Apache: The Definitive Guide, 2nd Edition by Ben Laurie and Peter Laurie Unconfirmed error reports are from readers. They have not yet been approved or disproved by the author or editor and represent solely the opinion of the reader. If you have technical questions or error reports, you can send them to booktech@oreilly.com. Please specify the printing date of your copy. This page was updated December 17, 2002. Here's a key to the markup: [page-number]: serious technical mistake {page-number}: minor technical mistake : important language/formatting problem (page-number): language change or minor formatting problem ?page-number?: reader question or request for clarification UNCONFIRMED errors and suggestions from readers: {CD} After 4 or 5 hours of trying to get the CD included with this book to install, I finally came to this website and read the fix for the CD. I've finally gotten the contents of the CD to install on my Linux system, although I feel like I lost a day of my life. [61-62] example code at top of page: I'm using Apache 1.3.9 on Debian 2.2. The example code is written thusly (but somewhat abbreviated): (page 61) NameVirtualHost 192.168.123.2 (page 62) ServerName www.butterthlies.com ServerName sales.butterthlies.com This example code caused Apache to treat ALL virtual hosts as if they were the last entry, i.e., no matter what name is requested. Most browsers will get the documents under the DocumentRoot of the very last VirtualHost block (I don't know why, but w3m gets the right docs after about a 15 second timeout). However, the technical description at the bottom of the page is correct. NameVirtualHost gives the IP address, and when a name is requested, it will search for VirtualHost blocks that match that IP address and also has the name being requested. Therefore, the correct example code should look something like this: NameVirtualHost 192.168.123.2 ServerName www.butterthlies.com ServerName sales.butterthlies.com This new setup appears to allow all VirtualHosts to be served properly. I'm using a system with only 2 virtual hosts. {82} AddHandler example in 2nd para under "Script in DocumentRoot"; Last line in the example reads: AddHandler cgi-script cgi According to the Apache website (http://httpd.apache.org/docs/mod/mod_mime.html#addhandler) this should be: AddHandler cgi-script .cgi (87) Last paragraph; States: The next section returns the length of date to come: This should be (data instead of date): The next section returns the length of data to come: [98-99] I am a little confused as to the purpose of the suEXEC example. If Peter has the ability to logon as root, then why bother writing a script to flatten victim1 when he can just do it as root? And if Peter can't logon as root, then there is no security flaw (as I understand it). {222-223} The possibility of using openssl is not touched upon. I was able to run all of the configuration commands using openssl-0.9.6. The make install appears to put it in "/usr/local/ssl." You might want to consider this in the third edition or as an update to the second edition. This I feel is not an error but rather a change that should be evaluated. [227] Third command example; ssleay x509 -in new3.cert.csr -out new3.cert.csr -req signkey privkey.pem is still not correct although it was changed once in the errata. I think that the correct command is: ssleay x509 -in new3.cert.csr -out new3.cert.cert -req -signkey privkey.pem 1. -out new3.cert.csr gets changed to new3.cert.cert 2. signkey should be -signkey [333]In code echo2.c many instances of period used in non-ANSI C fashion, apparently not K&R either. struct.member is only ansi c use of period. (According to K&R, at least). word[x] = '\0'. < period is wrong, should be semicolon; This error is repeated many times. Also, char x2c(char *what) { register char digit; digit = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A')+10 : (what[0] - '0'.); ^ period Period is wrong, unbalanced parens, should be ) correct line is: what[0] - '0')); These are from your files, on line, book is wrong examples on line are wrong. Editions 1&2 (and these miserable files are all over the internet).