Remove some spaces between some return statements and ';' + fix a strange formating in a 'for' loop

mod_proxy_http: Use the "Connection: close" header for requests to backends not recycling connections (disablereuse), including the default reverse and forward proxies.

mod_proxy_http: Don't expect the backend to ack the "Connection: close" to finally close those not meant to be kept alive by SetEnv proxy-nokeepalive or force-proxy-request-1.0, and respond with 502 instead of 400 if its Connection header is invalid.

mod_proxy(es): Avoid error response/document handling by the core if some input filter already did it while reading client's payload. When an input filter returns AP_FILTER_ERROR, it has already called ap_die() or at least already responded to the client. Here we don't want to lose AP_FILTER_ERROR when returning from proxy handlers, so we use ap_map_http_request_error() to forward any AP_FILTER_ERROR to ap_die() which knows whether a response needs to be completed or not. Before this commit, returning an HTTP error code in this case caused a double response to be generated. Depends on r1657881 to preserve r->status (for logging) when nothing is to be done by ap_die() when handling AP_FILTER_ERROR.

mod_proxy_http: don't connect or reuse backend before prefetching request body. The goal is to minimize the delay between this connection is considered alive and the first bytes sent (should the client's link be slow or some input filter retain the data). This is a best effort to prevent the backend from closing (from under us) what it thinks is an idle connection, hence to reduce to the minimum the unavoidable local ap_proxy_is_socket_connected() vs remote keepalive race condition. PR 56541. Also, allow the new subprocess_env variable "proxy-flushall" to prevent any buffering of the request body before it is forwarded to the backend. When set, the prefetch is still done (although non-blocking), so we can still determine Content-Length vs chunked vs spooled (depending on data available with the header or while reading it), and then all brigades are flushed when passed to the backend. PR 37920.

Switch preference for headers, Transfer-Encoding first, Content-Length second. Addition to r1615289.

PR53420: Proxy responses with error status and "ProxyErrorOverride On" hang until proxy timeout. Regression from 2.2. It was introduced by r912063 in order to fix PR41646.

*) SECURITY: CVE-2013-5704 (cve.mitre.org) core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior. Submitted By: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener Committed By: covener

SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse proxy configuration, a remote attacker could send a carefully crafted request which could crash a server process, resulting in denial of service. Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting this issue. * server/util.c (ap_parse_token_list_strict): New function. * modules/proxy/proxy_util.c (find_conn_headers): Use it here. * modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response): Send a 400 for a malformed Connection header. Submitted by: Edward Lu, breser, covener

mod_proxy_http: avoid (unlikely) access to freed memory.

mod_proxy: Preserve original request headers even if they differ from the ones to be forwarded to the backend. PR 45387.

mod_proxy_http: Add detach_backend hook. The immediate use is for a SSL-related module which works on the backend proxy connection to be able to "leak" information into the client r for logging. This could be useful with other proxy scheme handlers.

Use 'apr_table_setn' instead of 'apr_table_set' when possible in order to save memory.

fix spelling

Redo what was reverted in r1572627. Don't reuse a SSL backend connection whose SNI differs. PR 55782. This may happen when ProxyPreserveHost is on and the proxy-worker handles connections to different Hosts.

Revert r1572606 for the time being since backport would conflict with 2.4.x's proxy_conn_rec. The uds_path field is at the end of the struct in 2.4.x but not in trunk. Fix that first, then recommit.

Don't reuse a SSL backend connection whose SNI differs. PR 55782. This may happen when ProxyPreserveHost is on and the proxy-worker handles connections to different Hosts.

Avoid useless functions calls.

Log an error in mod_proxy_http when reading the request body fails. Follow-up to r1538776 where incomplete bodies are detected and an error returned through the input filters.

mod_proxy_http: don't recycle backend connections known to be closed (eg. EOS by close). This saves a useless ap_is_socket_connected() call when reused.

