Stefan Fritsch [Sat, 19 Jun 2010 09:25:46 +0000 (09:25 +0000)]
core_output_filter improvements:
- prevent more than 5 pipelined responses in the output brigade, to avoid
excessive FD usage and related DoS attacks.
- if non_file_bytes_in_brigade >= THRESHOLD_MAX_BUFFER, don't send the
entire brigade non-blocking, but only up to the bucket that brought us
over THRESHOLD_MAX_BUFFER. This should allow better use of async write
completion.
Stefan Fritsch [Sat, 19 Jun 2010 09:10:54 +0000 (09:10 +0000)]
Add deferred write pool to core_output_filter to clean up file descriptors as
soon as the corresponding response has been sent and not only after the
connection has been closed.
This change does not deal with pipelined requests, yet.
Jeff Trawick [Fri, 18 Jun 2010 17:33:47 +0000 (17:33 +0000)]
update doc for connection pools
* reduce duplication between initial intro and parameter table
* explain that pools are per-process, and limits are not
coordinated server-wide
* minor clarifications & readability tweaks
Rainer Jung [Tue, 15 Jun 2010 11:05:13 +0000 (11:05 +0000)]
Update comment about required modules in extra configuration files.
Mostly adding the information to the vhost and ssl files,
and adding mod_authz_core and mod_authz_host (for
"Require all denied" and "Require all granted") where needed.
Stefan Fritsch [Mon, 14 Jun 2010 20:55:59 +0000 (20:55 +0000)]
Fix some compiler warnings:
- suggest braces around empty body in an 'if' statement
- comparison of unsigned expression >= 0 is always true
- comparison of unsigned expression < 0 is always false
Stefan Fritsch [Mon, 14 Jun 2010 19:59:05 +0000 (19:59 +0000)]
- Introduce ap_log_cserror to allow mod_ssl to associate log messages to
different servers than c->base_server.
- Adjust the scope of some mod_ssl trace logging from server to conn.
Stefan Fritsch [Sun, 13 Jun 2010 17:50:54 +0000 (17:50 +0000)]
Fix MPM event/libserf build problems: If libserf was installed during build,
MPM event was picking up the headers but not linking with libserf, causing
unresolved symbol errors.
Now build MPM event with or without serf support depending on --with-serf
being specified or not.
Rainer Jung [Thu, 10 Jun 2010 18:52:27 +0000 (18:52 +0000)]
Use APR_STATUS_IS_TIMEUP instead of direct compare to APR_TIMEUP to
be more safe on different platforms.
Note: This commit has an additional, platform-independent change to
mark the back-end connection for closing ("backend->close = 1;").
That code is not required to resolve CVE-2010-2068 on any platform.
Joe Orton [Thu, 10 Jun 2010 12:52:49 +0000 (12:52 +0000)]
Run filter "init" functions exactly once per request. No longer run
init functions for connection filters (doing an "init" once per
handler invocation makes no sense for a connection filter). No longer
run init functions multiple times per request if a subrequest is used.
* include/util_filter.h (ap_filter_rec_t): Clarify use of the init
function pointer.
* server/config.c (invoke_filter_init): Drop ap_ prefix for private
function; take a request_rec pointer and only invoke filters with
matching request.
(ap_invoke_handler): Adjust accordingly.
Joe Orton [Tue, 8 Jun 2010 21:17:48 +0000 (21:17 +0000)]
* modules/http/http_request.c (internal_internal_redirect): For a
subrequest, preserve any filters in the output filter chain which
were not specific to the subrequest across the redirect (where
f->r does not point to the subreq's request_rec).
Graham Leggett [Tue, 8 Jun 2010 21:13:06 +0000 (21:13 +0000)]
mod_cache: Explicitly allow cache implementations to cache a 206 Partial
Response if they so choose to do so. Previously an attempt to cache a 206
was arbitrarily allowed if the response contained an Expires or
Cache-Control header, and arbitrarily denied if both headers were missing.
Stefan Fritsch [Tue, 8 Jun 2010 19:30:24 +0000 (19:30 +0000)]
remove APLOG_USE_MODULE from main.c:
It causes build problems on Windows and the ap_log* calls in main.c
don't profit from it anyway, because there is no server_rec yet where
they could look up core_module's loglevel.
Rainer Jung [Mon, 7 Jun 2010 12:30:05 +0000 (12:30 +0000)]
Add microsecond timestamps to the error log.
The new function ap_recent_ctime_ex allows for
optional formatting hints. It checks the provided buffer
length and returns the number of consumed bytes. This is necessary,
because when using options, the length of the formatted time string
is no longer constant.
The only option implemented currently is the addition of microsecond
fractions to the timestamp.
Rainer Jung [Mon, 7 Jun 2010 08:49:22 +0000 (08:49 +0000)]
Update CHANGES:
- Building modules as DSOs and the "most" module set by default.
r952007, r952008, r952009
- Fixing VPATH build when using included APR.
r951769, r951769
- Fixing mod_session_crypto build for APR 2 and VPATH
r951766
- Fixing mod_session_crypto API incompatibility with APR 2
r951870
Rainer Jung [Sun, 6 Jun 2010 22:05:17 +0000 (22:05 +0000)]
make shared moduled and module set "most" the default.
Static building can be achieved with --enable-mods-static
or as previously using --enable-MODULE=static.
The existing --enable-mods-shared still works for
compatibility with existing build scripts.
Modules build with --with-module=... will still be build static.
For dynamic builds of external modules there is apxs.
The default set of modules os now "most". To build a small
set of modules use the new "few".
If APR doesn't support DSOs we fall back to static binding.
Stefan Fritsch [Sun, 6 Jun 2010 16:54:51 +0000 (16:54 +0000)]
- Introduce log levels trace1/.../trace8
- Add macro wrappers for ap_log_*error. On C99, this will save argument
preparation and function call overhead when a message is not logged
because of the configured loglevel.
- Introduce per-module loglevel configuration.
Rainer Jung [Sun, 6 Jun 2010 14:02:01 +0000 (14:02 +0000)]
Fix lookup of apu-config for VPATH builds
For included APU, apu-config is not in the srcdir but instead
in the builddir. That only matters for VPATH builds, ie. when
you build outside of the source tree.
Rainer Jung [Sat, 5 Jun 2010 21:10:21 +0000 (21:10 +0000)]
For included APR, apr-config is not in the srcdir but instead
in the builddir. That only matters for VPATH builds, ie. when
you build outside of the source tree.
Eric Covener [Fri, 4 Jun 2010 02:03:57 +0000 (02:03 +0000)]
The rest of this cache display method just writes its response, and the caller doesn't
care about the returned string. Issue a message to complete the /ldap-status
cache handler page which otherwise looks truncated.
Graham Leggett [Fri, 4 Jun 2010 00:17:16 +0000 (00:17 +0000)]
mod_disk_cache: Decline the opportunity to cache if the response is
a 206 Partial Content. This stops a reverse proxied partial response
from becoming cached, and then being served in subsequent responses.
Graham Leggett [Fri, 4 Jun 2010 00:09:51 +0000 (00:09 +0000)]
Fix a bug where if the cache quick handler is switched off, and the CACHE
filter is manually added by the admin, but caching has not been enabled for
the URL space, an attempt is made to remove the CACHE_SAVE filter instead
of the CACHE filter. This fix makes the code work like the comment above
the code, the comment being correct.
projects / apache / log