1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 #include "http_config.h"
19 #include "http_request.h"
20 #include "http_connection.h"
21 #include "http_protocol.h"
23 #include "http_core.h"
24 #include "util_filter.h"
25 #define APR_WANT_STRFUNC
26 #include "apr_strings.h"
27 #include "apr_version.h"
29 module AP_MODULE_DECLARE_DATA reqtimeout_module;
32 #define MRT_DEFAULT_HEADER_TIMEOUT 20
33 #define MRT_DEFAULT_HEADER_MAX_TIMEOUT 40
34 #define MRT_DEFAULT_HEADER_MIN_RATE 500
35 #define MRT_DEFAULT_BODY_TIMEOUT 20
36 #define MRT_DEFAULT_BODY_MAX_TIMEOUT 0
37 #define MRT_DEFAULT_BODY_MIN_RATE 500
41 int header_timeout; /* timeout for reading the req hdrs in secs */
42 int header_max_timeout; /* max timeout for req hdrs in secs */
43 int header_min_rate; /* min rate for reading req hdrs in bytes/s */
44 apr_time_t header_rate_factor;
45 int body_timeout; /* timeout for reading the req body in secs */
46 int body_max_timeout; /* max timeout for req body in secs */
47 int body_min_rate; /* min rate for reading req body in bytes/s */
48 apr_time_t body_rate_factor;
51 /* this struct is used both as conn_config and as filter context */
54 apr_time_t timeout_at;
55 apr_time_t max_timeout_at;
62 apr_time_t rate_factor;
63 apr_bucket_brigade *tmpbb;
66 static const char *const reqtimeout_filter_name = "reqtimeout";
67 static int default_header_rate_factor;
68 static int default_body_rate_factor;
70 static void extend_timeout(reqtimeout_con_cfg *ccfg, apr_bucket_brigade *bb)
73 apr_time_t new_timeout_at;
75 if (apr_brigade_length(bb, 0, &len) != APR_SUCCESS || len <= 0)
78 new_timeout_at = ccfg->timeout_at + len * ccfg->rate_factor;
79 if (ccfg->max_timeout_at > 0 && new_timeout_at > ccfg->max_timeout_at) {
80 ccfg->timeout_at = ccfg->max_timeout_at;
83 ccfg->timeout_at = new_timeout_at;
87 static apr_status_t check_time_left(reqtimeout_con_cfg *ccfg,
88 apr_time_t *time_left_p,
93 *time_left_p = ccfg->timeout_at - now;
94 if (*time_left_p <= 0)
97 if (*time_left_p < apr_time_from_sec(1)) {
98 *time_left_p = apr_time_from_sec(1);
103 static apr_status_t have_lf_or_eos(apr_bucket_brigade *bb)
105 apr_bucket *b = APR_BRIGADE_LAST(bb);
107 for ( ; b != APR_BRIGADE_SENTINEL(bb) ; b = APR_BUCKET_PREV(b) ) {
112 if (APR_BUCKET_IS_EOS(b))
115 if (APR_BUCKET_IS_METADATA(b))
118 rv = apr_bucket_read(b, &str, &len, APR_BLOCK_READ);
119 if (rv != APR_SUCCESS)
125 if (str[len-1] == APR_ASCII_LF)
128 return APR_INCOMPLETE;
132 * Append bbIn to bbOut and merge small buckets, to avoid DoS by high memory
135 static apr_status_t brigade_append(apr_bucket_brigade *bbOut, apr_bucket_brigade *bbIn)
137 while (!APR_BRIGADE_EMPTY(bbIn)) {
138 apr_bucket *e = APR_BRIGADE_FIRST(bbIn);
143 rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
144 if (rv != APR_SUCCESS) {
148 APR_BUCKET_REMOVE(e);
149 if (APR_BUCKET_IS_METADATA(e) || len > APR_BUCKET_BUFF_SIZE/4) {
150 APR_BRIGADE_INSERT_TAIL(bbOut, e);
154 rv = apr_brigade_write(bbOut, NULL, NULL, str, len);
155 if (rv != APR_SUCCESS) {
156 apr_bucket_destroy(e);
160 apr_bucket_destroy(e);
167 #define MIN(x,y) ((x) < (y) ? (x) : (y))
168 static apr_status_t reqtimeout_filter(ap_filter_t *f,
169 apr_bucket_brigade *bb,
170 ap_input_mode_t mode,
171 apr_read_type_e block,
174 apr_time_t time_left;
177 apr_interval_time_t saved_sock_timeout = UNSET;
178 reqtimeout_con_cfg *ccfg = f->ctx;
