Skip to content
GitLab
  1. 10 Mar, 2016 1 commit
  3. 09 Mar, 2016 2 commits
  5. 03 Mar, 2016 4 commits
  7. 02 Mar, 2016 4 commits
    • Jim Jagielski's avatar
      Merge r1729930, r1729931 from trunk: · f38b572e
      Jim Jagielski authored 
      hostname: Test and log useragent_host per-request across various modules,
including the scoreboard, expression and rewrite engines, setenvif,
authz_host, access_compat, custom logging, ssl and REMOTE_HOST variables.
PR55348  [William Rowe]

This is the complete change set which applies cleanly to 2.4.x as well,
the server/scoreboard.c will follow, which does not apply due to drift.



A rather ugly patch since the code was refactored recently to exclude
the simple patch for 2.4.x, illustrated below.

Completes the changeset r1729930 and resolves all 2.4.19-dev corrections,
but other 2.5.0-dev specific changes may still be needed on trunk.

--- server/scoreboard.c	(revision 1729907)
+++ server/scoreboard.c	(working copy)
@@ -491,9 +491,8 @@
             ws->conn_bytes = 0;
         }
         if (r) {
-            const char *client = ap_get_remote_host(c, r->per_dir_config,
-                                 REMOTE_NOLOOKUP, NULL);
-            if (!client || !strcmp(client, c->client_ip)) {
+            const char *client;
+            if (!(client = ap_get_useragent_host(r, REMOTE_NOLOOKUP, NULL))) {
                 apr_cpystrn(ws->client, r->useragent_ip, sizeof(ws->client));
             }
             else {


Submitted by: wrowe
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733282 13f79535-47bb-0310-9956-ffa450edef68
      f38b572e
    • Jim Jagielski's avatar
      Merge r1729929 from trunk: · adda6f6f
      Jim Jagielski authored 
      Introduce an ap_get_useragent_host() accessor to replace the old
ap_get_remote_host() in most applications, but preserve the original
behavior for all ap_get_remote_host() consumers (mostly, because we
don't have the request_rec in the first place, and also to avoid any
unintended consequences).

This accessor continues to store the remote_host of connection based
uesr agents within the conn_rec for optimization.  Only where some
other module modifies the useragent_addr will we perform a per-request
query of the remote_host.

(Fixed compilation issues noted by Ranier, applies to 2.4.x trunk,
modulo CHANGES and ap_mmn.h)


Submitted by: wrowe
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733281 13f79535-47bb-0310-9956-ffa450edef68
      adda6f6f
    • Stefan Eissing's avatar
      backport of PR 59019 fix · 8273285f
      Stefan Eissing authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733278 13f79535-47bb-0310-9956-ffa450edef68
      8273285f
    • Stefan Eissing's avatar
      backport of mod_http2 v1.3.2 minus event conn-status fixup · 2bbe2c79
      Stefan Eissing authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1733259 13f79535-47bb-0310-9956-ffa450edef68
      2bbe2c79
  9. 01 Mar, 2016 1 commit
  11. 25 Feb, 2016 1 commit
  13. 18 Feb, 2016 2 commits
    • Jim Jagielski's avatar
      Merge r1721899 from trunk: · 098357b0
      Jim Jagielski authored 
      mod_cache_socache: Fix a possible cached entity body corruption when it
is received from an origin server in multiple batches and forwarded by
mod_proxy.

Upstream buckets should be setaside when saving response body (store_body),
but since those will finally be flatten in the cache buffer (commit_entity),
let's save them directly into the buffer to avoid heap allocation(s) and
the final copy.

Reported by: Mike Pastore <mike oobak.org> 

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1731082 13f79535-47bb-0310-9956-ffa450edef68
      098357b0
    • Jim Jagielski's avatar
      Merge r1653941, r1653978, r1656225, r1686853, r1686856 from trunk: · 7fe649be
      Jim Jagielski authored 
      mod_alias: Introduce expression parser support for Alias, ScriptAlias
and Redirect.


