mod_proxy.c revision 3f4de7a5b5425a595380c867e08ac8bc8f97cec3
/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "mod_proxy.h"
#include "mod_core.h"
#include "apr_optional.h"
#include "scoreboard.h"
#include "mod_status.h"
#include "proxy_util.h"
#if (MODULE_MAGIC_NUMBER_MAJOR > 20020903)
#include "mod_ssl.h"
#else
APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
(apr_pool_t *, server_rec *,
conn_rec *, request_rec *, char *));
#endif
#ifndef MAX
#define MAX(x,y) ((x) >= (y) ? (x) : (y))
#endif
static const char * const proxy_id = "proxy";
/*
* A Web proxy module. Stages:
*
* translate_name: set filename to proxy:<URL>
* map_to_storage: run proxy_walk (rather than directory_walk/file_walk)
* can't trust directory_walk/file_walk since these are
* not in our filesystem. Prevents mod_http from serving
* the TRACE request we will set aside to handle later.
* fix_ups: convert the URL stored in the filename to the
* canonical form.
* handler: handle proxy requests
*/
/* -------------------------------------------------------------- */
/* Translate the URL into a 'filename' */
static const char *set_worker_param(apr_pool_t *p,
const char *key,
const char *val)
{
int ival;
/* Normalized load factor. Used with BalancerMamber,
* it is a number between 1 and 100.
*/
return "LoadFactor must be a number between 1..100";
}
/* If set it will give the retry timeout for the worker
* The default value is 60 seconds, meaning that if
* in error state, it will be retried after that timeout.
*/
if (ival < 0)
return "Retry must be a positive value";
}
/* Time in seconds that will destroy all the connections
* that exceed the smax
*/
if (ival < 1)
return "TTL must be at least one second";
}
/* Initial number of connections to remote
*/
if (ival < 0)
return "Min must be a positive number";
}
/* Maximum number of connections to remote
*/
if (ival < 0)
return "Max must be a positive number";
}
/* XXX: More inteligent naming needed */
/* Maximum number of connections to remote that
* will not be destroyed
*/
if (ival < 0)
return "Smax must be a positive number";
}
/* Acquire timeout in given unit (default is milliseconds).
* If set this will be the maximum time to
* wait for a free connection.
*/
return "Acquire timeout has wrong format";
if (timeout < 1000)
return "Acquire must be at least one millisecond";
}
/* Connection timeout in seconds.
* Defaults to server timeout.
*/
if (ival < 1)
return "Timeout must be at least one second";
}
if (s < 512 && s) {
return "IOBufferSize must be >= 512 bytes, or 0 for system default.";
}
}
return "ReceiveBufferSize must be >= 512 bytes, or 0 for system default.";
}
}
else
return "KeepAlive must be On|Off";
}
worker->s->disablereuse = 0;
else
return "DisableReuse must be On|Off";
}
/* Worker route.
*/
return apr_psprintf(p, "Route length must be < %d characters",
}
/* Worker redirection route.
*/
return apr_psprintf(p, "Redirect length must be < %d characters",
}
const char *v;
int mode = 1;
/* Worker status.
*/
for (v = val; *v; v++) {
if (*v == '+') {
mode = 1;
v++;
}
else if (*v == '-') {
mode = 0;
v++;
}
if (rv != APR_SUCCESS)
return "Unknown status parameter option";
}
}
else
return "flushpackets must be on|off|auto";
}
return "flushwait must be <= 1000, or 0 for system default of 10 millseconds.";
}
if (ival == 0)
else
}
*/
}
return "lbset must be between 0 and 99";
}
/* Request timeout in given unit (default is second).
* Defaults to connection timeout
*/
return "Connectiontimeout has wrong format";
if (timeout < 1000)
return "Connectiontimeout must be at least one millisecond.";
}
apr_psprintf(p, "flusher name length must be < %d characters",
}
else {
return "unknown Worker parameter";
}
return NULL;
}
apr_pool_t *p,
const char *key,
const char *val)
{
int ival;
char *path;
/* Balancer sticky session name.
* Set to something like JSESSIONID or
* PHPSESSIONID, etc..,
*/
apr_psprintf(p, "stickysession length must be < %d characters",
(int)sizeof(balancer->s->sticky_path));
*path++ = '\0';
}
}
* normally '.'
*/
balancer->s->sticky_separator = 0;
else
return "stickysessionsep must be a single character or Off";
}
else
}
/* If set to 'on' the session will break
* if the worker is in error state or
* disabled.
