mod_proxy.c revision 5c24acdc757b7557d33c389fafdb7cc455ce3740
842ae4bd224140319ae7feec1872b93dfd491143fielding/* Licensed to the Apache Software Foundation (ASF) under one or more
842ae4bd224140319ae7feec1872b93dfd491143fielding * contributor license agreements. See the NOTICE file distributed with
842ae4bd224140319ae7feec1872b93dfd491143fielding * this work for additional information regarding copyright ownership.
842ae4bd224140319ae7feec1872b93dfd491143fielding * The ASF licenses this file to You under the Apache License, Version 2.0
842ae4bd224140319ae7feec1872b93dfd491143fielding * (the "License"); you may not use this file except in compliance with
842ae4bd224140319ae7feec1872b93dfd491143fielding * the License. You may obtain a copy of the License at
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * Unless required by applicable law or agreed to in writing, software
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * distributed under the License is distributed on an "AS IS" BASIS,
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * See the License for the specific language governing permissions and
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * limitations under the License.
3568de757bac0b47256647504c186d17ca272f85rbbAPR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
3568de757bac0b47256647504c186d17ca272f85rbbAPR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
3568de757bac0b47256647504c186d17ca272f85rbbAPR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
3568de757bac0b47256647504c186d17ca272f85rbb#define MAX(x,y) ((x) >= (y) ? (x) : (y))
3568de757bac0b47256647504c186d17ca272f85rbb * A Web proxy module. Stages:
3568de757bac0b47256647504c186d17ca272f85rbb * translate_name: set filename to proxy:<URL>
3568de757bac0b47256647504c186d17ca272f85rbb * map_to_storage: run proxy_walk (rather than directory_walk/file_walk)
3568de757bac0b47256647504c186d17ca272f85rbb * can't trust directory_walk/file_walk since these are
3568de757bac0b47256647504c186d17ca272f85rbb * not in our filesystem. Prevents mod_http from serving
3568de757bac0b47256647504c186d17ca272f85rbb * the TRACE request we will set aside to handle later.
3568de757bac0b47256647504c186d17ca272f85rbb * type_checker: set type to PROXY_MAGIC_TYPE if filename begins proxy:
3568de757bac0b47256647504c186d17ca272f85rbb * fix_ups: convert the URL stored in the filename to the
3568de757bac0b47256647504c186d17ca272f85rbb * canonical form.
3568de757bac0b47256647504c186d17ca272f85rbb * handler: handle proxy requests
3568de757bac0b47256647504c186d17ca272f85rbb/* -------------------------------------------------------------- */
3568de757bac0b47256647504c186d17ca272f85rbb/* Translate the URL into a 'filename' */
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *key,
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *val)
3568de757bac0b47256647504c186d17ca272f85rbb /* Normalized load factor. Used with BalancerMamber,
98fb535f829e2a95aabd82420931f476661fa8e3jorton * it is a number between 1 and 100.
db12cd62083041bf90945eeb90cc40fbd2340797trawick if (worker->s->lbfactor < 1 || worker->s->lbfactor > 100)
333eac96e4fb7d6901cb75e6ca7bb22b2ccb84cetrawick return "LoadFactor must be a number between 1..100";
3568de757bac0b47256647504c186d17ca272f85rbb /* If set it will give the retry timeout for the worker
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * The default value is 60 seconds, meaning that if
3568de757bac0b47256647504c186d17ca272f85rbb * in error state, it will be retried after that timeout.
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return "Retry must be a positive value";
8f3ec4772d2aeb347cf40e87c77627bb784dd018rbb /* Time in seconds that will destroy all the connections
8f3ec4772d2aeb347cf40e87c77627bb784dd018rbb * that exceed the smax
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf return "TTL must be at least one second";
f0e395a55abfcad3d2bd7c63470003b08a93d567nd /* Initial number of connections to remote
7cd5419264796cfeaf8215383cf0f89130a81fectrawick return "Min must be a positive number";
7cd5419264796cfeaf8215383cf0f89130a81fectrawick /* Maximum number of connections to remote
3568de757bac0b47256647504c186d17ca272f85rbb return "Max must be a positive number";
3568de757bac0b47256647504c186d17ca272f85rbb /* XXX: More inteligent naming needed */
3568de757bac0b47256647504c186d17ca272f85rbb /* Maximum number of connections to remote that
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * will not be destroyed
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return "Smax must be a positive number";
3568de757bac0b47256647504c186d17ca272f85rbb /* Acquire timeout in given unit (default is milliseconds).
