1 /* Copyright 1999-2005 The Apache Software Foundation or its licensors, as
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include "mod_proxy.h"
21 #include "apr_optional.h"
22 #include "scoreboard.h"
23 #include "mod_status.h"
25 #if (MODULE_MAGIC_NUMBER_MAJOR > 20020903)
28 APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
29 APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
30 APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
31 APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
32 (apr_pool_t *, server_rec *,
33 conn_rec *, request_rec *, char *));
37 #define MAX(x,y) ((x) >= (y) ? (x) : (y))
41 * A Web proxy module. Stages:
43 * translate_name: set filename to proxy:<URL>
44 * map_to_storage: run proxy_walk (rather than directory_walk/file_walk)
45 * can't trust directory_walk/file_walk since these are
46 * not in our filesystem. Prevents mod_http from serving
47 * the TRACE request we will set aside to handle later.
48 * type_checker: set type to PROXY_MAGIC_TYPE if filename begins proxy:
49 * fix_ups: convert the URL stored in the filename to the
51 * handler: handle proxy requests
54 /* -------------------------------------------------------------- */
55 /* Translate the URL into a 'filename' */
57 #define PROXY_COPY_CONF_PARAMS(w, c) \
59 (w)->timeout = (c)->timeout; \
60 (w)->timeout_set = (c)->timeout_set; \
61 (w)->recv_buffer_size = (c)->recv_buffer_size; \
62 (w)->recv_buffer_size_set = (c)->recv_buffer_size_set; \
63 (w)->io_buffer_size = (c)->io_buffer_size; \
64 (w)->io_buffer_size_set = (c)->io_buffer_size_set; \
67 static const char *set_worker_param(apr_pool_t *p,
74 if (!strcasecmp(key, "loadfactor")) {
75 /* Normalized load factor. Used with BalancerMamber,
76 * it is a number between 1 and 100.
78 worker->lbfactor = atoi(val);
79 if (worker->lbfactor < 1 || worker->lbfactor > 100)
80 return "LoadFactor must be number between 1..100";
82 else if (!strcasecmp(key, "retry")) {
83 /* If set it will give the retry timeout for the worker
84 * The default value is 60 seconds, meaning that if
85 * in error state, it will be retried after that timeout.
89 return "Retry must be at least one second";
90 worker->retry = apr_time_from_sec(ival);
92 else if (!strcasecmp(key, "ttl")) {
93 /* Time in seconds that will destroy all the connections
98 return "TTL must be at least one second";
99 worker->ttl = apr_time_from_sec(ival);
101 else if (!strcasecmp(key, "min")) {
102 /* Initial number of connections to remote
106 return "Min must be a positive number";
109 else if (!strcasecmp(key, "max")) {
110 /* Maximum number of connections to remote
114 return "Max must be a positive number";
117 /* XXX: More inteligent naming needed */
118 else if (!strcasecmp(key, "smax")) {
119 /* Maximum number of connections to remote that
120 * will not be destroyed
124 return "Smax must be a positive number";
127 else if (!strcasecmp(key, "acquire")) {
128 /* Acquire timeout in milliseconds.
129 * If set this will be the maximum time to
130 * wait for a free connection.
134 return "Acquire must be at least one mili second";
135 worker->acquire = apr_time_make(0, ival * 1000);
136 worker->acquire_set = 1;
138 else if (!strcasecmp(key, "timeout")) {
139 /* Connection timeout in seconds.
140 * Defaults to server timeout.
144 return "Timeout must be at least one second";
145 worker->timeout = apr_time_from_sec(ival);
146 worker->timeout_set = 1;
148 else if (!strcasecmp(key, "iobuffersize")) {
150 worker->io_buffer_size = ((s > AP_IOBUFSIZE) ? s : AP_IOBUFSIZE);
151 worker->io_buffer_size_set = 1;
153 else if (!strcasecmp(key, "receivebuffersize")) {
155 if (ival < 512 && ival != 0) {
156 return "ReceiveBufferSize must be >= 512 bytes, or 0 for system default.";
158 worker->recv_buffer_size = ival;
159 worker->recv_buffer_size_set = 1;
161 else if (!strcasecmp(key, "keepalive")) {
162 if (!strcasecmp(val, "on"))
163 worker->keepalive = 1;
164 else if (!strcasecmp(val, "off"))
165 worker->keepalive = 0;
167 return "KeepAlive must be On|Off";
168 worker->keepalive_set = 1;
170 else if (!strcasecmp(key, "route")) {
173 if (strlen(val) > PROXY_WORKER_MAX_ROUTE_SIZ)
174 return "Route length must be < 64 characters";
175 worker->route = apr_pstrdup(p, val);
177 else if (!strcasecmp(key, "redirect")) {
178 /* Worker redirection route.
180 if (strlen(val) > PROXY_WORKER_MAX_ROUTE_SIZ)
181 return "Redirect length must be < 64 characters";
182 worker->redirect = apr_pstrdup(p, val);
185 return "unknown Worker parameter";
190 static const char *set_balancer_param(apr_pool_t *p,
191 proxy_balancer *balancer,
197 if (!strcasecmp(key, "stickysession")) {
198 /* Balancer sticky session name.
199 * Set to something like JSESSIONID or
200 * PHPSESSIONID, etc..,
202 balancer->sticky = apr_pstrdup(p, val);
204 else if (!strcasecmp(key, "nofailover")) {
205 /* If set to 'on' the session will break
206 * if the worker is in error state or
209 if (!strcasecmp(val, "on"))
210 balancer->sticky_force = 1;
211 else if (!strcasecmp(val, "off"))
212 balancer->sticky_force = 0;
214 return "failover must be On|Off";
216 else if (!strcasecmp(key, "timeout")) {
217 /* Balancer timeout in seconds.
218 * If set this will be the maximum time to
219 * wait for a free worker.
220 * Default is not to wait.
224 return "timeout must be at least one second";
225 balancer->timeout = apr_time_from_sec(ival);
227 else if (!strcasecmp(key, "maxattempts")) {
228 /* Maximum number of failover attempts before
233 return "maximum number of attempts must be a positive number";
234 balancer->max_attempts = ival;
235 balancer->max_attempts_set = 1;
237 else if (!strcasecmp(key, "lbmethod")) {
238 /* Which LB scheduler method */
239 if (!strcasecmp(val, "traffic"))
240 balancer->lbmethod = lbmethod_traffic;
241 else if (!strcasecmp(val, "requests"))
242 balancer->lbmethod = lbmethod_requests;
244 return "lbmethod must be Traffic|Requests";
247 return "unknown Balancer parameter";
252 static int alias_match(const char *uri, const char *alias_fakename)
254 const char *end_fakename = alias_fakename + strlen(alias_fakename);
255 const char *aliasp = alias_fakename, *urip = uri;
256 const char *end_uri = uri + strlen(uri);
258 while (aliasp < end_fakename && urip < end_uri) {
259 if (*aliasp == '/') {
260 /* any number of '/' in the alias matches any number in
261 * the supplied URI, but there must be at least one...
266 while (*aliasp == '/')
272 /* Other characters are compared literally */
273 if (*urip++ != *aliasp++)
278 /* fixup badly encoded stuff (e.g. % as last character) */
279 if (aliasp > end_fakename) {
280 aliasp = end_fakename;
282 if (urip > end_uri) {
286 /* We reach the end of the uri before the end of "alias_fakename"
287 * for example uri is "/" and alias_fakename "/examples"
289 if (urip == end_uri && aliasp!=end_fakename) {
293 /* Check last alias path component matched all the way */
294 if (aliasp[-1] != '/' && *urip != '\0' && *urip != '/')
297 /* Return number of characters from URI which matched (may be
298 * greater than length of alias, since we may have matched
305 /* Detect if an absoluteURI should be proxied or not. Note that we
306 * have to do this during this phase because later phases are
307 * "short-circuiting"... i.e. translate_names will end when the first
308 * module returns OK. So for example, if the request is something like:
310 * GET http://othervhost/cgi-bin/printenv HTTP/1.0
312 * mod_alias will notice the /cgi-bin part and ScriptAlias it and
313 * short-circuit the proxy... just because of the ordering in the
314 * configuration file.
