mod_proxy.c revision 57db302f0875a6c93a79333b8941cea4c1827272
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* Licensed to the Apache Software Foundation (ASF) under one or more
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * contributor license agreements. See the NOTICE file distributed with
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * this work for additional information regarding copyright ownership.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * The ASF licenses this file to You under the Apache License, Version 2.0
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * (the "License"); you may not use this file except in compliance with
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * the License. You may obtain a copy of the License at
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Unless required by applicable law or agreed to in writing, software
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * distributed under the License is distributed on an "AS IS" BASIS,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * See the License for the specific language governing permissions and
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * limitations under the License.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbAPR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbAPR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbAPR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb#define MAX(x,y) ((x) >= (y) ? (x) : (y))
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * A Web proxy module. Stages:
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * translate_name: set filename to proxy:<URL>
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * map_to_storage: run proxy_walk (rather than directory_walk/file_walk)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * can't trust directory_walk/file_walk since these are
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * not in our filesystem. Prevents mod_http from serving
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * the TRACE request we will set aside to handle later.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * fix_ups: convert the URL stored in the filename to the
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * canonical form.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * handler: handle proxy requests
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* -------------------------------------------------------------- */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* Translate the URL into a 'filename' */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *key,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *val)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Normalized load factor. Used with BalancerMamber,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * it is a number between 1 and 100.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (worker->s->lbfactor < 1 || worker->s->lbfactor > 100)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "LoadFactor must be a number between 1..100";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* If set it will give the retry timeout for the worker
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * The default value is 60 seconds, meaning that if
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * in error state, it will be retried after that timeout.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Retry must be a positive value";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Time in seconds that will destroy all the connections
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * that exceed the smax
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "TTL must be at least one second";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Initial number of connections to remote
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Min must be a positive number";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Maximum number of connections to remote
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Max must be a positive number";
a2a0abd88b19e042a3eb2a9fa1702c25ad51303dwrowe /* XXX: More inteligent naming needed */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Maximum number of connections to remote that
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * will not be destroyed
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Smax must be a positive number";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Acquire timeout in given unit (default is milliseconds).
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * If set this will be the maximum time to
c3e342e5b0b9fea6617ee16d2da02c3ef2108126dougm * wait for a free connection.
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe if (ap_timeout_parameter_parse(val, &timeout, "ms") != APR_SUCCESS)
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe return "Acquire timeout has wrong format";
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe return "Acquire must be at least one millisecond";
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe /* Connection timeout in seconds.
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe * Defaults to server timeout.
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe return "Timeout must be at least one second";
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe if (s < 512 && s) {
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe return "IOBufferSize must be >= 512 bytes, or 0 for system default.";
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe return "ReceiveBufferSize must be >= 512 bytes, or 0 for system default.";
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe return "KeepAlive must be On|Off";
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe return "DisableReuse must be On|Off";
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe /* Worker route.
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe return "Route length must be < 64 characters";
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe /* Worker redirection route.
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe return "Redirect length must be < 64 characters";
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe const char *v;
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe /* Worker status.
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe for (v = val; *v; v++) {
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe if (*v == '+') {
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe else if (*v == '-') {
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe return "Unknown status parameter option";
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe return "flushpackets must be on|off|auto";
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe return "flushwait must be <= 1000, or 0 for system default of 10 millseconds.";
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe worker->s->flush_wait = ival * 1000; /* change to microseconds */
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe /* Ping/Pong timeout in given unit (default is second).
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe if (ap_timeout_parameter_parse(val, &timeout, "s") != APR_SUCCESS)
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe return "Ping/Pong timeout has wrong format";
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe return "Ping/Pong timeout must be at least one millisecond";
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe return "lbset must be between 0 and 99";
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe /* Request timeout in given unit (default is second).
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe * Defaults to connection timeout
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe if (ap_timeout_parameter_parse(val, &timeout, "s") != APR_SUCCESS)
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe return "Connectiontimeout has wrong format";
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe return "Connectiontimeout must be at least one millisecond.";
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe return "flusher name length must be < 16 characters";
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe return "unknown Worker parameter";
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowestatic const char *set_balancer_param(proxy_server_conf *conf,
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe const char *key,
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe const char *val)
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe /* Balancer sticky session name.
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe * Set to something like JSESSIONID or
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe * PHPSESSIONID, etc..,
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe return "stickysession length must be < 64 characters";
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe if ((path = strchr((char *)balancer->s->sticky, '|'))) {
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe /* If set to 'on' the session will break
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe * if the worker is in error state or
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe * disabled.
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe return "failover must be On|Off";
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe /* Balancer timeout in seconds.
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe * If set this will be the maximum time to
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe * wait for a free worker.
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe * Default is not to wait.
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe return "timeout must be at least one second";
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe /* Maximum number of failover attempts before
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe * giving up.
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe return "maximum number of attempts must be a positive number";
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe return "unknown lbmethod";
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe provider = ap_lookup_provider(PROXY_LBMETHOD, val, "0");
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe if (PROXY_STRNCPY(balancer->s->lbpname, val) == APR_SUCCESS) {
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe return "lbmethod name too large";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "unknown lbmethod";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* If set to 'on' then ';' will also be
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * used as a session path separator/delim (ala
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "scolonpathdelim must be On|Off";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb balancer->errstatuses = apr_array_make(p, 1, sizeof(int));
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "failonstatus must be one or more HTTP response codes";
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe if (PROXY_STRNCPY(balancer->s->nonce, val) != APR_SUCCESS) {
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe return "Provided nonce is too large";
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe if (ival < 1 || ival > 100) /* arbitrary limit here */
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe return "growth must be between 1 and 100";
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe return "forcerecovery must be On|Off";
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe return "unknown Balancer parameter";
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowestatic int alias_match(const char *uri, const char *alias_fakename)
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe const char *end_fakename = alias_fakename + strlen(alias_fakename);
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe /* any number of '/' in the alias matches any number in
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe * the supplied URI, but there must be at least one...