3568de757bac0b47256647504c186d17ca272f85rbb * If set this will be the maximum time to
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * wait for a free connection.
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (ap_timeout_parameter_parse(val, &timeout, "ms") != APR_SUCCESS)
3568de757bac0b47256647504c186d17ca272f85rbb return "Acquire timeout has wrong format";
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return "Acquire must be at least one millisecond";
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz /* Connection timeout in seconds.
24b534291150023e6b68eca89ddd33e475ccddc0wrowe * Defaults to server timeout.
24b534291150023e6b68eca89ddd33e475ccddc0wrowe return "Timeout must be at least one second";
3568de757bac0b47256647504c186d17ca272f85rbb if (s < 512 && s) {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return "IOBufferSize must be >= 512 bytes, or 0 for system default.";
3568de757bac0b47256647504c186d17ca272f85rbb return "ReceiveBufferSize must be >= 512 bytes, or 0 for system default.";
3568de757bac0b47256647504c186d17ca272f85rbb return "KeepAlive must be On|Off";
3568de757bac0b47256647504c186d17ca272f85rbb return "DisableReuse must be On|Off";
3fa816e4832a1c70600bdfd6fc5ef60e9f1c18bbsf /* Worker route.
397df70abe0bdd78a84fb6c38c02641bcfeadceasf return "Route length must be < 64 characters";
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* Worker redirection route.
78ae889ffe0fdfab72f56c6993b0f302cb48da55rbb return "Redirect length must be < 64 characters";
6653a33e820463abd4f81915b7a1eba0f602e200brianp const char *v;
6653a33e820463abd4f81915b7a1eba0f602e200brianp /* Worker status.
6653a33e820463abd4f81915b7a1eba0f602e200brianp for (v = val; *v; v++) {
6653a33e820463abd4f81915b7a1eba0f602e200brianp if (*v == '+') {
36c8049de63c446926139936c3d195330a0539cetrawick else if (*v == '-') {
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin return "Unknown status parameter option";
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin return "flushpackets must be on|off|auto";
6653a33e820463abd4f81915b7a1eba0f602e200brianp return "flushwait must be <= 1000, or 0 for system default of 10 millseconds.";
6653a33e820463abd4f81915b7a1eba0f602e200brianp worker->s->flush_wait = ival * 1000; /* change to microseconds */
6653a33e820463abd4f81915b7a1eba0f602e200brianp /* Ping/Pong timeout in given unit (default is second).
6653a33e820463abd4f81915b7a1eba0f602e200brianp if (ap_timeout_parameter_parse(val, &timeout, "s") != APR_SUCCESS)
6653a33e820463abd4f81915b7a1eba0f602e200brianp return "Ping/Pong timeout has wrong format";
6653a33e820463abd4f81915b7a1eba0f602e200brianp return "Ping/Pong timeout must be at least one millisecond";
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf return "lbset must be between 0 and 99";
3568de757bac0b47256647504c186d17ca272f85rbb /* Request timeout in given unit (default is second).
3568de757bac0b47256647504c186d17ca272f85rbb * Defaults to connection timeout
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (ap_timeout_parameter_parse(val, &timeout, "s") != APR_SUCCESS)
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard return "Connectiontimeout has wrong format";
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return "Connectiontimeout must be at least one millisecond.";
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return "flusher name length must be < 16 characters";
3568de757bac0b47256647504c186d17ca272f85rbb return "unknown Worker parameter";
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantzstatic const char *set_balancer_param(proxy_server_conf *conf,
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem const char *key,
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem const char *val)
e2de0e939faab767454a164c7d2e8ea710fd1a26sf /* Balancer sticky session name.
e2de0e939faab767454a164c7d2e8ea710fd1a26sf * Set to something like JSESSIONID or
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * PHPSESSIONID, etc..,
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (strlen(val) > (PROXY_BALANCER_MAX_STICKY_SIZE-1))
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard return "stickysession length must be < 64 characters";
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if ((path = strchr((char *)balancer->s->sticky, '|'))) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /* If set to 'on' the session will break
3568de757bac0b47256647504c186d17ca272f85rbb * if the worker is in error state or
3568de757bac0b47256647504c186d17ca272f85rbb * disabled.
98cd3186185bb28ae6c95a3f159899fcf56a663ftrawick return "failover must be On|Off";
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf /* Balancer timeout in seconds.
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf * If set this will be the maximum time to
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick * wait for a free worker.
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick * Default is not to wait.