Cleanup the bb brigade, because buckets inserted to it can be created from scpool and this pool can be freed before this brigade. POSSIBLE (but as yet unconfirmed) fix for crashes seen with threaded servers, e.g. PR 50335.

We were not being consistent between http and others if we added the default port or not during the canonizing phase... Baseline the http method (don't add unless the port provided isn't the default).

* modules/proxy/mod_proxy_http.c (ap_proxy_http_request): Use the same brigade lifetime for the header brigade as the other brigades. POSSIBLE (but as yet unconfirmed) fix for crashes seen with threaded servers, e.g. PR 50335; appears correct or at least not harmful. PR: 50335

ping tuning via Yann Ylavic <ylavic.dev@gmail.com>

fill in missing message numbers in APLOGNO() invocations

Save a few cycles

Allow for a simple socket check in addition to the higher level protocol-level checks for backends... Not sure if it makes sense to do both or not... Comments?

mod_proxy_http: Make the proxy-interim-response environment variable effective by formally overriding origin server behaviour.

core: Stop the HTTP_IN filter from attempting to write error buckets to the output filters, which is bogus in the proxy case. Create a clean mapping from APR codes to HTTP status codes, and use it where needed.

mod_proxy, mod_proxy_http: Connection headers must be stripped on the way in and out, support an optional function to handle this.

mod_proxy: Ensure network errors detected by the proxy are returned as 504 Gateway Timout as opposed to 502 Bad Gateway, in order to be compliant with RFC2616 14.9.4 Cache Revalidation and Reload Controls.

Add failontimeout to allow server admin to mark balancer member in err if IO timeout occurs.

axe unused variable dconf (since r1453875)

Pull out duplicated code to proxy_util...

* A limit of zero means unlimited for LimitRequestBody. PR: 54435 Submitted by: Pavel Mateja <pavel netsafe.cz> Reviewed by: rpluem

Fix closing the back end connection in case of error. The field "closed" was changed from an int to a bit field of size one in 2.4.x. For historical reasons a close instruction was coded as an increment on the field, which in 2.4.x flips the field each time. There were mutliple code paths that would flip it several times for a single error, so effectively the connection was no longer closed in these cases. Especially in the case of an aborted client connection this lead to a non consumed back end buffer and thus to response mixup between users. PR 53727 CVE-2012-3052

* Use the the same hostname for SNI as for the HTTP request when forwarding to SSL backends. PR: 53134 Based on a patch from: Michael Weiser <michael weiser.dinsnail.net> Reviewed by: rpluem

* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response): Treat EAGAIN as an error for a blocking read from the input filter stack.

Further clarify the naming of the entity that directly connects to us by calling that entity a client instead of a peer.

Further clarify the naming of the entity that originates the request by calling that entity a useragent instead of a client.

mod_proxy: Remove ap_proxy_make_fake_req() from the public API.

mod_proxy: Remove ap_proxy_date_canon() from the public API.

mod_proxy: Remove ap_proxy_buckets_lifetime_transform() from the public API.

mod_proxy: Remove ap_proxy_liststr(), it duplicates ap_find_token().

Add lots of unique tags to error log messages

Introduce a per connection "peer_ip" and a per request "client_ip" to distinguish between the raw IP address of the connection and the effective IP address of the request.

Introduce a per request version of the remote IP address, which can be optionally modified by a module when the effective IP of the client is not the same as the real IP of the client (such as a load balancer).

great proxy logging cleanup: * remove "proxy:", "FCGI", etc. prefixes and pid which are now included in the error log format * propagate frontend request's logconfig to backend request * use ap_log_rerror where possible * remove obsolete APLOG_NOERRNO

Cleanup effort in prep for GA push: Trim trailing whitespace... no func change

mod_proxy_http, mod_proxy_connect: Add 'proxy-status' and 'proxy-source-port' request notes for logging PR: 30195

Use APR_STATUS_IS_... in some more cases. While this is not strictly necessary everywhere, it makes it much easier to find the problematic cases.

