1088N/A<?
xml version="1.0" encoding="ISO-8859-1"?>
0N/A XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 919N/A This file is generated from xml source: DO NOT EDIT 919N/A XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 919N/A<
title>Request Processing in the Apache HTTP Server
2.x - Apache HTTP Server</
title>
919N/A<
body id="manual-page"><
div id="page-header">
919N/A<
p class="apache">Apache HTTP Server Version 2.5</
p>
919N/A<
div class="up"><
a href="./"><
img title="<-" alt="<-" src="/images/left.gif" /></
a></
div>
0N/A <
div class="warning"><
h3>Warning</
h3>
606N/A <
p>Warning - this is a first (fast) draft that needs further
0N/A <
p>Several changes in 2.0 and above affect the internal request
0N/A processing mechanics. Module authors need to be aware of these
0N/A changes so they may take advantage of the optimizations and
0N/A security enhancements.</
p>
0N/A <
p>The first major change is to the subrequest and redirect
0N/A mechanisms. There were a number of different code paths in
36N/A the Apache HTTP Server 1.3 to attempt to optimize subrequest
168N/A or redirect behavior. As patches were introduced to 2.0, these
0N/A optimizations (and the server behavior) were quickly broken due
0N/A to this duplication of code. All duplicate code has been folded
851N/A back into <
code>ap_process_request_internal()</
code> to prevent
851N/A the code from falling out of sync again.</
p>
0N/A <
p>This means that much of the existing code was 'unoptimized'.
639N/A It is the Apache HTTP Project's first goal to create a robust
168N/A and correct implementation of the HTTP server RFC. Additional
0N/A goals include security, scalability and optimization. New
0N/A methods were sought to optimize the server (beyond the
0N/A performance of 1.3) without introducing fragile or
0N/A<
div id="quickview"><
ul id="toc"><
li><
img alt="" src="/images/down.gif" /> <
a href="#processing">The Request Processing Cycle</
a></
li>
0N/A<
li><
img alt="" src="/images/down.gif" /> <
a href="#parsing">The Request Parsing Phase</
a></
li>
0N/A<
li><
img alt="" src="/images/down.gif" /> <
a href="#security">The Security Phase</
a></
li>
0N/A<
li><
img alt="" src="/images/down.gif" /> <
a href="#preparation">The Preparation Phase</
a></
li>
0N/A<
li><
img alt="" src="/images/down.gif" /> <
a href="#handler">The Handler Phase</
a></
li>
0N/A<
div class="top"><
a href="#page-header"><
img alt="top" src="/images/up.gif" /></
a></
div>
0N/A<
div class="section">
0N/A<
h2><
a name="processing" id="processing">The Request Processing Cycle</
a></
h2>
0N/A <
p>All requests pass through <
code>ap_process_request_internal()</
code>
0N/A in <
code>
request.c</
code>, including subrequests and redirects. If a module
0N/A doesn't pass generated requests through this code, the author is cautioned
0N/A that the module may be broken by future changes to request
0N/A <
p>To streamline requests, the module author can take advantage
0N/A of the hooks offered to drop out of the request cycle early, or
0N/A to bypass core hooks which are irrelevant (and costly in
0N/A</
div><
div class="top"><
a href="#page-header"><
img alt="top" src="/images/up.gif" /></
a></
div>
0N/A<
h2><
a name="parsing" id="parsing">The Request Parsing Phase</
a></
h2>
0N/A <
h3><
a name="unescape" id="unescape">Unescapes the URL</
a></
h3>
0N/A <
p>The request's <
code>parsed_uri</
code> path is unescaped, once and only
0N/A once, at the beginning of internal request processing.</
p>
0N/A <
p>This step is bypassed if the proxyreq flag is set, or the
0N/A control of this one-time unescape operation, either failing to
0N/A unescape or multiply unescaping the URL leads to security
633N/A <
h3><
a name="strip" id="strip">Strips Parent and This Elements from the
0N/A <
p>All <
code>/../</
code> and <
code>/./</
code> elements are
0N/A removed by <
code>ap_getparents()</
code>. This helps to ensure
0N/A the path is (nearly) absolute before the request processing
0N/A <
p>This step cannot be bypassed.</
p>
0N/A <
h3><
a name="inital-location-walk" id="inital-location-walk">Initial URI Location Walk</
a></
h3>
0N/A <
p>Every request is subject to an
0N/A <
code>ap_location_walk()</
code> call. This ensures that
0N/A <
code class="directive"><
a href="/mod/core.html#location"><Location></
a></
code> sections
0N/A are consistently enforced for all requests. If the request is an internal
0N/A redirect or a sub-request, it may borrow some or all of the processing
0N/A from the previous or parent request's ap_location_walk, so this step
0N/A is generally very efficient after processing the main request.</
p>
0N/A <
h3><
a name="translate_name" id="translate_name">translate_name</
a></
h3>
0N/A <
p>Modules can determine the file name, or alter the given URI
0N/A translate the URI's path into the configured virtual host,
0N/A <
code class="module"><
a href="/mod/mod_alias.html">mod_alias</
a></
code> will translate the path to an alias path,
0N/A and if the request falls back on the core, the <
code class="directive"><
a href="/mod/core.html#documentroot">DocumentRoot</
a></
code> is prepended to the request resource.</
p>
0N/A <
p>If all modules <
code>DECLINE</
code> this phase, an error 500 is
0N/A returned to the browser, and a "couldn't translate name" error is logged
0N/A <
h3><
a name="map_to_storage" id="map_to_storage">Hook: map_to_storage</
a></
h3>
0N/A <
p>After the file or correct URI was determined, the
0N/A appropriate per-dir configurations are merged together. For
0N/A example, <
code class="module"><
a href="/mod/mod_proxy.html">mod_proxy</
a></
code> compares and merges the appropriate
0N/A If the URI is nothing more than a local (non-proxy) <
code>TRACE</
code>
0N/A request, the core handles the request and returns <
code>DONE</
code>.
