33a50f7ac69bc7f9f5c35cc7f0e240ec324ae660 1661448 |
|
22-Feb-2015 |
minfrin |
core: Add expression support to ErrorDocument. Switch from a fixed
sized 664 byte array per merge to a hash table. |
a95a2a6dc9573e5e425799c4affd2369bbe4a63f 1653666 |
|
21-Jan-2015 |
wrowe |
Revert r4635428 corresponding to PR41867.
The code reverted attempted to restrict comparisons of the r->filename
to given DirectoryMatch blocks.
r->filename was already a non-directory entity at this point, because we
have already fallen out of the } while (thisinfo.filetype == APR_DIR);
block above.
The addition of r->d_is_directory was redundant. That is what is always
returned by ap_get_core_module_config(r->per_dir_config).
Note modifying dir_config required an MMN major bump as this commit could
have realigned the offset of refs (had it been added to the end, this
would correspond to an mmn minor bump) and other fields packed into the
same bytes (this is undefined). Bump on revert to prevent unexpected crashes. |
0b67eb8568cd58bb77082703951679b42cf098ac 1642847 |
|
02-Dec-2014 |
trawick |
core: Add CGIPassAuth directive to control whether HTTP authorization
headers are passed to scripts as CGI variables.
PR: 56855 |
dbea082f09360b41a89ded02bcf12cd4569cdb0d 1635428 |
|
30-Oct-2014 |
jkaluza |
core: Do not match files when using DirectoryMatch. PR41867. |
8491e0600f69b0405e156ea8a419653c065c645b 1610814 |
|
15-Jul-2014 |
covener |
*) SECURITY: CVE-2013-5704 (cve.mitre.org)
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
otherwise confusing modules that examined or modified
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior.
Submitted By: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener
Committed By: covener |
943016cae7a40f689cc0b65fd8cf8d4250a21352 1565657 |
|
07-Feb-2014 |
jim |
Add in the concept of "slave" connections...
Allows for several "connections" all resulting in
a single real connection that talks to the network.
Right now, nothing uses this though. |
ccc20788c1e5fc973f36df634399c89acb70deae 1554303 |
|
30-Dec-2013 |
jerenkrantz |
Add directives to control two protocol options:
HttpContentLengthHeadZero - allow Content-Length of 0 to be returned on HEAD
HttpExpectStrict - allow admin to control whether we must see "100-continue"
This is helpful when using Ceph's radosgw and httpd.
Inspired by: Yehuda Sadeh <yehuda@inktank.com>
See https://github.com/ceph/apache2/commits/precise
* include/http_core.h
(core_server_config): Add http_cl_head_zero and http_expect_strict fields.
* modules/http/http_filters.c
(ap_http_header_filter): Only clear out the C-L if http_cl_head_zero is not
explictly set.
* server/core.c
(merge_core_server_configs): Add new fields.
(set_cl_head_zero, set_expect_strict): New config helpers.
(HttpContentLengthHeadZero, HttpExpectStrict): Declare new directives.
* server/protocol.c
(ap_read_request): Allow http_expect_strict to control if we return 417.
* include/ap_mmn.h
(MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR): Bump.
* CHANGES: Add a brief description. |
a370a774825bc89fc6b0d8e45035a590e39b0bd6 1554300 |
|
30-Dec-2013 |
minfrin |
core: Support named groups and backreferences within the LocationMatch,
DirectoryMatch, FilesMatch and ProxyMatch directives. |
64a7f213663cade6b32d11ee4d8ac8313e535922 1544156 |
|
21-Nov-2013 |
trawick |
Follow-up to r1541029:
Clarify handling of the directive argument |
993d1261a278d7322bccef219101220b7b4fb8c5 1541029 |
|
12-Nov-2013 |
jkaluza |
Add parse_errorlog_arg callback to ap_errorlog_provider to allow providers
to check the ErrorLog argument. Implement this check in mod_syslog. |
c62cc8593d17deefcd6879923ccfcd80f07eaa40 1527003 |
|
27-Sep-2013 |
trawick |
Error log providers need to be able to trigger a startup error from their
init() function. A NULL return code is the trigger. |
7cac5c72d80c4dc740e6ae7bae29d41ffdbd4b05 1525845 |
|
24-Sep-2013 |
jkaluza |
Add AP_ERRORLOG_PROVIDER_ADD_EOL_STR flag for ap_errorlog_provider, bump MMN. |
56589be3d7a3e9343370df240010c6928cc78b39 1525597 |
|
23-Sep-2013 |
jkaluza |
Add ap_errorlog_provider to make ErrorLog logging modular. Move
syslog support from core to new mod_syslog. |
6a80c3c6f4b8ea7ba5e89402b8b779b09ce020e0 1496339 |
|
25-Jun-2013 |
covener |
*) core: merge AllowEncodedSlashes from the base configuration into
(non-default) name-based virtual hosts. [Eric Covener] |
4576c1a9ef54cd1e5555ee07d016a7f559f80338 1426877 |
|
30-Dec-2012 |
sf |
Add an option to enforce stricter HTTP conformance
This is a first stab, the checks will likely have to be revised.
For now, we check
* if the request line contains control characters
* if the request uri has fragment or username/password
* that the request method is standard or registered with RegisterHttpMethod
* that the request protocol is of the form HTTP/[1-9]+.[0-9]+,
or missing for 0.9
* if there is garbage in the request line after the protocol
* if any request header contains control characters
* if any request header has an empty name
* for the host name in the URL or Host header:
- if an IPv4 dotted decimal address: Reject octal or hex values, require
exactly four parts
- if a DNS host name: Reject non-alphanumeric characters besides '.' and
'-'. As a side effect, this rejects multiple Host headers.
* if any response header contains control characters
* if any response header has an empty name
* that the Location response header (if present) has a valid scheme and is
absolute
If we have a host name both from the URL and the Host header, we replace the
Host header with the value from the URL to enforce RFC conformance.
There is a log-only mode, but the loglevels of the logged messages need some
thought/work. Currently, the checks for incoming data log for 'core' and the
checks for outgoing data log for 'http'. Maybe we need a way to configure the
loglevels separately from the core/http loglevels. |
dc69753e117f46ae62c62769e71ab170fbc96829 1425366 |
|
22-Dec-2012 |
sf |
Change HttpProtocol to again only allow to enable/disable 0.9
This reverts r1407643, but changes the syntax of HttpProtocol to
min=0.9|1.0, which is less ambiguous than the previous +0.9|-0.9.
Allowing to configure an arbitrary version range was a bad idea,
because it only checked the version in the request line, without
affecting the semantics of the headers, etc.
A tighter restriction off the version in the request line is still
possible with <If "%{SERVER_PROTOCOL_NUM} ..."> . |
bd3f5647b96d378d9c75c954e3f13582af32c643 1418767 |
|
08-Dec-2012 |
sf |
Add LogLevelOverride directive that allows to override the loglevel for
clients from certain IPs |
bef5c996e124993f6369fb349b891bf6a8308674 1417585 |
|
05-Dec-2012 |
gsmith |
fixed types since MSVC doesnt have uint*_t. |
8f12e8ba60707ca4d56b0fdec3c5555bcac50045 1407643 |
|
09-Nov-2012 |
sf |
Make HttpProtocol accept a range of allowed versions.
Bump MMN |
f6b9c755a0b793e8a3a3aebd327ca20a86478117 1406719 |
|
07-Nov-2012 |
sf |
New directive HttpProtocol which allows to disable HTTP/0.9 support.
