2 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
3 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
4 <!-- $LastChangedRevision$ -->
7 Licensed to the Apache Software Foundation (ASF) under one or more
8 contributor license agreements. See the NOTICE file distributed with
9 this work for additional information regarding copyright ownership.
10 The ASF licenses this file to You under the Apache License, Version 2.0
11 (the "License"); you may not use this file except in compliance with
12 the License. You may obtain a copy of the License at
14 http://www.apache.org/licenses/LICENSE-2.0
16 Unless required by applicable law or agreed to in writing, software
17 distributed under the License is distributed on an "AS IS" BASIS,
18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 See the License for the specific language governing permissions and
20 limitations under the License.
23 <modulesynopsis metafile="mod_filter.xml.meta">
25 <name>mod_filter</name>
26 <description>Context-sensitive smart filter configuration module</description>
28 <sourcefile>mod_filter.c</sourcefile>
29 <identifier>filter_module</identifier>
30 <compatibility>Version 2.1 and later</compatibility>
33 <p>This module enables smart, context-sensitive configuration of
34 output content filters. For example, apache can be configured to
35 process different content-types through different filters, even
36 when the content-type is not known in advance (e.g. in a proxy).</p>
38 <p><module>mod_filter</module> works by introducing indirection into
39 the filter chain. Instead of inserting filters in the chain, we insert
40 a filter harness which in turn dispatches conditionally
41 to a filter provider. Any content filter may be used as a provider
42 to <module>mod_filter</module>; no change to existing filter modules is
43 required (although it may be possible to simplify them).</p>
46 <section id="smart"><title>Smart Filtering</title>
47 <p>In the traditional filtering model, filters are inserted unconditionally
48 using <directive module="mod_mime">AddOutputFilter</directive> and family.
49 Each filter then needs to determine whether to run, and there is little
50 flexibility available for server admins to allow the chain to be
51 configured dynamically.</p>
53 <p><module>mod_filter</module> by contrast gives server administrators a
54 great deal of flexibility in configuring the filter chain. In fact,
55 filters can be inserted based on any Request Header, Response Header
56 or Environment Variable. This generalises the limited flexibility offered
57 by <directive module="core">AddOutputFilterByType</directive>, and fixes
58 it to work correctly with dynamic content, regardless of the
59 content generator. The ability to dispatch based on Environment
60 Variables offers the full flexibility of configuration with
61 <module>mod_rewrite</module> to anyone who needs it.</p>
64 <section id="terms"><title>Filter Declarations, Providers and Chains</title>
66 <img src="../images/mod_filter_old.gif" width="160" height="310"
67 alt="[This image displays the traditional filter model]"/><br />
68 <dfn>Figure 1:</dfn> The traditional filter model</p>
70 <p>In the traditional model, output filters are a simple chain
71 from the content generator (handler) to the client. This works well
72 provided the filter chain can be correctly configured, but presents
73 problems when the filters need to be configured dynamically based on
74 the outcome of the handler.</p>
77 <img src="../images/mod_filter_new.gif" width="423" height="331"
78 alt="[This image shows the mod_filter model]"/><br />
79 <dfn>Figure 2:</dfn> The <module>mod_filter</module> model</p>
81 <p><module>mod_filter</module> works by introducing indirection into
82 the filter chain. Instead of inserting filters in the chain, we insert
83 a filter harness which in turn dispatches conditionally
84 to a filter provider. Any content filter may be used as a provider
85 to <module>mod_filter</module>; no change to existing filter modules
86 is required (although it may be possible to simplify them). There can be
87 multiple providers for one filter, but no more than one provider will
88 run for any single request.</p>
90 <p>A filter chain comprises any number of instances of the filter
91 harness, each of which may have any number of providers. A special
92 case is that of a single provider with unconditional dispatch: this
93 is equivalent to inserting the provider filter directly into the chain.</p>
96 <section id="config"><title>Configuring the Chain</title>
97 <p>There are three stages to configuring a filter chain with
98 <module>mod_filter</module>. For details of the directives, see below.</p>
101 <dt>Declare Filters</dt>
102 <dd>The <directive module="mod_filter">FilterDeclare</directive> directive
103 declares a filter, assigning it a name and filter type. Required
104 only if the filter is not the default type AP_FTYPE_RESOURCE.</dd>
106 <dt>Register Providers</dt>
107 <dd>The <directive module="mod_filter">FilterProvider</directive>
108 directive registers a provider with a filter. The filter may have
109 been declared with <directive module="mod_filter"
110 >FilterDeclare</directive>; if not, FilterProvider will implicitly
111 declare it with the default type AP_FTYPE_RESOURCE. The provider
113 registered with <code>ap_register_output_filter</code> by some module.
