1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
22 * @brief Proxy Extension Module for Apache
24 * @defgroup MOD_PROXY mod_proxy
25 * @ingroup APACHE_MODS
29 #include "apr_hooks.h"
30 #include "apr_optional.h"
33 #include "apr_strings.h"
34 #include "apr_buckets.h"
36 #include "apr_network_io.h"
37 #include "apr_pools.h"
38 #include "apr_strings.h"
41 #include "apr_strmatch.h"
42 #include "apr_fnmatch.h"
43 #include "apr_reslist.h"
44 #define APR_WANT_STRFUNC
47 #include "util_mutex.h"
48 #include "apr_global_mutex.h"
49 #include "apr_thread_mutex.h"
52 #include "http_config.h"
53 #include "ap_config.h"
54 #include "http_core.h"
55 #include "http_protocol.h"
56 #include "http_request.h"
57 #include "http_vhost.h"
58 #include "http_main.h"
60 #include "http_connection.h"
61 #include "util_filter.h"
62 #include "util_ebcdic.h"
63 #include "ap_provider.h"
64 #include "ap_slotmem.h"
66 #if APR_HAVE_NETINET_IN_H
67 #include <netinet/in.h>
69 #if APR_HAVE_ARPA_INET_H
70 #include <arpa/inet.h>
73 /* for proxy_canonenc() */
75 enc_path, enc_search, enc_user, enc_fpath, enc_parm
79 NONE, TCP, OPTIONS, HEAD, GET, CPING, PROVIDER, EOT
94 #define BALANCER_PREFIX "balancer://"
96 #if APR_CHARSET_EBCDIC
98 #else /*APR_CHARSET_EBCDIC*/
99 #define CRLF "\015\012"
100 #endif /*APR_CHARSET_EBCDIC*/
102 /* default Max-Forwards header setting */
103 /* Set this to -1, which complies with RFC2616 by not setting
104 * max-forwards if the client didn't send it to us.
106 #define DEFAULT_MAX_FORWARDS -1
108 typedef struct proxy_balancer proxy_balancer;
109 typedef struct proxy_worker proxy_worker;
110 typedef struct proxy_conn_pool proxy_conn_pool;
111 typedef struct proxy_balancer_method proxy_balancer_method;
113 /* static information about a remote proxy */
114 struct proxy_remote {
115 const char *scheme; /* the schemes handled by this proxy, or '*' */
116 const char *protocol; /* the scheme used to talk to this proxy */
117 const char *hostname; /* the hostname of this proxy */
118 ap_regex_t *regexp; /* compiled regex (if any) for the remote */
119 int use_regex; /* simple boolean. True if we have a regex pattern */
120 apr_port_t port; /* the port for this proxy */
123 #define PROXYPASS_NOCANON 0x01
124 #define PROXYPASS_INTERPOLATE 0x02
125 #define PROXYPASS_NOQUERY 0x04
131 proxy_balancer *balancer; /* only valid for reverse-proxys */
134 struct dirconn_entry {
136 struct in_addr addr, mask;
137 struct apr_sockaddr_t *hostaddr;
138 int (*matcher) (struct dirconn_entry * This, request_rec *r);
141 struct noproxy_entry {
143 struct apr_sockaddr_t *addr;
147 apr_array_header_t *proxies;
148 apr_array_header_t *sec_proxy;
149 apr_array_header_t *aliases;
150 apr_array_header_t *noproxies;
151 apr_array_header_t *dirconn;
152 apr_array_header_t *workers; /* non-balancer workers, eg ProxyPass http://example.com */
153 apr_array_header_t *balancers; /* list of balancers @ config time */
154 proxy_worker *forward; /* forward proxy worker */
155 proxy_worker *reverse; /* reverse "module-driven" proxy worker */
156 const char *domain; /* domain name to use in absence of a domain name in the request */
158 apr_pool_t *pool; /* Pool used for allocating this struct's elements */
159 int req; /* true if proxy requests are enabled */
160 int max_balancers; /* maximum number of allowed balancers */
161 int bgrowth; /* number of post-config balancers can added */
167 } viaopt; /* how to deal with proxy Via: headers */
168 apr_size_t recv_buffer_size;
169 apr_size_t io_buffer_size;
171 apr_interval_time_t timeout;
176 } badopt; /* how to deal with bad headers */
181 } proxy_status; /* Status display options */
182 apr_sockaddr_t *source_address;
183 apr_global_mutex_t *mutex; /* global lock - not used */
184 ap_slotmem_instance_t *bslot; /* balancers shm data - runtime */
185 ap_slotmem_provider_t *storage;
187 unsigned int req_set:1;
188 unsigned int viaopt_set:1;
189 unsigned int recv_buffer_size_set:1;
190 unsigned int io_buffer_size_set:1;
191 unsigned int maxfwd_set:1;
192 unsigned int timeout_set:1;
193 unsigned int badopt_set:1;
194 unsigned int proxy_status_set:1;
195 unsigned int source_address_set:1;
196 unsigned int bgrowth_set:1;
197 unsigned int bal_persist:1;
198 unsigned int inherit:1;
199 unsigned int inherit_set:1;
200 unsigned int ppinherit:1;
201 unsigned int ppinherit_set:1;
206 const char *p; /* The path */
207 ap_regex_t *r; /* Is this a regex? */
210 * ProxyPassReverse and friends are documented as working inside
211 * <Location>. But in fact they never have done in the case of
212 * more than one <Location>, because the server_conf can't see it.
213 * We need to move them to the per-dir config.
214 * Discussed in February 2005:
215 * http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=110726027118798&w=2
217 apr_array_header_t *raliases;
218 apr_array_header_t* cookie_paths;
219 apr_array_header_t* cookie_domains;
220 signed char p_is_fnmatch; /* Is the path an fnmatch candidate? */
221 signed char interpolate_env;
222 struct proxy_alias *alias;
225 * the following setting masks the error page
226 * returned from the 'proxied server' and just
227 * forwards the status code upwards.