316 static int proxy_detect(request_rec *r)
318 void *sconf = r->server->module_config;
319 proxy_server_conf *conf =
320 (proxy_server_conf *) ap_get_module_config(sconf, &proxy_module);
322 /* Ick... msvc (perhaps others) promotes ternary short results to int */
324 if (conf->req && r->parsed_uri.scheme) {
325 /* but it might be something vhosted */
326 if (!(r->parsed_uri.hostname
327 && !strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r))
328 && ap_matches_request_vhost(r, r->parsed_uri.hostname,
329 (apr_port_t)(r->parsed_uri.port_str ? r->parsed_uri.port
330 : ap_default_port(r))))) {
331 r->proxyreq = PROXYREQ_PROXY;
332 r->uri = r->unparsed_uri;
333 r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
334 r->handler = "proxy-server";
337 /* We need special treatment for CONNECT proxying: it has no scheme part */
338 else if (conf->req && r->method_number == M_CONNECT
339 && r->parsed_uri.hostname
340 && r->parsed_uri.port_str) {
341 r->proxyreq = PROXYREQ_PROXY;
342 r->uri = r->unparsed_uri;
343 r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
344 r->handler = "proxy-server";
349 static int proxy_trans(request_rec *r)
351 void *sconf = r->server->module_config;
352 proxy_server_conf *conf =
353 (proxy_server_conf *) ap_get_module_config(sconf, &proxy_module);
355 struct proxy_alias *ent = (struct proxy_alias *) conf->aliases->elts;
358 /* someone has already set up the proxy, it was possibly ourselves
364 /* XXX: since r->uri has been manipulated already we're not really
365 * compliant with RFC1945 at this point. But this probably isn't
366 * an issue because this is a hybrid proxy/origin server.
369 for (i = 0; i < conf->aliases->nelts; i++) {
370 len = alias_match(r->uri, ent[i].fake);
373 if ((ent[i].real[0] == '!') && (ent[i].real[1] == 0)) {
377 r->filename = apr_pstrcat(r->pool, "proxy:", ent[i].real,
379 r->handler = "proxy-server";
380 r->proxyreq = PROXYREQ_REVERSE;
387 static int proxy_walk(request_rec *r)
389 proxy_server_conf *sconf = ap_get_module_config(r->server->module_config,
391 ap_conf_vector_t *per_dir_defaults = r->server->lookup_defaults;
392 ap_conf_vector_t **sec_proxy = (ap_conf_vector_t **) sconf->sec_proxy->elts;
393 ap_conf_vector_t *entry_config;
394 proxy_dir_conf *entry_proxy;
395 int num_sec = sconf->sec_proxy->nelts;
396 /* XXX: shouldn't we use URI here? Canonicalize it first?
397 * Pass over "proxy:" prefix
399 const char *proxyname = r->filename + 6;
402 for (j = 0; j < num_sec; ++j)
404 entry_config = sec_proxy[j];
405 entry_proxy = ap_get_module_config(entry_config, &proxy_module);
407 /* XXX: What about case insensitive matching ???
408 * Compare regex, fnmatch or string as appropriate
409 * If the entry doesn't relate, then continue
412 ? ap_regexec(entry_proxy->r, proxyname, 0, NULL, 0)
413 : (entry_proxy->p_is_fnmatch
414 ? apr_fnmatch(entry_proxy->p, proxyname, 0)
415 : strncmp(proxyname, entry_proxy->p,
416 strlen(entry_proxy->p)))) {
419 per_dir_defaults = ap_merge_per_dir_configs(r->pool, per_dir_defaults,
423 r->per_dir_config = per_dir_defaults;
428 static int proxy_map_location(request_rec *r)
432 if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
435 /* Don't let the core or mod_http map_to_storage hooks handle this,
436 * We don't need directory/file_walk, and we want to TRACE on our own.
438 if ((access_status = proxy_walk(r))) {
439 ap_die(access_status, r);
440 return access_status;
445 /* -------------------------------------------------------------- */
446 /* Fixup the filename */
449 * Canonicalise the URL
451 static int proxy_fixup(request_rec *r)
456 if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
459 /* XXX: Shouldn't we try this before we run the proxy_walk? */
460 url = &r->filename[6];
462 /* canonicalise each specific scheme */
463 if ((access_status = proxy_run_canon_handler(r, url))) {
464 return access_status;
467 p = strchr(url, ':');
468 if (p == NULL || p == url)
469 return HTTP_BAD_REQUEST;
471 return OK; /* otherwise; we've done the best we can */
473 /* Send a redirection if the request contains a hostname which is not */
474 /* fully qualified, i.e. doesn't have a domain name appended. Some proxy */
475 /* servers like Netscape's allow this and access hosts from the local */
476 /* domain in this case. I think it is better to redirect to a FQDN, since */
477 /* these will later be found in the bookmarks files. */
478 /* The "ProxyDomain" directive determines what domain will be appended */
479 static int proxy_needsdomain(request_rec *r, const char *url, const char *domain)
484 /* We only want to worry about GETs */
485 if (!r->proxyreq || r->method_number != M_GET || !r->parsed_uri.hostname)
488 /* If host does contain a dot already, or it is "localhost", decline */
489 if (strchr(r->parsed_uri.hostname, '.') != NULL
490 || strcasecmp(r->parsed_uri.hostname, "localhost") == 0)
491 return DECLINED; /* host name has a dot already */
493 ref = apr_table_get(r->headers_in, "Referer");
495 /* Reassemble the request, but insert the domain after the host name */
496 /* Note that the domain name always starts with a dot */
497 r->parsed_uri.hostname = apr_pstrcat(r->pool, r->parsed_uri.hostname,
499 nuri = apr_uri_unparse(r->pool,
501 APR_URI_UNP_REVEALPASSWORD);
503 apr_table_set(r->headers_out, "Location", nuri);
504 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
505 "Domain missing: %s sent to %s%s%s", r->uri,
506 apr_uri_unparse(r->pool, &r->parsed_uri,
507 APR_URI_UNP_OMITUSERINFO),
508 ref ? " from " : "", ref ? ref : "");
510 return HTTP_MOVED_PERMANENTLY;
513 /* -------------------------------------------------------------- */
516 static int proxy_handler(request_rec *r)
518 char *uri, *scheme, *p;
520 void *sconf = r->server->module_config;
521 proxy_server_conf *conf = (proxy_server_conf *)
522 ap_get_module_config(sconf, &proxy_module);
523 apr_array_header_t *proxies = conf->proxies;
524 struct proxy_remote *ents = (struct proxy_remote *) proxies->elts;
525 int i, rc, access_status;
526 int direct_connect = 0;
529 proxy_balancer *balancer = NULL;
530 proxy_worker *worker = NULL;
531 int attempts = 0, max_attempts = 0;
532 struct dirconn_entry *list = (struct dirconn_entry *)conf->dirconn->elts;
534 /* is this for us? */
