mod_proxy.c revision ea8e3350cface61eda0d549bfba28755e09fc322
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* Licensed to the Apache Software Foundation (ASF) under one or more
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * contributor license agreements. See the NOTICE file distributed with
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * this work for additional information regarding copyright ownership.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * The ASF licenses this file to You under the Apache License, Version 2.0
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * (the "License"); you may not use this file except in compliance with
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * the License. You may obtain a copy of the License at
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Unless required by applicable law or agreed to in writing, software
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * distributed under the License is distributed on an "AS IS" BASIS,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * See the License for the specific language governing permissions and
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * limitations under the License.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbAPR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbAPR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbAPR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb#define MAX(x,y) ((x) >= (y) ? (x) : (y))
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * A Web proxy module. Stages:
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * translate_name: set filename to proxy:<URL>
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * map_to_storage: run proxy_walk (rather than directory_walk/file_walk)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * can't trust directory_walk/file_walk since these are
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * not in our filesystem. Prevents mod_http from serving
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * the TRACE request we will set aside to handle later.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * fix_ups: convert the URL stored in the filename to the
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * canonical form.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * handler: handle proxy requests
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* -------------------------------------------------------------- */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* Translate the URL into a 'filename' */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *key,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *val)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Normalized load factor. Used with BalancerMamber,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * it is a number between 1 and 100.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (worker->s->lbfactor < 1 || worker->s->lbfactor > 100)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "LoadFactor must be a number between 1..100";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* If set it will give the retry timeout for the worker
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * The default value is 60 seconds, meaning that if
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * in error state, it will be retried after that timeout.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Retry must be a positive value";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Time in seconds that will destroy all the connections
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * that exceed the smax
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "TTL must be at least one second";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Initial number of connections to remote
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Min must be a positive number";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Maximum number of connections to remote
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Max must be a positive number";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* XXX: More inteligent naming needed */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Maximum number of connections to remote that
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * will not be destroyed
c3e342e5b0b9fea6617ee16d2da02c3ef2108126dougm return "Smax must be a positive number";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Acquire timeout in given unit (default is milliseconds).
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * If set this will be the maximum time to
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * wait for a free connection.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (ap_timeout_parameter_parse(val, &timeout, "ms") != APR_SUCCESS)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Acquire timeout has wrong format";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Acquire must be at least one millisecond";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Connection timeout in seconds.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Defaults to server timeout.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Timeout must be at least one second";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (s < 512 && s) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "IOBufferSize must be >= 512 bytes, or 0 for system default.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "ReceiveBufferSize must be >= 512 bytes, or 0 for system default.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "KeepAlive must be On|Off";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "DisableReuse must be On|Off";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Worker route.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return apr_psprintf(p, "Route length must be < %d characters",
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Worker redirection route.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return apr_psprintf(p, "Redirect length must be < %d characters",
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *v;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Worker status.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb for (v = val; *v; v++) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (*v == '+') {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb else if (*v == '-') {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Unknown status parameter option";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "flushpackets must be on|off|auto";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "flushwait must be <= 1000, or 0 for system default of 10 millseconds.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb worker->s->flush_wait = ival * 1000; /* change to microseconds */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Ping/Pong timeout in given unit (default is second).
4ca6cbe768b4e0917ac0b76333c26a7d5396d454trawick if (ap_timeout_parameter_parse(val, &timeout, "s") != APR_SUCCESS)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Ping/Pong timeout has wrong format";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Ping/Pong timeout must be at least one millisecond";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "lbset must be between 0 and 99";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Request timeout in given unit (default is second).
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Defaults to connection timeout
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (ap_timeout_parameter_parse(val, &timeout, "s") != APR_SUCCESS)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Connectiontimeout has wrong format";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Connectiontimeout must be at least one millisecond.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb apr_psprintf(p, "flusher name length must be < %d characters",
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "unknown Worker parameter";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *set_balancer_param(proxy_server_conf *conf,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *key,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *val)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Balancer sticky session name.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Set to something like JSESSIONID or
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * PHPSESSIONID, etc..,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb apr_psprintf(p, "stickysession length must be < %d characters",
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if ((path = strchr((char *)balancer->s->sticky, '|'))) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* separator/delimiter for sessionid and route,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * normally '.'