228 * This allows the main server (us) to generate
229 * the error page, (so it will look like a error
230 * returned from the rest of the system
232 unsigned int error_override:1;
233 unsigned int preserve_host:1;
234 unsigned int preserve_host_set:1;
235 unsigned int error_override_set:1;
236 unsigned int alias_set:1;
237 unsigned int add_forwarded_headers:1;
239 /** Named back references */
240 apr_array_header_t *refs;
244 /* if we interpolate env vars per-request, we'll need a per-request
245 * copy of the reverse proxy config
248 apr_array_header_t *raliases;
249 apr_array_header_t* cookie_paths;
250 apr_array_header_t* cookie_domains;
254 conn_rec *connection;
255 request_rec *r; /* Request record of the backend request
256 * that is used over the backend connection. */
257 proxy_worker *worker; /* Connection pool this connection belongs to */
258 apr_pool_t *pool; /* Subpool for hostname and addr data */
259 const char *hostname;
260 apr_sockaddr_t *addr; /* Preparsed remote address info */
261 apr_pool_t *scpool; /* Subpool used for socket and connection data */
262 apr_socket_t *sock; /* Connection socket */
263 void *data; /* per scheme connection data */
264 void *forward; /* opaque forward proxy data */
265 apr_uint32_t flags; /* Connection flags */
267 unsigned int is_ssl:1;
268 unsigned int close:1; /* Close 'this' connection */
269 unsigned int need_flush:1; /* Flag to decide whether we need to flush the
270 * filter chain or not */
271 unsigned int inreslist:1; /* connection in apr_reslist? */
272 const char *uds_path; /* Unix domain socket path */
273 const char *ssl_hostname;/* Hostname (SNI) in use by SSL connection */
274 apr_bucket_brigade *tmp_bb;
278 float cache_completion; /* completion percentage */
279 int content_length; /* length of the content */
282 /* Connection pool */
283 struct proxy_conn_pool {
284 apr_pool_t *pool; /* The pool used in constructor and destructor calls */
285 apr_sockaddr_t *addr; /* Preparsed remote address info */
286 apr_reslist_t *res; /* Connection resource list */
287 proxy_conn_rec *conn; /* Single connection for prefork mpm */
290 /* worker status bits */
292 * NOTE: Keep up-to-date w/ proxy_wstat_tbl[]
295 #define PROXY_WORKER_INITIALIZED 0x0001
296 #define PROXY_WORKER_IGNORE_ERRORS 0x0002
297 #define PROXY_WORKER_DRAIN 0x0004
298 #define PROXY_WORKER_GENERIC 0x0008
299 #define PROXY_WORKER_IN_SHUTDOWN 0x0010
300 #define PROXY_WORKER_DISABLED 0x0020
301 #define PROXY_WORKER_STOPPED 0x0040
302 #define PROXY_WORKER_IN_ERROR 0x0080
303 #define PROXY_WORKER_HOT_STANDBY 0x0100
304 #define PROXY_WORKER_FREE 0x0200
305 #define PROXY_WORKER_HC_FAIL 0x0400
307 /* worker status flags */
308 #define PROXY_WORKER_INITIALIZED_FLAG 'O'
309 #define PROXY_WORKER_IGNORE_ERRORS_FLAG 'I'
310 #define PROXY_WORKER_DRAIN_FLAG 'N'
311 #define PROXY_WORKER_GENERIC_FLAG 'G'
312 #define PROXY_WORKER_IN_SHUTDOWN_FLAG 'U'
313 #define PROXY_WORKER_DISABLED_FLAG 'D'
314 #define PROXY_WORKER_STOPPED_FLAG 'S'
315 #define PROXY_WORKER_IN_ERROR_FLAG 'E'
316 #define PROXY_WORKER_HOT_STANDBY_FLAG 'H'
317 #define PROXY_WORKER_FREE_FLAG 'F'
318 #define PROXY_WORKER_HC_FAIL_FLAG 'C'
320 #define PROXY_WORKER_NOT_USABLE_BITMAP ( PROXY_WORKER_IN_SHUTDOWN | \
321 PROXY_WORKER_DISABLED | PROXY_WORKER_STOPPED | PROXY_WORKER_IN_ERROR | \
322 PROXY_WORKER_HC_FAIL )
324 /* NOTE: these check the shared status */
325 #define PROXY_WORKER_IS_INITIALIZED(f) ( (f)->s->status & PROXY_WORKER_INITIALIZED )
327 #define PROXY_WORKER_IS_STANDBY(f) ( (f)->s->status & PROXY_WORKER_HOT_STANDBY )
329 #define PROXY_WORKER_IS_USABLE(f) ( ( !( (f)->s->status & PROXY_WORKER_NOT_USABLE_BITMAP) ) && \
330 PROXY_WORKER_IS_INITIALIZED(f) )
332 #define PROXY_WORKER_IS_DRAINING(f) ( (f)->s->status & PROXY_WORKER_DRAIN )
334 #define PROXY_WORKER_IS_GENERIC(f) ( (f)->s->status & PROXY_WORKER_GENERIC )
336 #define PROXY_WORKER_IS_HCFAILED(f) ( (f)->s->status & PROXY_WORKER_HC_FAIL )
338 #define PROXY_WORKER_IS(f, b) ( (f)->s->status & (b) )
340 /* default worker retry timeout in seconds */
341 #define PROXY_WORKER_DEFAULT_RETRY 60
343 /* Some max char string sizes, for shm fields */
344 #define PROXY_WORKER_MAX_SCHEME_SIZE 16
345 #define PROXY_WORKER_MAX_ROUTE_SIZE 96
346 #define PROXY_BALANCER_MAX_ROUTE_SIZE 64
347 #define PROXY_WORKER_MAX_NAME_SIZE 256
348 #define PROXY_BALANCER_MAX_NAME_SIZE 64
349 #define PROXY_WORKER_MAX_HOSTNAME_SIZE 96
350 #define PROXY_BALANCER_MAX_HOSTNAME_SIZE 64
351 #define PROXY_BALANCER_MAX_STICKY_SIZE 64
352 #define PROXY_WORKER_MAX_SECRET_SIZE 64
354 /* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names,
355 * dotted together(?) this would fit the below size (+ trailing NUL).