*/
balancer->s->sticky_force = 0;
else
return "failover must be On|Off";
}
/* Balancer timeout in seconds.
* If set this will be the maximum time to
* wait for a free worker.
* Default is not to wait.
*/
if (ival < 1)
return "timeout must be at least one second";
}
/* Maximum number of failover attempts before
* giving up.
*/
if (ival < 0)
return "maximum number of attempts must be a positive number";
}
return "unknown lbmethod";
if (provider) {
return NULL;
}
else {
return "lbmethod name too large";
}
}
return "unknown lbmethod";
}
/* If set to 'on' then ';' will also be
* mod_jk)
*/
else
return "scolonpathdelim must be On|Off";
}
char *val_split;
char *status;
char *tok_state;
if (ap_is_HTTP_VALID_RESPONSE(ival)) {
}
else {
return "failonstatus must be one or more HTTP response codes";
}
}
}
balancer->failontimeout = 0;
else
return "failontimeout must be On|Off";
}
}
else {
return "Provided nonce is too large";
}
}
}
return "growth must be between 1 and 100";
}
balancer->s->forcerecovery = 0;
else
return "forcerecovery must be On|Off";
}
else {
return "unknown Balancer parameter";
}
return NULL;
}
{
if (*aliasp == '/') {
/* any number of '/' in the alias matches any number in
* the supplied URI, but there must be at least one...
*/
if (*urip != '/')
return 0;
while (*aliasp == '/')
++aliasp;
while (*urip == '/')
++urip;
}
else {
/* Other characters are compared literally */
return 0;
}
}
/* fixup badly encoded stuff (e.g. % as last character) */
if (aliasp > end_fakename) {
}
}
/* We reach the end of the uri before the end of "alias_fakename"
* for example uri is "/" and alias_fakename "/examples"
*/
return 0;
}
/* Check last alias path component matched all the way */
return 0;
/* Return number of characters from URI which matched (may be
* greater than length of alias, since we may have matched
* doubled slashes)
*/
}
/* Detect if an absoluteURI should be proxied or not. Note that we
* have to do this during this phase because later phases are
* "short-circuiting"... i.e. translate_names will end when the first
* module returns OK. So for example, if the request is something like:
*
* GET http://othervhost/cgi-bin/printenv HTTP/1.0
*
* mod_alias will notice the /cgi-bin part and ScriptAlias it and
* short-circuit the proxy... just because of the ordering in the
* configuration file.
*/
static int proxy_detect(request_rec *r)
{
/* Ick... msvc (perhaps others) promotes ternary short results to int */
/* but it might be something vhosted */
if (!(r->parsed_uri.hostname
: ap_default_port(r))))) {
r->proxyreq = PROXYREQ_PROXY;
r->uri = r->unparsed_uri;
r->handler = "proxy-server";
}
}
/* We need special treatment for CONNECT proxying: it has no scheme part */
&& r->parsed_uri.hostname
&& r->parsed_uri.port_str) {
r->proxyreq = PROXYREQ_PROXY;
r->uri = r->unparsed_uri;
r->handler = "proxy-server";
}
return DECLINED;
}
{
/* Interpolate an env str in a configuration string
* Syntax ${var} --> value_of(var)
* Method: replace one var, and recurse on remainder of string
* Nothing clever here, and crap like nested vars may do silly things
* but we'll at least avoid sending the unwary into a loop
*/
const char *start;
const char *end;
const char *var;
const char *val;
const char *firstpart;
return str;
}
return str;
}
/* OK, this is syntax we want to interpolate. Is there such a var ? */
}
else {
}
}
{
int i;
sizeof (struct proxy_alias));
}
return ret;
}
{
int len;
const char *fake;
const char *real;
int mismatch = 0;
}
else {
}
return DECLINED;
}
/* test that we haven't reduced the URI */
AP_MAX_REG_MATCH, reg1, 0)) {
mismatch = 1;
}
if (!found) {
"Substitution in regular expression failed. "
"Replacement too long?");
return HTTP_INTERNAL_SERVER_ERROR;
}
/* Note: The strcmp() below catches cases where there
* was no regex substitution. This is so cases like:
*
* ProxyPassMatch \.gif balancer://foo
*
* will work "as expected". The upshot is that the 2
* directives below act the exact same way (ie: $1 is implied):
*
* ProxyPassMatch ^(/.*\.gif)$ balancer://foo
* ProxyPassMatch ^(/.*\.gif)$ balancer://foo$1
*
* which may be confusing.
