From c3e301022145409eb9c7294cc7dbcd40ab0c193e Mon Sep 17 00:00:00 2001 From: Rainer Jung Date: Sun, 22 Jul 2012 10:46:21 +0000 Subject: [PATCH] Make mod_deflate skip compression if compression is enabled at SSL level. Backport of r1359057 from trunk. Submitted by: sf Reviewed by: jorton, rjung Backported by: rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1364253 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ STATUS | 6 ------ modules/filters/mod_deflate.c | 31 +++++++++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 456aaa9857..676fc95d27 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,9 @@ Changes with Apache 2.4.3 possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled. [Niels Heinen ] + *) mod_deflate: Skip compression if compression is enabled at SSL level. + [Stefan Fritsch] + *) core: Add missing HTTP status codes registered with IANA. [Julian Reschke , Rainer Jung] diff --git a/STATUS b/STATUS index 53bca5b18e..3cec8e6b22 100644 --- a/STATUS +++ b/STATUS @@ -88,12 +88,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_deflate: Make mod_deflate skip compression if compression is enabled - at SSL level. - trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1359057 - 2.4.x patch: trunk patch works (ex. CHANGES) - +1: sf, rjung, jorton - * core: Always log if LimitRequestFieldSize triggers trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352911 2.4.x patch: trunk patch works diff --git a/modules/filters/mod_deflate.c b/modules/filters/mod_deflate.c index 0876cb4e31..48d37b1392 100644 --- a/modules/filters/mod_deflate.c +++ b/modules/filters/mod_deflate.c @@ -45,6 +45,7 @@ #include "http_request.h" #define APR_WANT_STRFUNC #include "apr_want.h" +#include "mod_ssl.h" #include "zlib.h" @@ -83,6 +84,7 @@ static const char deflate_magic[2] = { '\037', '\213' }; #define DEFAULT_MEMLEVEL 9 #define DEFAULT_BUFFERSIZE 8096 +static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *mod_deflate_ssl_var = NULL; /* Check whether a request is gzipped, so we can un-gzip it. * If a request has multiple encodings, we need the gzip @@ -419,6 +421,18 @@ static void deflate_check_etag(request_rec *r, const char *transform) } } +static int have_ssl_compression(request_rec *r) +{ + const char *comp; + if (mod_deflate_ssl_var == NULL) + return 0; + comp = mod_deflate_ssl_var(r->pool, r->server, r->connection, r, + "SSL_COMPRESS_METHOD"); + if (comp == NULL || *comp == '\0' || strcmp(comp, "NULL") == 0) + return 0; + return 1; +} + static apr_status_t deflate_out_filter(ap_filter_t *f, apr_bucket_brigade *bb) { @@ -448,6 +462,14 @@ static apr_status_t deflate_out_filter(ap_filter_t *f, char *token; const char *encoding; + if (have_ssl_compression(r)) { + ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, + "Compression enabled at SSL level; not compressing " + "at HTTP level."); + ap_remove_output_filter(f); + return ap_pass_brigade(f->next, bb); + } + /* We have checked above that bb is not empty */ e = APR_BRIGADE_LAST(bb); if (APR_BUCKET_IS_EOS(e)) { @@ -1474,6 +1496,14 @@ static apr_status_t inflate_out_filter(ap_filter_t *f, return APR_SUCCESS; } +static int mod_deflate_post_config(apr_pool_t *pconf, apr_pool_t *plog, + apr_pool_t *ptemp, server_rec *s) +{ + mod_deflate_ssl_var = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); + return OK; +} + + #define PROTO_FLAGS AP_FILTER_PROTO_CHANGE|AP_FILTER_PROTO_CHANGE_LENGTH static void register_hooks(apr_pool_t *p) { @@ -1483,6 +1513,7 @@ static void register_hooks(apr_pool_t *p) AP_FTYPE_RESOURCE-1); ap_register_input_filter(deflateFilterName, deflate_in_filter, NULL, AP_FTYPE_CONTENT_SET); + ap_hook_post_config(mod_deflate_post_config, NULL, NULL, APR_HOOK_MIDDLE); } static const command_rec deflate_filter_cmds[] = { -- 2.40.0