357 #define PROXY_WORKER_RFC1035_NAME_SIZE 512
359 #define PROXY_MAX_PROVIDER_NAME_SIZE 16
361 #define PROXY_STRNCPY(dst, src) ap_proxy_strncpy((dst), (src), (sizeof(dst)))
363 #define PROXY_COPY_CONF_PARAMS(w, c) \
365 (w)->s->timeout = (c)->timeout; \
366 (w)->s->timeout_set = (c)->timeout_set; \
367 (w)->s->recv_buffer_size = (c)->recv_buffer_size; \
368 (w)->s->recv_buffer_size_set = (c)->recv_buffer_size_set; \
369 (w)->s->io_buffer_size = (c)->io_buffer_size; \
370 (w)->s->io_buffer_size_set = (c)->io_buffer_size_set; \
373 #define PROXY_DO_100_CONTINUE(w, r) \
374 ((w)->s->ping_timeout_set \
375 && (PROXYREQ_REVERSE == (r)->proxyreq) \
376 && !(apr_table_get((r)->subprocess_env, "force-proxy-request-1.0")) \
377 && ap_request_has_body((r)))
385 /* Runtime worker status informations. Shared in scoreboard */
387 char name[PROXY_WORKER_MAX_NAME_SIZE];
388 char scheme[PROXY_WORKER_MAX_SCHEME_SIZE]; /* scheme to use ajp|http|https */
389 char hostname[PROXY_WORKER_MAX_HOSTNAME_SIZE]; /* remote backend address */
390 char route[PROXY_WORKER_MAX_ROUTE_SIZE]; /* balancing route */
391 char redirect[PROXY_WORKER_MAX_ROUTE_SIZE]; /* temporary balancing redirection route */
392 char flusher[PROXY_WORKER_MAX_SCHEME_SIZE]; /* flush provider used by mod_proxy_fdpass */
393 char uds_path[PROXY_WORKER_MAX_NAME_SIZE]; /* path to worker's unix domain socket if applicable */
394 char hcuri[PROXY_WORKER_MAX_ROUTE_SIZE]; /* health check uri */
395 char hcexpr[PROXY_WORKER_MAX_SCHEME_SIZE]; /* name of condition expr for health check */
396 int lbset; /* load balancer cluster set */
397 int retries; /* number of retries on this worker */
398 int lbstatus; /* Current lbstatus */
399 int lbfactor; /* dynamic lbfactor */
400 int min; /* Desired minimum number of available connections */
401 int smax; /* Soft maximum on the total number of connections */
402 int hmax; /* Hard maximum on the total number of connections */
403 int flush_wait; /* poll wait time in microseconds if flush_auto */
404 int index; /* shm array index */
405 int passes; /* number of successes for check to pass */
406 int pcount; /* current count of passes */
407 int fails; /* number of failures for check to fail */
408 int fcount; /* current count of failures */
409 proxy_hashes hash; /* hash of worker name */
410 unsigned int status; /* worker status bitfield */
415 } flush_packets; /* control AJP flushing */
416 hcmethod_t method; /* method to use for health check */
417 apr_time_t updated; /* timestamp of last update */
418 apr_time_t error_time; /* time of the last error */
419 apr_interval_time_t ttl; /* maximum amount of time in seconds a connection
420 * may be available while exceeding the soft limit */
421 apr_interval_time_t retry; /* retry interval */
422 apr_interval_time_t timeout; /* connection timeout */
423 apr_interval_time_t acquire; /* acquire timeout when the maximum number of connections is exceeded */
424 apr_interval_time_t ping_timeout;
425 apr_interval_time_t conn_timeout;
426 apr_interval_time_t interval;
427 apr_size_t recv_buffer_size;
428 apr_size_t io_buffer_size;
429 apr_size_t elected; /* Number of times the worker was elected */
430 apr_size_t busy; /* busyness factor */
432 apr_off_t transferred;/* Number of bytes transferred to remote */
433 apr_off_t read; /* Number of bytes read from remote */
434 void *context; /* general purpose storage */
435 unsigned int keepalive:1;
436 unsigned int disablereuse:1;
437 unsigned int is_address_reusable:1;
438 unsigned int retry_set:1;
439 unsigned int timeout_set:1;
440 unsigned int acquire_set:1;
441 unsigned int ping_timeout_set:1;
442 unsigned int conn_timeout_set:1;
443 unsigned int recv_buffer_size_set:1;
444 unsigned int io_buffer_size_set:1;
445 unsigned int keepalive_set:1;
446 unsigned int disablereuse_set:1;
447 unsigned int was_malloced:1;
448 unsigned int is_name_matchable:1;
449 char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */
450 } proxy_worker_shared;
452 #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared)))
454 /* Worker configuration */
455 struct proxy_worker {
456 proxy_hashes hash; /* hash of worker name */
457 unsigned int local_status; /* status of per-process worker */
458 proxy_conn_pool *cp; /* Connection pool to use */
459 proxy_worker_shared *s; /* Shared data */
460 proxy_balancer *balancer; /* which balancer am I in? */
461 apr_thread_mutex_t *tmutex; /* Thread lock for updating address cache */
462 void *context; /* general purpose storage */
463 ap_conf_vector_t *section_config; /* <Proxy>-section wherein defined */
466 /* default to health check every 30 seconds */
467 #define HCHECK_WATHCHDOG_DEFAULT_INTERVAL (30)
468 /* The watchdog runs every 2 seconds, which is also the minimal check */
469 #define HCHECK_WATHCHDOG_INTERVAL (2)
472 * Time to wait (in microseconds) to find out if more data is currently
473 * available at the backend.