The syntax is designed to allow addition of a +/- strict option
later on. |
147597b0b7a25df752f3496c445aec0ab105edf6 1406616 |
|
07-Nov-2012 |
trawick |
comment spelling fix |
ed6608b05c17ad82dd9391739af837256bdffb42 1374963 |
|
20-Aug-2012 |
fuankg |
Move *_DECLARE_* macros to beginning of line in headers.
Patch submitted by: normw gknw net. |
bd6f55fcc632c166165842eb23dcc1105ddde364 1240470 |
|
04-Feb-2012 |
sf |
Replace ap_create_core_ctx()/ap_core_ctx_get_bb() with a hook |
231ca3b40df46af2a63d006ebde6b745f73c40b2 1240315 |
|
03-Feb-2012 |
sf |
Fix various filter functions to return apr_status_t instead of int |
0ac3e6ab2ea0a3ee3fa0918bd0bec5ad8422afa8 1235019 |
|
23-Jan-2012 |
sf |
Make the core input/output filter contexts private and provide accessor APIs
for mpm_winnt and mod_ftp.
This allows to add members to the context structs without breaking binary
compatibility. |
acb0dcdb18c2593d9f5c01cb424b1dba2d372552 1229021 |
|
09-Jan-2012 |
niq |
Core configuration: add AllowOverride option to treat syntax
errors in .htaccess as non-fatal.
PR 52439 |
b02dfdb611f84136664b3c05e4d4d704aeabbf63 1228323 |
|
06-Jan-2012 |
wrowe |
Clean up size_t abuse, part 2. ap_malloc/calloc/realloc are explicitly
excluded from this cleanup as they must be signature identical to the
clib functions, and although the definition of size_t has been flakey,
the definition of those functions appears to be generally clean since
ANSI C. |
652271bc50e266cf3caeb84884b8f789f465bb9f 1205564 |
|
23-Nov-2011 |
sf |
fix comment |
f91e8c44b15a74bedaa027128a695950807e2968 1204614 |
|
21-Nov-2011 |
sf |
Pass ap_errorlog_info to error_log hook. |
fec106c7688e279dfde4403bc3c935fec97c1d62 1199086 |
|
08-Nov-2011 |
sf |
Change default FileETag to be "size mtime", i.e. remove the inode. Adjust the
etag generation in mod_dav_fs to the new default.
PR 49623. |
11e076839c8d5a82d55e710194d0daac51390dbd 1174929 |
|
23-Sep-2011 |
sf |
More cleanup: Expand tabs and some more indentation fixes
No functional change |
742318b93e89c311f66b55f426c4d9cf2c14628b 1174748 |
|
23-Sep-2011 |
jim |
Cleanup effort in prep for GA push:
Trim trailing whitespace... no func change |
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ec 1169756 |
|
12-Sep-2011 |
jim |
Add in MaxRangeOverlaps and MaxRangeReversals to accomodate
more control over acceptable Range headers:
See: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/311 |
7a975d0413ba303546b7619e4785cb641f7f09fd 1166282 |
|
07-Sep-2011 |
covener |
take care of some MaxRanges feedback:
* allow "none" to be expressed in config
* send Accept-Ranges: none with MaxRanges none
* stop accepting confusing/ambiguous "0", start accepting "unlimited". |
75c2b964ca7ebfb32ad08c68c9db3bca5ecced55 1162584 |
|
28-Aug-2011 |
covener |
add MaxRanges directive institute a default limit of 200 (post-merge where
applicable) Ranges before returning the complete resource.
(minor mmn bump for core_dir_config addition) |
113961f0559eb026ea0d379cb7350f82bc09d710 1151654 |
|
28-Jul-2011 |
druggeri |
Add AllowOverrideList directive and documentation |
9bec939825399ac2816ea0d912d2e3c3b2ed91f4 1135153 |
|
13-Jun-2011 |
sf |
Introduce new function ap_get_conn_socket() to access the socket of
a connection |
7184de27ec1d62a83c41cdeac0953ca9fd661e8c 1132781 |
|
06-Jun-2011 |
sf |
Introduce ap_(get|set)_core_module_config() functions/macros and use them
everywhere.
We know that the core module has module_index 0. Therefore we can save
some pointer operations in ap_get_module_config(cv, &core_module) and
ap_set_module_config(cv, &core_module, val). As these are called rather often,
this may actually have some (small) measurable effect. |
33510984c759eb3da154ceb0db9b75fa0031d3b4 1132494 |
|
05-Jun-2011 |
sf |
- Introduce concept of context prefix (which is an URL prefix)
and context document root (which is the file system directory that
this URL prefix is mapped to). This generalization of the document
root makes it easier for scripts to create self-referential URLs and
to find their files.
- Expose CONTEXT_DOCUMENT_ROOT and CONTEXT_PREFIX as envvars, in mod_rewrite,
and in ap_expr.
- Make mod_alias and mod_userdir set the context information.
- Allow to override the document root on a per-request basis. This allows
mass vhosting modules to set DOCUMENT_ROOT correctly.
- Make mod_vhost_alias set the per-request document root
PR: 26052, 46198, 49705
Remaining tasks:
- Use the context document root & prefix in mod_rewrite to make RewriteBase
unneccessary in many cases. Do this without breaking compatibility.
- Write docs. |
6b15044d54a096e6323ff1540f1a491e8de7622d 1132469 |
|
05-Jun-2011 |
sf |
- Add <ElseIf> and <Else> to complement <If> sections. These are both easier
to use and more efficient than using several <If> sections.
- Update <If> documentation a bit. |
b212cf25bc2f38a2696ecd5f9b80e8c6283fe8c9 1131468 |
|
04-Jun-2011 |
sf |
Reorder members in core_dir_config to be more logical and efficient.
MMN bump was already in r1131465 |
7f630e66c9c37e797e1c06bf7b259c0859538978 1101143 |
|
09-May-2011 |
trawick |
allow error log formatters to peek at the message format |
b8e5134b5779bf5505a9e5241cf8c930cc4aac5e 1096569 |
|
25-Apr-2011 |
sf |
Add new ap_reserve_module_slots/ap_reserve_module_slots_directive API,
necessary if a module (like mod_perl) registers additional modules later than the
EXEC_ON_READ phase.
Tested by: Torsten Foertsch <torsten foertsch gmx net> |
01d315c948a50cb511dbaee108b9571ee9a4d287 1087331 |
|
31-Mar-2011 |
jim |
Add in a configuration generation... this is independent of
MPM gen, just in case we ever switch MPMs at a graceful ;) |
3770ed746d69c7a4111cba9966169bd5d7a509a6 1082196 |
|
16-Mar-2011 |
poirier |
core: AllowEncodedSlashes new option NoDecode to allow encoded slashes
in request URL path info but not decode them. Change behavior of option
"On" to decode the encoded slashes as 2.0 and 2.2 do. PR 35256,
PR 46830. |
8ce3706192075de18c0c994184b9540277bc2634 1071794 |
|
17-Feb-2011 |
trawick |
spelling fix |
8602c898d4e06a7e7b9d6b7cf4b172a8e7310987 1070151 |
|
12-Feb-2011 |
sf |
Create new ap_state_query() function that allows modules to determine
if the current configuration run is the initial one at server startup,
and if the server is started for testing/config dumping only. |
7a3c5fd3b3f86cdd450d551e326b3b9a04ea8248 1060283 |
|
18-Jan-2011 |
sf |
Initialize the core_dir_config->sec_files and ->sec_if only if needed.
This saves some memory and two apr_array_append()s per directory merge. |
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8 1059867 |
|
17-Jan-2011 |
sf |
Merge the <If> sections in a separate step ap_if_walk, after ap_location_walk.
This makes <If> apply to all requests, not only to file base requests and
it allows to use <If> inside <Directory>, <Location>, and <Files> sections.
