diff options
Diffstat (limited to '')
-rw-r--r-- | doc/CHANGES.txt | 1947 |
1 files changed, 1947 insertions, 0 deletions
diff --git a/doc/CHANGES.txt b/doc/CHANGES.txt new file mode 100644 index 0000000..5fd53bc --- /dev/null +++ b/doc/CHANGES.txt @@ -0,0 +1,1947 @@ +Version 11.74 + +- Fixed: Potential counter overflow for early event detection + (increment before block) or log only mode. + +Version 11.73 + + This release introduces support of the PCRE2 (10.x) library in place of + the now end-of-life PCRE version 1 (8.x) API. + + - Removes PCRE API dependency from mod_qos.c. The module no longer has an + explicit dependency to the PCRE library but uses ap_pregcomp(), + ap_regexec(), and ap_regexec_len() from ap_regex.h. + Wrapping the PCRE (v1) and PCRE2 interface by the Apache httpd allows you + to use either the old or the new API version (depends on locating + pcre2-config). PCRE2 compatibility requires Apache httpd 2.4.53 or newer. + + - Support utilities migrated to PCRE2 API (version 10.x). + Tested with PCRE2 version 10.41. + + - Removed compatibility to Apache 2.0 and 2.2. + +Version 11.72 + + - Improve the support of Apache "event" MPM by calculating + a higher QS_MaxClients default value based on the + AsyncRequestWorkerFactor setting. + +Version 11.71 + + - Removed directive QS_Chroot. + + - Minor code changes (improvements #39/#40 reported by + Rainer Jung - many thanks). + + - QS_LogOnly also disables QS_EventKBytesPerSecLimit and + QS_LocKBytesPerSecLimit (deactivates delay output filter). + + - Uses apr_temp_dir_get() to determine temp. directory for + semaphores/shared memory (default used to be /var/tmp). + Use QS_SemMemFile to override it. + +Version 11.70 + + - QS_ClientGeoCountryPriv skips clients whose IP address can't + be mapped to a country code if the argument 'excludeUnknown' + is specified. + +Version 11.69 + + - Internal: QS_SetEnvIf directives use an array to store all + rules (to ensure they are applied in the order they appear + in the configuration file). + + - Apache 2.4.49 compatibility fix introduced by mod_qos 11.68 is no + longer applied for Apache version 2.4.50 and newer. + 'QS_ForcedClose off' could be used to enable gentle connection + close handling manually. + +Version 11.68 + + - Compatibility with Apache 2.4.49 (avoid segfault when returning + error code in pre-connection hook / issue similar to CVE-2017-3169). + +Version 11.67 + + - The QS_LogEnv directive can be used to enable environment variable + logging. mod_qos writes all environment variables which are set when + entering a handler to the log. + +Version 11.66 + + - QS_ClientIpFromHeader supports pseudo IP by creating a hash + of a HTTP request header's value if the header name is prefixed + by '#', e.g. #Authorization to use the HTTP basic auth header. + It's also possible to use the client's SSL client certificate's + subject and issuer DN if you specify #SSL_CLIENT_S_DN instead + of a real HTTP header name. + Note: Does not work for IP geolocation. + +Version 11.65 + + - Fixed: QS_SrvMinDataRate did not enforce (log only) min data rate + in simple mode (only one arg). + Improved min. data rate calculation and updated documentation. + + - Fixed: Several typos in documentation. + +Version 11.64 + + - Updated request header filter rules (allows signed HTTP exchanges content + type in Accept header). + + - qsgeo: New pattern to detect "readable" format (no longer adding IP address + range twice for some file formats). + + - QS_Status: adds the QS_AllConn variable to the maxClients object. + +Version 11.63 + + - Adds the option 'jsredirect' to the QS_UserTrackingCookieName directive: + Client (browser) has to use Javascript within the cookie check page + to fetch the cookie and to redirect the client back to the initially + requested page (adding Javascript to the cookie challenge). + SSI variables to be used in the HTML page / Javascript: + - QS_UT_QUERY: query string to call (ajax) the cookie page again to + obtain the cookie. + - QS_UT_NAME: name of the cookie + - QS_UT_INITIAL_URI: initial page to redirect to + Sample page: http://mod-qos.sourceforge.net/cookie-ir.shtml + +Version 11.62 + + - Machine-readable version of the status viewer does no longer + show QS_SrvMaxConn* counters for virtual hosts using the base + server's configuration and counter. + + - New directive QS_MaxClients. + +Version 11.61 + + - QS_SrvMaxConnPerIP can handle more than MaxClient IP addresses + (if the server opens new connections faster than closing old) + and enables memory block distribution by default. + +Version 11.60 + + - Fixed: Wrong connection counter (total server connections stored in the + QS_AllConn variable) when using SrvMaxConn* directives globally only but + other QS_* directives within virtual hosts. Bug influenced + QS_SrvMinDataRate behavior as well (activating and increasing the min. + data rate too fast). + +Version 11.59 + + - QS_EventRequestLimit writes the current counter value to the + QS_EventRequestLimit_<env-variable>_Counter environment variable. + + - New directive QS_SetEnvIfCmp. + +Version 11.58 + + - Adds directive QS_UnsetReqHeader. + + - Removes version information in automake configure script (utilities). + +Version 11.57 + + - Adds qsrespeed and qsre (previous "regexspeed" and "regex" dev tool) + to the support utilities. + +Version 11.56 + + - Non-functional: Changed QS_Status invocation timer implementation. + + - Adds qsdt (previous "duration" dev tool) to the support utilities. + +Version 11.55 + + - qslog: "-l" supports files with huge gaps (missing lines). + + - QS_SetEnvIf and QS_SetEnvIfQuery directives can be used within Location + configuration. + +Version 11.54 + + - Introduces the QS_Block_Decrement variable. + +Version 11.53 + + - Adds CORS headers to the default QS_RequestHeaderFilter and + QS_ResponseHeaderFilter rule set. + + - qslog: shows also the distribution of response durations faster than + a second within the following intervals: + * 0-49ms + * 50-99ms + * 100-499ms + * 500-999ms + +Version 11.52 + + - Fixed: QS_LimitRequestBody did not work for chunked requests + when used in Apache 2.4. + + - QS_Status uses the server's base configuration settings while logging + allowing to configure a custom log format using ErrorLogFormat. + + - qssign's verification mode supports graceful restart (sigusr1) where + two qssign processes are running (one with the old sequence + counter and the new one starting at 1). + +Version 11.51 + + - Adds process-connection handler to close the connection in the case the + abort by the pre-connect hook was ignored (workaround for bug in + Apache 2.4.28 Event MPM ignoring the connection abort) (msg