Yann Ylavic [Sat, 16 Mar 2019 13:45:17 +0000 (13:45 +0000)]
mod_proxy/ssl: cleanup per-request SSL configuration for recycled proxy conns.
The SSL dir config of proxy/backend connections is stored in r->per_dir_config
but those connections have a lifetime independent of the requests they handle.
So we need to allow the external ssl_engine_set() function to reset mod_ssl's
dir config in between proxy requests, or the first sslconn->dc could be used
after free for the next requests.
mod_proxy can then reset/reinit the request config when recycling its backend
connections.
Jim Jagielski [Wed, 13 Mar 2019 17:56:36 +0000 (17:56 +0000)]
Make the work-around for C++ style comments causing fatal errors in
maintainer-mode for later versions of clang module compile specific
(we will still SEE the errors though when buidlin)
Yann Ylavic [Tue, 12 Mar 2019 10:45:02 +0000 (10:45 +0000)]
MPMs unix: bind the bucket number of each child to its slot number
We need not remember each child's bucket number in SHM for restarts, for the
lifetime of the httpd main process the bucket number can be bound to the slot
number such that: bucket = slot % num_buckets.
This both simplifies the logic and helps children maintenance per bucket in
threaded MPMs, where previously perform_idle_server_maintenance() could create
or kill children processes for the buckets it was not in charge of.
Stefan Eissing [Tue, 12 Mar 2019 09:21:17 +0000 (09:21 +0000)]
*) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is
in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED.
Fixed. [Michael Kaufmann]
Stefan Eissing [Thu, 7 Mar 2019 09:41:15 +0000 (09:41 +0000)]
*) mod_http2: new configuration directive: ```H2Padding numbits``` to control
padding of HTTP/2 payload frames. 'numbits' is a number from 0-8,
controlling the range of padding bytes added to a frame. The actual number
added is chosen randomly per frame. This applies to HEADERS, DATA and PUSH_PROMISE
frames equally. The default continues to be 0, e.g. no padding. [Stefan Eissing]
*) mod_http2: ripping out all the h2_req_engine internal features now that mod_proxy_http2
has no more need for it. Optional functions are still declared but no longer implemented.
While previous mod_proxy_http2 will work with this, it is recommeneded to run the matching
versions of both modules. [Stefan Eissing]
*) mod_proxy_http2: changed mod_proxy_http2 implementation and fixed several bugs which
resolve PR63170. The proxy module does now a single h2 request on the (reused)
connection and returns. [Stefan Eissing]
Fix a parsing error when using Ant 1.9.13 without the external Xerces (2.9.0) and Xalan (2.7.1).
The error is: "filter-expr(funcall(current, []), [pred(=(step("attribute", 39), literal-expr(section)))])'. Cause: Erreur lors de la vérification du type de l'expression 'filter-expr(funcall(current, []), [pred(=(step("attribute", 39), literal-expr(section)))])"
This takes us 1 step closer to use Ant 1.9+ and remove Xerces and Xalan from the build chain.
Patch tested with the current doc build chain (Ant 1.6.5 + Xerces + Xalan) on the 2.4.x branch.
Even if actually we don't have any "<Foo>" and "Foo" directives, I've checked that the doc is built correctly in such a case.
Stefan Eissing [Tue, 26 Feb 2019 09:55:44 +0000 (09:55 +0000)]
*) mod_http2/mod_proxy_http2: proxy_http2 checks correct master connection aborted status
to trigger immediate shutdown of backend connections. This is now always signalled
by mod_http2 when the the session is being released.
proxy_http2 now only sends a PING frame to the backend when there is not already one
in flight. [Stefan Eissing]
*) mod_proxy_http2: fixed an issue where a proxy_http2 handler entered an infinite
loop when encountering certain errors on the backend connection.
See <https://bz.apache.org/bugzilla/show_bug.cgi?id=63170>. [Stefan Eissing]
Yann Ylavic [Wed, 20 Feb 2019 23:08:15 +0000 (23:08 +0000)]
http: Fix possible empty response with mod_ratelimit for HEAD requests.
Don't eat the EOS in ap_http_header_filter() if it comes in single brigade
with a full response to a HEAD request, otherwise mod_ratelimit will never
flush its pending data.
Yann Ylavic [Wed, 20 Feb 2019 12:24:14 +0000 (12:24 +0000)]
mod_proxy_http: common function for stream_reqbody_{cl,chunked}()
Since stream_reqbody_cl() and stream_reqbody_chunked}() now have the same
structure, join them into a single stream_reqbody() function which is passed
the rb_method to handle only CL vs chunked cases differently.
