potentially) support these packages:
- Cisco MultiNet for OpenVMS, any version
- PathWay from Attachmate Inc., any version
- TCPware from Process Software Corporation, any version
- CMU TCP/IP (VAX only) v6.5 or later is not supported due to too
great a variation from the other packages.
- Activity report. This provides a graphical representation of server
activity (requests and bytes transfered) for up to the previous 28 days.
- DCL scripting now has greater CGI compliance. Prior to v4.3 POSTed
scripts would read the request header then the body (i.e. the full
request). The CGI standard is body-only. This is now the default. A
configuration parameter allows the previous behaviour to be explicitly selected.
- Logging can now be enabled and disabled on an ad hoc basis from the
Server Administration Menu.
- Some minor bugfixes and refinements.
Version 4.2
(July 1997)
- Change of name from "HFRD VMS Hypertext Services" to "WASD VMS
Hypertext Services". This follows a change of role and name for the Division.
- CGI scripting redesigned to improve performance through the use of
persistant DCL subprocesses. Some additional configuration parameters support
the reworked DCL module.
- CGIplus scripting (minor extension to standard CGI scripting) to
further improve CGI performance through the use of persistant CGI applications.
- Additional server administration reports on requests (current and
history) and DCL/scripting.
Version 4.1
(April 1997)
- Documentation brought more-or-less :^)
up-to-date.
- HTTP response headers now more consistant.
- Delete-on-close for temporary files. Primarily used by the
UPDate facility for previewing documents. (Beware ... any file name comprising
a leading hyphen, sixteen digits and a trailing hyphen will be deleted on
close!)
Version 4.0
(February 1997)
- Very significant changes to internal data structures and processing.
- Changes to startup and login procedures to more easily support multiple
servers within clusters.
- On-line server administration menu providing reports, configuration and
run-time actions of server. Obsoletes some of the $ HTTPD/DO=...
functionality previously available from the command. More extensive server
reports, and much more, available via /httpd/-/admin/
(obsoletes /httpd/-/report/). These menus and dialogues generally
require an HTML-table-capable browser, such as Netscape Navigator.
- Ability to configure server characterstics requires changes to the
format of the HTTPD$CONFIG and HTTPD$AUTH files. Both are backward compatible,
but if upgrading and using the on-line configuration the format will be changed
the first time they are updated.
- HTTPd server becomes HTTP-cookie-aware.
Version 3.4
(October 1996)
- More extensive server reports (via /httpd/-/report/ ...
obsoleted by v4.0)
- Minor changes to error reporting.
Version 3.3
(August 1996)
- ``Basic'' and ``Digest'' authentication and path authorization. The
digest scheme has, to date, only been tested against NCSA X Mosaic 2.7-4b,
which seems to behave a little flakey when reloading documents, and does
not elegantly support stale nonces.
- A configurable module is provided to automatically convert variable to
stream-LF record format files. The stream format is much more efficiently
processed by the server. (VARIABLE and VFC are read record-by-record, all
others in block mode).
- To allow controlled access using authorization the server report is now
generated via a path, as in the anchor
``<A HREF=/httpd/-/report>'' (obsoleted by v4.0)
Version 3.2
(April 1996)
- The HTTPD$CONF configuration file no longer requires the encoding
directive (7bit, 8bit, binary, etc.). This must be removed before upgrading
from earlier versions. Encoding is now determined from the VMS file record
format (VARIABLE and VFC are read record-by-record, all others in block mode).
- Persistent connections (HTTP/1.0 defacto standard) are now supported
(for the majority of HTTP transactions). This significantly reduces request
network overhead.
Version 3.1
(January 1996)
- Initial GNU Licensed freeware release.