397df70abe0bdd78a84fb6c38c02641bcfeadceasf return "timeout must be at least one second";
397df70abe0bdd78a84fb6c38c02641bcfeadceasf /* Maximum number of failover attempts before
397df70abe0bdd78a84fb6c38c02641bcfeadceasf * giving up.
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf return "maximum number of attempts must be a positive number";
3cbd177a6c885562f9ad0cf11695f044489c881dgregames if (strlen(val) > (sizeof(balancer->s->lbpname)-1))
3cbd177a6c885562f9ad0cf11695f044489c881dgregames return "unknown lbmethod";
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf if (PROXY_STRNCPY(balancer->s->lbpname, val) == APR_SUCCESS) {
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf return "lbmethod name too large";
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return "unknown lbmethod";
5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames /* If set to 'on' then ';' will also be
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * used as a session path separator/delim (ala
7cd5419264796cfeaf8215383cf0f89130a81fectrawick return "scolonpathdelim must be On|Off";
7cd5419264796cfeaf8215383cf0f89130a81fectrawick balancer->errstatuses = apr_array_make(p, 1, sizeof(int));
7cd5419264796cfeaf8215383cf0f89130a81fectrawick *(int *)apr_array_push(balancer->errstatuses) = ival;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick return "failonstatus must be one or more HTTP response codes";
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (PROXY_STRNCPY(balancer->s->nonce, val) != APR_SUCCESS) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard return "Provided nonce is too large";
7cd5419264796cfeaf8215383cf0f89130a81fectrawick if (ival < 1 || ival > 100) /* arbitrary limit here */
7cd5419264796cfeaf8215383cf0f89130a81fectrawick return "growth must be between 1 and 100";
74fd6d9aeadb9022086259c5c1ae00bc0dda9c9astoddard return "unknown Balancer parameter";
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddardstatic int alias_match(const char *uri, const char *alias_fakename)
8dfa8c6f60f12e0b65eebbb652b629f911f0f84bsf const char *end_fakename = alias_fakename + strlen(alias_fakename);
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick /* any number of '/' in the alias matches any number in
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * the supplied URI, but there must be at least one...
01d315c948a50cb511dbaee108b9571ee9a4d287jim /* Other characters are compared literally */
3568de757bac0b47256647504c186d17ca272f85rbb /* fixup badly encoded stuff (e.g. % as last character) */
ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard /* We reach the end of the uri before the end of "alias_fakename"
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh * for example uri is "/" and alias_fakename "/examples"
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /* Check last alias path component matched all the way */
3568de757bac0b47256647504c186d17ca272f85rbb /* Return number of characters from URI which matched (may be
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * greater than length of alias, since we may have matched
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * doubled slashes)
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz/* Detect if an absoluteURI should be proxied or not. Note that we
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * have to do this during this phase because later phases are
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * "short-circuiting"... i.e. translate_names will end when the first
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * module returns OK. So for example, if the request is something like:
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * mod_alias will notice the /cgi-bin part and ScriptAlias it and
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * short-circuit the proxy... just because of the ordering in the
3568de757bac0b47256647504c186d17ca272f85rbb * configuration file.
663237d6bcc59ac0997d71d48a1baa55fa29a3d8jim (proxy_server_conf *) ap_get_module_config(sconf, &proxy_module);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /* Ick... msvc (perhaps others) promotes ternary short results to int */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /* but it might be something vhosted */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard && !strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r))
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard (apr_port_t)(r->parsed_uri.port_str ? r->parsed_uri.port
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz /* We need special treatment for CONNECT proxying: it has no scheme part */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
49aa87d735a13ae3d04012ee0df91ddb51f7c36esfstatic const char *proxy_interpolate(request_rec *r, const char *str)
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf /* Interpolate an env str in a configuration string
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf * Syntax ${var} --> value_of(var)
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf * Method: replace one var, and recurse on remainder of string
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf * Nothing clever here, and crap like nested vars may do silly things
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf * but we'll at least avoid sending the unwary into a loop
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf const char *start;
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf const char *end;
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf const char *var;
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf const char *val;
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf const char *firstpart;
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf /* OK, this is syntax we want to interpolate. Is there such a var ? */
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf apr_array_header_t *ret = apr_array_make(r->pool, hdr->nelts,
