612c14ad549579c53be42a2e2e35385391c1abd9 1673368 |
|
14-Apr-2015 |
jailletc36 |
Remove some spaces between some return statements and ';' + fix a strange formating in a 'for' loop |
4e10eefaad0287c0c4ac2185bc3a1615092dbef8 1658765 |
|
10-Feb-2015 |
ylavic |
mod_proxy_http: Use the "Connection: close" header for requests to
backends not recycling connections (disablereuse), including the default
reverse and forward proxies. |
17e6c95f3b22d18acdf8380fb26a8d0e10c80767 1658760 |
|
10-Feb-2015 |
ylavic |
mod_proxy_http: Don't expect the backend to ack the "Connection: close" to
finally close those not meant to be kept alive by SetEnv proxy-nokeepalive
or force-proxy-request-1.0, and respond with 502 instead of 400 if its
Connection header is invalid. |
7a1dee936d2bd3e4e70dd8a6e0090f8582ee2a8b 1657897 |
|
06-Feb-2015 |
ylavic |
mod_proxy(es): Avoid error response/document handling by the core if some
input filter already did it while reading client's payload.
When an input filter returns AP_FILTER_ERROR, it has already called ap_die()
or at least already responded to the client.
Here we don't want to lose AP_FILTER_ERROR when returning from proxy handlers,
so we use ap_map_http_request_error() to forward any AP_FILTER_ERROR to
ap_die() which knows whether a response needs to be completed or not.
Before this commit, returning an HTTP error code in this case caused a double
response to be generated.
Depends on r1657881 to preserve r->status (for logging) when nothing is to be
done by ap_die() when handling AP_FILTER_ERROR. |
6a165789df68976831bf8314499fed30eca01aa5 1656259 |
|
01-Feb-2015 |
ylavic |
mod_proxy_http: don't connect or reuse backend before prefetching request body.
The goal is to minimize the delay between this connection is considered alive
and the first bytes sent (should the client's link be slow or some input filter
retain the data).
This is a best effort to prevent the backend from closing (from under us) what
it thinks is an idle connection, hence to reduce to the minimum the unavoidable
local ap_proxy_is_socket_connected() vs remote keepalive race condition.
PR 56541.
Also, allow the new subprocess_env variable "proxy-flushall" to prevent any
buffering of the request body before it is forwarded to the backend.
When set, the prefetch is still done (although non-blocking), so we can still
determine Content-Length vs chunked vs spooled (depending on data available
with the header or while reading it), and then all brigades are flushed when
passed to the backend.
PR 37920. |
c7a01f0279bbf420bd60c22c3107f8f7d57dc34d 1620324 |
|
25-Aug-2014 |
rjung |
Switch preference for headers, Transfer-Encoding
first, Content-Length second.
Addition to r1615289. |
6cc3b681fe41375fccbe86a474cd00ecea610d63 1615289 |
|
02-Aug-2014 |
rjung |
PR53420: Proxy responses with error status and
"ProxyErrorOverride On" hang until proxy timeout.
Regression from 2.2. It was introduced by r912063
in order to fix PR41646. |
8491e0600f69b0405e156ea8a419653c065c645b 1610814 |
|
15-Jul-2014 |
covener |
*) SECURITY: CVE-2013-5704 (cve.mitre.org)
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
otherwise confusing modules that examined or modified
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior.
Submitted By: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener
Committed By: covener |
d7550aefd0524ab33c52ff4099fdc9a2e23bac53 1610674 |
|
15-Jul-2014 |
jorton |
SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse
proxy configuration, a remote attacker could send a carefully crafted
request which could crash a server process, resulting in denial of
service.
Thanks to Marek Kroemeke working with HP's Zero Day Initiative for
reporting this issue.
* server/util.c (ap_parse_token_list_strict): New function.
* modules/proxy/proxy_util.c (find_conn_headers): Use it here.
* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response):
Send a 400 for a malformed Connection header.
Submitted by: Edward Lu, breser, covener |
6411be3c3a725188af90ced36128e1dfd22bd08b 1599486 |
|
03-Jun-2014 |
ylavic |
mod_proxy_http: avoid (unlikely) access to freed memory. |
11f1871b90149f8af3bf4e884dcc404436686967 1588527 |
|
18-Apr-2014 |
ylavic |
mod_proxy: Preserve original request headers even if they differ
from the ones to be forwarded to the backend. PR 45387. |
5f066f496cd9f20a2a701255bc67d44e7cb46dae 1586719 |
|
11-Apr-2014 |
trawick |
mod_proxy_http: Add detach_backend hook.
The immediate use is for a SSL-related module which works
on the backend proxy connection to be able to "leak" information
into the client r for logging.
This could be useful with other proxy scheme handlers. |
7ea12e0bb4138b5d7eb52291f7ebe259559ad064 1578760 |
|
18-Mar-2014 |
jailletc36 |
Use 'apr_table_setn' instead of 'apr_table_set' when possible in order to save memory. |
36bc72464c6d787a9eab9046449c3eaf23143f7c 1575958 |
|
10-Mar-2014 |
trawick |
fix spelling |
1bd77c095db05595db951b8e45619270d356a3cb 1572630 |
|
27-Feb-2014 |
ylavic |
Redo what was reverted in r1572627.
Don't reuse a SSL backend connection whose SNI differs. PR 55782.
This may happen when ProxyPreserveHost is on and the proxy-worker
handles connections to different Hosts. |
a25139a3cea752311a32b30b9b406fee8b87042e 1572627 |
|
27-Feb-2014 |
ylavic |
Revert r1572606 for the time being since backport would conflict with 2.4.x's proxy_conn_rec.
The uds_path field is at the end of the struct in 2.4.x but not in trunk.
Fix that first, then recommit. |
6180b276a391d729e53f62fd8ad303d8db0dff9d 1572606 |
|
27-Feb-2014 |
ylavic |
Don't reuse a SSL backend connection whose SNI differs. PR 55782.
This may happen when ProxyPreserveHost is on and the proxy-worker
handles connections to different Hosts. |
b5248f6fdd795b28856548932fade09bc75cef01 1572561 |
|
27-Feb-2014 |
ylavic |
Avoid useless functions calls. |
a68bf0d09c202e1c85b0440acff7143ff872fc9c 1570598 |
|
21-Feb-2014 |
ylavic |
Log an error in mod_proxy_http when reading the request body fails.
Follow-up to r1538776 where incomplete bodies are detected and an error returned through the input filters. |
c035eed7359babde27b2ee50dd99dd71d35de6d9 1568404 |
|
14-Feb-2014 |
ylavic |
mod_proxy_http: don't recycle backend connections known to be closed (eg. EOS by close).
This saves a useless ap_is_socket_connected() call when reused. |
9f6f90e8ffe47de49652f0ab54bd78a6d8f928f5 1550061 |
|
11-Dec-2013 |
jkaluza |
Cleanup the bb brigade, because buckets inserted to it can be created from
scpool and this pool can be freed before this brigade.
