proxy_http.c revision e2b2e15108eb7cb566b1d70ce4e479276d951de5
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
*
* Portions of this software are based upon public domain software
* originally written at the National Center for Supercomputing Applications,
* University of Illinois, Urbana-Champaign.
*/
/* HTTP routines for Apache proxy */
#define CORE_PRIVATE
#include "mod_proxy.h"
#include "apr_strings.h"
#include "apr_buckets.h"
#include "util_filter.h"
#include "ap_config.h"
#include "http_log.h"
#include "http_main.h"
#include "http_core.h"
#include "http_connection.h"
#include "util_date.h"
/*
* Canonicalise http-like URLs.
* scheme is the scheme for the URL
* url is the URL starting with the first '/'
* def_port is the default port for this scheme.
*/
{
const char *err;
int port;
/* do syntatic check.
* We break the URL into host, port, path, search
*/
if (err)
return HTTP_BAD_REQUEST;
/* N.B. if this isn't a true proxy request, then the URL _path_
* has already been decoded. True proxy requests have r->uri
* == r->unparsed_uri, and no others have that property.
*/
if (r->uri == r->unparsed_uri) {
*(search++) = '\0';
}
else
/* process path */
return HTTP_BAD_REQUEST;
else
sport[0] = '\0';
return OK;
}
{
void *sconf;
struct proxy_alias *ent;
char *u;
/* XXX FIXME: Make sure this handled the ambiguous case of the :80
* after the hostname */
return ap_construct_url(r->pool, u, r);
}
}
return url;
}
/* Clear all connection-based headers from the incoming headers table */
{
const char *name;
if (!next)
return;
while (*next) {
++next;
*next = '\0';
++next;
}
}
}
/*
* This handles http:// URLs, and other URLs using a remote proxy over http
* If proxyhost is NULL, then contact the server directly, otherwise
* go via the proxy.
* Note that if a proxy is used, then URLs other than http: can be accessed,
* also, if we have trouble which is clearly specific to the proxy, then
* we return DECLINED so that we can try another proxy. (Or the direct
* route.)
*/
{
apr_pool_t *p = r->pool;
char *desthost;
int destport = 0;
char *destportstr = NULL;
char server_portstr[32];
int i, len, backasswards;
struct sockaddr_in server;
char buffer[HUGE_STRING_LEN];
char *response;
char *buf;
apr_bucket *e;
/* We break the URL into host, port, uri */
{
const char *buf;
return HTTP_BAD_REQUEST;
uri += 3;
uri = "/";
}
else {
desthost = q;
}
}
/* Get the port number - put it in destport and destportstr */
{
char *buf;
*(buf++) = '\0';
if (apr_isdigit(*buf)) {
destportstr = buf;
}
}
}
/* Get the server port for the Via headers */
{
i = ap_get_server_port(r);
if (ap_is_default_port(i,r)) {
} else {
}
}
/* check if ProxyBlock directive on this host */
return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked");
}
"proxy: error creating socket");
return HTTP_INTERNAL_SERVER_ERROR;
}
conf->recv_buffer_size)) {
"setsockopt(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
}
#endif
}
else {
}
if (err != APR_SUCCESS) {
return DECLINED; /* try again another way */
else
"Could not connect to remote machine: ",
}
if (!origin) {
/* the peer reset the connection already; ap_new_connection()
* closed the socket */
/* XXX somebody that knows what they're doing add an error path */
/* XXX how's this? */
"Connection reset by peer: ",
}
/* strip connection listed hop-by-hop headers from the request */
ap_proxy_clear_connection(p, r->headers_in);
}
else {
}
/* handle Via */
/* Block all outgoing Via: headers */
/* Create a "Via:" request header entry and merge it */
? apr_psprintf(p, "%d.%d %s%s (%s)",
: apr_psprintf(p, "%d.%d %s%s",
);
}
/* X-Forwarded-*: handling
*
* XXX Privacy Note:
* -----------------
*
* These request headers are only really useful when the mod_proxy
* is used in a reverse proxy configuration, so that useful info
* about the client can be passed through the reverse proxy and on
* to the backend server, which may require the information to
* function properly.
*
* In a forward proxy situation, these options are a potential
* privacy violation, as information about clients behind the proxy
* are revealed to arbitrary servers out there on the internet.
*
* The HTTP/1.1 Via: header is designed for passing client
* information through proxies to a server, and should be used in
* a forward proxy configuation instead of X-Forwarded-*. See the
* ProxyVia option for details.
*/
if (PROXYREQ_REVERSE == r->proxyreq) {
const char *buf;
/* Add X-Forwarded-For: so that the upstream has a chance to
* determine, where the original request came from.
*/
/* Add X-Forwarded-Host: so that upstream knows what the
* original request hostname was.
*/
}
/* Add X-Forwarded-Server: so that upstream knows what the
* name of this proxy server is (if there are more than one)
* XXX: This duplicates Via: - do we strictly need it?
*/
r->server->server_hostname);
}
/* send request headers */
for (i = 0; i < headers_in_array->nelts; i++) {
/* Clear out hop-by-hop request headers not to send
* RFC2616 13.5.1 says we should strip these headers
*/
/* XXX: @@@ FIXME: "Proxy-Authorization" should *only* be
* suppressed if THIS server requested the authentication,
* not when a frontend proxy requested it!
*
* The solution to this problem is probably to strip out
* the Proxy-Authorisation header in the authorisation
* code itself, not here. This saves us having to signal
* somehow whether this request was authenticated or not.
*/
continue;
}
/* we don't yet support keepalives - but we will soon, I promise! */
/* add empty line at the end of the headers */
e = apr_bucket_flush_create();
/* send the request data, if any. */
if (ap_should_client_block(r)) {
e = apr_bucket_pool_create(buffer, i, p);
}
}
/* Flush the data to the origin server */
e = apr_bucket_flush_create();
bb = apr_brigade_create(p);
/* Tell http_filter to grab the data one line at a time. */
e = APR_BRIGADE_FIRST(bb);
if (len == -1) {
"ap_get_brigade() - proxy receive - Error reading from remote server %s (length %d)",
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
} else if (len == 0) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Document contains no data");
}
/* Is it an HTTP/1 response? This is buggy if we ever see an HTTP/1.10 */
major = 1;
minor = 1;
}
/* If not an HTTP/1 message or if the status line was > 8192 bytes */
return HTTP_BAD_GATEWAY;
}
backasswards = 0;
/* read the headers. */
/* N.B. for HTTP/1.0 clients, we have to fold line-wrapped headers */
/* Also, take care with headers with multiple occurences. */
if (r->headers_out == NULL) {
"proxy: Bad HTTP/%d.%d header returned by %s (%s)",
}
else
{
/* strip connection listed hop-by-hop headers from response */
const char *buf;
ap_proxy_clear_connection(p, r->headers_out);
}
}
/* handle Via header in response */
/* Create a "Via:" response header entry and merge it */
? apr_psprintf(p, "%d.%d %s%s (%s)",
: apr_psprintf(p, "%d.%d %s%s",
);
}
}
else {
/* an http/0.9 response */
backasswards = 1;
r->status = 200;
r->status_line = "200 OK";
}
/* munge the Location and URI response headers according to ProxyPassReverse */
{
const char *buf;
}
r->sent_bodyct = 1;
/* Is it an HTTP/0.9 response? If so, send the extra data */
if (backasswards) {
/* FIXME: what is buffer used for here? It is of limited size */
}
/* send body */
/* HTTP/1.0 tells us to read to EOF, rather than content-length bytes */
if (!r->header_only) {
break;
}
bb = apr_brigade_create(p);
}
}
return OK;
}