mod_proxy: Allow reverse-proxy to be set via explicit handler.

Submitted by: ryo takatsuki <ryotakatsuki gmail com>
Reviewed by: ylavic, jim, mrumph


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604378 13f79535-47bb-0310-9956-ffa450edef68

ab: support custom HTTP method with -m argument.

PR: 56604
Submitted by: Roman Jurkov <winfinit gmail.com>
Reviewed by: ylavic, trawick, covener

(r1601680 and r1601700 not reflected in mergeinfo due to
a collision with an unrelated trunk change)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604373 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604340 13f79535-47bb-0310-9956-ffa450edef68

- IVM changed to use shm
- More verbose error logging (no functional change)
- Miscellaneous refactoring that was in trunk but not in 2.4.x (no functional change as such)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604339 13f79535-47bb-0310-9956-ffa450edef68

core: avoid a double apr_time_now() call on the first succeeding read.

* Correctly escape user provided data.

PR: 56532
Submitted by: Maksymilian <max cert.cx>
Reviewed by: rpluem


Save a few bytes of memory. This can be done in temp_pool.

Fix layout

don't pass uninitialized rv passed to ap_log_rerror()
  (rv wasn't interesting / follow an existing example)

stop throwing away a pointer on the heap

(clang scan-build)


add the URI to DEBUG message 00765 (and drop an exclamation point):

  Cache provider's store_body failed!



Doxygen fix + reorg to match how other header files are built
Submitted by: ylavic, rpluem, jailletc36, jailletc36, trawick, covener, jailletc36
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1603141 13f79535-47bb-0310-9956-ffa450edef68

mod_proxy_fcgi: Support iobuffersize parameter.

Submitted by: trawick
Reviewed by: jim, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1601749 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1599597 13f79535-47bb-0310-9956-ffa450edef68

Merge r1546730, r1583008, r1571369, r1552130, r1578760, r1592615, r1592632, r1595321, r1550302, r1550307, r1585435 from trunk:

fix whitespace in a debug message

s/comment/self-documenting/

normalize an ugly construct which somehow manages to return the correct value

This is annoying to see in a casual "LogLevel debug foo:traceX ..."




Use 'apr_table_setn' instead of 'apr_table_set' when possible in order to save memory.

Follow-up to r1592529:

Define default port for "scgi" schemes (as chosen by
mod_proxy_scgi) in a common location.

Suggested by: jailletc36


fix Doxygen markup error

Submitted by: jailletc36


Tweak a AP_DEBUG_ASSERT condition.
Valid index to use 'req_header_var_names' are 0...6

mod_auth_form: Add a debug message when the fields on a form are not
recognised.


mod_auth_form: Make the trace logging consistent through the notes, session
and form authentication steps.


mod_auth_form: update empty log tags.
Submitted by: trawick, covener, jailletc36, trawick, trawick, jailletc36, minfrin, minfrin, ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1599501 13f79535-47bb-0310-9956-ffa450edef68

mod_proxy_wstunnel: Fix the use of SSL connections with the "wss:" scheme.
                    PR55320.

Submitted by: Alex Liu <alex.leo.ca gmail.com>
Committed by: ylavic

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1598603 13f79535-47bb-0310-9956-ffa450edef68

mod_socache_shmcb: Correct counting of expirations for status display.
Expirations happening during retrieval were not counted.

Submitted by: rjung
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1595918 13f79535-47bb-0310-9956-ffa450edef68

mod_cache: Retry unconditional request with the full URL (including the
           query-string) when the origin server's 304 response does not
           match the conditions used to revalidate the stale entry.

http://www.mail-archive.com/dev@httpd.apache.org/msg59884.html

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1595917 13f79535-47bb-0310-9956-ffa450edef68

mod_alias: Stop setting CONTEXT_PREFIX and CONTEXT_DOCUMENT environment
variables as a result of AliasMatch.

Submitted by: covener
Reviewed by: jim, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1594539 13f79535-47bb-0310-9956-ffa450edef68

mod_proxy_scgi: Support Unix sockets.

ap_proxy_port_of_scheme(): Support default SCGI port (4000).

Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1593004 13f79535-47bb-0310-9956-ffa450edef68

        programs, and implement a special merging algorithm for
             SSLCertificate[Key]File to emulate the behavior in versions <= 2.4.7



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1593003 13f79535-47bb-0310-9956-ffa450edef68

Fix errors with CacheLock on Windows:

cache_util.c(757): (OS 80)The file exists.  : [client 127.0.0.1:63889] 
AH00784: Attempt to obtain a cache lock for stale cached URL failed, 
revalidating entry anyway: 

Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1593000 13f79535-47bb-0310-9956-ffa450edef68

mod_expires: don't add Expires header to error responses (4xx/5xx),
             be they generated or forwarded. PR 55669.


Follow up to r1584430.

Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1592999 13f79535-47bb-0310-9956-ffa450edef68

mod_proxy_fcgi: Don't segfault when failing to connect to the backend.


now understood why users haven't reported the segfault (yet) when mod_proxy_fcgi
can't connect to the application

Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1592998 13f79535-47bb-0310-9956-ffa450edef68

                   on startup if default socache_provider is used and
                   AuthnCacheEnable or AuthnCacheProvideFor is used.
                   This problem has been introduced in r1531961.
                   PR 56371.