id 167). + + - Uses module name in log index. + +Version 11.50 + + - Changes pre-connection hook dependency (called later but still before + mod_ssl). + +Version 11.49 + + - Adapted connection handling to deal with master/slave connections + (introduced by Apache 2.4.18) avoiding inconsistent connection counters. + +Version 11.48 + + - Detects unexpected connection dispatching to old child process to avoid + invalid connection counter state for QS_ClientPrefer rules (msg id 166). + +Version 11.47 + + - Updates built-in filter pattern of QS_HeaderFilter (Transfer-Encoding). + + - qslog standard mode supports peak/max value counter (M). + + - Fixed: potential segfault if connection ctx is null when using h2. + +Version 11.46 + + - Updates built-in filter pattern of QS_HeaderFilter. + +Version 11.45 + + - QS_ClientEventRequestLimit supports the QS_ClientIpFromHeader directive. + +Version 11.44 + + - New directive QS_CondEventLimitCount. + + - QS_EventLimitCount (and QS_CondEventLimitCount) counter may be decremented + by environment variable suffixed by "_Decrement". + + - Slightly changed unique-id generator (shorter). + +Version 11.43 + + - Fixed: QS_IsVipRequest was not set if QS_ClientPrefer hasn't been + used. + +Version 11.42c + + - qslog supports QSCOUNTERPATH (-pc mode) environment variable which + defines a file containing a list of QS_ClientEventLimitCount rules. + The 'E' format character defines the event string in the log + to match (literal string) the event1 and event2 event names against. + + Rule syntax: <name>:<event1>-<n>*<event2>/<duration>=<limit> + + Example mod_qos config: + QS_ClientEventLimitCount 20 600 QS_LimitEv + QS_SetEnvRes Event AU04 QS_LimitEv + QS_SetEnvRes Event AU05 QS_LimitEv_Decrement=2 + Sample qslog rule: + QS_LimitEv:AU04-2*AU05/600=20 + + Special us case matching against the HTTP status code ('S' character) + is used if the rule 'name' starts with STATUS. + Example mod_qos configuration: + QS_ClientEventLimitCount 10 300 QS_LimisS + QS_SetEnvIfStatus 400 QS_LimitS=1 + QS_SetEnvIfStatus 405 QS_LimitS=1 + QS_SetEnvIfStatus 406 QS_LimitS=1 + QS_SetEnvIfStatus 408 QS_LimitS=1 + QS_SetEnvIfStatus 413 QS_LimitS=1 + QS_SetEnvIfStatus 414 QS_LimitS=1 + QS_SetEnvIfStatus 500 QS_LimitS=1 + Sample qslog rule: + STATUS:400_405_406_408_413_414_500-1*X/300=10 + +Version 11.42 + + - Message mod_qos(034) indicates (by "in:0") when the server not even + received a request line on a TCP connection (potentially a speculative + TCP pre-connection). + + - qslog -pc mode supports peak/max value counter (M). + + - qsrotate supports line-by-line data processing prefixing every line + by a timestamp when using the option "-d", e.g. for batch/script + output logging. + + - qsrotate supports option "-m" to define the file permissions. + +Version 11.41 + + - Fixed: wrong default file size used by qsrotate. + + - qsrotate supports signal USR1 to perform a file rotation manually + at any time. + +Version 11.40 + + - mod_qos and all utilities are now distributed under the Apache License. + +Version 11.39 + + - New directive QS_EventCount to enable an error message event counter + (counters are shown in the machine-readable status view). + + - Adds clientContentTypes statistics to the status view. + +Version 11.38 + + - New directive QS_SrvMinDataRateIgnoreVIP and QS_SrvMaxConnPerIPIgnoreVIP. + + - QS_ClientEventLimitCount may be decremented or cleared by environment + variable (suffixed by "_Decrement", e.g. QS_Limit_Decrement). + + - QS_MileStone sets cookie also within error filter supporting redirects + even not reaching the handler. + +Version 11.37 + + - Fixed: wrong include in qspng.c + + - Console: dump shows time of last db access (seconds since epoch). + + - Adds clientContentTypes to QS_Status. + +Version 11.36 + + - Fixed: moves code from "process connection" hook to the "pre + connection" hook for Apache 2.4 compatibility and higher efficiency. + + - Lower severity of message 036 to critical. + +Version 11.35 + + - Fixed: potential segfault by mod_ssl in ssl_io_filter_disable() + when closing a connection after a failed SSL handshake (CVE-2017-3169). + +Version 11.34 + + - New variable QS_SetEnvIfResBodyIgnore which might be used to + deactivate QS_SetEnvIfResBody. + + - mod_qos_ev: sets "v" if an IP is marked as VIP. + +Version 11.33 + + - QS_ClientLowPrio variable's value contains the status flag representing + the tracked attributes. + + - Sets QS_IsVipRequest variable for marked IP addresses at connection + processing handler and propagetes it to every request. + + - Fixed: message 045 (uri check ignores log-only mode). + +Version 11.32 + + - Header filter: accepts region specific language codes in + Accept-Language request header by default. + + - Compiles also against OpenSSL 1.1.0b. + +Version 11.31 + + - QS_SetReqHeader supports header removal (unset) by prefixing + the header name with "!". + + - QS_SetEnvIfResBody supports variable removal (unset) by + prefixing the variably with "!". + + - New cookie data format (user tracking, vip, milestones). + +Version 11.30 + + - qslogger supports option "-x" (adding a prefix to every message). + + - Fixed: calculation of MaxClients for MPM prefork binary (bug reported + by Fergus - thanks!). + +Version 11.29 + + - mod_qos_ev variable sets character "u" if server is accessed by a + client without a user tracking cookie (but QS_UserTrackingCookieName + has been configured). + + - Minor (non-functional) DSCP implementation code changes (incl. new log + messages). + + - Adds mod_qos events "qA" and "qu" to qslog and the output of event + counters (q*) has been made optional. + +Version 11.28 + + - New variable "QS_Set_DSCP" to set the IP differentiated services code + points (DiffServ / RFC 2474). + + - QS_RedirectIf also supports 301. + +Version 11.26 + + - Changed: QS_SrvMaxConn* directive counter's inheritance from the base + server to virtual hosts is no longer coupled to other QS_* directive + rules. This means, that a virtual host uses the very same counters + as the base server as long as neither QS_SrvMaxConn, QS_SrvMaxConnClose, + nor QS_SrvMaxConnPerIP has been configured within the virtual host. + +Version 11.25 + + - QS_ClientEntries max. value is now limited to 10000000. + + - New "special code" 'BrokenConnection' for the QS_SetEnvIfStatus + direcive. + +Version 11.24 + + - Fixed: Apache 2.4 had nested error page when using QS_ErrorPage + (bug introduced by version 11.22). + +Version 11.23 + + - Directive QS_SetEnvIf supports single variable match. + + - qslog -p: + * fallback to simple hour/minutes detection + * Fixed: writes now statistic line at the "next" minute (m+1:00) + +Version 