proxy_util.c revision 20eead0b01d51fce0cc17d04b8f98ec38eac68ae
e609c337f729875bc20e01096c7e610f45356f54nilgun/* Licensed to the Apache Software Foundation (ASF) under one or more
e609c337f729875bc20e01096c7e610f45356f54nilgun * contributor license agreements. See the NOTICE file distributed with
e609c337f729875bc20e01096c7e610f45356f54nilgun * this work for additional information regarding copyright ownership.
e609c337f729875bc20e01096c7e610f45356f54nilgun * The ASF licenses this file to You under the Apache License, Version 2.0
e609c337f729875bc20e01096c7e610f45356f54nilgun * (the "License"); you may not use this file except in compliance with
e609c337f729875bc20e01096c7e610f45356f54nilgun * the License. You may obtain a copy of the License at
e609c337f729875bc20e01096c7e610f45356f54nilgun * Unless required by applicable law or agreed to in writing, software
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen * distributed under the License is distributed on an "AS IS" BASIS,
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen * See the License for the specific language governing permissions and
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen * limitations under the License.
e609c337f729875bc20e01096c7e610f45356f54nilgun/* Utility routines for Apache proxy */
e609c337f729875bc20e01096c7e610f45356f54nilgun * Opaque structure containing target server info when
e609c337f729875bc20e01096c7e610f45356f54nilgun * using a forward proxy.
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun * Up to now only used in combination with HTTP CONNECT.
e609c337f729875bc20e01096c7e610f45356f54nilguntypedef struct {
e609c337f729875bc20e01096c7e610f45356f54nilgun int use_http_connect; /* Use SSL Tunneling via HTTP CONNECT */
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun/* Keep synced with mod_proxy.h! */
e609c337f729875bc20e01096c7e610f45356f54nilgunstatic struct wstat {
e609c337f729875bc20e01096c7e610f45356f54nilgun unsigned int bit;
e609c337f729875bc20e01096c7e610f45356f54nilgun const char *name;
e609c337f729875bc20e01096c7e610f45356f54nilgun {PROXY_WORKER_INITIALIZED, PROXY_WORKER_INITIALIZED_FLAG, "Init "},
e609c337f729875bc20e01096c7e610f45356f54nilgun {PROXY_WORKER_IGNORE_ERRORS, PROXY_WORKER_IGNORE_ERRORS_FLAG, "Ign "},
e609c337f729875bc20e01096c7e610f45356f54nilgun {PROXY_WORKER_DRAIN, PROXY_WORKER_DRAIN_FLAG, "Drn "},
e609c337f729875bc20e01096c7e610f45356f54nilgun {PROXY_WORKER_IN_SHUTDOWN, PROXY_WORKER_IN_SHUTDOWN_FLAG, "Shut "},
e609c337f729875bc20e01096c7e610f45356f54nilgun {PROXY_WORKER_DISABLED, PROXY_WORKER_DISABLED_FLAG, "Dis "},
e609c337f729875bc20e01096c7e610f45356f54nilgun {PROXY_WORKER_STOPPED, PROXY_WORKER_STOPPED_FLAG, "Stop "},
e609c337f729875bc20e01096c7e610f45356f54nilgun {PROXY_WORKER_IN_ERROR, PROXY_WORKER_IN_ERROR_FLAG, "Err "},
e609c337f729875bc20e01096c7e610f45356f54nilgun {PROXY_WORKER_HOT_STANDBY, PROXY_WORKER_HOT_STANDBY_FLAG, "Stby "},
e609c337f729875bc20e01096c7e610f45356f54nilgun {PROXY_WORKER_FREE, PROXY_WORKER_FREE_FLAG, "Free "},
e609c337f729875bc20e01096c7e610f45356f54nilgun/* Global balancer counter */
91f378b5a10f2d83820902ed10ba7967a3920c18nilgunstatic int lb_workers_limit = 0;