POSSIBLE (but as yet unconfirmed) fix for crashes seen with threaded servers,
e.g. PR 50335. |
63b4d380728397be955beae19d9ecccf00d438a8 1542562 |
|
16-Nov-2013 |
jim |
We were not being consistent between http and others
if we added the default port or not during the canonizing
phase... Baseline the http method (don't add unless the
port provided isn't the default). |
035f3aed40f97b900281f99b3f339bbfae56d6e1 1534321 |
|
21-Oct-2013 |
jorton |
* modules/proxy/mod_proxy_http.c (ap_proxy_http_request): Use the same
brigade lifetime for the header brigade as the other brigades.
POSSIBLE (but as yet unconfirmed) fix for crashes seen with threaded
servers, e.g. PR 50335; appears correct or at least not harmful.
PR: 50335 |
709b5c8ea3d5e283717d0bd2ec1dadfc7c34e683 1530603 |
|
09-Oct-2013 |
jim |
ping tuning via Yann Ylavic <ylavic.dev@gmail.com> |
66b11c4eeff6be73bec7ceaf5957f79ab5270c79 1524018 |
|
17-Sep-2013 |
trawick |
fill in missing message numbers in APLOGNO() invocations |
23ebbefb037665e13d6abc675030b8e5ce318ea0 1517045 |
|
23-Aug-2013 |
jailletc36 |
Save a few cycles |
56c721887b9c93721a7fe3afc45c89a94e3f07c1 1516930 |
|
23-Aug-2013 |
jim |
Allow for a simple socket check in addition to the
higher level protocol-level checks for backends...
Not sure if it makes sense to do both or not... Comments? |
2f073ef2a21b1725addef84f318a2b11541e912a 1483027 |
|
15-May-2013 |
minfrin |
mod_proxy_http: Make the proxy-interim-response environment variable
effective by formally overriding origin server behaviour. |
a511a29faf2ff7ead3b67680154a624effb31aaf 1482522 |
|
14-May-2013 |
minfrin |
core: Stop the HTTP_IN filter from attempting to write error buckets
to the output filters, which is bogus in the proxy case. Create a
clean mapping from APR codes to HTTP status codes, and use it where
needed. |
114d793b37bb653798329f814912f6cad74fc9a5 1482075 |
|
13-May-2013 |
minfrin |
mod_proxy, mod_proxy_http: Connection headers must be stripped on the way
in and out, support an optional function to handle this. |
63921358ef93fcb41bc71d9894221ba3d7fbb87b 1480058 |
|
07-May-2013 |
minfrin |
mod_proxy: Ensure network errors detected by the proxy are returned as
504 Gateway Timout as opposed to 502 Bad Gateway, in order to be
compliant with RFC2616 14.9.4 Cache Revalidation and Reload Controls. |
fb5e4869b57545ff534add0a4b0ded84cc68212b 1465839 |
|
09-Apr-2013 |
druggeri |
Add failontimeout to allow server admin to mark balancer member in err if IO timeout occurs. |
da1bd1889dae1ed041dba1a85b47f73aadfab0b5 1456124 |
|
13-Mar-2013 |
trawick |
axe unused variable dconf (since r1453875) |
27774671fd435737640c3631e23db369500ca66a 1453875 |
|
07-Mar-2013 |
jim |
Pull out duplicated code to proxy_util... |
7705103518c61f7cdcd4041fe871cb45114f31a5 1433988 |
|
16-Jan-2013 |
rpluem |
* A limit of zero means unlimited for LimitRequestBody.
PR: 54435
Submitted by: Pavel Mateja <pavel netsafe.cz>
Reviewed by: rpluem |
e57968eccf3a9b218f96a9f8909e3ca413887819 1373955 |
|
16-Aug-2012 |
rjung |
Fix closing the back end connection in case of error.
The field "closed" was changed from an int to a bit
field of size one in 2.4.x.
For historical reasons a close instruction was coded
as an increment on the field, which in 2.4.x flips
the field each time. There were mutliple code paths
that would flip it several times for a single error,
so effectively the connection was no longer closed
in these cases.
Especially in the case of an aborted client connection
this lead to a non consumed back end buffer and thus to
response mixup between users.
PR 53727
CVE-2012-3052 |
5cc1d035c9293c4d64b2344b5eac35edd1bd4537 1333969 |
|
04-May-2012 |
rpluem |
* Use the the same hostname for SNI as for the HTTP request when forwarding
to SSL backends.
PR: 53134
Based on a patch from: Michael Weiser <michael weiser.dinsnail.net>
Reviewed by: rpluem |
9c22b6e1a4b50153ba627f1c03f8ebbfff5d2861 1242798 |
|
10-Feb-2012 |
jorton |
* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response):
Treat EAGAIN as an error for a blocking read from the input filter
stack. |
c41be3600a58bd39a76d1215abcdbbd8e9b1c356 1214015 |
|
14-Dec-2011 |
minfrin |
Further clarify the naming of the entity that directly connects to us by
calling that entity a client instead of a peer. |
a221184be5b40f8349982d94cda02b98068ce0d8 1214003 |
|
14-Dec-2011 |
minfrin |
Further clarify the naming of the entity that originates the request by
calling that entity a useragent instead of a client. |
9840359772d03faee1581e14b183447320eedf29 1209916 |
|
03-Dec-2011 |
minfrin |
mod_proxy: Remove ap_proxy_make_fake_req() from the public API. |
0ad70f568b434ff0d849a00d017751fd3db9b28b 1209812 |
|
03-Dec-2011 |
minfrin |
mod_proxy: Remove ap_proxy_date_canon() from the public API. |
ad9cfddd1aee083a1b147fca1539a8c10ccec1fc 1209811 |
|
03-Dec-2011 |
minfrin |
mod_proxy: Remove ap_proxy_buckets_lifetime_transform() from the public API. |
92924cfd7baf709bba85edf3039a76a10207400e 1209797 |
|
03-Dec-2011 |
minfrin |
mod_proxy: Remove ap_proxy_liststr(), it duplicates ap_find_token(). |
185aa71728867671e105178b4c66fbc22b65ae26 1209766 |
|
03-Dec-2011 |
sf |
Add lots of unique tags to error log messages |
8269892c0023355f51a3f67be442662aefdc6f92 1206291 |
|
25-Nov-2011 |
minfrin |
Introduce a per connection "peer_ip" and a per request "client_ip" to
distinguish between the raw IP address of the connection and the effective
IP address of the request. |
49fd87ed00b95bdd7a4cfc874e5c5fe4a04faf5a 1204968 |
|
22-Nov-2011 |
minfrin |
Introduce a per request version of the remote IP address, which can be
optionally modified by a module when the effective IP of the client
is not the same as the real IP of the client (such as a load balancer). |
994ced9dca1b824d03a44187f09d264215cd490c 1203859 |
|
18-Nov-2011 |
sf |
great proxy logging cleanup:
* remove "proxy:", "FCGI", etc. prefixes and pid which are now
included in the error log format
* propagate frontend request's logconfig to backend request
* use ap_log_rerror where possible
* remove obsolete APLOG_NOERRNO |
5bfaaf573bacb45c1cf290ce85ecc676587e8a64 1174751 |
|
23-Sep-2011 |
jim |
Cleanup effort in prep for GA push:
Trim trailing whitespace... no func change |
df58c3a1c000d76859808ca4746a41623b432c81 1154342 |
|
05-Aug-2011 |
sf |
mod_proxy_http, mod_proxy_connect: Add 'proxy-status' and 'proxy-source-port'
request notes for logging
PR: 30195 |
2c2ced9d18f0b065f620b0ead09ba25e955c3cc7 1102124 |
|
12-May-2011 |
sf |
Use APR_STATUS_IS_... in some more cases.