11.22 + + - Disables client behavior (content type) measurement if + QS_ClientPrefer has been disabled. + + - Minor changes to the status viewer. + + - Fixed: segfault when using HTTP/2. + +Version 11.21 + + - Fixed: Implemented graceful restart detection for Apache 2.4 + to properly free shared memory and mutexes (prevents from + leaking while doing graceful restarts). + + - Disables keep-alive enforcement for MPM event binaries. + +Version 11.20 + + - Adds filter (option -f) to qssign. + + - Revised QS_ClientPrefer implementation (improved attribute weighting) + and the log messages 063/064 have been merged into message 066. + +Version 11.19 + + - Updates User-Agent header field pattern for the default + QS_RequestHeaderFilterRule rule set and adds the + Upgrade-Insecure-Requests header. + + - QS_ClientGeoCountryDB is able to read IP2LOCATION csv file without + prior transformation (country code '-'). + + - Fixed: QS_ClientIpFromHeader used to determine country code + (QS_ClientGeoCountryDB) even the country could not be determined + for the connection address (incomplete IP list). + +Version 11.18 + + - New directive QS_Status. + + - QS_SrvSampleRate must be greater then one second. + + - Avoids using RAND_bytes() and checks if the generator is seeded with + enough entropy (mod_qos(08x) messages). + + - Calculates MaxClients (instead of reading the directive). + +Version 11.17 + + - QS_SetEnvIfStatus supports QS_SrvMaxConnPerIP to increment the + QS_Block event variable. + + - qssign features the option "-a" to define which algorithm to use. + + - Enables QS_SrvMinDataRate, QS_SrvDataRateOff, and + QS_SrvMinDataRateOffEvent for Apache 2.4 as smoke test against + Apache 2.4.12 and 2.4.16 was now successful (MPM worker and event). + The QS_KeepAliveTimeout and QS_MaxKeepAliveRequests directives have + been disabled for the MPM event. Apache 2.4 is still not fully tested. + +Version 11.16 + + - Adds timeout option to the QS_SrvSerialize directive. + +Version 11.15 + + - Increased severity of message 035 and 036 from critical to alert. + + - Lowered severity of messages 100, 009, and 007 from emergency to + critical. + + - QS_RedirectIf directive supports 307 response code. + + - Set *_Counter variable of QS_EventLimitCount within post read request + handler. + + - QS_ClientSerialize honors the sequence of receiving requests (fifo) in + order to support requests from different clients accessing the server + via a proxy. + + - Fixed: potential deadlock (when reaching the 5min timeout) when using + the QS_SrvSerialize directive. + +Version 11.14 + + - New directive QS_SrvSerialize. + +Version 11.13 + + - Adds option "-u" to the qslogger and qssign utilities. + + - QS_MileStone features a "think time" attribute which defines how long + a client must wait between two milestones. + +Version 11.12 + + - Propagates the variables used by QS_ClientEventLimitCount to sub-requests + making them available within SSI pages. + + - New QS_ClientEventLimitCount variable suffixed by "_Remaining" containing + the remaining time in seconds a client is still blocked (to be used + within error pages to show a client how long he has to wait until he + might proceed). + + - New variable QS_MaxKeepAliveRequests. + +Version 11.11 + + - QS_Limit (resp. the event variable processed by the + QS_ClientEventLimitCount/QS_CondClientEventLimitCount directives) + event may specify a weighting of events defining by how many penalty + points the counter shall be increased. Default is 1. + +Version 11.10 + + - Adds qslog command to the module (dedicated statisic log facility on + a per Apache server instance basis). + +Version 11.9 + + - QS_Block event may specify a weighting of events defining by how many + penalty points the counter shall be increased. + + - Fixed: enables per client data store when using the QS_VipIPHeaderName + together with the QS_SrvMaxConn[PerIP] directive. + +Version 11.8 + + - New console command 'inclimit' increments the + QS_ClientEventLimitCount rule counter. + + - Adds the option "<domain>" to the QS_UserTrackingCookieName + directive. + +Version 11.7 + + - Man page for the module itself. + + - Adds option "session" to QS_UserTrackingCookieName. + +Version 11.6 + + - Adds "Public-Key-Pins" and "Public-Key-Pins-Report-Only" to the + pre-defined list of allowed HTTP response header fields. + + - Adds "Origin" to the pre-defined list of allowed HTTP response header + fields. + + - Fixed: qsrotate reads the size of an existing logfile at startup + (required by the "-b" option). + +Version 11.5 + + - qslog: improved performance. + + - Minor code refactoring. + + - Some log messages (010, 012, 013, 030, 031, 034, 040, 041, 042, 043, + 044, 046, 047, 048, 060, 063, 064, 065, 067, 101) indicate if + QS_LogOnly mode is active. + + - Apply QS_LogOnly to header filter (action drop). + + - qsgeo option "-l": + * adds the IP address if missing + * fixed: unintentional dropping of valid lines + * may be used to normalize "ip2location lite" DB1 files + * option "-v" to print all error messages + +Version 11.4 + + - Adds request ID to console log messages (07*). + + - qslog supports writing to stdout (if "-o <out_file>" is omitted). + + - qslog: improved performance. + +Version 11.3 + + - New directive QS_ClientEventBlockExcludeIP. + + - Minor changes to the status viewer. + + - Modified error messages 060 and 067 (adding the "age" parameter which + indicates the seconds since the event occurred the first time). + + - Fixed: Message 065 contained wrong directive name. + +Version 11.2 + + - Adds variable QS_ResponseDelayTime showing the delay time (us) + calculated for response throttling. + + - New variable QS_Timeout. + +Version 11.1 + + - Fixed: Shows "T" log marker only for requests which has really been + delayed by mod_qos. + + - Further improved bytes/sec limitation implementation. + +Version 11.0 + + - Highly improves bytes/sec limitation (response throttling) based on + the input I got from Jeff Trawick - many thanks! + * Calculates delay within filter (immediately(!) when reaching the + defined amount of bytes). + * Uses nanoseconds delay (instead of milliseconds). + * Splits large bucket brigades to 8k blocks (support for local files, + not using mod_proxy). + * Inserts filter late (after mod_deflate). + + - User tracking: set Cache-Control header when accessing the cookie + check page. + + - QS_UserTrackingCookieName: improved cookie header processing. + + - Fixed: 'qslog -pc' does no longer require 'S' nor a date. + +Version 10.30 + + - QS_SetReqHeader features the option 'late'. + + - New console output (without ':' suffix for the IP address). + + - Console 'search', 'limit', and 