* Play safe if the notes table does not contain an SSL_connect_rv key.

Add a patch from Vincent Deffontaines to make the adding of X-forwarded-* headers configurable: ProxyAddHeaders, defaulting to 'On'. http://www.mail-archive.com/dev@httpd.apache.org/msg49971.html

More movement to shared stuff...

fix comment

update comment

Make sure we clone the table rather than copy it, to ensure that no keys or values allocated from r->pool end up referenced in the backend request.

mod_proxy_http: Allocate the fake backend request from a child pool of the backend connection, instead of misusing the pool of the frontend request. Fixes a thread safety issue where buckets set aside in the backend connection leak into other threads, and then disappear when the frontend request is cleaned up, in turn causing corrupted buckets to make other threads spin.

mod_proxy_http: Ensure that when the backend is closed, the final call to ap_proxy_http_cleanup() is suppressed, so that the backend is not cleaned twice. Fixes a further thread safety issue.

Change another variable that could be confused for conn_rec.

* Fix r1039304 and make the patch similar to the one proposed for 2.2.x: If the SSL handshake to the backend fails we cannot even sent an HTTP request. So the check needs to happen already when we sent data not when we receive data.

* The concept of the cleaned flag is flawed: Once we returned the connection to the pool we cannot longer rely on it as another thread could have leased the connection in the meantime and might have modified it. BUT: We only use this flag once we returned the connection to the pool. So signal that we returned the connection to the pool by something that is local to the thread, in this case set backend to NULL if we already have returende the connection.

* Do not fiddle around with the close field if we might have returned the connection to the pool already. It might be already in use again by another thread.

* Put a note in the connection notes that the SSL handshake to the backend failed such that mod_proxy can put the worker in error state. PR: 50332 Submitted by: Daniel Ruggeri <DRuggeri primary.net> Reviewed by: rpluem

When the proxy closes the backend connection early, force a setaside on any buckets still outstanding to ensure they've been copied out of the backend connection's pool and it is safe to release the backend connection.

Revert r1035504, this was the wrong way to do it.

Fix pool lifetime issues when the proxy backend connection is terminated early by forcing a setaside on transient buckets placed in the brigade by mod_ssl. This has the effect of extending the lifetime of buckets until the end of the request. This is a variation on the original fix for this problem, which added transient buckets to be setaside later in the process.

Fix a pool lifetime issue: Make sure we clean up our brigade before we hand the backend connection back to the connection pool.

mod_proxy: Release the backend connection as soon as EOS is detected, so the backend isn't forced to wait for the client to eventually acknowledge the data.

Remove needless pool cleanup. ap_pregcomp already registers a cleanup for the regex.

Fix an inline variable declaration.

mod_proxy: Move the ProxyErrorOverride directive to have per directory scope.

axe an unnecessary call to sscanf() when parsing the response line from the origin server apr_date_checkmask() already verified the expected text and digit positions; all that is needed is to cheaply find which digits

* LimitRequestBody does not affect Proxy requests (Should it?). Let it take effect if we decide to store the body in a temporary file on disk.

Pull out "does request have a body" logic to a central canon function and use that for the 100-Continue OK check. Should likely also start using this in the various other places we do this "have body" check thruout the codebase...

Fix comment and code to be what it should have been/ thx to r and r for spotting this foobar.

Further checks for non-body requests...

detab

For backends which are HTTP/1.1, do a quick test (ping) of the "connection" via 100-Continue for reverse proxies... ACO and Filip Hanik also helped out with the idea...

