mod_proxy(es): Avoid error response/document handling by the core if some input filter already did it while reading client's payload. When an input filter returns AP_FILTER_ERROR, it has already called ap_die() or at least already responded to the client. Here we don't want to lose AP_FILTER_ERROR when returning from proxy handlers, so we use ap_map_http_request_error() to forward any AP_FILTER_ERROR to ap_die() which knows whether a response needs to be completed or not. Before this commit, returning an HTTP error code in this case caused a double response to be generated. Depends on r1657881 to preserve r->status (for logging) when nothing is to be done by ap_die() when handling AP_FILTER_ERROR.

save some bytes per Christophe's review.

Fix some spelling errors in mod_proxy_fcgi comments.

provide alternative PATH_INFO calculation options for proxy_fcgi. PR 55329

Allow (a hokey) opt-in to connection reuse for mod_proxy_fcgi + TCP. Connection reuse has been disabled since r1032345 at the end of 2011. Attempt to reverse the polarity of the connection reuse doc which has been wrong for a long time.

tweak SCRIPT_FILENAME passed to fastcgi backends when a balancer is used.

* mod_proxy_fcgi: Follow up to r1640495. Ignore body data from backend for 304 responses also when read with the header.

dump fcgi headers with trace8 instead of debug+compile-time flag.

* mod_proxy_fcgi: Ignore body data from backend for 304 responses. PR 57198.

mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an error when parsing or forwarding the response fails.

mod_proxy_fcgi: SECURITY: CVE-2014-3583 (cve.mitre.org) Fix a potential crash with response headers' size above 8K. The code changes to mod_authnz_fcgi keep the handle_headers() function in sync between the two modules. mod_authnz_fcgi does not have this issue because it allocated a separate byte for terminating '\0'.

Revert r1638818, r1639812, r1639717 and r1639814 for new staging.

mod_proxy_fcgi: follow up to r1638818. Let ap_scan_script_header*() validate the headers.

mod_proxy_fcgi: CVE-2014-3583: Fix a potential crash with response headers' size above 8K.

mod_proxy_fcgi: Fix faulty logging of large amounts of stderr from the application. PR: 56858 Submitted by: Manuel Mausz <manuel-asf mausz.at> Reviewed by: trawick

Add missing APLOGNO. Refactor some lines to keep APLOGNO on the same line as ap_log_error, when applicable. Split lines longer than 80. Improve alignment.

mod_proxy_fcgi: follow up to r1592032. Also break the outer loop when "sending stdin" fails.

Reindent after small fix in r1603027

Fix bug introduced in r1591508 which resulted in the final empty FCGI_STDIN not being sent. Interaction with latest uWSGI (and probably other protocol implementations) breaks without this.

mod_proxy_fcgi: Fix occasional high CPU when handling request bodies.

better diagnostics for failures during dispatch()

mod_proxy_fcgi: Support iobuffersize parameter.

Axe unnecessary memset() calls and allocating an extra byte in an I/O buffer for '\0', which hasn't been needed since a strstr("\r\n\r\n") was removed in r371428.

mod_proxy_fcgi: Don't segfault when failing to connect to the backend.

mod_proxy_fcgi: Fix sending of response without some HTTP headers that might be set by filters. The problem occurs when no body bytes were read while reading the response headers, resulting in an empty brigade being sent down the filter stack. One particualr filter that mishandles the empty initial brigade is mod_deflate. It neglects to add to the response header fields. PR: 55558 Submitted by: Jim Riggs <jim riggs.me> Reviewed by: trawick

mod_proxy_fcgi: Fix error message when an unexpected protocol version number is received from the application. PR: 56110

We were not being consistent between http and others if we added the default port or not during the canonizing phase... Baseline the http method (don't add unless the port provided isn't the default).

mod_proxy: Add ap_connection_reusable() for checking if a connection is reusable as of this point in processing. mod_proxy_fcgi uses the new API to determine if FCGI_CONN_CLOSE should be enabled, but that doesn't change existing behavior since the connection is currently marked for closure elsewhere in the module.

Use ap_log_rdata() to dump the FastCGI header, axing a bunch of custom data dumping code.

Borrow a fix from mod_authnz_fcgi: mod_proxy_fcgi: Handle reading protocol data that is split between packets.