e609c337f729875bc20e01096c7e610f45356f54nilgunconst apr_strmatch_pattern PROXY_DECLARE_DATA *ap_proxy_strmatch_path;
e609c337f729875bc20e01096c7e610f45356f54nilgunconst apr_strmatch_pattern PROXY_DECLARE_DATA *ap_proxy_strmatch_domain;
e609c337f729875bc20e01096c7e610f45356f54nilgunstatic int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r);
e609c337f729875bc20e01096c7e610f45356f54nilgunstatic int proxy_match_domainname(struct dirconn_entry *This, request_rec *r);
e609c337f729875bc20e01096c7e610f45356f54nilgunstatic int proxy_match_hostname(struct dirconn_entry *This, request_rec *r);
e609c337f729875bc20e01096c7e610f45356f54nilgunstatic int proxy_match_word(struct dirconn_entry *This, request_rec *r);
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgunAPR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(proxy, PROXY, int, create_req,
e609c337f729875bc20e01096c7e610f45356f54nilgunPROXY_DECLARE(apr_status_t) ap_proxy_strncpy(char *dst, const char *src,
e609c337f729875bc20e01096c7e610f45356f54nilgun /* Assume the typical case is smaller copying into bigger
e609c337f729875bc20e01096c7e610f45356f54nilgun so we have a fast return */
e609c337f729875bc20e01096c7e610f45356f54nilgun if ((thelen < dlen-1) || ((strlen(src)) == thelen)) {
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun /* XXX: APR_ENOSPACE would be better */
e609c337f729875bc20e01096c7e610f45356f54nilgun/* already called in the knowledge that the characters are hex digits */
e609c337f729875bc20e01096c7e610f45356f54nilgun int ch = x[0];
e609c337f729875bc20e01096c7e610f45356f54nilgun#else /*APR_CHARSET_EBCDIC*/
e609c337f729875bc20e01096c7e610f45356f54nilgun * we assume that the hex value refers to an ASCII character
e609c337f729875bc20e01096c7e610f45356f54nilgun * so convert to EBCDIC so that it makes sense locally;
e609c337f729875bc20e01096c7e610f45356f54nilgun * client specifies %20 in URL to refer to a space char;
e609c337f729875bc20e01096c7e610f45356f54nilgun * at this point we're called with EBCDIC "20"; after turning
e609c337f729875bc20e01096c7e610f45356f54nilgun * EBCDIC "20" into binary 0x20, we then need to assume that 0x20
e609c337f729875bc20e01096c7e610f45356f54nilgun * represents an ASCII char and convert 0x20 to EBCDIC, yielding
e609c337f729875bc20e01096c7e610f45356f54nilgun#endif /*APR_CHARSET_EBCDIC*/
e609c337f729875bc20e01096c7e610f45356f54nilgun x[0] = '%';
e609c337f729875bc20e01096c7e610f45356f54nilgun if (i >= 10) {
e609c337f729875bc20e01096c7e610f45356f54nilgun if (i >= 10) {
e609c337f729875bc20e01096c7e610f45356f54nilgun#else /*APR_CHARSET_EBCDIC*/
e609c337f729875bc20e01096c7e610f45356f54nilgun x[0] = '%';
e609c337f729875bc20e01096c7e610f45356f54nilgun#endif /*APR_CHARSET_EBCDIC*/
e609c337f729875bc20e01096c7e610f45356f54nilgun * canonicalise a URL-encoded string
e609c337f729875bc20e01096c7e610f45356f54nilgun * Convert a URL-encoded string to canonical form.
e609c337f729875bc20e01096c7e610f45356f54nilgun * It decodes characters which need not be encoded,
e609c337f729875bc20e01096c7e610f45356f54nilgun * and encodes those which must be encoded, and does not touch
e609c337f729875bc20e01096c7e610f45356f54nilgun * those which must not be touched.