535 if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
538 /* handle max-forwards / OPTIONS / TRACE */
539 if ((str = apr_table_get(r->headers_in, "Max-Forwards"))) {
540 maxfwd = strtol(str, NULL, 10);
542 switch (r->method_number) {
544 core_server_config *coreconf = (core_server_config *)
545 ap_get_module_config(sconf, &core_module);
548 if (coreconf->trace_enable == AP_TRACE_DISABLE)
549 return ap_proxyerror(r, HTTP_NOT_IMPLEMENTED,
550 "TRACE denied by server configuration");
552 /* Can't test ap_should_client_block, we aren't ready to send
553 * the client a 100 Continue response till the connection has
556 if (coreconf->trace_enable != AP_TRACE_EXTENDED
557 && (r->read_length || (!r->read_chunked && (r->remaining <= 0))))
558 return ap_proxyerror(r, HTTP_REQUEST_ENTITY_TOO_LARGE,
559 "TRACE with request body is not allowed");
561 r->proxyreq = PROXYREQ_NONE;
562 if ((access_status = ap_send_http_trace(r)))
563 ap_die(access_status, r);
565 ap_finalize_request_protocol(r);
570 r->proxyreq = PROXYREQ_NONE;
571 if ((access_status = ap_send_http_options(r)))
572 ap_die(access_status, r);
574 ap_finalize_request_protocol(r);
578 return ap_proxyerror(r, HTTP_BAD_GATEWAY,
579 "Max-Forwards has reached zero - proxy loop?");
583 maxfwd = (maxfwd > 0) ? maxfwd - 1 : 0;
586 /* set configured max-forwards */
587 maxfwd = conf->maxfwd;
589 apr_table_set(r->headers_in, "Max-Forwards",
590 apr_psprintf(r->pool, "%ld", (maxfwd > 0) ? maxfwd : 0));
592 uri = r->filename + 6;
593 p = strchr(uri, ':');
595 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
596 "proxy_handler no URL in %s", r->filename);
597 return HTTP_BAD_REQUEST;
600 /* If the host doesn't have a domain name, add one and redirect. */
601 if (conf->domain != NULL) {
602 rc = proxy_needsdomain(r, uri, conf->domain);
603 if (ap_is_HTTP_REDIRECT(rc))
604 return HTTP_MOVED_PERMANENTLY;
607 scheme = apr_pstrndup(r->pool, uri, p - uri);
608 /* Check URI's destination host against NoProxy hosts */
609 /* Bypass ProxyRemote server lookup if configured as NoProxy */
610 for (direct_connect = i = 0; i < conf->dirconn->nelts &&
611 !direct_connect; i++) {
612 direct_connect = list[i].matcher(&list[i], r);
615 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
616 (direct_connect) ? "NoProxy for %s" : "UseProxy for %s",
622 /* Try to obtain the most suitable worker */
623 access_status = ap_proxy_pre_request(&worker, &balancer, r, conf, &url);
624 if (access_status != OK)
625 return access_status;
626 if (balancer && balancer->max_attempts_set && !max_attempts)
627 max_attempts = balancer->max_attempts;
628 /* firstly, try a proxy, unless a NoProxy directive is active */
629 if (!direct_connect) {
630 for (i = 0; i < proxies->nelts; i++) {
631 p2 = ap_strchr_c(ents[i].scheme, ':'); /* is it a partial URL? */
632 if (strcmp(ents[i].scheme, "*") == 0 ||
633 (ents[i].use_regex &&
634 ap_regexec(ents[i].regexp, url, 0, NULL, 0) == 0) ||
635 (p2 == NULL && strcasecmp(scheme, ents[i].scheme) == 0) ||
637 strncasecmp(url, ents[i].scheme,
638 strlen(ents[i].scheme)) == 0)) {
640 /* handle the scheme */
641 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
642 "Trying to run scheme_handler against proxy");
643 access_status = proxy_run_scheme_handler(r, worker,
648 /* an error or success */
649 if (access_status != DECLINED &&
650 access_status != HTTP_BAD_GATEWAY) {
653 /* we failed to talk to the upstream proxy */
658 /* otherwise, try it direct */
659 /* N.B. what if we're behind a firewall, where we must use a proxy or
663 /* handle the scheme */
664 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
665 "Running scheme %s handler (attempt %d)",
667 access_status = proxy_run_scheme_handler(r, worker, conf,
669 if (access_status == OK)
671 else if (access_status == HTTP_INTERNAL_SERVER_ERROR) {
672 /* Unrecoverable server error.
673 * We can not failover to another worker.
674 * Mark the worker as unusable if member of load balancer
677 worker->s->status |= PROXY_WORKER_IN_ERROR;
680 else if (access_status == HTTP_SERVICE_UNAVAILABLE) {
681 /* Recoverable server error.
682 * We can failover to another worker
683 * Mark the worker as unusable if member of load balancer
686 worker->s->status |= PROXY_WORKER_IN_ERROR;
690 /* Unrecoverable error.
691 * Return the origin status code to the client.
695 /* Try again if the worker is unusable and the service is
698 } while (!PROXY_WORKER_IS_USABLE(worker) &&
699 max_attempts > attempts++);
701 if (DECLINED == access_status) {
702 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
703 "proxy: No protocol handler was valid for the URL %s. "
704 "If you are using a DSO version of mod_proxy, make sure "
705 "the proxy submodules are included in the configuration "
706 "using LoadModule.", r->uri);
707 access_status = HTTP_FORBIDDEN;
712 int post_status = proxy_run_post_request(worker, balancer, r, conf);
713 if (post_status == DECLINED) {
714 post_status = OK; /* no post_request handler available */
715 /* TODO: reclycle direct worker */
718 return access_status;
721 /* -------------------------------------------------------------- */
722 /* Setup configurable data */
724 static void * create_proxy_config(apr_pool_t *p, server_rec *s)
726 proxy_server_conf *ps = apr_pcalloc(p, sizeof(proxy_server_conf));
728 ps->sec_proxy = apr_array_make(p, 10, sizeof(ap_conf_vector_t *));
729 ps->proxies = apr_array_make(p, 10, sizeof(struct proxy_remote));
730 ps->aliases = apr_array_make(p, 10, sizeof(struct proxy_alias));
731 ps->raliases = apr_array_make(p, 10, sizeof(struct proxy_alias));
732 ps->cookie_paths = apr_array_make(p, 10, sizeof(struct proxy_alias));
733 ps->cookie_domains = apr_array_make(p, 10, sizeof(struct proxy_alias));
734 ps->cookie_path_str = apr_strmatch_precompile(p, "path=", 0);
735 ps->cookie_domain_str = apr_strmatch_precompile(p, "domain=", 0);
736 ps->noproxies = apr_array_make(p, 10, sizeof(struct noproxy_entry));
737 ps->dirconn = apr_array_make(p, 10, sizeof(struct dirconn_entry));
738 ps->allowed_connect_ports = apr_array_make(p, 10, sizeof(int));
739 ps->workers = apr_array_make(p, 10, sizeof(proxy_worker));
740 ps->balancers = apr_array_make(p, 10, sizeof(proxy_balancer));
744 ps->viaopt = via_off; /* initially backward compatible with 1.3.1 */
