mod_proxy.c revision 994ced9dca1b824d03a44187f09d264215cd490c
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina/* Licensed to the Apache Software Foundation (ASF) under one or more
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * contributor license agreements. See the NOTICE file distributed with
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * this work for additional information regarding copyright ownership.
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * The ASF licenses this file to You under the Apache License, Version 2.0
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * (the "License"); you may not use this file except in compliance with
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * the License. You may obtain a copy of the License at
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * Unless required by applicable law or agreed to in writing, software
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * distributed under the License is distributed on an "AS IS" BASIS,
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * See the License for the specific language governing permissions and
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * limitations under the License.
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel BřezinaAPR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel BřezinaAPR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel BřezinaAPR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel BřezinaAPR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina#define MAX(x,y) ((x) >= (y) ? (x) : (y))
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina * A Web proxy module. Stages:
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina * translate_name: set filename to proxy:<URL>
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina * map_to_storage: run proxy_walk (rather than directory_walk/file_walk)
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina * can't trust directory_walk/file_walk since these are
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina * not in our filesystem. Prevents mod_http from serving
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina * the TRACE request we will set aside to handle later.
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina * type_checker: set type to PROXY_MAGIC_TYPE if filename begins proxy:
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina * fix_ups: convert the URL stored in the filename to the
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * canonical form.
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina * handler: handle proxy requests
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina/* -------------------------------------------------------------- */
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina/* Translate the URL into a 'filename' */
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březinastatic const char *set_worker_param(apr_pool_t *p,
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina const char *key,
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina const char *val)
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina /* Normalized load factor. Used with BalancerMamber,
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina * it is a number between 1 and 100.
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina if (worker->s->lbfactor < 1 || worker->s->lbfactor > 100)
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina return "LoadFactor must be a number between 1..100";
b0d3164ca2bd842e176268c26935c5ce54f7f76ePavel Březina /* If set it will give the retry timeout for the worker
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * The default value is 60 seconds, meaning that if
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * in error state, it will be retried after that timeout.
e77d6366ff9e49dbbb607f1709f1ae4190b99489Pavel Březina return "Retry must be a positive value";
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina /* Time in seconds that will destroy all the connections
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina * that exceed the smax
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina return "TTL must be at least one second";
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina /* Initial number of connections to remote
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina return "Min must be a positive number";
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina /* Maximum number of connections to remote
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina return "Max must be a positive number";
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina /* XXX: More inteligent naming needed */
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina /* Maximum number of connections to remote that
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * will not be destroyed
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina return "Smax must be a positive number";
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina /* Acquire timeout in given unit (default is milliseconds).
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * If set this will be the maximum time to
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * wait for a free connection.
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina if (ap_timeout_parameter_parse(val, &timeout, "ms") != APR_SUCCESS)
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina return "Acquire timeout has wrong format";
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina return "Acquire must be at least one millisecond";
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina /* Connection timeout in seconds.
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina * Defaults to server timeout.
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina return "Timeout must be at least one second";
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina if (s < 512 && s) {
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina return "IOBufferSize must be >= 512 bytes, or 0 for system default.";
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina worker->s->io_buffer_size = (s ? s : AP_IOBUFSIZE);
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina else if (!strcasecmp(key, "receivebuffersize")) {
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina return "ReceiveBufferSize must be >= 512 bytes, or 0 for system default.";
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina return "KeepAlive must be On|Off";
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina return "DisableReuse must be On|Off";
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina /* Worker route.
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina if (strlen(val) >= PROXY_WORKER_MAX_ROUTE_SIZE)
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina return "Route length must be < 64 characters";
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina /* Worker redirection route.
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina if (strlen(val) >= PROXY_WORKER_MAX_ROUTE_SIZE)
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina return "Redirect length must be < 64 characters";
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina const char *v;
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina /* Worker status.
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina for (v = val; *v; v++) {
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina if (*v == '+') {
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina else if (*v == '-') {
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina return "Unknown status parameter option";
e77d6366ff9e49dbbb607f1709f1ae4190b99489Pavel Březina return "flushpackets must be on|off|auto";
e77d6366ff9e49dbbb607f1709f1ae4190b99489Pavel Březina return "flushwait must be <= 1000, or 0 for system default of 10 millseconds.";
61c8d13e55ebafc28da1b0b5ad9ae578d687e288Pavel Březina worker->s->flush_wait = ival * 1000; /* change to microseconds */
61c8d13e55ebafc28da1b0b5ad9ae578d687e288Pavel Březina /* Ping/Pong timeout in given unit (default is second).