180 if (ccfg->in_keep_alive) {
181 /* For this read, the normal keep-alive timeout must be used */
182 ccfg->in_keep_alive = 0;
183 return ap_get_brigade(f->next, bb, mode, block, readbytes);
186 if (ccfg->new_timeout > 0) {
187 /* set new timeout */
188 now = apr_time_now();
189 ccfg->timeout_at = now + apr_time_from_sec(ccfg->new_timeout);
190 ccfg->new_timeout = 0;
191 if (ccfg->new_max_timeout > 0) {
192 ccfg->max_timeout_at = now + apr_time_from_sec(ccfg->new_max_timeout);
193 ccfg->new_max_timeout = 0;
196 else if (ccfg->timeout_at == 0) {
198 return ap_get_brigade(f->next, bb, mode, block, readbytes);
202 ccfg->socket = ap_get_conn_socket(f->c);
205 rv = check_time_left(ccfg, &time_left, now);
206 if (rv != APR_SUCCESS)
209 if (block == APR_NONBLOCK_READ || mode == AP_MODE_INIT
210 || mode == AP_MODE_EATCRLF) {
211 rv = ap_get_brigade(f->next, bb, mode, block, readbytes);
212 if (ccfg->min_rate > 0 && rv == APR_SUCCESS) {
213 extend_timeout(ccfg, bb);
218 rv = apr_socket_timeout_get(ccfg->socket, &saved_sock_timeout);
219 AP_DEBUG_ASSERT(rv == APR_SUCCESS);
221 rv = apr_socket_timeout_set(ccfg->socket, MIN(time_left, saved_sock_timeout));
222 AP_DEBUG_ASSERT(rv == APR_SUCCESS);
224 if (mode == AP_MODE_GETLINE) {
226 * For a blocking AP_MODE_GETLINE read, apr_brigade_split_line()
227 * would loop until a whole line has been read. As this would make it
228 * impossible to enforce a total timeout, we only do non-blocking
231 apr_off_t remaining = HUGE_STRING_LEN;
234 #if APR_MAJOR_VERSION < 2
236 apr_interval_time_t poll_timeout;
237 apr_pollfd_t pollset;
240 rv = ap_get_brigade(f->next, bb, AP_MODE_GETLINE, APR_NONBLOCK_READ, remaining);
241 if (rv != APR_SUCCESS && !APR_STATUS_IS_EAGAIN(rv)) {
245 if (!APR_BRIGADE_EMPTY(bb)) {
246 if (ccfg->min_rate > 0) {
247 extend_timeout(ccfg, bb);
250 rv = have_lf_or_eos(bb);
251 if (rv != APR_INCOMPLETE) {
255 rv = apr_brigade_length(bb, 1, &bblen);
256 if (rv != APR_SUCCESS) {
260 if (remaining <= 0) {
264 /* Haven't got a whole line yet, save what we have ... */
266 ccfg->tmpbb = apr_brigade_create(f->c->pool, f->c->bucket_alloc);
268 rv = brigade_append(ccfg->tmpbb, bb);
269 if (rv != APR_SUCCESS)
273 /* ... and wait for more */
274 #if APR_MAJOR_VERSION < 2
275 pollset.p = f->c->pool;
276 pollset.desc_type = APR_POLL_SOCKET;
277 pollset.reqevents = APR_POLLIN|APR_POLLHUP;
278 pollset.desc.s = ccfg->socket;
279 apr_socket_timeout_get(ccfg->socket, &poll_timeout);
280 rv = apr_poll(&pollset, 1, &nsds, poll_timeout);
282 rv = apr_socket_wait(ccfg->socket, APR_WAIT_READ);
284 if (rv != APR_SUCCESS)
287 rv = check_time_left(ccfg, &time_left, 0);
288 if (rv != APR_SUCCESS)
291 rv = apr_socket_timeout_set(ccfg->socket,
292 MIN(time_left, saved_sock_timeout));
293 AP_DEBUG_ASSERT(rv == APR_SUCCESS);
298 APR_BRIGADE_PREPEND(bb, ccfg->tmpbb);
302 /* mode != AP_MODE_GETLINE */
303 rv = ap_get_brigade(f->next, bb, mode, block, readbytes);
304 if (ccfg->min_rate > 0 && rv == APR_SUCCESS) {
305 extend_timeout(ccfg, bb);
309 apr_socket_timeout_set(ccfg->socket, saved_sock_timeout);
312 if (APR_STATUS_IS_TIMEUP(rv)) {
313 ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c, APLOGNO(01382)
314 "Request %s read timeout", ccfg->type);
316 * If we allow a normal lingering close, the client may keep this
317 * process/thread busy for another 30s (MAX_SECS_TO_LINGER).
