httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Champion <>
Subject [users@httpd] Announcing mod_websocket v0.1.0
Date Tue, 10 Nov 2015 20:33:27 GMT
I'm happy to announce version 0.1.0 of mod_websocket:

mod_websocket is an Apache 2.x module that allows developers to write C-
and C++-based WebSocket services. The intent is for mod_websocket-plugin
writers to develop their WebSocket services completely independently of
the Apache server API. Currently, both httpd 2.2 and 2.4 are supported.

I am not the original author of mod_websocket; it's been orphaned for a
couple of years now, and I'm stepping in as a new primary maintainer. So
if you're interested in the development or use of this module, now is an
excellent time to get involved! Download and test the code, file issues
(or try your hand at fixing one), star/fork the repo on GitHub, etc. Any
and all feedback is appreciated.

= Major New Features/Fixes =

Since the last upstream commit in 2012, here are some of the major
changes in 0.1.0:

- Incoming handshakes are now validated and rejected if they do not
   conform to the WebSocket specification. This is the primary focus of
   the 0.1.0 release.
- Cross-origin connections are now rejected by default, and a new
   WebSocketOriginCheck directive has been added to control this
- A major rearchitecture of the threading model fixes occasional crashes
   when using mod_ssl.
- Experimental CMake support has been added for Windows builds.
- An autotest harness has been added, which uses the Autobahn TestSuite.

A full changelist can be seen at the release description on GitHub.

= Major Known Issues =

This is a pre-release, zero-dot module. There are known issues that may
preclude its use in production systems. Please understand them and take
steps to avoid them if you decide to deploy mod_websocket.

- mod_reqtimeout will prematurely close idle WebSocket connections if it
   is in use.
- Apache worker threads are completely monopolized by WebSocket
   connections. This makes it possible for a large number of connections
   to DoS the server.
- mod_websocket suffers from poor performance when receiving extremely
   fragmented messages (i.e. a large number of small frames). In an
   untrusted environment, this could also lead to a denial of service

A more complete (but not necessarily exhaustive) list is available at
the repo page on GitHub:

= Binary Compatibility =

The plugin ABI is *not* yet stable, but the 0.1.x line is
binary-compatible with the original upstream fork. So if you already
have mod_websocket plugins based on the original repository, no changes
should be required for you to use them with this release. There *will*
eventually be an ABI bump (0.2.x) to fix some known issues with the
interfaces, but I'll do my best to consolidate those compatibility
breaks and drive towards a 1.0 as soon as possible.

Thanks for your interest!

--Jacob Champion

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message