Use APR_STATUS_IS_TIMEUP instead of direct compare to APR_TIMEUP to be more safe on different platforms. Note: This commit has an additional, platform-independent change to mark the back-end connection for closing ("backend->close = 1;"). That code is not required to resolve CVE-2010-2068 on any platform. PR: 49417 Addresses CVE-2010-2068

- Be less verbose at levels INFO and DEBUG in mod_proxy* and mod_ssl - Add some trace logging to core and http

Use the new APLOG_USE_MODULE/AP_DECLARE_MODULE macros everywhere to take advantage of per-module loglevels

log remote server port in various places

mod_proxy_http: get the headers right in a HEAD request with ProxyErrorOverride.PR 41646 Analysis by Stuart Children; patch by niq

mod_proxy_http: Make sure that when an ErrorDocument is served from a reverse proxied URL, that the subrequest respects the status of the original request. This brings the behaviour of proxy_handler in line with default_handler. PR 47106.

fix or complain about some invalid errno references

Allow ProxyPreserveHost to work in <Proxy> sections PR: 34901

Return consistent error status for proxy unable to connect PR 46971

Security fix for CVE-2009-1890: * modules/proxy/mod_proxy_http.c (stream_reqbody_cl): Specify the base passed to apr_strtoff, and validate the Content-Length in the same way the HTTP_IN filter does. If the number of bytes streamed exceeds the expected body length, bail out of the loop. Thanks to: Toadie <toadie643 gmail.com> for reporting and diagnosis of this issue. Submitted by: niq, jorton

mod_proxy_http: fix case sensitivity checking transfer encoding PR 47383 [Ryuzo Yamamoto]

Fix IPv6 literal addresses passed to a proxied backend. PR 47177 Patch by Carlos Garcia Braschi

* Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives to enable stricter checking of remote server certificates. (docs/manual/mod/mod_ssl.xml) Documentation of SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN. (modules/proxy/mod_proxy_http.c) Set the hostname of the request URL as note on the connection. (modules/ssl/ssl_private.h) Add proxy_ssl_check_peer_expire and proxy_ssl_check_peer_cn fields to the SSLSrvConfigRec. (modules/ssl/ssl_engine_config.c) Directives stuff for SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN. (modules/ssl/ssl_engine_io.c) Check whether the remote servers certificate is expired / if there is a mismatch between the requested hostanme and the remote server certificates CN field. Be able to parse ASN1 times. (modules/ssl/mod_ssl.c) Directives stuff for SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.

use ap_log_rerror instead of r->server per niq's comments

pass a server_rec to ap_log_error on two interim response messages

* Rip out the old flushing approach for solving lifetime issues between the backend connection bucket allocator and front end connection bucket allocator. Instead copy the buckets from the backend over to ones that have been created using the front end bucket allocator. For metabucket this is done by recreating them, for data buckets this is done by reading them and putting the read data in a transient bucket. PR: 45792

Remove potential for memory leak... allocate on this request which is now viable due to connection pooling.

For timeouts, behave as before and not drop. From Adam Woodworth <mirkperl gmail.com>

comment tweak

* Introduce environment variable proxy-initial-not-pooled to avoid reusing pooled connections if the client connection is an initial connection. This avoids the "proxy: error reading status line from remote server" error caused by the race condition that the backend server closed the connection after the connection check on our side and before our data reached the backend. Yes, this downgrades performance, especially with HTTP/1.0 clients. Hence it is configurable and off by default. PR: 37770

move back to inner loop... fails otherwise

Patch for CVE-2008-2364...

* Do this later as we might leave the function anyway without the need for this.

* According to RFC 2616 8.2.3 we are not allowed to forward an Expect: 100-continue to an HTTP/1.0 server. Instead we MUST return a HTTP_EXPECTATION_FAILED.