While this is not strictly necessary everywhere, it makes it much easier
to find the problematic cases. |
85ac16cc69ad1f99fb0a28d7792984cf4b1e7af8 1069785 |
|
11-Feb-2011 |
rpluem |
* Play safe if the notes table does not contain an SSL_connect_rv key. |
93cf7fc650197b941ae31a7c7e51e901b129e954 1060795 |
|
19-Jan-2011 |
igalic |
Add a patch from Vincent Deffontaines to make the adding of X-forwarded-*
headers configurable: ProxyAddHeaders, defaulting to 'On'.
http://www.mail-archive.com/dev@httpd.apache.org/msg49971.html |
23a31b10f869a72c9197b5f153f4f3e1a4c68f28 1058623 |
|
13-Jan-2011 |
jim |
More movement to shared stuff... |
ee94fb9b9a786afc348290f9a74d5ad6a1cfb3c8 1055605 |
|
05-Jan-2011 |
trawick |
fix comment |
ae1ab24a851d572955f0454dc38d2ff3a2554aa8 1055570 |
|
05-Jan-2011 |
jim |
update comment |
1502fc02749bff9ef30413711a359e8acb2a5501 1055386 |
|
05-Jan-2011 |
minfrin |
Make sure we clone the table rather than copy it, to ensure that no keys
or values allocated from r->pool end up referenced in the backend request. |
c7de70e936ac1e36c25676fe62e65dbacb947619 1055250 |
|
05-Jan-2011 |
minfrin |
mod_proxy_http: Allocate the fake backend request from a child pool
of the backend connection, instead of misusing the pool of the frontend
request. Fixes a thread safety issue where buckets set aside in the
backend connection leak into other threads, and then disappear when
the frontend request is cleaned up, in turn causing corrupted buckets
to make other threads spin. |
bda11388cf0a13a9ff1075e9504e21df6536a350 1055246 |
|
05-Jan-2011 |
minfrin |
mod_proxy_http: Ensure that when the backend is closed, the final call to
ap_proxy_http_cleanup() is suppressed, so that the backend is not cleaned
twice. Fixes a further thread safety issue. |
3ffa45c92adba0cfe02ed087503597944e8523d4 1053967 |
|
30-Dec-2010 |
minfrin |
Change another variable that could be confused for conn_rec. |
f4ba0e753480ba1f7f044bb7ad0423bf115d6289 1053584 |
|
29-Dec-2010 |
rpluem |
* Fix r1039304 and make the patch similar to the one proposed for
2.2.x: If the SSL handshake to the backend fails we cannot even
sent an HTTP request. So the check needs to happen already when
we sent data not when we receive data. |
71f17ea73e42279193c077e6a42d0e4112ee4b2a 1052314 |
|
23-Dec-2010 |
rpluem |
* The concept of the cleaned flag is flawed: Once we returned the connection
to the pool we cannot longer rely on it as another thread could have leased
the connection in the meantime and might have modified it.
BUT: We only use this flag once we returned the connection to the pool.
So signal that we returned the connection to the pool by something that is
local to the thread, in this case set backend to NULL if we already have
returende the connection. |
094db9f3afd6330001fafce3ef28f111e331cd72 1052224 |
|
23-Dec-2010 |
rpluem |
* Do not fiddle around with the close field if we might have returned the
connection to the pool already. It might be already in use again by another
thread. |
5d92fff82718cd018f0b61a10b9ad4d2b8064c95 1039304 |
|
26-Nov-2010 |
rpluem |
* Put a note in the connection notes that the SSL handshake to the backend
failed such that mod_proxy can put the worker in error state.
PR: 50332
Submitted by: Daniel Ruggeri <DRuggeri primary.net>
Reviewed by: rpluem |
6991110eaf3a131911f039bff0de0bf295df7a7d 1035605 |
|
16-Nov-2010 |
minfrin |
When the proxy closes the backend connection early, force a setaside on
any buckets still outstanding to ensure they've been copied out of the
backend connection's pool and it is safe to release the backend connection. |
1d492700aafec672c1363b7694fc3b9007270641 1035576 |
|
16-Nov-2010 |
minfrin |
Revert r1035504, this was the wrong way to do it. |
dbf39e55f7360fb7250cf2438dd93c637dedfcf1 1035504 |
|
16-Nov-2010 |
minfrin |
Fix pool lifetime issues when the proxy backend connection is terminated
early by forcing a setaside on transient buckets placed in the brigade
by mod_ssl. This has the effect of extending the lifetime of buckets until
the end of the request. This is a variation on the original fix for this
problem, which added transient buckets to be setaside later in the process. |
8e79695f4d6b555e7c82f37fae308e727ce721ec 1030855 |
|
04-Nov-2010 |
minfrin |
Fix a pool lifetime issue: Make sure we clean up our brigade before we
hand the backend connection back to the connection pool. |
5e6cf205d2b0c848e15c65dab9711805395a5108 1026665 |
|
23-Oct-2010 |
minfrin |
mod_proxy: Release the backend connection as soon as EOS is detected,
so the backend isn't forced to wait for the client to eventually
acknowledge the data. |
9e05985e0be2b66a714ce20291c3aa678af682ed 1026636 |
|
23-Oct-2010 |
sf |
Remove needless pool cleanup. ap_pregcomp already registers a cleanup for the
regex. |
4ae65b7656ca5f8e6b91177c3e88b2477711d099 1026187 |
|
22-Oct-2010 |
minfrin |
Fix an inline variable declaration. |
40b22d3b20454959fe51fdc89907908d77701078 1025666 |
|
20-Oct-2010 |
minfrin |
mod_proxy: Move the ProxyErrorOverride directive to have per directory scope. |
b2367b24b678a4af80652d14b8360f9a313708e1 999694 |
|
22-Sep-2010 |
trawick |
axe an unnecessary call to sscanf() when parsing the response line
from the origin server
apr_date_checkmask() already verified the expected text and digit
positions; all that is needed is to cheaply find which digits |
845627c7a6e73aed34b24e119c7a017c8b7a2a64 999288 |
|
21-Sep-2010 |
rpluem |
* LimitRequestBody does not affect Proxy requests (Should it?).
Let it take effect if we decide to store the body in a
temporary file on disk. |
7c66a25db06001672e6ec5485b69bc7f3c342753 986699 |
|
18-Aug-2010 |
jim |
Pull out "does request have a body" logic to a central
canon function and use that for the 100-Continue OK
check.