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Other characters are compared literally */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* fixup badly encoded stuff (e.g. % as last character) */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* We reach the end of the uri before the end of "alias_fakename"
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * for example uri is "/" and alias_fakename "/examples"
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Check last alias path component matched all the way */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Return number of characters from URI which matched (may be
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * greater than length of alias, since we may have matched
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * doubled slashes)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* Detect if an absoluteURI should be proxied or not. Note that we
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * have to do this during this phase because later phases are
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * "short-circuiting"... i.e. translate_names will end when the first
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * module returns OK. So for example, if the request is something like:
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * mod_alias will notice the /cgi-bin part and ScriptAlias it and
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * short-circuit the proxy... just because of the ordering in the
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * configuration file.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb (proxy_server_conf *) ap_get_module_config(sconf, &proxy_module);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Ick... msvc (perhaps others) promotes ternary short results to int */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* but it might be something vhosted */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb (apr_port_t)(r->parsed_uri.port_str ? r->parsed_uri.port
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* We need special treatment for CONNECT proxying: it has no scheme part */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
4ca6cbe768b4e0917ac0b76333c26a7d5396d454trawickstatic const char *proxy_interpolate(request_rec *r, const char *str)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Interpolate an env str in a configuration string
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Syntax ${var} --> value_of(var)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Method: replace one var, and recurse on remainder of string
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Nothing clever here, and crap like nested vars may do silly things
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * but we'll at least avoid sending the unwary into a loop
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *start;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *end;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *var;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *val;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *firstpart;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* OK, this is syntax we want to interpolate. Is there such a var ? */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb apr_array_header_t *ret = apr_array_make(r->pool, hdr->nelts,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb sizeof (struct proxy_alias));
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb struct proxy_alias *old = (struct proxy_alias *) hdr->elts;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbPROXY_DECLARE(int) ap_proxy_trans_match(request_rec *r, struct proxy_alias *ent,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *fake;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *real;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *use_uri = nocanon ? r->unparsed_uri : r->uri;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (dconf && (dconf->interpolate_env == 1) && (ent->flags & PROXYPASS_INTERPOLATE)) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (!ap_regexec(ent->regex, r->uri, AP_MAX_REG_MATCH, regm, 0)) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* test that we haven't reduced the URI */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb found = ap_pregsub(r->pool, real, use_uri, AP_MAX_REG_MATCH,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(01135)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb "Substitution in regular expression failed. "
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb "Replacement too long?");
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Note: The strcmp() below catches cases where there
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * was no regex substitution. This is so cases like:
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * ProxyPassMatch \.gif balancer://foo
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * will work "as expected". The upshot is that the 2
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * directives below act the exact same way (ie: $1 is implied):
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * ProxyPassMatch ^(/.*\.gif)$ balancer://foo
2fa5b5878e7567e2875807c3e2a2b3b0d3ef74bewrowe * ProxyPassMatch ^(/.*\.gif)$ balancer://foo$1
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * which may be confusing.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb found = apr_pstrcat(r->pool, "proxy:", real, use_uri, NULL);
dc8692c6c0ca616a09aa12dad005f2ef23baa1a0wrowe if (len != 0) {
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe if (nocanon && len != alias_match(r->unparsed_uri, ent->fake)) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb found = apr_pstrcat(r->pool, "proxy:", real, use_uri + len, NULL);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* We made a reducing transformation, so we can't safely use
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * unparsed_uri. Safe fallback is to ignore nocanon.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01136)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb "Unescaped URL path matched ProxyPass; ignoring unsafe nocanon");
5bb29f57ae0184d2b3c1cdf35132f8ceb011f882wrowe /* mod_proxy_http needs to be told. Different module. */
6fed20de38221f6f8a60c0ab1d907f1173c443f4wrowe /* someone has already set up the proxy, it was possibly ourselves
6fed20de38221f6f8a60c0ab1d907f1173c443f4wrowe * in proxy_detect
5bb29f57ae0184d2b3c1cdf35132f8ceb011f882wrowe if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
6fed20de38221f6f8a60c0ab1d907f1173c443f4wrowe /* XXX: since r->uri has been manipulated already we're not really
6fed20de38221f6f8a60c0ab1d907f1173c443f4wrowe * compliant with RFC1945 at this point. But this probably isn't
6fed20de38221f6f8a60c0ab1d907f1173c443f4wrowe * an issue because this is a hybrid proxy/origin server.
6fed20de38221f6f8a60c0ab1d907f1173c443f4wrowe dconf = ap_get_module_config(r->per_dir_config, &proxy_module);
6fed20de38221f6f8a60c0ab1d907f1173c443f4wrowe /* short way - this location is reverse proxied? */
580786e253bbe2fa462fdb24af47e52e1ef3dd83wrowe int rv = ap_proxy_trans_match(r, dconf->alias, dconf);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb conf = (proxy_server_conf *) ap_get_module_config(r->server->module_config,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* long way - walk the list of aliases, find a match */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb proxy_server_conf *sconf = ap_get_module_config(r->server->module_config,
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe ap_conf_vector_t *per_dir_defaults = r->server->lookup_defaults;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_conf_vector_t **sec_proxy = (ap_conf_vector_t **) sconf->sec_proxy->elts;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* XXX: shouldn't we use URI here? Canonicalize it first?