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "stickysessionsep must be a single character or Off";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* If set to 'on' the session will break
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * if the worker is in error state or
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * disabled.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "failover must be On|Off";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Balancer timeout in seconds.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * If set this will be the maximum time to
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * wait for a free worker.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Default is not to wait.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "timeout must be at least one second";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Maximum number of failover attempts before
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * giving up.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "maximum number of attempts must be a positive number";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "unknown lbmethod";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb provider = ap_lookup_provider(PROXY_LBMETHOD, val, "0");
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (PROXY_STRNCPY(balancer->s->lbpname, val) == APR_SUCCESS) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "lbmethod name too large";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "unknown lbmethod";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* If set to 'on' then ';' will also be
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * used as a session path separator/delim (ala
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "scolonpathdelim must be On|Off";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb balancer->errstatuses = apr_array_make(p, 1, sizeof(int));
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "failonstatus must be one or more HTTP response codes";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "failontimeout must be On|Off";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (PROXY_STRNCPY(balancer->s->nonce, val) != APR_SUCCESS) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Provided nonce is too large";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "growth must be between 1 and 100";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "forcerecovery must be On|Off";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "unknown Balancer parameter";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic int alias_match(const char *uri, const char *alias_fakename)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *end_fakename = alias_fakename + strlen(alias_fakename);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* any number of '/' in the alias matches any number in
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * the supplied URI, but there must be at least one...
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Other characters are compared literally */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* fixup badly encoded stuff (e.g. % as last character) */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* We reach the end of the uri before the end of "alias_fakename"
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * for example uri is "/" and alias_fakename "/examples"
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Check last alias path component matched all the way */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Return number of characters from URI which matched (may be
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * greater than length of alias, since we may have matched
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * doubled slashes)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb/* Detect if an absoluteURI should be proxied or not. Note that we
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * have to do this during this phase because later phases are
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * "short-circuiting"... i.e. translate_names will end when the first
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * module returns OK. So for example, if the request is something like:
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * mod_alias will notice the /cgi-bin part and ScriptAlias it and
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * short-circuit the proxy... just because of the ordering in the
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * configuration file.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb (proxy_server_conf *) ap_get_module_config(sconf, &proxy_module);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Ick... msvc (perhaps others) promotes ternary short results to int */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* but it might be something vhosted */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb (apr_port_t)(r->parsed_uri.port_str ? r->parsed_uri.port
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* We need special treatment for CONNECT proxying: it has no scheme part */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *proxy_interpolate(request_rec *r, const char *str)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Interpolate an env str in a configuration string
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Syntax ${var} --> value_of(var)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Method: replace one var, and recurse on remainder of string
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Nothing clever here, and crap like nested vars may do silly things
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * but we'll at least avoid sending the unwary into a loop
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *start;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *end;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *var;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *val;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *firstpart;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* OK, this is syntax we want to interpolate. Is there such a var ? */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb apr_array_header_t *ret = apr_array_make(r->pool, hdr->nelts,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb sizeof (struct proxy_alias));
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb struct proxy_alias *old = (struct proxy_alias *) hdr->elts;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbPROXY_DECLARE(int) ap_proxy_trans_match(request_rec *r, struct proxy_alias *ent,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *fake;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *real;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *use_uri = nocanon ? r->unparsed_uri : r->uri;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (dconf && (dconf->interpolate_env == 1) && (ent->flags & PROXYPASS_INTERPOLATE)) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (!ap_regexec(ent->regex, r->uri, AP_MAX_REG_MATCH, regm, 0)) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* test that we haven't reduced the URI */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb found = ap_pregsub(r->pool, real, use_uri, AP_MAX_REG_MATCH,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(01135)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb "Substitution in regular expression failed. "
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb "Replacement too long?");
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Note: The strcmp() below catches cases where there
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * was no regex substitution. This is so cases like:
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * ProxyPassMatch \.gif balancer://foo
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * will work "as expected". The upshot is that the 2
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * directives below act the exact same way (ie: $1 is implied):
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * ProxyPassMatch ^(/.*\.gif)$ balancer://foo
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * ProxyPassMatch ^(/.*\.gif)$ balancer://foo$1
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * which may be confusing.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb found = apr_pstrcat(r->pool, "proxy:", real, use_uri, NULL);
8aefbd756763807188d2e3ce336a8680e4893066wrowe if (len != 0) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe if (nocanon && len != alias_match(r->unparsed_uri, ent->fake)) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe found = apr_pstrcat(r->pool, "proxy:", real, use_uri + len, NULL);
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* We made a reducing transformation, so we can't safely use
8aefbd756763807188d2e3ce336a8680e4893066wrowe * unparsed_uri. Safe fallback is to ignore nocanon.