'unlimit' command support now the + 'event' parameter specifying which QS_ClientEventLimitCount event + variable to show/set/clear. + +Version 10.29 + + - Supports IPv6 clients. + +Version 10.28 + + - Fixed: QS_ClientEventLimit did overwrite counters of other clients if + multiple events have been configured. + +Version 10.27 + + - qslog features the option "-pu" and "-puc" used to gather request + information on a per URL basis. + + - Fixed: Wrong includes within the support utilities. + + - Extends QS_ClientSerialize max. timeout from 1 to 5 minutes. + +Version 10.26 + + - QS_ClientSerialize supports the QS_ClientIpFromHeader directive. + + - Refactor method used to determine redirect port (user tracking) + supporting servers not using virtual hosts. + + - Fixed: QS_UserTrackingCookieName uses correct server_rec to retrieve + configuration. + + - Hook implementing user tracking is now called after mod_unique_id. + + - Slightly changed unique-id generator. + + - Adds fflush() to qsgrep utility when writing data to stdout. + +Version 10.25 + + - QS_EventLimitCount writes the current value to the process environment + variables. + + - Fixed: QS_[Cond]ClientEventLimitCount logs request id and propagtes + message code (067) to the QS_ErrorNotes variable. + + - New variable QS_IPConn representing the number of connections opened + from the very same source IP (works in conjunction with + QS_SrvMaxConnPerIP only). + +Version 10.24 + + - New directive QS_CondClientEventLimitCount. + + - QS_SrvMinDataRate: limits the max. data rate to the configured value + (prevents invalid rate due to misconfiguration server or died child + process). + +Version 10.23 + + - Fixed: QS_ClientEventLimitCount log message 067 contains now the IP + address of the request header if QS_ClientIpFromHeader is used. + + - QS_SetEnvRes: supports multiple variables with the same name. + +Version 10.22 + + - Process QS_SetEnvResHeader(Match) and QS_SetEnvRes at error filter too. + +Version 10.21 + + - Fixed: qslogger may had detected the wrong message severity. + + - Adds debug message when detecting "NullConnection" events. + + - Built-in request header rules: adapt If-Match, If-None-Match, Cookie, + and Cookie2 HTTP header patterns. + +Version 10.20 + + - Fixed: QS_CondLocRequestLimitMatch did work only if other QS_Loc* + directive had been configured. + +Version 10.19 + + - New directive QS_RedirectIf. + +Version 10.18 + + - QS_ClientEventLimitCount may be cleared by environment variable + (suffixed by "_Clear", e.g. QS_Limit_Clear). + +Version 10.17 + + - QS_ClientEventLimitCount supports unlimited number of events. + + - Stores the value of the QS_ClientEventLimitCount variables as + environment variables suffixed by "_Counter", e.g. QS_Limit_Counter + for the default QS_Limit variable, in order to be processed by other + rules. + + - Add Content-Security-Policy to the default response header allow list. + + - qslog features enhanced "-pc" mode providing more information: + * Collects content type information (%{content-type}o). + * Duration between the first and the last request. + * Average response in ms. + * "ci" indicates if we have seen the client at the end or the + beginning of the file (maybe not all requests in the log due to + log rotation). + * Bytes downloaded. + * Writes status characters to stderr. + * HTTP request methods (GET/POST) + +- qsgeo features option "-l" and is able to process "qslog -pc" files. + +Version 10.16 + + - qslog adds 'E' (event identifiers) to the format string. QSEVENTPATH + environment variable specifies a file containing all known event + names (comma separated list). + + - qslog average counter (a/A) count only if a numeric value is available. + + - qssing does not try to execute invalid program name (space only). + +Version 10.15 + + - qsrotate supports DST and offset to UTC. + + - Add the "connections" argument to the QS_SrvMaxConnPerIP directive + to disable the rule enforcement on idle web servers. + +Version 10.14 + + - Minor changes to status viewer (color for QS_EventLimitCount counter). + + - Q3594444: adapted man page subject. + + - QS_ErrorResponseCode verifies that the defined error code is valid + resp. known by Apache. + + - Add option "-b" to the qsrotate utility. + +Version 10.13 + + - Add new directive QS_EventLimitCount. + +Version 10.12 + + - Fixed: Per-client status viewer did not show numbers correctly + (depending on the platform it has been compiled for). + +Version 10.11 + + - Don't write QS_ClientEventBlockCount event messages (060) every time + a client is blocked. + + - Adjust log message severity of permitted QS_SrvMinDataRate rule + violations from 'info' to 'debug'. + +Version 10.10 + + - Add DNT HTTP request header to the default request header allow list. + + - qslog "-pc" supports counting established connections. + + - Fixed: Endless loop when using option "-c" with only one rule. + + - New utility qshead. + +Version 10.9 + + - Q3535677: Don't use prce_info() any longer. + + - qslog option "-x" allows the specification how many files to keep. + Default are 14 days. + + - qslog counter 'a', 'A', and 's'. + + - Adapted log message mod_qos(069) + + - QS_ClientIpFromHeader@logger searches for the header in r->prev and + r->main too. + +Version 10.8 + + - Fixed: QS_SetEnvIfResBody did not properly detect pattern. + + - qslogger features severity filter (forward only messages with a + matching/higher severity) and adjustable default severity for those + log lines which do not contain the severity pattern. + +Version 10.7 + + - Writes notice message at server startup if the Apache version is not + supported (mod_qos has been implemented for Apache 2.2 worker + binaries only resp. Apache 2.0 is no longer supported). + + - Use pcre_study() API call only if QOS_EXTRA_USE_PCRE_STUDY has been + defined while compiling mod_qos. + + - Adds fflush() to qslogger/qsexec/qsgeo/qslogger utility when writing + data to stdout. + +Version 10.6 + + - qslog measures average response time in milliseconds (avms). + + - Fixed: Viewer shows number of per client ip connections if no server + limitations are set (query "option=ip"). + + - Fixed: qslogger did not compile on non-Linux platforms. + +Version 10.5 + + - New utility: qslogger. + + - JSON includes array index number (note: you need to adapt existing + JSON rules). + + - Experimental: mod_qos compiles with Apache 2.4 + * QS_SrvMinDataRate is not available (does not work, use mod_reqtimeout + instead) + * QS_Srv* directives shall not be used (connection cleanup takes + very long) + +Version 10.4 + + - Improved qs* utility performance. + +Version 10.3 + + - Fixed: ABR in QS_SetEnvIfResBody. + +Version 