Skip to content
  1. Jul 05, 2018
    • Yann Ylavic's avatar
      Merge r1833875 from trunk: · 31878ee9
      Yann Ylavic authored 
      mod_ratelimit: fix behavior with proxied content

mod_ratelimit works by splitting data in "chunks"
to send to the client, sleeping a predefined amount
of time between them (200ms). So for example,
a rate-limit 40 value would correspond to a chunk size
of 8192 bytes, flushed to the client every 200ms.

The idea works fine when httpd directly serves the
content, since the filter will be called once with
a single bucket brigade. In the context of a proxied
content though the filter is likely to be called multiple
times, with a bucket brigade size that corresponds to
the maximum allowed buffer size. If this value is lower
or higher than the chunk size, the filter will not
properly rate limit the data going to the client.

This patch solves the problem with two fix:
1) do_sleep is now stored in the ctx context struct,
   so if the filter is invoked multiple times it
   will still sleep when needed. For example, say
   that the chunk_size is 8192 and the bucket brigate
   len is 10240: the filter will flush 8192 bytes
   on the first invocation, sleep 200ms, flush the
   remaining bytes and then finish. The next invocation
   will do the same, clearly not leading to the
   correct "sleeping pattern".
2) The example above highlights also another issue:
   mod_ratelimit should  flush only chunk_size bytes
   at the time (I am now excluding the burst calculation
   from the picture), and buffer between invocations
   unless the brigade contains EOS.

The change has been tested with various scenarios and
it looks working as expected, but of course more
feedback/testing is welcome.

The original patch was written by me and then Yann
refactored the code to be more precise and efficient,
basically transforming an axe in a wonderful Japanese
katana sword, so credits to him for this work.

PR: 62362


Submitted by: elukey
Reviewed by: elukey, jim, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1835168 13f79535-47bb-0310-9956-ffa450edef68
      31878ee9
  3. Jul 02, 2018
  5. Jun 29, 2018
  7. Jun 26, 2018
  9. Jun 25, 2018
  11. Jun 24, 2018
  13. Jun 22, 2018
    • Yann Ylavic's avatar
      Merge r1829038, r1829039, r1830523 from trunk: · c130e10f
      Yann Ylavic authored 
      mod_xml2enc: Fix forwarding of error metadata/responses. PR 62180.

All meta buckets are now aggregated (besides FLUSH) and forwarded down
the chain, and the output filter bails out on EOS.

Proposed by: Micha Lenk <micha lenk.info>


mod_xml2enc: follow up to r1829038.

If any, pass pending meta bucket down the chain before leaving.


mod_xml2enc: follow up to r1829038 and r1829039.

Use below pending_data logic for EOS bucket.
This closes #48


Submitted by: ylavic
Reviewed by: ylavic, jim, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834104 13f79535-47bb-0310-9956-ffa450edef68
      c130e10f
    • Yann Ylavic's avatar
      Backported in r1834093. · e0292bf2
      Yann Ylavic authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834103 13f79535-47bb-0310-9956-ffa450edef68
      e0292bf2
    • Yann Ylavic's avatar
      Merge r1827362, r1828926, r1828927, r1829557, r1829573, r1829645, r1829657 from trunk: · a6bd723b
      Yann Ylavic authored 
      core: ap_getline_core() reads nothing for n == 0.

PR62199: add worker parameter ResponseFieldSize to mod_proxy

Submitted By: Hank Ibell
Committed By: covener


add log id for r1828926


core: Add and handle AP_GETLINE_NOSPC_EOL flag in ap_rgetline_core().

This tells the ap_getline() family of functions to consume the end of line
when the buffer is exhausted.

PR 62198.


mod_proxy_http: make use of AP_GETLINE_NOSPC_EOL in ap_proxygetline().

Fixes response header thrown away after the previous one was considered too
large and truncated.

PR 62196.


core: forward flags to recursive/folding call to ap_rgetline_core().

We still need them when folding, other than AP_GETLINE_FOLD itself of course.


mod_proxy_http: follow up to r1829573: remain EBCDIC friendly.

Keep using ap_rgetline() as before r1829573, since ap_rgetline_core() is
EBCDIC agnostic.


Submitted by: ylavic, covener, covener, ylavic, ylavic, ylavic, ylavic
Reviewed by: ylavic, covener, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834093 13f79535-47bb-0310-9956-ffa450edef68
      a6bd723b
    • Yann Ylavic's avatar
      Merge r1826995, r1827001 from trunk: · 7c64b2e4
      Yann Ylavic authored 
      Extend SSLOCSPEnable with mode 'leaf' that only checks the leaf of a
certificate chain. PR62112 [Ricardo Martin Camarero <rickyepoderi yahoo.es>] 

Fixed OCSPEnable to keep accepting "off", not "none".