Should likely also start using this in the various
other places we do this "have body" check thruout
the codebase... |
77c9d291480237cda41fb1f3676960d9f8e34598 986468 |
|
17-Aug-2010 |
jim |
Fix comment and code to be what it should have been/
thx to r and r for spotting this foobar. |
c7d0d7de20dc5d958af98f042f8e8b6c74ee0937 986333 |
|
17-Aug-2010 |
jim |
Further checks for non-body requests... |
3c309aa72e732b29a583a6263db754c73a5346e1 986318 |
|
17-Aug-2010 |
jim |
detab |
1374472d83ce061a431b7f6eeb5e5135fb4cd922 986090 |
|
16-Aug-2010 |
jim |
For backends which are HTTP/1.1, do a quick test (ping)
of the "connection" via 100-Continue for reverse
proxies...
ACO and Filip Hanik also helped out with the idea... |
a0fe49d3cf0227a529a2aa07737e131570a86fc7 953418 |
|
10-Jun-2010 |
rjung |
Use APR_STATUS_IS_TIMEUP instead of direct compare to APR_TIMEUP to
be more safe on different platforms.
Note: This commit has an additional, platform-independent change to
mark the back-end connection for closing ("backend->close = 1;").
That code is not required to resolve CVE-2010-2068 on any platform.
PR: 49417
Addresses CVE-2010-2068 |
c6cf638d68b4cfff4f74ebc360abca97ad38cd71 951900 |
|
06-Jun-2010 |
sf |
- Be less verbose at levels INFO and DEBUG in mod_proxy* and mod_ssl
- Add some trace logging to core and http |
36ef8f77bffe75d1aa327882be1b5bdbe2ff567a 951895 |
|
06-Jun-2010 |
sf |
Use the new APLOG_USE_MODULE/AP_DECLARE_MODULE macros everywhere to take
advantage of per-module loglevels |
0a928873d2a68bc3ea55db5441d41eb9fadacf75 921347 |
|
10-Mar-2010 |
sf |
log remote server port in various places |
77d6f9d5c2a5cab805e9ace265628f3d791b937d 912063 |
|
20-Feb-2010 |
niq |
mod_proxy_http: get the headers right in a HEAD request with ProxyErrorOverride.PR 41646
Analysis by Stuart Children; patch by niq |
e33d0698670fead33dbd7c907363053b9e2be454 909899 |
|
13-Feb-2010 |
minfrin |
mod_proxy_http: Make sure that when an ErrorDocument is served
from a reverse proxied URL, that the subrequest respects the status
of the original request. This brings the behaviour of proxy_handler
in line with default_handler. PR 47106. |
6850c836b8c7c688ef8a8ec280e798e1d0bfbf01 882269 |
|
19-Nov-2009 |
trawick |
fix or complain about some invalid errno references |
3709b26f3370ae89c5324a3c03fab56a93b09ecd 824072 |
|
11-Oct-2009 |
sf |
Allow ProxyPreserveHost to work in <Proxy> sections
PR: 34901 |
53c999a82fcca729dabc8a512b3fb996d61fd814 806920 |
|
23-Aug-2009 |
niq |
Return consistent error status for proxy unable to connect
PR 46971 |
8bed7ee6d97933b958e97e222f37154d83e384e5 790587 |
|
02-Jul-2009 |
jorton |
Security fix for CVE-2009-1890:
* modules/proxy/mod_proxy_http.c (stream_reqbody_cl): Specify the base
passed to apr_strtoff, and validate the Content-Length in the same
way the HTTP_IN filter does. If the number of bytes streamed
exceeds the expected body length, bail out of the loop.
Thanks to: Toadie <toadie643 gmail.com> for reporting and diagnosis of
this issue.
Submitted by: niq, jorton |
0df8f79d2324b131c36955d7e474a735a762f9ee 785661 |
|
17-Jun-2009 |
niq |
mod_proxy_http: fix case sensitivity checking transfer encoding
PR 47383 [Ryuzo Yamamoto] |
45932a847f237b4d8f0667b138bd3f8a15fb53ff 778531 |
|
26-May-2009 |
niq |
Fix IPv6 literal addresses passed to a proxied backend.
PR 47177
Patch by Carlos Garcia Braschi |
8f2700898323915da289644dc1f3ee11a5e5b4ea 760866 |
|
01-Apr-2009 |
rpluem |
* Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives to enable
stricter checking of remote server certificates.
(docs/manual/mod/mod_ssl.xml)
Documentation of SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.
(modules/proxy/mod_proxy_http.c)
Set the hostname of the request URL as note on the connection.
(modules/ssl/ssl_private.h)
Add proxy_ssl_check_peer_expire and proxy_ssl_check_peer_cn fields to
the SSLSrvConfigRec.
(modules/ssl/ssl_engine_config.c)
Directives stuff for SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.
(modules/ssl/ssl_engine_io.c)
Check whether the remote servers certificate is expired / if there is a
mismatch between the requested hostanme and the remote server certificates
CN field.
Be able to parse ASN1 times.
(modules/ssl/mod_ssl.c)
Directives stuff for SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN. |
d94c61883d3945e45bc05e66a604400d41aafe94 733219 |
|
10-Jan-2009 |
covener |
use ap_log_rerror instead of r->server per niq's comments |
8124acdca0fea4b0ee1cb214c1a3dcaeac5c3b85 733127 |
|
09-Jan-2009 |
covener |
pass a server_rec to ap_log_error on two interim response messages |
2e6f0dfb107ab0072192fb8232770652c6b21fcb 712375 |
|
08-Nov-2008 |
rpluem |
* Rip out the old flushing approach for solving lifetime issues between the
backend connection bucket allocator and front end connection bucket allocator.
Instead copy the buckets from the backend over to ones that have been created
using the front end bucket allocator. For metabucket this is done by recreating
them, for data buckets this is done by reading them and putting the read data
in a transient bucket.
PR: 45792 |
e62e65f75ad8387c2a2bf053443222f57640c8c3 707163 |
|
22-Oct-2008 |
jim |
Remove potential for memory leak... allocate on this
request which is now viable due to connection pooling. |
2f72a2c4f0b29df511480ab1d7534df042151605 697362 |
|
20-Sep-2008 |
jim |
For timeouts, behave as before and not drop.
From Adam Woodworth <mirkperl gmail.com> |
31349f08546f996b957d3bb14da7bdeb0d4a83e6 685191 |
|
12-Aug-2008 |
trawick |
comment tweak |
d3b838902cf725b0563b2b5579b351f025e9bf2f 684351 |
|
09-Aug-2008 |
rpluem |
* Introduce environment variable proxy-initial-not-pooled to avoid reusing
pooled connections if the client connection is an initial connection.
This avoids the "proxy: error reading status line from remote server"
error caused by the race condition that the backend server closed the
connection after the connection check on our side and before our data
reached the backend. Yes, this downgrades performance, especially with
HTTP/1.0 clients. Hence it is configurable and off by default.