10.2 + + - Fixed: QS_Milestone uses now URL decoding before applying the + expression (pcre). + + - Add the qsgeo utility to the distribution archive file. + + - Fixed: Suppress warning message about missing mod_unique_id if + mod_navajo.cpp is available. + + - New connection correlation id QS_ConnectionId (available as + an event for logging purposes). + +Version 10.1 + + - QS_ClientIpFromHeader may be used to set QS_Country variable. + + - Viewer shows QS_AllConn variable. + +Version 10.0 + + - New directives QS_ClientGeoCountryDB and QS_ClientGeoCountryPriv. + + - New variables: QS_AllConn and QS_Country. + +Version 9.79 + + - Fixed: Wrong IP conversion (str2long) used by console and + QS_ClientIpFromHeader. + +Version 9.78 + + - Fixed: QS_UserTrackingCookieName enforcement did not work if server + creates internal redirect. + +Version 9.77 + + - Use pcre_study() and match_limit where applicable. + + - qslog features the option "-c" to collect separate statistics, + e.g., for different URLs. + + - qslog features the option "-pc" used to gather request information + per client. + + - New directive QS_SrvSampleRate (may be used to adjust the + QS_REQ_RATE_TM sample rate at runtime/post compilation). Not + documented. + + - Fixed: qslog line parsing bug (double backslash). + +Version 9.76 + + - New directive QS_ClientIpFromHeader (may be used in conjunction with + QS_ClientEventLimitCount only). + + - qslog measures new connections per minute (%k == 0). + + - Fixed: Don't show connections in the overview if not measured. + + - Internal: QS_EventRequestLimit are added (instead of set) to the event + table in order to prevent multiple increments by the very same request. + +Version 9.75 + + - New directive QS_SetEnvRes. + + - Viewer keeps value about the last measured kbytes/second result for + a longer time. + + - Update documentation (description of QS_LocKBytesPerSecLimit* + directives). + +Version 9.74 + + - Fixed header file in qsfilter2 (possible compile problems). + + - Fixed pre connection handling for outgoing (mod_proxy) connections. + +Version 9.73 + + - Q3429879: Format usage text of the mod_qos utilities to man page + format. Use "<utility> --man" to generate the man page. + + - Make "NullConnection" detection (known by QS_SetEnvIfStatus) more + aggressive. + +Version 9.72 + + - Module tries to detect a suitable default error document for + QS_ErrorPage automatically. + + - New status "NullConnection" known by QS_SetEnvIfStatus detecting + TCP connections which are not used to send a HTTP request (closed + without transmitting HTTP request line and header or denied by any + other module). + + - QS_ClientEventBlockCount is processed at pre_connection hook (more + aggressive, before mod_ssl). + + - Suppress warning message about missing mod_unique_id if mod_navajo is + available. + +Version 9.71 + + - QS_RequestHeaderFilterRule and QS_ResponseHeaderFilterRule may be + configured within a host (outside location). + + - QS_ResponseHeaderFilterRule features the action "silent" which drops + header silently without writing a log message. + + - Headers X-Content-Type-Options and X-XSS-Protection has been added to + the default response header rules. + + - Fixed: Bug in JSON parser. + + - Fixed: Propagation of Apache environment variables to sub-requests + (solves bug when using QS_ClientEventBlockCount and ErrorDocument). + +Version 9.70 + + - QS_EventPerSecLimit and QS_EventKBytesPerSecLimit counters are no + longer updated if a request has already been denied by a + QS_EventRequestLimit rule. + + - QS_LocRequestPerSecLimit* and QS_LocKBytesPerSecLimit* counter are + no longer updated if a request has already been denied by a + QS_LocRequestLimit* rule. + + - Adjust attributes/number of requests required to identify the client + behavior. + + - Update request header allow list rule for Content-Type. + +Version 9.69 + + - Client behavior (content type a client is downloading) is calculated + in a percent of the whole traffic type distribution. The directive + QS_ClientTolerance supports only values between 5 and 80. + + - Add directive QS_ClientContentTypes to define the normally downloaded + content types statically (instead of self learning). + + - Detection if module has been build for a different MPM implementation + than the server is using at runtime. + + - JSON parser processes request query (if starting with an array '[' of + object '{') if no body is available. + + - qssing supports additional log format detection. + + - qslog supports request time duration measurement in milli- and + microseconds too (t and D instead of T). + + - qslog isolates numeric values (B, i, T, t, D, S) even they are + surrounded or prefixed by other characters, e.g. time="<number>". + + - qslog treats single quoted string with (short) leading name and eaual + sign (e.g., agent='Mozilla 1') as single element (offline mode only). + + - qslog extracts additional time formats (offline mode). + + - Added "X-Do-Not-Track" to the built-in request header allow list. + + - Minor changes within the status viewer (machine-readable view). + +Version 9.68 + + - Change in order to support HP-UX. + +Version 9.67 + + - Fixed: QS_ClientSerialize has required other client level control + directive. + +Version 9.66 + + - Client data store updates entry time stamp every access. + +Version 9.65 + + - Fixed: Could not compile the support utility qscheck. + + - qsexec features option "-c" (pattern clearing the event counter). + +Version 9.64 + + - New utility: qsexec + + - Dynamic client data store partition (depending on the size of the + store as defined by QS_ClientEntries) for improved performance. + +Version 9.62 + + - Some code refactoring (performance improvements, no functional + changes). + +Version 9.61 + + - New directive QS_LogOnly may be used to disable rule enforcement + (permissive mode). + + - Minor changes within the status viewer. + + - "QS_SetEnvIfStatus QS_SrvMinDataRate QS_Block" limits the allowed + number of QS_SrvMinDataRate rule violations. + +Version 9.60 + + - Fixed: QS_ClientEventBlockCount/QS_ClientEventLimitCount get not reset + if client causes events continuously. + +Version 9.58 + + - Fixed: IP does not get marked as VIP if QS_ClientPrefer has not been + defined. + + - New variable QS_ErrorNotes. + + - Add "Transfer-Encoding" (very strict) to the built-in request header + allow list. + +Version 9.57 + + - Status viewer features query name "refresh" which causes the browser + to reload the page every 10 seconds. + +Version 9.56 + + - Clear per client data store counters at graceful restart to prevent + dead enties (counter grow) due unclear client shutdown. + + - qsfilter2 