proxy_util.c revision eacb724157bafd5062590305826ebc6fecb48cd2
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen/* Licensed to the Apache Software Foundation (ASF) under one or more
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * contributor license agreements. See the NOTICE file distributed with
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * this work for additional information regarding copyright ownership.
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * The ASF licenses this file to You under the Apache License, Version 2.0
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * (the "License"); you may not use this file except in compliance with
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * the License. You may obtain a copy of the License at
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * Unless required by applicable law or agreed to in writing, software
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * distributed under the License is distributed on an "AS IS" BASIS,
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * See the License for the specific language governing permissions and
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * limitations under the License.
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen/* Utility routines for Apache proxy */
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen/* Global balancer counter */
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersenstatic int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r);
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersenstatic int proxy_match_domainname(struct dirconn_entry *This, request_rec *r);
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersenstatic int proxy_match_hostname(struct dirconn_entry *This, request_rec *r);
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersenstatic int proxy_match_word(struct dirconn_entry *This, request_rec *r);
eac684ef1c29684b1bcd27a89c38c202e568e469Tom GundersenAPR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(proxy, PROXY, int, create_req,
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen/* already called in the knowledge that the characters are hex digits */
eac684ef1c29684b1bcd27a89c38c202e568e469Tom GundersenPROXY_DECLARE(int) ap_proxy_hex2c(const char *x)
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen#else /*APR_CHARSET_EBCDIC*/
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * we assume that the hex value refers to an ASCII character
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * so convert to EBCDIC so that it makes sense locally;
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * client specifies %20 in URL to refer to a space char;
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * at this point we're called with EBCDIC "20"; after turning
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * EBCDIC "20" into binary 0x20, we then need to assume that 0x20
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * represents an ASCII char and convert 0x20 to EBCDIC, yielding
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen#endif /*APR_CHARSET_EBCDIC*/
eac684ef1c29684b1bcd27a89c38c202e568e469Tom GundersenPROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x)
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen if (i >= 10) {
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen if (i >= 10) {
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen#else /*APR_CHARSET_EBCDIC*/
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen static const char ntoa[] = { "0123456789ABCDEF" };
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen#endif /*APR_CHARSET_EBCDIC*/
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * canonicalise a URL-encoded string
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * Convert a URL-encoded string to canonical form.
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * It decodes characters which need not be encoded,
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * and encodes those which must be encoded, and does not touch
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * those which must not be touched.
eac684ef1c29684b1bcd27a89c38c202e568e469Tom GundersenPROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len,
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen char *allowed; /* characters which should not be encoded */
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen char *reserved; /* characters which much not be en/de-coded */
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * N.B. in addition to :@&=, this allows ';' in an http path
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * and '?' in an ftp path -- this may be revised
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * Also, it makes a '+' character in a search string reserved, as
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * it may be form-encoded. (Although RFC 1738 doesn't allow this -
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * it only permits ; / ? : @ = & as reserved chars.)
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen else if (t == enc_search) {
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen else if (t == enc_user) {
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen else if (t == enc_fpath) {
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen else { /* if (t == enc_parm) */
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen else if (t == enc_search) {
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen for (i = 0, j = 0; i < len; i++, j++) {
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen/* always handle '/' first */
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * decode it if not already done. do not decode reverse proxied URLs
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * unless specifically forced
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen if ((forcedec || (proxyreq && proxyreq != PROXYREQ_REVERSE)) && ch == '%') {
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen if (!apr_isxdigit(x[i + 1]) || !apr_isxdigit(x[i + 2])) {
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen if (ch != 0 && strchr(reserved, ch)) { /* keep it encoded */
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen/* recode it, if necessary */
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen if (!apr_isalnum(ch) && !strchr(allowed, ch)) {
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * Parses network-location.
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * urlp on input the URL; on output the path, after the leading /
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * user NULL if no user/password permitted
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * password holder for password
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * host holder for host
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * port port number; only set if one is supplied.
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * Returns an error string.
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen ap_proxy_canon_netloc(apr_pool_t *p, char **const urlp, char **userp,
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen char **passwordp, char **hostp, apr_port_t *port)
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen char *addr, *scope_id, *strp, *host, *url = *urlp;
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen return "Malformed URL";
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen /* find _last_ '@' since it might occur in user/password part */
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen/* find password */
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen password = ap_proxy_canonenc(p, strp + 1, strlen(strp + 1), enc_user, 1, 0);
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen return "Bad %-escape in URL (password)";
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen user = ap_proxy_canonenc(p, user, strlen(user), enc_user, 1, 0);
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen return "Bad %-escape in URL (username)";
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * Parse the host string to separate host portion from optional port.
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * Perform range checking on port.
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen rv = apr_parse_addr_port(&addr, &scope_id, &tmp_port, host, p);
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen if (rv != APR_SUCCESS || addr == NULL || scope_id != NULL) {
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen return "Invalid host/port";
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen if (tmp_port != 0) { /* only update caller's port if port was specified */
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen ap_str_tolower(addr); /* DNS names are case-insensitive */
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * If the date is a valid RFC 850 date or asctime() date, then it
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen * is converted to the RFC 1123 format.