PR: 37770 |
bf8411516c717f3159835cda70f770162cd6fa4c 666180 |
|
10-Jun-2008 |
jim |
move back to inner loop... fails otherwise |
a1e5e66791ff79c16c2526d1f3ef262f6bdff36e 666154 |
|
10-Jun-2008 |
jim |
Patch for CVE-2008-2364... |
edd8360b88f70911eae47530a848f3d34d183d5d 661508 |
|
30-May-2008 |
rpluem |
* Do this later as we might leave the function anyway without the need for this. |
f66adfbe73a6cbad477dd15b02e3eb7cb3779244 661506 |
|
30-May-2008 |
rpluem |
* According to RFC 2616 8.2.3 we are not allowed to forward an
Expect: 100-continue to an HTTP/1.0 server. Instead we MUST return
a HTTP_EXPECTATION_FAILED. |
5743e0223d37bef3cd5e536cb7749dddf326786f 660726 |
|
27-May-2008 |
rpluem |
* mod_proxy_http.c
Ensure that the EOC bucket is inserted BEFORE an EOS bucket in bb as
some resource filters like mod_deflate pass everything up to the EOS
down the chain immediately and sent the remainder of the brigade later
(or even never). But in this case the ap_http_header_filter does not
get out of our way soon enough.
http_filters.c
Remove all data buckets that are in a brigade after an EOC bucket
was seen, as an EOC bucket tells us that no (further) resource
and protocol data should go out to the client. OTOH meta buckets
are still welcome as they might trigger needed actions down in
the chain (e.g. in network filters like SSL).
Remark 1: It is needed to dump ALL data buckets in the brigade
since an filter in between might have inserted data
buckets BEFORE the EOC bucket sent by the original
sender and we do NOT want this data to be sent.
Remark 2: Dumping all data buckets here does not necessarily mean
that no further data is send to the client as:
1. Network filters like SSL can still be triggered via
meta buckets to talk with the client e.g. for a
clean shutdown.
2. There could be still data that was buffered before
down in the chain that gets flushed by a FLUSH or an
EOS bucket.
PR: 37770 |
b4645fd96f3eee2cf60d1e3f1c682418c79593a6 654978 |
|
10-May-2008 |
minfrin |
Remove extra cruft that ended up in a commit. |
4cf58054a85830c67dc23890ee613f62e1f7bdc8 654968 |
|
10-May-2008 |
minfrin |
core, mod_proxy: If a kept_body is present, it becomes safe for
subrequests to support message bodies. Make sure that safety
checks within the core and within the proxy are not triggered
when kept_body is present. This makes it possible to embed
proxied POST requests within mod_include. |
90f131b6ff96bc2adef8534c8dc12136c504833c 650026 |
|
21-Apr-2008 |
jfclere |
Typo. |
f6940effe0545e646003932940b1eb636344bf06 649922 |
|
20-Apr-2008 |
jim |
Set at init time, and combine comments |
0f1e6e90cf575408293a9cf4276c2c5ec9171c3d 649840 |
|
19-Apr-2008 |
rpluem |
* Do not add the query string again in the case that we are using the
unparsed uri.
PR: 44803 |
638f1e58d1cab42397613af5155264832e3365d8 649239 |
|
17-Apr-2008 |
jim |
handle ? in cases where nocanon is in effect |
4bceff39f96a979b76e1dbef0d2e004ca0546f43 645813 |
|
08-Apr-2008 |
rpluem |
* In the case that we fail to read the response line from the backend and if
we are a reverse proxy request shutdown the connection WITHOUT ANY response
to trigger a retry by the client if allowed (as for idempotent requests).
BUT currently we should not do this if the request is the first request on
a keepalive connection as browsers like seamonkey only display an empty page
in this case and do not do a retry.
Related to PR 37770 |
a445d53a071fe153e78a0a60790208a6832df514 617653 |
|
01-Feb-2008 |
rpluem |
* Fix comment. No functional change. |
56d36eb430d390805c97ba4774d5b79352964c4a 616517 |
|
29-Jan-2008 |
rpluem |
* Fix processing of chunked responses if Connection: Transfer-Encoding is
set in the response of the proxied system.
PR: 44311 |
33159d1d1291b676697c154830134500e793e66b 611292 |
|
11-Jan-2008 |
covener |
*) mod_proxy_http: Return HTTP status codes instead of apr_status_t
values for errors encountered while forwarding the request body
PR 44165 [Eric Covener]
See also PR 31759 / r448711 |
ef79eba84348e4f8c99402de06afa2237a856049 602542 |
|
08-Dec-2007 |
rpluem |
* Enable the proxy to keep connections persistent in the HTTPS case.
Basicly the persistence is created by keeping the conn_rec structure
created for our backend connection (whether http or https) in the connection
pool. This required to adjust scoreboard.c in a way that its functions can
properly deal with a NULL scoreboard handle by ignoring the call or returning
an error code. |
3347ef7496eff25aaca86b2852a14bab667d0e34 588806 |
|
27-Oct-2007 |
niq |
Add option not to send&clear response headers in ap_send_interim_response.
We'll need this option to fix PR#43711, and ap_send_interim_response
is fortunately too new an API to have made it into anything stable. |
28fe44817329b1183f64e878c258962f90423a8d 588791 |
|
27-Oct-2007 |
niq |
mod_proxy: add "nocanon" keyword to ProxyPass, to suppress
URI-canonicalisation in a reverse proxy.
PR 41798 |
413bf83d5841b49045d1f48e3717c9d69dd1d2dc 583813 |
|
11-Oct-2007 |
jorton |
* modules/proxy/mod_proxy_http.c (ap_proxy_http_register_hook): Fix
apr_pool_cleanup_register() invocation added in r583202, which was
causing every apr_proc_create() call to segfault. |
8b2ce8434a9e456ce7de2893dffb4a0f585cb1d3 583803 |
|
11-Oct-2007 |
jim |
(forward) proxy should not be verifying/checking for
valid chars in a URI... pass through. |
c1e779271d23e48fc3726c2473ccb3cdef79c449 583466 |
|
10-Oct-2007 |
jim |
Abstract out "verification of valid encoding" via
ap_proxy_isvalidenc(). Now we can use it in other
proxy protocols. |
51cba7eb0b8db1f99eb23a294f1d3715acc21837 583205 |
|
09-Oct-2007 |
niq |
missing include! |
62c53a0dab4c85bfc6a5ab9abfb1b269d9f7458d 583002 |
|
09-Oct-2007 |
niq |
mod_proxy_http: Don't unescape/escape forward proxied URLs. Just check them.
PR 42592
also add fix to PR42572 to CHANGES (from r563487/r563489) |
07cca92235c78f1b206a32c45c5283fefcf9e626 582655 |
|
07-Oct-2007 |
niq |
Purge tabs in r582631 |
c6f2d0c33368d0ff719e176c3bef9c2ea5177d43 582631 |
|
07-Oct-2007 |
niq |
mod_proxy_http: Correctly forward unexpected interim (HTTP 1xx) responses.