*/
}
else {
}
}
}
else {
if (len != 0) {
return DECLINED;
}
mismatch = 1;
}
}
}
if (mismatch) {
/* We made a reducing transformation, so we can't safely use
* unparsed_uri. Safe fallback is to ignore nocanon.
*/
"Unescaped URL path matched ProxyPass; ignoring unsafe nocanon");
}
if (found) {
r->handler = "proxy-server";
r->proxyreq = PROXYREQ_REVERSE;
/* mod_proxy_http needs to be told. Different module. */
}
}
return OK;
}
return DONE;
}
static int proxy_trans(request_rec *r)
{
int i;
struct proxy_alias *ent;
if (r->proxyreq) {
/* someone has already set up the proxy, it was possibly ourselves
* in proxy_detect
*/
return OK;
}
return DECLINED;
}
/* XXX: since r->uri has been manipulated already we're not really
* compliant with RFC1945 at this point. But this probably isn't
*/
/* short way - this location is reverse proxied? */
return rv;
}
}
&proxy_module);
/* long way - walk the list of aliases, find a match */
return rv;
}
}
}
return DECLINED;
}
static int proxy_walk(request_rec *r)
{
&proxy_module);
/* XXX: shouldn't we use URI here? Canonicalize it first?
* Pass over "proxy:" prefix
*/
int j;
for (j = 0; j < num_sec; ++j)
{
int nmatch = 0;
int i;
entry_config = sec_proxy[j];
if (entry_proxy->r) {
if (!rxpool) {
}
}
continue;
}
for (i = 0; i < nmatch; i++) {
apr_pstrndup(r->pool,
}
}
}
else if (
/* XXX: What about case insensitive matching ???
* Compare regex, fnmatch or string as appropriate
* If the entry doesn't relate, then continue
*/
proxyname, 0) :
strlen(entry_proxy->p))) {
continue;
}
}
if (rxpool) {
}
return OK;
}
static int proxy_map_location(request_rec *r)
{
int access_status;
return DECLINED;
/* Don't let the core or mod_http map_to_storage hooks handle this,
*/
if ((access_status = proxy_walk(r))) {
ap_die(access_status, r);
return access_status;
}
return OK;
}
/* -------------------------------------------------------------- */
/* Fixup the filename */
/*
* Canonicalise the URL
*/
static int proxy_fixup(request_rec *r)
{
char *url, *p;
int access_status;
&proxy_module);
return DECLINED;
/* XXX: Shouldn't we try this before we run the proxy_walk? */
/* create per-request copy of reverse proxy conf,
* and interpolate vars in it
*/
}
/* canonicalise each specific scheme */
return access_status;
}
return HTTP_BAD_REQUEST;
return OK; /* otherwise; we've done the best we can */
}
/* Send a redirection if the request contains a hostname which is not */
/* fully qualified, i.e. doesn't have a domain name appended. Some proxy */
/* servers like Netscape's allow this and access hosts from the local */
/* domain in this case. I think it is better to redirect to a FQDN, since */
/* these will later be found in the bookmarks files. */
/* The "ProxyDomain" directive determines what domain will be appended */
{
char *nuri;
const char *ref;
/* We only want to worry about GETs */
return DECLINED;
/* If host does contain a dot already, or it is "localhost", decline */
return DECLINED; /* host name has a dot already */
/* Reassemble the request, but insert the domain after the host name */
/* Note that the domain name always starts with a dot */
&r->parsed_uri,
"Domain missing: %s sent to %s%s%s", r->uri,
return HTTP_MOVED_PERMANENTLY;
}
/* -------------------------------------------------------------- */
/* Invoke handler */
static int proxy_handler(request_rec *r)
{
const char *p2;
int i, rc, access_status;
int direct_connect = 0;
const char *str;
int attempts = 0, max_attempts = 0;
/* is this for us? */
if (!r->filename) {
return DECLINED;
}
if (!r->proxyreq) {
/* We may have forced the proxy handler via config or .htaccess */
if (r->handler &&
r->proxyreq = PROXYREQ_REVERSE;
}
else {
return DECLINED;
}
return DECLINED;
}
/* handle max-forwards / OPTIONS / TRACE */
char *end;
return ap_proxyerror(r, HTTP_BAD_REQUEST,
apr_psprintf(r->pool,
"Max-Forwards value '%s' could not be parsed", str));
}
else if (maxfwd == 0) {
switch (r->method_number) {
case M_TRACE: {
int access_status;
r->proxyreq = PROXYREQ_NONE;
if ((access_status = ap_send_http_trace(r)))
ap_die(access_status, r);
else
return OK;
}
case M_OPTIONS: {
int access_status;
r->proxyreq = PROXYREQ_NONE;
if ((access_status = ap_send_http_options(r)))
ap_die(access_status, r);
else
return OK;
}
default: {
return ap_proxyerror(r, HTTP_BAD_REQUEST,
"Max-Forwards has reached zero - proxy loop?");
}
}
}
}
else {
/* set configured max-forwards */
}
if (maxfwd >= 0) {
}
if (r->method_number == M_TRACE) {
{
/* Allow "error-notes" string to be printed by ap_send_error_response()
* Note; this goes nowhere, canned error response need an overhaul.
