mod_proxy_ajp: Rename output_failed to client_failed in ap_proxy_ajp_request(). Since any read/write error is caught by this flag, it really means "dialog with client <ip:port> failed" (as per the associated log message), whereas write to client (output) errors need not be handled differently than any error occuring after some bytes have already been sent to the client, which is the purpose of the data_sent flag.

core, modules: like r1657897 but for core and other modules than mod_proxy. More uses of ap_map_http_request_error() and AP_FILTER_ERROR so that we never return an HTTP error status from a handler if some filter generated a response already. That is, from a handler, either ap_get_brigade() (an input filter) returned AP_FILTER_ERROR and we must forward it to ap_die(), or ap_pass_brigade() (an output filter) failed with any status and we must return AP_FILTER_ERROR in any case for ap_die() to determine whether a response is needed or not.

mod_proxy(es): Avoid error response/document handling by the core if some input filter already did it while reading client's payload. When an input filter returns AP_FILTER_ERROR, it has already called ap_die() or at least already responded to the client. Here we don't want to lose AP_FILTER_ERROR when returning from proxy handlers, so we use ap_map_http_request_error() to forward any AP_FILTER_ERROR to ap_die() which knows whether a response needs to be completed or not. Before this commit, returning an HTTP error code in this case caused a double response to be generated. Depends on r1657881 to preserve r->status (for logging) when nothing is to be done by ap_die() when handling AP_FILTER_ERROR.

mod_proxy_ajp: Fix get_content_length(). clength in request_rec is for response sizes, not request body size. It is initialized to 0, so the "if" branch was never taken.

mod_proxy_ajp: follow up to r1643537. Log aborted client connections with level DEBUG only (no more noise than other proxy modules).

* mod_proxy_ajp: Fix client connection errors handling and logged status when it occurs. PR 56823.

Use 'apr_table_setn' instead of 'apr_table_set' when possible in order to save memory.

mod_proxy_ajp: remove AJP_EBAD_METHOD, it is not used since r1435178

We were not being consistent between http and others if we added the default port or not during the canonizing phase... Baseline the http method (don't add unless the port provided isn't the default).

ping tuning via Yann Ylavic <ylavic.dev@gmail.com>

fill in missing message numbers in APLOGNO() invocations

typo

Allow for a simple socket check in addition to the higher level protocol-level checks for backends... Not sure if it makes sense to do both or not... Comments?

Add failontimeout to allow server admin to mark balancer member in err if IO timeout occurs.

* If we face a timeout during receiving the response from the backend and if we pinged it successfully before don't assume the whole backend has failed. Assume that only the request has failed and return a gateway timeout then.

Fix closing the back end connection in case of error. The field "closed" was changed from an int to a bit field of size one in 2.4.x. For historical reasons a close instruction was coded as an increment on the field, which in 2.4.x flips the field each time. There were mutliple code paths that would flip it several times for a single error, so effectively the connection was no longer closed in these cases. Especially in the case of an aborted client connection this lead to a non consumed back end buffer and thus to response mixup between users. PR 53727 CVE-2012-3052

Use short lived pool to avoid memory leaks Remove the comment about binding upstream and downstream connections. It seems to be obsolete since r104604, r104605, r105108. Also avoid allocating memory if we are not handling the connection. PR: 52275 Submitted by: Naohiro Ooiwa <naohiro ooiwa miraclelinux com>, Stefan Fritsch

Add lots of unique tags to error log messages

More ap_log_rerror() usage and axe some more AJP: prefixes

great proxy logging cleanup: * remove "proxy:", "FCGI", etc. prefixes and pid which are now included in the error log format * propagate frontend request's logconfig to backend request * use ap_log_rerror where possible * remove obsolete APLOG_NOERRNO

Cleanup effort in prep for GA push: Trim trailing whitespace... no func change

Use HTTP_NOT_IMPLEMENTED instead of HTTP_BAD_REQUEST.

AJP_EBAD_METHOD is also a bad request so return HTTP_BAD_REQUEST

* Do not even sent an empty brigade down the filter chain if the headers have not been sent by the AJP server so far. Even an empty brigade will trigger the headers filter to create the (in this case incomplete) HTTP headers of the response.

Improve logging for mod_proxy_ajp.

mod_proxy_ajp: Respect "reuse" flag in END_REPONSE packets.

replace recent AJP direct comparisons to APR_TIMEUP with APR_STATUS_IS_TIMEUP.

Fixed missing struct member error introduced with r1092076.

try to prevent a single long request marking a worker in error.

*) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945. [Peter Pramberger <peter pramberger.at>, Jim Jagielski]

More movement to shared stuff...

Don't log errors when we can't send to client, just debug.

comment fixes for "send" vs. "sent"

* Ensure that we only return a non fatal error if the request is idempotent and if we did not sent any request body so far.

* Use APR_STATUS_IS_TIMEUP instead of direct compare to APR_TIMEUP to be more safe on different platforms. Pointed out by: rjung

- Be less verbose at levels INFO and DEBUG in mod_proxy* and mod_ssl - Add some trace logging to core and http

Use the new APLOG_USE_MODULE/AP_DECLARE_MODULE macros everywhere to take advantage of per-module loglevels

SECURITY: CVE-2010-0408 (cve.mitre.org) mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR. Submitted by: Niku Toivola <niku.toivola sulake.com> Reviewed by: rpluem, jim, wrowe

* Really regard the operation a success, when the client aborted the connection. In addition adjust the log message if the client aborted the connection.