* mod_proxy_http.c Ensure that the EOC bucket is inserted BEFORE an EOS bucket in bb as some resource filters like mod_deflate pass everything up to the EOS down the chain immediately and sent the remainder of the brigade later (or even never). But in this case the ap_http_header_filter does not get out of our way soon enough. http_filters.c Remove all data buckets that are in a brigade after an EOC bucket was seen, as an EOC bucket tells us that no (further) resource and protocol data should go out to the client. OTOH meta buckets are still welcome as they might trigger needed actions down in the chain (e.g. in network filters like SSL). Remark 1: It is needed to dump ALL data buckets in the brigade since an filter in between might have inserted data buckets BEFORE the EOC bucket sent by the original sender and we do NOT want this data to be sent. Remark 2: Dumping all data buckets here does not necessarily mean that no further data is send to the client as: 1. Network filters like SSL can still be triggered via meta buckets to talk with the client e.g. for a clean shutdown. 2. There could be still data that was buffered before down in the chain that gets flushed by a FLUSH or an EOS bucket. PR: 37770

Remove extra cruft that ended up in a commit.

core, mod_proxy: If a kept_body is present, it becomes safe for subrequests to support message bodies. Make sure that safety checks within the core and within the proxy are not triggered when kept_body is present. This makes it possible to embed proxied POST requests within mod_include.

Typo.

Set at init time, and combine comments

* Do not add the query string again in the case that we are using the unparsed uri. PR: 44803

handle ? in cases where nocanon is in effect

* In the case that we fail to read the response line from the backend and if we are a reverse proxy request shutdown the connection WITHOUT ANY response to trigger a retry by the client if allowed (as for idempotent requests). BUT currently we should not do this if the request is the first request on a keepalive connection as browsers like seamonkey only display an empty page in this case and do not do a retry. Related to PR 37770

* Fix comment. No functional change.

* Fix processing of chunked responses if Connection: Transfer-Encoding is set in the response of the proxied system. PR: 44311

*) mod_proxy_http: Return HTTP status codes instead of apr_status_t values for errors encountered while forwarding the request body PR 44165 [Eric Covener] See also PR 31759 / r448711

* Enable the proxy to keep connections persistent in the HTTPS case. Basicly the persistence is created by keeping the conn_rec structure created for our backend connection (whether http or https) in the connection pool. This required to adjust scoreboard.c in a way that its functions can properly deal with a NULL scoreboard handle by ignoring the call or returning an error code.

Add option not to send&clear response headers in ap_send_interim_response. We'll need this option to fix PR#43711, and ap_send_interim_response is fortunately too new an API to have made it into anything stable.

mod_proxy: add "nocanon" keyword to ProxyPass, to suppress URI-canonicalisation in a reverse proxy. PR 41798

* modules/proxy/mod_proxy_http.c (ap_proxy_http_register_hook): Fix apr_pool_cleanup_register() invocation added in r583202, which was causing every apr_proc_create() call to segfault.

(forward) proxy should not be verifying/checking for valid chars in a URI... pass through.

Abstract out "verification of valid encoding" via ap_proxy_isvalidenc(). Now we can use it in other proxy protocols.

missing include!

mod_proxy_http: Don't unescape/escape forward proxied URLs. Just check them. PR 42592 also add fix to PR42572 to CHANGES (from r563487/r563489)

Purge tabs in r582631

mod_proxy_http: Correctly forward unexpected interim (HTTP 1xx) responses. PR 16518

No change, but they won't let me have foo (and ... this is the module with a function addit_dammit !!!)

Proxy: remove Warning headers with wrong date PR 16138

Fix typo in header name "Trailer"

Fix processing of Connection headers in proxy PR 43509

Fix adding out Via header in proxy response PR 19439

Strip hop-by-hop headers in proxy response

Formatting. No functional change.

Remove tabs.

Propagate Proxy-Authorization header correctly PR 25947 RFC2616 tells us: (1) If we haven't authenticated, we must pass the header on. (2) If we have authenticated, we MAY pass it on. I've made the latter case configurable by ENV(Proxy-Chain-Auth). Also, Proxy-Authenticate is a response header, and doesn't belong in a check of request headers.

Fix proxy-sendchunk(s|ed) problem PR 43183

proxy_http: don't wait for response body in a HEAD PR 41644 [Stuart Children]

create the brigate outside ap_proxygetline and reuse it. correct the overflow handling. (returning APR_ENOSPC was changing the behaviour).