Use unsigned bit fields.


mod_alias: follow up to r1653941.
Fill empty APLOGNO().


mod_alias: follow up to r1653941.
Limit Redirect expressions to directory (Location) context
and redirect statuses (implicit or explicit).


mod_alias: follow up to r1686853.
Factorize code (no functional change).
Submitted by: minfrin, ylavic, ylavic, ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1731081 13f79535-47bb-0310-9956-ffa450edef68
      7fe649be
  15. 16 Feb, 2016 1 commit
  17. 11 Feb, 2016 3 commits
  19. 09 Feb, 2016 1 commit
  21. 28 Jan, 2016 2 commits
  23. 21 Jan, 2016 3 commits
  25. 19 Jan, 2016 2 commits
  27. 30 Dec, 2015 1 commit
  29. 28 Dec, 2015 1 commit
  31. 08 Dec, 2015 2 commits
  33. 07 Dec, 2015 2 commits
  35. 04 Dec, 2015 1 commit
  37. 26 Nov, 2015 2 commits
    • Jim Jagielski's avatar
      Merge r1711728, r1713209 from trunk: · 033018fd
      Jim Jagielski authored 
      For the "SSLStaplingReturnResponderErrors off" case, make sure to only
staple responses with certificate status "good". Also avoids including
inaccurate responses when the OCSP responder is not completely up
to date in terms of the CA-issued certificates (and provides interim
"unknown" or "extended revoked" [RFC 6960] status replies).

Log a certificate status other than "good" in stapling_check_response().

Propagate the "ok" status from stapling_check_response() back via both
stapling_renew_response() and get_and_check_cached_response() to the
callback code in stapling_cb(), enabling the decision whether to include
or skip the response.


insert missing LOGNO in ssl_util_stapling.c
Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716652 13f79535-47bb-0310-9956-ffa450edef68
      033018fd
    • Jim Jagielski's avatar
      Merge r1710095, r1710105, r1711902 from trunk: · 9f9b598d
      Jim Jagielski authored 
      core: Limit to ten the number of tolerated empty lines between request,
and consume them before the pipelining check to avoid possible response
delay when reading the next request without flushing.

Before this commit, the maximum number of empty lines was the same as
configured LimitRequestFields, defaulting to 100, which was way too much.
We now use a fixed/hard limit of 10 (DEFAULT_LIMIT_BLANK_LINES).

check_pipeline() is changed to check for (up to the limit) and comsume the
trailing [CR]LFs so that they won't be interpreted as pipelined requests,
otherwise we would block on the next read without flushing data, and hence
possibly delay pending response(s) until the next/real request comes in or
the keepalive timeout expires.
 
Finally, when the maximum number of empty line is reached in
read_request_line(), or that request line does not contains at least a method
and an (valid) URI, we can fail early and avoid some failure detected in
further processing.


core: follow up to r1710095.
Simplify logic in check_pipeline(), and log unexpected errors.


core: follow up to r1710095, r1710105.
We can do this in a single (no inner) loop, and simplify again the logic.

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716651 13f79535-47bb-0310-9956-ffa450edef68
      9f9b598d
  39. 25 Nov, 2015 1 commit
  41. 24 Nov, 2015 1 commit
  43. 20 Nov, 2015 1 commit
  45. 18 Nov, 2015 1 commit
    • Jim Jagielski's avatar
      Merge r1705194, r1705823, r1705826, r1705828, r1705833, r1706275, r1707230, r1707231 from trunk: · b8885db0
      Jim Jagielski authored 
      mod_ssl: forward EOR (only) brigades to the core_output_filter().

mod_ssl: don't FLUSH output (blocking) on read.
This defeats deferred write (and pipelining), eg. check_pipeline() is not
expecting the pipe to be flushed under it.
So let OpenSSL >= 0.9.8m issue the flush when necessary (earlier versions
are known to not handle all the cases, so we keep flushing with those).


mod_ssl: follow up to r1705823.
Oups, every #if needs a #endif...

mod_ssl: pass through metadata buckets untouched in ssl_io_filter_output(),
the core output filter needs them.

Proposed by: jorton


mod_ssl: follow up to r1705194, r1705823, r1705826 and r1705828.
Add CHANGES entry, and restore ap_process_request_after_handler()'s comment
as prior to r1705194 (the change makes no sense now).


mod_ssl: follow up to r1705823.
We still need to flush in the middle of a SSL/TLS handshake.


mod_ssl: follow up to r1705823.
Flush SSL/TLS handshake data when writing (instead of before reading),
and only when necessary (openssl < 0.9.8m or proxy/client side).


mod_ssl: follow up to r1707230: fix (inverted) logic for SSL_in_connect_init().

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715014 13f79535-47bb-0310-9956-ffa450edef68
      b8885db0