Make comment agree with code.

* Check more strictly that the backend follows the AJP protocol. Submitted by: mturk

* Avoid delivering content from a previous request which failed to send a request body by closing the connection to the backend in this case instead of reusing it. CVE: CVE-2008-5519 PR: 46949 Reviewed by: jim, wrowe

* Use distinct char pointers for sending and receiving buffers to avoid destroying the pointer to the sending buffer in the ajp message if data is received from the backend before all data is sent to the backend. PR: 45911

* There are no subrequests which have itself as parent.

ap_proxy_determine_connection modifies the url if we are retrying the result we should retry using the orginal url.

Always send body (zero size at least) whenever C-L is present in the request

* If CPING fails retry once more with a fresh TCP connection. If this fails as well give up.

* Introduce a flag to decide whether we sent an body to the backend or not.

Set at init time, and combine comments

* Do not add the query string again in the case that we are using the unparsed uri. PR: 44803

handle ? in cases where nocanon is in effect

Make mod_proxy_ajp aware of the nocanon envvar

Remove useless test.

* As per niq's comment, better destinct the types of idempotence.

* Do not retry a request in the case that we either failed to sent a part of the request body or if the request is not idempotent. PR: 44334

Ignore any ajp13 flush messages which we may mistakenly rec' before we send the response headers. See Tomcat PR 43478.

Add support for proxy-nokeepalive (for testings).

* Rework the error handling logic to make it more readable.

Make sure that we are not resending if we have received something from Tomcat.

When Servlet container sends AJP body message with size 0, this means that Servlet container has asked for an explicit flush. Create flush bucket in that case.

Make sure the AJP message is between 8 and 64K. Use the provided message size when using get_brigade.

fix typo that breaks compilation

At support for ProxyIOBufferSize in AJP.

* Close connection to backend if reading of request body fails. PR: 40310 Submitted by: Ian Abel <ianabel mxtelecom.com> Reviewed by: rpluem

Cleanup: Remove close_on_recycle from proxy_conn_rec. It behaves the same as close.

Added cping/cpong support for the AJP protocol.

update license header text

Update the copyright year in all .c, .h and .xml files

Document the removal of the flushing bandaid to a runtime param. Since other protocols might benefit from this, remove the ajp_ prefixes, to make it more generic looking.

Make AJP flushing admin configurable.

Explain how we're checking to see if ap_proxy_backend_broke() has been called or not.

* Correctly signal broken backend connections up the chain also for the ajp backend (see also r357461). Furthermore move common code in mod_proxy_http.c and mod_proxy_ajp.c into a new function (ap_proxy_backend_broke) in proxy_util.c. modules/proxy/mod_proxy_ajp.c : Signal broken backend connection for ajp backend modules/proxy/proxy_util.c : Add ap_proxy_backend_broke modules/proxy/mod_proxy_http.c: - Use ap_proxy_backend_broke - Return DONE also if backend broke modules/proxy/mod_proxy.h : Add declaration of ap_proxy_backend_broke

* revert r355823 and r355837

* Let the proxy handler know that the backend connection broke after we have sent the headers.

No functional Change: Removing trailing whitespace. This also means that "blank" lines consisting of just spaces or tabs are now really blank lines

* Fix PR37100 (SEGV in mod_proxy_ajp), by sending the data up the filter chain immediately instead of spooling it completely before passing it to the filter chain. It contains a bandaid to handle intentional flushes from Tomcat side. Further explanation in code and report. ajp.h: Add ajp_msg_reuse prototype mod_proxy_ajp.c: Adjust logic of ap_proxy_ajp_request ajp_msg.c: Add ajp_msg_reuse ajp_header.c: Adjusting logic of ajp_read_header

* Style fixes: Add line breaks for lines that are too long. No functional change.

* Style fixes: Spaces, comments, typos. No functional change.

* Cleanup: Remove dead code. No functional change.

Fix mess left by incompleteness of previous ProxyPassReverse fix

Simplify canon_handler. There is no thing like ajps: protocol.

Return correct status codes in case of bad request, that is probably too large for AJP protocol.

Remove useless loging of something that is not an error.

* modules/proxy/mod_proxy_ajp.c (proxy_ajp_handler): Log error when a backend connection could not be made.

Update copyright year to 2005 and standardize on current copyright owner line.

Rename proxy modules. * modules\proxy\mod_proxy_ajp.c * modules\proxy\mod_proxy_balancer.c * modules\proxy\mod_proxy_connect.c * modules\proxy\mod_proxy_ftp.c * modules\proxy\mod_proxy_http.c Renamed from proxy_{ajp,balancer,connect,ftp,http}.c * modules\proxy\mod_proxy_ajp.dsp * modules\proxy\mod_proxy_balancer.dsp * modules\proxy\mod_proxy_connect.dsp * modules\proxy\mod_proxy_ftp.dsp * modules\proxy\mod_proxy_http.dsp Update references to renamed files. * modules\proxy\NWGNUproxyajp * modules\proxy\NWGNUproxybalancer * modules\proxy\NWGNUproxycon * modules\proxy\NWGNUproxyftp * modules\proxy\NWGNUproxyhtp Update references to renamed files.