mod_proxy.c revision 433dc2d5dae74ed067db6175010ff973d02511e9
#define FIX_15207
/* Copyright 1999-2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#define CORE_PRIVATE
#include "mod_proxy.h"
#include "mod_core.h"
#include "apr_optional.h"
#include "mod_status.h"
#if (MODULE_MAGIC_NUMBER_MAJOR > 20020903)
#include "mod_ssl.h"
#else
#endif
#ifndef MAX
#define MAX(x,y) ((x) >= (y) ? (x) : (y))
#endif
/*
* A Web proxy module. Stages:
*
* translate_name: set filename to proxy:<URL>
* map_to_storage: run proxy_walk (rather than directory_walk/file_walk)
* can't trust directory_walk/file_walk since these are
* not in our filesystem. Prevents mod_http from serving
* the TRACE request we will set aside to handle later.
* type_checker: set type to PROXY_MAGIC_TYPE if filename begins proxy:
* fix_ups: convert the URL stored in the filename to the
* canonical form.
* handler: handle proxy requests
*/
/* -------------------------------------------------------------- */
/* Translate the URL into a 'filename' */
#ifdef FIX_15207
/* XXX: EBCDIC safe? --nd */
? (x - '0') \
: (((x >= 'a') && (x <= 'f')) \
? (10 + x - 'a') \
: ((x >= 'A') && (x <='F')) \
? (10 + x - 'A') \
: 0 \
) \
)
static unsigned char hex2c(const char* p) {
const char c1 = p[1];
return ret;
}
#endif
#define PROXY_COPY_CONF_PARAMS(w, c) \
do { \
(w)->timeout_set = (c)->timeout_set; \
(w)->recv_buffer_size = (c)->recv_buffer_size; \
(w)->recv_buffer_size_set = (c)->recv_buffer_size_set; \
(w)->io_buffer_size = (c)->io_buffer_size; \
(w)->io_buffer_size_set = (c)->io_buffer_size_set; \
} while (0)
static const char *set_worker_param(apr_pool_t *p,
const char *key,
const char *val)
{
int ival;
return "LoadFactor must be number between 1..100";
}
if (ival < 1)
return "Retry must be at least one second";
}
if (ival < 1)
return "TTL must be at least one second";
}
if (ival < 0)
return "Min must be a positive number";
}
if (ival < 0)
return "Max must be a positive number";
}
/* XXX: More inteligent naming needed */
if (ival < 0)
return "Smax must be a positive number";
}
if (ival < 1)
return "Acquire must be at least one mili second";
}
if (ival < 1)
return "Timeout must be at least one second";
}
}
return "ReceiveBufferSize must be >= 512 bytes, or 0 for system default.";
}
}
else
return "KeepAlive must be On|Off";
}
}
}
else {
return "unknown parameter";
}
return NULL;
}
static const char *set_balancer_param(apr_pool_t *p,
const char *key,
const char *val)
{
int ival;
}
balancer->sticky_force = 0;
else
return "failover must be On|Off";
}
if (ival < 1)
return "timeout must be at least one second";
}
else {
return "unknown parameter";
}
return NULL;
}
{
if (*aliasp == '/') {
/* any number of '/' in the alias matches any number in
* the supplied URI, but there must be at least one...
*/
if (*urip != '/')
return 0;
while (*aliasp == '/')
++aliasp;
while (*urip == '/')
++urip;
}
else {
#ifndef FIX_15207
/* Other characters are compared literally */
return 0;
#else
/* Other characters are canonicalised and compared literally */
if (*urip == '%') {
urip += 3;
} else {
}
if (*aliasp == '%') {
aliasp += 3;
} else {
}
return 0;
}
#endif
}
}
/* fixup badly encoded stuff (e.g. % as last character) */
if (aliasp > end_fakename) {
}
}
/* We reach the end of the uri before the end of "alias_fakename"
* for example uri is "/" and alias_fakename "/examples"
*/
return 0;
}
/* Check last alias path component matched all the way */
return 0;
/* Return number of characters from URI which matched (may be
* greater than length of alias, since we may have matched
* doubled slashes)
*/
}
/* Detect if an absoluteURI should be proxied or not. Note that we
* have to do this during this phase because later phases are
* "short-circuiting"... i.e. translate_names will end when the first
* module returns OK. So for example, if the request is something like:
*
* GET http://othervhost/cgi-bin/printenv HTTP/1.0
*
* mod_alias will notice the /cgi-bin part and ScriptAlias it and
* short-circuit the proxy... just because of the ordering in the
* configuration file.