PR 16518 |
70bf33759daeae85de5fd54a72222771c3801cb9 581030 |
|
01-Oct-2007 |
niq |
No change, but they won't let me have foo
(and ... this is the module with a function addit_dammit !!!) |
26b3536faba2adf259e19db7af8d9b63adaa5503 580782 |
|
30-Sep-2007 |
niq |
Proxy: remove Warning headers with wrong date
PR 16138 |
b8a8c73ea06e78469a3e0386b6c651dadb36dcec 580465 |
|
28-Sep-2007 |
niq |
Fix typo in header name "Trailer" |
c43cc3be552d386b6063f05478d21ed4bd61b4c7 580457 |
|
28-Sep-2007 |
niq |
Fix processing of Connection headers in proxy
PR 43509 |
24a97ba8b0a6bfd5ccdb1894e0d5241e46e080d6 580060 |
|
27-Sep-2007 |
niq |
Fix adding out Via header in proxy response
PR 19439 |
7e5af356ff51d737433c39c0ea0b04e3bf29b241 580044 |
|
27-Sep-2007 |
niq |
Strip hop-by-hop headers in proxy response |
70426f647106ef2715f722d1af1cd207cfe4d521 580019 |
|
27-Sep-2007 |
niq |
Formatting. No functional change. |
8ae289856daee5ebb9b938d6a29a1ec91c7d1b04 577349 |
|
19-Sep-2007 |
jfclere |
Remove tabs. |
1efd3be6ec6b22c0b40c3f864baa2a8a138f6e0d 574021 |
|
09-Sep-2007 |
niq |
Propagate Proxy-Authorization header correctly
PR 25947
RFC2616 tells us:
(1) If we haven't authenticated, we must pass the header on.
(2) If we have authenticated, we MAY pass it on.
I've made the latter case configurable by ENV(Proxy-Chain-Auth).
Also, Proxy-Authenticate is a response header, and doesn't belong
in a check of request headers. |
71518f6965caf333f8c993e4c8c0641927ea1927 572000 |
|
02-Sep-2007 |
niq |
Fix proxy-sendchunk(s|ed) problem
PR 43183 |
6be4432d7ac8316c54365bd27545b8fe7b5ecf39 571002 |
|
30-Aug-2007 |
niq |
proxy_http: don't wait for response body in a HEAD
PR 41644 [Stuart Children] |
4ed8a24fdbff96ec2f12653ebeb79595f0a76a43 561778 |
|
01-Aug-2007 |
jfclere |
create the brigate outside ap_proxygetline and reuse it.
correct the overflow handling. (returning APR_ENOSPC was
changing the behaviour). |
c4eb6d2919190ad8df937ff283d91713f34cf667 549420 |
|
21-Jun-2007 |
jfclere |
Improve traces in ap_proxy_http_process_response().
That will help to investigate PR 37770. (errors from backend :-)). |
5d6c71a689673bb35e07784d8e35239845142118 527969 |
|
12-Apr-2007 |
trawick |
HTTP proxy ProxyErrorOverride: Leave 1xx and 3xx responses alone. Only
processing of error responses (4xx, 5xx) will be altered.
PR: 39245
This is based on a patch submitted by Bart van der Schans <schans hippo.nl>
and tweaked slightly by me based on discussions on dev@ since April 2006.
I think rpleum was the first to mention the 1xx issue. |
46d9ad15df83d36d5f06076c0b82f68b65677da7 495808 |
|
13-Jan-2007 |
jerenkrantz |
Re-add "proxy-sendextracrlf" first introduced in r157478 and silently removed
in r219224. |
39faded00972708f78af1613f895061b95afec3f 486320 |
|
12-Dec-2006 |
rpluem |
* Handle request bodies larger than 2 GB by converting the Content-Length
header string of the request correctly to apr_off_t.
PR: 40883 |
ab23c029fe5ac15437803ea0de288a2526ffda95 437768 |
|
28-Aug-2006 |
jim |
Minor nit: why make the logic more complex than it needs to
be ? :) |
c1b34185c08311a96e54251f7d9a2df1009e3dc6 427959 |
|
02-Aug-2006 |
mturk |
Cleanup: Remove close_on_recycle from proxy_conn_rec.
It behaves the same as close. |
842ae4bd224140319ae7feec1872b93dfd491143 420983 |
|
11-Jul-2006 |
fielding |
update license header text |
0c9166d0186cf0e1ad397025f730ae6967f44ce6 414238 |
|
14-Jun-2006 |
jorton |
* server/core.c (default_handler): Use apr_brigade_insert_file() to
append the file to the brigade.
* server/protocol.c (ap_send_fd),
modules/proxy/mod_proxy_http.c (spool_reqbody_cl),
modules/cache/mod_mem_cache.c (recall_body),
modules/cache/mod_disk_cache.c (recall_body),
modules/mappers/mod_negotiation.c (handle_map_file),
modules/generators/mod_asis.c (asis_handler),
modules/dav/fs/repos.c [DEBUG_GET_HANDLER] (dav_fs_deliver),
modules/arch/win32/mod_isapi.c (ServerSupportFunction): Likewise. |
3d81f57512275ca06a60a9bcbd23c1f8b429fdf2 395228 |
|
19-Apr-2006 |
colm |
Update the copyright year in all .c, .h and .xml files |
95aaebc2605a69993e61418bdfe88001c2b2a5a1 394088 |
|
14-Apr-2006 |
rpluem |
* Avoid calling ap_proxy_http_cleanup twice as this releases a connection
from the connection pool twice. This causes this connection to be present
in the connection pool twice. Thus it may be used by different threads
at the same time which causes many troubles (segfaults in this case).
Furthermore implement a logic to prevent double releases to the connection
pool if they are triggered by buggy code and log an error message in this
case.
- mod_proxy_http.c: remove double calls to ap_proxy_http_cleanup
- proxy_util.c: Add logic to prevent double releases of a
connection to the connection pool.
PR: 38793 |
bbc8cf0c3fdbf9107684b6e86a9c8228a630e885 379237 |
|
20-Feb-2006 |
rpluem |
* Disable persistent connections for SSL backends again as we do not
handle them correctly, because we recreate backend->connection for each
request and thus try to initialize an already existing SSL connection.
Noticed by: Joe Orton |
784e72b9673ae72f981ae5ee062330bc30ad9efc 378032 |
|
15-Feb-2006 |
jim |
*) mod_proxy: Fix KeepAlives not being allowed and set to
backend servers. PR38602. [Ruediger Pluem, Jim Jagielski]
Also, document previous patch:
*) Correctly initialize mod_proxy workers, which use a
combination of local and shared datasets. Adjust logging
to better trace usage. PR38403. [Jim Jagielski] |
ee34e916a3599b78e9a0f3720e990e50a6efa090 377525 |
|
13-Feb-2006 |
rpluem |
* Use the correct pool for apr_table_copy. Otherwise we trigger the bad pool
ancestry abort in apr_table_copy if apr is compiled with APR_POOL_DEBUG.
Noticed by: Joe Orton |
6a343bf5fd13a8b7b74d879c212329826d6b41ca 377057 |
|
11-Feb-2006 |
rpluem |
* Do not close the backend connection, because the client sent a
Connection: close header.
PR: 38524 |
a5ed7c7d598cb9494e167aaae4bd6beb5f4ff01c 377053 |
|
11-Feb-2006 |
rpluem |
* Do not remove the connection headers from r->headers_in. They are needed
by the http output filter to create the correct connection response headers.
Instead work on a copy of r->headers_in.