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Pass over "proxy:" prefix
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb for (j = 0; j < num_sec; ++j)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb entry_proxy = ap_get_module_config(entry_config, &proxy_module);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* XXX: What about case insensitive matching ???
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Compare regex, fnmatch or string as appropriate
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * If the entry doesn't relate, then continue
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb per_dir_defaults = ap_merge_per_dir_configs(r->pool, per_dir_defaults,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Don't let the core or mod_http map_to_storage hooks handle this,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * We don't need directory/file_walk, and we want to TRACE on our own.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* -------------------------------------------------------------- */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* Fixup the filename */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Canonicalise the URL
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb char *url, *p;
4fca95918a9c0ae93593806544b425d0adc2fcc3wrowe proxy_dir_conf *dconf = ap_get_module_config(r->per_dir_config,
4fca95918a9c0ae93593806544b425d0adc2fcc3wrowe if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
4fca95918a9c0ae93593806544b425d0adc2fcc3wrowe /* XXX: Shouldn't we try this before we run the proxy_walk? */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if ((dconf->interpolate_env == 1) && (r->proxyreq == PROXYREQ_REVERSE)) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* create per-request copy of reverse proxy conf,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * and interpolate vars in it
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb proxy_req_conf *rconf = apr_palloc(r->pool, sizeof(proxy_req_conf));
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_set_module_config(r->request_config, &proxy_module, rconf);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb rconf->cookie_paths = proxy_vars(r, dconf->cookie_paths);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb rconf->cookie_domains = proxy_vars(r, dconf->cookie_domains);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* canonicalise each specific scheme */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if ((access_status = proxy_run_canon_handler(r, url))) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* Send a redirection if the request contains a hostname which is not */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* fully qualified, i.e. doesn't have a domain name appended. Some proxy */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* servers like Netscape's allow this and access hosts from the local */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* domain in this case. I think it is better to redirect to a FQDN, since */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* these will later be found in the bookmarks files. */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* The "ProxyDomain" directive determines what domain will be appended */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic int proxy_needsdomain(request_rec *r, const char *url, const char *domain)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *ref;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* We only want to worry about GETs */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (!r->proxyreq || r->method_number != M_GET || !r->parsed_uri.hostname)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* If host does contain a dot already, or it is "localhost", decline */
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe if (strchr(r->parsed_uri.hostname, '.') != NULL /* has domain, or IPv4 literal */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb || strchr(r->parsed_uri.hostname, ':') != NULL /* IPv6 literal */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb || strcasecmp(r->parsed_uri.hostname, "localhost") == 0)
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe /* Reassemble the request, but insert the domain after the host name */
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe /* Note that the domain name always starts with a dot */
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe r->parsed_uri.hostname = apr_pstrcat(r->pool, r->parsed_uri.hostname,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01138)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* -------------------------------------------------------------- */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* Invoke handler */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *p2;
dc8692c6c0ca616a09aa12dad005f2ef23baa1a0wrowe struct proxy_remote *ents = (struct proxy_remote *) proxies->elts;
dc8692c6c0ca616a09aa12dad005f2ef23baa1a0wrowe const char *str;
8aefbd756763807188d2e3ce336a8680e4893066wrowe struct dirconn_entry *list = (struct dirconn_entry *)conf->dirconn->elts;
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* is this for us? */
8aefbd756763807188d2e3ce336a8680e4893066wrowe if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* handle max-forwards / OPTIONS / TRACE */
8aefbd756763807188d2e3ce336a8680e4893066wrowe if ((str = apr_table_get(r->headers_in, "Max-Forwards"))) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe switch (r->method_number) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe "Max-Forwards has reached zero - proxy loop?");
dc8692c6c0ca616a09aa12dad005f2ef23baa1a0wrowe /* set configured max-forwards */
a8d11d78181478da6a672f7fbc58b8d523351f49wrowe if (maxfwd >= 0) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Allow "error-notes" string to be printed by ap_send_error_response()
8aefbd756763807188d2e3ce336a8680e4893066wrowe * Note; this goes nowhere, canned error response need an overhaul.
8aefbd756763807188d2e3ce336a8680e4893066wrowe "TRACE forbidden by server configuration");
8aefbd756763807188d2e3ce336a8680e4893066wrowe ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01139)
8aefbd756763807188d2e3ce336a8680e4893066wrowe "TRACE forbidden by server configuration");
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Can't test ap_should_client_block, we aren't ready to send
8aefbd756763807188d2e3ce336a8680e4893066wrowe * the client a 100 Continue response till the connection has
8aefbd756763807188d2e3ce336a8680e4893066wrowe * been established
8aefbd756763807188d2e3ce336a8680e4893066wrowe && (r->read_length || r->read_chunked || r->remaining))
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Allow "error-notes" string to be printed by ap_send_error_response()
8aefbd756763807188d2e3ce336a8680e4893066wrowe * Note; this goes nowhere, canned error response need an overhaul.