*/
"TRACE forbidden by server configuration");
"TRACE forbidden by server configuration");
return HTTP_METHOD_NOT_ALLOWED;
}
/* Can't test ap_should_client_block, we aren't ready to send
* the client a 100 Continue response till the connection has
* been established
*/
{
/* Allow "error-notes" string to be printed by ap_send_error_response()
* Note; this goes nowhere, canned error response need an overhaul.
*/
"TRACE with request body is not allowed");
"TRACE with request body is not allowed");
return HTTP_REQUEST_ENTITY_TOO_LARGE;
}
}
if (p == NULL) {
"proxy_handler no URL in %s", r->filename);
return HTTP_BAD_REQUEST;
}
/* If the host doesn't have a domain name, add one and redirect. */
if (ap_is_HTTP_REDIRECT(rc))
return HTTP_MOVED_PERMANENTLY;
}
/* Check URI's destination host against NoProxy hosts */
/* Bypass ProxyRemote server lookup if configured as NoProxy */
!direct_connect; i++) {
}
#if DEBUGGING
r->uri);
#endif
do {
/* Try to obtain the most suitable worker */
if (access_status != OK) {
/*
* Only return if access_status is not HTTP_SERVICE_UNAVAILABLE
* This gives other modules the chance to hook into the
* request_status hook and decide what to do in this situation.
*/
return access_status;
/*
* Ensure that balancer is NULL if worker is NULL to prevent
* potential problems in the post_request hook.
*/
if (!worker)
goto cleanup;
}
/* Initialise worker if needed, note the shared area must be initialized by the balancer logic */
if (balancer) {
}
/* firstly, try a proxy, unless a NoProxy directive is active */
if (!direct_connect) {
/* handle the scheme */
"Trying to run scheme_handler against proxy");
/* Did the scheme handler process the request? */
if (access_status != DECLINED) {
const char *cl_a;
char *end;
/*
* An fatal error or success, so no point in
* retrying with a direct connection.
*/
if (access_status != HTTP_BAD_GATEWAY) {
goto cleanup;
}
if (cl_a) {
/*
* The request body is of length > 0. We cannot
* retry with a direct connection since we already
* sent (parts of) the request body to the proxy
* and do not have any longer.
*/
if (cl > 0) {
goto cleanup;
}
}
/*
* Transfer-Encoding was set as input header, so we had
* a request body. We cannot retry with a direct
* connection for the same reason as above.
*/
goto cleanup;
}
}
}
}
}
/* otherwise, try it direct */
/* N.B. what if we're behind a firewall, where we must use a proxy or
* give up??
*/
/* handle the scheme */
"Running scheme %s handler (attempt %d)",
if (access_status == OK)
break;
else if (access_status == HTTP_INTERNAL_SERVER_ERROR) {
/* Unrecoverable server error.
* We can not failover to another worker.
* Mark the worker as unusable if member of load balancer
*/
if (balancer) {
}
break;
}
else if (access_status == HTTP_SERVICE_UNAVAILABLE) {
/* Recoverable server error.
* We can failover to another worker
* Mark the worker as unusable if member of load balancer
*/
if (balancer) {
}
}
else {
/* Unrecoverable error.
* Return the origin status code to the client.
*/
break;
}
/* Try again if the worker is unusable and the service is
* unavailable.