745 ps->viaopt_set = 0; /* 0 means default */
748 ps->recv_buffer_size = 0; /* this default was left unset for some reason */
749 ps->recv_buffer_size_set = 0;
750 ps->io_buffer_size = AP_IOBUFSIZE;
751 ps->io_buffer_size_set = 0;
752 ps->maxfwd = DEFAULT_MAX_FORWARDS;
754 ps->error_override = 0;
755 ps->error_override_set = 0;
756 ps->preserve_host_set = 0;
757 ps->preserve_host = 0;
760 ps->badopt = bad_error;
766 static void * merge_proxy_config(apr_pool_t *p, void *basev, void *overridesv)
768 proxy_server_conf *ps = apr_pcalloc(p, sizeof(proxy_server_conf));
769 proxy_server_conf *base = (proxy_server_conf *) basev;
770 proxy_server_conf *overrides = (proxy_server_conf *) overridesv;
772 ps->proxies = apr_array_append(p, base->proxies, overrides->proxies);
773 ps->sec_proxy = apr_array_append(p, base->sec_proxy, overrides->sec_proxy);
774 ps->aliases = apr_array_append(p, base->aliases, overrides->aliases);
775 ps->raliases = apr_array_append(p, base->raliases, overrides->raliases);
777 = apr_array_append(p, base->cookie_paths, overrides->cookie_paths);
779 = apr_array_append(p, base->cookie_domains, overrides->cookie_domains);
780 ps->cookie_path_str = base->cookie_path_str;
781 ps->cookie_domain_str = base->cookie_domain_str;
782 ps->noproxies = apr_array_append(p, base->noproxies, overrides->noproxies);
783 ps->dirconn = apr_array_append(p, base->dirconn, overrides->dirconn);
784 ps->allowed_connect_ports = apr_array_append(p, base->allowed_connect_ports, overrides->allowed_connect_ports);
785 ps->workers = apr_array_append(p, base->workers, overrides->workers);
786 ps->balancers = apr_array_append(p, base->balancers, overrides->balancers);
787 ps->forward = overrides->forward ? overrides->forward : base->forward;
788 ps->reverse = overrides->reverse ? overrides->reverse : base->reverse;
790 ps->domain = (overrides->domain == NULL) ? base->domain : overrides->domain;
791 ps->viaopt = (overrides->viaopt_set == 0) ? base->viaopt : overrides->viaopt;
792 ps->req = (overrides->req_set == 0) ? base->req : overrides->req;
793 ps->recv_buffer_size = (overrides->recv_buffer_size_set == 0) ? base->recv_buffer_size : overrides->recv_buffer_size;
794 ps->io_buffer_size = (overrides->io_buffer_size_set == 0) ? base->io_buffer_size : overrides->io_buffer_size;
795 ps->maxfwd = (overrides->maxfwd_set == 0) ? base->maxfwd : overrides->maxfwd;
796 ps->error_override = (overrides->error_override_set == 0) ? base->error_override : overrides->error_override;
797 ps->preserve_host = (overrides->preserve_host_set == 0) ? base->preserve_host : overrides->preserve_host;
798 ps->timeout= (overrides->timeout_set == 0) ? base->timeout : overrides->timeout;
799 ps->badopt = (overrides->badopt_set == 0) ? base->badopt : overrides->badopt;
800 ps->proxy_status = (overrides->proxy_status_set == 0) ? base->proxy_status : overrides->proxy_status;
805 static void *create_proxy_dir_config(apr_pool_t *p, char *dummy)
807 proxy_dir_conf *new =
808 (proxy_dir_conf *) apr_pcalloc(p, sizeof(proxy_dir_conf));
810 /* Filled in by proxysection, when applicable */
815 static void *merge_proxy_dir_config(apr_pool_t *p, void *basev, void *addv)
817 proxy_dir_conf *new = (proxy_dir_conf *) apr_pcalloc(p, sizeof(proxy_dir_conf));
818 proxy_dir_conf *add = (proxy_dir_conf *) addv;
821 new->p_is_fnmatch = add->p_is_fnmatch;
828 add_proxy(cmd_parms *cmd, void *dummy, const char *f1, const char *r1, int regex)
830 server_rec *s = cmd->server;
831 proxy_server_conf *conf =
832 (proxy_server_conf *) ap_get_module_config(s->module_config, &proxy_module);
833 struct proxy_remote *new;
835 char *r, *f, *scheme;
836 ap_regex_t *reg = NULL;
839 r = apr_pstrdup(cmd->pool, r1);
840 scheme = apr_pstrdup(cmd->pool, r1);
841 f = apr_pstrdup(cmd->pool, f1);
843 if (p == NULL || p[1] != '/' || p[2] != '/' || p[3] == '\0') {
845 return "ProxyRemoteMatch: Bad syntax for a remote proxy server";
847 return "ProxyRemote: Bad syntax for a remote proxy server";
852 q = strchr(p + 3, ':');
854 if (sscanf(q + 1, "%u", &port) != 1 || port > 65535) {
856 return "ProxyRemoteMatch: Bad syntax for a remote proxy server (bad port number)";
858 return "ProxyRemote: Bad syntax for a remote proxy server (bad port number)";
866 reg = ap_pregcomp(cmd->pool, f, AP_REG_EXTENDED);
868 return "Regular expression for ProxyRemoteMatch could not be compiled.";
871 if (strchr(f, ':') == NULL)
872 ap_str_tolower(f); /* lowercase scheme */
873 ap_str_tolower(p + 3); /* lowercase hostname */
876 port = apr_uri_port_of_scheme(scheme);
879 new = apr_array_push(conf->proxies);
882 new->hostname = p + 3;
885 new->use_regex = regex;
890 add_proxy_noregex(cmd_parms *cmd, void *dummy, const char *f1, const char *r1)
892 return add_proxy(cmd, dummy, f1, r1, 0);
896 add_proxy_regex(cmd_parms *cmd, void *dummy, const char *f1, const char *r1)
898 return add_proxy(cmd, dummy, f1, r1, 1);
902 add_pass(cmd_parms *cmd, void *dummy, const char *arg)
904 server_rec *s = cmd->server;
905 proxy_server_conf *conf =
906 (proxy_server_conf *) ap_get_module_config(s->module_config, &proxy_module);
907 struct proxy_alias *new;
911 apr_table_t *params = apr_table_make(cmd->pool, 5);
912 const apr_array_header_t *arr;
913 const apr_table_entry_t *elts;
917 word = ap_getword_conf(cmd->pool, &arg);
923 char *val = strchr(word, '=');
926 return "Invalid ProxyPass parameter. Parameter must be "
927 "in the form 'key=value'";
929 return "ProxyPass can not have a path when defined in a location";
933 apr_table_setn(params, word, val);
938 return "ProxyPass needs a path when not defined in a location";
940 new = apr_array_push(conf->aliases);
941 new->fake = apr_pstrdup(cmd->pool, f);
942 new->real = apr_pstrdup(cmd->pool, r);
943 if (r[0] == '!' && r[1] == '\0')
946 arr = apr_table_elts(params);
947 elts = (const apr_table_entry_t *)arr->elts;
948 /* Distinguish the balancer from woker */
949 if (strncasecmp(r, "balancer:", 9) == 0) {
950 proxy_balancer *balancer = ap_proxy_get_balancer(cmd->pool, conf, r);
952 const char *err = ap_proxy_add_balancer(&balancer,
956 return apr_pstrcat(cmd->temp_pool, "ProxyPass ", err, NULL);
958 for (i = 0; i < arr->nelts; i++) {
959 const char *err = set_balancer_param(cmd->pool, balancer, elts[i].key,
962 return apr_pstrcat(cmd->temp_pool, "ProxyPass ", err, NULL);
