mod_reqtimeout.c revision 8973e168b1301132b47bc718d75013ee35f49c2c
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf/* Licensed to the Apache Software Foundation (ASF) under one or more
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf * contributor license agreements. See the NOTICE file distributed with
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf * this work for additional information regarding copyright ownership.
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf * The ASF licenses this file to You under the Apache License, Version 2.0
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf * (the "License"); you may not use this file except in compliance with
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf * the License. You may obtain a copy of the License at
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf * Unless required by applicable law or agreed to in writing, software
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf * distributed under the License is distributed on an "AS IS" BASIS,
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf * See the License for the specific language governing permissions and
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf * limitations under the License.
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsftypedef struct
3231873d0ba8064a1c90307d810a83ec01a88675jim int header_timeout; /* timeout for reading the req hdrs in secs */
3231873d0ba8064a1c90307d810a83ec01a88675jim int header_max_timeout; /* max timeout for req hdrs in secs */
3231873d0ba8064a1c90307d810a83ec01a88675jim int header_min_rate; /* min rate for reading req hdrs in bytes/s */
3231873d0ba8064a1c90307d810a83ec01a88675jim int body_timeout; /* timeout for reading the req body in secs */
3231873d0ba8064a1c90307d810a83ec01a88675jim int body_max_timeout; /* max timeout for req body in secs */
3231873d0ba8064a1c90307d810a83ec01a88675jim int body_min_rate; /* timeout for reading the req body in secs */
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf/* this struct is used both as conn_config and as filter context */
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsftypedef struct
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsfstatic const char *const reqtimeout_filter_name = "reqtimeout";
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsfstatic void extend_timeout(reqtimeout_con_cfg *ccfg, apr_bucket_brigade *bb)
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf if (apr_brigade_length(bb, 0, &len) != APR_SUCCESS || len <= 0)
a4a16f26af59370661ea5f890502cf32146e0947jim new_timeout_at = ccfg->timeout_at + len * ccfg->rate_factor;
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf if (ccfg->max_timeout_at > 0 && new_timeout_at > ccfg->max_timeout_at) {
8973e168b1301132b47bc718d75013ee35f49c2csfstatic apr_status_t check_time_left(reqtimeout_con_cfg *ccfg,
8973e168b1301132b47bc718d75013ee35f49c2csfstatic apr_status_t have_lf_or_eos(apr_bucket_brigade *bb)
8973e168b1301132b47bc718d75013ee35f49c2csf for ( ; b != APR_BRIGADE_SENTINEL(bb) ; b = APR_BUCKET_PREV(b) ) {
8973e168b1301132b47bc718d75013ee35f49c2csf const char *str;
8973e168b1301132b47bc718d75013ee35f49c2csf#define MIN(x,y) ((x) < (y) ? (x) : (y))
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf /* For this read, the normal keep-alive timeout must be used */
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf return ap_get_brigade(f->next, bb, mode, block, readbytes);
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf /* set new timeout */
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf ccfg->timeout_at = now + apr_time_from_sec(ccfg->new_timeout);
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf ccfg->max_timeout_at = now + apr_time_from_sec(ccfg->new_max_timeout);
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf /* no timeout set */
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf return ap_get_brigade(f->next, bb, mode, block, readbytes);
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf while (core_in && core_in->frec != ap_core_input_filter_handle)
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf "mod_reqtimeout: Can't get socket "
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf "handle from core_input_filter");
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf return ap_get_brigade(f->next, bb, mode, block, readbytes);
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf rv = ap_get_brigade(f->next, bb, mode, block, readbytes);
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf rv = apr_socket_timeout_get(ccfg->socket, &saved_sock_timeout);
8973e168b1301132b47bc718d75013ee35f49c2csf rv = apr_socket_timeout_set(ccfg->socket, MIN(time_left, saved_sock_timeout));
8973e168b1301132b47bc718d75013ee35f49c2csf * For a blocking AP_MODE_GETLINE read, apr_brigade_split_line()
8973e168b1301132b47bc718d75013ee35f49c2csf * would loop until a whole line has been read. As this would make it
8973e168b1301132b47bc718d75013ee35f49c2csf * impossible to enforce a total timeout, we only do non-blocking
8973e168b1301132b47bc718d75013ee35f49c2csf rv = ap_get_brigade(f->next, bb, AP_MODE_GETLINE, APR_NONBLOCK_READ, remaining);
8973e168b1301132b47bc718d75013ee35f49c2csf if (remaining <= 0) {
8973e168b1301132b47bc718d75013ee35f49c2csf /* Haven't got a whole line yet, save what we have ... */
8973e168b1301132b47bc718d75013ee35f49c2csf ccfg->tmpbb = apr_brigade_create(f->c->pool, f->c->bucket_alloc);
8973e168b1301132b47bc718d75013ee35f49c2csf /* ... and wait for more */
8973e168b1301132b47bc718d75013ee35f49c2csf } while (1);
8973e168b1301132b47bc718d75013ee35f49c2csf /* mode != AP_MODE_GETLINE */
8973e168b1301132b47bc718d75013ee35f49c2csf rv = ap_get_brigade(f->next, bb, mode, block, readbytes);
8973e168b1301132b47bc718d75013ee35f49c2csf apr_socket_timeout_set(ccfg->socket, saved_sock_timeout);
8973e168b1301132b47bc718d75013ee35f49c2csf * If we allow lingering close, the client may keep this
8973e168b1301132b47bc718d75013ee35f49c2csf * process/thread busy for another 30s (MAX_SECS_TO_LINGER).
