Fix segfault with Solaris LDAP SDK when enabling ldaps.

Enable SSL by passing secure=1 to apr_ldap_init instead of calling
apr_ldap_set_option(... APR_LDAP_OPT_TLS ...).

This change carefully avoids any change of behavior on non-Solaris LDAP SDKs.

PR: 42682


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1209604 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1209070 13f79535-47bb-0310-9956-ffa450edef68

mod_rewrite: Add the AllowNoSlash RewriteOption, which makes it possible
for RewriteRules to be placed in .htaccess files that match the directory
with no trailing slash. PR 48304.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1209057 13f79535-47bb-0310-9956-ffa450edef68

mod_session_crypto: Add a SessionCryptoPassphraseFile directive so that the
administrator can hide the keys from the configuration.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1208518 13f79535-47bb-0310-9956-ffa450edef68

as per the following thread:
http://www.gossamer-threads.com/lists/apache/dev/395830?do=post_view_threaded#395830


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1208384 13f79535-47bb-0310-9956-ffa450edef68

Introduce a per request version of the remote IP address, which can be
optionally modified by a module when the effective IP of the client
is not the same as the real IP of the client (such as a load balancer).
Introduce a per connection "peer_ip" and a per request "client_ip" to
distinguish between the raw IP address of the connection and the effective
IP address of the request.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1208378 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1205850 13f79535-47bb-0310-9956-ffa450edef68

Pass ap_errorlog_info to error_log hook


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1205573 13f79535-47bb-0310-9956-ffa450edef68

mod_cache_disk: Make sure we check return codes on all writes and attempts
to close, and clean up after ourselves in these cases. PR43589.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204602 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204357 13f79535-47bb-0310-9956-ffa450edef68

PR51471: IndexIgnore doesn't work in DirectoryMatch.




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204342 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204320 13f79535-47bb-0310-9956-ffa450edef68

PR39923: Allow AddDescription to work with absolute filesystem paths,
by not adding "*/" to their prefix (intended for relative paths)




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204309 13f79535-47bb-0310-9956-ffa450edef68

mod_cache_disk: Remove the unnecessary intermediate brigade while
writing to disk. Fixes a problem where mod_disk_cache was leaving 
buckets in the intermediate brigade and not passing them to out on 
exit.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204102 13f79535-47bb-0310-9956-ffa450edef68

Change the SSLCipherSuite default to a shorter, whitelist
oriented definition, and add an example for a speed-optimized
configuration (commented out by default).

In the SSL How-To, streamline the SSLCipherSuite examples where
applicable (explicitly banning EXP and NULL is not needed when
only HIGH is specified).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1203753 13f79535-47bb-0310-9956-ffa450edef68

drop SSLv2 support (set SSL_OP_NO_SSLv2 for any new SSL_CTX)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1203495 13f79535-47bb-0310-9956-ffa450edef68

add per-dir config merging to mod_lua so LuaHook* in multiple per-dir sections
behaves as expected instead of discarding previous sections.


Reviewed by: covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201445 13f79535-47bb-0310-9956-ffa450edef68

Server directive display (-L): Include directives of DSOs.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201358 13f79535-47bb-0310-9956-ffa450edef68

mod_cache: Make sure we merge headers correctly when we handle a
non cacheable conditional response. PR52120.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201332 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201216 13f79535-47bb-0310-9956-ffa450edef68

Part 3: Remote MPM simple.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201214 13f79535-47bb-0310-9956-ffa450edef68

Part 2: Remove mod_serf.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201210 13f79535-47bb-0310-9956-ffa450edef68

Part 1: mod_noloris was superseded by mod_reqtimeout.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201164 13f79535-47bb-0310-9956-ffa450edef68

Set MaxMemFree 2048 by default


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201161 13f79535-47bb-0310-9956-ffa450edef68

Fix assertion failure during very high load by preventing race condition
between appending to the timeout queues and adding to the pollset. We don't
add additional locking calls but only extend the present calls to include the
apr_pollset_add. Therefore this hopefully should not cause too much performance
regression.