966 proxy_worker *worker = ap_proxy_get_worker(cmd->temp_pool, conf, r);
968 const char *err = ap_proxy_add_worker(&worker, cmd->pool, conf, r);
970 return apr_pstrcat(cmd->temp_pool, "ProxyPass ", err, NULL);
972 PROXY_COPY_CONF_PARAMS(worker, conf);
974 for (i = 0; i < arr->nelts; i++) {
975 const char *err = set_worker_param(cmd->pool, worker, elts[i].key,
978 return apr_pstrcat(cmd->temp_pool, "ProxyPass ", err, NULL);
985 add_pass_reverse(cmd_parms *cmd, void *dummy, const char *f, const char *r)
987 server_rec *s = cmd->server;
988 proxy_server_conf *conf;
989 struct proxy_alias *new;
991 conf = (proxy_server_conf *)ap_get_module_config(s->module_config,
993 if (r!=NULL && cmd->path == NULL ) {
994 new = apr_array_push(conf->raliases);
997 } else if (r==NULL && cmd->path != NULL) {
998 new = apr_array_push(conf->raliases);
999 new->fake = cmd->path;
1003 return "ProxyPassReverse needs a path when not defined in a location";
1005 return "ProxyPassReverse can not have a path when defined in a location";
1011 cookie_path(cmd_parms *cmd, void *dummy, const char *f, const char *r)
1013 server_rec *s = cmd->server;
1014 proxy_server_conf *conf;
1015 struct proxy_alias *new;
1017 conf = (proxy_server_conf *)ap_get_module_config(s->module_config,
1019 new = apr_array_push(conf->cookie_paths);
1026 cookie_domain(cmd_parms *cmd, void *dummy, const char *f, const char *r)
1028 server_rec *s = cmd->server;
1029 proxy_server_conf *conf;
1030 struct proxy_alias *new;
1032 conf = (proxy_server_conf *)ap_get_module_config(s->module_config,
1034 new = apr_array_push(conf->cookie_domains);
1042 set_proxy_exclude(cmd_parms *parms, void *dummy, const char *arg)
1044 server_rec *s = parms->server;
1045 proxy_server_conf *conf =
1046 ap_get_module_config(s->module_config, &proxy_module);
1047 struct noproxy_entry *new;
1048 struct noproxy_entry *list = (struct noproxy_entry *) conf->noproxies->elts;
1049 struct apr_sockaddr_t *addr;
1053 /* Don't duplicate entries */
1054 for (i = 0; i < conf->noproxies->nelts; i++) {
1055 if (apr_strnatcasecmp(arg, list[i].name) == 0) { /* ignore case for host names */
1061 new = apr_array_push(conf->noproxies);
1063 if (APR_SUCCESS == apr_sockaddr_info_get(&addr, new->name, APR_UNSPEC, 0, 0, parms->pool)) {
1074 * Set the ports CONNECT can use
1077 set_allowed_ports(cmd_parms *parms, void *dummy, const char *arg)
1079 server_rec *s = parms->server;
1080 proxy_server_conf *conf =
1081 ap_get_module_config(s->module_config, &proxy_module);
1084 if (!apr_isdigit(arg[0]))
1085 return "AllowCONNECT: port number must be numeric";
1087 New = apr_array_push(conf->allowed_connect_ports);
1092 /* Similar to set_proxy_exclude(), but defining directly connected hosts,
1093 * which should never be accessed via the configured ProxyRemote servers
1096 set_proxy_dirconn(cmd_parms *parms, void *dummy, const char *arg)
1098 server_rec *s = parms->server;
1099 proxy_server_conf *conf =
1100 ap_get_module_config(s->module_config, &proxy_module);
1101 struct dirconn_entry *New;
1102 struct dirconn_entry *list = (struct dirconn_entry *) conf->dirconn->elts;
1106 /* Don't duplicate entries */
1107 for (i = 0; i < conf->dirconn->nelts; i++) {
1108 if (strcasecmp(arg, list[i].name) == 0)
1113 New = apr_array_push(conf->dirconn);
1114 New->name = apr_pstrdup(parms->pool, arg);
1115 New->hostaddr = NULL;
1117 if (ap_proxy_is_ipaddr(New, parms->pool)) {
1119 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1120 "Parsed addr %s", inet_ntoa(New->addr));
1121 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1122 "Parsed mask %s", inet_ntoa(New->mask));
1125 else if (ap_proxy_is_domainname(New, parms->pool)) {
1126 ap_str_tolower(New->name);
1128 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1129 "Parsed domain %s", New->name);
1132 else if (ap_proxy_is_hostname(New, parms->pool)) {
1133 ap_str_tolower(New->name);
1135 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1136 "Parsed host %s", New->name);
1140 ap_proxy_is_word(New, parms->pool);
1142 fprintf(stderr, "Parsed word %s\n", New->name);
1150 set_proxy_domain(cmd_parms *parms, void *dummy, const char *arg)
1152 proxy_server_conf *psf =
1153 ap_get_module_config(parms->server->module_config, &proxy_module);
1156 return "ProxyDomain: domain name must start with a dot.";
1163 set_proxy_req(cmd_parms *parms, void *dummy, int flag)
1165 proxy_server_conf *psf =
1166 ap_get_module_config(parms->server->module_config, &proxy_module);
1171 if (flag && !psf->forward) {
1172 psf->forward = ap_proxy_create_worker(parms->pool);
1173 psf->forward->name = "proxy:forward";
1174 psf->forward->hostname = "*";
1175 psf->forward->scheme = "*";
1181 set_proxy_error_override(cmd_parms *parms, void *dummy, int flag)
1183 proxy_server_conf *psf =
1184 ap_get_module_config(parms->server->module_config, &proxy_module);
1186 psf->error_override = flag;
1187 psf->error_override_set = 1;
1191 set_preserve_host(cmd_parms *parms, void *dummy, int flag)
1193 proxy_server_conf *psf =
1194 ap_get_module_config(parms->server->module_config, &proxy_module);
1196 psf->preserve_host = flag;
1197 psf->preserve_host_set = 1;
1202 set_recv_buffer_size(cmd_parms *parms, void *dummy, const char *arg)
1204 proxy_server_conf *psf =
1205 ap_get_module_config(parms->server->module_config, &proxy_module);
1207 if (s < 512 && s != 0) {
1208 return "ProxyReceiveBufferSize must be >= 512 bytes, or 0 for system default.";
1211 psf->recv_buffer_size = s;
1212 psf->recv_buffer_size_set = 1;
1217 set_io_buffer_size(cmd_parms *parms, void *dummy, const char *arg)
1219 proxy_server_conf *psf =
1220 ap_get_module_config(parms->server->module_config, &proxy_module);
1223 psf->io_buffer_size = ((s > AP_IOBUFSIZE) ? s : AP_IOBUFSIZE);
1224 psf->io_buffer_size_set = 1;
1229 set_max_forwards(cmd_parms *parms, void *dummy, const char *arg)
1231 proxy_server_conf *psf =
1232 ap_get_module_config(parms->server->module_config, &proxy_module);
1235 return "ProxyMaxForwards must be greater or equal to zero..";
1239 psf->maxfwd_set = 1;
1243 set_proxy_timeout(cmd_parms *parms, void *dummy, const char *arg)
1245 proxy_server_conf *psf =
1246 ap_get_module_config(parms->server->module_config, &proxy_module);
1251 return "Proxy Timeout must be at least 1 second.";