8aefbd756763807188d2e3ce336a8680e4893066wrowe ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01136)
8aefbd756763807188d2e3ce336a8680e4893066wrowe "Unescaped URL path matched ProxyPass; ignoring unsafe nocanon");
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* mod_proxy_http needs to be told. Different module. */
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* someone has already set up the proxy, it was possibly ourselves
8aefbd756763807188d2e3ce336a8680e4893066wrowe * in proxy_detect
8aefbd756763807188d2e3ce336a8680e4893066wrowe if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* XXX: since r->uri has been manipulated already we're not really
8aefbd756763807188d2e3ce336a8680e4893066wrowe * compliant with RFC1945 at this point. But this probably isn't
8aefbd756763807188d2e3ce336a8680e4893066wrowe * an issue because this is a hybrid proxy/origin server.
8aefbd756763807188d2e3ce336a8680e4893066wrowe dconf = ap_get_module_config(r->per_dir_config, &proxy_module);
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* short way - this location is reverse proxied? */
8aefbd756763807188d2e3ce336a8680e4893066wrowe int rv = ap_proxy_trans_match(r, dconf->alias, dconf);
8aefbd756763807188d2e3ce336a8680e4893066wrowe conf = (proxy_server_conf *) ap_get_module_config(r->server->module_config,
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* long way - walk the list of aliases, find a match */
8aefbd756763807188d2e3ce336a8680e4893066wrowe proxy_server_conf *sconf = ap_get_module_config(r->server->module_config,
8aefbd756763807188d2e3ce336a8680e4893066wrowe ap_conf_vector_t *per_dir_defaults = r->server->lookup_defaults;
8aefbd756763807188d2e3ce336a8680e4893066wrowe ap_conf_vector_t **sec_proxy = (ap_conf_vector_t **) sconf->sec_proxy->elts;
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* XXX: shouldn't we use URI here? Canonicalize it first?
8aefbd756763807188d2e3ce336a8680e4893066wrowe * Pass over "proxy:" prefix
8aefbd756763807188d2e3ce336a8680e4893066wrowe for (j = 0; j < num_sec; ++j)
8aefbd756763807188d2e3ce336a8680e4893066wrowe entry_proxy = ap_get_module_config(entry_config, &proxy_module);
8aefbd756763807188d2e3ce336a8680e4893066wrowe pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
8aefbd756763807188d2e3ce336a8680e4893066wrowe if (ap_regexec(entry_proxy->r, proxyname, nmatch, pmatch, 0)) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe for (i = 0; i < nmatch; i++) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* XXX: What about case insensitive matching ???
8aefbd756763807188d2e3ce336a8680e4893066wrowe * Compare regex, fnmatch or string as appropriate
8aefbd756763807188d2e3ce336a8680e4893066wrowe * If the entry doesn't relate, then continue
8aefbd756763807188d2e3ce336a8680e4893066wrowe entry_proxy->p_is_fnmatch ? apr_fnmatch(entry_proxy->p,
8aefbd756763807188d2e3ce336a8680e4893066wrowe per_dir_defaults = ap_merge_per_dir_configs(r->pool, per_dir_defaults,
8aefbd756763807188d2e3ce336a8680e4893066wrowe if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Don't let the core or mod_http map_to_storage hooks handle this,
8aefbd756763807188d2e3ce336a8680e4893066wrowe * We don't need directory/file_walk, and we want to TRACE on our own.
8aefbd756763807188d2e3ce336a8680e4893066wrowe/* -------------------------------------------------------------- */
8aefbd756763807188d2e3ce336a8680e4893066wrowe/* Fixup the filename */
8aefbd756763807188d2e3ce336a8680e4893066wrowe * Canonicalise the URL
8aefbd756763807188d2e3ce336a8680e4893066wrowe char *url, *p;
8aefbd756763807188d2e3ce336a8680e4893066wrowe proxy_dir_conf *dconf = ap_get_module_config(r->per_dir_config,
8aefbd756763807188d2e3ce336a8680e4893066wrowe if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* XXX: Shouldn't we try this before we run the proxy_walk? */
8aefbd756763807188d2e3ce336a8680e4893066wrowe if ((dconf->interpolate_env == 1) && (r->proxyreq == PROXYREQ_REVERSE)) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* create per-request copy of reverse proxy conf,
8aefbd756763807188d2e3ce336a8680e4893066wrowe * and interpolate vars in it
8aefbd756763807188d2e3ce336a8680e4893066wrowe proxy_req_conf *rconf = apr_palloc(r->pool, sizeof(proxy_req_conf));
8aefbd756763807188d2e3ce336a8680e4893066wrowe ap_set_module_config(r->request_config, &proxy_module, rconf);
8aefbd756763807188d2e3ce336a8680e4893066wrowe rconf->cookie_paths = proxy_vars(r, dconf->cookie_paths);
8aefbd756763807188d2e3ce336a8680e4893066wrowe rconf->cookie_domains = proxy_vars(r, dconf->cookie_domains);
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* canonicalise each specific scheme */