Submitted by: jkaluza
Reviewed by: ylavic, jim, trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1592991 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588763 13f79535-47bb-0310-9956-ffa450edef68

Also clear the error queue before calling SSL_CTX_use_certificate[_chain]_file
(workaround for OpenSSL versions before 0.9.8h, see
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=1513).

PR 56410.

Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588496 13f79535-47bb-0310-9956-ffa450edef68

  *) mod_proxy_wstunnel: Don't pool backend websockets connections,
     because we need to handshake every time. PR 55890.
     [Eric Covener]



actually remove mod_reqtimeout, since the util_filter functions involved
only manipulate c->input_filters no matter what we pass. We need to make
copies of c->input_filters after, not before, it skips over reqtimeout.

Note: reqtimeout doesn't really interfere today with normal operation,
but this is misleading/confusing when dealing with other
wstunnel issues.



cleanup wstunnel error handling

Submitted By: covener, ylavic, Edward Lu
Commited By: covener



followup to r1587036.

if backend->close is set too early, proxy_util.c will close it right 
away and then blow away the field.

Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588495 13f79535-47bb-0310-9956-ffa450edef68

Bring SNI behavior into better conformance with RFC 6066:

- no longer send a warning-level unrecognized_name(112) alert
  when no matching vhost is found (PR 56241)

- at startup, only issue warnings about IP/port conflicts and name-based
  SSL vhosts when running with an OpenSSL without TLS extension support
  (almost 5 years after SNI was added to 2.2.x, the
  "[...] only work for clients with TLS server name indication support"
  warning feels obsolete)

Proposed by: kbrand
Reviewed by: jorton, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588424 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588356 13f79535-47bb-0310-9956-ffa450edef68

mod_auth_form: Make sure the optional functions are loaded even when
the AuthFormProvider isn't specified.

Submitted by: minfrin
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588247 13f79535-47bb-0310-9956-ffa450edef68

Only read "active" values from the key_files array. PR 56306.

Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588246 13f79535-47bb-0310-9956-ffa450edef68

Reverse the order when merging global and vhost-level config arrays.
Putting the vhost-level elements last allows overriding global settings
(for the deprecated SSLRequire directive, the order is irrelevant,
all of them must be met, cf. ssl_engine_kernel.c:ssl_hook_Access).

Submitted by: kbrand
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588245 13f79535-47bb-0310-9956-ffa450edef68

If the "value" argument is prefixed with expr=, parse it with ap_expr
rather than mod_headers' built-in format strings.


Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588244 13f79535-47bb-0310-9956-ffa450edef68

* support/rotatelogs.c (main): Prevent creation of zombies from
  post-rotate programs.

Reviewed by: druggeri, ylavic, covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588175 13f79535-47bb-0310-9956-ffa450edef68

Merged /httpd/httpd/trunk:r1515403,1515411,1515420,1517175,1521909,1526647,1541181,1578762,1585054,1585072,1588054

mod_authnz_fcgi: New module to enable FastCGI authorizer
applications to authenticate and/or authorize clients.

Submitted by: trawick, jailletc36, gsmith
Approved by: trawick, jim, gsmith

(Thanks gsmith for the Windows build bits!)



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588064 13f79535-47bb-0310-9956-ffa450edef68

* Do not parse URL in case of regular expression as they likely do not follow
  the URL syntax.

PR: 56074

Submitted by: rpluem
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587699 13f79535-47bb-0310-9956-ffa450edef68

mod_reqtimeout: Resolve unexpected timeouts on keepalive requests 
under the Event MPM. PR56216.  

Submitted By: Frank Meier <frank meier ergon ch>
Committed By: covener



Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587697 13f79535-47bb-0310-9956-ffa450edef68

Add suspend_connection and resume_connection hooks to notify modules
when the thread/connection relationship changes.  (Currently implemented
only for the Event MPM; should be implemented for all async MPMs.)


follow-up to r1546759: remove an inadvertently committed testcase
Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587695 13f79535-47bb-0310-9956-ffa450edef68

mod_proxy_fcgi: Fix sending of response without some HTTP headers
that might be set by filters.

The problem occurs when no body bytes were read while reading the
response headers, resulting in an empty brigade being sent down
the filter stack.  One particualr filter that mishandles the empty
initial brigade is mod_deflate.  It neglects to add to the response
header fields.

PR: 55558
Submitted by: Jim Riggs <jim riggs.me>
Reviewed by: trawick

Submitted by: trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587694 13f79535-47bb-0310-9956-ffa450edef68

Do not delete the wrong data from HTML code when a "http-equiv" meta tag specifies a Content-Type behind any other "http-equiv" meta tag.
PR 56287 [Micha Lenk <micha lenk info>]
Submitted by: jailletc36
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587693 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1584443 13f79535-47bb-0310-9956-ffa450edef68

with proxy under the 2.4.8 section

it had already been added the the proper (2.4.7) section


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1583378 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1582968 13f79535-47bb-0310-9956-ffa450edef68

mod_lua: Prevent HTTP Response Splitting by not allowing tables in the request_rec to be set with values containing newlines. 

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1582264 13f79535-47bb-0310-9956-ffa450edef68

mod_lua: escape key/value pairs when setting cookies to prevent header splitting with tainted cookies.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1582255 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1582251 13f79535-47bb-0310-9956-ffa450edef68