Paul Querna [Mon, 27 Jun 2005 18:40:56 +0000 (18:40 +0000)]
*) server/mpm_common.c: Send a simple HTTP 1.0 request to every listener socket, instead of just closing the socket. This fixes shutdown of the Worker MPM on FreeBSD, when Accept Filters are enabled.
In the future, we need a method to send a simple request for all protocols. Currently this is very specific to HTTP and FreeBSD's Accept Filter.
Jeff Trawick [Thu, 23 Jun 2005 19:20:29 +0000 (19:20 +0000)]
proxy HTTP: If a response contains both Transfer-Encoding and a
Content-Length, remove the Content-Length and don't reuse the
connection, stopping some HTTP Request smuggling attacks.
Joe Orton [Thu, 23 Jun 2005 10:27:27 +0000 (10:27 +0000)]
* modules/aaa/mod_auth_digest.c: Another gcc 4 "structure field may be
used uninitialized" warning; fix validation of digest-uri for CONNECT
requests:
(copy_uri_components): Copy the hostinfo field.
(authenticate_digest_user): Don't pass NULL (or, previously, a random
pointer) to strcmp if a digest-uri is provided which doesn't match the
request-uri in a CONNECT request.
Joe Orton [Thu, 23 Jun 2005 09:10:09 +0000 (09:10 +0000)]
* modules/proxy/mod_proxy_balancer.c (proxy_balancer_pre_request): Fix
another valid variable-may-be-used-uninitialized warning from GCC 4
(in the !balancer->sticky case, find_session_route returns NULL
without setting route).
Paul Querna [Thu, 16 Jun 2005 21:34:08 +0000 (21:34 +0000)]
If a request contains both a T-E and C-L, remove the C-L, stopping some HTTP Request Smuggling attacks exploited when using HTTPD as a forward or reverse proxy.
Paul Querna [Tue, 14 Jun 2005 09:21:18 +0000 (09:21 +0000)]
Merge the listen-protocol sandbox branch to trunk.
I will be adding documentation for the new directives hopefully in the next day or so.
* server/core.c: Added 'Protocol' to the core module config
Added ap_{set,get}_server_protocol API.
Added new directive: 'AcceptFilter'.
Enable 'httpready' by default on systems that support it. Use dataready filters for others.
* server/listen.c: Attempt to inherit protocols from Listener Records to Server configs.
The 'Listen' directive can now optionally take a protocol arg
Move bits that determined which accept filter is applied to core.c.
Added bits to find the correct accept filter based on the core's configuration.
* include/{ap_listen.h,http_core.h}: Add Protocol to respective structures.
* include/http_core.h: Add the accf_map table to the core_server_config structure
* include/ap_mmn.h: Minor MMN Bump for the new interfacces.
* modules/ssl/ssl_engine_init.c: Use the new protocol framework to enable mod_ssl for 'https' websites.
Paul Querna [Tue, 14 Jun 2005 00:27:01 +0000 (00:27 +0000)]
- Bring htcacheclean into sync with mod_disk_cache. It now has a very basic understanding of the Varied Headers file format, and will cleanup orphaned data files, or Vary Header Files that have expired.
Paul Querna [Tue, 14 Jun 2005 00:16:48 +0000 (00:16 +0000)]
* cache/mod_disk_cache.c: Make most members of disk_cache_object into const char*. This removes the need to cast the const out in several places.
* cache/mod_cache.h: Make cache_object.key a const.
Paul Querna [Mon, 13 Jun 2005 23:17:52 +0000 (23:17 +0000)]
Based on feedback from dev@httpd, store Vary headers inside the '.header' file.
These Vary headers are used to build a new hash for a URL, based on the
client's headers. This allows mod_disk_cache to store many variations of one
URI, where previously it would only store a single variant.
htcacheclean needs to be updated to understand the new file format. I plan on
updating htcacheclean in the next couple days.
Joe Orton [Mon, 13 Jun 2005 12:49:58 +0000 (12:49 +0000)]
Sanitize the installed config_vars.mk to remove references to the
build and source directories, and to remove variables which are
internal to the httpd build system:
* build/config_vars.sh.in: New file.