*/
} while (!PROXY_WORKER_IS_USABLE(worker) &&
max_attempts > attempts++);
if (DECLINED == access_status) {
"No protocol handler was valid for the URL %s. "
"If you are using a DSO version of mod_proxy, make sure "
"the proxy submodules are included in the configuration "
"using LoadModule.", r->uri);
goto cleanup;
}
return access_status;
}
/* -------------------------------------------------------------- */
/* Setup configurable data */
{
ps->max_balancers = 0;
ps->bal_persist = 0;
ps->inherit_set = 0;
ps->ppinherit_set = 0;
ps->bgrowth_set = 0;
ps->recv_buffer_size_set = 0;
ps->io_buffer_size_set = 0;
ps->maxfwd_set = 0;
ps->timeout_set = 0;
ps->badopt_set = 0;
ps->source_address_set = 0;
return ps;
}
{
}
else {
}
}
else {
}
ps->recv_buffer_size = (overrides->recv_buffer_size_set == 0) ? base->recv_buffer_size : overrides->recv_buffer_size;
ps->io_buffer_size = (overrides->io_buffer_size_set == 0) ? base->io_buffer_size : overrides->io_buffer_size;
ps->proxy_status = (overrides->proxy_status_set == 0) ? base->proxy_status : overrides->proxy_status;
ps->source_address = (overrides->source_address_set == 0) ? base->source_address : overrides->source_address;
return ps;
}
const char *arg)
{
struct apr_sockaddr_t *addr;
}
else {
return "ProxySourceAddress invalid value";
}
return NULL;
}
{
/* Filled in by proxysection, when applicable */
/* Put these in the dir config so they work inside <Location> */
new->preserve_host_set = 0;
new->preserve_host = 0;
new->error_override = 0;
new->error_override_set = 0;
return (void *) new;
}
{
/* Put these in the dir config so they work inside <Location> */
: add->interpolate_env;
: add->preserve_host;
: add->error_override;
return new;
}
static const char *
{
struct proxy_remote *new;
char *p, *q;
char *r, *f, *scheme;
int port;
p = strchr(r, ':');
if (regex)
return "ProxyRemoteMatch: Bad syntax for a remote proxy server";
else
return "ProxyRemote: Bad syntax for a remote proxy server";
}
else {
scheme[p-r] = 0;
}
if (q != NULL) {
if (regex)
return "ProxyRemoteMatch: Bad syntax for a remote proxy server (bad port number)";
else
return "ProxyRemote: Bad syntax for a remote proxy server (bad port number)";
}
*q = '\0';
}
else
port = -1;
*p = '\0';
if (regex) {
if (!reg)
return "Regular expression for ProxyRemoteMatch could not be compiled.";
}
else
ap_str_tolower(f); /* lowercase scheme */
if (port == -1) {
}
return NULL;
}
static const char *
{
}
static const char *
{
}
{
char *ptr;
/*
* We could be passed a URL during the config stage that contains
* the UDS path... ignore it
*/
/* move past the 'unix:...|' UDS path info */
char *ret, *c;
/* special case: "unix:....|scheme:" is OK, expand
* to "unix:....|scheme://localhost"
* */
if (c == NULL) {
return NULL;
}
if (c[1] == '\0') {
}
else {
return ret;
}
}
return url;
}
static const char *
{
struct proxy_alias *new;
char *r = NULL;
char *word;
const apr_array_header_t *arr;
const apr_table_entry_t *elts;
int i;
unsigned int flags = 0;
const char *err;
if (err) {
return err;
}
while (*arg) {
if (!f) {
if (is_regex) {
return "ProxyPassMatch invalid syntax ('~' usage).";
}
use_regex = 1;
continue;
}
f = word;
}
else if (!r) {
r = word;
}
}
}
}
else {
if (!val) {
if (*r == '/') {
return "ProxyPass|ProxyPassMatch can not have a path when defined in "
"a location.";
}
else {
return "Invalid ProxyPass|ProxyPassMatch parameter. Parameter must "
"be in the form 'key=value'.";
}
}
else {
return "Invalid ProxyPass|ProxyPassMatch parameter. Parameter must be "
"in the form 'key=value'.";
}
}
else
*val++ = '\0';
}
};
if (r == NULL) {
return "ProxyPass|ProxyPassMatch needs a path when not defined in a location";
}
/* if per directory, save away the single alias */
if (apr_fnmatch_test(f)) {
use_regex = 1;
}
}
/* if per server, add to the alias array */
else {
}
if (use_regex) {
return "Regular expression could not be compiled.";
}
else {
}
if (r[0] == '!' && r[1] == '\0')
return NULL;
/* Distinguish the balancer from worker */
if (ap_proxy_valid_balancer_name(r, 9)) {
char *fake_copy;
/*
* In the regex case supplying a fake URL doesn't make sense as it