8aefbd756763807188d2e3ce336a8680e4893066wrowe if ((access_status = proxy_run_canon_handler(r, url))) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe return OK; /* otherwise; we've done the best we can */
8aefbd756763807188d2e3ce336a8680e4893066wrowe/* Send a redirection if the request contains a hostname which is not */
8aefbd756763807188d2e3ce336a8680e4893066wrowe/* fully qualified, i.e. doesn't have a domain name appended. Some proxy */
8aefbd756763807188d2e3ce336a8680e4893066wrowe/* servers like Netscape's allow this and access hosts from the local */
8aefbd756763807188d2e3ce336a8680e4893066wrowe/* domain in this case. I think it is better to redirect to a FQDN, since */
8aefbd756763807188d2e3ce336a8680e4893066wrowe/* these will later be found in the bookmarks files. */
8aefbd756763807188d2e3ce336a8680e4893066wrowe/* The "ProxyDomain" directive determines what domain will be appended */
8aefbd756763807188d2e3ce336a8680e4893066wrowestatic int proxy_needsdomain(request_rec *r, const char *url, const char *domain)
8aefbd756763807188d2e3ce336a8680e4893066wrowe const char *ref;
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* We only want to worry about GETs */
8aefbd756763807188d2e3ce336a8680e4893066wrowe if (!r->proxyreq || r->method_number != M_GET || !r->parsed_uri.hostname)
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* If host does contain a dot already, or it is "localhost", decline */
8aefbd756763807188d2e3ce336a8680e4893066wrowe if (strchr(r->parsed_uri.hostname, '.') != NULL /* has domain, or IPv4 literal */
8aefbd756763807188d2e3ce336a8680e4893066wrowe || strchr(r->parsed_uri.hostname, ':') != NULL /* IPv6 literal */
8aefbd756763807188d2e3ce336a8680e4893066wrowe || strcasecmp(r->parsed_uri.hostname, "localhost") == 0)
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Reassemble the request, but insert the domain after the host name */
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Note that the domain name always starts with a dot */
8aefbd756763807188d2e3ce336a8680e4893066wrowe r->parsed_uri.hostname = apr_pstrcat(r->pool, r->parsed_uri.hostname,
8aefbd756763807188d2e3ce336a8680e4893066wrowe ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01138)
8aefbd756763807188d2e3ce336a8680e4893066wrowe/* -------------------------------------------------------------- */
8aefbd756763807188d2e3ce336a8680e4893066wrowe/* Invoke handler */
8aefbd756763807188d2e3ce336a8680e4893066wrowe const char *p2;
8aefbd756763807188d2e3ce336a8680e4893066wrowe struct proxy_remote *ents = (struct proxy_remote *) proxies->elts;
8aefbd756763807188d2e3ce336a8680e4893066wrowe const char *str;
8aefbd756763807188d2e3ce336a8680e4893066wrowe struct dirconn_entry *list = (struct dirconn_entry *)conf->dirconn->elts;
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* is this for us? */
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* We may have forced the proxy handler via config or .htaccess */
8aefbd756763807188d2e3ce336a8680e4893066wrowe r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL);
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* handle max-forwards / OPTIONS / TRACE */
8aefbd756763807188d2e3ce336a8680e4893066wrowe if ((str = apr_table_get(r->headers_in, "Max-Forwards"))) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe else if (maxfwd == 0) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe switch (r->method_number) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe "Max-Forwards has reached zero - proxy loop?");
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* set configured max-forwards */
8aefbd756763807188d2e3ce336a8680e4893066wrowe if (maxfwd >= 0) {
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Allow "error-notes" string to be printed by ap_send_error_response()
8aefbd756763807188d2e3ce336a8680e4893066wrowe * Note; this goes nowhere, canned error response need an overhaul.
8aefbd756763807188d2e3ce336a8680e4893066wrowe "TRACE forbidden by server configuration");
8aefbd756763807188d2e3ce336a8680e4893066wrowe ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01139)
8aefbd756763807188d2e3ce336a8680e4893066wrowe "TRACE forbidden by server configuration");
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Can't test ap_should_client_block, we aren't ready to send
8aefbd756763807188d2e3ce336a8680e4893066wrowe * the client a 100 Continue response till the connection has
8aefbd756763807188d2e3ce336a8680e4893066wrowe * been established
8aefbd756763807188d2e3ce336a8680e4893066wrowe && (r->read_length || r->read_chunked || r->remaining))
8aefbd756763807188d2e3ce336a8680e4893066wrowe /* Allow "error-notes" string to be printed by ap_send_error_response()
8aefbd756763807188d2e3ce336a8680e4893066wrowe * Note; this goes nowhere, canned error response need an overhaul.