61c8d13e55ebafc28da1b0b5ad9ae578d687e288Pavel Březina if (ap_timeout_parameter_parse(val, &timeout, "s") != APR_SUCCESS)
61c8d13e55ebafc28da1b0b5ad9ae578d687e288Pavel Březina return "Ping/Pong timeout has wrong format";
61c8d13e55ebafc28da1b0b5ad9ae578d687e288Pavel Březina return "Ping/Pong timeout must be at least one millisecond";
61c8d13e55ebafc28da1b0b5ad9ae578d687e288Pavel Březina return "lbset must be between 0 and 99";
17531a398cc9084036cb08d69fe876a8f12707bbPavel Březina else if (!strcasecmp(key, "connectiontimeout")) {
17531a398cc9084036cb08d69fe876a8f12707bbPavel Březina /* Request timeout in given unit (default is second).
17531a398cc9084036cb08d69fe876a8f12707bbPavel Březina * Defaults to connection timeout
17531a398cc9084036cb08d69fe876a8f12707bbPavel Březina if (ap_timeout_parameter_parse(val, &timeout, "s") != APR_SUCCESS)
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina return "Connectiontimeout has wrong format";
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina return "Connectiontimeout must be at least one millisecond.";
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina if (strlen(val) >= PROXY_WORKER_MAX_SCHEME_SIZE)
ab0eda3622b828df2bfb7850c96d1395f614eb13Pavel Březina return "flusher name length must be < 16 characters";
17531a398cc9084036cb08d69fe876a8f12707bbPavel Březina return "unknown Worker parameter";
e77d6366ff9e49dbbb607f1709f1ae4190b99489Pavel Březinastatic const char *set_balancer_param(proxy_server_conf *conf,
e77d6366ff9e49dbbb607f1709f1ae4190b99489Pavel Březina const char *key,
e77d6366ff9e49dbbb607f1709f1ae4190b99489Pavel Březina const char *val)
61c8d13e55ebafc28da1b0b5ad9ae578d687e288Pavel Březina /* Balancer sticky session name.
61c8d13e55ebafc28da1b0b5ad9ae578d687e288Pavel Březina * Set to something like JSESSIONID or
61c8d13e55ebafc28da1b0b5ad9ae578d687e288Pavel Březina * PHPSESSIONID, etc..,
61c8d13e55ebafc28da1b0b5ad9ae578d687e288Pavel Březina if (strlen(val) > (PROXY_BALANCER_MAX_STICKY_SIZE-1))
61c8d13e55ebafc28da1b0b5ad9ae578d687e288Pavel Březina return "stickysession length must be < 64 characters";
17531a398cc9084036cb08d69fe876a8f12707bbPavel Březina if ((path = strchr((char *)balancer->s->sticky, '|'))) {
17531a398cc9084036cb08d69fe876a8f12707bbPavel Březina PROXY_STRNCPY(balancer->s->sticky_path, path);
17531a398cc9084036cb08d69fe876a8f12707bbPavel Březina /* If set to 'on' the session will break
17531a398cc9084036cb08d69fe876a8f12707bbPavel Březina * if the worker is in error state or
if (ival < 0)
if (provider) {
return NULL;
char *val_split;
char *status;
char *tok_state;
return NULL;
++aliasp;
++urip;
* GET http://othervhost/cgi-bin/printenv HTTP/1.0
: ap_default_port(r))))) {
return DECLINED;
const char *start;
const char *end;
const char *var;
const char *val;
const char *firstpart;
return str;
return str;
sizeof (struct proxy_alias));
return ret;
int len;
const char *fake;
const char *real;
int mismatch = 0;
return DECLINED;
if (!found) {
return HTTP_INTERNAL_SERVER_ERROR;
if (len != 0) {
return DECLINED;
if (mismatch) {
if (found) {
return OK;
return DONE;
if (r->proxyreq) {
return OK;
return rv;
return rv;
return DECLINED;
&proxy_module);
for (j = 0; j < num_sec; ++j)
if (entry_proxy->r
return OK;
int access_status;
return DECLINED;
return access_status;
return OK;
char *url, *p;
int access_status;
&proxy_module);
return DECLINED;
return access_status;
return HTTP_BAD_REQUEST;