Improve traces in ap_proxy_http_process_response(). That will help to investigate PR 37770. (errors from backend :-)).

HTTP proxy ProxyErrorOverride: Leave 1xx and 3xx responses alone. Only processing of error responses (4xx, 5xx) will be altered. PR: 39245 This is based on a patch submitted by Bart van der Schans <schans hippo.nl> and tweaked slightly by me based on discussions on dev@ since April 2006. I think rpleum was the first to mention the 1xx issue.

Re-add "proxy-sendextracrlf" first introduced in r157478 and silently removed in r219224.

* Handle request bodies larger than 2 GB by converting the Content-Length header string of the request correctly to apr_off_t. PR: 40883

Minor nit: why make the logic more complex than it needs to be ? :)

Cleanup: Remove close_on_recycle from proxy_conn_rec. It behaves the same as close.

update license header text

* server/core.c (default_handler): Use apr_brigade_insert_file() to append the file to the brigade. * server/protocol.c (ap_send_fd), modules/proxy/mod_proxy_http.c (spool_reqbody_cl), modules/cache/mod_mem_cache.c (recall_body), modules/cache/mod_disk_cache.c (recall_body), modules/mappers/mod_negotiation.c (handle_map_file), modules/generators/mod_asis.c (asis_handler), modules/dav/fs/repos.c [DEBUG_GET_HANDLER] (dav_fs_deliver), modules/arch/win32/mod_isapi.c (ServerSupportFunction): Likewise.

Update the copyright year in all .c, .h and .xml files

* Avoid calling ap_proxy_http_cleanup twice as this releases a connection from the connection pool twice. This causes this connection to be present in the connection pool twice. Thus it may be used by different threads at the same time which causes many troubles (segfaults in this case). Furthermore implement a logic to prevent double releases to the connection pool if they are triggered by buggy code and log an error message in this case. - mod_proxy_http.c: remove double calls to ap_proxy_http_cleanup - proxy_util.c: Add logic to prevent double releases of a connection to the connection pool. PR: 38793

* Disable persistent connections for SSL backends again as we do not handle them correctly, because we recreate backend->connection for each request and thus try to initialize an already existing SSL connection. Noticed by: Joe Orton

*) mod_proxy: Fix KeepAlives not being allowed and set to backend servers. PR38602. [Ruediger Pluem, Jim Jagielski] Also, document previous patch: *) Correctly initialize mod_proxy workers, which use a combination of local and shared datasets. Adjust logging to better trace usage. PR38403. [Jim Jagielski]

* Use the correct pool for apr_table_copy. Otherwise we trigger the bad pool ancestry abort in apr_table_copy if apr is compiled with APR_POOL_DEBUG. Noticed by: Joe Orton

* Do not close the backend connection, because the client sent a Connection: close header. PR: 38524

* Do not remove the connection headers from r->headers_in. They are needed by the http output filter to create the correct connection response headers. Instead work on a copy of r->headers_in. PR: 38524

* Call ap_proxy_http_cleanup after ap_log_rerror because it resets backend->hostname to NULL.

* Correctly signal broken backend connections up the chain also for the ajp backend (see also r357461). Furthermore move common code in mod_proxy_http.c and mod_proxy_ajp.c into a new function (ap_proxy_backend_broke) in proxy_util.c. modules/proxy/mod_proxy_ajp.c : Signal broken backend connection for ajp backend modules/proxy/proxy_util.c : Add ap_proxy_backend_broke modules/proxy/mod_proxy_http.c: - Use ap_proxy_backend_broke - Return DONE also if backend broke modules/proxy/mod_proxy.h : Add declaration of ap_proxy_backend_broke

Morph the ap_http_broken_backend_filter() proxy "specific" filter to a generic http error handling output filter.