The merging of <If> sections always happens after the merging of <Location>
sections, even if the <If> section is embedded inside a <Directory> or
<Files> section. |
8fae12696bce44be9ce4c56888690cad8ac7b8f9 1032073 |
|
06-Nov-2010 |
sf |
Replace ap_expr with a parser derived from mod_ssl's parser. Make mod_ssl use
the new parser. Rework ap_expr's public interface and provide hooks for modules
to add variables and functions.
The Netware and Windows build files still need to be adjusted |
151c212faae454927d5348fbcb579840ab2f71d5 1021902 |
|
12-Oct-2010 |
sf |
improve docs for ap_errorlog_handler and ap_errorlog_info |
ce4dc40a4e87991087488f70d96d3447d7557294 1002125 |
|
28-Sep-2010 |
sf |
Add generate_log_id hook to allow to use the ID generated by mod_unique_id as
error log ID for requests. |
b5c4b00201fdc3ed11c6cc05cf3f9a7912ac0cfb 1001381 |
|
26-Sep-2010 |
sf |
In ErrorLogFormat, make it possible to log an item only if the loglevel
of the message is higher than a specified value. This allows to achive
the old behaviour for the source file name/line number of being only
logged for debug and higher. |
762e5050fc7e77baf4eefccf5ab42474125494ff 996306 |
|
12-Sep-2010 |
sf |
add comment about (not) using pools in error log format handlers |
e302f38fd646764ce1a1e1c578d794aef514a9e5 992806 |
|
05-Sep-2010 |
sf |
Add ErrorLogFormat directive for configuring the error log format, including
additional information that is logged once per connection or request.
Add error log IDs for connections and request to allow correlating error log
lines and the corresponding access log entry. |
9c233808c898095865fcc0a2dc1cf594d0d8faf3 992689 |
|
04-Sep-2010 |
sf |
Disable sendfile by default, as discussed at
http://mail-archives.apache.org/mod_mbox/httpd-dev/201007.mbox/<4C4355EE.2060605@rowe-clan.net> |
7cfa48136e3b42a14cdff1a46b60f4e4d2ad5291 966869 |
|
22-Jul-2010 |
niq |
Move AddOutputFilterByType implementation from core to mod_filter. |
78b8e4dd910f03af0a602bc4b63ad7bc69868ee3 959464 |
|
01-Jul-2010 |
sf |
re-order many struct members for better alignment on 64bit |
efd83d1dd1a25688a3093c5a542ae16bacef62dd 951897 |
|
06-Jun-2010 |
sf |
- Add loglevels to request_rec and conn_rec
- Introduce per-directory loglevel configuration |
8c2d2b4a70e9ec1f9539ccbd7f6650c017460a6e 951191 |
|
04-Jun-2010 |
sf |
Remove loglevel entry in core_dir_config, which has been unused for at
least some years. |
9c78f8d71737dfbbbf4da2f9acb397567a10e88b 900022 |
|
16-Jan-2010 |
sf |
Turn static function get_server_name_for_url() into public function
ap_get_server_name_for_url() and use it where appropriate. This fixes
mod_rewrite generating invalid URLs for redirects to IPv6 literal addresses. |
7317a32e0c621c9a28f6f10e83e6c5dc63e3f3bd 823337 |
|
08-Oct-2009 |
sf |
mod_logio: introduce new optional function ap_logio_get_last_bytes to get
total byte count of last request.
core: Use ap_logio_get_last_bytes to report more accurate byte counts in
mod_status if mod_logio is loaded. Without mod_logio, don't increment
counts for HEAD requests.
PR: 25656 |
28c1248e01240900c762bf6aaa27c514a1454713 772997 |
|
08-May-2009 |
jorton |
Security fix for CVE-2009-1195: fix Options handling such that
'AllowOverride Options=IncludesNoExec' does not permit Includes with
exec= enabled to be configured in an .htaccess file:
* include/http_core.h: Change semantics of Includes/IncludeNoExec
options bits to be additive; OPT_INCLUDES now means SSI is enabled
without exec=. OPT_INCLUDES|OPT_INC_WITH_EXEC means SSI is enabled
with exec=.
* server/core.c (create_core_dir_config): Remove defunct OPT_INCNOEXEC
from default override_opts; no functional change.
(merge_core_dir_configs): Update logic to ensure that exec= is
disabled in a context where IncludesNoexec is configured, even if
Includes-with-exec is permitted in the inherited options set.
(set_allow_opts, set_options): Update to reflect new semantics
of OPT_INCLUDES, OPT_INC_WITH_EXEC.
* server/config.c: Update to remove OPT_INCNOEXEC from default
override_opts; no functional change.
* modules/filters/mod_include.c (includes_filter): Update to reflect
new options semantics - disable exec= support if the
OPT_INC_WITH_EXEC bit is not set.
Submitted by: Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>,
jorton
Thanks to: Vincent Danon <vdanon redhat.com> |
cf8d02ea0c91653917b044529f3133c5a1bb9200 739382 |
|
30-Jan-2009 |
fielding |
Disabled DefaultType directive and removed ap_default_type()
from core. We now exclude Content-Type from responses for which
a media type has not been configured via mime.types, AddType,
ForceType, or some other mechanism. MMN major bump to NZ time.
PR: 13986 |
2eb6bba9426647e62957083e376f0e3623856170 731068 |
|
03-Jan-2009 |
wrowe |
bollocks, it's absolute crap to break the ABI structure alignment for features |
1d81451a4a5f7532e4b0fe96a613523d2e23cdab 708828 |
|
29-Oct-2008 |
pquerna |
* include/http_core.h
(core_dir_config): Fix warning: overflow in implicit constant conversion,
generated by core.c line 117, which sets content_md5 to '2', which is too big
for a signed value -- but it looks like this was really meant to be unsigned. |
31dcba758e3bed3258cbcb1de687c003ddb360c4 645432 |
|
07-Apr-2008 |
pquerna |
Include http_config.h from http_core, since now without CORE_PRIVATE, you need
the definition for the module type. |
933c34b8a545925e60026ce9d79c719c518a5b1c 645412 |
|
07-Apr-2008 |
pquerna |
Remove CORE_PRIVATE.
This define serves no modern purpose, since every module in the wild, including
our own define it, for no purpose.
If you have functions which you do not want in the 'public' API, put them
in a private header, that is not installed, just like mod_ssl does. |
750d12c59545dbbac70390988de94f7e901b08f2 644253 |
|
03-Apr-2008 |
niq |
HTTPD Core: Implement <If> sections for conditional (runtime) configuration.
N.B. This is a first pass, and has a way to go! |
8dafcef6cd2a5b17ef2e7cc799942ea724a87e87 611199 |
|
11-Jan-2008 |
covener |
*) mod_logio: Provide optional function to allow modules to adjust the
bytes_in count [Eric Covener]
Practical example: alternate SSL implementation that lives
beyond the filters (IOL) |
0d26b42fc1735e110c6dc83b114c56257b20070b 534533 |
|
02-May-2007 |
bnicholes |
re-introduce ap_satisfies API back into core and modify how the access_checker, check_user_id and auth_checker hooks are called so that they respect the precedence that is set through the satisfy ALL/ANY directive. This also restores the directives order, allow, deny, satisfyas supported directives rather than being deprecated. These directives still remain in mod_access_compat however. |
842ae4bd224140319ae7feec1872b93dfd491143 420983 |
|
11-Jul-2006 |
fielding |
update license header text |
3d81f57512275ca06a60a9bcbd23c1f8b429fdf2 395228 |
|
19-Apr-2006 |
colm |
Update the copyright year in all .c, .h and .xml files |
367d146f245f3b1c9f77c18e6ec591b52e0b344c 368027 |
|
11-Jan-2006 |
bnicholes |
Authz refactoring
Merge from branches/authz-dev
Basically here is a list of what has been done:
- Convert all of the authz modules from hook based to provider based
- Remove the ap_requires field from the core_dir_config structure
- Remove the function ap_requires() since its functionality is no
longer supported or necessary in the refactoring
- Remove the calls to ap_some_auth_required() in the core request
handling to allow the hooks to be called in all cases.