*/
static int proxy_detect(request_rec *r)
{
#ifdef FIX_15207
int i, len;
#endif
/* Ick... msvc (perhaps others) promotes ternary short results to int */
/* but it might be something vhosted */
if (!(r->parsed_uri.hostname
: ap_default_port(r))))) {
r->proxyreq = PROXYREQ_PROXY;
r->uri = r->unparsed_uri;
r->handler = "proxy-server";
}
}
/* We need special treatment for CONNECT proxying: it has no scheme part */
&& r->parsed_uri.hostname
&& r->parsed_uri.port_str) {
r->proxyreq = PROXYREQ_PROXY;
r->uri = r->unparsed_uri;
r->handler = "proxy-server";
#ifdef FIX_15207
} else {
/* test for a ProxyPass */
if (len > 0) {
r->handler = "proxy-server";
r->proxyreq = PROXYREQ_REVERSE;
r->uri = r->unparsed_uri;
break;
}
}
#endif
}
return DECLINED;
}
static int proxy_trans(request_rec *r)
{
#ifndef FIX_15207
int i, len;
#endif
if (r->proxyreq) {
/* someone has already set up the proxy, it was possibly ourselves
* in proxy_detect
*/
return OK;
}
#ifndef FIX_15207
/* XXX: since r->uri has been manipulated already we're not really
* compliant with RFC1945 at this point. But this probably isn't
*/
if (len > 0) {
return DECLINED;
}
r->handler = "proxy-server";
r->proxyreq = PROXYREQ_REVERSE;
return OK;
}
}
#endif
return DECLINED;
}
static int proxy_walk(request_rec *r)
{
&proxy_module);
/* XXX: shouldn't we use URI here? Canonicalize it first?
* Pass over "proxy:" prefix
*/
int j;
for (j = 0; j < num_sec; ++j)
{
entry_config = sec_proxy[j];
/* XXX: What about case insensitive matching ???
* Compare regex, fnmatch or string as appropriate
* If the entry doesn't relate, then continue
*/
if (entry_proxy->r
strlen(entry_proxy->p)))) {
continue;
}
}
return OK;
}
static int proxy_map_location(request_rec *r)
{
int access_status;
return DECLINED;
/* Don't let the core or mod_http map_to_storage hooks handle this,
*/
if ((access_status = proxy_walk(r))) {
ap_die(access_status, r);
return access_status;
}
return OK;
}
#ifndef FIX_15207
/* -------------------------------------------------------------- */
/* Fixup the filename */
/*
* Canonicalise the URL
*/
static int proxy_fixup(request_rec *r)
{
char *url, *p;
int access_status;
return DECLINED;
#ifdef FIX_15207
/* We definitely shouldn't canonicalize a proxy_pass.
* But should we really canonicalize a STD_PROXY??? -- Fahree
*/
if (r->proxyreq == PROXYREQ_REVERSE) {
return OK;
}
#endif
/* XXX: Shouldn't we try this before we run the proxy_walk? */
/* canonicalise each specific scheme */
return access_status;
}
return HTTP_BAD_REQUEST;
return OK; /* otherwise; we've done the best we can */
}
#endif
/* Send a redirection if the request contains a hostname which is not */
/* fully qualified, i.e. doesn't have a domain name appended. Some proxy */
/* servers like Netscape's allow this and access hosts from the local */
/* domain in this case. I think it is better to redirect to a FQDN, since */
/* these will later be found in the bookmarks files. */
/* The "ProxyDomain" directive determines what domain will be appended */
{
char *nuri;
const char *ref;
/* We only want to worry about GETs */
return DECLINED;
/* If host does contain a dot already, or it is "localhost", decline */
return DECLINED; /* host name has a dot already */
/* Reassemble the request, but insert the domain after the host name */
/* Note that the domain name always starts with a dot */
&r->parsed_uri,
"Domain missing: %s sent to %s%s%s", r->uri,
return HTTP_MOVED_PERMANENTLY;
}
/* -------------------------------------------------------------- */
/* Invoke handler */
static int proxy_handler(request_rec *r)
{
const char *p2;
int i, rc, access_status;
int direct_connect = 0;
const char *str;
long maxfwd;
/* is this for us? */
return DECLINED;
/* handle max-forwards / OPTIONS / TRACE */
if (maxfwd < 1) {
switch (r->method_number) {
case M_TRACE: {
int access_status;
