UNSET the VirtualHost's LogLevel just before calling ap_merge_log_config(),
to make sure that the DEFAULT_LOGLEVEL (APLOG_WARNING) is also in effect
when ap_process_config_tree() in main.c:main() walks through the
VirtualHost sections.
See https://mail-archives.apache.org/mod_mbox/httpd-dev/201404.mbox/%3C535CC85B.80501%40velox.ch%3E
for one case this is addressing. This reverts the change from r1024427 on
the one hand, but still ensures correct LogLevel merging on the other hand.
Add output for "?auto" version of server-status
to proxy status, mod_ssl session cache info,
mod_cache_socache and the status hook of the
individual socache implementations.
Although mod_status source code calls this the
"short_report", the docs and the API flag call
it "Machine Readable" resp. "STAT_OPT_AUTO".
So IMHO the data shown should be on par with
the html version.
Yann Ylavic [Wed, 25 Mar 2015 15:00:37 +0000 (15:00 +0000)]
mod_proxy_{connect,wstunnel}: follow up to r1657636.
Since rv is not used as an apr_status_t in the loop (it's logging is done by
proxy_{connect,wstunnel}_transfer() when necessary/relevent), use a boolean
instead to avoid the ugly ORs between APR error codes.
Jan Kaluža [Thu, 19 Mar 2015 11:29:55 +0000 (11:29 +0000)]
* mod_proxy: Allow setting options to globally defined balancer from
ProxyPass used in VirtualHost. Balancers are now merged using the new
merge_balancers method which merges the balancers options.
Jan Kaluža [Thu, 19 Mar 2015 07:46:35 +0000 (07:46 +0000)]
* mod_access_compat, mod_authz_host: Handle '#' character.
For mod_access_compat, disable '#' in hostname completely.
For mod_authz_host, treat '#' as a comment and ignore everything after that.
This allows better handling of admin errors like
'Require host localhost# Add example.com later'.
Yann Ylavic [Sat, 14 Mar 2015 00:09:32 +0000 (00:09 +0000)]
mpm_motorz: follow up to r1666482.
We only need one compare function for add semantic with apr_skiplist_insert()
and unique timers (pointers). It also works with apr_skiplist_remove() and
apr_skiplist_find().
Yann Ylavic [Sat, 14 Mar 2015 00:06:21 +0000 (00:06 +0000)]
mpm_event: follow up to r1666468.
We only need one compare function for add semantic with apr_skiplist_insert()
and unique timers (pointers). It also should work with apr_skiplist_remove()
and apr_skiplist_find(), be they used some day.
Rainer Jung [Fri, 13 Mar 2015 12:15:40 +0000 (12:15 +0000)]
Small changes to rotatelogs:
- add "-n num" to help text
- clarify in help text, that "program is invoked"
is the "-p" case
- prevent crash with "-v" (verbose) if no
"-p prog" is used
- add one space for formatting
Jan Kaluža [Fri, 13 Mar 2015 07:32:46 +0000 (07:32 +0000)]
* mod_ssl: fix small memory leak in ssl_init_server_certs when ECDH is used.
SSL_CTX_set_tmp_ecdh increases reference count, so we have to call EC_KEY_free,
otherwise eckey will not be freed.
Avoid a potential integer underflow in the lock timeout value sent back to a client. The answer to a LOCK request could be an extremly large integer if the time needed to lock the resource was longer that the requested timeout given in the LOCK request. In such a case, we now answer "Second-0". PR55420
Yann Ylavic [Tue, 10 Mar 2015 17:25:17 +0000 (17:25 +0000)]
core, modules: like r1657897 but for core and other modules than mod_proxy.
More uses of ap_map_http_request_error() and AP_FILTER_ERROR so that we never
return an HTTP error status from a handler if some filter generated a response
already.
That is, from a handler, either ap_get_brigade() (an input filter) returned
AP_FILTER_ERROR and we must forward it to ap_die(), or ap_pass_brigade() (an
output filter) failed with any status and we must return AP_FILTER_ERROR in
any case for ap_die() to determine whether a response is needed or not.
Jan Kaluža [Mon, 9 Mar 2015 12:48:11 +0000 (12:48 +0000)]
* mod_cache: Preserve the Content-Type in case of 304 response.
304 does not contain Content-Type and mod_mime regenerates
the Content-Type based on the r->filename. This later leads to original
Content-Type to be lost (overwriten by whatever mod_mime generates).
Yann Ylavic [Mon, 9 Mar 2015 12:45:56 +0000 (12:45 +0000)]
mod_proxy: use the original (non absolute) form of the request-line's URI
for requests embedded in CONNECT payloads used to connect SSL backends via
a ProxyRemote forward-proxy. PR 55892.
Ruediger Pluem [Fri, 6 Mar 2015 19:31:42 +0000 (19:31 +0000)]
* Do not reset the retry timeout if the worker is in error at this stage even
if the connection to the backend was successful. It was likely set into
error by a different thread / process in parallel e.g. for a timeout or
bad status. We should respect this and should not continue with a connection
via this worker even if we got one.
Yann Ylavic [Fri, 6 Mar 2015 09:55:16 +0000 (09:55 +0000)]
core: Follow up to r1664205.
Don't let invalid r->proto_num/protocol out of read_request_line() reach
the output filters (when responding with 400 Bad Request).
Suggested by: rpluem
Jan Kaluža [Fri, 6 Mar 2015 09:14:07 +0000 (09:14 +0000)]
*) mod_rewrite: Add support for starting External Rewriting Programs
as non-root user on UNIX systems by specifying username and group name
as third argument of RewriteMap directive.
Eric Covener [Thu, 5 Mar 2015 02:33:16 +0000 (02:33 +0000)]
*) SECURITY: CVE-2015-0253 (cve.mitre.org)
core: Fix a crash introduced in with ErrorDocument 400 pointing
to a local URL-path with the INCLUDES filter active, introduced
in 2.4.11. PR 57531. [Yann Ylavic]
Yann Ylavic [Wed, 4 Mar 2015 16:58:01 +0000 (16:58 +0000)]
core: If explicitly configured, use the KeepaliveTimeout value of the
virtual host which handled the latest request on the connection, or by
default the one of the first virtual host bound to the same IP:port.
For non-async MPMs, use either r->server's or c->base_server's value in
ap_process_http_sync_connection() depending on a new server_rec's flag
called keep_alive_timeout_set and determined at config time.
For event MPM, use a queue per timeout value, chaining the queues per
type (keepalive wrt KeepAliveTimeout, write completion wrt to Timeout)
so that maintenance can be done on all the queues from the head, and such
that insertions/maintenance remain in O(1).
A server config is created and pointing to the queue of each vhost at
post_config time, hence the config can be associated to the connection
state (cs) at post_read_request time (keep_alive_timeout_set is used to
determine r->server vs c->base_server here), and we can simply insert
with TO_QUEUE_INSERT(cs->sc->q, cs). PR56226.
While at it, since each queue now embeds it own timeout and hence the
expiration_time of the cs has changed to a queue_timestamp (the time it
was queued), we can detect clock skews and expire entries immediatly if
the system is set (eg. far) in the past during runtime and we want to
avoid waiting for (eg.) centuries before the current logic kills them.
Any entry which is registered above now + q->timeout is concerned, and
is now cleaned from the queue when encountered. PR57374.
projects / apache / log