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen ap_proxy_date_canon(apr_pool_t *p, const char *date)
eac684ef1c29684b1bcd27a89c38c202e568e469Tom GundersenPROXY_DECLARE(request_rec *)ap_proxy_make_fake_req(conn_rec *c, request_rec *r)
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen request_rec *rp = apr_pcalloc(r->pool, sizeof(*r));
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen rp->subprocess_env = apr_table_make(r->pool, 50);
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen rp->headers_out = apr_table_make(r->pool, 12);
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen rp->err_headers_out = apr_table_make(r->pool, 5);
eac684ef1c29684b1bcd27a89c38c202e568e469Tom Gundersen rp->request_config = ap_create_request_config(r->pool);
return rp;
int len, i;
if (p != NULL) {
i = p - list;
} while (apr_isspace(*p));
list = p;
int len, i;
if (p != NULL) {
i = p - list;
} while (apr_isspace(*p));
if (new) {
list = p;
return new;
int i, ch;
ch = x[i];
int i, ch;
return statuscode;
return r->hostname;
return NULL;
url = apr_pstrdup(r->pool, &url[1]); /* make it point to "//", which is what proxy_canon_netloc expects */
int i, quads;
long bits;
char *tmp;
char *tmp;
++addr;
--quads;
/* "IP Address should be given in dotted-quad form, optionally followed by a netmask (e.g., 192.168.111.0/24)"; */
#if DEBUGGING
#if DEBUGGING
!= APR_SUCCESS) {
#if DEBUGGING
while (reqaddr) {
#if DEBUGGING
#if DEBUGGING
--d_len;
--h_len;
int h2_len;
int h1_len;
while (addr) {
--h2_len;
--h1_len;
return HTTP_FORBIDDEN;
while (conf_addr) {
while (uri_addr) {
char *conf_ip;
char *uri_ip;
return HTTP_FORBIDDEN;
return OK;
return OK;
* ap_rgetline() in protocol.c. Deprecate this function and use ap_rgetline()
apr_bucket *e;
char *response;
int found = 0;
buff[0] = 0;
*eos = 0;
while (!found) {
return rv;
while (!found) {
return APR_ECONNABORTED;
if (APR_BUCKET_IS_EOS(e)) {
(const char **)&response,
&len,
APR_BLOCK_READ))) {
return rv;
if (len > 0) {
return APR_SUCCESS;
if (!initial) {
count++;
return url;
const char *real;
u, url);
worker++;
return url;
&proxy_module);
const char *pathp;
const char *domainp;
int ddiff = 0;
int pdiff = 0;
char *ret;
return str;
if (newpath) {
if (newdomain) {
if (newdomain) {
return ret;
const char *url)
return NULL;
return balancer;
balancer++;
return NULL;
apr_pool_t *p,
const char *url)
if (!lbmethod) {
#if APR_HAS_THREADS
return NULL;
const char *url)
int max_match = 0;
int url_length;
int min_match;
int worker_name_length;
char *url_copy;
return NULL;
char *pathstart;
worker++;
return max_worker;
#if APR_HAS_THREADS
return APR_SUCCESS;
apr_pool_t *p,
const char *url)
int rv;
#if APR_HAS_THREADS
return NULL;
return worker;
PROXY_DECLARE(void)
request_rec *r,
int access_status;
if (*worker) {
*url);
*url);
*url);
return access_status;
request_rec *r,
if (balancer) {
return access_status;
const char *proxy_function,
const char *backend_name,
server_rec *s,
apr_pool_t *p)
int connected = 0;
int loglevel;
return APR_SUCCESS;
#if APR_HAS_THREADS
return APR_SUCCESS;
apr_pool_clear(p);
#if APR_HAS_THREADS
return APR_SUCCESS;
request_rec *r)
return APR_SUCCESS;
#if APR_HAS_THREADS
return APR_SUCCESS;
return APR_SUCCESS;
server_rec *s)
if (ap_scoreboard_image) {
if (!score) {
if (!score) {
#if APR_HAS_THREADS
int mpm_threads;
return APR_SUCCESS;
#if APR_HAS_THREADS
#if (APR_MAJOR_VERSION > 0)
void *conn;
return rv;
server_rec *s)
return OK;
return DECLINED;
return OK;
server_rec *s)
return HTTP_SERVICE_UNAVAILABLE;
#if APR_HAS_THREADS
return HTTP_SERVICE_UNAVAILABLE;
#if APR_HAS_THREADS
return OK;
server_rec *s)
return OK;
PROXY_DECLARE(int)
char **url,
const char *proxyname,
char *server_portstr,
int server_portstr_size)
int server_port;
NULL));
if (!proxyname) {
if (proxyname) {
return HTTP_INTERNAL_SERVER_ERROR;
return OK;
server_rec *s)
int connected = 0;
int loglevel;
conn_rec *c,
server_rec *s)
int rc;
return OK;
0, NULL,
return HTTP_INTERNAL_SERVER_ERROR;
return HTTP_INTERNAL_SERVER_ERROR;
return rc;
return OK;
int ap_proxy_lb_workers(void)
if (!lb_workers_limit)
return lb_workers_limit;
apr_bucket *e;
if (r->main)
c->bucket_alloc);
apr_bucket *e;
const char *data;
e = APR_BUCKET_NEXT(e)) {
if (!APR_BUCKET_IS_METADATA(e)) {
else if (APR_BUCKET_IS_FLUSH(e)) {
else if (APR_BUCKET_IS_EOS(e)) {
return rv;