8aefbd756763807188d2e3ce336a8680e4893066wrowe "TRACE with request body is not allowed");
8aefbd756763807188d2e3ce336a8680e4893066wrowe ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01140)
8aefbd756763807188d2e3ce336a8680e4893066wrowe "TRACE with request body is not allowed");
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (p == NULL) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01141)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* If the host doesn't have a domain name, add one and redirect. */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Check URI's destination host against NoProxy hosts */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Bypass ProxyRemote server lookup if configured as NoProxy */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb for (direct_connect = i = 0; i < conf->dirconn->nelts &&
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb (direct_connect) ? "NoProxy for %s" : "UseProxy for %s",
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Try to obtain the most suitable worker */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb access_status = ap_proxy_pre_request(&worker, &balancer, r, conf, &url);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Only return if access_status is not HTTP_SERVICE_UNAVAILABLE
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * This gives other modules the chance to hook into the
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * request_status hook and decide what to do in this situation.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Ensure that balancer is NULL if worker is NULL to prevent
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * potential problems in the post_request hook.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Initialise worker if needed, note the shared area must be initialized by the balancer logic */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_proxy_initialize_worker(worker, r->server, conf->pool);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (balancer && balancer->s->max_attempts_set && !max_attempts)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* firstly, try a proxy, unless a NoProxy directive is active */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb p2 = ap_strchr_c(ents[i].scheme, ':'); /* is it a partial URL? */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb (p2 == NULL && strcasecmp(scheme, ents[i].scheme) == 0) ||
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* handle the scheme */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01142)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb "Trying to run scheme_handler against proxy");
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Did the scheme handler process the request? */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *cl_a;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * An fatal error or success, so no point in
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * retrying with a direct connection.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * The request body is of length > 0. We cannot
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * retry with a direct connection since we already
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * sent (parts of) the request body to the proxy
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * and do not have any longer.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (cl > 0) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Transfer-Encoding was set as input header, so we had
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * a request body. We cannot retry with a direct
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * connection for the same reason as above.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (apr_table_get(r->headers_in, "Transfer-Encoding")) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* otherwise, try it direct */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* N.B. what if we're behind a firewall, where we must use a proxy or
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * give up??
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* handle the scheme */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01143)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb "Running scheme %s handler (attempt %d)",
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb access_status = proxy_run_scheme_handler(r, worker, conf,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Unrecoverable server error.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * We can not failover to another worker.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Mark the worker as unusable if member of load balancer
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Recoverable server error.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * We can failover to another worker
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Mark the worker as unusable if member of load balancer
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Unrecoverable error.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Return the origin status code to the client.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Try again if the worker is unusable and the service is
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * unavailable.
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01144)
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe "No protocol handler was valid for the URL %s. "
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe "If you are using a DSO version of mod_proxy, make sure "
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe "the proxy submodules are included in the configuration "
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe * Save current r->status and set it to the value of access_status which
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe * might be different (e.g. r->status could be HTTP_OK if e.g. we override
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe * the error page on the proxy or if the error was not generated by the
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe * backend itself but by the proxy e.g. a bad gateway) in order to give
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe * ap_proxy_post_request a chance to act correctly on the status code.
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe * Only restore r->status if it has not been changed by
e68544ae924174ca227ede8e2e722cefa00ea0d3wrowe * ap_proxy_post_request as we assume that this change was intentional.