475 #define PROXY_FLUSH_WAIT 10000
478 char sticky_path[PROXY_BALANCER_MAX_STICKY_SIZE]; /* URL sticky session identifier */
479 char sticky[PROXY_BALANCER_MAX_STICKY_SIZE]; /* sticky session identifier */
480 char lbpname[PROXY_MAX_PROVIDER_NAME_SIZE]; /* lbmethod provider name */
481 char nonce[APR_UUID_FORMATTED_LENGTH + 1];
482 char name[PROXY_BALANCER_MAX_NAME_SIZE];
483 char sname[PROXY_BALANCER_MAX_NAME_SIZE];
484 char vpath[PROXY_BALANCER_MAX_ROUTE_SIZE];
485 char vhost[PROXY_BALANCER_MAX_HOSTNAME_SIZE];
486 apr_interval_time_t timeout; /* Timeout for waiting on free connection */
487 apr_time_t wupdated; /* timestamp of last change to workers list */
488 int max_attempts; /* Number of attempts before failing */
489 int index; /* shm array index */
491 unsigned int sticky_force:1; /* Disable failover for sticky sessions */
492 unsigned int scolonsep:1; /* true if ';' seps sticky session paths */
493 unsigned int max_attempts_set:1;
494 unsigned int was_malloced:1;
495 unsigned int need_reset:1;
496 unsigned int vhosted:1;
497 unsigned int inactive:1;
498 unsigned int forcerecovery:1;
499 char sticky_separator; /* separator for sessionid/route */
500 unsigned int forcerecovery_set:1;
501 unsigned int scolonsep_set:1;
502 unsigned int sticky_force_set:1;
503 unsigned int nonce_set:1;
504 unsigned int sticky_separator_set:1;
505 } proxy_balancer_shared;
507 #define ALIGNED_PROXY_BALANCER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_balancer_shared)))
509 struct proxy_balancer {
510 apr_array_header_t *workers; /* initially configured workers */
511 apr_array_header_t *errstatuses; /* statuses to force members into error */
512 ap_slotmem_instance_t *wslot; /* worker shm data - runtime */
513 ap_slotmem_provider_t *storage;
514 int growth; /* number of post-config workers can added */
515 int max_workers; /* maximum number of allowed workers */
517 apr_time_t wupdated; /* timestamp of last change to workers list */
518 proxy_balancer_method *lbmethod;
519 apr_global_mutex_t *gmutex; /* global lock for updating list of workers */
520 apr_thread_mutex_t *tmutex; /* Thread lock for updating shm */
521 proxy_server_conf *sconf;
522 void *context; /* general purpose storage */
523 proxy_balancer_shared *s; /* Shared data */
524 int failontimeout; /* Whether to mark a member in Err if IO timeout occurs */
525 unsigned int failontimeout_set:1;
526 unsigned int growth_set:1;
527 unsigned int lbmethod_set:1;
528 ap_conf_vector_t *section_config; /* <Proxy>-section wherein defined */
531 struct proxy_balancer_method {
532 const char *name; /* name of the load balancer method*/
533 proxy_worker *(*finder)(proxy_balancer *balancer,
535 void *context; /* general purpose storage */
536 apr_status_t (*reset)(proxy_balancer *balancer, server_rec *s);
537 apr_status_t (*age)(proxy_balancer *balancer, server_rec *s);
538 apr_status_t (*updatelbstatus)(proxy_balancer *balancer, proxy_worker *elected, server_rec *s);
541 #define PROXY_THREAD_LOCK(x) ( (x) && (x)->tmutex ? apr_thread_mutex_lock((x)->tmutex) : APR_SUCCESS)
542 #define PROXY_THREAD_UNLOCK(x) ( (x) && (x)->tmutex ? apr_thread_mutex_unlock((x)->tmutex) : APR_SUCCESS)
544 #define PROXY_GLOBAL_LOCK(x) ( (x) && (x)->gmutex ? apr_global_mutex_lock((x)->gmutex) : APR_SUCCESS)
545 #define PROXY_GLOBAL_UNLOCK(x) ( (x) && (x)->gmutex ? apr_global_mutex_unlock((x)->gmutex) : APR_SUCCESS)
549 /* Create a set of PROXY_DECLARE(type), PROXY_DECLARE_NONSTD(type) and
550 * PROXY_DECLARE_DATA with appropriate export and import tags for the platform
553 #define PROXY_DECLARE(type) type
554 #define PROXY_DECLARE_NONSTD(type) type
555 #define PROXY_DECLARE_DATA
556 #elif defined(PROXY_DECLARE_STATIC)
557 #define PROXY_DECLARE(type) type __stdcall
558 #define PROXY_DECLARE_NONSTD(type) type
559 #define PROXY_DECLARE_DATA
560 #elif defined(PROXY_DECLARE_EXPORT)
561 #define PROXY_DECLARE(type) __declspec(dllexport) type __stdcall
562 #define PROXY_DECLARE_NONSTD(type) __declspec(dllexport) type
563 #define PROXY_DECLARE_DATA __declspec(dllexport)
565 #define PROXY_DECLARE(type) __declspec(dllimport) type __stdcall
566 #define PROXY_DECLARE_NONSTD(type) __declspec(dllimport) type
567 #define PROXY_DECLARE_DATA __declspec(dllimport)
570 /* Using PROXY_DECLARE_OPTIONAL_HOOK instead of
571 * APR_DECLARE_EXTERNAL_HOOK allows build/make_nw_export.awk
572 * to distinguish between hooks that implement
573 * proxy_hook_xx and proxy_hook_get_xx in mod_proxy.c and
576 #define PROXY_DECLARE_OPTIONAL_HOOK APR_DECLARE_EXTERNAL_HOOK
579 /* These 2 are in mod_proxy.c */
580 extern PROXY_DECLARE_DATA proxy_hcmethods_t proxy_hcmethods[];
581 extern PROXY_DECLARE_DATA proxy_wstat_t proxy_wstat_tbl[];
583 /* Following 4 from health check */
584 APR_DECLARE_OPTIONAL_FN(void, hc_show_exprs, (request_rec *));
585 APR_DECLARE_OPTIONAL_FN(void, hc_select_exprs, (request_rec *, const char *));
586 APR_DECLARE_OPTIONAL_FN(int, hc_valid_expr, (request_rec *, const char *));
587 APR_DECLARE_OPTIONAL_FN(const char *, set_worker_hc_param,
588 (apr_pool_t *, server_rec *, proxy_worker *,
589 const char *, const char *, void *));
591 PROXY_DECLARE_OPTIONAL_HOOK(proxy, PROXY, int, section_post_config,
592 (apr_pool_t *p, apr_pool_t *plog,
593 apr_pool_t *ptemp, server_rec *s,
594 ap_conf_vector_t *section_config))
596 APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY, int, scheme_handler,
597 (request_rec *r, proxy_worker *worker,
598 proxy_server_conf *conf, char *url,
599 const char *proxyhost, apr_port_t proxyport))
600 APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY, int, canon_handler,
601 (request_rec *r, char *url))
603 PROXY_DECLARE_OPTIONAL_HOOK(proxy, PROXY, int, create_req,
604 (request_rec *r, request_rec *pr))
605 PROXY_DECLARE_OPTIONAL_HOOK(proxy, PROXY, int, fixups, (request_rec *r))
609 * Let modules perform processing when the connection to the origin is being
610 * detached from the request.