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf sizeof (struct proxy_alias));
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf struct proxy_alias *old = (struct proxy_alias *) hdr->elts;
49aa87d735a13ae3d04012ee0df91ddb51f7c36esfPROXY_DECLARE(int) ap_proxy_trans_match(request_rec *r, struct proxy_alias *ent,
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf const char *fake;
3568de757bac0b47256647504c186d17ca272f85rbb const char *real;
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick unsigned int nocanon = ent->flags & PROXYPASS_NOCANON;
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick const char *use_uri = nocanon ? r->unparsed_uri : r->uri;
d69e1ed15b5db3d832c1f6c8c403ef397248857atrawick if (dconf && (dconf->interpolate_env == 1) && (ent->flags & PROXYPASS_INTERPOLATE)) {
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf if (!ap_regexec(ent->regex, r->uri, AP_MAX_REG_MATCH, regm, 0)) {
8dfa8c6f60f12e0b65eebbb652b629f911f0f84bsf /* test that we haven't reduced the URI */
8dfa8c6f60f12e0b65eebbb652b629f911f0f84bsf found = ap_pregsub(r->pool, real, use_uri, AP_MAX_REG_MATCH,
8dfa8c6f60f12e0b65eebbb652b629f911f0f84bsf ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(01135)
8dfa8c6f60f12e0b65eebbb652b629f911f0f84bsf "Substitution in regular expression failed. "
8dfa8c6f60f12e0b65eebbb652b629f911f0f84bsf "Replacement too long?");
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /* Note: The strcmp() below catches cases where there
8e9734d1a4af74c141e2a0f880bb51bb061fa03atrawick * was no regex substitution. This is so cases like:
8dfa8c6f60f12e0b65eebbb652b629f911f0f84bsf * ProxyPassMatch \.gif balancer://foo
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick * will work "as expected". The upshot is that the 2
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick * directives below act the exact same way (ie: $1 is implied):
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * ProxyPassMatch ^(/.*\.gif)$ balancer://foo
cb97ae2ff6969c2789b8e03f1bc4187fa73b6bafwrowe * ProxyPassMatch ^(/.*\.gif)$ balancer://foo$1
0f113d7123e8bd3e3e2e9b6373461a1a773bfccatrawick * which may be confusing.
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard found = apr_pstrcat(r->pool, "proxy:", found, NULL);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard found = apr_pstrcat(r->pool, "proxy:", real, use_uri, NULL);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (len != 0) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (nocanon && len != alias_match(r->unparsed_uri, ent->fake)) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick found = apr_pstrcat(r->pool, "proxy:", real, use_uri + len, NULL);
f886987cd0bd4220c14043c4d9be77ec22902e73trawick /* We made a reducing transformation, so we can't safely use
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * unparsed_uri. Safe fallback is to ignore nocanon.
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01136)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "Unescaped URL path matched ProxyPass; ignoring unsafe nocanon");
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm /* mod_proxy_http needs to be told. Different module. */
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm /* someone has already set up the proxy, it was possibly ourselves
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm * in proxy_detect
36c8049de63c446926139936c3d195330a0539cetrawick /* "*" cannot be proxied. */
36c8049de63c446926139936c3d195330a0539cetrawick /* Check that the URI is valid. */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01137)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* XXX: since r->uri has been manipulated already we're not really
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * compliant with RFC1945 at this point. But this probably isn't
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * an issue because this is a hybrid proxy/origin server.
36c8049de63c446926139936c3d195330a0539cetrawick dconf = ap_get_module_config(r->per_dir_config, &proxy_module);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* short way - this location is reverse proxied? */
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm int rv = ap_proxy_trans_match(r, dconf->alias, dconf);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick conf = (proxy_server_conf *) ap_get_module_config(r->server->module_config,
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* long way - walk the list of aliases, find a match */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick proxy_server_conf *sconf = ap_get_module_config(r->server->module_config,
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_conf_vector_t *per_dir_defaults = r->server->lookup_defaults;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_conf_vector_t **sec_proxy = (ap_conf_vector_t **) sconf->sec_proxy->elts;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* XXX: shouldn't we use URI here? Canonicalize it first?
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * Pass over "proxy:" prefix
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick for (j = 0; j < num_sec; ++j)
f886987cd0bd4220c14043c4d9be77ec22902e73trawick entry_proxy = ap_get_module_config(entry_config, &proxy_module);
f886987cd0bd4220c14043c4d9be77ec22902e73trawick /* XXX: What about case insensitive matching ???
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * Compare regex, fnmatch or string as appropriate
f886987cd0bd4220c14043c4d9be77ec22902e73trawick * If the entry doesn't relate, then continue
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick per_dir_defaults = ap_merge_per_dir_configs(r->pool, per_dir_defaults,
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* Don't let the core or mod_http map_to_storage hooks handle this,
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm * We don't need directory/file_walk, and we want to TRACE on our own.