318 * Therefore we tell ap_lingering_close() to shorten this period to
319 * 2s (SECONDS_TO_LINGER).
321 apr_table_setn(f->c->notes, "short-lingering-close", "1");
324 * Also, we must not allow keep-alive requests, as
325 * ap_finalize_protocol() may ignore our error status (if the timeout
326 * happened on a request body that is discarded).
328 f->c->keepalive = AP_CONN_CLOSE;
333 static int reqtimeout_init(conn_rec *c)
335 reqtimeout_con_cfg *ccfg;
336 reqtimeout_srv_cfg *cfg;
338 cfg = ap_get_module_config(c->base_server->module_config,
340 AP_DEBUG_ASSERT(cfg != NULL);
341 if (cfg->header_timeout == 0 && cfg->body_timeout == 0) {
342 /* disabled for this vhost */
346 ccfg = ap_get_module_config(c->conn_config, &reqtimeout_module);
348 ccfg = apr_pcalloc(c->pool, sizeof(reqtimeout_con_cfg));
349 ap_set_module_config(c->conn_config, &reqtimeout_module, ccfg);
350 ap_add_input_filter(reqtimeout_filter_name, ccfg, NULL, c);
353 /* subsequent request under event-like MPM */
354 memset(ccfg, 0, sizeof(reqtimeout_con_cfg));
357 ccfg->type = "header";
358 if (cfg->header_timeout != UNSET) {
359 ccfg->new_timeout = cfg->header_timeout;
360 ccfg->new_max_timeout = cfg->header_max_timeout;
361 ccfg->min_rate = cfg->header_min_rate;
362 ccfg->rate_factor = cfg->header_rate_factor;
365 ccfg->new_timeout = MRT_DEFAULT_HEADER_TIMEOUT;
366 ccfg->new_max_timeout = MRT_DEFAULT_HEADER_MAX_TIMEOUT;
367 ccfg->min_rate = MRT_DEFAULT_HEADER_MIN_RATE;
368 ccfg->rate_factor = default_header_rate_factor;
371 /* we are not handling the connection, we just do initialization */
375 static int reqtimeout_after_headers(request_rec *r)
377 reqtimeout_srv_cfg *cfg;
378 reqtimeout_con_cfg *ccfg =
379 ap_get_module_config(r->connection->conn_config, &reqtimeout_module);
381 if (ccfg == NULL || r->method_number == M_CONNECT) {
382 /* either disabled for this connection or a CONNECT request */
385 cfg = ap_get_module_config(r->connection->base_server->module_config,
387 AP_DEBUG_ASSERT(cfg != NULL);
389 ccfg->timeout_at = 0;
390 ccfg->max_timeout_at = 0;
392 if (cfg->body_timeout != UNSET) {
393 ccfg->new_timeout = cfg->body_timeout;
394 ccfg->new_max_timeout = cfg->body_max_timeout;
395 ccfg->min_rate = cfg->body_min_rate;
396 ccfg->rate_factor = cfg->body_rate_factor;