611 * @param r The client request
612 * @param backend The proxy representation of the backend connection
614 PROXY_DECLARE_OPTIONAL_HOOK(proxy, PROXY, int, detach_backend,
615 (request_rec *r, proxy_conn_rec *backend))
619 * It will return the most suitable worker at the moment
620 * and coresponding balancer.
621 * The url is rewritten from balancer://cluster/uri to scheme://host:port/uri
622 * and then the scheme_handler is called.
625 APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY, int, pre_request,
626 (proxy_worker **worker, proxy_balancer **balancer,
627 request_rec *r, proxy_server_conf *conf, char **url))
630 * It is called after request for updating runtime balancer status.
632 APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY, int, post_request,
633 (proxy_worker *worker, proxy_balancer *balancer,
634 request_rec *r, proxy_server_conf *conf))
637 * request status hook
638 * It is called after all proxy processing has been done. This gives other
639 * modules a chance to create default content on failure, for example
641 PROXY_DECLARE_OPTIONAL_HOOK(proxy, PROXY, int, request_status,
642 (int *status, request_rec *r))
646 PROXY_DECLARE(apr_status_t) ap_proxy_strncpy(char *dst, const char *src,
648 PROXY_DECLARE(int) ap_proxy_hex2c(const char *x);
649 PROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x);
650 PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len, enum enctype t,
651 int forcedec, int proxyreq);
652 PROXY_DECLARE(char *)ap_proxy_canon_netloc(apr_pool_t *p, char **const urlp, char **userp,
653 char **passwordp, char **hostp, apr_port_t *port);
654 PROXY_DECLARE(int) ap_proxyerror(request_rec *r, int statuscode, const char *message);
656 /** Test whether the hostname/address of the request are blocked by the ProxyBlock
659 * @param conf server configuration
660 * @param hostname hostname from request URI
661 * @param addr resolved address of hostname, or NULL if not known
662 * @return OK on success, or else an errro
664 PROXY_DECLARE(int) ap_proxy_checkproxyblock(request_rec *r, proxy_server_conf *conf,
665 const char *hostname, apr_sockaddr_t *addr);
668 PROXY_DECLARE(int) ap_proxy_pre_http_request(conn_rec *c, request_rec *r);
669 /* DEPRECATED (will be replaced with ap_proxy_connect_backend */
670 PROXY_DECLARE(int) ap_proxy_connect_to_backend(apr_socket_t **, const char *, apr_sockaddr_t *, const char *, proxy_server_conf *, request_rec *);
671 PROXY_DECLARE(apr_status_t) ap_proxy_ssl_connection_cleanup(proxy_conn_rec *conn,
673 PROXY_DECLARE(int) ap_proxy_ssl_enable(conn_rec *c);
674 PROXY_DECLARE(int) ap_proxy_ssl_disable(conn_rec *c);
675 PROXY_DECLARE(int) ap_proxy_ssl_engine(conn_rec *c,
676 ap_conf_vector_t *per_dir_config,
678 PROXY_DECLARE(int) ap_proxy_conn_is_https(conn_rec *c);
679 PROXY_DECLARE(const char *) ap_proxy_ssl_val(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, const char *var);
681 /* Header mapping functions, and a typedef of their signature */
682 PROXY_DECLARE(const char *) ap_proxy_location_reverse_map(request_rec *r, proxy_dir_conf *conf, const char *url);
683 PROXY_DECLARE(const char *) ap_proxy_cookie_reverse_map(request_rec *r, proxy_dir_conf *conf, const char *str);
686 typedef const char *(*ap_proxy_header_reverse_map_fn)(request_rec *,
687 proxy_dir_conf *, const char *);
688 #elif defined(PROXY_DECLARE_STATIC)
689 typedef const char *(__stdcall *ap_proxy_header_reverse_map_fn)(request_rec *,
690 proxy_dir_conf *, const char *);
691 #elif defined(PROXY_DECLARE_EXPORT)
692 typedef __declspec(dllexport) const char *
693 (__stdcall *ap_proxy_header_reverse_map_fn)(request_rec *,
694 proxy_dir_conf *, const char *);
696 typedef __declspec(dllimport) const char *
697 (__stdcall *ap_proxy_header_reverse_map_fn)(request_rec *,
698 proxy_dir_conf *, const char *);
702 /* Connection pool API */
704 * Return the user-land, UDS aware worker name
705 * @param p memory pool used for displaying worker name
706 * @param worker the worker
710 PROXY_DECLARE(char *) ap_proxy_worker_name(apr_pool_t *p,
711 proxy_worker *worker);
714 * Get the worker from proxy configuration
715 * @param p memory pool used for finding worker
716 * @param balancer the balancer that the worker belongs to
717 * @param conf current proxy server configuration
718 * @param url url to find the worker from
719 * @return proxy_worker or NULL if not found
721 PROXY_DECLARE(proxy_worker *) ap_proxy_get_worker(apr_pool_t *p,
722 proxy_balancer *balancer,
723 proxy_server_conf *conf,
726 * Define and Allocate space for the worker to proxy configuration
727 * @param p memory pool to allocate worker from
728 * @param worker the new worker
729 * @param balancer the balancer that the worker belongs to
730 * @param conf current proxy server configuration
731 * @param url url containing worker name
732 * @param do_malloc true if shared struct should be malloced