Submitted by: icing
Reviewedby: icing, ylavic, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834089 13f79535-47bb-0310-9956-ffa450edef68
      7c64b2e4
  15. Jun 19, 2018
  17. Jun 13, 2018
  19. Jun 06, 2018
  21. May 31, 2018
    • Christophe Jaillet's avatar
      Fix typo · 36dee519
      Christophe Jaillet authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1832644 13f79535-47bb-0310-9956-ffa450edef68
      36dee519
    • Joe Orton's avatar
      Merge r1769718, r1785943, r1786110, r1786119 from trunk: · 9e419e1c
      Joe Orton authored 
      add an <IfFile> config section like <IfDefine>

It allows a non httpd config file to be used as a marker directly in
httpd.conf without hiding logic in a script in front of apachectl
to do test -f and pass extra -D's.

This is something we've had in IBM's httpd distro for a little bit and
hadn't remembered to share. I've seen some questions/config files come
up in a few places lately that would benefit from this as an option.

Remove duplicate implementations of conditional section function.  No
functional change.

* server/core.c (start_cond_section): Factor out from start_if*.
  Adjust to use apr_strmemdup.
  (test_ifmod_section, test_iffile_section, test_ifdefine_section):
  Move container-specific tests into callbacks from start_if*.
  (core_cmds): Adjust <IfFile, <IfDefine, <IfModule to use
  start_cond_section with callbacks.

Add <IfDirective> and <IfSection>:

* server/core.c
  (test_ifdirective_section, test_ifsection_section): New callbacks.
  (core_cmds): Define new directives.

* include/http_config.h, server/config.c (ap_exists_directive):
  New function.

* include/ap_mmn.h: Bump MMN minor for above.

* docs/manual/mod/core.xml: Add docs.

* server/core.c (start_cond_section): Comment & variable name fixes,
  no functional change.

Submitted by: covener, jorton
Reviewed by: jorton, ylavic, covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1832623 13f79535-47bb-0310-9956-ffa450edef68
      9e419e1c
    • Jim Jagielski's avatar
      Add in userland change notice · 178e3f40
      Jim Jagielski authored 
      
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1832612 13f79535-47bb-0310-9956-ffa450edef68
      178e3f40
    • Jim Jagielski's avatar
      Merge r1828890, r1832500 from trunk: · fd40a2da
      Jim Jagielski authored 
      mod_proxy_balancer: Add hot spare member type and corresponding flag (R). Hot spare members are
used as drop-in replacements for unusable workers in the same load balancer set. This differs
from hot standbys which are only used when all workers in a set are unusable. PR 61140.


mod_proxy_balancer: follow up to r1828890: indentation and 80 col.


Submitted by: jhriggs, ylavic
Reviewed by: jhriggs, jim, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1832609 13f79535-47bb-0310-9956-ffa450edef68
      fd40a2da
  23. May 30, 2018
    • Jim Jagielski's avatar
      Merge r1341905, r1342065, r1341930, r1345147, r1344712, r1814465 from trunk: · 40bb4ca3
      Jim Jagielski authored 
      suexec: Add support for logging to syslog as an alternative to a
logfile.

* support/suexec.c (err_output) [AP_LOG_SYSLOG]: Log to syslog.
  (main): Close syslog fd if open, before execv.  Add -V output
  for AP_LOG_SYSLOG.

* configure.in: Add --with-suexec-syslog argument; allow
  --without-suexec-logfile to omit definition of AP_LOG_EXEC.


suexec: Support use of setgid/setuid capability bits on Linux, a
weaker set of privileges than the full setuid/setgid root binary.

* configure.in: Add --enable-suexec-capabilites flag.

* Makefile.in: If configured, use setcap instead of chmod 7555 on
  installed suexec binary.

* modules/arch/unix/mod_unixd.c (unixd_pre_config): Drop test for
  setuid bit if capability bits are used.

* docs/manual/: Add docs.


* docs/manual/suexec.html.en: Update for syslog logging.


* configure.in: Correct handling of --with-suexec-logfile in r1341905,
  thanks to rpluem.


* support/suexec.c: Define AP_LOG_FACILITY.
  (err_output): Use AP_LOG_FACILITY for syslog facility.

Suggested by: kbrand


* configure.in: Fix help text for --with-suexec-syslog.

Submitted by: jorton
Reviewed by: jorton, ylavic, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1832565 13f79535-47bb-0310-9956-ffa450edef68
      40bb4ca3
  25. May 29, 2018
  27. Apr 26, 2018
  29. Apr 18, 2018
  31. Apr 09, 2018
  33. Mar 26, 2018
  35. Mar 24, 2018