* cannot be parsed anyway with apr_uri_parse later on in
* ap_proxy_define_balancer / ap_proxy_update_balancer
*/
if (use_regex) {
}
else {
fake_copy = f;
}
if (!balancer) {
if (err)
}
else {
}
if (err)
}
}
else {
int reuse = 0;
if (!worker) {
if (err)
} else {
reuse = 1;
"Sharing worker '%s' instead of creating new worker '%s'",
}
if (reuse) {
"Ignoring parameter '%s=%s' for worker '%s' because of worker sharing",
} else {
if (err)
}
}
}
return NULL;
}
static const char *
{
}
static const char *
{
}
const char *r, const char *i)
{
struct proxy_alias *new;
const char *fake;
const char *real;
const char *interp;
const char *err;
if (err) {
return err;
}
return "ProxyPassReverse needs a path when not defined in a location";
}
fake = f;
real = r;
interp = i;
}
else {
if (r && strcasecmp(r, "interpolate")) {
return "ProxyPassReverse can not have a path when defined in a location";
}
real = f;
interp = r;
}
return NULL;
}
const char *r, const char *interp)
{
struct proxy_alias *new;
return NULL;
}
const char *r, const char *interp)
{
struct proxy_alias *new;
return NULL;
}
static const char *
{
struct noproxy_entry *new;
struct apr_sockaddr_t *addr;
int found = 0;
int i;
/* Don't duplicate entries */
found = 1;
break;
}
}
if (!found) {
}
else {
}
}
return NULL;
}
/* Similar to set_proxy_exclude(), but defining directly connected hosts,
* which should never be accessed via the configured ProxyRemote servers
*/
static const char *
{
struct dirconn_entry *New;
int found = 0;
int i;
/* Don't duplicate entries */
found = 1;
break;
}
}
if (!found) {
#if DEBUGGING
#endif
}
#if DEBUGGING
#endif
}
#if DEBUGGING
#endif
}
else {
#if DEBUGGING
#endif
}
}
return NULL;
}
static const char *
{
if (arg[0] != '.')
return "ProxyDomain: domain name must start with a dot.";
return NULL;
}
static const char *
{
return NULL;
}
static const char *
{
return NULL;
}
static const char *
{
return NULL;
}
static const char *
{
return NULL;
}
static const char *
{
if (s < 512 && s != 0) {
return "ProxyReceiveBufferSize must be >= 512 bytes, or 0 for system default.";
}
psf->recv_buffer_size = s;
return NULL;
}
static const char *
{
if (s < 512 && s) {
return "ProxyIOBufferSize must be >= 512 bytes, or 0 for system default.";
}
return NULL;
}
static const char *
{
return NULL;
}
static const char*
{
int timeout;
if (timeout<1) {
return "Proxy Timeout must be at least 1 second.";
}
return NULL;
}
static const char*
{
else {
return "ProxyVia must be one of: "
"off | on | full | block";
}
return NULL;
}
static const char*
{
else {
return "ProxyBadHeader must be one of: "
"IsError | Ignore | StartBody";
}
return NULL;
}
static const char*
{
else {
return "ProxyStatus must be one of: "
"off | on | full";
}
return NULL;
}
{
return "BalancerGrowth must be between 0 and 1000";
}
return NULL;
}
{
return NULL;
}
{
return NULL;
}
{
return NULL;
}
{
char *word;
const apr_array_header_t *arr;
const apr_table_entry_t *elts;
int reuse = 0;
int i;
/* XXX: Should this be NOT_IN_DIRECTORY|NOT_IN_FILES? */
if (err)
return err;
while (*arg) {
char *val;
if (!val) {
if (!path)
else if (!name)
else {
return "BalancerMember can not have a balancer name when defined in a location";
else
return "Invalid BalancerMember parameter. Parameter must "
"be in the form 'key=value'";
}
} else {
*val++ = '\0';
}
}
if (!path)
return "BalancerMember must define balancer name when outside <Proxy > section";
if (!name)
return "BalancerMember must define remote proxy server";
/* Try to find the balancer */
if (!balancer) {
if (err)
}
/* Try to find existing worker */
if (!worker) {
"Defining worker '%s' for balancer '%s'",
"Defined worker '%s' for balancer '%s'",
} else {
reuse = 1;
"Sharing worker '%s' instead of creating new worker '%s'",
}
if (reuse) {
"Ignoring parameter '%s=%s' for worker '%s' because of worker sharing",
} else {
if (err)
}
}
return NULL;
}
static const char *
{
int in_proxy_section = 0;
/* XXX: Should this be NOT_IN_DIRECTORY|NOT_IN_FILES? */
if (err)
return err;
"<Proxy", 6) == 0) {
/* Directive inside <Proxy section
*/
*word = '\0';
in_proxy_section = 1;
}
else {
* name as first param.