8973e168b1301132b47bc718d75013ee35f49c2csf * Therefore we have to abort the connection. The downside is
8973e168b1301132b47bc718d75013ee35f49c2csf * that the client will most likely not receive the error
8973e168b1301132b47bc718d75013ee35f49c2csf * message.
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf cfg = ap_get_module_config(c->base_server->module_config,
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf if (cfg->header_timeout <= 0 && cfg->body_timeout <= 0) {
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf /* not configured for this vhost */
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf ap_set_module_config(c->conn_config, &reqtimeout_module, ccfg);
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf /* we are not handling the connection, we just do initialization */
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf ap_get_module_config(r->connection->conn_config, &reqtimeout_module);
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf /* not configured for this connection */
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf cfg = ap_get_module_config(r->connection->base_server->module_config,
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf ap_get_module_config(r->connection->conn_config, &reqtimeout_module);
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf /* not configured for this connection */
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf cfg = ap_get_module_config(r->connection->base_server->module_config,
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsfstatic void *reqtimeout_create_srv_config(apr_pool_t *p, server_rec *s)
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf reqtimeout_srv_cfg *cfg = apr_pcalloc(p, sizeof(reqtimeout_srv_cfg));
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf#define MERGE_INT(cfg, b, a, val) cfg->val = (a->val == -1) ? b->val : a->val;
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsfstatic void *reqtimeout_merge_srv_config(apr_pool_t *p, void *base_, void *add_)
a4a16f26af59370661ea5f890502cf32146e0947jim reqtimeout_srv_cfg *cfg = apr_pcalloc(p, sizeof(reqtimeout_srv_cfg));
a4a16f26af59370661ea5f890502cf32146e0947jim cfg->header_rate_factor = (cfg->header_min_rate == -1) ? base->header_rate_factor :
a4a16f26af59370661ea5f890502cf32146e0947jim cfg->body_rate_factor = (cfg->body_min_rate == -1) ? base->body_rate_factor :
53ead8d24845d1e32907c37d1fe58ecf79fb9e50sfstatic const char *parse_int(apr_pool_t *p, const char *arg, int *val) {
53ead8d24845d1e32907c37d1fe58ecf79fb9e50sf return apr_psprintf(p, "Value '%s' not numerical", endptr);
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf if (*val < 0) {
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf return "Value must be non-negative";
3231873d0ba8064a1c90307d810a83ec01a88675jimstatic const char *set_reqtimeout_param(reqtimeout_srv_cfg *conf,
3231873d0ba8064a1c90307d810a83ec01a88675jim const char *key,
3231873d0ba8064a1c90307d810a83ec01a88675jim const char *val)
53ead8d24845d1e32907c37d1fe58ecf79fb9e50sf return "Unknown RequestReadTimeout parameter";
53ead8d24845d1e32907c37d1fe58ecf79fb9e50sf return "Minimum data rate must be larger than 0";
53ead8d24845d1e32907c37d1fe58ecf79fb9e50sf return "Must set MinRate option if using timeout range";
53ead8d24845d1e32907c37d1fe58ecf79fb9e50sf return "Maximum timeout must be larger than initial timeout";
3231873d0ba8064a1c90307d810a83ec01a88675jimstatic const char *set_reqtimeouts(cmd_parms *cmd, void *mconfig,
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf const char *arg)
3231873d0ba8064a1c90307d810a83ec01a88675jim while (*arg) {
3231873d0ba8064a1c90307d810a83ec01a88675jim const char *err;
53ead8d24845d1e32907c37d1fe58ecf79fb9e50sf return "Invalid RequestReadTimeout parameter. Parameter must be "
3231873d0ba8064a1c90307d810a83ec01a88675jim "in the form 'key=value'";
53ead8d24845d1e32907c37d1fe58ecf79fb9e50sf return apr_psprintf(cmd->temp_pool, "RequestReadTimeout: %s=%s: %s",
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf * mod_ssl is AP_FTYPE_CONNECTION + 5 and mod_reqtimeout needs to
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf * be called before mod_ssl. Otherwise repeated reads during the ssl
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf * handshake can prevent the timeout from triggering.
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf ap_register_input_filter(reqtimeout_filter_name, reqtimeout_filter, NULL,
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf * mod_reqtimeout needs to be called before ap_process_http_request (which
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf * is run at APR_HOOK_REALLY_LAST) but after all other protocol modules.
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf * This ensures that it only influences normal http connections and not
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf * e.g. mod_ftp. Also, if mod_reqtimeout used the pre_connection hook, it
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf * would be inserted on mod_proxy's backend connections.
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf ap_hook_process_connection(reqtimeout_init, NULL, NULL, APR_HOOK_LAST);
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf ap_hook_post_read_request(reqtimeout_after_headers, NULL, NULL,
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf ap_hook_log_transaction(reqtimeout_after_body, NULL, NULL,
53ead8d24845d1e32907c37d1fe58ecf79fb9e50sf AP_INIT_RAW_ARGS("RequestReadTimeout", set_reqtimeouts, NULL, RSRC_CONF,
53ead8d24845d1e32907c37d1fe58ecf79fb9e50sf "Set various timeout parameters for reading request "
53ead8d24845d1e32907c37d1fe58ecf79fb9e50sf "headers and body"),
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf reqtimeout_create_srv_config, /* create per-server config structures */
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf reqtimeout_merge_srv_config, /* merge per-server config structures */