- Add the new module mod_authz_core which will act as the authorization
provider vector and contain common authz directives such as 'Require',
'Reject' and '<RequireAlias>'
- Add the new module mod_authn_core which will contain common
authentication directives such as 'AuthType', 'AuthName' and
'<AuthnProviderAlias>'
- Move the check for METHOD_MASK out of the authz providers and into
the authz_core provider vector
- Define the status codes that can be returned by the authz providers
as AUTHZ_DENIED, AUTHZ_GRANTED and AUTHZ_GENERAL_ERROR
- Remove the 'Satisfy' directive
- Implement the '<RequireAll>', '<RequireOne>' block directives to
handle the 'and' and 'or' logic for authorization.
- Remove the 'AuthzXXXAuthoritative' directives from all of the authz
providers
- Implement the 'Reject' directive that will deny authorization if the
argument is true
- Fold the 'Reject' directive into the '<RequireAll>', '<RequireOne>'
logic
- Reimplement the host based authorization functionality provided by
'allow', 'deny' and 'order' as authz providers
- Remove the 'allow', 'deny' and 'order' directives
- Merge mod_authn_alias into mod_authn_core
- Add '<RequireAlias>' functionality which is similar to
'<AuthnProviderAlias>' but specific to authorization aliasing
- Remove all of the references to the 'authzxxxAuthoritative'
directives from the documentation
- Remove the 'Satisfy' directive from the documentation
- Remove 'Allow', 'Deny', 'Order' directives from the documentation
- Document '<RequireAll>', '<RequireOne>', 'Reject' directives
- Reimplement the APIs ap_auth_type(), ap_auth_name() as optional
functions and move the actual implementation into mod_authn_core
- Reimplement the API ap_some_auth_required() as an optional function
and move the actual implementation into mod_authz_core
Major Changes:
- Added the directives <RequireAll>, <RequireOne>, <RequireAlias>,
Reject
- Expanded the functionality of the directive 'Require' to handle all
authorization and access control
- Added the new authz providers 'env', 'ip', 'host', 'all' to handle
host-based access control
- Removed the directives 'Allow', 'Deny', 'Order', 'Satisfy',
'AuthzXXXAuthoritative'
- Removed the ap_require() API
- Moved the directives 'AuthType', 'AuthName' out of mod_core and into
mod_authn_core
- Moved the directive 'Require' out of mod_core and into
mod_authz_core
- Merged mod_authn_alias into mod_authn_core
- Renamed mod_authz_dbm authz providers from 'group' and 'file-group'
to 'dbm-group' and 'dbm-file-group'
Benefits:
- All authorization and access control is now handle through two
directives, 'Require' and 'Reject'
- Authorization has been expanded to allow for complex 'AND/OR' control
logic through the directives '<RequireAll>' and '<RequireOne>'
- Configuration is now much simpler and consistent across the board
- Other modules like mod_ssl and mod_proxy should be able to plug into
and take advantage of the same provider based authorization mechanism
by implementing their own providers
Issues:
- Backwards compatibility between 2.2 and 2.3 configurations will be
broken in the area of authorization and access control due to the fact
that the directives 'allow', 'deny', 'order' and 'satisfy' have been
removed. When moving from 2.2 to 2.3 these directives will have to be
changed to 'Require all granted', 'Require all denied' or some variation
of the authz host-based providers.
- Existing third party authorization modules will have to adapt to the
new structure. |
b0e644d86ac27261e1db35f7b693a3aed5b7df66 344384 |
|
15-Nov-2005 |
jim |
Okay, at least be nice when "breaking" the API.
Tuck the new bitfield to the tail and adjust the
MMN |
a38b5f73e7f0f3b8726fb47d27b145f37036ead0 344369 |
|
15-Nov-2005 |
jim |
Add in the UseCanonicalPhysicalPort directive, which
basically allows Apache to configurably ( :) )
use the physical port when constructing the
canonical port. Also add the exact ordering to
the docs, so people can easily see how it works.
We now have compatibility with both 2.0 and 1.3. |
01034377c5f9c37762abb03c94ab0847e9f870e9 306495 |
|
06-Oct-2005 |
wrowe |
NET_TIME, as a standalone feature, was a horrid idea.
The core filter will NOT operate correctly across platforms
(even between Linux/Solaris) without setting up the conn->timeout,
so always apply the timeout when establishing the core filter.
The keep-alive-timeout is entirely an HTTP-ism, and needs to
move to the http protocol handler. Note #1; this isn't triggered
in the event mpm, but the event mpm introspects s->keep_alive_timeout
directly adding it to the pollset, so this is a non-sequitor.
Finally, once the headers are read, the named virtual host may
have a different (more/less permissive) timeout for the remainder
of the request body. This http-centric patch picks up that subtle
detail and can switch to a named-vhost timeout. |
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8 263931 |
|
29-Aug-2005 |
ianh |
Doxygen fixup / cleanup
submited by: Neale Ranns neale ranns.org
reviewed by: Ian Holsman |
641a873d29928927230edb2c6d1a09e6ad5a1af8 208785 |
|
01-Jul-2005 |
wrowe |
Initially a no-op. Add trace_enable configuration. The http and proxy
flavors of interpreting this flag are yet to be committed. |
89211a3153be8b03353c3bfbca45fed67cb80f0b 190563 |
|
14-Jun-2005 |
pquerna |
Merge the listen-protocol sandbox branch to trunk.
I will be adding documentation for the new directives hopefully in the next day or so.
* server/core.c: Added 'Protocol' to the core module config
Added ap_{set,get}_server_protocol API.
Added new directive: 'AcceptFilter'.
Enable 'httpready' by default on systems that support it. Use dataready filters for others.
* server/listen.c: Attempt to inherit protocols from Listener Records to Server configs.
The 'Listen' directive can now optionally take a protocol arg
Move bits that determined which accept filter is applied to core.c.
Added bits to find the correct accept filter based on the core's configuration.
* include/{ap_listen.h,http_core.h}: Add Protocol to respective structures.
* include/http_core.h: Add the accf_map table to the core_server_config structure
* include/ap_mmn.h: Minor MMN Bump for the new interfacces.
* modules/ssl/ssl_engine_init.c: Use the new protocol framework to enable mod_ssl for 'https' websites. |
b597281295360dba8ac57b7606c5f5c1ef2b69b0 170354 |
|
16-May-2005 |
trawick |
Support the suppress-error-charset setting, as with Apache 1.3.x.
With Apache 1.3.x, it is a bit simpler as the request does
not go through ap_make_content_type().
Modules can set custom error responses but not be able to
set the charset, so they have to code the charset in the
html. Thus, it is useful to preserve 1.3.x behavior exactly.
PR: 26467 |
ef5650b61a8e35f3cc93ec07e73efc17ea329894 153384 |
|
11-Feb-2005 |
jorton |
Move the POSIX reg* implementations into the ap_* namespace;
internalise the ap_reg*<->PCRE wrapper:
* configure.in: Add srclib/pcre to the include path.
* include/ap_regex.h: Renamed from include/pcreposix.h. Prefix all
constants with AP_; prefix all functions and types with ap_. Define
AP_DECLARE to nothing if necessary. Remove regcomp error codes.