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe "TRACE with request body is not allowed");
a8d11d78181478da6a672f7fbc58b8d523351f49wrowe ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01140)
a8d11d78181478da6a672f7fbc58b8d523351f49wrowe "TRACE with request body is not allowed");
2fa5b5878e7567e2875807c3e2a2b3b0d3ef74bewrowe if (p == NULL) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01141)
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* If the host doesn't have a domain name, add one and redirect. */
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Check URI's destination host against NoProxy hosts */
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Bypass ProxyRemote server lookup if configured as NoProxy */
8aefbd756763807188d2e3ce336a8680e4893066wrowe for (direct_connect = i = 0; i < conf->dirconn->nelts &&
8aefbd756763807188d2e3ce336a8680e4893066wrowe (direct_connect) ? "NoProxy for %s" : "UseProxy for %s",
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe /* Try to obtain the most suitable worker */
8aefbd756763807188d2e3ce336a8680e4893066wrowe access_status = ap_proxy_pre_request(&worker, &balancer, r, conf, &url);
4fca95918a9c0ae93593806544b425d0adc2fcc3wrowe * Only return if access_status is not HTTP_SERVICE_UNAVAILABLE
4fca95918a9c0ae93593806544b425d0adc2fcc3wrowe * This gives other modules the chance to hook into the
4fca95918a9c0ae93593806544b425d0adc2fcc3wrowe * request_status hook and decide what to do in this situation.
a8d11d78181478da6a672f7fbc58b8d523351f49wrowe * Ensure that balancer is NULL if worker is NULL to prevent
4fca95918a9c0ae93593806544b425d0adc2fcc3wrowe * potential problems in the post_request hook.
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Initialise worker if needed, note the shared area must be initialized by the balancer logic */
8aefbd756763807188d2e3ce336a8680e4893066wrowe ap_proxy_initialize_worker(worker, r->server, conf->pool);
8aefbd756763807188d2e3ce336a8680e4893066wrowe if (balancer && balancer->s->max_attempts_set && !max_attempts)
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* firstly, try a proxy, unless a NoProxy directive is active */
8aefbd756763807188d2e3ce336a8680e4893066wrowe p2 = ap_strchr_c(ents[i].scheme, ':'); /* is it a partial URL? */
8aefbd756763807188d2e3ce336a8680e4893066wrowe (p2 == NULL && strcasecmp(scheme, ents[i].scheme) == 0) ||
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe /* handle the scheme */
8aefbd756763807188d2e3ce336a8680e4893066wrowe ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01142)
8aefbd756763807188d2e3ce336a8680e4893066wrowe "Trying to run scheme_handler against proxy");
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Did the scheme handler process the request? */
8aefbd756763807188d2e3ce336a8680e4893066wrowe const char *cl_a;
8aefbd756763807188d2e3ce336a8680e4893066wrowe * An fatal error or success, so no point in
8aefbd756763807188d2e3ce336a8680e4893066wrowe * retrying with a direct connection.
8aefbd756763807188d2e3ce336a8680e4893066wrowe cl_a = apr_table_get(r->headers_in, "Content-Length");
8aefbd756763807188d2e3ce336a8680e4893066wrowe * The request body is of length > 0. We cannot
8aefbd756763807188d2e3ce336a8680e4893066wrowe * retry with a direct connection since we already
8aefbd756763807188d2e3ce336a8680e4893066wrowe * sent (parts of) the request body to the proxy
8aefbd756763807188d2e3ce336a8680e4893066wrowe * and do not have any longer.
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe if (cl > 0) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe * Transfer-Encoding was set as input header, so we had
8aefbd756763807188d2e3ce336a8680e4893066wrowe * a request body. We cannot retry with a direct
8aefbd756763807188d2e3ce336a8680e4893066wrowe * connection for the same reason as above.
8aefbd756763807188d2e3ce336a8680e4893066wrowe if (apr_table_get(r->headers_in, "Transfer-Encoding")) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* otherwise, try it direct */
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* N.B. what if we're behind a firewall, where we must use a proxy or
b29f87f4b6c6886a04dccc296177a7033f70dfedtrawick * give up??
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* handle the scheme */
8aefbd756763807188d2e3ce336a8680e4893066wrowe ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01143)
8aefbd756763807188d2e3ce336a8680e4893066wrowe "Running scheme %s handler (attempt %d)",
8aefbd756763807188d2e3ce336a8680e4893066wrowe access_status = proxy_run_scheme_handler(r, worker, conf,
8aefbd756763807188d2e3ce336a8680e4893066wrowe else if (access_status == HTTP_INTERNAL_SERVER_ERROR) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Unrecoverable server error.
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe * We can not failover to another worker.
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe * Mark the worker as unusable if member of load balancer
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Recoverable server error.
8aefbd756763807188d2e3ce336a8680e4893066wrowe * We can failover to another worker
8aefbd756763807188d2e3ce336a8680e4893066wrowe * Mark the worker as unusable if member of load balancer
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Unrecoverable error.
8aefbd756763807188d2e3ce336a8680e4893066wrowe * Return the origin status code to the client.
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe /* Try again if the worker is unusable and the service is
8aefbd756763807188d2e3ce336a8680e4893066wrowe * unavailable.
