mod_gzip - serving compressed content by the Apache webserver

Want to support HowtoForge? Become a subscriber!
 
Submitted by michael_schroepl (Contact Author) (Forums) on Thu, 2005-04-14 17:15. :: Apache

Author: Michael Schröpl

mod_gzip - serving compressed content by the Apache webserver

mod_gzip - what's that, anyway?

mod_gzip is an external extension module for the WWW's most popular web server Apache, created in autumn, 2000.

Its implementation allows for using the compression method gzip for a significant reduction of the volume of web page content served over the HTTP protocol.

Starting with version 1.3.19.2a mod_gzip has found a new home.

And what are these pages all about?

A documentation that would be worth this name (in my eyes ;-) does not (yet) yet exist - neither for users nor for programmers (who possibly want to implement more features into this module).

Thus I made it my goal to collect information of any kind about mod_gzip and provide them in German as well as in English (detecting the appropriate language from the browsers HTTP header Accept-Language: - so be sure to set this one in your browser configuration).

Especially these pages already document the changes of the version 1.3.19.2a as opposed to version 1.3.19.1a (possibly the last one that has been published by Remote Communications Inc.)

More modifications have been caused by the release of version 1.3.26.1a.



[2003-06-17] As for the security issues in mod_gzip 1.3.26.1a announced by Matt Murphy in bugtraq the following statements apply:

  • All three vulnerabilities without exception refer to the debug code of mod_gzip which only exists for the sake of comforting further module development.
  • This debug code is not even compiled during any normal mod_gzip installation - and it definitely should not be used in any productive installation anyway.
    Therefore actually not even a procedure exists to embed this debug code easily - for version 1.3.26.1a a source code change would be required (either within the C code or within the Makefile).
  • In earlier versions of mod_gzip this separation between debug code and the remaining module didn't exist yet - so the risk of using broken program code might be higher when using earlier versions instead of using the latest release.
  • Regardless of the statements above it is intended to fix these vulnerabilities in the next version of mod_gzip.

Original location of this document: http://www.schroepl.net/projekte/mod_gzip/index.htm

Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.