733 * @return error message or NULL if successful (*worker is new worker)
735 PROXY_DECLARE(char *) ap_proxy_define_worker(apr_pool_t *p,
736 proxy_worker **worker,
737 proxy_balancer *balancer,
738 proxy_server_conf *conf,
743 * Define and Allocate space for the ap_strcmp_match()able worker to proxy
745 * @param p memory pool to allocate worker from
746 * @param worker the new worker
747 * @param balancer the balancer that the worker belongs to
748 * @param conf current proxy server configuration
749 * @param url url containing worker name (produces match pattern)
750 * @param do_malloc true if shared struct should be malloced
751 * @return error message or NULL if successful (*worker is new worker)
753 PROXY_DECLARE(char *) ap_proxy_define_match_worker(apr_pool_t *p,
754 proxy_worker **worker,
755 proxy_balancer *balancer,
756 proxy_server_conf *conf,
761 * Share a defined proxy worker via shm
762 * @param worker worker to be shared
763 * @param shm location of shared info
764 * @param i index into shm
765 * @return APR_SUCCESS or error code
767 PROXY_DECLARE(apr_status_t) ap_proxy_share_worker(proxy_worker *worker,
768 proxy_worker_shared *shm,
772 * Initialize the worker by setting up worker connection pool and mutex
773 * @param worker worker to initialize
774 * @param s current server record
775 * @param p memory pool used for mutex and connection pool
776 * @return APR_SUCCESS or error code
778 PROXY_DECLARE(apr_status_t) ap_proxy_initialize_worker(proxy_worker *worker,
783 * Verifies valid balancer name (eg: balancer://foo)
784 * @param name name to test
785 * @param i number of chars to test; 0 for all.
788 PROXY_DECLARE(int) ap_proxy_valid_balancer_name(char *name, int i);
792 * Get the balancer from proxy configuration
793 * @param p memory pool used for temporary storage while finding balancer
794 * @param conf current proxy server configuration
795 * @param url url to find the worker from; must have balancer:// prefix
796 * @param careactive true if we care if the balancer is active or not
797 * @return proxy_balancer or NULL if not found
799 PROXY_DECLARE(proxy_balancer *) ap_proxy_get_balancer(apr_pool_t *p,
800 proxy_server_conf *conf,
805 * Update the balancer's vhost related fields
806 * @param p memory pool used for temporary storage while finding balancer
807 * @param balancer balancer to be updated
808 * @param url url to find vhost info
809 * @return error string or NULL if OK
811 PROXY_DECLARE(char *) ap_proxy_update_balancer(apr_pool_t *p,
812 proxy_balancer *balancer,
816 * Define and Allocate space for the balancer to proxy configuration
817 * @param p memory pool to allocate balancer from
818 * @param balancer the new balancer
819 * @param conf current proxy server configuration
820 * @param url url containing balancer name
821 * @param alias alias/fake-path to this balancer
822 * @param do_malloc true if shared struct should be malloced
823 * @return error message or NULL if successfull
825 PROXY_DECLARE(char *) ap_proxy_define_balancer(apr_pool_t *p,
826 proxy_balancer **balancer,
827 proxy_server_conf *conf,
833 * Share a defined proxy balancer via shm
834 * @param balancer balancer to be shared
835 * @param shm location of shared info
836 * @param i index into shm
837 * @return APR_SUCCESS or error code
839 PROXY_DECLARE(apr_status_t) ap_proxy_share_balancer(proxy_balancer *balancer,
840 proxy_balancer_shared *shm,
844 * Initialize the balancer as needed
845 * @param balancer balancer to initialize
846 * @param s current server record
847 * @param p memory pool used for mutex and connection pool
848 * @return APR_SUCCESS or error code
850 PROXY_DECLARE(apr_status_t) ap_proxy_initialize_balancer(proxy_balancer *balancer,
855 * Find the shm of the worker as needed
856 * @param storage slotmem provider
857 * @param slot slotmem instance
858 * @param worker worker to find
859 * @param index pointer to index within slotmem of worker
860 * @return pointer to shm of worker, or NULL
862 PROXY_DECLARE(proxy_worker_shared *) ap_proxy_find_workershm(ap_slotmem_provider_t *storage,
863 ap_slotmem_instance_t *slot,
864 proxy_worker *worker,
865 unsigned int *index);
868 * Find the shm of the balancer as needed
869 * @param storage slotmem provider
870 * @param slot slotmem instance
871 * @param balancer balancer of shm to find
872 * @param index pointer to index within slotmem of balancer
873 * @return pointer to shm of balancer, or NULL
875 PROXY_DECLARE(proxy_balancer_shared *) ap_proxy_find_balancershm(ap_slotmem_provider_t *storage,
876 ap_slotmem_instance_t *slot,
877 proxy_balancer *balancer,
878 unsigned int *index);
881 * Get the most suitable worker and/or balancer for the request
882 * @param worker worker used for processing request
883 * @param balancer balancer used for processing request
884 * @param r current request
885 * @param conf current proxy server configuration
886 * @param url request url that balancer can rewrite.