PR: 38524 |
e61a301ed2e8cbea49e48d42cd136e4334d31ea3 366279 |
|
05-Jan-2006 |
rpluem |
* Call ap_proxy_http_cleanup after ap_log_rerror because it resets
backend->hostname to NULL. |
cfaddd01e7b021261a1682d0265894b40834f4cb 365374 |
|
02-Jan-2006 |
rpluem |
* Correctly signal broken backend connections up the chain also for the ajp
backend (see also r357461). Furthermore move common code in mod_proxy_http.c
and mod_proxy_ajp.c into a new function (ap_proxy_backend_broke) in
proxy_util.c.
modules/proxy/mod_proxy_ajp.c : Signal broken backend connection for ajp backend
modules/proxy/proxy_util.c : Add ap_proxy_backend_broke
modules/proxy/mod_proxy_http.c: - Use ap_proxy_backend_broke
- Return DONE also if backend broke
modules/proxy/mod_proxy.h : Add declaration of ap_proxy_backend_broke |
6d1f0379933666d542a76acadf02786aec692280 358022 |
|
20-Dec-2005 |
jim |
Morph the ap_http_broken_backend_filter() proxy "specific"
filter to a generic http error handling output filter. |
269457ff24416ce42a2b810fd0b8c6e62a04cbf3 357461 |
|
18-Dec-2005 |
rpluem |
* If the mod_proxy backend connection broke in the middle of the response,
then
- Do not cache it.
- Signal the client that something went wrong by closing the connection
and not sending the last-chunk marker if the response was T-E chunked.
server/core_filters.c : Close the connection to the client by setting
c->keepalive to AP_CONN_CLOSE.
modules/http/chunk_filter.c : Do not send last-chunk marker in the case
the backend broke.
modules/proxy/mod_proxy_http.c: Signal that the backend connection broke.
modules/cache/mod_disk_cache.c: Respect r->no_cache for discarding the response
Submitted by: Roy T. Fielding, Jim Jagielski, Ruediger Pluem
Reviewed by: Roy T. Fielding, Jim Jagielski, Ruediger Pluem |
62c48ce0fc62af721a6ee30a74cfc664c9714583 355853 |
|
11-Dec-2005 |
rpluem |
* revert r355823 and r355837 |
5c7ac1d1917c534320143462fe68624af7af0c66 355823 |
|
11-Dec-2005 |
rpluem |
* Move handling of backends that broke after the headers have been sent
into the proxy handler of mod_proxy.
This patch still sets r->connection->aborted to 1 which is currently
vetoed by Roy. Moving it from the scheme handler to the proxy handler
should ease the reimplementation of this, as the scheme handlers only
needs to return PROXY_BACKEND_BROKEN to signal the above situation to
the proxy handler.
mod_proxy.h: Add define for PROXY_BACKEND_BROKEN
mod_proxy.c: Handle PROXY_BACKEND_BROKEN in proxy handler
mod_proxy_http.c: Sent back PROXY_BACKEND_BROKEN if backend broke
after we sent the headers. |
56d981121b1f1c180e8e0937fc97f99589925d39 354636 |
|
07-Dec-2005 |
jerenkrantz |
Add a comment and use proper grammar for another comment.
(No functional changes.) |
c1e9dd034870fa337890e93d3dba8de37ceed122 354628 |
|
07-Dec-2005 |
jerenkrantz |
If we get an error reading the upstream response, we should bail.
Reported by: Brian Akins |
e8f95a682820a599fe41b22977010636be5c2717 332306 |
|
10-Nov-2005 |
jim |
No functional Change: Removing trailing whitespace. This also
means that "blank" lines consisting of just spaces or
tabs are now really blank lines |
a6ea86151dd968120a12b48867d45947ef2bb9da 327590 |
|
21-Oct-2005 |
rpluem |
* Fix PR37145 (data loss with httpd-2.0.55 reverse proxy method=post) by
exchanging APR_BRIGADE_CONCAT with ap_save_brigade to ensure that
transient buckets get setaside correctly between various iterations of
ap_get_brigade calls.
Reviewed by: Joe Orton, William Rowe, Jim Jagielski, Jeff Trawick |
f86b4df17588d404f3da535a8054f43b0642f92a 231355 |
|
11-Aug-2005 |
niq |
Fix ProxyPassReverse & family to work correctly in <Location> |
0a03612030c43145c5d6a683e25cc3ed2062cbbe 231114 |
|
09-Aug-2005 |
jorton |
* modules/proxy/mod_proxy_http.c (stream_reqbody_cl): Fix gcc warning. |
735417c737363f51002712c58d43043fcfba4a66 231046 |
|
09-Aug-2005 |
wrowe |
Hopefully, address the last edge case where status may
be uninitialized. Asserts in non-debug builds are bad things,
anyways, so this is probably more correct. This should fix
-Werror compile warning observed by Joe Orton. |
696c0f406f07038c8205707b6343dd3b3d8bff73 230745 |
|
08-Aug-2005 |
wrowe |
Two blank lines for clarity; whitespace only change. |
8ad6635b8bb6a9a2fd7ca0b30e70ff8f8f725fa8 230739 |
|
08-Aug-2005 |
wrowe |
We already accept 80 bytes less than the client body's anticipated
size, so we don't need to also prefetch an extra 1024 bytes; this
was redundant. |
b63ff4726b72c0b92cbe9ef74eb01a62250f61dc 230735 |
|
08-Aug-2005 |
wrowe |
Drop an impossible case; the while() loop already protected us
from this situation. |
3bc18e2f9806986957a2ccf00080c733334999ab 230733 |
|
08-Aug-2005 |
wrowe |
Fix a double-termination case in svn trunk/; we terminated the
headers up-front knowing the resulting headers were already
correctly composed. |
9f0091ad00ac006b5073a143e715ad93f96a56dd 230718 |
|
08-Aug-2005 |
wrowe |
An impossible-to-hit edge case today; we described the request
as chunked - and if chunked always send the body termination "0"
chunk header.
Roy's requested change that we always send a body we could read
in full as a C-L request ensures this code wasn't triggered; some
change in the future could again reveal this edge case. |
c71a410c6e9843306ca9763ea2624eda1679ca97 224721 |
|
25-Jul-2005 |
jorton |
* modules/proxy/mod_proxy_http.c (stream_reqbody_cl): Fix format
string error.
(ap_proxy_http_request): Restore default case in rb_method switch to
fix gcc warnings. |
82a79ca8103475eda1373a33b07f465ca76b3d7c 219533 |
|
18-Jul-2005 |
wrowe |
Yet another snafu in body handling. We need to clearly avoid any
ap_get_brigade or request body processing in every *subrequest*
proxy action. The new code introduced more chaos because we read
the request body irrespective of any bogus header handling bugs.
This requires a goto, and yes, that sucks :) But this is one of those
oddball cases where jumping away makes more sense than tons of indented
code, IMHO. And if you count the number of goto's I've committed to
httpd, you know I avoid them like the plague.
I woulda' suggestd to jorton to take a flying carnal act, except that
each time he points me back to the 2.0 patch, I catch another entirely
bogus choice within the old/new httpd-2.x request body code :)
I've bumped the 2.0 patch to correspond; see
http://people.apache.org/~wrowe/httpd-2.0-proxy-request-4.patch |
4954fe952c5083559b09c4b49944c6deefd64307 219430 |
|
18-Jul-2005 |
wrowe |
Fix broken while () {} loops (lingering code from the old logic),
closes an infinite loop in the most recent version. Init the cl_val
to prevent failure of zero length bodies in the most recent version.