1067418d9ed9ed9daeb3ca4f74e72db810c49833wrowe/* -------------------------------------------------------------- */
1067418d9ed9ed9daeb3ca4f74e72db810c49833wrowe/* Setup configurable data */
1067418d9ed9ed9daeb3ca4f74e72db810c49833wrowestatic void * create_proxy_config(apr_pool_t *p, server_rec *s)
1067418d9ed9ed9daeb3ca4f74e72db810c49833wrowe proxy_server_conf *ps = apr_pcalloc(p, sizeof(proxy_server_conf));
1067418d9ed9ed9daeb3ca4f74e72db810c49833wrowe ps->sec_proxy = apr_array_make(p, 10, sizeof(ap_conf_vector_t *));
1067418d9ed9ed9daeb3ca4f74e72db810c49833wrowe ps->proxies = apr_array_make(p, 10, sizeof(struct proxy_remote));
1067418d9ed9ed9daeb3ca4f74e72db810c49833wrowe ps->aliases = apr_array_make(p, 10, sizeof(struct proxy_alias));
1067418d9ed9ed9daeb3ca4f74e72db810c49833wrowe ps->noproxies = apr_array_make(p, 10, sizeof(struct noproxy_entry));
1067418d9ed9ed9daeb3ca4f74e72db810c49833wrowe ps->dirconn = apr_array_make(p, 10, sizeof(struct dirconn_entry));
1067418d9ed9ed9daeb3ca4f74e72db810c49833wrowe ps->workers = apr_array_make(p, 10, sizeof(proxy_worker));
1067418d9ed9ed9daeb3ca4f74e72db810c49833wrowe ps->balancers = apr_array_make(p, 10, sizeof(proxy_balancer));
1067418d9ed9ed9daeb3ca4f74e72db810c49833wrowe ps->id = apr_psprintf(p, "p%x", 1); /* simply for storage size */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->viaopt = via_off; /* initially backward compatible with 1.3.1 */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->recv_buffer_size = 0; /* this default was left unset for some reason */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic void * merge_proxy_config(apr_pool_t *p, void *basev, void *overridesv)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb proxy_server_conf *ps = apr_pcalloc(p, sizeof(proxy_server_conf));
b67fb549910fa0faf4cdd8aeaf9aeab51d4b6a92wrowe proxy_server_conf *base = (proxy_server_conf *) basev;
b67fb549910fa0faf4cdd8aeaf9aeab51d4b6a92wrowe proxy_server_conf *overrides = (proxy_server_conf *) overridesv;
b67fb549910fa0faf4cdd8aeaf9aeab51d4b6a92wrowe ps->inherit = (overrides->inherit_set == 0) ? base->inherit : overrides->inherit;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->inherit_set = overrides->inherit_set || base->inherit_set;
b67fb549910fa0faf4cdd8aeaf9aeab51d4b6a92wrowe ps->ppinherit = (overrides->ppinherit_set == 0) ? base->ppinherit : overrides->ppinherit;
b67fb549910fa0faf4cdd8aeaf9aeab51d4b6a92wrowe ps->ppinherit_set = overrides->ppinherit_set || base->ppinherit_set;
1b839c67d5c0e4b1f22b44a4217f9860b420d47cwrowe ps->proxies = apr_array_append(p, base->proxies, overrides->proxies);
b45c1c292ff1fa635004ae81fa691f8cb3cdda85rbb ps->sec_proxy = apr_array_append(p, base->sec_proxy, overrides->sec_proxy);
b45c1c292ff1fa635004ae81fa691f8cb3cdda85rbb ps->aliases = apr_array_append(p, base->aliases, overrides->aliases);
b45c1c292ff1fa635004ae81fa691f8cb3cdda85rbb ps->noproxies = apr_array_append(p, base->noproxies, overrides->noproxies);
b45c1c292ff1fa635004ae81fa691f8cb3cdda85rbb ps->dirconn = apr_array_append(p, base->dirconn, overrides->dirconn);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->workers = apr_array_append(p, base->workers, overrides->workers);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->balancers = apr_array_append(p, base->balancers, overrides->balancers);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->forward = overrides->forward ? overrides->forward : base->forward;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->reverse = overrides->reverse ? overrides->reverse : base->reverse;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->domain = (overrides->domain == NULL) ? base->domain : overrides->domain;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->id = (overrides->id == NULL) ? base->id : overrides->id;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->viaopt = (overrides->viaopt_set == 0) ? base->viaopt : overrides->viaopt;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->viaopt_set = overrides->viaopt_set || base->viaopt_set;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->req = (overrides->req_set == 0) ? base->req : overrides->req;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->bgrowth = (overrides->bgrowth_set == 0) ? base->bgrowth : overrides->bgrowth;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->bgrowth_set = overrides->bgrowth_set || base->bgrowth_set;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->max_balancers = overrides->max_balancers || base->max_balancers;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->recv_buffer_size = (overrides->recv_buffer_size_set == 0) ? base->recv_buffer_size : overrides->recv_buffer_size;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->recv_buffer_size_set = overrides->recv_buffer_size_set || base->recv_buffer_size_set;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->io_buffer_size = (overrides->io_buffer_size_set == 0) ? base->io_buffer_size : overrides->io_buffer_size;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->io_buffer_size_set = overrides->io_buffer_size_set || base->io_buffer_size_set;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->maxfwd = (overrides->maxfwd_set == 0) ? base->maxfwd : overrides->maxfwd;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->maxfwd_set = overrides->maxfwd_set || base->maxfwd_set;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->timeout = (overrides->timeout_set == 0) ? base->timeout : overrides->timeout;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->timeout_set = overrides->timeout_set || base->timeout_set;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->badopt = (overrides->badopt_set == 0) ? base->badopt : overrides->badopt;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->badopt_set = overrides->badopt_set || base->badopt_set;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->proxy_status = (overrides->proxy_status_set == 0) ? base->proxy_status : overrides->proxy_status;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->proxy_status_set = overrides->proxy_status_set || base->proxy_status_set;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->source_address = (overrides->source_address_set == 0) ? base->source_address : overrides->source_address;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ps->source_address_set = overrides->source_address_set || base->source_address_set;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *set_source_address(cmd_parms *parms, void *dummy,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *arg)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb ap_get_module_config(parms->server->module_config, &proxy_module);
1067418d9ed9ed9daeb3ca4f74e72db810c49833wrowe if (APR_SUCCESS == apr_sockaddr_info_get(&addr, arg, APR_UNSPEC, 0, 0,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "ProxySourceAddress invalid value";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic void *create_proxy_dir_config(apr_pool_t *p, char *dummy)
117026201e6d8fe7d82416b8a7324830f5a87292wrowe (proxy_dir_conf *) apr_pcalloc(p, sizeof(proxy_dir_conf));
efa1a34b0a7785fc72863eff175b0cfc1ecb0e38wrowe /* Filled in by proxysection, when applicable */
117026201e6d8fe7d82416b8a7324830f5a87292wrowe /* Put these in the dir config so they work inside <Location> */
117026201e6d8fe7d82416b8a7324830f5a87292wrowe new->raliases = apr_array_make(p, 10, sizeof(struct proxy_alias));
117026201e6d8fe7d82416b8a7324830f5a87292wrowe new->cookie_paths = apr_array_make(p, 10, sizeof(struct proxy_alias));
117026201e6d8fe7d82416b8a7324830f5a87292wrowe new->cookie_domains = apr_array_make(p, 10, sizeof(struct proxy_alias));
117026201e6d8fe7d82416b8a7324830f5a87292wrowe return (void *) new;
55eb5bb774cfb861542b827fbf4c30e6efbbfc44wrowestatic void *merge_proxy_dir_config(apr_pool_t *p, void *basev, void *addv)
117026201e6d8fe7d82416b8a7324830f5a87292wrowe proxy_dir_conf *new = (proxy_dir_conf *) apr_pcalloc(p, sizeof(proxy_dir_conf));
117026201e6d8fe7d82416b8a7324830f5a87292wrowe /* Put these in the dir config so they work inside <Location> */
117026201e6d8fe7d82416b8a7324830f5a87292wrowe new->raliases = apr_array_append(p, base->raliases, add->raliases);
efa1a34b0a7785fc72863eff175b0cfc1ecb0e38wrowe = apr_array_append(p, base->cookie_paths, add->cookie_paths);
117026201e6d8fe7d82416b8a7324830f5a87292wrowe = apr_array_append(p, base->cookie_domains, add->cookie_domains);
117026201e6d8fe7d82416b8a7324830f5a87292wrowe new->interpolate_env = (add->interpolate_env == -1) ? base->interpolate_env
117026201e6d8fe7d82416b8a7324830f5a87292wrowe new->preserve_host = (add->preserve_host_set == 0) ? base->preserve_host
117026201e6d8fe7d82416b8a7324830f5a87292wrowe new->preserve_host_set = add->preserve_host_set || base->preserve_host_set;
efa1a34b0a7785fc72863eff175b0cfc1ecb0e38wrowe new->error_override = (add->error_override_set == 0) ? base->error_override
117026201e6d8fe7d82416b8a7324830f5a87292wrowe new->error_override_set = add->error_override_set || base->error_override_set;
117026201e6d8fe7d82416b8a7324830f5a87292wrowe new->alias = (add->alias_set == 0) ? base->alias : add->alias;
117026201e6d8fe7d82416b8a7324830f5a87292wrowe new->add_forwarded_headers = add->add_forwarded_headers;
117026201e6d8fe7d82416b8a7324830f5a87292wrowestatic const char *
117026201e6d8fe7d82416b8a7324830f5a87292wrowe add_proxy(cmd_parms *cmd, void *dummy, const char *f1, const char *r1, int regex)
117026201e6d8fe7d82416b8a7324830f5a87292wrowe (proxy_server_conf *) ap_get_module_config(s->module_config, &proxy_module);
117026201e6d8fe7d82416b8a7324830f5a87292wrowe char *p, *q;
117026201e6d8fe7d82416b8a7324830f5a87292wrowe char *r, *f, *scheme;
117026201e6d8fe7d82416b8a7324830f5a87292wrowe if (p == NULL || p[1] != '/' || p[2] != '/' || p[3] == '\0') {
117026201e6d8fe7d82416b8a7324830f5a87292wrowe return "ProxyRemoteMatch: Bad syntax for a remote proxy server";
117026201e6d8fe7d82416b8a7324830f5a87292wrowe return "ProxyRemote: Bad syntax for a remote proxy server";
117026201e6d8fe7d82416b8a7324830f5a87292wrowe if (q != NULL) {