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01144)
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe "No protocol handler was valid for the URL %s. "
8aefbd756763807188d2e3ce336a8680e4893066wrowe "If you are using a DSO version of mod_proxy, make sure "
8aefbd756763807188d2e3ce336a8680e4893066wrowe "the proxy submodules are included in the configuration "
8aefbd756763807188d2e3ce336a8680e4893066wrowe/* -------------------------------------------------------------- */
8aefbd756763807188d2e3ce336a8680e4893066wrowe/* Setup configurable data */
8aefbd756763807188d2e3ce336a8680e4893066wrowestatic void * create_proxy_config(apr_pool_t *p, server_rec *s)
8aefbd756763807188d2e3ce336a8680e4893066wrowe unsigned int id;
8aefbd756763807188d2e3ce336a8680e4893066wrowe proxy_server_conf *ps = apr_pcalloc(p, sizeof(proxy_server_conf));
8aefbd756763807188d2e3ce336a8680e4893066wrowe ps->sec_proxy = apr_array_make(p, 10, sizeof(ap_conf_vector_t *));
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe ps->proxies = apr_array_make(p, 10, sizeof(struct proxy_remote));
8aefbd756763807188d2e3ce336a8680e4893066wrowe ps->aliases = apr_array_make(p, 10, sizeof(struct proxy_alias));
2fa5b5878e7567e2875807c3e2a2b3b0d3ef74bewrowe ps->noproxies = apr_array_make(p, 10, sizeof(struct noproxy_entry));
8aefbd756763807188d2e3ce336a8680e4893066wrowe ps->dirconn = apr_array_make(p, 10, sizeof(struct dirconn_entry));
2fa5b5878e7567e2875807c3e2a2b3b0d3ef74bewrowe ps->workers = apr_array_make(p, 10, sizeof(proxy_worker));
8aefbd756763807188d2e3ce336a8680e4893066wrowe ps->balancers = apr_array_make(p, 10, sizeof(proxy_balancer));
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe id = ap_proxy_hashfunc(apr_psprintf(p, "%pp-%" APR_TIME_T_FMT, ps, apr_time_now()), PROXY_HASHFUNC_DEFAULT);
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe id = ap_proxy_hashfunc(apr_psprintf(p, "%pp", s), PROXY_HASHFUNC_DEFAULT);
8aefbd756763807188d2e3ce336a8680e4893066wrowe ps->viaopt = via_off; /* initially backward compatible with 1.3.1 */
8aefbd756763807188d2e3ce336a8680e4893066wrowe ps->recv_buffer_size = 0; /* this default was left unset for some reason */
dc8692c6c0ca616a09aa12dad005f2ef23baa1a0wrowestatic void * merge_proxy_config(apr_pool_t *p, void *basev, void *overridesv)
dc8692c6c0ca616a09aa12dad005f2ef23baa1a0wrowe proxy_server_conf *ps = apr_pcalloc(p, sizeof(proxy_server_conf));
dc8692c6c0ca616a09aa12dad005f2ef23baa1a0wrowe proxy_server_conf *base = (proxy_server_conf *) basev;
dc8692c6c0ca616a09aa12dad005f2ef23baa1a0wrowe proxy_server_conf *overrides = (proxy_server_conf *) overridesv;
8aefbd756763807188d2e3ce336a8680e4893066wrowe ps->proxies = apr_array_append(p, base->proxies, overrides->proxies);
8aefbd756763807188d2e3ce336a8680e4893066wrowe ps->sec_proxy = apr_array_append(p, base->sec_proxy, overrides->sec_proxy);
8aefbd756763807188d2e3ce336a8680e4893066wrowe ps->aliases = apr_array_append(p, base->aliases, overrides->aliases);
8aefbd756763807188d2e3ce336a8680e4893066wrowe ps->noproxies = apr_array_append(p, base->noproxies, overrides->noproxies);
a2a0abd88b19e042a3eb2a9fa1702c25ad51303dwrowe ps->dirconn = apr_array_append(p, base->dirconn, overrides->dirconn);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->workers = apr_array_append(p, base->workers, overrides->workers);
948096a99010fccf648814fecf38f75c689172d7wrowe ps->balancers = apr_array_append(p, base->balancers, overrides->balancers);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->forward = overrides->forward ? overrides->forward : base->forward;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->reverse = overrides->reverse ? overrides->reverse : base->reverse;
948096a99010fccf648814fecf38f75c689172d7wrowe ps->domain = (overrides->domain == NULL) ? base->domain : overrides->domain;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->id = (overrides->id == NULL) ? base->id : overrides->id;
948096a99010fccf648814fecf38f75c689172d7wrowe ps->viaopt = (overrides->viaopt_set == 0) ? base->viaopt : overrides->viaopt;
948096a99010fccf648814fecf38f75c689172d7wrowe ps->viaopt_set = overrides->viaopt_set || base->viaopt_set;
948096a99010fccf648814fecf38f75c689172d7wrowe ps->req = (overrides->req_set == 0) ? base->req : overrides->req;
948096a99010fccf648814fecf38f75c689172d7wrowe ps->bgrowth = (overrides->bgrowth_set == 0) ? base->bgrowth : overrides->bgrowth;
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe ps->bgrowth_set = overrides->bgrowth_set || base->bgrowth_set;
3f5b4558f5410fdac5d6feed7aab0c3668f9cd13wrowe ps->max_balancers = overrides->max_balancers || base->max_balancers;
948096a99010fccf648814fecf38f75c689172d7wrowe ps->bal_persist = overrides->bal_persist || base->bal_persist;
dc8692c6c0ca616a09aa12dad005f2ef23baa1a0wrowe ps->recv_buffer_size = (overrides->recv_buffer_size_set == 0) ? base->recv_buffer_size : overrides->recv_buffer_size;
dc8692c6c0ca616a09aa12dad005f2ef23baa1a0wrowe ps->recv_buffer_size_set = overrides->recv_buffer_size_set || base->recv_buffer_size_set;
053497224246c4dbef9af594cacf5c00ed271e6cwrowe ps->io_buffer_size = (overrides->io_buffer_size_set == 0) ? base->io_buffer_size : overrides->io_buffer_size;
053497224246c4dbef9af594cacf5c00ed271e6cwrowe ps->io_buffer_size_set = overrides->io_buffer_size_set || base->io_buffer_size_set;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->maxfwd = (overrides->maxfwd_set == 0) ? base->maxfwd : overrides->maxfwd;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->maxfwd_set = overrides->maxfwd_set || base->maxfwd_set;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->timeout = (overrides->timeout_set == 0) ? base->timeout : overrides->timeout;
