add doc/initscripts.txt with description of lighttpd signal handling
and links to the initscripts of various operating system distros
"init scripts outdated, should be removed"
close connections in keep-alive that are waiting for next request
disable keep-alive on existing connections
remove bandwidth write limits
reduce remaining linger timeout (on already finished requests)
to be (from zero) *up to* one more second, but no more
(mod_flv_streaming is becoming obsolete as Flash is replaced by
HTML5 and most modern clients support HTTP/1.1 Range requests)
"add end and header parameter for flv streaming"
relocate module cleanup check to after handle_connection_close hook)
modules may now keep state for the lifetime of a connection,
rather than being required to be reset after every request (when
there can be multiple keep-alive requests on the same connection)
when available, use getaddrinfo(),inet_pton() instead of gethostbyname()
NOTE: behavior change: mod_scgi now listens to INADDR_LOOPBACK if "host"
is not specified. (Prior behavior was INADDR_ANY.) Backends
should not listen on potentially public IPs unless explicitly
configured to do so. This change matches a change to mod_fastcgi
made in 2008.
"gethostbyname deprecated, should use getaddrinfo"
prior code could leak pipe fd if ioctl() failed
prior code could leak pid (zombie) if waitpid() interrupted 4x
prior code could deadlock if child produced too much output and
blocked in writing output while parent waited for child to exit
NOTE: mod_ssi #exec cmd="..." is still executed synchronously
and *blocks* entire lighttpd server while executing.
secdownload.path-segments = <number>
include only given number of path segments in hash digest calculation
secdownload.hash-querystr = "enable" | "disable"
include the query string in the hash digest calculation
"mod_secdownload option to include url GET parameters in md5"
directives to set value, rather than append values to headers, env
These directives take precedence over the setenv.add-* counterparts
Set a blank value for request or response header to remove the header
(blank value in environment will be set as the value; not removed)
setenv.*-environment is now deferred to handle_request_env hook.
setenv.*-response-header is now processed in handle_response_start hook.
"set-request-header or remove-request-header support for mod_setenv"
re-patch mod_openssl config within the request so that per-request
settings can be applied, such as activating client cert verification
for specific URL paths.
(This can be used in conjunction with auth.backend = "extern"
to require auth to occur)
"SSL : authenticate only clients for a particular URL"
Set auth.extern-authn = "enable" to check REMOTE_USER (if set) against
require rules, and proceed if allowed. If REMOTE_USER is not present,
or the require rules do not match, then check configured auth scheme.
REMOTE_USER might be set by another module, e.g. mod_openssl client cert
verification and REMOTE_USER configured with ssl.verifyclient.username)
"[mod_auth] allow SSL clientcert authenticated users to bypass AUTH"
handle_request_env (called on demand by handlers to populate env)
handle_connection_shut_wr (was handle_connection_close)
handle_connection_close (now occurs at socket close())
The (misnamed) connection_reset hook is always called after a request,
whether request completes or is aborted, and whether keep-alive or not,
so no needed to repeat the same function in the handle_connection_close
new directive ssl.read-ahead = "enable"/"disable" to control
SSL_CTX_set_read_ahead(). Default "enable". The "disable" setting
is intended for use on low memory systems with a slow CPU which is
unable to keep up with decryption of large request bodies.
"larger memory usage for file uploads via SSL on embedded system"