117026201e6d8fe7d82416b8a7324830f5a87292wrowe if (sscanf(q + 1, "%u", &port) != 1 || port > 65535) {
117026201e6d8fe7d82416b8a7324830f5a87292wrowe return "ProxyRemoteMatch: Bad syntax for a remote proxy server (bad port number)";
117026201e6d8fe7d82416b8a7324830f5a87292wrowe return "ProxyRemote: Bad syntax for a remote proxy server (bad port number)";
b67fb549910fa0faf4cdd8aeaf9aeab51d4b6a92wrowe return "Regular expression for ProxyRemoteMatch could not be compiled.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb add_proxy_noregex(cmd_parms *cmd, void *dummy, const char *f1, const char *r1)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb add_proxy_regex(cmd_parms *cmd, void *dummy, const char *f1, const char *r1)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * We could be passed a URL during the config stage that contains
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * the UDS path... ignore it
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* move past the 'unix:...|' UDS path info */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb char *ret, *c;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* special case: "unix:....|scheme:" is OK, expand
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * to "unix:....|scheme://localhost"
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (c == NULL) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbstatic const char *
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb add_pass(cmd_parms *cmd, void *dummy, const char *arg, int is_regex)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb (proxy_server_conf *) ap_get_module_config(s->module_config, &proxy_module);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb char *r = NULL;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb unsigned int flags = 0;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *err;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb err = ap_check_cmd_context(cmd, NOT_IN_DIRECTORY|NOT_IN_FILES);
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb while (*arg) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "ProxyPassMatch invalid syntax ('~' usage).";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb else if (!r) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (*r == '/') {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "ProxyPass|ProxyPassMatch can not have a path when defined in "
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb "a location.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Invalid ProxyPass|ProxyPassMatch parameter. Parameter must "
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb "be in the form 'key=value'.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "Invalid ProxyPass|ProxyPassMatch parameter. Parameter must be "
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb "in the form 'key=value'.";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb if (r == NULL) {
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb return "ProxyPass|ProxyPassMatch needs a path when not defined in a location";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* if per directory, save away the single alias */
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb dconf->alias = apr_pcalloc(cmd->pool, sizeof(struct proxy_alias));
if (use_regex) {
return NULL;
char *fake_copy;
if (use_regex) {
fake_copy = f;
if (!balancer) {
if (err)
if (err)
int reuse = 0;
if (!worker) {
if (err)
if (reuse) {
if (err)
return NULL;
const char *fake;
const char *real;
const char *interp;
const char *err;
if (err) {
return err;
fake = f;
real = r;
interp = i;
real = f;
interp = r;
return NULL;
const char *r, const char *interp)
return NULL;
const char *r, const char *interp)
return NULL;
int found = 0;
if (!found) {
return NULL;
int found = 0;
if (!found) {
#if DEBUGGING
#if DEBUGGING
#if DEBUGGING
#if DEBUGGING
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
int timeout;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
return NULL;
char *word;
int reuse = 0;
if (err)
return err;
while (*arg) {
char *val;
if (!val) {
if (!path)
else if (!name)
if (!path)
if (!name)
if (!balancer) {
if (err)
if (!worker) {
if (reuse) {
if (err)
return NULL;
int in_proxy_section = 0;
if (err)
return err;
if (!balancer) {
if (in_proxy_section) {
if (err)
if (!worker) {
if (in_proxy_section) {
if (err)
while (*arg) {
if (!val) {
if (worker)
if (err)
return NULL;
&proxy_module);
const char *errmsg;
return err;
if (!arg) {
return errmsg;
conf->r = r;
NULL);
NULL);
if (!balancer) {
if (err)
if (!worker) {
if (err)
NULL);
while (*arg) {
if (!val) {
if (worker)
if (err)
return NULL;
{NULL}
if (proxy_ssl_enable) {
if (proxy_ssl_disable) {
return proxy_ssl_disable(c);
if (proxy_is_https) {
return proxy_is_https(c);
const char *var)
if (proxy_ssl_val) {
return NULL;
return rv;
return OK;
return OK;
++worker;
++balancer;
return OK;
if (!reverse) {
s = s->next;
APR_LOCK_DEFAULT, 0);
proxy_lb_workers = 0;
return OK;
/* register optional functions within proxy_util.c */
request_rec *r,
request_rec *r,
(request_rec *r), (r),
(status, r),