91f378b5a10f2d83820902ed10ba7967a3920c18nilgunPROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
e609c337f729875bc20e01096c7e610f45356f54nilgun int i, j, ch;
e609c337f729875bc20e01096c7e610f45356f54nilgun char *allowed; /* characters which should not be encoded */
e609c337f729875bc20e01096c7e610f45356f54nilgun char *reserved; /* characters which much not be en/de-coded */
e609c337f729875bc20e01096c7e610f45356f54nilgun * N.B. in addition to :@&=, this allows ';' in an http path
e609c337f729875bc20e01096c7e610f45356f54nilgun * and '?' in an ftp path -- this may be revised
e609c337f729875bc20e01096c7e610f45356f54nilgun * Also, it makes a '+' character in a search string reserved, as
e609c337f729875bc20e01096c7e610f45356f54nilgun * it may be form-encoded. (Although RFC 1738 doesn't allow this -
e609c337f729875bc20e01096c7e610f45356f54nilgun * it only permits ; / ? : @ = & as reserved chars.)
e609c337f729875bc20e01096c7e610f45356f54nilgun else if (t == enc_search) {
e609c337f729875bc20e01096c7e610f45356f54nilgun else if (t == enc_user) {
e609c337f729875bc20e01096c7e610f45356f54nilgun else if (t == enc_fpath) {
e609c337f729875bc20e01096c7e610f45356f54nilgun else { /* if (t == enc_parm) */
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun else if (t == enc_search) {
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun for (i = 0, j = 0; i < len; i++, j++) {
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun/* always handle '/' first */
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun * decode it if not already done. do not decode reverse proxied URLs
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun * unless specifically forced
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun if ((forcedec || (proxyreq && proxyreq != PROXYREQ_REVERSE)) && ch == '%') {
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun if (!apr_isxdigit(x[i + 1]) || !apr_isxdigit(x[i + 2])) {
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun if (ch != 0 && strchr(reserved, ch)) { /* keep it encoded */
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun/* recode it, if necessary */
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun y[j] = '\0';
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun * Parses network-location.
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun * urlp on input the URL; on output the path, after the leading /
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun * user NULL if no user/password permitted
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun * password holder for password
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun * host holder for host
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun * port port number; only set if one is supplied.
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun * Returns an error string.
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun ap_proxy_canon_netloc(apr_pool_t *p, char **const urlp, char **userp,
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun return "Malformed URL";
b9bf3918f6eaf7747bcbfbd02792bcbe4a052784nilgun /* find _last_ '@' since it might occur in user/password part */
e609c337f729875bc20e01096c7e610f45356f54nilgun/* find password */
e609c337f729875bc20e01096c7e610f45356f54nilgun password = ap_proxy_canonenc(p, strp + 1, strlen(strp + 1), enc_user, 1, 0);
e609c337f729875bc20e01096c7e610f45356f54nilgun return "Bad %-escape in URL (password)";
e609c337f729875bc20e01096c7e610f45356f54nilgun user = ap_proxy_canonenc(p, user, strlen(user), enc_user, 1, 0);
e609c337f729875bc20e01096c7e610f45356f54nilgun return "Bad %-escape in URL (username)";
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd * Parse the host string to separate host portion from optional port.
e609c337f729875bc20e01096c7e610f45356f54nilgun * Perform range checking on port.
