Jim Jagielski [Mon, 27 Apr 2009 15:02:40 +0000 (15:02 +0000)]
Fold in initial template for methods to be able to
reset (initialize) and "age" their data, useful when
adding new workers, or when workers come back into
the fold....
* r->connection->aborted signals that the client aborted the connection, but
in this case *we* decide to close the connection so use
r->connection->keepalive = AP_CONN_CLOSE
Escape should simply close the dialog; Enter should perform the
appropriate button, or within the list, start and stop. (also
clear up the transitions between the list focus and nonfocus).
Mark J. Cox [Tue, 21 Apr 2009 09:44:43 +0000 (09:44 +0000)]
Use CVE-2009-1191 for this issue. We would only
share a CVE name where the flaw was due to a
shared code base, and this isn't the case for
the mod_jk CVE-2008-5519 issue.
Eric Covener [Tue, 21 Apr 2009 02:13:04 +0000 (02:13 +0000)]
rework the NameVirtualHost documentation to hopefully be a little
less confusing and match the conventional wisdom of the various
support fora.
Provide a longer example that demonstrates the 1:n nature,
relation to IP-based vhosts, and always uses a port.
Avoid phrasing that makes NVH look like Listen.
Remove the over-complicated hints about NVH impact on _default_ and base
server configs, which boils down to the basic ip-based vhost mapping
algorithm.
Jeff Trawick [Fri, 17 Apr 2009 16:59:48 +0000 (16:59 +0000)]
Move logic to decide if an MPM is supported, and whether the MPM is
threaded, down to the MPM itself.
(server/mpm/FOO/config.m4, which runs before the actual MPM selection)
server/mpm/config.m4 makes some general platform checks that can be used
for MPM decisions, and contains some functions related to MPMs.
XXX The check here for whether APR_POLLSET_THREADSAFE is available
is a rough approximation and needs to be replaced by a run-time
check.
Replace the limited per-platform hard-coded MPM selection and the
current defaulting to event (whether or not it works) with a selection
based on which MPMs work on the platform, as reported by the MPMs
themselves.
(config2.m4, which runs after the MPMs record whether they are supported)
Order of preference:
WinNT (mingw32 only)
then Event
then Worker
then Prefork
Jeff Trawick [Thu, 16 Apr 2009 19:23:45 +0000 (19:23 +0000)]
mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
Dynamically allocate the AF_UNIX sockaddr based on the required filename size.
For some platforms (e.g., Solaris, OS X, FreeBSD), this allows longer
socket filenames to be used.
When the name is too long, the failure reporting is more consistent and a
socket with truncated pathname is not left stranded. The user still needs
to use ScriptSock to specify a shorter name.
An extra unlink() failure message may be generated when attempting to clean
up the socket after a daemon initialization error; the message is surpressed
for ENOTENT, but not for ENAMETOOLONG.
I'll still pay off if somebody does it legitimately, but I haven't been
to Apachecon in ages so we'll have to work out a different delivery
mechanism. With the stability of the 2.0.x and 2.2.x releases and
Moore's Law in effect for the last decade, it might be possible...
* Avoid delivering content from a previous request which failed to send a request
body by closing the connection to the backend in this case instead of reusing it.
The remote port information was forgotten from the builtin
data of the AJP 13 protocol. Since the servlet spec allows
to retrieve it via getRemotePort(), we provide the port to
the Tomcat connector as an additional request attribute.
Modern/future Tomcat versions know how to retrieve
the remote port from the attribute AJP_REMOTE_PORT.
* Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives to enable
stricter checking of remote server certificates.
(docs/manual/mod/mod_ssl.xml)
Documentation of SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.
(modules/proxy/mod_proxy_http.c)
Set the hostname of the request URL as note on the connection.
(modules/ssl/ssl_private.h)
Add proxy_ssl_check_peer_expire and proxy_ssl_check_peer_cn fields to
the SSLSrvConfigRec.
(modules/ssl/ssl_engine_config.c)
Directives stuff for SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.