399 ccfg->new_timeout = MRT_DEFAULT_BODY_TIMEOUT;
400 ccfg->new_max_timeout = MRT_DEFAULT_BODY_MAX_TIMEOUT;
401 ccfg->min_rate = MRT_DEFAULT_BODY_MIN_RATE;
402 ccfg->rate_factor = default_body_rate_factor;
407 static int reqtimeout_after_body(request_rec *r)
409 reqtimeout_srv_cfg *cfg;
410 reqtimeout_con_cfg *ccfg =
411 ap_get_module_config(r->connection->conn_config, &reqtimeout_module);
414 /* not configured for this connection */
418 cfg = ap_get_module_config(r->connection->base_server->module_config,
420 AP_DEBUG_ASSERT(cfg != NULL);
422 ccfg->timeout_at = 0;
423 ccfg->max_timeout_at = 0;
424 ccfg->in_keep_alive = 1;
425 ccfg->type = "header";
426 if (ccfg->new_timeout != UNSET) {
427 ccfg->new_timeout = cfg->header_timeout;
428 ccfg->new_max_timeout = cfg->header_max_timeout;
429 ccfg->min_rate = cfg->header_min_rate;
430 ccfg->rate_factor = cfg->header_rate_factor;
433 ccfg->new_timeout = MRT_DEFAULT_HEADER_TIMEOUT;
434 ccfg->new_max_timeout = MRT_DEFAULT_HEADER_MAX_TIMEOUT;
435 ccfg->min_rate = MRT_DEFAULT_HEADER_MIN_RATE;
436 ccfg->rate_factor = default_header_rate_factor;
442 static void *reqtimeout_create_srv_config(apr_pool_t *p, server_rec *s)
444 reqtimeout_srv_cfg *cfg = apr_pcalloc(p, sizeof(reqtimeout_srv_cfg));
446 cfg->header_timeout = UNSET;
447 cfg->header_max_timeout = UNSET;
448 cfg->header_min_rate = UNSET;
449 cfg->body_timeout = UNSET;
450 cfg->body_max_timeout = UNSET;
451 cfg->body_min_rate = UNSET;
456 #define MERGE_INT(cfg, b, a, val) cfg->val = (a->val == UNSET) ? b->val : a->val;
457 static void *reqtimeout_merge_srv_config(apr_pool_t *p, void *base_, void *add_)
459 reqtimeout_srv_cfg *base = base_;
460 reqtimeout_srv_cfg *add = add_;
461 reqtimeout_srv_cfg *cfg = apr_pcalloc(p, sizeof(reqtimeout_srv_cfg));
463 MERGE_INT(cfg, base, add, header_timeout);
464 MERGE_INT(cfg, base, add, header_max_timeout);
465 MERGE_INT(cfg, base, add, header_min_rate);
466 MERGE_INT(cfg, base, add, body_timeout);
467 MERGE_INT(cfg, base, add, body_max_timeout);
468 MERGE_INT(cfg, base, add, body_min_rate);
470 cfg->header_rate_factor = (cfg->header_min_rate == UNSET) ?
471 base->header_rate_factor : add->header_rate_factor;
472 cfg->body_rate_factor = (cfg->body_min_rate == UNSET) ?