887 * @return OK or HTTP_XXX error
888 * @note It calls balancer pre_request hook if the url starts with balancer://
889 * The balancer then rewrites the url to particular worker, like http://host:port
891 PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
892 proxy_balancer **balancer,
894 proxy_server_conf *conf,
897 * Post request worker and balancer cleanup
898 * @param worker worker used for processing request
899 * @param balancer balancer used for processing request
900 * @param r current request
901 * @param conf current proxy server configuration
902 * @return OK or HTTP_XXX error
903 * @note Whenever the pre_request is called, the post_request has to be
906 PROXY_DECLARE(int) ap_proxy_post_request(proxy_worker *worker,
907 proxy_balancer *balancer,
909 proxy_server_conf *conf);
912 * Determine backend hostname and port
913 * @param p memory pool used for processing
914 * @param r current request
915 * @param conf current proxy server configuration
916 * @param worker worker used for processing request
917 * @param conn proxy connection struct
918 * @param uri processed uri
919 * @param url request url
920 * @param proxyname are we connecting directly or via a proxy
921 * @param proxyport proxy host port
922 * @param server_portstr Via headers server port, must be non-NULL
923 * @param server_portstr_size size of the server_portstr buffer; must
924 * be at least one, even if the protocol doesn't use this
925 * @return OK or HTTP_XXX error
927 PROXY_DECLARE(int) ap_proxy_determine_connection(apr_pool_t *p, request_rec *r,
928 proxy_server_conf *conf,
929 proxy_worker *worker,
930 proxy_conn_rec *conn,
933 const char *proxyname,
934 apr_port_t proxyport,
935 char *server_portstr,
936 int server_portstr_size);
939 * Mark a worker for retry
940 * @param proxy_function calling proxy scheme (http, ajp, ...)
941 * @param worker worker used for retrying
942 * @param s current server record
943 * @return OK if marked for retry, DECLINED otherwise
944 * @note The error status of the worker will cleared if the retry interval has
945 * elapsed since the last error.
947 APR_DECLARE_OPTIONAL_FN(int, ap_proxy_retry_worker,
948 (const char *proxy_function, proxy_worker *worker, server_rec *s));
951 * Acquire a connection from worker connection pool
952 * @param proxy_function calling proxy scheme (http, ajp, ...)
953 * @param conn acquired connection
954 * @param worker worker used for obtaining connection
955 * @param s current server record
956 * @return OK or HTTP_XXX error
957 * @note If the connection limit has been reached, the function will
958 * block until a connection becomes available or the timeout has
961 PROXY_DECLARE(int) ap_proxy_acquire_connection(const char *proxy_function,
962 proxy_conn_rec **conn,
963 proxy_worker *worker,
966 * Release a connection back to worker connection pool
967 * @param proxy_function calling proxy scheme (http, ajp, ...)
968 * @param conn acquired connection
969 * @param s current server record
970 * @return OK or HTTP_XXX error
971 * @note The connection will be closed if conn->close_on_release is set
973 PROXY_DECLARE(int) ap_proxy_release_connection(const char *proxy_function,
974 proxy_conn_rec *conn,
977 * Make a connection to the backend
978 * @param proxy_function calling proxy scheme (http, ajp, ...)
979 * @param conn acquired connection
980 * @param worker connection worker
981 * @param s current server record
982 * @return OK or HTTP_XXX error
983 * @note In case the socket already exists for conn, just check the link
986 PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function,
987 proxy_conn_rec *conn,
988 proxy_worker *worker,
992 * Make a connection to a Unix Domain Socket (UDS) path
993 * @param sock UDS to connect
994 * @param uds_path UDS path to connect to
995 * @param p pool to make the sock addr
996 * @return APR_SUCCESS or error status
998 PROXY_DECLARE(apr_status_t) ap_proxy_connect_uds(apr_socket_t *sock,
999 const char *uds_path,
1002 * Make a connection record for backend connection
1003 * @param proxy_function calling proxy scheme (http, ajp, ...)
1004 * @param conn acquired connection
1005 * @param c client connection record (unused, deprecated)
1006 * @param s current server record
1007 * @return OK or HTTP_XXX error
1008 * @note The function will return immediately if conn->connection
1011 PROXY_DECLARE(int) ap_proxy_connection_create(const char *proxy_function,
1012 proxy_conn_rec *conn,
1013 conn_rec *c, server_rec *s);
1016 * Make a connection record for backend connection, using request dir config
1017 * @param proxy_function calling proxy scheme (http, ajp, ...)
1018 * @param conn acquired connection
1019 * @param r current request record
1020 * @return OK or HTTP_XXX error
1021 * @note The function will return immediately if conn->connection
1024 PROXY_DECLARE(int) ap_proxy_connection_create_ex(const char *proxy_function,
1025 proxy_conn_rec *conn,
1028 * Determine if proxy connection can potentially be reused at the
1029 * end of this request.
1030 * @param conn proxy connection
1031 * @return non-zero if reusable, 0 otherwise
1032 * @note Even if this function returns non-zero, the connection may
1033 * be subsequently marked for closure.
1035 PROXY_DECLARE(int) ap_proxy_connection_reusable(proxy_conn_rec *conn);
1038 * Signal the upstream chain that the connection to the backend broke in the
1039 * middle of the response. This is done by sending an error bucket with
1040 * status HTTP_BAD_GATEWAY and an EOS bucket up the filter chain.
1041 * @param r current request record of client request
1042 * @param brigade The brigade that is sent through the output filter chain
1043 * @deprecated To be removed in v2.6.
1045 PROXY_DECLARE(void) ap_proxy_backend_broke(request_rec *r,
1046 apr_bucket_brigade *brigade);
1049 * Return a hash based on the passed string
1050 * @param str string to produce hash from
1051 * @param method hashing method to use
1052 * @return hash as unsigned int
1055 typedef enum { PROXY_HASHFUNC_DEFAULT, PROXY_HASHFUNC_APR, PROXY_HASHFUNC_FNV } proxy_hash_t;
1057 PROXY_DECLARE(unsigned int) ap_proxy_hashfunc(const char *str, proxy_hash_t method);
1061 * Set/unset the worker status bitfield depending on flag
1063 * @param set set or unset bit
1064 * @param w worker to use
1065 * @return APR_SUCCESS if valid flag
1067 PROXY_DECLARE(apr_status_t) ap_proxy_set_wstatus(char c, int set, proxy_worker *w);
1071 * Create readable representation of worker status bitfield
1073 * @param w worker to use
1074 * @return string representation of status
1076 PROXY_DECLARE(char *) ap_proxy_parse_wstatus(apr_pool_t *p, proxy_worker *w);
1080 * Sync balancer and workers based on any updates w/i shm
1081 * @param b balancer to check/update member list of
1082 * @param s server rec
1083 * @param conf config
1084 * @return APR_SUCCESS if all goes well
1086 PROXY_DECLARE(apr_status_t) ap_proxy_sync_balancer(proxy_balancer *b,
1088 proxy_server_conf *conf);
1092 * Find the matched alias for this request and setup for proxy handler
1094 * @param ent proxy_alias record
1095 * @param dconf per-dir config or NULL
1096 * @return DECLINED, DONE or OK if matched
1098 PROXY_DECLARE(int) ap_proxy_trans_match(request_rec *r,
1099 struct proxy_alias *ent,
1100 proxy_dir_conf *dconf);
1103 * Create a HTTP request header brigade, old_cl_val and old_te_val as required.