1254 psf->timeout=apr_time_from_sec(timeout);
1260 set_via_opt(cmd_parms *parms, void *dummy, const char *arg)
1262 proxy_server_conf *psf =
1263 ap_get_module_config(parms->server->module_config, &proxy_module);
1265 if (strcasecmp(arg, "Off") == 0)
1266 psf->viaopt = via_off;
1267 else if (strcasecmp(arg, "On") == 0)
1268 psf->viaopt = via_on;
1269 else if (strcasecmp(arg, "Block") == 0)
1270 psf->viaopt = via_block;
1271 else if (strcasecmp(arg, "Full") == 0)
1272 psf->viaopt = via_full;
1274 return "ProxyVia must be one of: "
1275 "off | on | full | block";
1278 psf->viaopt_set = 1;
1283 set_bad_opt(cmd_parms *parms, void *dummy, const char *arg)
1285 proxy_server_conf *psf =
1286 ap_get_module_config(parms->server->module_config, &proxy_module);
1288 if (strcasecmp(arg, "IsError") == 0)
1289 psf->badopt = bad_error;
1290 else if (strcasecmp(arg, "Ignore") == 0)
1291 psf->badopt = bad_ignore;
1292 else if (strcasecmp(arg, "StartBody") == 0)
1293 psf->badopt = bad_body;
1295 return "ProxyBadHeader must be one of: "
1296 "IsError | Ignore | StartBody";
1299 psf->badopt_set = 1;
1304 set_status_opt(cmd_parms *parms, void *dummy, const char *arg)
1306 proxy_server_conf *psf =
1307 ap_get_module_config(parms->server->module_config, &proxy_module);
1309 if (strcasecmp(arg, "Off") == 0)
1310 psf->proxy_status = status_off;
1311 else if (strcasecmp(arg, "On") == 0)
1312 psf->proxy_status = status_on;
1313 else if (strcasecmp(arg, "Full") == 0)
1314 psf->proxy_status = status_full;
1316 return "ProxyStatus must be one of: "
1320 psf->proxy_status_set = 1;
1324 static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
1326 server_rec *s = cmd->server;
1327 proxy_server_conf *conf =
1328 ap_get_module_config(s->module_config, &proxy_module);
1329 proxy_balancer *balancer;
1330 proxy_worker *worker;
1331 char *path = cmd->path;
1334 apr_table_t *params = apr_table_make(cmd->pool, 5);
1335 const apr_array_header_t *arr;
1336 const apr_table_entry_t *elts;
1340 path = apr_pstrdup(cmd->pool, cmd->path);
1342 word = ap_getword_conf(cmd->pool, &arg);
1348 char *val = strchr(word, '=');
1351 return "BalancerMember can not have a balancer name when defined in a location";
1353 return "Invalid BalancerMember parameter. Parameter must "
1354 "be in the form 'key=value'";
1357 apr_table_setn(params, word, val);
1361 return "BalancerMember must define balancer name when outside <Proxy > section";
1363 return "BalancerMember must define remote proxy server";
1365 ap_str_tolower(path); /* lowercase scheme://hostname */
1366 ap_str_tolower(name); /* lowercase scheme://hostname */
1368 /* Try to find existing worker */
1369 worker = ap_proxy_get_worker(cmd->temp_pool, conf, name);
1372 if ((err = ap_proxy_add_worker(&worker, cmd->pool, conf, name)) != NULL)
1373 return apr_pstrcat(cmd->temp_pool, "BalancerMember ", err, NULL);
1375 PROXY_COPY_CONF_PARAMS(worker, conf);
1377 arr = apr_table_elts(params);
1378 elts = (const apr_table_entry_t *)arr->elts;
1379 for (i = 0; i < arr->nelts; i++) {
1380 const char *err = set_worker_param(cmd->pool, worker, elts[i].key,
1383 return apr_pstrcat(cmd->temp_pool, "BalancerMember ", err, NULL);
1385 /* Try to find the balancer */
1386 balancer = ap_proxy_get_balancer(cmd->temp_pool, conf, path);
1388 const char *err = ap_proxy_add_balancer(&balancer,
1392 return apr_pstrcat(cmd->temp_pool, "BalancerMember ", err, NULL);
1394 /* Add the worker to the load balancer */
1395 ap_proxy_add_worker_to_balancer(cmd->pool, balancer, worker);
1400 set_proxy_param(cmd_parms *cmd, void *dummy, const char *arg)
1402 server_rec *s = cmd->server;
1403 proxy_server_conf *conf =
1404 (proxy_server_conf *) ap_get_module_config(s->module_config, &proxy_module);
1407 proxy_balancer *balancer = NULL;
1408 proxy_worker *worker = NULL;
1411 if (cmd->directive->parent &&
1412 strncasecmp(cmd->directive->parent->directive,
1413 "<Proxy", 6) == 0) {
1414 const char *pargs = cmd->directive->parent->args;
1415 /* Directive inside <Proxy section
1416 * Parent directive arg is the worker/balancer name.
1418 name = ap_getword_conf(cmd->temp_pool, &pargs);
1419 if ((word = ap_strchr(name, '>')))
1423 /* Standard set directive with worker/balancer
1424 * name as first param.
1426 name = ap_getword_conf(cmd->temp_pool, &arg);
1429 if (strncasecmp(name, "balancer:", 9) == 0) {
1430 balancer = ap_proxy_get_balancer(cmd->pool, conf, name);
1432 return apr_pstrcat(cmd->temp_pool, "ProxySet can not find '",
1433 name, "' Balancer.", NULL);
1437 worker = ap_proxy_get_worker(cmd->temp_pool, conf, name);
1439 return apr_pstrcat(cmd->temp_pool, "ProxySet can not find '",
1440 name, "' Worker.", NULL);
1445 word = ap_getword_conf(cmd->pool, &arg);
1446 val = strchr(word, '=');
1448 return "Invalid ProxySet parameter. Parameter must be "
1449 "in the form 'key=value'";
1454 err = set_worker_param(cmd->pool, worker, word, val);
1456 err = set_balancer_param(cmd->pool, balancer, word, val);
1459 return apr_pstrcat(cmd->temp_pool, "ProxySet ", err, " ", word, " ", name, NULL);
1465 static void ap_add_per_proxy_conf(server_rec *s, ap_conf_vector_t *dir_config)
1467 proxy_server_conf *sconf = ap_get_module_config(s->module_config,
1469 void **new_space = (void **)apr_array_push(sconf->sec_proxy);
1471 *new_space = dir_config;
1474 static const char *proxysection(cmd_parms *cmd, void *mconfig, const char *arg)
1477 const char *endp = ap_strrchr_c(arg, '>');
1478 int old_overrides = cmd->override;
1479 char *old_path = cmd->path;
1480 proxy_dir_conf *conf;
1481 ap_conf_vector_t *new_dir_conf = ap_create_per_dir_config(cmd->pool);
1482 ap_regex_t *r = NULL;
1483 const command_rec *thiscmd = cmd->cmd;
1485 const char *err = ap_check_cmd_context(cmd,
1486 NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
1492 return apr_pstrcat(cmd->pool, cmd->cmd->name,
1493 "> directive missing closing '>'", NULL);
1496 arg=apr_pstrndup(cmd->pool, arg, endp-arg);
1499 if (thiscmd->cmd_data)
1500 return "<ProxyMatch > block must specify a path";
1502 return "<Proxy > block must specify a path";
1505 cmd->path = ap_getword_conf(cmd->pool, &arg);
1506 cmd->override = OR_ALL|ACCESS_CONF;
1508 if (!strncasecmp(cmd->path, "proxy:", 6))
1511 /* XXX Ignore case? What if we proxy a case-insensitive server?!?