114 The final argument to <directive module="mod_filter"
115 >FilterProvider</directive> is an expression: the provider will be
116 selected to run for a request if and only if the expression evaluates
117 to true. The expression may evaluate HTTP request or response
118 headers, environment variables, or the Handler used by this request.
119 Unlike earlier versions, mod_filter now supports complex expressions
120 involving multiple criteria with AND / OR logic (&& / ||)
123 <dt>Configure the Chain</dt>
124 <dd>The above directives build components of a smart filter chain,
125 but do not configure it to run. The <directive module="mod_filter"
126 >FilterChain</directive> directive builds a filter chain from smart
127 filters declared, offering the flexibility to insert filters at the
128 beginning or end of the chain, remove a filter, or clear the chain.</dd>
130 <section id="errordocs"><title>Filtering and Response Status</title>
131 <p>mod_filter normally only runs filters on responses with
132 HTTP status 200 (OK). If you want to filter documents with
133 other response statuses, you can set the <var>filter-errordocs</var>
134 environment variable, and it will work on all responses
135 regardless of status. To refine this further, you can use
136 expression conditions with <directive>FilterProvider</directive>.</p>
138 <section id="upgrade"><title>Upgrading from HTTPD 2.2 Configuration</title>
139 <p>The <directive module="mod_filter">FilterProvider</directive>
140 directive has changed from HTTPD 2.2: the <var>match</var> and
141 <var>dispatch</var> arguments are replaced with a single but
142 more versatile <var>expression</var>. In general, you can convert
143 a match/dispatch pair to the two sides of an expression, using
145 <example>"dispatch = match"</example>
146 <p>The Request headers, Response headers and Environment variables
147 are now interpreted from syntax <var>$req{foo}</var>,
148 <var>$resp{foo}</var> and <var>$env{foo}</var> respectively.
149 The variables <var>$handler</var> and <var>$Content-Type</var>
150 are also supported.</p>
151 <p>Note that the match no longer supports integer comparisons
152 or substring matches. The latter can be replaced by regular
153 expression matches.</p>
156 <section id="examples"><title>Examples</title>
158 <dt>Server side Includes (SSI)</dt>
159 <dd>A simple case of using <module>mod_filter</module> in place of
160 <directive module="core">AddOutputFilterByType</directive>
162 FilterDeclare SSI<br/>
163 FilterProvider SSI INCLUDES "$resp{Content-Type} = /^text\/html/"<br/>
168 <dt>Server side Includes (SSI)</dt>
169 <dd>The same as the above but dispatching on handler (classic
170 SSI behaviour; .shtml files get processed).
172 FilterProvider SSI INCLUDES "Handler = server-parsed"<br/>
177 <dt>Emulating mod_gzip with mod_deflate</dt>
178 <dd>Insert INFLATE filter only if "gzip" is NOT in the
179 Accept-Encoding header. This filter runs with ftype CONTENT_SET.
181 FilterDeclare gzip CONTENT_SET<br/>
182 FilterProvider gzip inflate "$req{Accept-Encoding} != /gzip/"<br/>
187 <dt>Image Downsampling</dt>
188 <dd>Suppose we want to downsample all web images, and have filters
189 for GIF, JPEG and PNG.