features url filter (-f). + + - QS_ClientSerialize does not block for more than 10 minutes. + +Version 9.55 + + - Minor changes in configure script (autotools) of the support utilities + (png library name). + + - Add allowed response header X-Content-Security-Policy. + + - Fixed: qslog cuts last character if parameter is at end of line. + + - Fixed: qsfilter2 handling of 0 byte characters. + +Version 9.54 + + - QS_SetEnvIf may unset a variable. + + - New variable QS_IsVipRequest. + +Version 9.53 + + - Re-introduce qscheck to the support utilities tarball. + +Version 9.52 + + - Double per client data store speed (insert new entries) by partitioning + of odd and even ip addresses. + + - Overview section in qos viewer (showing connections and load). + + - Remove packet-rate measurement. + +Version 9.51 + + - Set IP based VIP status to connection even before we receive the + HTTP request. + + - New argument "connections" for the QS_SrvMinDataRate directive allows + to disable the limitation if the server is idle/has only little + traffic. + + - Adapt built-in request header filter rules. + +Version 9.49 + + - Adapt built-in request header filter rules. + + - New utility: qsgrep. + + - Change process order: process QS_SetEnvResHeader after + QS_SetEnvResHeaderMatch. + + - New directive QS_UnsetResHeader. + + - New directive QS_ClientEventLimitCount (works similar as + QS_ClientEventBlockCount but enforces rule at request level only). + +Version 9.48 + + - qslog supports mod_logio (%I and %O). + + - Re-introduce deprecated QS_SetEnvStatus directive (for backwards + compatibility). + +Version 9.47 + + - QS_SetEnvIfStatus may be used within Locations. + + - Sequence: execute QS_SetEnvIfStatus earlier (before + QS_SetEnvResHeader). + + - Remove directive QS_SetEnvStatus (alias for QS_SetEnvIfStatus). + +Version 9.46 + + - QS_VipUser/QS_VipIpUser detects r->user earlier (@fixup). + + - QS_KeepAliveTimeout allows value "0" disabling keep-alive. + + - Process QS_KeepAliveTimeout variable at response too. + + - QS_SetEnvIfStatus may be specified multiple times for the same + response code. + + - QS_SetEnvIfStatus accepts the definition of a variable value. + +Version 9.45 + + - Add directive QS_ClientSerialize. + + - qslog used new parameter names for event message counts. + +Version 9.44 + + - Add directive QS_DisableHandler. + +Version 9.43 + + - QS_ClientEventBlockCount rule violation marks client to have low + priority. + +Version 9.42 + + - Console "action=search&address=*" returns a list of all clients. + + - Fixed: Removes the apr_shm_destroy() calls to avoid double-free + errors on Linux with old APR library versions. + +Version 9.41 + + - Fixed: Console action 'block' did not set event number. + +Version 9.40 + + - Fixed: Search IP in console + + - Fixed: User tracking set-cookie is set twice. + + - Process QS_SetEnvIfStatus on internal errors (protocol). + +Version 9.38 + + - Web console allows the modification of attributes of entries within + the client data store. + + - Status viewer supports query "ip" (showing the IP addresses of the + connected clients for all open TCP connections) in machine-readable + version. + + - Status viewer used new delimiter within rule names on machine-readable + version (query "auto"). + +Version 9.37 + + - Changed QS_ClientPrefer behavior: + - never block VIP IP + - step 1 denies slow marked clients only + + - Set the QS_ClientLowPrio variable for clients with low priority. + + - qssign: add option "-e" which ensures we don't lost any lines. + + - Update built-in header validation pattern. + +Version 9.36 + + - QS_SrvMinDataRateOffEvent processing at fixup (request). + + - Use apr_time_t instead of time_t. + +Version 9.34 + + - qslog counts response status codes per minute. + + - Use apr_time_t instead of time_t. + +Version 9.33 + + - User tracking cookie enforcement may be disabled by setting the + DISABLE_UTC_ENFORCEMENT environment variable, e.g. for certain + User-Agent headers. + +Version 9.32 + + - Status viewer returns "text/plain" for request query 'auto'. + +Version 9.31 + + - qsfilter2: encode double quotes and backslashes using their hex values + (no escaping within Apache configuration necessary). + + - Featuring JSON parser which may be used in conjunction with + QS_PermitUri. + +Version 9.30 + + - Fixed: qsfilter2 did not compile with OpenSSL 1.0.0. + +Version 9.29 + + - Add Strict-Transport-Security to the default response header rules. + + - Directive QS_UserTrackingCookieName features an optional "path" + attribute. This path specifies a local error page which is shown + to users not accepting the user tracking cookie (note: search engines + do probably not support this cookie enforcement and won't be able to + crawl the site). + + - Generates a simple request id (unique per pid/tid within a + millisecond) if mod_unique_id has not been loaded. + + - Fix: syntax check for QS_ErrorPage. + +Version 9.28 + + - QS_ErrorPage supports external HTTP redirect (302). + + - qsfilter2 features a rule id prefix (-k <prefix>). + + - qsfilter2 may process audit log using the sample log format + "%h %>s %{qos-loc}n %{qos-path}n%{qos-query}n" without pre-processing. + +Version 9.27 + + - Remove qscheck utility (don't compile it by default). + + - New variable %{qos-loc}n indicating the Location matching a request + (may be used to filter the audit log for dedicated locations in order + to generate QS_PermitUri rules). + + - qsfilter2 may process "standard" Apache access log (TransferLog) + files too (automatically detecting the request line). + + - Several adaptions/fixes to the machine-readable version of the status + viewer. + +Version 9.26 + + - Fix: no mutex destroy (called by register cleanup when destroying + pools). Should fix the restart issues with MPM prefork binaries. + + - Renew user tracking cookie once every month. + +Version 9.25 + + - Compile utilities using GNU autotools (hope this works at least on + some Linux platforms). + +Version 9.24 + + - QS_SrvMinConnPerIP: don't log every rule violation (consolidate log + messages and log only every 20th event, see QS_LOG_REPEAT). + + - Fixed: Removes thread_join for MPM prefork binaries. + +Version 9.23 + + - New directives: QS_MileStone*. + + - Q3032708: see http://www.openssl.org/support/faq.html#LEGAL2. + + - Add Access-Control-Allow-Origin to the default response header rules. + +Version 9.22 + + - New variable: QS_SrvConn + + - qslog shows total number of requests within a minute. + +Version 9.21 + + - New directive QS_UserTrackingCookieName. + +Version 9.20 + + - Fixed: Racing condition when using QS_SrvMinDataRate and + ThreadsPerChild > 64 may cause segfault. + +Version 