1512 * While we are at it, shouldn't we also canonicalize the entire
1513 * scheme? See proxy_fixup()
1515 if (thiscmd->cmd_data) { /* <ProxyMatch> */
1516 r = ap_pregcomp(cmd->pool, cmd->path, AP_REG_EXTENDED);
1518 return "Regex could not be compiled";
1521 else if (!strcmp(cmd->path, "~")) {
1522 cmd->path = ap_getword_conf(cmd->pool, &arg);
1524 return "<Proxy ~ > block must specify a path";
1525 if (strncasecmp(cmd->path, "proxy:", 6))
1527 r = ap_pregcomp(cmd->pool, cmd->path, AP_REG_EXTENDED);
1529 return "Regex could not be compiled";
1533 /* initialize our config and fetch it */
1534 conf = ap_set_config_vectors(cmd->server, new_dir_conf, cmd->path,
1535 &proxy_module, cmd->pool);
1537 errmsg = ap_walk_config(cmd->directive->first_child, cmd, new_dir_conf);
1542 conf->p = cmd->path;
1543 conf->p_is_fnmatch = apr_fnmatch_test(conf->p);
1545 ap_add_per_proxy_conf(cmd->server, new_dir_conf);
1548 return apr_pstrcat(cmd->pool, "Multiple ", thiscmd->name,
1549 "> arguments not (yet) supported.", NULL);
1552 cmd->path = old_path;
1553 cmd->override = old_overrides;
1558 static const command_rec proxy_cmds[] =
1560 AP_INIT_RAW_ARGS("<Proxy", proxysection, NULL, RSRC_CONF,
1561 "Container for directives affecting resources located in the proxied "
1563 AP_INIT_RAW_ARGS("<ProxyMatch", proxysection, (void*)1, RSRC_CONF,
1564 "Container for directives affecting resources located in the proxied "
1565 "location, in regular expression syntax"),
1566 AP_INIT_FLAG("ProxyRequests", set_proxy_req, NULL, RSRC_CONF,
1567 "on if the true proxy requests should be accepted"),
1568 AP_INIT_TAKE2("ProxyRemote", add_proxy_noregex, NULL, RSRC_CONF,
1569 "a scheme, partial URL or '*' and a proxy server"),
1570 AP_INIT_TAKE2("ProxyRemoteMatch", add_proxy_regex, NULL, RSRC_CONF,
1571 "a regex pattern and a proxy server"),
1572 AP_INIT_RAW_ARGS("ProxyPass", add_pass, NULL, RSRC_CONF|ACCESS_CONF,
1573 "a virtual path and a URL"),
1574 AP_INIT_TAKE12("ProxyPassReverse", add_pass_reverse, NULL, RSRC_CONF|ACCESS_CONF,
1575 "a virtual path and a URL for reverse proxy behaviour"),
1576 AP_INIT_TAKE2("ProxyPassReverseCookiePath", cookie_path, NULL,
1577 RSRC_CONF|ACCESS_CONF, "Path rewrite rule for proxying cookies"),
1578 AP_INIT_TAKE2("ProxyPassReverseCookieDomain", cookie_domain, NULL,
1579 RSRC_CONF|ACCESS_CONF, "Domain rewrite rule for proxying cookies"),
1580 AP_INIT_ITERATE("ProxyBlock", set_proxy_exclude, NULL, RSRC_CONF,
1581 "A list of names, hosts or domains to which the proxy will not connect"),
1582 AP_INIT_TAKE1("ProxyReceiveBufferSize", set_recv_buffer_size, NULL, RSRC_CONF,
1583 "Receive buffer size for outgoing HTTP and FTP connections in bytes"),
1584 AP_INIT_TAKE1("ProxyIOBufferSize", set_io_buffer_size, NULL, RSRC_CONF,
1585 "IO buffer size for outgoing HTTP and FTP connections in bytes"),
1586 AP_INIT_TAKE1("ProxyMaxForwards", set_max_forwards, NULL, RSRC_CONF,
1587 "The maximum number of proxies a request may be forwarded through."),
1588 AP_INIT_ITERATE("NoProxy", set_proxy_dirconn, NULL, RSRC_CONF,
1589 "A list of domains, hosts, or subnets to which the proxy will connect directly"),
1590 AP_INIT_TAKE1("ProxyDomain", set_proxy_domain, NULL, RSRC_CONF,
1591 "The default intranet domain name (in absence of a domain in the URL)"),
1592 AP_INIT_ITERATE("AllowCONNECT", set_allowed_ports, NULL, RSRC_CONF,
1593 "A list of ports which CONNECT may connect to"),
1594 AP_INIT_TAKE1("ProxyVia", set_via_opt, NULL, RSRC_CONF,
1595 "Configure Via: proxy header header to one of: on | off | block | full"),
1596 AP_INIT_FLAG("ProxyErrorOverride", set_proxy_error_override, NULL, RSRC_CONF,
1597 "use our error handling pages instead of the servers' we are proxying"),
1598 AP_INIT_FLAG("ProxyPreserveHost", set_preserve_host, NULL, RSRC_CONF,
1599 "on if we should preserve host header while proxying"),
1600 AP_INIT_TAKE1("ProxyTimeout", set_proxy_timeout, NULL, RSRC_CONF,
1601 "Set the timeout (in seconds) for a proxied connection. "
1602 "This overrides the server timeout"),
1603 AP_INIT_TAKE1("ProxyBadHeader", set_bad_opt, NULL, RSRC_CONF,
1604 "How to handle bad header line in response: IsError | Ignore | StartBody"),
1605 AP_INIT_RAW_ARGS("BalancerMember", add_member, NULL, RSRC_CONF|ACCESS_CONF,
1606 "A balancer name and scheme with list of params"),
1607 AP_INIT_TAKE1("ProxyStatus", set_status_opt, NULL, RSRC_CONF,
1608 "Configure Status: proxy status to one of: on | off | full"),
1609 AP_INIT_RAW_ARGS("ProxySet", set_proxy_param, NULL, RSRC_CONF|ACCESS_CONF,
1610 "A balancer or worker name with list of params"),
1614 static APR_OPTIONAL_FN_TYPE(ssl_proxy_enable) *proxy_ssl_enable = NULL;
1615 static APR_OPTIONAL_FN_TYPE(ssl_engine_disable) *proxy_ssl_disable = NULL;
1616 static APR_OPTIONAL_FN_TYPE(ssl_is_https) *proxy_is_https = NULL;
1617 static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *proxy_ssl_val = NULL;
1619 PROXY_DECLARE(int) ap_proxy_ssl_enable(conn_rec *c)
1622 * if c == NULL just check if the optional function was imported
1623 * else run the optional function so ssl filters are inserted
1625 if (proxy_ssl_enable) {
1626 return c ? proxy_ssl_enable(c) : 1;
1632 PROXY_DECLARE(int) ap_proxy_ssl_disable(conn_rec *c)
1634 if (proxy_ssl_disable) {
1635 return proxy_ssl_disable(c);
1641 PROXY_DECLARE(int) ap_proxy_conn_is_https(conn_rec *c)
1643 if (proxy_is_https) {
1644 return proxy_is_https(c);
1650 PROXY_DECLARE(const char *) ap_proxy_ssl_val(apr_pool_t *p, server_rec *s,
1651 conn_rec *c, request_rec *r,
1654 if (proxy_ssl_val) {
1655 /* XXX Perhaps the casting useless */
1656 return (const char *)proxy_ssl_val(p, s, c, r, (char *)var);
1662 static int proxy_post_config(apr_pool_t *pconf, apr_pool_t *plog,
1663 apr_pool_t *ptemp, server_rec *s)
1666 proxy_ssl_enable = APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable);
1667 proxy_ssl_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable);
1668 proxy_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
1669 proxy_ssl_val = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
1675 * proxy Extension to mod_status
1677 static int proxy_status_hook(request_rec *r, int flags)
1680 void *sconf = r->server->module_config;
1681 proxy_server_conf *conf = (proxy_server_conf *)
1682 ap_get_module_config(sconf, &proxy_module);
1683 proxy_balancer *balancer = NULL;
1684 proxy_worker *worker = NULL;
1686 if (flags & AP_STATUS_SHORT || conf->balancers->nelts == 0 ||
1687 conf->proxy_status == status_off)
1690 balancer = (proxy_balancer *)conf->balancers->elts;
1691 for (i = 0; i < conf->balancers->nelts; i++) {
1692 ap_rputs("<hr />\n<h1>Proxy LoadBalancer Status for ", r);
1693 ap_rvputs(r, balancer->name, "</h1>\n\n", NULL);
1694 ap_rputs("\n\n<table border=\"0\"><tr>"
