From: Jim Jagielski <jim@apache.org>
Date: Thu, 9 Feb 2017 13:56:11 +0000 (+0000)
Subject: Merge r1781324, r1781328 from trunk:
X-Git-Tag: 2.4.26~308
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=25992b62f2ed23dfe02dd8a1a10430d81b591a9b;p=apache

Merge r1781324, r1781328 from trunk:

revert r1780909 and r1773397 ProxyPass ! perdir

r1773397 had a regression and the whole thing is fishy
to shoehorn the current ProxyPass ! syntax into.



add no-proxy envvar for mod_proxy

replacement for ProxyPass /path ! when ProxyPass is in
location context.


Submitted by: covener
Reviewed by: covener, jim, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1782332 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index f712649fa0..049316f1d4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -14,7 +14,12 @@ Changes with Apache 2.4.26
   *) mod_http2: regression fix on PR 59348, on graceful restart, ongoing 
      streams are finished normally before the final GOAWAY is sent. 
      [Stefan Eissing, <slavko gmail.com>]
-     
+
+  *) mod_proxy: Allow the per-request environment variable "no-proxy" to
+     be used as an alternative to ProxyPass /path !. This is primarily
+     to set exceptions for ProxyPass specified in <Location> context.
+     Use SetEnvIf, not SetEnv.
+
   *) mod_http2: fixes PR60599, sending proper response for conditional requests
      answered by mod_cache. [Jeff Wheelhouse, Stefan Eissing]
      
diff --git a/STATUS b/STATUS
index a2002f18a9..8984f57afa 100644
--- a/STATUS
+++ b/STATUS
@@ -127,12 +127,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_proxy: replace broken hunting for proxypass exceptions to location-based 
-                proxypass directives with "no-proxy" envvar. Fixes a regression in 2.4.25.
-     trunk patch: http://svn.apache.org/r1781324
-                  http://svn.apache.org/r1781328
-     2.4.x patch: http://people.apache.org/~covener/patches/httpd-2.4.x-noproxy.diff
-     +1 covener, jim, jorton
 
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
diff --git a/docs/manual/mod/mod_proxy.xml b/docs/manual/mod/mod_proxy.xml
index c028626d57..66fb6fc645 100644
--- a/docs/manual/mod/mod_proxy.xml
+++ b/docs/manual/mod/mod_proxy.xml
@@ -398,6 +398,12 @@ ProxyPass "/examples" "http://backend.example.com/examples" timeout=10
 &lt;/Location&gt;
         </highlight>
 
+      <p> The "no-proxy" environment variable can be set to disable 
+      <module>mod_proxy</module> processing the current request.
+      This variable should be set with <directive module="mod_setenvif"
+      >SetEnvIf</directive>, as <directive module="mod_env">SetEnv</directive>
+      is not evaluated early enough.</p>
+
     </section> <!-- /envsettings -->
 
     <section id="request-bodies"><title>Request Bodies</title>
@@ -959,7 +965,14 @@ ProxyPass "/mirror/foo" "http://backend.example.com"
       specific location will take precedence.</p>
 
       <p>For the same reasons, exclusions must come <em>before</em> the
-      general <directive>ProxyPass</directive> directives.</p>
+      general <directive>ProxyPass</directive> directives. The "no-proxy"
+      environment variable is an alternative to exclusions, and is the only
+      way to configure an exclusion of a <directive>ProxyPass</directive>
+      directive in <directive module="core">Location</directive> context. 
+      This variable should be set with <directive module="mod_setenvif"
+      >SetEnvIf</directive>, as <directive module="mod_env">SetEnv</directive>
+      is not evaluated early enough.
+      </p>
 
     </note> <!-- /ordering_proxypass -->
 
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index d6e65004e3..6977835004 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -764,6 +764,10 @@ static int proxy_trans(request_rec *r)
         || !r->uri || r->uri[0] != '/') {
         return DECLINED;
     }
+   
+    if (apr_table_get(r->subprocess_env, "no-proxy")) { 
+        return DECLINED;
+    }
 
     /* XXX: since r->uri has been manipulated already we're not really
      * compliant with RFC1945 at this point.  But this probably isn't
@@ -771,29 +775,18 @@ static int proxy_trans(request_rec *r)
      */
 
     dconf = ap_get_module_config(r->per_dir_config, &proxy_module);
-    conf = (proxy_server_conf *) ap_get_module_config(r->server->module_config,
-                                                      &proxy_module);
+
     /* short way - this location is reverse proxied? */
     if (dconf->alias) {
         int rv = ap_proxy_trans_match(r, dconf->alias, dconf);
-        if (OK == rv) { 
-            /* Got a hit. Need to make sure it's not explicitly declined */
-            if (conf->aliases->nelts) {
-                ent = (struct proxy_alias *) conf->aliases->elts;
-                for (i = 0; i < conf->aliases->nelts; i++) {
-                    int rv = ap_proxy_trans_match(r, &ent[i], dconf);
-                    if (DECLINED == rv) { 
-                        return DECLINED;
-                    }
-                }
-            }
-            return OK; 
-        }
         if (DONE != rv) {
             return rv;
         }
     }
 
+    conf = (proxy_server_conf *) ap_get_module_config(r->server->module_config,
+                                                      &proxy_module);
+
     /* long way - walk the list of aliases, find a match */
     if (conf->aliases->nelts) {
         ent = (struct proxy_alias *) conf->aliases->elts;