948096a99010fccf648814fecf38f75c689172d7wrowe ps->timeout_set = overrides->timeout_set || base->timeout_set;
948096a99010fccf648814fecf38f75c689172d7wrowe ps->badopt = (overrides->badopt_set == 0) ? base->badopt : overrides->badopt;
948096a99010fccf648814fecf38f75c689172d7wrowe ps->badopt_set = overrides->badopt_set || base->badopt_set;
948096a99010fccf648814fecf38f75c689172d7wrowe ps->proxy_status = (overrides->proxy_status_set == 0) ? base->proxy_status : overrides->proxy_status;
948096a99010fccf648814fecf38f75c689172d7wrowe ps->proxy_status_set = overrides->proxy_status_set || base->proxy_status_set;
948096a99010fccf648814fecf38f75c689172d7wrowe ps->source_address = (overrides->source_address_set == 0) ? base->source_address : overrides->source_address;
948096a99010fccf648814fecf38f75c689172d7wrowe ps->source_address_set = overrides->source_address_set || base->source_address_set;
948096a99010fccf648814fecf38f75c689172d7wrowestatic const char *set_source_address(cmd_parms *parms, void *dummy,
948096a99010fccf648814fecf38f75c689172d7wrowe const char *arg)
948096a99010fccf648814fecf38f75c689172d7wrowe ap_get_module_config(parms->server->module_config, &proxy_module);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (APR_SUCCESS == apr_sockaddr_info_get(&addr, arg, APR_UNSPEC, 0, 0,
948096a99010fccf648814fecf38f75c689172d7wrowe return "ProxySourceAddress invalid value";
948096a99010fccf648814fecf38f75c689172d7wrowestatic void *create_proxy_dir_config(apr_pool_t *p, char *dummy)
948096a99010fccf648814fecf38f75c689172d7wrowe (proxy_dir_conf *) apr_pcalloc(p, sizeof(proxy_dir_conf));
948096a99010fccf648814fecf38f75c689172d7wrowe /* Filled in by proxysection, when applicable */
948096a99010fccf648814fecf38f75c689172d7wrowe /* Put these in the dir config so they work inside <Location> */
948096a99010fccf648814fecf38f75c689172d7wrowe new->raliases = apr_array_make(p, 10, sizeof(struct proxy_alias));
948096a99010fccf648814fecf38f75c689172d7wrowe new->cookie_paths = apr_array_make(p, 10, sizeof(struct proxy_alias));
948096a99010fccf648814fecf38f75c689172d7wrowe new->cookie_domains = apr_array_make(p, 10, sizeof(struct proxy_alias));
053497224246c4dbef9af594cacf5c00ed271e6cwrowe return (void *) new;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic void *merge_proxy_dir_config(apr_pool_t *p, void *basev, void *addv)
053497224246c4dbef9af594cacf5c00ed271e6cwrowe proxy_dir_conf *new = (proxy_dir_conf *) apr_pcalloc(p, sizeof(proxy_dir_conf));
948096a99010fccf648814fecf38f75c689172d7wrowe /* Put these in the dir config so they work inside <Location> */
053497224246c4dbef9af594cacf5c00ed271e6cwrowe new->raliases = apr_array_append(p, base->raliases, add->raliases);
948096a99010fccf648814fecf38f75c689172d7wrowe = apr_array_append(p, base->cookie_paths, add->cookie_paths);
053497224246c4dbef9af594cacf5c00ed271e6cwrowe = apr_array_append(p, base->cookie_domains, add->cookie_domains);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb new->interpolate_env = (add->interpolate_env == -1) ? base->interpolate_env
948096a99010fccf648814fecf38f75c689172d7wrowe new->preserve_host = (add->preserve_host_set == 0) ? base->preserve_host
948096a99010fccf648814fecf38f75c689172d7wrowe new->preserve_host_set = add->preserve_host_set || base->preserve_host_set;
948096a99010fccf648814fecf38f75c689172d7wrowe new->error_override = (add->error_override_set == 0) ? base->error_override
948096a99010fccf648814fecf38f75c689172d7wrowe new->error_override_set = add->error_override_set || base->error_override_set;
948096a99010fccf648814fecf38f75c689172d7wrowe new->alias = (add->alias_set == 0) ? base->alias : add->alias;
948096a99010fccf648814fecf38f75c689172d7wrowe new->add_forwarded_headers = add->add_forwarded_headers;
948096a99010fccf648814fecf38f75c689172d7wrowestatic const char *
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb add_proxy(cmd_parms *cmd, void *dummy, const char *f1, const char *r1, int regex)
948096a99010fccf648814fecf38f75c689172d7wrowe (proxy_server_conf *) ap_get_module_config(s->module_config, &proxy_module);
948096a99010fccf648814fecf38f75c689172d7wrowe char *p, *q;
696218c49632c863d18b25fa52ab63617088cb38wrowe char *r, *f, *scheme;
948096a99010fccf648814fecf38f75c689172d7wrowe if (p == NULL || p[1] != '/' || p[2] != '/' || p[3] == '\0') {
053497224246c4dbef9af594cacf5c00ed271e6cwrowe return "ProxyRemoteMatch: Bad syntax for a remote proxy server";
948096a99010fccf648814fecf38f75c689172d7wrowe return "ProxyRemote: Bad syntax for a remote proxy server";
948096a99010fccf648814fecf38f75c689172d7wrowe if (q != NULL) {
948096a99010fccf648814fecf38f75c689172d7wrowe if (sscanf(q + 1, "%u", &port) != 1 || port > 65535) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "ProxyRemoteMatch: Bad syntax for a remote proxy server (bad port number)";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "ProxyRemote: Bad syntax for a remote proxy server (bad port number)";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb *q = '\0';
