Skip to content
GitLab
  1. 18 Sep, 2018 1 commit
  3. 11 Sep, 2018 3 commits
  5. 31 Aug, 2018 2 commits
  7. 29 Aug, 2018 4 commits
  9. 28 Aug, 2018 1 commit
    • Yann Ylavic's avatar
      Merge r1837130 from trunk: · ae583b57
      Yann Ylavic authored 
      mod_ratelimit: Don't interfere with "chunked" encoding.

By the time ap_http_header_filter() sends the header brigade and adds the
"CHUNK" filter, we need to garantee that the header went through all the
filters' stack, and more specifically above ap_http_chunk_filter() which
assumes that all it receives is content data.
Since rate_limit_filter() may retain the header brigade, make it run after
ap_http_chunk_filter(), just before AP_FTYPE_CONNECTION filters.

Also, ap_http_header_filter() shouldn't eat the EOS for HEAD/no-body responses.
For instance mod_ratelimit depends on it since r1835168, but any next request
filter may as well to flush and/or bail out approprietely.

This fixes the regression introduced in 2.4.34 (r1835168).
PR 62568.

Submitted by: ylavic
Reviewed by: covener, ylavic, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1839497 13f79535-47bb-0310-9956-ffa450edef68
      ae583b57
  11. 15 Aug, 2018 1 commit
    • Jim Jagielski's avatar
      Merge r1418761, r1418765, r1510295, r1757147, r1805163, r1818924, r1827374,... · fd0648f2
      Jim Jagielski authored 
      Merge r1418761, r1418765, r1510295, r1757147, r1805163, r1818924, r1827374, r1831772, r1832351, r1832951, r1815004 from trunk:

Don't claim "BIO dump follows" if it is not logged due to log level config.


make ssl_io_data_dump respect per-conn loglevel


add high trace level log messages for debugging buffering and write completion


* modules/ssl/ssl_engine_kernel.c (ssl_callback_SessionTicket): Fail
  if RAND_bytes() fails; possible per API, although not in practice
  with the OpenSSL implementation.


Fix typo in log message.


ap_add_common_vars(): use apr_pstrmemdup().

This avoids a transient replacement/restore of '?' by '\0' in r->filename.


Use 'ap_request_has_body()' instead of duplicating its implemenation.

The logic in 'ap_request_has_body()' is:
    has_body = (!r->header_only
                && (r->kept_body
                    || apr_table_get(r->headers_in, "Transfer-Encoding")
                    || ( (cls = apr_table_get(r->headers_in, "Content-Length"))
                        && (apr_strtoff(&cl, cls, &estr, 10) == APR_SUCCESS)
                        && (!*estr)
                        && (cl > 0) )
                    )
                );
So the test is slighly different from the original code. (but this looks fine to me)

This also has the advantage to avoid a redundant call to 'apr_table_get()' and to improve readability.

While at it, move the test '!r->expecting_100' a few lines above because it is cheap.

PR62368: Print the unparsed URI in AH03454

... to include r->args and get otherwise get as close to possible to
what came in over the wire.

Submitted By: Hank Ibell <hwibell gmail.com>
Committed By: covener




All error handling paths of this function call 'apr_brigade_destroy()' , except this one.
So add it here too.

Probably spotted with the help of the Coccinelle software (Thx Julia for the patch and for Coccinelle)

See PR 53016

* modules/proxy/proxy_util.c (ap_proxy_share_worker): Skip creating subpool
  for debugging unless debug-level logging is enabled.  No functional change.


mod_watchdog: Correct some log messages and fix
compiler warning
"'rv' may be used uninitialized in this function".

Follow up to r1722154.

Submitted by: sf, jorton, jorton, ylavic, jailletc36, covener, jailletc36, jorton, rjung
Reviewed by: jailletc36, jim, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1838103 13f79535-47bb-0310-9956-ffa450edef68
      fd0648f2
  13. 14 Aug, 2018 1 commit
  15. 03 Aug, 2018 1 commit
  17. 23 Jul, 2018 2 commits
  19. 18 Jul, 2018 1 commit
  21. 10 Jul, 2018 1 commit
  23. 06 Jul, 2018 1 commit
  25. 05 Jul, 2018 5 commits
    • Eric Covener's avatar
      zap my name, I just noticed the accepted proposal. · f78ad6f5
      Eric Covener authored 
      

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1835189 13f79535-47bb-0310-9956-ffa450edef68
      f78ad6f5
    • Yann Ylavic's avatar
      Follow up to r1835179: CHANGES entry. · 488bba5e
      Yann Ylavic authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1835180 13f79535-47bb-0310-9956-ffa450edef68
      488bba5e
    • Yann Ylavic's avatar
      Merge r1832280 from trunk: · 8912df6d
      Yann Ylavic authored 
      In 'ap_proxy_cookie_reverse_map', iterate over each token of the 'Set-Cookie' header field in order to avoid updating the wrong one.

This could happen if the header field has something like 'fakepath=foo;path=bar". In this case fakepath would be updated instead of path.