36c8049de63c446926139936c3d195330a0539cetrawick/* -------------------------------------------------------------- */
36c8049de63c446926139936c3d195330a0539cetrawick/* Fixup the filename */
e8f95a682820a599fe41b22977010636be5c2717jim * Canonicalise the URL
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick proxy_dir_conf *dconf = ap_get_module_config(r->per_dir_config,
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* XXX: Shouldn't we try this before we run the proxy_walk? */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if ((dconf->interpolate_env == 1) && (r->proxyreq == PROXYREQ_REVERSE)) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* create per-request copy of reverse proxy conf,
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * and interpolate vars in it
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick proxy_req_conf *rconf = apr_palloc(r->pool, sizeof(proxy_req_conf));
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_set_module_config(r->request_config, &proxy_module, rconf);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick rconf->cookie_paths = proxy_vars(r, dconf->cookie_paths);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick rconf->cookie_domains = proxy_vars(r, dconf->cookie_domains);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* canonicalise each specific scheme */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if ((access_status = proxy_run_canon_handler(r, url))) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick return OK; /* otherwise; we've done the best we can */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick/* Send a redirection if the request contains a hostname which is not */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick/* fully qualified, i.e. doesn't have a domain name appended. Some proxy */
e8f95a682820a599fe41b22977010636be5c2717jim/* servers like Netscape's allow this and access hosts from the local */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick/* domain in this case. I think it is better to redirect to a FQDN, since */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick/* these will later be found in the bookmarks files. */
f886987cd0bd4220c14043c4d9be77ec22902e73trawick/* The "ProxyDomain" directive determines what domain will be appended */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawickstatic int proxy_needsdomain(request_rec *r, const char *url, const char *domain)
f886987cd0bd4220c14043c4d9be77ec22902e73trawick const char *ref;
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm /* We only want to worry about GETs */
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm if (!r->proxyreq || r->method_number != M_GET || !r->parsed_uri.hostname)
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp /* If host does contain a dot already, or it is "localhost", decline */
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp if (strchr(r->parsed_uri.hostname, '.') != NULL /* has domain, or IPv4 literal */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick || strchr(r->parsed_uri.hostname, ':') != NULL /* IPv6 literal */
e8f95a682820a599fe41b22977010636be5c2717jim || strcasecmp(r->parsed_uri.hostname, "localhost") == 0)
44d2e75323651320b480d8bc2f098448a08de4fcwrowe /* Reassemble the request, but insert the domain after the host name */
44d2e75323651320b480d8bc2f098448a08de4fcwrowe /* Note that the domain name always starts with a dot */
44d2e75323651320b480d8bc2f098448a08de4fcwrowe r->parsed_uri.hostname = apr_pstrcat(r->pool, r->parsed_uri.hostname,
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01138)
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe/* -------------------------------------------------------------- */
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe/* Invoke handler */
f886987cd0bd4220c14043c4d9be77ec22902e73trawick const char *p2;
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe struct proxy_remote *ents = (struct proxy_remote *) proxies->elts;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz const char *str;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz struct dirconn_entry *list = (struct dirconn_entry *)conf->dirconn->elts;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz /* is this for us? */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
98fb535f829e2a95aabd82420931f476661fa8e3jorton /* handle max-forwards / OPTIONS / TRACE */
98fb535f829e2a95aabd82420931f476661fa8e3jorton if ((str = apr_table_get(r->headers_in, "Max-Forwards"))) {
98fb535f829e2a95aabd82420931f476661fa8e3jorton switch (r->method_number) {
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe "Max-Forwards has reached zero - proxy loop?");
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz /* set configured max-forwards */
3568de757bac0b47256647504c186d17ca272f85rbb if (maxfwd >= 0) {
397df70abe0bdd78a84fb6c38c02641bcfeadceasf /* Allow "error-notes" string to be printed by ap_send_error_response()
397df70abe0bdd78a84fb6c38c02641bcfeadceasf * Note; this goes nowhere, canned error response need an overhaul.