r->proxyreq = PROXYREQ_NONE;
if ((access_status = ap_send_http_trace(r)))
ap_die(access_status, r);
else
return OK;
}
case M_OPTIONS: {
int access_status;
r->proxyreq = PROXYREQ_NONE;
if ((access_status = ap_send_http_options(r)))
ap_die(access_status, r);
else
return OK;
}
default: {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Max-Forwards has reached zero - proxy loop?");
}
}
}
}
else {
/* set configured max-forwards */
}
if (p == NULL) {
"proxy_handler no URL in %s", r->filename);
return HTTP_BAD_REQUEST;
}
/* If the host doesn't have a domain name, add one and redirect. */
if (ap_is_HTTP_REDIRECT(rc))
return HTTP_MOVED_PERMANENTLY;
}
*p = '\0';
*p = ':';
/* Check URI's destination host against NoProxy hosts */
/* Bypass ProxyRemote server lookup if configured as NoProxy */
/* we only know how to handle communication to a proxy via http */
/*if (strcasecmp(scheme, "http") == 0) */
{
int ii;
}
#if DEBUGGING
r->uri);
#endif
}
/* Try to obtain the most suitable worker */
if (access_status != OK)
return access_status;
/* firstly, try a proxy, unless a NoProxy directive is active */
if (!direct_connect) {
/* handle the scheme */
"Trying to run scheme_handler against proxy");
/* an error or success */
goto cleanup;
}
/* we failed to talk to the upstream proxy */
}
}
}
/* otherwise, try it direct */
/* N.B. what if we're behind a firewall, where we must use a proxy or
* give up??
*/
/* handle the scheme */
"Trying to run scheme_handler");
if (DECLINED == access_status) {
"proxy: No protocol handler was valid for the URL %s. "
"If you are using a DSO version of mod_proxy, make sure "
"the proxy submodules are included in the configuration "
"using LoadModule.", r->uri);
goto cleanup;
}
if (balancer) {
if (post_status == DECLINED) {
/* TODO: reclycle direct worker */
}
}
return access_status;
}
/* -------------------------------------------------------------- */
/* Setup configurable data */
{
ps->recv_buffer_size_set = 0;
ps->io_buffer_size_set = 0;
ps->maxfwd_set = 0;
ps->error_override = 0;
ps->error_override_set = 0;
ps->preserve_host_set = 0;
ps->preserve_host = 0;
ps->timeout_set = 0;
ps->badopt_set = 0;
return ps;
}
{
ps->allowed_connect_ports = apr_array_append(p, base->allowed_connect_ports, overrides->allowed_connect_ports);
ps->recv_buffer_size = (overrides->recv_buffer_size_set == 0) ? base->recv_buffer_size : overrides->recv_buffer_size;
ps->io_buffer_size = (overrides->io_buffer_size_set == 0) ? base->io_buffer_size : overrides->io_buffer_size;
ps->error_override = (overrides->error_override_set == 0) ? base->error_override : overrides->error_override;
ps->preserve_host = (overrides->preserve_host_set == 0) ? base->preserve_host : overrides->preserve_host;
return ps;
}
{
/* Filled in by proxysection, when applicable */
return (void *) new;
}
{
return new;
}
static const char *
{
struct proxy_remote *new;
char *p, *q;
char *r, *f, *scheme;
int port;
p = strchr(r, ':');
if (regex)
return "ProxyRemoteMatch: Bad syntax for a remote proxy server";
else
return "ProxyRemote: Bad syntax for a remote proxy server";
}
else {
scheme[p-r] = 0;
}
if (q != NULL) {
if (regex)
return "ProxyRemoteMatch: Bad syntax for a remote proxy server (bad port number)";
else
return "ProxyRemote: Bad syntax for a remote proxy server (bad port number)";
}
*q = '\0';
}
else
port = -1;
*p = '\0';
if (regex) {
if (!reg)
return "Regular expression for ProxyRemoteMatch could not be compiled.";
}
else
ap_str_tolower(f); /* lowercase scheme */
if (port == -1) {
}
return NULL;
}
static const char *
{
}
static const char *
{
}
static const char *
{
struct proxy_alias *new;
char *r = NULL;
char *word;
const apr_array_header_t *arr;
const apr_table_entry_t *elts;
int i;
while (*arg) {
if (!f)
f = word;
else if (!r)
r = word;
else {
if (!val) {
return "Invalid ProxyPass parameter. Parameter must be "