191 FilterProvider unpack jpeg_unpack "$resp{Content-Type} = image/jpeg"<br/>
192 FilterProvider unpack gif_unpack "$resp{Content-Type} = image/gif"<br/>
193 FilterProvider unpack png_unpack "$resp{Content-Type} = image/png"<br/>
195 FilterProvider downsample downsample_filter "$resp{Content-Type} = /image\/(jpeg|gif|png)/"<br/>
196 FilterProtocol downsample "change=yes"<br/>
198 FilterProvider repack jpeg_pack "$resp{Content-Type} = image/jpeg"<br/>
199 FilterProvider repack gif_pack "$resp{Content-Type} = image/gif"<br/>
200 FilterProvider repack png_pack "$resp{Content-Type} = image/png"<br/>
201 <Location /image-filter><br/>
203 FilterChain unpack downsample repack<br/>
211 <section id="protocol"><title>Protocol Handling</title>
212 <p>Historically, each filter is responsible for ensuring that whatever
213 changes it makes are correctly represented in the HTTP response headers,
214 and that it does not run when it would make an illegal change. This
215 imposes a burden on filter authors to re-implement some common
216 functionality in every filter:</p>
219 <li>Many filters will change the content, invalidating existing content
220 tags, checksums, hashes, and lengths.</li>
222 <li>Filters that require an entire, unbroken response in input need to
223 ensure they don't get byteranges from a backend.</li>
225 <li>Filters that transform output in a filter need to ensure they don't
226 violate a <code>Cache-Control: no-transform</code> header from the
229 <li>Filters may make responses uncacheable.</li>
232 <p><module>mod_filter</module> aims to offer generic handling of these
233 details of filter implementation, reducing the complexity required of
234 content filter modules. This is work-in-progress; the
235 <directive module="mod_filter">FilterProtocol</directive> implements
236 some of this functionality for back-compatibility with Apache 2.0
237 modules. For httpd 2.1 and later, the
238 <code>ap_register_output_filter_protocol</code> and
239 <code>ap_filter_protocol</code> API enables filter modules to
240 declare their own behaviour.</p>
242 <p>At the same time, <module>mod_filter</module> should not interfere
243 with a filter that wants to handle all aspects of the protocol. By
244 default (i.e. in the absence of any <directive module="mod_filter"
245 >FilterProtocol</directive> directives), <module>mod_filter</module>
246 will leave the headers untouched.</p>
248 <p>At the time of writing, this feature is largely untested,
249 as modules in common use are designed to work with 2.0.
250 Modules using it should test it carefully.</p>
254 <name>FilterDeclare</name>
255 <description>Declare a smart filter</description>
256 <syntax>FilterDeclare <var>filter-name</var> <var>[type]</var></syntax>
257 <contextlist><context>server config</context><context>virtual host</context>
258 <context>directory</context><context>.htaccess</context></contextlist>
259 <override>Options</override>
262 <p>This directive declares an output filter together with a
263 header or environment variable that will determine runtime
264 configuration. The first argument is a <var>filter-name</var>
265 for use in <directive module="mod_filter">FilterProvider</directive>,
266 <directive module="mod_filter">FilterChain</directive> and
267 <directive module="mod_filter">FilterProtocol</directive> directives.</p>
269 <p>The final (optional) argument
270 is the type of filter, and takes values of <code>ap_filter_type</code>
271 - namely <code>RESOURCE</code> (the default), <code>CONTENT_SET</code>,
272 <code>PROTOCOL</code>, <code>TRANSCODE</code>, <code>CONNECTION</code>
273 or <code>NETWORK</code>.</p>
278 <name>FilterProvider</name>
279 <description>Register a content filter</description>
280 <syntax>FilterProvider <var>filter-name</var> <var>provider-name</var>
281 <var>expression</var></syntax>
282 <contextlist><context>server config</context><context>virtual host</context>
283 <context>directory</context><context>.htaccess</context></contextlist>
284 <override>Options</override>
287 <p>This directive registers a <em>provider</em> for the smart filter.
288 The provider will be called if and only if the <var>expression</var>
289 declared evaluates to true when the harness is first called.</p>
292 <var>provider-name</var> must have been registered by loading
293 a module that registers the name with
294 <code>ap_register_output_filter</code>.
297 <p><var>expression</var> can be any of the following:</p>
299 <dt><code><var>string</var></code></dt>
300 <dd>true if <var>string</var> is not empty</dd>
302 <dt><code><var>string1</var> = <var>string2</var><br />
303 <var>string1</var> == <var>string2</var><br />
304 <var>string1</var> != <var>string2</var></code></dt>
306 <dd><p>Compare <var>string1</var> with <var>string2</var>. If
307 <var>string2</var> has the form <code>/<var>string2</var>/</code>
308 then it is treated as a regular expression. Regular expressions are
309 implemented by the <a href="http://www.pcre.org">PCRE</a> engine and
310 have the same syntax as those in <a href="http://www.perl.com">perl
311 5</a>. Note that <code>==</code> is just an alias for <code>=</code>
312 and behaves exactly the same way.</p>
315 <dt><code><var>string1</var> < <var>string2</var><br />
316 <var>string1</var> <= <var>string2</var><br />
317 <var>string1</var> > <var>string2</var><br />
318 <var>string1</var> >= <var>string2</var></code></dt>
320 <dd>Compare <var>string1</var> with <var>string2</var>. Note, that
321 strings are compared <em>literally</em> (using
322 <code>strcmp(3)</code>). Therefore the string "100" is less than
325 <dt><code>( <var>expression</var> )</code></dt>
326 <dd>true if <var>expression</var> is true</dd>
328 <dt><code>! <var>expression</var></code></dt>
329 <dd>true if <var>expression</var> is false</dd>
331 <dt><code><var>expression1</var> &&
332 <var>expression2</var></code></dt>
333 <dd>true if both <var>expression1</var> and
334 <var>expression2</var> are true</dd>
336 <dt><code><var>expression1</var> ||
337 <var>expression2</var></code></dt>
338 <dd>true if either <var>expression1</var> or
339 <var>expression2</var> is true</dd>
346 <name>FilterChain</name>
347 <description>Configure the filter chain</description>
348 <syntax>FilterChain [+=-@!]<var>filter-name</var> <var>...</var></syntax>
349 <contextlist><context>server config</context><context>virtual host</context>
350 <context>directory</context><context>.htaccess</context></contextlist>
351 <override>Options</override>
354 <p>This configures an actual filter chain, from declared filters.