Yann Ylavic [Tue, 19 Feb 2019 17:21:09 +0000 (17:21 +0000)]
mod_reqtimeout: factorize structs and code.
With a bit of macro magic, this is to avoid more code duplication when adding
new stages (next commit will add TLS/handshake timeouts handling in addition to
existing header and body ones).
Yann Ylavic [Tue, 19 Feb 2019 11:51:27 +0000 (11:51 +0000)]
mod_cache_socache: avoid pool to heap reallocation.
Below some threshold, the previous code tried free (sub-)pooled memory ASAP by
moving small buffers (< capacity / 2) to a heap bucket. But this is not really
an optimization because first it requires at some point to allocate more than
the configured capacity, and second since this happens during response handling
the pool is about to be destroyed soon anymay.
This commit simply keeps the data in the subpool and uses a pool bucket for the
output brigade to take care of the lifetime until it's consumed (or not).
- Be consistent with the case used for uniqueMember.
- Be consistent with the case used for AuthLDAPURL. Use uppercase URL, as in the code in order to fix syntax highlight issues.
- Fix the case of AuthLDAPSubGroupAttribute in <default>, so that quickreference.xsl works as expected
Add some additional tests to report badly formatted synopsis.
Comment-out these tests because of the noise it generates, but leave it there, if useful for s.o.
Yann Ylavic [Mon, 11 Feb 2019 21:55:43 +0000 (21:55 +0000)]
mod_proxy_http: rework the flushing strategy when forwarding the request body.
Since the forwarding of 100-continue (end to end) in r1836588, we depended on
reading all of the requested HUGE_STRING_LEN bytes to avoid the flushes, but
this is a bit fragile.
This commit introduces the new stream_reqbody_read() function which will try a
nonblocking read first and, if it fails with EAGAIN, will flush on the backend
side before blocking for the next client side read.
We can then use it in stream_reqbody_{chunked,cl}() to flush client forwarded
data only when necessary. This both allows "optimal" flushing and simplifies
code (note that spool_reqbody_cl() also makes use of the new function but not
its nonblocking/flush functionality, thus only for consistency with the two
others, simplification and common error handling).
Also, since proxy_http_req_t::flushall/subprocess_env::proxy-flushall are now
meaningless (and unused) on the backend side, they are renamed respectively to
prefetch_nonblocking/proxy-prefetch-nonblocking, and solely determine whether
to prefetch in nonblocking mode or not. These flags were trunk only and may
not be really useful if we decided to prefetch in nonblocking mode in any case,
but for 2.4.x the opt-in looks wise.
- These flags are not for apr_dir_ function. Clarify comment.
- Initialize 'depth', especially when AP_DIR_FLAG_RECURSIVE is explicitelly required.
- Avoid an harmless over-allocation .
Luca Toscano [Sat, 9 Feb 2019 14:14:43 +0000 (14:14 +0000)]
mod_rewrite.xml: add an example about override behavior
A user in PR 63051 was confused about the default behavior
of mod_rewrite (override) when merging two sections in the
directory context at the same nesting level. I was confused
as well, but after a quick look at the code I figured out that
RewriteOptions Inherit seems to solve the issue (naming is,
in this case, a bit counter intuitive). I hope that I added
a good clarification in the code, if not please amend it as
you think it's best!
Stefan Eissing [Mon, 28 Jan 2019 10:27:08 +0000 (10:27 +0000)]
*) mod_http2: Configuration directoves H2Push and H2Upgrade can now be specified per
Location/Directory, e.g. disabling PUSH for a specific set of resources. [Stefan Eissing]
*) mod_http2: HEAD requests to some module such as mod_cgid caused the stream to
terminate improperly and cause a HTTP/2 PROTOCOL_ERROR.
Fixes <https://github.com/icing/mod_h2/issues/167>. [Michael Kaufmann]
Move compatibility note in the module synopsis instead of repeating it in all directives.
Fix the way <default> values are given, so that they can be reflected in quickreference.html.
Fix the style used in <syntax> to be consistent with the documentation.
Improve syntax highlight.
Eric Covener [Wed, 23 Jan 2019 18:25:50 +0000 (18:25 +0000)]
revert of r808895 somehow missed mod_proxy_ftp
r808895 added `ServerTokens OFF` so some modules were
switched from ap_get_server_banner() to
ap_get_server_description() so they would never be empty.
But ap_get_server_description() is documnented as being for local
use only, so it was not really a suitable replacement much less
w/ `ServerTokens OFF` subsequently taken out.
projects / apache / log