lighty's life

lighty developer blog

Weekends Projects: Lua as Config-language

With the first implementation of mod_cml and later mod_magnet smart users asked why we don’t use lua also as config language for lighttpd.

Up to now I was pushing back and saying that a huge change in the configfile would make upgraders very unhappy as they would have to rewrite the config files. Looking at what we have for 1.5.0 right now, we need tweaks anyway.

Weekend Projects: Killing buffer.c and array.c

As part of a weekend project I’m ripping 1.5 apart a bit. I worked with glib for quite some time now and feel the need to replace the base-structures around “buffer” (strings) and “array” (hash) apart and replace it with the glib counter-parts.

To make this a nice experience and that I don’t harm anyone else I imported trunk into a local bzr tree:

bzr clone svn://

to clone the SVN tree.

Let’s see how well that experiment goes.

PRE-RELEASE: lighttpd-1.5.0-r1992

Some time passed since the last pre-release, time for an update.

Everyone who runs 1.5.0 already has to upgrade to get fixes several vulnerabilities that got fixed in the 1.4.x branch already.

If this release passes your requirements it will be the last 1.5.0 pre-release. Afterwards we will start the the normal 1.5.x series and will add the missing features in 1.5.1 and later.


md5sum: b62e2442ee0f3395844b54385b14397a


  • added native support for mingw32
  • added experimental option to compile without glib
  • fixed mod_uploadprogress
  • fixed endless loop on freebsd-sendfile (#1289)
  • fixed compile in IRIX and HP/UX
  • fixed hardcoded font-sizes in mod_dirlisting (#1267)
  • fixed different ETag length on 32/64 platforms (#1279)
  • fixed conditional dir-listing.exclude (#930)
  • fixed CONTENT_LENGTH = -1 in mod_cgi (#1276)
  • fixed typecast of NULL on execl() (#1235)
  • fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
  • fixed mysql server reconnects (#518)
  • fixed prctl() usage (#1310, #1333)
  • fixed FastCGI header overrun in mod_proxy_backend_fastcgi (reported by
  • fixed mem-leak in mod_auth (reported by Stefan Esser)
  • fixed crash with md5-sess and cnonce not set in mod_auth (reported by Stefan Esser)
  • fixed missing check for base64 encoded string in mod_auth and Basic auth
    (reported by Stefan Esser)
  • fixed possible crash in Auth-Digest header parser on trailing WS in
    mod_auth (reported by Stefan Esser)

There Is an Angel for Lighty

In changeset 1981 I added a angel process to the lighttpd build. It solves several problems when we have everything running as expected:

  • SIGHUP leads to a graceful restart (config reloads)
  • SIGINT is graceful shutdown as now
  • all unhandled signals lead to a restart of the lighttpd process

Lighttpd at the Kieler LinuxTage

I'll give a presentation on lighttpd at the "Kieler Linuxtage": on September 8th, 2007. I'll talk about lighttpd, its past and future, the special modules and performance. I will also try to give some content to the un-conference going on at the same time. Perhaps some MySQL Proxy stuff ?

Bug Fixing Marathon

Looking at the bug-system a few days ago we had something like 460 bugs open.

Quite a bunch of them were duplicates of the same issue and others were already fixed in the code and just not closed in the bug-system.

Scanning through the bugs I wrote some more test-cases to verify that the reports were valid and along the way at least these bugs got fixed:

  * added dir-listing.set-footer in mod_dirlisting (#1277)
  * fixed hardcoded font-sizes in mod_dirlisting (#1267)
  * fixed different ETag length on 32/64 platforms (#1279)
  * fixed compression of files < 128 bytes by disabling compression (#1241)
  * fixed mysql server reconnects (#518)
  * fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
  * fixed crash on mixed EOL sequences in mod_cgi
  * fixed key compare (#1287)
  * fixed invalid char in header values (#1286)
  * fixed invalid "304 Not Modified" on broken timestamps
  * fixed endless loop on shrinked files with sendfile() on BSD (#1289)
  * fixed counter overrun in ?auto in mod_status (#909)
  * fixed too aggresive caching of nested conditionals (#41)
  * fixed possible overflow in unix-socket path checks on BSD (#713)
  * fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
  * fixed handling of duplicate If-Modified-Since to return 304
  * fixed extracting status code from NPH scripts (#1125)
  * removed config-check if passwd files exist (#1188)

Now the bug-count is at 413, a start.

Spamfilter on the Right Track Now

We had enabled spamfilter in // long ago and it was doing fine blocking lots of spam messages, but I didn’t notice that it blocked some ham messages too by rasing “your ip is blacklisted by” error.

I appreciate your help when you try hard clicking the submit button for wiki/tickets and am sorry for blocking you.

I spent some time tweaking karma settings in trac spamfilter recently. It was a bit hard to get what karma is even by asking the ppl in #trac, until i read the source. Anyway, it looks better now, and we’ll keep watching the monitor and see if there’s something mis-blocked, and tweak the settings accordingly. You may also register and login to get pass the spam checking.

You provided feedback. We listened.


PRE-RELEASE: lighttpd-1.5.0-r1857.tar.gz

Baby-steps, …

As we are running this release on it is time to push it out to more testers.



  • mod-proxy-core
  • added support to rewrite PATHINFO and SCRIPTNAME
  • fixed setenv.environment support
  • fixed random crashes
  • fixed keep-alive announcement if keep-alive is disabled
  • fixed handling of status 304 from the backends
  • fixed handling of trailing CRLF after a KeepAlive POST
  • fixed the output of lighttpd -p to result in a real configfile
  • fixed loading of default modules if they are explicitly specified