(modules/ssl/ssl_engine_io.c)
Check whether the remote servers certificate is expired / if there is a
mismatch between the requested hostanme and the remote server certificates
CN field.
Be able to parse ASN1 times.
(modules/ssl/mod_ssl.c)
Directives stuff for SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.
Jeff Trawick [Wed, 1 Apr 2009 11:53:50 +0000 (11:53 +0000)]
mpm-query hook: distinguish between DECLINED and APR_ENOTIMPL so that
. ap_mpm_query() can return APR_EGENERAL if called too early (for debugging a module)
. some hypothetical module which implements the mpm-query hook can bypass the MPM
with APR_ENOTIMPL
Jeff Trawick [Tue, 31 Mar 2009 11:34:49 +0000 (11:34 +0000)]
stop exporting APACHE_MPM_DIR to modules -- unclear why this was ever necessary, and it
makes no sense with loadable MPMs
axe the unnecessary MPM_DIR build variable
move the stray APACHE_SUBST(MPM_LIB) from configure.in to server/mpm/config.m4, where
the other MPM_foos are handled
Nick Kew [Mon, 30 Mar 2009 20:49:10 +0000 (20:49 +0000)]
HTTPD script support
When a script returns a no-body response code, pretend it was a HEAD
request so as to drop any body the script might erroneously generate.
Eric Covener [Mon, 30 Mar 2009 02:19:02 +0000 (02:19 +0000)]
*) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
returns EINPROGRESS and a subsequent poll() returns only POLLERR.
Observed on HP-UX.
Paul Querna [Sat, 28 Mar 2009 13:51:51 +0000 (13:51 +0000)]
- Improve flushing/connection eos logic.
- Use brigade_write instead of immortal buckets that aren't immortal.
- Read HTTP status code from serf.
- Remove extra logging.
Paul Querna [Sat, 28 Mar 2009 13:24:18 +0000 (13:24 +0000)]
Work in Progress.
Convert the 100ms timed callback to a single cleanup callback that is added
when the request is ready to finish. Basically works, though it has
some issues with flushing and closing the connection.
Paul Querna [Sat, 28 Mar 2009 01:02:32 +0000 (01:02 +0000)]
If the MPM supports serf in its core, use this to drive the proxied request
completely async from the original thread.
Right now it uses a 100ms timer to determine when the request is actaully complete,
but I think this can be removed in the long run with a better mechanism.
Paul Querna [Fri, 27 Mar 2009 23:56:53 +0000 (23:56 +0000)]
Add support for Preserving the client provided Host header.
* modules/proxy/mod_serf.c
(serf_config_t): Add preservehost member.
(setup_request): If preservehost is set, use the client provided Host header,
otherwise use the one from the configuration.
(is_true): New helper function for decoding true/false strings.
(add_pass): Change to an argv configuration function, check for not enough
args, and parse everything after the URI into key/value pairs.
(create_dir_config): Default to setting preservehost to on.
(serf_cmds): Change add_pass to a take argv directive.
Paul Querna [Fri, 27 Mar 2009 23:10:21 +0000 (23:10 +0000)]
Work in Progress.
Add Clustered proxying support to mod_serf, by using the heartbeats system.
No preconfiguration of cluster members is needed.
Just a config like this:
SerfCluster sweet heartbeat file=/var/cache/apache/hb.dat
SerfCluster sour heartbeat file=/var/cache/apache/cluster2.dat
<Location "/">
SerfPass cluster://sweet
</Location>
<Location "/different_cluster">
SerfPass cluster://sour
</Location>
The location of all possible destination servers is provided by a new
providers interface, that includes configuration checking of the arguments to
the SerfCluster command, solving one of the worst problems with the mod_proxy
load balancer subsystem.
Paul Querna [Fri, 27 Mar 2009 13:27:44 +0000 (13:27 +0000)]
* modules/cluster/mod_heartmonitor.c
(hm_update_stats): Flush heartbeat file before closing, to make sure the file
is always written correctly, and check for errors on flush or close.
projects / apache / log