473 base->body_rate_factor : add->body_rate_factor;
477 static const char *parse_int(apr_pool_t *p, const char *arg, int *val) {
479 *val = strtol(arg, &endptr, 10);
482 return apr_psprintf(p, "Value '%s' not numerical", endptr);
484 if (*endptr != '\0') {
485 return apr_psprintf(p, "Cannot parse '%s'", endptr);
488 return "Value must be non-negative";
493 static const char *set_reqtimeout_param(reqtimeout_srv_cfg *conf,
498 const char *ret = NULL;
499 char *rate_str = NULL, *initial_str, *max_str = NULL;
500 int rate = 0, initial = 0, max = 0;
501 enum { PARAM_HEADER, PARAM_BODY } type;
503 if (!strcasecmp(key, "header")) {
506 else if (!strcasecmp(key, "body")) {
510 return "Unknown RequestReadTimeout parameter";
513 if ((rate_str = ap_strcasestr(val, ",minrate="))) {
514 initial_str = apr_pstrndup(p, val, rate_str - val);
515 rate_str += strlen(",minrate=");
516 ret = parse_int(p, rate_str, &rate);
521 return "Minimum data rate must be larger than 0";
523 if ((max_str = strchr(initial_str, '-'))) {
525 ret = parse_int(p, max_str, &max);
530 ret = parse_int(p, initial_str, &initial);
533 if (ap_strchr_c(val, '-'))
534 return "Must set MinRate option if using timeout range";
535 ret = parse_int(p, val, &initial);
541 if (max && initial >= max) {
542 return "Maximum timeout must be larger than initial timeout";
545 if (type == PARAM_HEADER) {
546 conf->header_timeout = initial;
547 conf->header_max_timeout = max;
548 conf->header_min_rate = rate;
550 conf->header_rate_factor = apr_time_from_sec(1) / rate;
553 conf->body_timeout = initial;
554 conf->body_max_timeout = max;
555 conf->body_min_rate = rate;
557 conf->body_rate_factor = apr_time_from_sec(1) / rate;
562 static const char *set_reqtimeouts(cmd_parms *cmd, void *mconfig,
565 reqtimeout_srv_cfg *conf =
566 ap_get_module_config(cmd->server->module_config,
573 word = ap_getword_conf(cmd->temp_pool, &arg);
574 val = strchr(word, '=');
576 return "Invalid RequestReadTimeout parameter. Parameter must be "
577 "in the form 'key=value'";
582 err = set_reqtimeout_param(conf, cmd->pool, word, val);
585 return apr_psprintf(cmd->temp_pool, "RequestReadTimeout: %s=%s: %s",
593 static void reqtimeout_hooks(apr_pool_t *pool)
596 * mod_ssl is AP_FTYPE_CONNECTION + 5 and mod_reqtimeout needs to
597 * be called before mod_ssl. Otherwise repeated reads during the ssl
598 * handshake can prevent the timeout from triggering.
600 ap_register_input_filter(reqtimeout_filter_name, reqtimeout_filter, NULL,
601 AP_FTYPE_CONNECTION + 8);
604 * mod_reqtimeout needs to be called before ap_process_http_request (which
605 * is run at APR_HOOK_REALLY_LAST) but after all other protocol modules.
606 * This ensures that it only influences normal http connections and not
607 * e.g. mod_ftp. Also, if mod_reqtimeout used the pre_connection hook, it
608 * would be inserted on mod_proxy's backend connections.
610 ap_hook_process_connection(reqtimeout_init, NULL, NULL, APR_HOOK_LAST);
612 ap_hook_post_read_request(reqtimeout_after_headers, NULL, NULL,
614 ap_hook_log_transaction(reqtimeout_after_body, NULL, NULL,
617 #if MRT_DEFAULT_HEADER_MIN_RATE > 0
618 default_header_rate_factor = apr_time_from_sec(1) / MRT_DEFAULT_HEADER_MIN_RATE;
620 #if MRT_DEFAULT_BODY_MIN_RATE > 0
621 default_body_rate_factor = apr_time_from_sec(1) / MRT_DEFAULT_BODY_MIN_RATE;
625 static const command_rec reqtimeout_cmds[] = {
626 AP_INIT_RAW_ARGS("RequestReadTimeout", set_reqtimeouts, NULL, RSRC_CONF,
627 "Set various timeout parameters for reading request "
632 AP_DECLARE_MODULE(reqtimeout) = {
633 STANDARD20_MODULE_STUFF,
634 NULL, /* create per-dir config structures */
635 NULL, /* merge per-dir config structures */
636 reqtimeout_create_srv_config, /* create per-server config structures */
637 reqtimeout_merge_srv_config, /* merge per-server config structures */
638 reqtimeout_cmds, /* table of config file commands */