* include/httpd.h: Include ap_regex.h not pcreposix.h.
(ap_pregcomp, ap_regexec, ap_regfree): s/regex_t/ap_regex_t/.
(ap_regexec, ap_regerror): Prototypes moved to ap_regex.h.
* server/util.c (regex_cleanup, ap_pregcomp, ap_pregsub, ap_pregfree):
Adjust for ap_ prefixed types. (ap_regexec, ap_regerror): Removed.
* server/Makefile.in: Build util_pcre.c.
* server/util_pcre.c: Copied from srclib/pcre/pcreposix.c; remove use
of PCRE-internals to do error mapping; rename types to add AP_/ap_
prefixes as above. Use APR includes. (ap_regerror): Use apr_snprintf.
* srclib/pcre/Makefile.in: Don't build pcreposix.c into libpcre.la.
* modules/*: Update to use new type and constant names.
PR: 27750 (part one)
Submitted by: Andres Salomon <dilinger voxel.net>, Joe Orton |
08cb74ca432a8c24e39f17dedce527e6a47b8001 151408 |
|
04-Feb-2005 |
jerenkrantz |
Update copyright year to 2005 and standardize on current copyright owner line. |
df38daceaa0d8d19bb7e23f6e9bcec258466441d 109498 |
|
02-Dec-2004 |
jorton |
Fix gcc "no previous prototype" warnings after reorganisation:
* server/core_filters.c (ap_core_input_filter, ap_core_output_filter,
ap_net_time_filter): Renamed to add ap_ prefixes for global symbols.
* include/ap_listen.h: Don't export ap_listen_open at all, it's not
used outside server/listen.c any more.
* server/listen.c (open_listeners): Renamed from ap_listen_open. |
103a93c625bcde1a6a7a5155b64dcda36f612180 104283 |
|
14-Jul-2004 |
pquerna |
Added 'AllowOverride Options=Indexes,MultiViews' to give an admin better
control over what options can be used in .htaccess files.
PR: 29310
Submitted by: Tom Alsberg <alsbergt-apache cs.huji.ac.il> |
1472e44fdcd32f00cd579bc2dde36deaa0f155da 103120 |
|
24-Mar-2004 |
trawick |
Fix memory corruption problem with ap_custom_response() function.
The core per-dir config would later point to request pool data
that would be reused for different purposes on different requests.
This is based on an old 1.3 patch submitted by Will Lowe.
It needs a minor tweak before committing to 1.3, but he had
it pretty darn close. |
5d3e5520c34648220ed0cd9dc01c2c203257c86f 102954 |
|
14-Mar-2004 |
nd |
Satisfy directives now can be influenced by a surrounding <Limit>
container.
PR: 14726. |
6de8046f8f7e07cd83895a528df25d977e502c76 102619 |
|
09-Feb-2004 |
nd |
fix name of The Apache Software Foundation |
497c60d05c62d2e4a37b0a0c002f62cd5824b4e3 102548 |
|
07-Feb-2004 |
nd |
fix copyright dates according to the first check in |
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dc 102525 |
|
06-Feb-2004 |
nd |
apply Apache License, Version 2.0 |
26a4456dd6f1a5d7d7fff766551461a578687c4a 102135 |
|
01-Jan-2004 |
nd |
update license to 2004. |
a8c55845ffa7170766e410dbd799353127b628f9 100095 |
|
30-May-2003 |
nd |
Rework of the recursion stopper - collapse recursion counters into one function
Reviewed by: Justin Erenkrantz |
c880637396a01f4acfcf7e35fe423ced2d86c3b4 99911 |
|
19-May-2003 |
nd |
Prevent the server from crashing when entering infinite loops. The
new LimitInternalRecursion directive configures limits of subsequent
internal redirects and nested subrequests, after which the request
will be aborted.
[William Rowe, Jeff Trawick, Andr� Malo]
PR: 19753 (and probably others) |
33bdcae1f7a1a65e351dda2a766a0cf28b1e695d 98573 |
|
03-Feb-2003 |
nd |
finished that boring job:
update license to 2003.
Happy New Year! ;-)) |
8419e6f8bff1a3617933f3ba760d2bdec7442f44 98479 |
|
23-Jan-2003 |
coar |
here we go. add a directive that will keep %2f from being
decoded into '/', allowing the *_walk to do their magic and
return 404 if it's in the path, and allowing it in the path-info. |
e520939be8c3cb1b685e3248fff701d447bdfc86 98320 |
|
18-Jan-2003 |
nd |
move rfc1413 code to a new module "metadata:mod_ident".
The rfc1413 code itself is mostly c&p, but can still bear
some rework ...
This patch removes the global ap_rfc1413 function and the
ap_rfc1413_timeout variable. It also introduces a new config
directive IdentityCheckTimeout (default 30 sec).
Reviewed by: Justin Erenkrantz |
a73d08028c0186782993a18bcf663b29afe8e39d 97930 |
|
15-Dec-2002 |
brianp |
comment an endif for clarity |
1f279dc92a60df9f61bf58468162aab0eef072e4 97300 |
|
25-Oct-2002 |
brianp |
mod_logio modification: count bytes-sent after the writev or sendfile
call in the core_output_filter, in order to get a more accurate count
of the total bytes transmitted in cases where the client terminates
the connection before the entire response is sent.
Note: This works by adding a flush bucket to each response when
mod_logio is used; the side-effect is that pipelined responses
get broken up into separate network writes per request (but there's
no impact on pipelining when mod_logio is not enabled).
Submitted by: Bojan Smojver <bojan@rexursive.com>
Reviewed by: Brian Pane |
3d43d1454a609c00b8f35a19b416b86b85a029e6 97205 |
|
14-Oct-2002 |
wrowe |
Introduce an EnableSendfile directive (defaulted to ON) to allow users
to disable sendfile mechanics for NFS volume mounts and other kernel
objects that don't support sendfile. And EnableSendfile off can be used
to help narrow bugs down to the sendfile mechanics or eliminate the
possiblity that sendfile is a factor on any given platform. |
b7d57cabc22d92e9ff6ab63202dda24f987b6a83 97065 |
|
03-Oct-2002 |
gstein |
Add logic to the default_handler to enable script delivery to script
processors located in the output filter stack. This is on by default,
but will change "soon" to off -- the processors will then need to
enable it when they are installed into the filter chain. |
8496c88debb9962575dac2b1ef9b81984d7bd759 95040 |
|
12-May-2002 |
brianp |
Added EnableMMAP directive to allow the server administrator to
prevent mmap of file buckets upon read. |
6ccae5d76fd0289e2b6f41d1b64b6df184d6ba32 94469 |
|
05-Apr-2002 |
wrowe |
Whoops, missed this. Moved these symbols to mod_core.h |
bccb9a318593e2ca45ba26fd43f45a10c8a887ac 94356 |
|
01-Apr-2002 |
jwoolley |
Match the new APR_BUCKET_BUFF_SIZE. We want this to be slightly less than
8KB to leave room for the various allocators' internal structures while
still fitting into a total of 8KB. |
2864362ca8266097928e84f101010bdf814ffa08 94028 |
|
20-Mar-2002 |
stoddard |
Final commit to add ap_rset_content_type accessor. Add AddOutputFiltersbyType
filters during call to ap_rset_content_type() |
bc8fd1b0b1afdf89b8d28eefa8cd74e26ba97986 93918 |
|
13-Mar-2002 |
fielding |
Update our copyright for this year. |
6db5333c9461942b8af724b101e687af541d4d4c 93490 |
|
19-Feb-2002 |
jerenkrantz |
Introduce AddOutputFilterByType directive.