dc8692c6c0ca616a09aa12dad005f2ef23baa1a0wrowe return "Regular expression for ProxyRemoteMatch could not be compiled.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb add_proxy_noregex(cmd_parms *cmd, void *dummy, const char *f1, const char *r1)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb add_proxy_regex(cmd_parms *cmd, void *dummy, const char *f1, const char *r1)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb add_pass(cmd_parms *cmd, void *dummy, const char *arg, int is_regex)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb (proxy_server_conf *) ap_get_module_config(s->module_config, &proxy_module);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb char *r = NULL;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb unsigned int flags = 0;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *err;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb err = ap_check_cmd_context(cmd, NOT_IN_DIRECTORY|NOT_IN_FILES);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb while (*arg) {
dc8692c6c0ca616a09aa12dad005f2ef23baa1a0wrowe return "ProxyPassMatch invalid syntax ('~' usage).";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb else if (!r) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (*r == '/') {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "ProxyPass|ProxyPassMatch can not have a path when defined in "
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb "a location.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Invalid ProxyPass|ProxyPassMatch parameter. Parameter must "
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb "be in the form 'key=value'.";
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe return "Invalid ProxyPass|ProxyPassMatch parameter. Parameter must be "
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe "in the form 'key=value'.";
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe if (r == NULL) {
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe return "ProxyPass|ProxyPassMatch needs a path when not defined in a location";
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe /* if per directory, save away the single alias */
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe dconf->alias = apr_pcalloc(cmd->pool, sizeof(struct proxy_alias));
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe /* if per server, add to the alias array */
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe new->regex = ap_pregcomp(cmd->pool, f, AP_REG_EXTENDED);
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe return "Regular expression could not be compiled.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Distinguish the balancer from worker */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb proxy_balancer *balancer = ap_proxy_get_balancer(cmd->pool, conf, r, 0);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *err = ap_proxy_define_balancer(cmd->pool, &balancer, conf, r, f, 0);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return apr_pstrcat(cmd->temp_pool, "ProxyPass ", err, NULL);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *err = set_balancer_param(conf, cmd->pool, balancer, elts[i].key,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return apr_pstrcat(cmd->temp_pool, "ProxyPass ", err, NULL);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb proxy_worker *worker = ap_proxy_get_worker(cmd->temp_pool, NULL, conf, r);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *err = ap_proxy_define_worker(cmd->pool, &worker, NULL, conf, r, 0);
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe return apr_pstrcat(cmd->temp_pool, "ProxyPass ", err, NULL);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_log_error(APLOG_MARK, APLOG_INFO, 0, cmd->server, APLOGNO(01145)
b67fb549910fa0faf4cdd8aeaf9aeab51d4b6a92wrowe "Sharing worker '%s' instead of creating new worker '%s'",
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server, APLOGNO(01146)
1ab995011876f631740d68d960a6d729ddff5bfawrowe "Ignoring parameter '%s=%s' for worker '%s' because of worker sharing",
b45c1c292ff1fa635004ae81fa691f8cb3cdda85rbb const char *err = set_worker_param(cmd->pool, worker, elts[i].key,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return apr_pstrcat(cmd->temp_pool, "ProxyPass ", err, NULL);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb add_pass_noregex(cmd_parms *cmd, void *dummy, const char *arg)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb add_pass_regex(cmd_parms *cmd, void *dummy, const char *arg)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char * add_pass_reverse(cmd_parms *cmd, void *dconf, const char *f,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *r, const char *i)
efa1a34b0a7785fc72863eff175b0cfc1ecb0e38wrowe const char *fake;
117026201e6d8fe7d82416b8a7324830f5a87292wrowe const char *real;
117026201e6d8fe7d82416b8a7324830f5a87292wrowe const char *interp;
117026201e6d8fe7d82416b8a7324830f5a87292wrowe const char *err;
117026201e6d8fe7d82416b8a7324830f5a87292wrowe err = ap_check_cmd_context(cmd, NOT_IN_DIRECTORY|NOT_IN_FILES);
1ab995011876f631740d68d960a6d729ddff5bfawrowe return "ProxyPassReverse needs a path when not defined in a location";
117026201e6d8fe7d82416b8a7324830f5a87292wrowe return "ProxyPassReverse can not have a path when defined in a location";
117026201e6d8fe7d82416b8a7324830f5a87292wrowestatic const char* cookie_path(cmd_parms *cmd, void *dconf, const char *f,
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe const char *r, const char *interp)
beda1fb2f11c52ca4612460a5d5ba47398143efbwrowestatic const char* cookie_domain(cmd_parms *cmd, void *dconf, const char *f,
beda1fb2f11c52ca4612460a5d5ba47398143efbwrowe const char *r, const char *interp)
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowestatic const char *
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe set_proxy_exclude(cmd_parms *parms, void *dummy, const char *arg)
efa1a34b0a7785fc72863eff175b0cfc1ecb0e38wrowe ap_get_module_config(s->module_config, &proxy_module);