0N/A If no module answers this hook with <
code>OK</
code> or <
code>DONE</
code>,
0N/A the core will run the request filename against the <
code class="directive"><
a href="/mod/core.html#directory"><Directory></
a></
code> and <
code class="directive"><
a href="/mod/core.html#files"><Files></
a></
code> sections. If the request
0N/A 'filename' isn't an absolute, legal filename, a note is set for
0N/A later termination.</
p>
0N/A <
h3><
a name="location-walk" id="location-walk">URI Location Walk</
a></
h3>
0N/A <
p>Every request is hardened by a second
0N/A <
code>ap_location_walk()</
code> call. This reassures that a
0N/A translated request is still subjected to the configured
0N/A <
code class="directive"><
a href="/mod/core.html#location"><Location></
a></
code> sections.
0N/A The request again borrows some or all of the processing from its previous
633N/A <
code>location_walk</
code> above, so this step is almost always very
0N/A efficient unless the translated URI mapped to a substantially different
0N/A path or Virtual Host.</
p>
0N/A <
h3><
a name="header_parser" id="header_parser">Hook: header_parser</
a></
h3>
0N/A <
p>The main request then parses the client's headers. This
0N/A prepares the remaining request processing steps to better serve
0N/A the client's request.</
p>
0N/A</
div><
div class="top"><
a href="#page-header"><
img alt="top" src="/images/up.gif" /></
a></
div>
0N/A<
div class="section">
0N/A<
h2><
a name="security" id="security">The Security Phase</
a></
h2>
0N/A <
p>Needs Documentation. Code is:</
p>
0N/A <
div class="example"><
pre>
606N/A if ((access_status = ap_run_access_checker(r)) != 0) {
606N/A return decl_die(access_status, "check access", r);
0N/A if ((access_status = ap_run_check_user_id(r)) != 0) {
0N/A return decl_die(access_status, "check user", r);
0N/A if ((access_status = ap_run_auth_checker(r)) != 0) {
0N/A return decl_die(access_status, "check authorization", r);
606N/A</
div><
div class="top"><
a href="#page-header"><
img alt="top" src="/images/up.gif" /></
a></
div>
0N/A<
h2><
a name="preparation" id="preparation">The Preparation Phase</
a></
h2>
0N/A <
h3><
a name="type_checker" id="type_checker">Hook: type_checker</
a></
h3>
0N/A <
p>The modules have an opportunity to test the URI or filename
0N/A against the target resource, and set mime information for the
0N/A name or contents against the administrator's configuration and set the
0N/A content type, language, character set and request handler. Some modules
606N/A may set up their filters or other request handling parameters at this
0N/A <
p>If all modules <
code>DECLINE</
code> this phase, an error 500 is
0N/A returned to the browser, and a "couldn't find types" error is logged
0N/A <
h3><
a name="fixups" id="fixups">Hook: fixups</
a></
h3>
0N/A <
p>Many modules are 'trounced' by some phase above. The fixups
0N/A phase is used by modules to 'reassert' their ownership or force
0N/A the request's fields to their appropriate values. It isn't
0N/A always the cleanest mechanism, but occasionally it's the only
606N/A</
div><
div class="top"><
a href="#page-header"><
img alt="top" src="/images/up.gif" /></
a></
div>
0N/A<
div class="section">
0N/A<
h2><
a name="handler" id="handler">The Handler Phase</
a></
h2>
0N/A <
p>This phase is <
strong>not</
strong> part of the processing in
0N/A <
code>ap_process_request_internal()</
code>. Many
0N/A modules prepare one or more subrequests prior to creating any
0N/A content at all. After the core, or a module calls
0N/A <
code>ap_process_request_internal()</
code> it then calls
0N/A <
code>ap_invoke_handler()</
code> to generate the request.</
p>
0N/A <
h3><
a name="insert_filter" id="insert_filter">Hook: insert_filter</
a></
h3>
0N/A <
p>Modules that transform the content in some way can insert
0N/A their values and override existing filters, such that if the
0N/A user configured a more advanced filter out-of-order, then the
0N/A module can move its order as need be. There is no result code,
0N/A so actions in this hook better be trusted to always succeed.</
p>
606N/A <
h3><
a name="hook_handler" id="hook_handler">Hook: handler</
a></
h3>
606N/A <
p>The module finally has a chance to serve the request in its
0N/A handler hook. Note that not every prepared request is sent to
0N/A the handler hook. Many modules, such as <
code class="module"><
a href="/mod/mod_autoindex.html">mod_autoindex</
a></
code>,
0N/A will create subrequests for a given URI, and then never serve the
0N/A subrequest, but simply lists it for the user. Remember not to
0N/A put required teardown from the hooks above into this module,
0N/A but register pool cleanups against the request pool to free
0N/A resources as required.</
p>
0N/A<
div class="bottomlang">
0N/A</
div><
div id="footer">