AddOutputFilterByType DEFLATE text/html
(I will add docco soon, I promise. If someone beats me to it, cool...) |
3088e6ce2178e52501eb506d86cd8f44d95c6432 93051 |
|
27-Jan-2002 |
brianp |
Replaced some more ap_add_output_filter() calls with
ap_add_output_filter_handle() for efficiency |
91a9b0a5d1aa9614c3d3361a66ebf570b5d0319c 93040 |
|
27-Jan-2002 |
brianp |
Performance improvement: incorporated the use of the new
ap_add_input_filter_handle() and ap_add_output_filter_handle()
functions for core filters |
b8daf4c5ea3d5bb2111b1b021de6d3cd891e403b 92830 |
|
11-Jan-2002 |
coar |
Bring forward the FileETag directive enhancement from 1.3.23-dev.
(Passes all 61 of the apache/etags.t test.) Bump MMN due to
change to core_dir_config structure (new fields at end). |
d5d164b22a2004abed640cb52fc275f00ed92f69 92700 |
|
02-Jan-2002 |
jerenkrantz |
Fix LimitRequestBody directive by moving the relevant code from
ap_*_client_block to ap_http_filter (aka HTTP_IN). This is the
only appropriate place for limit checking to occur (otherwise,
chunked input is not correctly limited).
Also changed the type of limit_req_body to apr_off_t to match the
other types inside of HTTP_IN. Also made the strtol call for
limit_req_body a bit more robust. |
a2b181763cb35fd899feb4a436aeadaa80bf91ea 92697 |
|
01-Jan-2002 |
brianp |
Generalized the recent prep_walk_cache optimizations to allow other
modules to register "notes" within the array of working data in
the core_request_config |
7a2edaa0193cbb0d79a65a8461a609a9402aea49 92684 |
|
31-Dec-2001 |
brianp |
Performance fix for prep_walk_cache():
Moved the directory/location/file-walk caches from the
request's pool userdata hash table to the core_request_config
struct.
This change removes about 60% of the processing time from
prep_walk_cache(). |
b6501729855bbddb3c8e2913d77e66e20c95ed58 92447 |
|
13-Dec-2001 |
wrowe |
Jeff's guess, right on. [Thought I committed it all... gotta grab a
clean parallel tree, all my parallel trees are dirty again.] |
073531a2cad2a843a260a5d78845b028cc089c84 92446 |
|
13-Dec-2001 |
trawick |
hack up core_dir_config so that server/core.c compiles again |
cd1ebe85d90c0e3e66cf721556e52363eac8b606 92024 |
|
18-Nov-2001 |
ianh |
change the signature of ap_custom_response() to use a
"const char *" instead of a "char *".
PR: 8791
Submitted by: Kurt Brown kurtb149@yahoo.com
Reviewed by: Ian Holsman |
14c6f2e13d97a4fafac1fbc247a274a298d5b418 91058 |
|
17-Sep-2001 |
wrowe |
Remove the Win32 script-processing exception from mod_cgi, and
roll build_command_line/build_argv_list into a unified, overrideable
ap_cgi_build_command optional function.
Eliminates a ton of Win32 cruft from core.c for registry parsing.
Win32 (through the default handler, and newest changes to the
apr_proc_create fn) continues to serve .bat/.exe files. This is in
preparation for adding modules/arch/win32/mod_win32 for scripts.
Please review the mod_cgi.c behavior very carefully. |
117e2968318323d2ad2187fcd4de379d2eca245c 90799 |
|
30-Aug-2001 |
wrowe |
Changed syntax of Set{Input|Output}Filter. The list of filters
must be semicolon delimited (if more than one filter is given.)
The Set{Input|Output}Filter directive now overrides a parent
container's directive (e.g. SetInputFilter in <Directory /web/foo>
will override any SetInputFilter directive in <Directory /web>.)
This new syntax is more consistent with Add{Input|Output}Filter
directives defined in mod_mime. Also cures a bug in prior releases
where the Set{Input|Output}Filter directive would corrupt the
global configuration if the multiple directives were nested.
[William Rowe] |
bd381e76ecf9b101c77d22a7a8f8a34c2e9913aa 90797 |
|
30-Aug-2001 |
wrowe |
Since the mod_mime patch was applied, here is the rest of the patch to
introduce the ForceType and SetHandler [absolute references] directly
into the very top of the fixups phase. This means these will always
override _any_ mime module, not just mod_mime. Ergo, other mime modules
can continue to set charset, encodings, etc. Since these are globals,
they belong in the core.
This highlights a very serious drawback to the type_checker hook. By
using run first, a module that identifies _partial_ information (maybe
just the content type) won't pass the query on to other modules, like
mod_mime, that might further define the encoding or charset. The
type_checker hook should clearly become a run-all, and the modules should
decline if they see someone ahead of them answered a question they were
going to try to figure.
Which means - if type_checker becomes RUN_ALL - this new override hook
fn should become a type_checker again - and RUN_REALLY_FIRST, and let
other modules _choose_ not to override this election. (We can run it
again at the end, for a recount ;) Votes? |
ac06e54654494445fd3d39e90bd23b436b4f84cc 90684 |
|
26-Aug-2001 |
wrowe |
Eliminate proxy: (and all other 'special') processing from the
ap_directory_walk() phase. Modules that want to use special
walk logic should refer to the mod_proxy map_to_location example,
with it's proxy_walk and proxysection implementation. This makes
either directory_walk flavor much more legible, since that phase
only runs against real <Directory > blocks.
On a technical note, this patch also forces the Directory to be
canonical (unless it is "/" or a regex.) It also allows us to
be more explicit when declaring <Directory > block errors. |
2fa5b5878e7567e2875807c3e2a2b3b0d3ef74be 90646 |
|
24-Aug-2001 |
wrowe |
sec, sec, who's got a sec? This gave me a headache, but I had to clear
out the last patch before I rearranged this to be _readable_.
Next step for everyone's sanity, provide <Proxy > directives ;) |
62db15de4c1f335a64d45821796ae197cff94ef8 89869 |
|
02-Aug-2001 |
rbb |
Add the ability to extend the methods that Apache understands
and have those methods <limit>able in the httpd.conf. It uses
the same bit mask/shifted offset as the original HTTP methods
such as M_GET or M_POST, but expands the total bits from an int to
an ap_int64_t to handle more bits for new request methods than
an int provides.
Submitted by: Cody Sherr <csherr@covalent.net> |
3c4a045cb3e228601de2b32cb932ba3cdf981951 89791 |
|
30-Jul-2001 |
wrowe |
Provide the same optimization to the dir_config structure to track
d_is_absolute, along with d_is_fnmatch. |
346029f34d03eb20d84fc35664426d3874b00f9e 89749 |
|
27-Jul-2001 |
wrowe |
Doc formatting fixes |
e33a549ef7ad9ce23f4719d91de915e9ecedaecf 89364 |
|
13-Jun-2001 |
gstein |
Define a hook for fetching management/status items.
This patch was submitted by Ian Holsman. Greg revised some names, applied
the Apache style, and namespace-prefixed the public symbols. Minor bugfix in
the use of the hook implementation macro.
Submitted by: Ian Holsman <IanH@cnet.com>
Reviewed by: Greg Stein |
e48406ccef7b84630bedcd0887740f7b4921e3b8 88843 |
|
13-Apr-2001 |
jwoolley |
Change AP_MIN_BYTES_TO_WRITE from 9000 to 8192 to match the bucket buffer
size. This fixes the 8192-808-8192-808 iovec-length sequence problem
on platforms using writev() (eg OS/2).