*/
}
if (!balancer) {
if (in_proxy_section) {
if (err)
}
else
}
}
else {
if (!worker) {
if (in_proxy_section) {
if (err)
}
else
}
}
while (*arg) {
if (!val) {
return "Invalid ProxySet parameter. Parameter must be "
"in the form 'key=value'";
}
else
*val++ = '\0';
if (worker)
else
if (err)
}
return NULL;
}
{
&proxy_module);
*new_space = dir_config;
}
{
const char *errmsg;
ap_regex_t *r = NULL;
return err;
}
"> directive missing closing '>'", NULL);
}
if (!arg) {
return "<ProxyMatch > block must specify a path";
else
return "<Proxy > block must specify a path";
}
/* XXX Ignore case? What if we proxy a case-insensitive server?!?
* While we are at it, shouldn't we also canonicalize the entire
* scheme? See proxy_fixup()
*/
if (!r) {
return "Regex could not be compiled";
}
}
/* initialize our config and fetch it */
return errmsg;
conf->r = r;
if (r) {
}
if (*arg != '\0') {
return "Multiple <ProxyMatch> arguments not (yet) supported.";
if (conf->p_is_fnmatch)
"> arguments are not supported for wildchar url.",
NULL);
"> arguments are not supported for non url.",
NULL);
if (!balancer) {
if (err)
}
}
else {
if (!worker) {
if (err)
}
}
"> arguments are supported only for workers.",
NULL);
}
while (*arg) {
if (!val) {
return "Invalid Proxy parameter. Parameter must be "
"in the form 'key=value'";
}
else
*val++ = '\0';
if (worker)
else
if (err)
}
}
return NULL;
}
static const command_rec proxy_cmds[] =
{
"Container for directives affecting resources located in the proxied "
"location"),
"Container for directives affecting resources located in the proxied "
"location, in regular expression syntax"),
"on if the true proxy requests should be accepted"),
"a scheme, partial URL or '*' and a proxy server"),
"a regex pattern and a proxy server"),
"a virtual path and a URL"),
"a virtual path and a URL"),
"a virtual path and a URL for reverse proxy behaviour"),
"A list of names, hosts or domains to which the proxy will not connect"),
"Receive buffer size for outgoing HTTP and FTP connections in bytes"),
"IO buffer size for outgoing HTTP and FTP connections in bytes"),
"The maximum number of proxies a request may be forwarded through."),
"A list of domains, hosts, or subnets to which the proxy will connect directly"),
"The default intranet domain name (in absence of a domain in the URL)"),
"Configure Via: proxy header header to one of: on | off | block | full"),
"use our error handling pages instead of the servers' we are proxying"),
"on if we should preserve host header while proxying"),
"Set the timeout (in seconds) for a proxied connection. "
"This overrides the server timeout"),
"How to handle bad header line in response: IsError | Ignore | StartBody"),
"A balancer name and scheme with list of params"),
"Number of additional Balancers that can be added post-config"),
"on if this server should inherit Balancers and Workers defined in the main server "
"(Setting to off recommended if using the Balancer Manager)"),
"on if this server should inherit all ProxyPass directives defined in the main server "
"(Setting to off recommended if using the Balancer Manager)"),
"Configure Status: proxy status to one of: on | off | full"),
"A balancer or worker name with list of params"),
"Configure local source IP used for request forward"),
"on if X-Forwarded-* headers should be added or completed"),
{NULL}
};
{
/*
* if c == NULL just check if the optional function was imported
* else run the optional function so ssl filters are inserted
*/
if (proxy_ssl_enable) {
return c ? proxy_ssl_enable(c) : 1;
}
return 0;
}
{
if (proxy_ssl_disable) {
return proxy_ssl_disable(c);
}
return 0;
}
{