"in the form 'key=value'";
else
return "ProxyPass can not have a path when defined in a location";
}
else
*val++ = '\0';
}
};
if (r == NULL)
return "ProxyPass needs a path when not defined in a location";
/* Distinguish the balancer from woker */
if (!balancer) {
conf, r);
if (err)
}
if (err)
}
}
else {
if (!worker) {
if (err)
}
if (err)
}
}
return NULL;
}
static const char *
{
struct proxy_alias *new;
&proxy_module);
} else {
if ( r == NULL)
return "ProxyPassReverse needs a path when not defined in a location";
else
return "ProxyPassReverse can not have a path when defined in a location";
}
return NULL;
}
static const char*
{
struct proxy_alias *new;
&proxy_module);
return NULL;
}
static const char*
{
struct proxy_alias *new;
&proxy_module);
return NULL;
}
static const char *
{
struct noproxy_entry *new;
struct apr_sockaddr_t *addr;
int found = 0;
int i;
/* Don't duplicate entries */
found = 1;
}
}
if (!found) {
}
else {
}
}
return NULL;
}
/*
* Set the ports CONNECT can use
*/
static const char *
{
int *New;
if (!apr_isdigit(arg[0]))
return "AllowCONNECT: port number must be numeric";
return NULL;
}
/* Similar to set_proxy_exclude(), but defining directly connected hosts,
* which should never be accessed via the configured ProxyRemote servers
*/
static const char *
{
struct dirconn_entry *New;
int found = 0;
int i;
/* Don't duplicate entries */
found = 1;
}
if (!found) {
#if DEBUGGING
#endif
}
#if DEBUGGING
#endif
}
#if DEBUGGING
#endif
}
else {
#if DEBUGGING
#endif
}
}
return NULL;
}
static const char *
{
if (arg[0] != '.')
return "ProxyDomain: domain name must start with a dot.";
return NULL;
}
static const char *
{
return NULL;
}
static const char *
{
return NULL;
}
static const char *
{
return NULL;
}
static const char *
{
if (s < 512 && s != 0) {
return "ProxyReceiveBufferSize must be >= 512 bytes, or 0 for system default.";
}
psf->recv_buffer_size = s;
return NULL;
}
static const char *
{
return NULL;
}
static const char *
{
if (s < 0) {
return "ProxyMaxForwards must be greater or equal to zero..";
}
return NULL;
}
static const char*
{
int timeout;
if (timeout<1) {
return "Proxy Timeout must be at least 1 second.";
}
return NULL;
}
static const char*
{
else {
return "ProxyVia must be one of: "
"off | on | full | block";
}
return NULL;
}
static const char*
{
else {
return "ProxyBadHeader must be one of: "
"IsError | Ignore | StartBody";
}
return NULL;
}
static const char*
{
else {
return "ProxyStatus must be one of: "
"off | on | block";
}
return NULL;
}
{
char *word;
const apr_array_header_t *arr;
const apr_table_entry_t *elts;
int i;
while (*arg) {
if (!path)
else if (!name)
else {
if (!val)
return "BalancerMember can not have a balancer name when defined in a location";
else
return "Invalid BalancerMember parameter. Parameter must "
"be in the form 'key=value'";
else
*val++ = '\0';
}
}
if (!path)
return "BalancerMember must define balancer name when outside <Proxy > section";
if (!name)
return "BalancerMember must define remote proxy server";
/* Try to find existing worker */
if (!worker) {
const char *err;
}
if (err)
}
/* Try to find the balancer */
if (!balancer) {
if (err)
}
/* Add the worker to the load balancer */
return NULL;
}
static const char *
{
name = f;
sticky = r;
sticky = f;
} else {
if (r == NULL)
return "BalancerStickySession needs a path when not defined in a location";
else
return "BalancerStickySession can not have a path when defined in a location";
}
/* Try to find the balancer */
if (!balancer)
else
return NULL;
}
{
&proxy_module);
*new_space = dir_config;
}
{
const char *errmsg;
return err;
}
"> directive missing closing '>'", NULL);
}
if (!arg) {
return "<ProxyMatch > block must specify a path";
else
return "<Proxy > block must specify a path";
}
/* XXX Ignore case? What if we proxy a case-insensitive server?!?