* If the mod_proxy backend connection broke in the middle of the response, then - Do not cache it. - Signal the client that something went wrong by closing the connection and not sending the last-chunk marker if the response was T-E chunked. server/core_filters.c : Close the connection to the client by setting c->keepalive to AP_CONN_CLOSE. modules/http/chunk_filter.c : Do not send last-chunk marker in the case the backend broke. modules/proxy/mod_proxy_http.c: Signal that the backend connection broke. modules/cache/mod_disk_cache.c: Respect r->no_cache for discarding the response Submitted by: Roy T. Fielding, Jim Jagielski, Ruediger Pluem Reviewed by: Roy T. Fielding, Jim Jagielski, Ruediger Pluem

* revert r355823 and r355837

* Move handling of backends that broke after the headers have been sent into the proxy handler of mod_proxy. This patch still sets r->connection->aborted to 1 which is currently vetoed by Roy. Moving it from the scheme handler to the proxy handler should ease the reimplementation of this, as the scheme handlers only needs to return PROXY_BACKEND_BROKEN to signal the above situation to the proxy handler. mod_proxy.h: Add define for PROXY_BACKEND_BROKEN mod_proxy.c: Handle PROXY_BACKEND_BROKEN in proxy handler mod_proxy_http.c: Sent back PROXY_BACKEND_BROKEN if backend broke after we sent the headers.

Add a comment and use proper grammar for another comment. (No functional changes.)

If we get an error reading the upstream response, we should bail. Reported by: Brian Akins

No functional Change: Removing trailing whitespace. This also means that "blank" lines consisting of just spaces or tabs are now really blank lines

* Fix PR37145 (data loss with httpd-2.0.55 reverse proxy method=post) by exchanging APR_BRIGADE_CONCAT with ap_save_brigade to ensure that transient buckets get setaside correctly between various iterations of ap_get_brigade calls. Reviewed by: Joe Orton, William Rowe, Jim Jagielski, Jeff Trawick

Fix ProxyPassReverse & family to work correctly in <Location>

* modules/proxy/mod_proxy_http.c (stream_reqbody_cl): Fix gcc warning.

Hopefully, address the last edge case where status may be uninitialized. Asserts in non-debug builds are bad things, anyways, so this is probably more correct. This should fix -Werror compile warning observed by Joe Orton.

Two blank lines for clarity; whitespace only change.

We already accept 80 bytes less than the client body's anticipated size, so we don't need to also prefetch an extra 1024 bytes; this was redundant.

Drop an impossible case; the while() loop already protected us from this situation.

Fix a double-termination case in svn trunk/; we terminated the headers up-front knowing the resulting headers were already correctly composed.

An impossible-to-hit edge case today; we described the request as chunked - and if chunked always send the body termination "0" chunk header. Roy's requested change that we always send a body we could read in full as a C-L request ensures this code wasn't triggered; some change in the future could again reveal this edge case.

* modules/proxy/mod_proxy_http.c (stream_reqbody_cl): Fix format string error. (ap_proxy_http_request): Restore default case in rb_method switch to fix gcc warnings.

Yet another snafu in body handling. We need to clearly avoid any ap_get_brigade or request body processing in every *subrequest* proxy action. The new code introduced more chaos because we read the request body irrespective of any bogus header handling bugs. This requires a goto, and yes, that sucks :) But this is one of those oddball cases where jumping away makes more sense than tons of indented code, IMHO. And if you count the number of goto's I've committed to httpd, you know I avoid them like the plague. I woulda' suggestd to jorton to take a flying carnal act, except that each time he points me back to the 2.0 patch, I catch another entirely bogus choice within the old/new httpd-2.x request body code :) I've bumped the 2.0 patch to correspond; see http://people.apache.org/~wrowe/httpd-2.0-proxy-request-4.patch

Fix broken while () {} loops (lingering code from the old logic), closes an infinite loop in the most recent version. Init the cl_val to prevent failure of zero length bodies in the most recent version. Use 'request body' instead of 'data' to describe any errors. Finally, loop around ap_get_brigade to grab multiple chunks that still fall below our MAX_MEM_SPOOL threshold, since the chunk decoding from the client will pass up just one small chunk per ap_get_brigade call.