return NULL;
NULL));
r->uri);
return statuscode;
return r->hostname;
return NULL;
url = apr_pstrdup(r->pool, &url[1]); /* make it point to "//", which is what proxy_canon_netloc expects */
int i, quads;
long bits;
char *tmp;
char *tmp;
++addr;
--quads;
/* "IP Address should be given in dotted-quad form, optionally followed by a netmask (e.g., 192.168.111.0/24)"; */
#if DEBUGGING
#if DEBUGGING
!= APR_SUCCESS) {
#if DEBUGGING
while (reqaddr) {
#if DEBUGGING
#if DEBUGGING
--d_len;
--h_len;
int h2_len;
int h1_len;
while (addr) {
--h2_len;
--h1_len;
return HTTP_FORBIDDEN;
if (!addr)
return HTTP_FORBIDDEN;
return OK;
return OK;
return url;
int n, l3 = 0;
if (urlpart) {
* BalancerMember balancer://alias http://example.com/foo
* translate url http://example.com/foo/bar/that to /bash/that
if (urlpart) {
--l2;
NULL);
worker++;
if (part) {
if (part) {
return url;
&proxy_module);
const char *pathp;
const char *domainp;
int ddiff = 0;
int pdiff = 0;
char *ret;
return str;
if (newpath) {
if (newdomain) {
if (newdomain) {
return ret;
const char *url,
int care)
return NULL;
return balancer;
balancer++;
return NULL;
const char *url)
return NULL;
const char *url,
const char *alias,
int do_malloc)
const char *sname;
if (!lbmethod) {
if (do_malloc)
&sname);
return APR_EINVAL;
if (lbmethod)
return rv;
PROXY_DECLARE(apr_status_t) ap_proxy_initialize_balancer(proxy_balancer *balancer, server_rec *s, apr_pool_t *p)
unsigned int num;
if (!storage) {
return APR_EGENERAL;
return APR_EGENERAL;
return rv;
return APR_EGENERAL;
return rv;
return APR_SUCCESS;
return APR_SUCCESS;
return APR_SUCCESS;
if (conn->r) {
return APR_SUCCESS;
apr_pool_clear(p);
return APR_SUCCESS;
request_rec *r)
return APR_SUCCESS;
return APR_SUCCESS;
return APR_SUCCESS;
const char *url)
int max_match = 0;
int url_length;
int min_match;
int worker_name_length;
char *url_copy;
return NULL;
char *pathstart;
if (balancer) {
return max_worker;
const char *url,
int do_malloc)
int rv;
char *ptr;
* ProxyPass / http://www.example.com
if (balancer) {
} else if (conf) {
if (do_malloc)
return NULL;
return APR_EINVAL;
return APR_SUCCESS;
PROXY_DECLARE(apr_status_t) ap_proxy_initialize_worker(proxy_worker *worker, server_rec *s, apr_pool_t *p)
int mpm_threads;
return rv;
return APR_EGENERAL;
void *conn;
return rv;
server_rec *s)
return OK;
return DECLINED;
return OK;
request_rec *r,
int access_status;
if (*worker) {
return access_status;
request_rec *r,
if (balancer) {
return access_status;
const char *proxy_function,
const char *backend_name,
request_rec *r)
int connected = 0;
int loglevel;
server_rec *s)
return HTTP_SERVICE_UNAVAILABLE;
return HTTP_SERVICE_UNAVAILABLE;
return OK;
server_rec *s)
return OK;
PROXY_DECLARE(int)
char **url,
const char *proxyname,
char *server_portstr,
int server_portstr_size)
int server_port;
NULL));
if (!proxyname) {
if (proxyname) {
const char *proxy_auth;
return HTTP_INTERNAL_SERVER_ERROR;
return OK;
server_rec *s)
int status;
int complete = 0;
int len = 0;
if (!complete) {
buffer);
code_str);
return(status);
server_rec *s)
int connected = 0;
int loglevel;
sizeof(apr_sockaddr_t));
conn_rec *c,
server_rec *s)
int rc;
return OK;
0, NULL,
return HTTP_INTERNAL_SERVER_ERROR;
return HTTP_INTERNAL_SERVER_ERROR;
return rc;
return OK;
int ap_proxy_lb_workers(void)
if (!lb_workers_limit)
return lb_workers_limit;
apr_bucket *e;
if (r->main)
c->bucket_alloc);
PROXY_DECLARE(unsigned int)
unsigned int hash;
return hash;
unsigned int hash;
return hash;
if (set)
return APR_SUCCESS;
pwt++;
return APR_EINVAL;
pwt++;
if (PROXY_WORKER_IS_USABLE(w))
return ret;
int index;
return APR_SUCCESS;
if (lbmethod) {
int found;
return APR_EGENERAL;
found = 0;
if (!found) {
return rv;
if (b->s->need_reset) {
b->s->need_reset = 0;
return APR_SUCCESS;