Reviewed by: Brian Havard |
928f342270fd8ca02a36f484072d35063121171f 88484 |
|
09-Mar-2001 |
trawick |
tweak ap_get_remote_host() so that the caller can find out if she got
back an IP address
mod_access needed to know this, but the old code didn't handle IPv6 |
a4f1fcfd8a0dc1d6296d9f5a94b1ccb57b9492ea 88274 |
|
22-Feb-2001 |
dougm |
just making server_signature enum decl easier to read (for both humans and C::Scan) |
e9209cd49f6e3329c4d46e3933ece39ef3f7604a 88226 |
|
18-Feb-2001 |
gstein |
shift some declarations over to mod_core.h where they're totally private. |
b99dbaab171d91e1b664397cc40e039d0c087c65 88184 |
|
16-Feb-2001 |
fielding |
Update copyright to 2001 |
42ce672c516baf6e4eaed18ccc1647de2d456d8e 87970 |
|
04-Feb-2001 |
dougm |
fix minor prototype inconsistencies noticed with C::Scan |
8849584883292845cc087a697b970a71ae7973c1 87929 |
|
31-Jan-2001 |
gregames |
get Apache building again after the change to make_exports.awk
yeah, I know, this shouldn't be necessary. you're preaching to the choir.
but this does the job until make_exports.awk gets slightly more robust. |
c032b37ad682c1da5382258811e8e35a8ec0d78d 87733 |
|
19-Jan-2001 |
wrowe |
Normalize the use of AP_DECLARE_DATA |
b980ad7fdc218b4855cde9f75a747527f50c554d 87731 |
|
19-Jan-2001 |
wrowe |
The big change. This is part 3 of the apr-util symbols rename, please
see the first commit of srclib/apr-util/include (cvs apr-util/include)
for the quick glance at symbols changed. |
cccd31fa4a72fe23cc3249c06db181b274a55a69 87080 |
|
26-Nov-2000 |
gstein |
*) Compensate for recent changes in the APR headers. Specifically, some
files need to specifically include stdio.h, or a particular apr_*.h
header.
*) Adjust callers of apr_create_process() to deal with the extra "const"
*) Add "const" to args of ap_os_create_privileged_process() |
6bec2812600547cd9fcfdfa4e4c9fa77495df4f7 87058 |
|
22-Nov-2000 |
rbb |
Next pass at the content-length filter. Not perfect quite yet, but
getting closer
Submitted by: Greg Stein |
da8a2fe58892003fc689a5f027e98677e9198d43 87055 |
|
21-Nov-2000 |
rbb |
Modify the content-length filter to change the criteria used to determine
if/when we compute the content-length. There are just a few cases now:
1) We already have all the data
2) We don't have all the data and:
2a) This is a 1.1 request but we can't chunk
2b) The is a keep-alive request
In the future, we probably want to modify this to not
be a keep-alive request.
This filter always buffers 9K of data. The reason is simple, the core will
buffer 9K at a time anyway, and there is a chance that we may get the end
of the request before we hit 9K. This increases our chances of being able
to send a c-l. |
c21ddeacdc8bb17fe61b9e2d7d1fa6f2f7e40d84 86867 |
|
08-Nov-2000 |
dreid |
Missed these first time round... More apr_port_t changes. |
1fb3394b4c26f8e295a9895cbd672a65bafbdc22 86647 |
|
18-Oct-2000 |
trawick |
ap_get_client_block() now uses a brigade in core_request_config
instead of a brigade in core_dir_conf. For now, getline() and
ap_get_client_block() share a brigade. |
e7ef09295c8cb70f5c28b9b86367eb8c15bffdfe 86642 |
|
18-Oct-2000 |
gregames |
Add a core_request_config so we have a safe semi-hidden place to save core data
that lives across function calls during a single request. Change getline() to
take a request_rec parm (rather than a conn_rec) so we can access the
core_request_config.
This is in preparation for adding look-ahead functionality to getline(), so it
can support header line folding once again. I'm committing these changes first
so the core_request_config can be used elsewhere (i.e. ap_get_client_block). |
d0d4515ee39dfff34bae489b5390af964c5d4cfc 86623 |
|
17-Oct-2000 |
trawick |
Rename output filters field ("filters") in core_dir_config to
"output_filters" for consistency with the name of the input
filters field ("input_filters"). |
d1a1186fb504a4f5956c291f98ebb7ebd2fdab4b 86613 |
|
16-Oct-2000 |
trawick |
input filtering changes:
get dechunking working
verify that infrastructure for input filters works
(use existing AddInputFilter directive)
Unlike with my previous patch, ap_get_client_block() saves state between
calls in the core's per-request dir config.
Unlike with my previous patch, HTTP_IN keeps a count of remaining bytes
in the conn_rec. Code that needs to prod it to deliver a certain amount
of request body plays with conn_rec->remain directly. |
3d96ee83babeec32482c9082c9426340cee8c44d 86609 |
|
16-Oct-2000 |
wrowe |
Renamed all MODULE_EXPORT symbols to AP_MODULE_DECLARE and all symbols
for CORE_EXPORT to AP_CORE_DECLARE (namespace protecting the wrapper)
and retitled API_EXPORT as AP_DECLARE and APR_EXPORT as APR_DECLARE.
All _VAR_ flavors changes to _DATA to be absolutely clear.
Thank you Greg, for the most obvious suggestion. |
5fac642ef2ee110540c3a391e4cf1d166ba57d0f 86403 |
|
05-Oct-2000 |
trawick |
Add a bit of infrastructure which will be needed for input filtering:
1) separate filter lists hanging off the r and the c
requests start off with the same filter list as the connection
the input filter list is not initialized for subrequests
internal redirects start off with the same filter list as the
connection
2) AddInputFilter directive (blatant rip-off of Ryan's AddOutputFilter
directive); as with AddOutputFilter, the network is implicitly to the
right of the specified filter list; this may not be the most
intuitive way to specify the filters; not sure yet |
8c664b071856c6aa5ed0ff16e0dcd2428acaf97a 86220 |
|
14-Sep-2000 |
rbb |
Add the AddFilter directive. This directive takes a list of filter names
that have been previously registered with the server. Currently the
directive is only valid inside the config file, but once the Options
directive is tweaked a bit, I would feel more comfortable exposing this
directive to htaccess files.
As a part of making adding this filter, I removed the ctx pointer from the
ap_add_filter prototype. The problem is that the core is the thing that
is actually inserting the filter into the filter stack, but the core doesn't
know how to allocate memory for each filter. The solution is to have the
filters themselves be responsible for allocating the ctx memory whenever
it is required. |
337514a6db2f194f40400746891abd1ffcc1931c 85997 |
|
05-Aug-2000 |
rbb |
Document http_core's public APIs for use with ScanDoc. |
1ccd992d37d62c8cb2056126f2234f64ec189bfd 85976 |
|
02-Aug-2000 |
dougm |
prefix libapr functions and types with apr_ |
cd5c0afc86ca2eb23d6d12e14590e03cf2f80450 85816 |
|
11-Jul-2000 |
gstein |
shift the LimitXMLRequestBody directive to the core. use it from util_xml. |
66cc0935b2e9e6389b2c0e9a251d8eb2fe028221 85716 |
|
28-Jun-2000 |
wrowe |
Whoops... will be needing this exported rsn for mod_mmap_static. But the
argument to register hook fn takes a __cdecl function, so _NONSTD it is.
PR:
Obtained from:
Submitted by:
Reviewed by: |
d907f99a658e844f7677bd4142115d777acdba10 85715 |
|
28-Jun-2000 |
wrowe |
Hook functions aren't translated (and when they are, they are _NONSTD)...
but you don't need to export a function you will pass by ref to a
register hook function.