On Roy's suggestion; why wait to try to clear out the input stream if it is smaller than MAX_MEM_SPOOL? Do this upfront before dispatching to a body handler. This means changing each of the three body pumps to presume a preexisting input_brigade was already loaded, so turn around their loop conditions.

Fix a style problem; b is ambigous (is it a brigade or bucket?) bb is far less ambigous.

leaving force-proxy-request-1.0 for broken clients, revert my patch for forcing an HTTP/1.0 proxy request, if the client request is HTTP/1.0, per Roy.

Missed an edge case; once we know the C-L didn't match, it's time to shut down the body already. Finish reading from the client but do nothing else, returning an error.

How can I fix thee? let me count the ways... * pass a chunked body always (no-body requests don't go chunked). * validate that the C-L counted body length doesn't change. * follow RFC 2616 for C-L / T-E in the request body C-L / T-E election logic. * do not forward HTTP/1.0 requests as HTTP/1.1, unless the admin configures force-proxy-request-1.1 * conn was illegible, use 2.0's p_conn.

Fix two fat-fingered typos from commit 216156. Code matches previous behavior now; time to start fixing.

send_request_body and indentation made it very difficult to follow all the mistakes in this code. Fold send_request_body into reindent to make the pattern clear and skip some extra string handling. Little functional change, that comes next.

End abuse of apr_strnat[case]cmp - it isn't str[case]cmp. Unsure if apr_strnatcasecmp(conf_ip, uri_ip) was intentional, on the off chance that the left or right hand ip string happens to contain leading zeros.

Fix a ton of wrong/silly indention, and clarify the fix-notes

proxy HTTP: If a response contains both Transfer-Encoding and a Content-Length, remove the Content-Length and don't reuse the connection, stopping some HTTP Request smuggling attacks.

* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response): Don't send an EOS after an interim response.

* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response): Fix a comment.

* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response): When there are only headers and no body, give the remainder of the output filters a chance by pushing an EOS bucket through the filter stack.

mod_proxy: Add proxy-sendextracrlf option to send an extra CRLF at the end of the request body to work with really old HTTP servers. * modules/proxy/mod_proxy_http.c (stream_reqbody_cl, spool_reqbody_cl): If proxy-sendextracrlf option is present, append a CRLF to the body stream that isn't counted against CL.

* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response): Fix spurious error at EOF. PR: 33615

If we rec' a bad response header line, ignore what we've rec'd so far and force BAD_GATEWAY.

Better handle the case where ProxyBadHeader StartBody is in effect and we think we've started reading in the response body. Take advantage of the fact that the line read is still in buffer (and document that) to allow us to add to the bb.

Update copyright year to 2005 and standardize on current copyright owner line.

Also translate Destination headers when ProxyPassReverse'd * modules\proxy\mod_proxy_http.c (process_proxy_header): reverse map Destination header. NOTE: This is some darn nasty looking code... * modules\proxy\ajp_header.c (ajp_unmarshal_response): reverse map Destination header.

Rename proxy modules. * modules\proxy\mod_proxy_ajp.c * modules\proxy\mod_proxy_balancer.c * modules\proxy\mod_proxy_connect.c * modules\proxy\mod_proxy_ftp.c * modules\proxy\mod_proxy_http.c Renamed from proxy_{ajp,balancer,connect,ftp,http}.c * modules\proxy\mod_proxy_ajp.dsp * modules\proxy\mod_proxy_balancer.dsp * modules\proxy\mod_proxy_connect.dsp * modules\proxy\mod_proxy_ftp.dsp * modules\proxy\mod_proxy_http.dsp Update references to renamed files. * modules\proxy\NWGNUproxyajp * modules\proxy\NWGNUproxybalancer * modules\proxy\NWGNUproxycon * modules\proxy\NWGNUproxyftp * modules\proxy\NWGNUproxyhtp Update references to renamed files.