117026201e6d8fe7d82416b8a7324830f5a87292wrowe struct noproxy_entry *list = (struct noproxy_entry *) conf->noproxies->elts;
117026201e6d8fe7d82416b8a7324830f5a87292wrowe /* Don't duplicate entries */
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe if (strcasecmp(arg, list[i].name) == 0) { /* ignore case for host names */
117026201e6d8fe7d82416b8a7324830f5a87292wrowe if (APR_SUCCESS == apr_sockaddr_info_get(&addr, new->name, APR_UNSPEC, 0, 0, parms->pool)) {
117026201e6d8fe7d82416b8a7324830f5a87292wrowe/* Similar to set_proxy_exclude(), but defining directly connected hosts,
117026201e6d8fe7d82416b8a7324830f5a87292wrowe * which should never be accessed via the configured ProxyRemote servers
a2a0abd88b19e042a3eb2a9fa1702c25ad51303dwrowestatic const char *
a2a0abd88b19e042a3eb2a9fa1702c25ad51303dwrowe set_proxy_dirconn(cmd_parms *parms, void *dummy, const char *arg)
73fbb0a2e9cb209173d6c319c57260cbf29c8cc7wrowe ap_get_module_config(s->module_config, &proxy_module);
650ac07cba9ab3ad9bdeda50b78c278442604814wrowe struct dirconn_entry *list = (struct dirconn_entry *) conf->dirconn->elts;
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe /* Don't duplicate entries */
5bb29f57ae0184d2b3c1cdf35132f8ceb011f882wrowestatic const char *
5bb29f57ae0184d2b3c1cdf35132f8ceb011f882wrowe set_proxy_domain(cmd_parms *parms, void *dummy, const char *arg)
5bb29f57ae0184d2b3c1cdf35132f8ceb011f882wrowe ap_get_module_config(parms->server->module_config, &proxy_module);
af7e32b660b02a378e91d40987e59b28864db954jwoolley return "ProxyDomain: domain name must start with a dot.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe ap_get_module_config(parms->server->module_config, &proxy_module);
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowestatic const char *
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe set_proxy_error_override(cmd_parms *parms, void *dconf, int flag)
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowestatic const char *
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe add_proxy_http_headers(cmd_parms *parms, void *dconf, int flag)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb set_preserve_host(cmd_parms *parms, void *dconf, int flag)
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowestatic const char *
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe set_recv_buffer_size(cmd_parms *parms, void *dummy, const char *arg)
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe ap_get_module_config(parms->server->module_config, &proxy_module);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (s < 512 && s != 0) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "ProxyReceiveBufferSize must be >= 512 bytes, or 0 for system default.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb set_io_buffer_size(cmd_parms *parms, void *dummy, const char *arg)
a2a0abd88b19e042a3eb2a9fa1702c25ad51303dwrowe ap_get_module_config(parms->server->module_config, &proxy_module);
73fbb0a2e9cb209173d6c319c57260cbf29c8cc7wrowe if (s < 512 && s) {
73fbb0a2e9cb209173d6c319c57260cbf29c8cc7wrowe return "ProxyIOBufferSize must be >= 512 bytes, or 0 for system default.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe set_max_forwards(cmd_parms *parms, void *dummy, const char *arg)
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe ap_get_module_config(parms->server->module_config, &proxy_module);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char*
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb set_proxy_timeout(cmd_parms *parms, void *dummy, const char *arg)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_get_module_config(parms->server->module_config, &proxy_module);
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe return "Proxy Timeout must be at least 1 second.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char*
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb set_via_opt(cmd_parms *parms, void *dummy, const char *arg)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_get_module_config(parms->server->module_config, &proxy_module);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "ProxyVia must be one of: "
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb "off | on | full | block";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char*
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb set_bad_opt(cmd_parms *parms, void *dummy, const char *arg)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_get_module_config(parms->server->module_config, &proxy_module);
return NULL;
return NULL;
return NULL;
return NULL;
char *word;
int reuse = 0;
if (err)
return err;
while (*arg) {
char *val;
if (!val) {
if (!path)
else if (!name)
if (!path)
if (!name)
if (!balancer) {
if (err)
if (!worker) {
if (reuse) {
if (err)
return NULL;
int in_proxy_section = 0;
if (err)
return err;
if (!balancer) {
if (in_proxy_section) {
if (err)
if (!worker) {
if (in_proxy_section) {
if (err)
while (*arg) {
if (!val) {
if (worker)
if (err)
return NULL;
&proxy_module);
const char *errmsg;
return err;
if (!arg) {
return errmsg;
conf->r = r;
NULL);
NULL);
if (!balancer) {
if (err)
conf->p);
if (!worker) {
if (err)
NULL);
while (*arg) {
if (!val) {
if (worker)
if (err)
return NULL;
{NULL}
if (proxy_ssl_enable) {
if (proxy_ssl_disable) {
return proxy_ssl_disable(c);
if (proxy_is_https) {
return proxy_is_https(c);
const char *var)
if (proxy_ssl_val) {
return NULL;
return OK;
return OK;
++worker;
++balancer;
return OK;
if (!reverse) {
s = s->next;
proxy_lb_workers = 0;
return OK;
/* register optional functions within proxy_util.c */
request_rec *r,
request_rec *r,
(request_rec *r), (r),
(status, r),