355 <directive>FilterChain</directive> takes any number of arguments,
356 each optionally preceded with a single-character control that
357 determines what to do:</p>
360 <dt><code>+<var>filter-name</var></code></dt>
361 <dd>Add <var>filter-name</var> to the end of the filter chain</dd>
363 <dt><code>@<var>filter-name</var></code></dt>
364 <dd>Insert <var>filter-name</var> at the start of the filter chain</dd>
366 <dt><code>-<var>filter-name</var></code></dt>
367 <dd>Remove <var>filter-name</var> from the filter chain</dd>
369 <dt><code>=<var>filter-name</var></code></dt>
370 <dd>Empty the filter chain and insert <var>filter-name</var></dd>
372 <dt><code>!</code></dt>
373 <dd>Empty the filter chain</dd>
375 <dt><code><var>filter-name</var></code></dt>
376 <dd>Equivalent to <code>+<var>filter-name</var></code></dd>
382 <name>FilterProtocol</name>
383 <description>Deal with correct HTTP protocol handling</description>
384 <syntax>FilterProtocol <var>filter-name</var> [<var>provider-name</var>]
385 <var>proto-flags</var></syntax>
386 <contextlist><context>server config</context><context>virtual host</context>
387 <context>directory</context><context>.htaccess</context></contextlist>
388 <override>Options</override>
391 <p>This directs <module>mod_filter</module> to deal with ensuring the
392 filter doesn't run when it shouldn't, and that the HTTP response
393 headers are correctly set taking into account the effects of the
396 <p>There are two forms of this directive. With three arguments, it
397 applies specifically to a <var>filter-name</var> and a
398 <var>provider-name</var> for that filter.
399 With two arguments it applies to a <var>filter-name</var> whenever the
400 filter runs <em>any</em> provider.</p>
402 <p><var>proto-flags</var> is one or more of</p>
405 <dt><code>change=yes</code></dt>
406 <dd>The filter changes the content, including possibly the content
409 <dt><code>change=1:1</code></dt>
410 <dd>The filter changes the content, but will not change the content
413 <dt><code>byteranges=no</code></dt>
414 <dd>The filter cannot work on byteranges and requires complete input</dd>
416 <dt><code>proxy=no</code></dt>
417 <dd>The filter should not run in a proxy context</dd>
419 <dt><code>proxy=transform</code></dt>
420 <dd>The filter transforms the response in a manner incompatible with
421 the HTTP <code>Cache-Control: no-transform</code> header.</dd>
423 <dt><code>cache=no</code></dt>
424 <dd>The filter renders the output uncacheable (eg by introducing randomised
425 content changes)</dd>
431 <name>FilterTrace</name>
432 <description>Get debug/diagnostic information from
433 <module>mod_filter</module></description>
434 <syntax>FilterTrace <var>filter-name</var> <var>level</var></syntax>
435 <contextlist><context>server config</context><context>virtual host</context>
436 <context>directory</context></contextlist>
439 <p>This directive generates debug information from
440 <module>mod_filter</module>.
441 It is designed to help test and debug providers (filter modules), although
442 it may also help with <module>mod_filter</module> itself.</p>
444 <p>The debug output depends on the <var>level</var> set:</p>
446 <dt><code>0</code> (default)</dt>
447 <dd>No debug information is generated.</dd>
449 <dt><code>1</code></dt>
450 <dd><module>mod_filter</module> will record buckets and brigades
451 passing through the filter to the error log, before the provider has
452 processed them. This is similar to the information generated by
453 <a href="http://apache.webthing.com/mod_diagnostics/">mod_diagnostics</a>.
456 <dt><code>2</code> (not yet implemented)</dt>
457 <dd>Will dump the full data passing through to a tempfile before the
458 provider. <strong>For single-user debug only</strong>; this will not
459 support concurrent hits.</dd>