PR:
Obtained from:
Submitted by:
Reviewed by: |
000b67449410515eac43e76ef6667915bfd4d2ab 85686 |
|
24-Jun-2000 |
gstein |
blast the old names for the status codes |
1abfcc7f41c0ca875626aea5866cb5f7c82d1f78 85625 |
|
20-Jun-2000 |
wrowe |
This Win32 patch adds the key HKCR/filetype/shell/execcgi/command as the
preference over the HKCR/filetype/shell/open/command for registry-based
script execution, allowing two behaviors to coexist peacefully (the pipe
based console behavior and the Win32 shell behavior.)
The new ScriptInterpreterSource registry-strict directive dismisses bth
the HKCR/filetype/shell/open/command and the shebang processing for
administrators who are interested in explicit authorization of file type
execution allowed in the context of subscriber-created scripts. The net
result: only HKCR/filetype/shell/execcgi/command processing is permitted.
Docs to follow shortly.
PR:
Obtained from:
Submitted by:
Reviewed by: |
ba03385030cfbe81ffa4d35cffbf319df153895c 85623 |
|
20-Jun-2000 |
wrowe |
This patch solves several specific issues:
1.3.x truncated any open/command arguments following the %1 arg.
so this patch adds the char** arguments to several functions
1.3.x did not expand environment strings (%userprofile% etc.)
*) This patch may still not do so, if we are running with a
subset of the 'normal' environment for security reasons.
1.3.x did not parse the extension itself (eg. the .pl key itself)
for the command, failing the 'named' type (eg. perlscript),
so this patch first tests the 'named' key, then the .ext key
PR:
Obtained from:
Submitted by:
Reviewed by: |
0e6e93183d91142d7cf9ffbf502114ff77bd9e19 85595 |
|
17-Jun-2000 |
ben |
Command handler revamp. Note that this makes the code produce a LOT of
warnings! |
b1476ba063e6d9577cd86db3db5dd98ff6bc78b9 85449 |
|
06-Jun-2000 |
rbb |
Add the resource limiting code back to Apache 2.0. This only works on
Unix because I can't find any other platforms with rlimit. If there are
other platforms that need this code, then some of the code needs to move.
This has just barely been tested, so it could probably use some good
testing. |
3ad8afcbbeb34b4b129bfeaff0f6eaf65e69ba9f 85439 |
|
06-Jun-2000 |
wrowe |
PR:
Obtained from:
Submitted by:
Reviewed by:
Hmmm... exporting a hook, very interesting :-)
But the win32 build believes hooks are pretty uninteresting, mostly
static __cdecl calls, so pound this declaration into NONSTD. |
e66273917ce426de07b506ecb2c08d5e8835661c 85437 |
|
06-Jun-2000 |
trawick |
Port mod_mmap_static to 2.0. Make it go faster.
core: Export core_translate() as ap_core_translate() for use by
mod_mmap_static.
Submitted by: Greg Ames
Reviewed by: Jeff Trawick |
e68becff3c3ddc18723c9799b8cc2e6e9c3dbd66 85318 |
|
28-May-2000 |
wrowe |
PR:
Obtained from:
Submitted by:
Reviewed by:
Reverse out all _EXPORT_VAR changes back to their original _VAR_EXPORT
names for linkage (API_, CORE_, and MODULE_). |
30c289e6bc6d28d210b21edd800ab2cfc78a8381 85309 |
|
27-May-2000 |
wrowe |
This patch corrects the issues from the AP_EXPORT and linkage
specification arguments to the ap_hooks.h declarations. As with
the APR_ and AP_ patches, API_VAR_EXPORT becomes API_EXPORT_VAR,
and MODULE_VAR_EXPORT becomes MODULE_EXPORT_VAR.
I will be happy to revert the inclusion of ap_config.h from
httpd.h if this bothers anyone. More individual modules need
to be patched if we do so.
The API_EXPORTs all moved into central storage in the ap_config.h
header. Without WIN32 or API_STATIC compile time declarations,
these macros remain no-ops.
This patch also moves the following data from http_main to http_config:
const char *ap_server_argv0;
const char *ap_server_root;
ap_array_header_t *ap_server_pre_read_config;
ap_array_header_t *ap_server_post_read_config;
ap_array_header_t *ap_server_config_defines;
And the following variables had already moved into ap_hooks.c:
ap_pool_t *g_pHookPool; (initialized now in http_config)
int g_bDebugHooks; (out of http_config)
const char *g_szCurrentHookName; (out of http_config)
The changes to http_main.c are in preparation for that module to
move out to a seperate .exe for win32. Other platforms will be
unaffected, outside of these changes. |
404e2e1f8ad30c2d996f5fb6b3a9a4a4a14a004b 84963 |
|
14-Apr-2000 |
rbb |
Change ap_context_t to ap_pool_t. This compiles, runs, and serves pages
on Linux, but probably breaks somewhere. |
f062ed7bd262a37a909dd77ce5fc23b446818823 84877 |
|
31-Mar-2000 |
fielding |
Update to Apache Software License version 1.1 |
3a9bc6532fbe8439fc748d8ffedb87415904d16a 84751 |
|
13-Mar-2000 |
jim |
Backport the CSS security fixes to Apache 2.0a. Or is that forward
port? My sense of direction is all confused.
PR:
Obtained from:
Submitted by:
Reviewed by: |
64185f9824e42f21ca7b9ae6c004484215c031a7 84725 |
|
10-Mar-2000 |
rbb |
Fix all the License issues. Including:
s/Apache Group/Apache Software Foundation/
s/1999/2000/
s/Sascha's license/ASF license |
8446ff68f1907088878cfdb0d80ebaeb44b609c8 84505 |
|
21-Jan-2000 |
stoddard |
Add back the script_interpreter_source code. |
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44c 84493 |
|
19-Jan-2000 |
rbb |
Finish the commits for the change in the header files. Basically, this hides
all of the Apache macros that modules don't need access to. This should
have been committed with the modules, but I wasn't paying attention to the
directory I was in when I ran the commit.
Submitted by: Manoj Kasichainula and Ryan Bloom |
b4c8a80f7dbfc9b56dbe03bdc28f0b5eb5f23697 83852 |
|
31-Aug-1999 |
rbb |
Changed pools to contexts. Tested with prefork and pthread mpm's. I'll
check this out tomorrow and make sure everything was checked in correctly. |
2e123e8beedc9f921448c113e2d6823a92fd5261 83763 |
|
26-Aug-1999 |
fielding |
Rearchitect the mess in http_main.c, http_core.c and buff.c.
Basic restructuring to introduce the MPM concept; includes various
changes to the module API... better described by docs/initial_blurb.txt.
Created multiple process model (MPM) concept by ripping out the process
guts from http_main.c and http_core.c and moving them to separate files
under src/modules/mpm/
Moved socket creation stuff to listen.c.
Moved connection open, maintenance and close to http_connection.c.
I/O layering and BUFF revamp. Much of buff.c moved to ap_iol,
iol_socket, and iol_file. See docs/buff.txt.
Moved user and auth fields from connection_rec to request_rec.
Removed RLIMIT stuff, supposedly to be implemented later in mod_cgi.
Disabled suexec, supposedly to be reimplemented later.
Submitted by: Dean Gaudet |
2d2eda71267231c2526be701fe655db125852c1f 83749 |
|
24-Aug-1999 |
fielding |
Apache 1.3.9 baseline for the Apache 2.0 repository.
Obtained from: Apache 1.3.9 (minus unused files), tag APACHE_1_3_9
Submitted by: Apache Group |