1105 * @param header_brigade header brigade to use/fill
1107 * @param p_conn proxy connection rec
1108 * @param worker selected worker
1109 * @param conf per-server proxy config
1112 * @param server_portstr port as string
1113 * @param old_cl_val stored old content-len val
1114 * @param old_te_val stored old TE val
1115 * @return OK or HTTP_EXPECTATION_FAILED
1117 PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p,
1118 apr_bucket_brigade *header_brigade,
1120 proxy_conn_rec *p_conn,
1121 proxy_worker *worker,
1122 proxy_server_conf *conf,
1124 char *url, char *server_portstr,
1129 * @param bucket_alloc bucket allocator
1131 * @param p_conn proxy connection
1132 * @param origin connection rec of origin
1133 * @param bb brigade to send to origin
1134 * @param flush flush
1135 * @return status (OK)
1137 PROXY_DECLARE(int) ap_proxy_pass_brigade(apr_bucket_alloc_t *bucket_alloc,
1138 request_rec *r, proxy_conn_rec *p_conn,
1139 conn_rec *origin, apr_bucket_brigade *bb,
1143 * Clear the headers referenced by the Connection header from the given
1144 * table, and remove the Connection header.
1146 * @param headers table of headers to clear
1147 * @return 1 if "close" was present, 0 otherwise.
1149 APR_DECLARE_OPTIONAL_FN(int, ap_proxy_clear_connection,
1150 (request_rec *r, apr_table_t *headers));
1154 * @param socket socket to test
1155 * @return TRUE if socket is connected/active
1157 PROXY_DECLARE(int) ap_proxy_is_socket_connected(apr_socket_t *socket);
1159 #define PROXY_LBMETHOD "proxylbmethod"
1161 /* The number of dynamic workers that can be added when reconfiguring.
1162 * If this limit is reached you must stop and restart the server.
1164 #define PROXY_DYNAMIC_BALANCER_LIMIT 16
1167 * Calculate maximum number of workers in scoreboard.
1168 * @return number of workers to allocate in the scoreboard
1170 int ap_proxy_lb_workers(void);
1173 * Return the port number of a known scheme (eg: http -> 80).
1174 * @param scheme scheme to test
1175 * @return port number or 0 if unknown
1177 PROXY_DECLARE(apr_port_t) ap_proxy_port_of_scheme(const char *scheme);
1180 * Return the name of the health check method (eg: "OPTIONS").
1181 * @param method method enum
1182 * @return name of method
1184 PROXY_DECLARE (const char *) ap_proxy_show_hcmethod(hcmethod_t method);
1187 * Strip a unix domain socket (UDS) prefix from the input URL
1188 * @param p pool to allocate result from
1189 * @param url a URL potentially prefixed with a UDS path
1190 * @return URL with the UDS prefix removed
1192 PROXY_DECLARE(const char *) ap_proxy_de_socketfy(apr_pool_t *p, const char *url);
1195 * Transform buckets from one bucket allocator to another one by creating a
1196 * transient bucket for each data bucket and let it use the data read from
1197 * the old bucket. Metabuckets are transformed by just recreating them.
1198 * Attention: Currently only the following bucket types are handled:
1204 * If an other bucket type is found its type is logged as a debug message
1205 * and APR_EGENERAL is returned.
1207 * @param r request_rec of the actual request. Used for logging purposes
1208 * @param from the bucket brigade to take the buckets from
1209 * @param to the bucket brigade to store the transformed buckets
1210 * @return apr_status_t of the operation. Either APR_SUCCESS or
1213 PROXY_DECLARE(apr_status_t) ap_proxy_buckets_lifetime_transform(request_rec *r,
1214 apr_bucket_brigade *from,
1215 apr_bucket_brigade *to);
1218 * Sends all data that can be read non blocking from the input filter chain of
1219 * c_i and send it down the output filter chain of c_o. For reading it uses
1220 * the bucket brigade bb_i which should be created from the bucket allocator
1221 * associated with c_i. For sending through the output filter chain it uses
1222 * the bucket brigade bb_o which should be created from the bucket allocator
1223 * associated with c_o. In order to get the buckets from bb_i to bb_o
1224 * ap_proxy_buckets_lifetime_transform is used.
1226 * @param r request_rec of the actual request. Used for logging purposes
1227 * @param c_i inbound connection conn_rec
1228 * @param c_o outbound connection conn_rec
1229 * @param bb_i bucket brigade for pulling data from the inbound connection
1230 * @param bb_o bucket brigade for sending data through the outbound connection
1231 * @param name string for logging from where data was pulled
1232 * @param sent if not NULL will be set to 1 if data was sent through c_o
1233 * @param bsize maximum amount of data pulled in one iteration from c_i
1234 * @param after if set flush data on c_o only once after the loop
1235 * @return apr_status_t of the operation. Could be any error returned from
1236 * either the input filter chain of c_i or the output filter chain
1237 * of c_o. APR_EPIPE if the outgoing connection was aborted.
1239 PROXY_DECLARE(apr_status_t) ap_proxy_transfer_between_connections(
1243 apr_bucket_brigade *bb_i,
1244 apr_bucket_brigade *bb_o,
1250 extern module PROXY_DECLARE_DATA proxy_module;
1252 #endif /*MOD_PROXY_H*/