* While we are at it, shouldn't we also canonicalize the entire
* scheme? See proxy_fixup()
*/
if (!r) {
return "Regex could not be compiled";
}
}
return "<Proxy ~ > block must specify a path";
if (!r) {
return "Regex could not be compiled";
}
}
/* initialize our config and fetch it */
return errmsg;
conf->r = r;
if (*arg != '\0') {
"> arguments not (yet) supported.", NULL);
}
return NULL;
}
static const command_rec proxy_cmds[] =
{
"Container for directives affecting resources located in the proxied "
"location"),
"Container for directives affecting resources located in the proxied "
"location, in regular expression syntax"),
"on if the true proxy requests should be accepted"),
"a scheme, partial URL or '*' and a proxy server"),
"a regex pattern and a proxy server"),
"a virtual path and a URL"),
"a virtual path and a URL for reverse proxy behaviour"),
"A list of names, hosts or domains to which the proxy will not connect"),
"Receive buffer size for outgoing HTTP and FTP connections in bytes"),
"IO buffer size for outgoing HTTP and FTP connections in bytes"),
"The maximum number of proxies a request may be forwarded through."),
"A list of domains, hosts, or subnets to which the proxy will connect directly"),
"The default intranet domain name (in absence of a domain in the URL)"),
"A list of ports which CONNECT may connect to"),
"Configure Via: proxy header header to one of: on | off | block | full"),
"use our error handling pages instead of the servers' we are proxying"),
"on if we should preserve host header while proxying"),
"Set the timeout (in seconds) for a proxied connection. "
"This overrides the server timeout"),
"How to handle bad header line in response: IsError | Ignore | StartBody"),
"A balancer name and scheme with list of params"),
"A balancer and sticky session name"),
"Configure Status: proxy status to one of: on | off | full"),
{NULL}
};
{
/*
* if c == NULL just check if the optional function was imported
* else run the optional function so ssl filters are inserted
*/
if (proxy_ssl_enable) {
return c ? proxy_ssl_enable(c) : 1;
}
return 0;
}
{
if (proxy_ssl_disable) {
return proxy_ssl_disable(c);
}
return 0;
}
{
return OK;
}
#define KBYTE 1024
#define MBYTE 1048576L
#define GBYTE 1073741824L
/* Format the number of bytes nicely */
{
else
}
/*
* proxy Extension to mod_status
*/
{
int i, n;
return OK;
ap_rputs("<hr />\n<h1>Proxy LoadBalancer Status for ", r);
ap_rputs("\n\n<table border=\"0\"><tr>"
"<th>SSes</th><th>Timeout</th>"
"</tr>\n<tr>", r);
ap_rputs("</table>\n", r);
ap_rputs("\n\n<table border=\"0\"><tr>"
"<th>Sch</th><th>Host</th>"
"<th>Route</th><th>Redir</th>"
"<th>F</th><th>Acc</th><th>Wr</th><th>Rd</th>"
"</tr>\n", r);
ap_rputs("</td><td>", r);
ap_rputs("</td>\n", r);
/* TODO: Add the rest of dynamic worker data */
ap_rputs("</tr>\n", r);
++worker;
}
ap_rputs("</table>\n", r);
++balancer;
}
ap_rputs("<hr /><table>\n"
"<tr><th>SSes</th><td>Sticky session name</td></tr>\n"
"<tr><th>Timeout</th><td>Balancer Timeout</td></tr>\n"
"<tr><th>Sch</th><td>Connection scheme</td></tr>\n"
"<tr><th>Host</th><td>Backend Hostname</td></tr>\n"
"<tr><th>Route</th><td>Session Route</td></tr>\n"
"<tr><th>Redir</th><td>Session Route Redirection</td></tr>\n"
"<tr><th>F</th><td>Load Balancer Factor in %</td></tr>\n"
"<tr><th>Acc</th><td>Number of requests</td></tr>\n"
"<tr><th>Wr</th><td>Number of bytes transfered</td></tr>\n"
"<tr><th>Rd</th><td>Number of bytes readed</td></tr>\n"
"</table>", r);
return OK;
}
/*
* This routine is called before the server processes the configuration
* files. There is no return value.
*/
{
return OK;
}
static void register_hooks(apr_pool_t *p)
{
/* fixup before mod_rewrite, so that the proxied url will not
* escaped accidentally by our fixup.
*/
#ifndef FIX_15207
#endif
/* handler */
/* filename-to-URI translation */
/* walk <Proxy > entries and suppress default TRACE behavior */
#ifndef FIX_15207
/* fixups */
#endif
/* post read_request handling */
/* pre config handling */
/* post config handling */
}
{
create_proxy_dir_config, /* create per-directory config structure */
merge_proxy_dir_config, /* merge per-directory config structures */
create_proxy_config, /* create per-server config structure */
merge_proxy_config, /* merge per-server config structures */
proxy_cmds, /* command table */
};
)
(request_rec *r, char *url),(r,
request_rec *r,
request_rec *r,
(request_rec *r), (r),