9.19 + + - Fixed: Segfault at server start if no vhost has been defined. + + - QS_SrvMinDataRateOffEvent may be used at server and/or location level. + +Version 9.18 + + - QS_SrvMaxConnClose supports the definition of the number of + keep-alive connections as a percentage of MaxClients. + + - Updates built-in filter pattern of QS_HeaderFilter. + +Version 9.17 + + - Output filters are executed after mod_setenvifplus. + +Version 9.16 + + - New directive QS_SrvMinDataRateOffEvent. + + - Changes directive process order (QS_SetEnvIfStatus). + + - QS_SrvMinDataRate enforces keep-alive timeout (request line must be + received within the keep-alive timeout). + +Version 9.15 + + - New directives QS_ResponseHeaderFilter and QS_ResponseHeaderFilterRule. + +Version 9.14 + + - New directive QS_Decoding. + +Version 9.12 + + - New directive QS_SemMemFile. + + - Uses a checksum to represent IPV6 addresses. + +Version 9.10 + + - Fixed: ap_remove_input_filter(). + + - MaxClients overrides ServerLimit/Treads settings when calculating the + maximum number of possible client connections. + + - Log/debug message about used semaphore files. + +Version 9.9 + + - New implementation of the code for QS_SrvMaxConnPerIP to avoid + malfunction reported by mod_qos user. + + - Module dependency (execution order) to mod_setenvifplus. + +Version 9.8 + + - Internal code changes/maintenance (join thread). + +Version 9.7 + + - mod_qos may be compiled defining QS_NO_STATUS_HOOK which prevents + mod_qos from registering to mod_status. + +Version 9.6 + + - Environment variable QS_DeflateReqBody to deflate request body data + (update to mod_parp 0.8 in order to get a correct content-length + header after data deflating). + +Version 9.5 + + - New directives QS_SetReqHeader and QS_SetEnv. + +Version 9.4 + + - Fixed: Variable %{qos-query} is not set when using the + QS_DenyQueryBody directive (and neither QS_DenyBody nor + QS_PermitUriBody has been set). + + - Increased line buffer for qsfilter2 (2MB). + +Version 9.3 + + - New directive QS_SetEnvResBody. + +Version 9.2 + + - New syntax: + QS_VipHeaderName <header name>[=<regex>] [drop] + QS_VipIPHeaderName <header name>[=<regex>] [drop] + +Version 9.1 + + - QS_ClientEventRequestLimit limits the number of concurrent events on + a per client IP address basis (again increasing the per client memory + consumption). + +Version 9.0 + + - Client level control: request characteristics measuring adds content + type ration and number of 304 responses (requires now 64bytes instead + of 48bytes per client on a 32bit system). + + - Improved client level control (behavior detection, see above) is + processed by the QS_ClientPrefer directive. Directive + QS_ClientTolerance controls the allowed variation. + + - Directive QS_SrvPreferNet has been removed. It's recommended to use + QS_ClientPrefer instead. + +Version 8.18 + + - Q2841328: remove nasty pointer address cast to int. + +Version 8.16 + + - Q2834297: use a single mutex for all per virtual host ACT tables (too + many mutexes if a server uses many virtual hosts). + +Version 8.15 + + - New variable QS_Delay. + +Version 8.14 + + - New directive QS_SrvDataRateOff. + +Version 8.13 + + - New directives QS_DenyQueryBody and QS_PermitUriBody obsolete + QS_DenyBody. + + - Fixed: QS_Deny*/QS_Permit* directives can handle strings containing + 0 bytes (qsfilter2 still can't). + +Version 8.12 + + - New directive QS_InvalidUrlEncoding. + +Version 8.11 + + - Fixed: Change Apache 2.0 ifdef statements in order to compile with + any compiler. + +Version 8.10 + + - Fixed: Did not compile with Apache 2.0. + +Version 8.9 + + - QS_LimitRequestBody may be defined using mod_setenvif. + See new directive order in mod_qos_seq.gif + + - mod_qos uses anonymous shm by default. + + - Use constant semaphore/shared memory file names in order to reuse + resources after unclear server shutdown. + +Version 8.5 + + - New directive QS_EventKBytesPerSecLimit. + + - New structure of the source archive tarball, see index.html#build + for more information about building the binaries. + +Version 8.3 + + - QS_RequestHeaderFilterRule has new syntax. + + - QS_RequestHeaderFilter checks the header length too. It's possible + to use "QS_RequestHeaderFilter size" for header length checking only + (instead of using LimitRequestFieldsize). + +Version 8.2 + + - Fixed: Client prefer, don't mark connection timeout at keep alive + end (used in conjunction with QS_ClientPrefer). + + - Access log events (mod_qos_ev, mod_qos_cr, mod_qos_con) are stored as + variables (storing them in the out headers will be removed in one of + the next release). + +Version 8.1 + + - Fixed: Checks for enabled cc in input filter. + + - Don't allow requests without an URL. + +Version 8.0 + + - New server configuration merger: settings within virtual hosts are + merged with the settings from the base server (directives outside + virtual hosts). Virtual host settings do not overwrite base settings + any more. + + - New directive QS_LimitRequestBody. + +Version 7.20 + + - Fixed: Url decoding detecting %HH encoding (full range). + +Version 7.19 + + - QS_DenyEvent may be used to block requests which do NOT have the + specified event set. + + - QS_DenyEvent is applied after the QS_SetEnvIf* directives. + See mod_qos_seq.gif for more details. + +Version 7.18 + + - QS_Deny/Permit logs on severity warning if action is log only. + +Version 7.17 + + - QS_SetEnvIfBody recognizes the occurrence of $1 within the variable + value and replaces it by the subexpressions of the defined regex + pattern. + +Version 7.16 + + - Set audit log variables at header parser hook. + +Version 7.15 + + - Directive QS_EventRequestLimit may match variable values too. + + - New directive QS_SetEnvIfBody. + + - Audit log is enabled based on the defined log format variables. + +Version 7.14 + + - New directive QS_DenyBody implements generic request body filter + which can be used in conjunction with QS_DenyQuery, QS_PermitUri, + and body data audit log (to be processed my qsfilter2). + +Version 7.13 + + - Changed directive processing order, see mod_qos_seq.gif. + + - New directive QS_SetEnvIfParp (requires mod_parp, + see http://parp.sourceforge.net). + + Important: + mod_parp and the QS_SetEnvIfParp directive copies the whole HTTP + request message body into the servers memory (requires at least + twice the memory size of the posted data). It is very important + that you limit the messagy body size for requests processed my + mod_parp/QS_SetEnvIfParp using the Apache directive LimitRequestBody. + + - New directive QS_DenyEvent. + + - Chuck out mod_qos_control. + +Version 7.12 + + - Process event filter only if some rules