char *nuri;
const char *ref;
return DECLINED;
&r->parsed_uri,
return HTTP_MOVED_PERMANENTLY;
const char *p2;
int direct_connect = 0;
const char *str;
long maxfwd;
return DECLINED;
switch (r->method_number) {
case M_TRACE: {
int access_status;
return OK;
case M_OPTIONS: {
int access_status;
return OK;
if (maxfwd >= 0) {
return HTTP_METHOD_NOT_ALLOWED;
return HTTP_REQUEST_ENTITY_TOO_LARGE;
if (p == NULL) {
return HTTP_BAD_REQUEST;
return HTTP_MOVED_PERMANENTLY;
!direct_connect; i++) {
#if DEBUGGING
r->uri);
return access_status;
if (!worker)
goto cleanup;
if (balancer) {
if (!direct_connect) {
const char *cl_a;
char *end;
goto cleanup;
if (cl_a) {
if (cl > 0) {
goto cleanup;
goto cleanup;
if (balancer) {
if (balancer) {
goto cleanup;
return access_status;
unsigned int id;
id = ap_proxy_hashfunc(apr_psprintf(p, "%pp-%" APR_TIME_T_FMT, ps, apr_time_now()), PROXY_HASHFUNC_DEFAULT);
return ps;
ps->recv_buffer_size = (overrides->recv_buffer_size_set == 0) ? base->recv_buffer_size : overrides->recv_buffer_size;
ps->io_buffer_size = (overrides->io_buffer_size_set == 0) ? base->io_buffer_size : overrides->io_buffer_size;
ps->proxy_status = (overrides->proxy_status_set == 0) ? base->proxy_status : overrides->proxy_status;
ps->source_address = (overrides->source_address_set == 0) ? base->source_address : overrides->source_address;
return ps;
const char *arg)
return NULL;
return (void *) new;
return new;
char *r, *f, *scheme;
int port;
if (regex)
scheme[p-r] = 0;
if (q != NULL) {
if (regex)
if (regex) {
if (!reg)
return NULL;
char *r = NULL;
char *word;
unsigned int flags = 0;
const char *err;
if (err) {
return err;
while (*arg) {
if (is_regex) {
f = word;
r = word;
if (!val) {
if (r == NULL) {
if (apr_fnmatch_test(f)) {
if (use_regex) {
return NULL;
if (!balancer) {
if (err)
if (err)
int reuse = 0;
if (!worker) {
if (err)
if (reuse) {
if (err)
return NULL;
const char *fake;
const char *real;
const char *interp;
const char *err;
if (err) {
return err;
fake = f;
real = r;
interp = i;
real = f;
interp = r;
return NULL;
const char *r, const char *interp)
return NULL;
const char *r, const char *interp)
return NULL;
int found = 0;
if (!found) {
return NULL;
int found = 0;
if (!found) {
#if DEBUGGING
#if DEBUGGING
#if DEBUGGING
#if DEBUGGING
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
int timeout;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
char *word;
int reuse = 0;
if (err)
return err;
while (*arg) {
char *val;
if (!val) {
if (!path)
else if (!name)
if (!path)
if (!name)
if (!balancer) {
if (err)
if (!worker) {
if (reuse) {
if (err)
return NULL;
int in_proxy_section = 0;
if (err)
return err;
if (!balancer) {
if (in_proxy_section) {
if (err)
if (!worker) {
if (in_proxy_section) {
if (err)
while (*arg) {
if (!val) {
if (worker)
if (err)
return NULL;
&proxy_module);
const char *errmsg;
return err;
if (!arg) {
return errmsg;
conf->r = r;
NULL);
NULL);
if (!balancer) {
if (err)
conf->p);
if (!worker) {
if (err)
NULL);
while (*arg) {
if (!val) {
if (worker)
if (err)
return NULL;
{NULL}
if (proxy_ssl_enable) {
if (proxy_ssl_disable) {
return proxy_ssl_disable(c);
if (proxy_is_https) {
return proxy_is_https(c);
const char *var)
if (proxy_ssl_val) {
return NULL;
return OK;
return OK;
++worker;
++balancer;
return OK;
if (!reverse) {
s = s->next;
proxy_lb_workers = 0;
return OK;
request_rec *r,
request_rec *r,
(request_rec *r), (r),
(status, r),