Use 'request body' instead of 'data' to describe any errors.
Finally, loop around ap_get_brigade to grab multiple chunks that still
fall below our MAX_MEM_SPOOL threshold, since the chunk decoding from
the client will pass up just one small chunk per ap_get_brigade call. |
6bb775cd24eca4cb8d939f6d2fa698c5d7158e8f 219224 |
|
15-Jul-2005 |
wrowe |
On Roy's suggestion; why wait to try to clear out the input
stream if it is smaller than MAX_MEM_SPOOL? Do this upfront
before dispatching to a body handler.
This means changing each of the three body pumps to presume
a preexisting input_brigade was already loaded, so turn around
their loop conditions. |
59b97f3c9016da459511514cf53382898b2107e8 219223 |
|
15-Jul-2005 |
wrowe |
Fix a style problem; b is ambigous (is it a brigade or bucket?)
bb is far less ambigous. |
2af39f4b2041bc1126bfd51105573ee68e36c562 219221 |
|
15-Jul-2005 |
wrowe |
leaving force-proxy-request-1.0 for broken clients, revert my
patch for forcing an HTTP/1.0 proxy request, if the client
request is HTTP/1.0, per Roy. |
af2b383947f62d33ad7de5b68a1ba08c031d8277 219057 |
|
14-Jul-2005 |
wrowe |
Missed an edge case; once we know the C-L didn't match, it's
time to shut down the body already. Finish reading from the
client but do nothing else, returning an error. |
4d3ee33c1047b89e2860fbf095c77ad245910983 218978 |
|
14-Jul-2005 |
wrowe |
How can I fix thee? let me count the ways...
* pass a chunked body always (no-body requests don't go chunked).
* validate that the C-L counted body length doesn't change.
* follow RFC 2616 for C-L / T-E in the request body C-L / T-E
election logic.
* do not forward HTTP/1.0 requests as HTTP/1.1, unless the admin
configures force-proxy-request-1.1
* conn was illegible, use 2.0's p_conn. |
f1bf05a64c3a9b627279095d277e146bd1bb77f3 216159 |
|
13-Jul-2005 |
wrowe |
Fix two fat-fingered typos from commit 216156. Code matches previous
behavior now; time to start fixing. |
ede5a72e6851f56775e47cc6ff2a5c0ed6a4c1b1 216156 |
|
13-Jul-2005 |
wrowe |
send_request_body and indentation made it very difficult to follow
all the mistakes in this code. Fold send_request_body into reindent
to make the pattern clear and skip some extra string handling.
Little functional change, that comes next. |
edc346c3223efd41e6a2057c37cea69744b73dcc 216111 |
|
13-Jul-2005 |
wrowe |
End abuse of apr_strnat[case]cmp - it isn't str[case]cmp.
Unsure if apr_strnatcasecmp(conf_ip, uri_ip) was intentional, on the
off chance that the left or right hand ip string happens to contain
leading zeros. |
f62c4a5a8860b52e773652ea498d243be1d5dec9 209836 |
|
08-Jul-2005 |
wrowe |
Fix a ton of wrong/silly indention, and clarify the fix-notes |
41f2764385330bfa0eb5843aa04f4e768577e2b0 193205 |
|
23-Jun-2005 |
trawick |
proxy HTTP: If a response contains both Transfer-Encoding and a
Content-Length, remove the Content-Length and don't reuse the
connection, stopping some HTTP Request smuggling attacks. |
6bfafe3dee38069dc46496151245ccfb8faa0367 159671 |
|
01-Apr-2005 |
jorton |
* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response):
Don't send an EOS after an interim response. |
eb51282d6c8dff35b761120ce19c9d5bcf67f6f8 159534 |
|
31-Mar-2005 |
striker |
* modules/proxy/mod_proxy_http.c
(ap_proxy_http_process_response): Fix a comment. |
7af382f89300d154d8d60f8ff353d8e300a297a9 159533 |
|
31-Mar-2005 |
striker |
* modules/proxy/mod_proxy_http.c
(ap_proxy_http_process_response): When there are only headers and no body,
give the remainder of the output filters a chance by pushing an EOS bucket
through the filter stack. |
e777da9fa7ff3138fead7860b53ef00e67a40e26 157478 |
|
14-Mar-2005 |
jerenkrantz |
mod_proxy: Add proxy-sendextracrlf option to send an extra CRLF at the
end of the request body to work with really old HTTP servers.
* modules/proxy/mod_proxy_http.c
(stream_reqbody_cl, spool_reqbody_cl): If proxy-sendextracrlf option is
present, append a CRLF to the body stream that isn't counted against CL. |
9245713a44447d17e51494a37605f8c875770a98 155209 |
|
24-Feb-2005 |
jorton |
* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response): Fix
spurious error at EOF.
PR: 33615 |
53e5fa16af2d42d8c91bc78dc1e1dc2824b63dfa 152676 |
|
08-Feb-2005 |
jim |
If we rec' a bad response header line, ignore what we've
rec'd so far and force BAD_GATEWAY. |
0ab36076c862846bb33365b35614ae9eb2f13535 151722 |
|
07-Feb-2005 |
jim |
Better handle the case where ProxyBadHeader StartBody is
in effect and we think we've started reading in the
response body. Take advantage of the fact that the
line read is still in buffer (and document that)
to allow us to add to the bb. |
08cb74ca432a8c24e39f17dedce527e6a47b8001 151408 |
|
04-Feb-2005 |
jerenkrantz |
Update copyright year to 2005 and standardize on current copyright owner line. |
5aeeae80488b85e764f8ca325ddeb8910d7f660c 151246 |
|
04-Feb-2005 |
striker |
Also translate Destination headers when ProxyPassReverse'd
* modules\proxy\mod_proxy_http.c
(process_proxy_header): reverse map Destination header.
NOTE: This is some darn nasty looking code...
* modules\proxy\ajp_header.c
(ajp_unmarshal_response): reverse map Destination header. |
bf1e7c075ccc3e6597d17de7641332ff6ff92e8a 151238 |
|
03-Feb-2005 |
striker |
Rename proxy modules.
* modules\proxy\mod_proxy_ajp.c
* modules\proxy\mod_proxy_balancer.c
* modules\proxy\mod_proxy_connect.c
* modules\proxy\mod_proxy_ftp.c
* modules\proxy\mod_proxy_http.c
Renamed from proxy_{ajp,balancer,connect,ftp,http}.c
* modules\proxy\mod_proxy_ajp.dsp
* modules\proxy\mod_proxy_balancer.dsp
* modules\proxy\mod_proxy_connect.dsp
* modules\proxy\mod_proxy_ftp.dsp
* modules\proxy\mod_proxy_http.dsp
Update references to renamed files.
* modules\proxy\NWGNUproxyajp
* modules\proxy\NWGNUproxybalancer
* modules\proxy\NWGNUproxycon
* modules\proxy\NWGNUproxyftp
* modules\proxy\NWGNUproxyhtp
Update references to renamed files. |