have been defined. + + - Recovery rate (decrease limitation) for bandwidth and and request + limit has been increased from 16% to 25%. + +Version 7.11 + + - New directive QS_EventRequestLimit. + +Version 7.9 + + - Fixed: QS_SrvMinDataRate/QS_SrvRequestRate counts all server + connections (not only per child process). + +Version 7.8 + + - Directive QS_SrvMinDataRate/QS_SrvRequestRate supports min/max + limitation in order to increase the minimum upload/download bandwidth + on multiple simultaneously connections. + + - Fixed: Activation of QS_SrvMinDataRate did not work + (QS_SrvRequestRate only). + +Version 7.7 + + - New directive QS_SetEnvIfQuery. + +Version 7.6 + + - Use the HTTP response code defined by QS_ErrorResponseCode (default + is 500) settings for all denied requests expect for those requests + rejected to a QS_Deny*, QS_Permit*, or QS_RequestHeaderFilter rule. + +Version 7.5 + + - New directive QS_ErrorResponseCode + + - Multiple directives (QS_LocRequestLimit, QS_LocRequestLimitMatch, + QS_CondLocRequestLimitMatch, QS_ClientEventBlockCount, and + QS_ClientEventPerSecLimit) allow now a limitation set to "0". + + - QS_SrvMinDataRate replaces QS_SrvRequestRate. + +Version 7.4 + + - QS_SrvRequestRate supports chunked POST. + +Version 7.3 + + - Partial (not for chunked post) fixed error message for slow server + response when using QS_SrvRequestRate. + +Version 7.2 + + - New directive QS_SetEnvResHeaderMatch + +Version 7.1 + + - QS_SrvMaxConnExcludeIP works for QS_SrvRequestRate (may be used to + allow selected IP sources, e.g. slow spider). + +Version 7.0 + + - New directive QS_SrvRequestRate enforces minimum upload bandwidth + (used for TCP DoS prevention). Requires thread support. + + - QS_ClientPrefer allows definition of free connections in percent + in order to override the default of 80%. Available for Apache 2.2 + only. + + - QS_SrvConnTimeout is no longer available. + You may use QS_SrvRequestRate instead. + +Version 6.7 + + - Detects low priority clients (clients sending slow or using small + data packets get marked as low priority clients). + + - New directives QS_VipUser and QS_VipIpUser. + + - Status viewer shows information about client (IP) control status. + +Version 6.6 + + - mod_status handler hook supports short status flag. + +Version 6.5 + + - New directive QS_SetEnvResHeader. + + - mod_qos_control supports QS_SetEnvIf, QS_SetEnvStatus, and + QS_SetEnvIf directive editing. + +Version 6.4 + + - New directive QS_SetEnvStatus. + + - QS_SetEnvIf for response processing (log transaction). + + - QS_ClientEventBlockCount on response events (log transaction). + +Version 6.3 + + - New directive QS_VipIPHeaderName to mark clients (IP) without + providing them full VIP privileges. + + - Add details to log messages. + +Version 6.2 + + - New command: QS_ClientEventPerSecLimit. + +Version 6.1 + + - QS_SetEnvIf supports "NOT" operator. + + - Sets QS_VipRequest variable when receiving valid session cookie. + +Version 6.0 + + - mod_qos features per client (IP) control rules. + + - QS_ClientPrefer, prefers known VIP clients. + + - QS_ClientEventBlockCount, blocks clients on events. + +Version 5.17 + + - New directive QS_EventPerSecLimit allows req/sec limitation for + requests causing an event. + + - New directive QS_SetEnvIf allows combination of multiple environment + variables. + + - Fixed: sem/shm leak when using QS_SrvPreferNet. + +Version 5.16 + + - Mark QS_CondLocRequestLimitMatch in status viewer. + +Version 5.15 + + - New directive QS_CondLocRequestLimitMatch allows conditional request + level rules. + +Version 5.14 + + - Remove "nicetitles" from status viewer. + +Version 5.13 + + - Again, minor status viewer changes. + +Version 5.12 + + - Status viewer uses "nicetitles" to show long rule strings. + +Version 5.11 + + - Minor internal code changes. + +Version 5.10 + + - Rules do not use individual mutex any longer. This allows an unlimited + number of rules. + +Version 5.9 + + - mod_qos_control features additional qsfilter2 settings. + +Version 5.8 + + - Minor improvements in status viewer. + + - 5.7 did not compile with Apache 2.0 (ap_regex). + +Version 5.7 + + - Important: + QS_PermitUri, QS_Deny*, qsfilter2 apply filter rules against unescaped + URLs where %<hex>, \x<hex> and + (new!) is unescaped. + You should regenerate your QS_PermitUri rules using the updated + version of the qsfilter2 tool provided by this release. + + - Very first release of mod_qos_control. + +Version 5.6 + + - New status viewer implementation. + +Version 5.4 + + - Important: + QS_PermitUri, QS_Deny*, qsfilter2 apply filter rules against + unescaped URLs where %<hex> and \x<hex> (new!) is unescaped. + You should regenerate your QS_PermitUri rules using the updated + version of the qsfilter2 tool provided by this release. + +Version 5.2 + + - QS_VipHeaderName creates session cookie only once. + + - VIP has no QS_LocKBytesPerSecLimit/QS_LocKBytesPerSecLimitMatch + restrictions. + + - QS_SrvPreferNet triggers for VIP user on response header only. + +Version 5.1 + + - New directive QS_SrvPreferNet. + +Version 4.30 + + - Fixed: Segfault at server startup when no virtual host has been + configured. + +Version 4.29 + + - Debug log level lists available request header filter rules. + +Version 4.28 + + - Introduce request header filter. + +Version 4.18 + + - Introduce log message numbers and SSI support for error pages. + + - Add new directive QS_DenyInheritanceOff + + - Add qsfilter2, a tool to generate request URI allow list rules. + + - Use mod_unique_id to tag error messages. + +Version 4.13 + + - QS_PermitUri uses case sensitive pcre. + +Version 4.11 + + - Add new directive QS_PermitUri. + +Version 4.8 + + - Introduce generic request filtering (QS_Deny* directive). + +Version 4.3 + + - New handling of graceful server restart. + +Version 4.2 + + - QS_LocKBytesPerSecLimitMatch, QS_LocRequestPerSecLimitMatch + +Version 4.1 + + - QS_LocKBytesPerSecLimit + +Version 4.0 + + - Introduce request/response throttling. + +Version 3.12 + + - Update to mod_qos viewer (status handler). + +Version 3.10 + + - Dynamic error page definition using setenvif. + +Version 3.12 + + - Introduce mod_qos viewer (status handler). + +Version 3.5 + + - QS_KeepAliveTimeout + +Version 3.4 + + - QS_SrvConnTimeout + +Version 3.2 + + - QS_SrvMaxConnTimeout + +Version 3.1 + + - QS_SrvMaxConnExcludeIP + +Version 3.0 + + - Introduce connection level control (QS_SrvMaxConnClose QS_SrvMaxConn). + +Version 2.3 + + - VIP detection. + +Version 2.2 + + - qslog utility. + +Version 2.0 + + - New implementation of location based request limitation. + +Version 1.3 + + - Initial version (scoreboard based request limitation). |