Add some comments 

Replace two AP_DEBUG_ASSERTS with better error handling


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201149 13f79535-47bb-0310-9956-ffa450edef68

1) Promoted from "most" to "yes/few"

- mod_headers

2) Demoted from "yes/few" to "most"

- mod_actions
- mod_allowmethods
- mod_auth_form
- mod_buffer
- mod_cgi(d)
- mod_include
- mod_negotiation
- mod_ratelimit
- mod_request
- mod_userdir

Remember: default module set is "most",
but only the LoadModule lines of all
modules except "yes/few" are commented out by default.

The following modules will now be loaded by default:

- mod_access_compat
- mod_alias
- mod_auth_basic
- mod_authn_core
- mod_authn_file
- mod_authz_core
- mod_authz_groupfile
- mod_authz_host
- mod_authz_user
- mod_autoindex
- mod_dir
- mod_env
- mod_filter
- mod_headers
- mod_log_config
- mod_mime
- mod_mpm_event
- mod_reqtimeout
- mod_setenvif
- mod_status
- mod_unixd
- mod_version

Backport of r1201111 from trunk.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201118 13f79535-47bb-0310-9956-ffa450edef68

Backport of r1201042 from trunk.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201046 13f79535-47bb-0310-9956-ffa450edef68

Merge r1200475, r1200478, r1200482, r1200491, r1200513, r1200550, r1200580, r1200605, r1200612, r1200614, r1200639, r1200646, r1200656, r1200667, r1200679, r1200699, r1200957, r1200961, r1200963 from trunk:

fix issue with incorrect munging of the lua package path -- LuaPackagePath directives were not working

Default to not allowing htaccess in /, instead of just the documentroot, which gets a nice 10% performance boost by default for me.

* modules/ssl/ssl_private.h, modules/ssl/ssl_engine_kernel.c
  (ssl_callback_tlsext_tickets): Use unsigned char * to fix gcc
  -Wpointer-sign warnings.


Only load the really imporant modules (i.e. those enabled by the 'few'
selection) by default. Don't handle modules enabled with --enable-foo
specially.

This fixes problems with module dependencies until someone implements a
mechanism for resolving module dependencies.


remove last traces of the code cache

* modules/proxy/mod_proxy_html.c (comp_urlmap): Fix const-ness warning.


* modules/lua/mod_lua.c (ap_lua_ssl_is_https): New function.
  (lua_post_config): Pick up ssl_is_https optional function.

* modules/lua/lua_request.c (req_ssl_is_https_field): New function.
  (ap_lua_load_request): Map is_https field to above.


remove some debug logging which snuck in

remove ability to set min and max pool sizes for server scope in prep for removing server scope

remove lingering reslist references before killing server scope

replace server scope with thread scope

use a sub-pool for scope_once

Fix installation of conf/extra/proxy-html.conf.

Otherwise httpd does no longer start, because
it is the only extra file required in the main
config at the moment.


Rebuild xdoc transform


Clarify docs for LimitRequestLine, as per bug #51665.


Rebuild doc transforms.

Submitted by: brianm, pquerna, jorton, sf, brianm, jorton, jorton, sf, pquerna, brianm, brianm, brianm, brianm, brianm, jorton, rjung, rbowen, rbowen, rbowen
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1200981 13f79535-47bb-0310-9956-ffa450edef68

temporary intervals with no active MPM children.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1200449 13f79535-47bb-0310-9956-ffa450edef68

* SSLTicketKeyFile: To store the private information for the encryption of the ticket.
* SSLTicketKeyDefault To set the default, otherwise the first listed token is used.  This enables key rotation across servers.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1200040 13f79535-47bb-0310-9956-ffa450edef68

advantage that we don't leak internal IP addresses in reverse proxy setups.
Also, use hex to make the cookie shorter.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199987 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199519 13f79535-47bb-0310-9956-ffa450edef68

when using --enable-load-all-modules with configure.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199467 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199447 13f79535-47bb-0310-9956-ffa450edef68

etag generation in mod_dav_fs to the new default.

PR 49623.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199086 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199056 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199031 13f79535-47bb-0310-9956-ffa450edef68

or explicitly selected by a configure --enable-foo argument. The
LoadModule statements for modules enabled by --enable-mods-shared=most
and friends will be commented out.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199027 13f79535-47bb-0310-9956-ffa450edef68

with mod_setenvif via a malicious .htaccess

CVE-2011-3607
http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1198940 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1198904 13f79535-47bb-0310-9956-ffa450edef68