if (proxy_is_https) {
return proxy_is_https(c);
}
else
return 0;
}
conn_rec *c, request_rec *r,
const char *var)
{
if (proxy_ssl_val) {
/* XXX Perhaps the casting useless */
return (const char *)proxy_ssl_val(p, s, c, r, (char *)var);
}
else
return NULL;
}
{
if (rv != APR_SUCCESS) {
"failed to create %s mutex", proxy_id);
return rv;
}
return OK;
}
/*
* proxy Extension to mod_status
*/
{
int i, n;
return OK;
ap_rputs("<hr />\n<h1>Proxy LoadBalancer Status for ", r);
ap_rputs("\n\n<table border=\"0\"><tr>"
"<th>SSes</th><th>Timeout</th><th>Method</th>"
"</tr>\n<tr>", r);
}
else {
}
}
else {
ap_rputs("<td> - ", r);
}
ap_rprintf(r, "<td>%s</td>\n",
ap_rputs("</table>\n", r);
ap_rputs("\n\n<table border=\"0\"><tr>"
"<th>Sch</th><th>Host</th><th>Stat</th>"
"<th>Route</th><th>Redir</th>"
"<th>F</th><th>Set</th><th>Acc</th><th>Wr</th><th>Rd</th>"
"</tr>\n", r);
char fbuf[50];
ap_rputs("</td><td>", r);
ap_rputs("</td>\n", r);
/* TODO: Add the rest of dynamic worker data */
ap_rputs("</tr>\n", r);
++worker;
}
ap_rputs("</table>\n", r);
++balancer;
}
ap_rputs("<hr /><table>\n"
"<tr><th>SSes</th><td>Sticky session name</td></tr>\n"
"<tr><th>Timeout</th><td>Balancer Timeout</td></tr>\n"
"<tr><th>Sch</th><td>Connection scheme</td></tr>\n"
"<tr><th>Host</th><td>Backend Hostname</td></tr>\n"
"<tr><th>Stat</th><td>Worker status</td></tr>\n"
"<tr><th>Route</th><td>Session Route</td></tr>\n"
"<tr><th>Redir</th><td>Session Route Redirection</td></tr>\n"
"<tr><th>F</th><td>Load Balancer Factor</td></tr>\n"
"<tr><th>Acc</th><td>Number of uses</td></tr>\n"
"<tr><th>Wr</th><td>Number of bytes transferred</td></tr>\n"
"<tr><th>Rd</th><td>Number of bytes read</td></tr>\n"
"</table>", r);
return OK;
}
{
p);
if (rv != APR_SUCCESS) {
"could not init proxy_mutex in child");
}
/* TODO */
while (s) {
void *sconf = s->module_config;
int i;
/*
* NOTE: non-balancer members don't use shm at all...
* after all, why should they?
*/
}
/* Create and initialize forward worker if defined */
/* Do not disable worker in case of errors */
/* Mark as the "generic" worker */
/* Disable address cache for generic forward worker */
}
if (!reverse) {
/* Do not disable worker in case of errors */
/* Mark as the "generic" worker */
/* Disable address cache for generic reverse worker */
reverse->s->is_address_reusable = 0;
}
s = s->next;
}
}
/*
* This routine is called before the server processes the configuration
* files.
*/
{
APR_LOCK_DEFAULT, 0);
if (rv != APR_SUCCESS) {
"failed to register %s mutex", proxy_id);
return 500; /* An HTTP status would be a misnomer! */
}
/* Reset workers count on gracefull restart */
proxy_lb_workers = 0;
return OK;
}
static void register_hooks(apr_pool_t *p)
{
/* fixup before mod_rewrite, so that the proxied url will not
* escaped accidentally by our fixup.
*/
/* Only the mpm_winnt has child init hook handler.
* make sure that we are called after the mpm
* initializes.
*/
/* handler */
/* filename-to-URI translation */
/* walk <Proxy > entries and suppress default TRACE behavior */
/* fixups */
/* post read_request handling */
/* pre config handling */
/* post config handling */
/* child init handling */
/* register optional functions within proxy_util.c */
}
{
create_proxy_dir_config, /* create per-directory config structure */
merge_proxy_dir_config, /* merge per-directory config structures */
create_proxy_config, /* create per-server config structure */
merge_proxy_config, /* merge per-server config structures */
proxy_cmds, /* command table */
};
)
(request_rec *r, char *url),(r,
request_rec *r,
request_rec *r,
(request_rec *r), (r),
(int *status, request_rec *r),
(status, r),