Bring some envvar flexibility from mod_authnz_fcgi to mod_proxy_fcgi: mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars. An individual envvar with an encoded length of more than 16K will be omitted.

Use apr_socket_timeout_get instead of hard-coded 30 seconds timeout.

Switch from private FastCGI protocol handling to util_fcgi API.

Fix some compiler warnings.

If there is an error reading the headers from the backend, send an error to the client

Handle cases, esp when using mod_proxy_fcgi, when we do not want SCRIPT_FILENAME to include the query string.

Add lots of unique tags to error log messages

great proxy logging cleanup: * remove "proxy:", "FCGI", etc. prefixes and pid which are now included in the error log format * propagate frontend request's logconfig to backend request * use ap_log_rerror where possible * remove obsolete APLOG_NOERRNO

Silence compiler warning about signedness differences.

More cleanup: Expand tabs and some more indentation fixes No functional change

Cleanup effort in prep for GA push: Trim trailing whitespace... no func change

Add more (trace) logging to the ap_scan_script_header*() functions Add ap_scan_script_header*_ex() functions that take a module index for logging. Make mod_cgi, mod_cgid, mod_proxy_fcgi, mod_proxy_scgi, mod_isapi use the new functions.

*) mod_proxy_fcgi: Add support for 'ProxyErrorOverride on' PR 50913. [Mark Montague <mark catseye.org>, Jim Jagielski]

Fix/workaround for BUGZ PR 50851. By default, mod_proxy_fcgi with not create PATH_INFO, unless specifically told to.

More movement to shared stuff...

mark connection for close after the return from ap_proxy_determine_connection() before this revision: if there was an existing connection, ap_proxy_determine_connection() would close it but then clear the close flag, so it didn't get closed by ap_proxy_release_connection() thus, if this child process doesn't use the connection for a while, the application could be stuck in read() for the same while after: ap_proxy_release_connection() will close it after the request completes

avoid duplicate end-of-stdin header avoid passing {iov_base = &buffer, iov_len=0} to writev() when there is no stdin data

repeat apr_poll() while EINTR

- Remove a load of unused variables (or variables that are set but never read). - Move some declarations into the correct #ifdef scope. I couldn't compile/test netware, but the changes look obvious enough.

- Be less verbose at levels INFO and DEBUG in mod_proxy* and mod_ssl - Add some trace logging to core and http

Use the new APLOG_USE_MODULE/AP_DECLARE_MODULE macros everywhere to take advantage of per-module loglevels

odd assortment of spelling fixes

use what we know

Add comment on why the cast is safe and does not result in lost info.

We are really looking for the scheme here... so be consistant

and make mod_proxy_fcgi also nocanon aware

Otherwise it doesn't compile on HP-UX when using cc.

* Followup patch on r427959: Also substitute close_on_recycle with close in mod_proxy_fcgi. This makes mod_proxy_fcgi compile again.

update license header text

Make the logging in mod_proxy_fcgi more consistent. * modules/proxy/mod_proxy_fcgi.c (fcgi_do_request): Log errors as APLOG_ERR. (proxy_fcgi_handler): Log debug info as APLOG_DEBUG.

Fix compile time warnings. Pointed out by: jorton * modules/proxy/mod_proxy_fcgi.c Add include of util_script.h to pick up some function prototypes. (send_begin_request): Initialize the reserved bytes in the request body to zero. (dispatch): Use APR_SIZE_T_FMT instead of %d when logging an apr_size_t.

Merge the fcgi-proxy-dev branch to trunk, adding a FastCGI back end for mod_proxy. This log message is just a summary of the changes, for the full original log messages see r357431:393955 in branches/fcgi-proxy-dev. * modules/proxy/mod_proxy_fcgi.c: New file, holds the impementation of our new fcgi backend for mod_proxy. * modules/proxy/fcgi_protocol.h: New file, holds constants and structures for the fcgi protocol. * modules/proxy/mod_proxy_balancer.c (proxy_balancer_canon): Set up r->path_info, so the PATH_INFO env variable is correctly passed on to balancer workers. * modules/proxy/config.m4: Build the new mod_proxy_fcgi module. * support: Add fcgistarter to svn:ignore. * support/Makefile.in: Build the new fcgistarter program. * support/fcgistarter.c: New program, a helper for starting fcgi worker processes.