From: Jim Jagielski <jim@apache.org> Date: Thu, 9 Feb 2017 13:56:11 +0000 (+0000) Subject: Merge r1781324, r1781328 from trunk: X-Git-Tag: 2.4.26~308 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=25992b62f2ed23dfe02dd8a1a10430d81b591a9b;p=apache Merge r1781324, r1781328 from trunk: revert r1780909 and r1773397 ProxyPass ! perdir r1773397 had a regression and the whole thing is fishy to shoehorn the current ProxyPass ! syntax into. add no-proxy envvar for mod_proxy replacement for ProxyPass /path ! when ProxyPass is in location context. Submitted by: covener Reviewed by: covener, jim, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1782332 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index f712649fa0..049316f1d4 100644 --- a/CHANGES +++ b/CHANGES @@ -14,7 +14,12 @@ Changes with Apache 2.4.26 *) mod_http2: regression fix on PR 59348, on graceful restart, ongoing streams are finished normally before the final GOAWAY is sent. [Stefan Eissing, <slavko gmail.com>] - + + *) mod_proxy: Allow the per-request environment variable "no-proxy" to + be used as an alternative to ProxyPass /path !. This is primarily + to set exceptions for ProxyPass specified in <Location> context. + Use SetEnvIf, not SetEnv. + *) mod_http2: fixes PR60599, sending proper response for conditional requests answered by mod_cache. [Jeff Wheelhouse, Stefan Eissing] diff --git a/STATUS b/STATUS index a2002f18a9..8984f57afa 100644 --- a/STATUS +++ b/STATUS @@ -127,12 +127,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_proxy: replace broken hunting for proxypass exceptions to location-based - proxypass directives with "no-proxy" envvar. Fixes a regression in 2.4.25. - trunk patch: http://svn.apache.org/r1781324 - http://svn.apache.org/r1781328 - 2.4.x patch: http://people.apache.org/~covener/patches/httpd-2.4.x-noproxy.diff - +1 covener, jim, jorton PATCHES PROPOSED TO BACKPORT FROM TRUNK: diff --git a/docs/manual/mod/mod_proxy.xml b/docs/manual/mod/mod_proxy.xml index c028626d57..66fb6fc645 100644 --- a/docs/manual/mod/mod_proxy.xml +++ b/docs/manual/mod/mod_proxy.xml @@ -398,6 +398,12 @@ ProxyPass "/examples" "http://backend.example.com/examples" timeout=10 </Location> </highlight> + <p> The "no-proxy" environment variable can be set to disable + <module>mod_proxy</module> processing the current request. + This variable should be set with <directive module="mod_setenvif" + >SetEnvIf</directive>, as <directive module="mod_env">SetEnv</directive> + is not evaluated early enough.</p> + </section> <!-- /envsettings --> <section id="request-bodies"><title>Request Bodies</title> @@ -959,7 +965,14 @@ ProxyPass "/mirror/foo" "http://backend.example.com" specific location will take precedence.</p> <p>For the same reasons, exclusions must come <em>before</em> the - general <directive>ProxyPass</directive> directives.</p> + general <directive>ProxyPass</directive> directives. The "no-proxy" + environment variable is an alternative to exclusions, and is the only + way to configure an exclusion of a <directive>ProxyPass</directive> + directive in <directive module="core">Location</directive> context. + This variable should be set with <directive module="mod_setenvif" + >SetEnvIf</directive>, as <directive module="mod_env">SetEnv</directive> + is not evaluated early enough. + </p> </note> <!-- /ordering_proxypass --> diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index d6e65004e3..6977835004 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -764,6 +764,10 @@ static int proxy_trans(request_rec *r) || !r->uri || r->uri[0] != '/') { return DECLINED; } + + if (apr_table_get(r->subprocess_env, "no-proxy")) { + return DECLINED; + } /* XXX: since r->uri has been manipulated already we're not really * compliant with RFC1945 at this point. But this probably isn't @@ -771,29 +775,18 @@ static int proxy_trans(request_rec *r) */ dconf = ap_get_module_config(r->per_dir_config, &proxy_module); - conf = (proxy_server_conf *) ap_get_module_config(r->server->module_config, - &proxy_module); + /* short way - this location is reverse proxied? */ if (dconf->alias) { int rv = ap_proxy_trans_match(r, dconf->alias, dconf); - if (OK == rv) { - /* Got a hit. Need to make sure it's not explicitly declined */ - if (conf->aliases->nelts) { - ent = (struct proxy_alias *) conf->aliases->elts; - for (i = 0; i < conf->aliases->nelts; i++) { - int rv = ap_proxy_trans_match(r, &ent[i], dconf); - if (DECLINED == rv) { - return DECLINED; - } - } - } - return OK; - } if (DONE != rv) { return rv; } } + conf = (proxy_server_conf *) ap_get_module_config(r->server->module_config, + &proxy_module); + /* long way - walk the list of aliases, find a match */ if (conf->aliases->nelts) { ent = (struct proxy_alias *) conf->aliases->elts;