We don't need regex anymore in order to parse the field values and 'ap_proxy_strmatch_domain' and 'ap_proxy_strmatch_path' are now useless. (and should be axed IMHO)

PR 61560


Submitted by: jailletc36
Reviewed by: jailletc36, rpluem, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1835171 13f79535-47bb-0310-9956-ffa450edef68
      8912df6d
    • Yann Ylavic's avatar
      CHANGES: trim trailing spaces. · b647b25a
      Yann Ylavic authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1835169 13f79535-47bb-0310-9956-ffa450edef68
      b647b25a
    • Yann Ylavic's avatar
      Merge r1833875 from trunk: · 31878ee9
      Yann Ylavic authored 
      mod_ratelimit: fix behavior with proxied content

mod_ratelimit works by splitting data in "chunks"
to send to the client, sleeping a predefined amount
of time between them (200ms). So for example,
a rate-limit 40 value would correspond to a chunk size
of 8192 bytes, flushed to the client every 200ms.

The idea works fine when httpd directly serves the
content, since the filter will be called once with
a single bucket brigade. In the context of a proxied
content though the filter is likely to be called multiple
times, with a bucket brigade size that corresponds to
the maximum allowed buffer size. If this value is lower
or higher than the chunk size, the filter will not
properly rate limit the data going to the client.

This patch solves the problem with two fix:
1) do_sleep is now stored in the ctx context struct,
   so if the filter is invoked multiple times it
   will still sleep when needed. For example, say
   that the chunk_size is 8192 and the bucket brigate
   len is 10240: the filter will flush 8192 bytes
   on the first invocation, sleep 200ms, flush the
   remaining bytes and then finish. The next invocation
   will do the same, clearly not leading to the
   correct "sleeping pattern".
2) The example above highlights also another issue:
   mod_ratelimit should  flush only chunk_size bytes
   at the time (I am now excluding the burst calculation
   from the picture), and buffer between invocations
   unless the brigade contains EOS.

The change has been tested with various scenarios and
it looks working as expected, but of course more
feedback/testing is welcome.

The original patch was written by me and then Yann
refactored the code to be more precise and efficient,
basically transforming an axe in a wonderful Japanese
katana sword, so credits to him for this work.

PR: 62362


Submitted by: elukey
Reviewed by: elukey, jim, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1835168 13f79535-47bb-0310-9956-ffa450edef68
      31878ee9
  27. 02 Jul, 2018 3 commits
  29. 29 Jun, 2018 1 commit
  31. 26 Jun, 2018 1 commit
  33. 25 Jun, 2018 1 commit
  35. 24 Jun, 2018 1 commit
  37. 22 Jun, 2018 4 commits
    • Yann Ylavic's avatar
      Merge r1829038, r1829039, r1830523 from trunk: · c130e10f
      Yann Ylavic authored 
      mod_xml2enc: Fix forwarding of error metadata/responses. PR 62180.

All meta buckets are now aggregated (besides FLUSH) and forwarded down
the chain, and the output filter bails out on EOS.

Proposed by: Micha Lenk <micha lenk.info>


mod_xml2enc: follow up to r1829038.

If any, pass pending meta bucket down the chain before leaving.


mod_xml2enc: follow up to r1829038 and r1829039.

Use below pending_data logic for EOS bucket.
This closes #48


Submitted by: ylavic
Reviewed by: ylavic, jim, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834104 13f79535-47bb-0310-9956-ffa450edef68
      c130e10f
    • Yann Ylavic's avatar
      Backported in r1834093. · e0292bf2
      Yann Ylavic authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834103 13f79535-47bb-0310-9956-ffa450edef68
      e0292bf2
    • Yann Ylavic's avatar
      Merge r1827362, r1828926, r1828927, r1829557, r1829573, r1829645, r1829657 from trunk: · a6bd723b
      Yann Ylavic authored 
      core: ap_getline_core() reads nothing for n == 0.

PR62199: add worker parameter ResponseFieldSize to mod_proxy

Submitted By: Hank Ibell
Committed By: covener


add log id for r1828926


core: Add and handle AP_GETLINE_NOSPC_EOL flag in ap_rgetline_core().

This tells the ap_getline() family of functions to consume the end of line
when the buffer is exhausted.

PR 62198.


mod_proxy_http: make use of AP_GETLINE_NOSPC_EOL in ap_proxygetline().

Fixes response header thrown away after the previous one was considered too
large and truncated.

PR 62196.


core: forward flags to recursive/folding call to ap_rgetline_core().

We still need them when folding, other than AP_GETLINE_FOLD itself of course.


mod_proxy_http: follow up to r1829573: remain EBCDIC friendly.

Keep using ap_rgetline() as before r1829573, since ap_rgetline_core() is
EBCDIC agnostic.


Submitted by: ylavic, covener, covener, ylavic, ylavic, ylavic, ylavic
Reviewed by: ylavic, covener, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834093 13f79535-47bb-0310-9956-ffa450edef68
      a6bd723b
    • Yann Ylavic's avatar
      Merge r1826995, r1827001 from trunk: · 7c64b2e4
      Yann Ylavic authored 
      Extend SSLOCSPEnable with mode 'leaf' that only checks the leaf of a
certificate chain. PR62112 [Ricardo Martin Camarero <rickyepoderi yahoo.es>] 

Fixed OCSPEnable to keep accepting "off", not "none".

Submitted by: icing
Reviewedby: icing, ylavic, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834089 13f79535-47bb-0310-9956-ffa450edef68
      7c64b2e4
  39. 19 Jun, 2018 2 commits
  41. 13 Jun, 2018 1 commit
  43. 06 Jun, 2018 2 commits