397df70abe0bdd78a84fb6c38c02641bcfeadceasf "TRACE forbidden by server configuration");
9d0665da83d1e22c0ea0e5f6f940f70f75bf5237ianh ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01139)
3568de757bac0b47256647504c186d17ca272f85rbb "TRACE forbidden by server configuration");
7cd5419264796cfeaf8215383cf0f89130a81fectrawick /* Can't test ap_should_client_block, we aren't ready to send
7cd5419264796cfeaf8215383cf0f89130a81fectrawick * the client a 100 Continue response till the connection has
7cd5419264796cfeaf8215383cf0f89130a81fectrawick * been established
73e8b26287de5c06fa470d36162e103dbac9c7e5wrowe && (r->read_length || r->read_chunked || r->remaining))
b980ad7fdc218b4855cde9f75a747527f50c554dwrowe /* Allow "error-notes" string to be printed by ap_send_error_response()
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe * Note; this goes nowhere, canned error response need an overhaul.
7cd5419264796cfeaf8215383cf0f89130a81fectrawick "TRACE with request body is not allowed");
ca53a74f4012a45cbad48e940eddf27d866981f9dougm ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01140)
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding "TRACE with request body is not allowed");
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01141)
return HTTP_MOVED_PERMANENTLY;
!direct_connect; i++) {
#if DEBUGGING
r->uri);
return access_status;
if (!worker)
goto cleanup;
if (balancer) {
if (!direct_connect) {
const char *cl_a;
char *end;
goto cleanup;
if (cl_a) {
if (cl > 0) {
goto cleanup;
goto cleanup;
if (balancer) {
if (balancer) {
goto cleanup;
return access_status;
unsigned int id;
id = ap_proxy_hashfunc(apr_psprintf(p, "%pp-%" APR_TIME_T_FMT, ps, apr_time_now()), PROXY_HASHFUNC_DEFAULT);
return ps;
ps->recv_buffer_size = (overrides->recv_buffer_size_set == 0) ? base->recv_buffer_size : overrides->recv_buffer_size;
ps->io_buffer_size = (overrides->io_buffer_size_set == 0) ? base->io_buffer_size : overrides->io_buffer_size;
ps->proxy_status = (overrides->proxy_status_set == 0) ? base->proxy_status : overrides->proxy_status;
ps->source_address = (overrides->source_address_set == 0) ? base->source_address : overrides->source_address;
return ps;
const char *arg)
return NULL;
return (void *) new;
return new;
char *r, *f, *scheme;
int port;
if (regex)
scheme[p-r] = 0;
if (q != NULL) {
if (regex)
if (regex) {
if (!reg)
return NULL;
char *r = NULL;
char *word;
unsigned int flags = 0;
const char *err;
if (err) {
return err;
while (*arg) {
if (is_regex) {
f = word;
r = word;
if (!val) {
if (r == NULL) {
if (apr_fnmatch_test(f)) {
if (use_regex) {
return NULL;
if (!balancer) {
if (err)
if (err)
int reuse = 0;
if (!worker) {
if (err)
if (reuse) {
if (err)
return NULL;
const char *fake;
const char *real;
const char *interp;
const char *err;
if (err) {
return err;
fake = f;
real = r;
interp = i;
real = f;
interp = r;
return NULL;
const char *r, const char *interp)
return NULL;
const char *r, const char *interp)
return NULL;
int found = 0;
if (!found) {
return NULL;
int found = 0;
if (!found) {
#if DEBUGGING
#if DEBUGGING
#if DEBUGGING
#if DEBUGGING
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
int timeout;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
char *word;
int reuse = 0;
if (err)
return err;
while (*arg) {
char *val;
if (!val) {
if (!path)
else if (!name)
if (!path)
if (!name)
if (!balancer) {
if (err)
if (!worker) {
if (reuse) {
if (err)
return NULL;
int in_proxy_section = 0;
if (err)
return err;
if (!balancer) {
if (in_proxy_section) {
if (err)
if (!worker) {
if (in_proxy_section) {
if (err)
while (*arg) {
if (!val) {
if (worker)
if (err)
return NULL;
&proxy_module);
const char *errmsg;
return err;
if (!arg) {
return errmsg;
conf->r = r;
NULL);
NULL);
if (!balancer) {
if (err)
conf->p);
if (!worker) {
if (err)
NULL);
while (*arg) {
if (!val) {
if (worker)
if (err)
return NULL;
{NULL}
if (proxy_ssl_enable) {
if (proxy_ssl_disable) {
return proxy_ssl_disable(c);
if (proxy_is_https) {
return proxy_is_https(c);
const char *var)
if (proxy_ssl_val) {
return NULL;
return OK;
return OK;
++worker;
++balancer;
return OK;
if (!reverse) {
s = s->next;
proxy_lb_workers = 0;
return OK;
/* register optional functions within proxy_util.c */
request_rec *r,
request_rec *r,
(request_rec *r), (r),
(status, r),