* Makefile.in (build/config_vars.out): New target.
(install-build): Install build/config_vars.out as config_vars.mk.
* configure.in: Add include path for srclib/pcre to INCLUDES rather
than CPPFLAGS, and use a topdir-relative not absolute path name.
Generate build/config_vars.sh.
Paul Querna [Sat, 11 Jun 2005 00:26:19 +0000 (00:26 +0000)]
- Use apr_file_mktemp() and rename the header data file to its final location, instead of opening it and then writing it out as we go. Should prevent race conditions on busy servers.
Paul Querna [Fri, 10 Jun 2005 23:02:26 +0000 (23:02 +0000)]
* cache_save_filter:
*) Remove the first set of Validation code. Use the main if structure to check for both 'Vary: *' and 'Cache-Control: no-store'.
*) Add logging of failures for a provider's store_body function.
Joe Orton [Wed, 8 Jun 2005 14:49:54 +0000 (14:49 +0000)]
* Makefile.in (install-build, install-headers, install-conf): Minor
cleanup: use MKINSTALLDIRS unconditionally since mkdir.sh already
checks whether the target exists; use INSTALL_DATA throughout. Stop
trying to install os/*/os-inline.c which don't exist any more.
Joe Orton [Wed, 8 Jun 2005 10:40:01 +0000 (10:40 +0000)]
* modules/ssl/ssl_engine_dh.c: Adjust the embedded perl code such that
it generates the current C code again (after some refactoring a while
ago); and regenerate the file.
Joe Orton [Wed, 8 Jun 2005 08:50:19 +0000 (08:50 +0000)]
* modules/generators/mod_cgi.c (cgi_bucket_read): Log a specific error
if a timeout occurs from a blocking read; more helpful than a generic
"apr_bucket_read failed" error from some higher-up filter.
Joe Orton [Tue, 7 Jun 2005 15:32:10 +0000 (15:32 +0000)]
* modules/http/byterange_filter.c (ap_byterange_filter): Refuse to
byterange any response which may require the consumption of arbitrary
amounts of memory.
(functional changes split from whitespace/reflow changes which will
follow in a separate commit)
Paul Querna [Fri, 3 Jun 2005 20:35:27 +0000 (20:35 +0000)]
* server/main.c: Remove the suck_in_apr_password_validate() hack. apr_password_validate is part of the public APR interface and this hack should not be needed on any platform.
Jeff Trawick [Fri, 3 Jun 2005 08:23:40 +0000 (08:23 +0000)]
write a CHANGES entry for PR 34512; looks like it resolves
user-visible misprocessing in proxy ftp which could result
in directory listing for regular file retrieval
Jeff Trawick [Tue, 31 May 2005 23:57:41 +0000 (23:57 +0000)]
downgrade the log level of a proc_mutex_unlock error message
when it occurs during restart; it isn't at all uncommon then
when SysV semaphores are used for the accept mutex
same logic already in place for two other mutex calls
Paul Querna [Fri, 27 May 2005 20:23:08 +0000 (20:23 +0000)]
- Put a prefix on this error message to have a chance of finding it in the source. Just stuffing the parser error buffer into the error log is not helpful if I didn't know where it came from.
Joshua Slive [Wed, 25 May 2005 20:16:26 +0000 (20:16 +0000)]
Clean up the notes to the logformat section of the mod_log config docs.
These have been growing using the "here's something else we should
say" technique, without any serious thought for readability.
In particular:
- Remove the "..." in all the format strings, since almost nobody
uses this and it can be confusing. It is still documented, just
not included in the definitions.
- Create three sections: modifiers, examples, and a "notes" section
for stuff that doesn't go any place else.
- Remove the discussion of %v being the canonical name. I think
that it is quite clear since the addition of %V what the difference
is.
Joshua Slive [Wed, 25 May 2005 15:20:55 +0000 (15:20 +0000)]
Reverse r168030 because the not-acceptable (406)
custom error doc can't provide all the information
provided by the internal doc. Also delete the corresponding
.html.var file to avoid future confusion.
projects / apache / log