1695 "<th>SSes</th><th>Timeout</th><th>Method</th>"
1697 ap_rvputs(r, "<td>", balancer->sticky, NULL);
1698 ap_rprintf(r, "</td><td>%" APR_TIME_T_FMT "</td>",
1699 apr_time_sec(balancer->timeout));
1700 ap_rprintf(r, "<td>%s</td>\n",
1701 balancer->lbmethod == lbmethod_requests ? "Requests" :
1702 balancer->lbmethod == lbmethod_traffic ? "Traffic" :
1704 ap_rputs("</table>\n", r);
1705 ap_rputs("\n\n<table border=\"0\"><tr>"
1706 "<th>Sch</th><th>Host</th><th>Stat</th>"
1707 "<th>Route</th><th>Redir</th>"
1708 "<th>F</th><th>Acc</th><th>Wr</th><th>Rd</th>"
1711 worker = (proxy_worker *)balancer->workers->elts;
1712 for (n = 0; n < balancer->workers->nelts; n++) {
1714 ap_rvputs(r, "<tr>\n<td>", worker->scheme, "</td>", NULL);
1715 ap_rvputs(r, "<td>", worker->hostname, "</td><td>", NULL);
1716 if (worker->s->status & PROXY_WORKER_DISABLED)
1718 else if (worker->s->status & PROXY_WORKER_IN_ERROR)
1720 else if (worker->s->status & PROXY_WORKER_INITIALIZED)
1724 ap_rvputs(r, "</td><td>", worker->s->route, NULL);
1725 ap_rvputs(r, "</td><td>", worker->s->redirect, NULL);
1726 ap_rprintf(r, "</td><td>%d</td>", worker->s->lbfactor);
1727 ap_rprintf(r, "<td>%d</td><td>", (int)(worker->s->elected));
1728 ap_rputs(apr_strfsize(worker->s->transferred, fbuf), r);
1729 ap_rputs("</td><td>", r);
1730 ap_rputs(apr_strfsize(worker->s->read, fbuf), r);
1731 ap_rputs("</td>\n", r);
1733 /* TODO: Add the rest of dynamic worker data */
1734 ap_rputs("</tr>\n", r);
1738 ap_rputs("</table>\n", r);
1741 ap_rputs("<hr /><table>\n"
1742 "<tr><th>SSes</th><td>Sticky session name</td></tr>\n"
1743 "<tr><th>Timeout</th><td>Balancer Timeout</td></tr>\n"
1744 "<tr><th>Sch</th><td>Connection scheme</td></tr>\n"
1745 "<tr><th>Host</th><td>Backend Hostname</td></tr>\n"
1746 "<tr><th>Stat</th><td>Worker status</td></tr>\n"
1747 "<tr><th>Route</th><td>Session Route</td></tr>\n"
1748 "<tr><th>Redir</th><td>Session Route Redirection</td></tr>\n"
1749 "<tr><th>F</th><td>Load Balancer Factor in %</td></tr>\n"
1750 "<tr><th>Acc</th><td>Number of requests</td></tr>\n"
1751 "<tr><th>Wr</th><td>Number of bytes transferred</td></tr>\n"
1752 "<tr><th>Rd</th><td>Number of bytes read</td></tr>\n"
1758 static void child_init(apr_pool_t *p, server_rec *s)
1760 proxy_worker *reverse = NULL;
1763 void *sconf = s->module_config;
1764 proxy_server_conf *conf;
1765 proxy_worker *worker;
1768 conf = (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
1769 /* Initialize worker's shared scoreboard data */
1770 worker = (proxy_worker *)conf->workers->elts;
1771 for (i = 0; i < conf->workers->nelts; i++) {
1772 ap_proxy_initialize_worker_share(conf, worker, s);
1773 ap_proxy_initialize_worker(worker, s);
1776 /* Initialize forward worker if defined */
1777 if (conf->forward) {
1778 ap_proxy_initialize_worker_share(conf, conf->forward, s);
1779 ap_proxy_initialize_worker(conf->forward, s);
1780 /* Do not disable worker in case of errors */
1781 conf->forward->s->status |= PROXY_WORKER_IGNORE_ERRORS;
1782 /* Disable address cache for generic forward worker */
1783 conf->forward->is_address_reusable = 0;
1786 reverse = ap_proxy_create_worker(p);
1787 reverse->name = "proxy:reverse";
1788 reverse->hostname = "*";
1789 reverse->scheme = "*";
1790 ap_proxy_initialize_worker_share(conf, reverse, s);
1791 ap_proxy_initialize_worker(reverse, s);
1792 /* Do not disable worker in case of errors */
1793 reverse->s->status |= PROXY_WORKER_IGNORE_ERRORS;
1794 /* Disable address cache for generic reverse worker */
1795 reverse->is_address_reusable = 0;
1797 conf->reverse = reverse;
1803 * This routine is called before the server processes the configuration
1804 * files. There is no return value.
1806 static int proxy_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
1809 APR_OPTIONAL_HOOK(ap, status_hook, proxy_status_hook, NULL, NULL,
1811 /* Reset workers count on gracefull restart */
1812 proxy_lb_workers = 0;
1816 static void register_hooks(apr_pool_t *p)
1818 /* fixup before mod_rewrite, so that the proxied url will not
1819 * escaped accidentally by our fixup.
1821 static const char * const aszSucc[]={ "mod_rewrite.c", NULL };
1822 /* Only the mpm_winnt has child init hook handler.
1823 * make sure that we are called after the mpm
1826 static const char *const aszPred[] = { "mpm_winnt.c", NULL};
1828 APR_REGISTER_OPTIONAL_FN(ap_proxy_lb_workers);
1830 ap_hook_handler(proxy_handler, NULL, NULL, APR_HOOK_FIRST);
1831 /* filename-to-URI translation */
1832 ap_hook_translate_name(proxy_trans, aszSucc, NULL, APR_HOOK_FIRST);
1833 /* walk <Proxy > entries and suppress default TRACE behavior */
1834 ap_hook_map_to_storage(proxy_map_location, NULL,NULL, APR_HOOK_FIRST);
1836 ap_hook_fixups(proxy_fixup, NULL, aszSucc, APR_HOOK_FIRST);
1837 /* post read_request handling */
1838 ap_hook_post_read_request(proxy_detect, NULL, NULL, APR_HOOK_FIRST);
1839 /* pre config handling */
1840 ap_hook_pre_config(proxy_pre_config, NULL, NULL, APR_HOOK_MIDDLE);
1841 /* post config handling */
1842 ap_hook_post_config(proxy_post_config, NULL, NULL, APR_HOOK_MIDDLE);
1843 /* child init handling */
1844 ap_hook_child_init(child_init, aszPred, NULL, APR_HOOK_MIDDLE);
1848 module AP_MODULE_DECLARE_DATA proxy_module =
1850 STANDARD20_MODULE_STUFF,
1851 create_proxy_dir_config, /* create per-directory config structure */
1852 merge_proxy_dir_config, /* merge per-directory config structures */
1853 create_proxy_config, /* create per-server config structure */
1854 merge_proxy_config, /* merge per-server config structures */
1855 proxy_cmds, /* command table */
1860 APR_HOOK_LINK(scheme_handler)
1861 APR_HOOK_LINK(canon_handler)
1862 APR_HOOK_LINK(pre_request)
1863 APR_HOOK_LINK(post_request)
1866 APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(proxy, PROXY, int, scheme_handler,
1867 (request_rec *r, proxy_worker *worker,
1868 proxy_server_conf *conf,
1869 char *url, const char *proxyhost,
1870 apr_port_t proxyport),(r,worker,conf,
1871 url,proxyhost,proxyport),DECLINED)
1872 APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(proxy, PROXY, int, canon_handler,
1873 (request_rec *r, char *url),(r,
1875 APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(proxy, PROXY, int, pre_request, (
1876 proxy_worker **worker,
1877 proxy_balancer **balancer,
1879 proxy_server_conf *conf,
1880 char **url),(worker,balancer,
1881 r,conf,url),DECLINED)
1882 APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(proxy, PROXY, int, post_request,
1883 (proxy_worker *worker,
1884 proxy_balancer *balancer,
1886 proxy_server_conf *conf),(worker,
1887 balancer,r,conf),DECLINED)
1888 APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(proxy, PROXY, int, fixups,
1889 (request_rec *r), (r),