- 03 Jan, 2017 1 commit
-
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1777116 13f79535-47bb-0310-9956-ffa450edef68
-
- 31 Dec, 2016 1 commit
-
-
Stefan Eissing authored
mod_http2: adding support for MergeTrailers directive. mod_http2: limiting DATA frame sizes by TLS record sizes in use on the connection. Flushing outgoing frames earlier. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1776737 13f79535-47bb-0310-9956-ffa450edef68
-
- 23 Dec, 2016 3 commits
-
-
Stefan Eissing authored
Cleanup mod_http2 beamer registry on server reload. Fixes PR60510. * modules/http2/h2_bucket_beam.c register cleanup function on installation that NULLs the beamer registry on pool cleanup. Patch by: Pavel Mateja <pavel@verotel.cz me git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1775834 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
pass along error buckets In 2.4, they are generated by LimitRequestBody failures. trunk no longer uses error buckets in this path, but someone else could. PR60375 Submitted By: Eric Covener,Lubos Uhliarik <luhliari redhat.com> Committed By: covener Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1775832 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
Merge r1775813 from trunk: Fix mod_h2/github issue #126: correct lifetime of data sent on temp pools * modules/http2/h2_bucket_beam.c - ignore send pools that are sub-pools of the existing one - added h2_beam_send_from() to allow explicit registering of the correct pool for the sending * modules/http2/h2_bucket_beam.h - add prototype for h2_beam_send_from() * modules/http2/h2_mplx.c - adding logging of output beam state * modules/http2/h2_stream.c - register stream pool for sending data on input beam * modules/http2/h2_task.c - register task pool on output beam on creation - adding trace logging * modules/http2/h2_proxy_session.c - fixing a type in a comment while we're at it git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1775816 13f79535-47bb-0310-9956-ffa450edef68
-
- 16 Dec, 2016 3 commits
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774647 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
note CHANGES git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774628 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774577 13f79535-47bb-0310-9956-ffa450edef68
-
- 14 Dec, 2016 1 commit
-
-
Eric Covener authored
short-circuit some kinds of looping in RewriteRule. PR60478 Submitted By: Jeff Wheelouse <apache wheelhouse.org> Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774352 13f79535-47bb-0310-9956-ffa450edef68
-
- 13 Dec, 2016 4 commits
-
-
Jim Jagielski authored
Allow for initual burst at full speed Some "error" reporting if we overflow rate limit notes xhtml Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774071 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774065 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
heh... bring memcache up to redis :) mod_status info From Norm: NWGNUsocachmem needs to find mod_status.h Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774016 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
change error handling for bad resp headers - avoid looping between ap_die and the http filter - remove the header that failed the check - keep calling apr_table_do until our fn stops matching This is still not great. We get the original body, a 500 status code and status line. (r1773285 + fix for first return from check_headers) Follow up to r1773293. When check_headers() fails, clear anything (headers and body) from original/errorneous response before returning 500. Follow up to r1773761: don't check_headers() more than once. Follow up to r1773761: don't recurse on internal redirects. Follow up to r1773761: don't recurse on ap_send_error_response() either. Follow up to r1773761: we need to check both ap_send_error_response() and internal redirect recursions. Follow up to r1773761: improved recursion detection. Submitted by: covener, ylavic, ylavic, ylavic, ylavic, ylavic, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773995 13f79535-47bb-0310-9956-ffa450edef68
-
- 12 Dec, 2016 2 commits
-
-
Jim Jagielski authored
Drop C-L header and message-body from HTTP 204 responses. The C-L header can be set in a fcgi/cgi backend or in other filters like ap_content_length_filter (with the value of 0), meanwhile the message-body can be returned incorrectly by any backend. The idea is to remove unnecessary bytes from a HTTP 204 response. PR 51350 Submitted by: elukey Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773801 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
ProxyPass ! doesn't block per-directory ProxyPass *) mod_proxy: Honor a server scoped ProxyPass exception when ProxyPass is configured in <Location>, like in 2.2. PR 60458. [Eric Covener] Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773800 13f79535-47bb-0310-9956-ffa450edef68
-
- 08 Dec, 2016 1 commit
-
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773282 13f79535-47bb-0310-9956-ffa450edef68
-
- 07 Dec, 2016 1 commit
-
-
Jim Jagielski authored
mod_auth_digest: fix segfaults during shared memory exhaustion The apr_rmm_addr_get/apr_rmm_malloc() combination did not correctly check for a malloc failure, leading to crashes when we ran out of the limited space provided by AuthDigestShmemSize. This patch replaces all these calls with a helper function that performs this check. Additionally, fix a NULL-check bug during entry garbage collection. Submitted by: jchampion Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1773069 13f79535-47bb-0310-9956-ffa450edef68
-
- 06 Dec, 2016 3 commits
-
-
Jim Jagielski authored
mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash) to prevent deciphering or tampering with a padding oracle attack. mod_session_crypto: follow up to r1772812: CHANGES entry. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772925 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
The default value of 'inherit' should be AP_LUA_INHERIT_UNSET. With this value, the behavior is the same as 'parent-first' in the 'LuaInherit' directive If not explicitelly initialized, its value is 0 because of the 'apr_calloc 'in 'create_dir_config'. 0 means 'AP_LUA_INHERIT_NONE' PR 60419 Missing CHNAGES for r1772489 Submitted by: jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772922 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772895 13f79535-47bb-0310-9956-ffa450edef68
-
- 05 Dec, 2016 2 commits
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772685 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
r1772419 | covener | 2016-12-02 19:10:53 -0500 (Fri, 02 Dec 2016) | 7 lines Merge r1772418 from trunk: loop in checking response headers w/ HTTPProtocolOptions Unsafe ------------------------------------------------------------------------ r1772236 | wrowe | 2016-12-01 11:29:27 -0500 (Thu, 01 Dec 2016) | 8 lines Appears we cannot disallow this whitespace, since the chunk BNF coexisted with the implied *LWS rule, before RFC7230 eliminated the later. Whether this is actually OWS or BWS is an editorial decision beyond our pay grade. Backports: r1765475 Submitted by: wrowe ------------------------------------------------------------------------ r1771697 | rpluem | 2016-11-28 04:59:00 -0500 (Mon, 28 Nov 2016) | 4 lines Merge r1771690 from trunk: * Fix numbers count in comment. ------------------------------------------------------------------------ r1771696 | rpluem | 2016-11-28 04:56:42 -0500 (Mon, 28 Nov 2016) | 1 line * Re...
-
- 04 Dec, 2016 1 commit
-
-
Stefan Eissing authored
SECURITY: CVE-2016-8740 mod_http2: properly crafted, endless HTTP/2 CONTINUATION frames could be used to exhaust all server's memory. Reported by: Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State University mod_http2: wseaking cleanup assertion on streams that have never been scheduled git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772579 13f79535-47bb-0310-9956-ffa450edef68
-
- 02 Dec, 2016 4 commits
-
-
Jim Jagielski authored
Don't take over scoreboard slots from gracefully finishing threads Otherwise the old and the new thread will both update the same scoreboard slot with undefined results. add comments Document which directives set which variables Make ap_find_child_by_pid() look at all slots that have ever been used. This is preparation to allow to use more scoreboard slots in mpm event. mpm_event: minor code simplification - move variable initializations into declarations - use max_workers variable mpm_event: don't re-use scoreboard slots that are still in use This causes inconsistent data in the scoreboard (due to async connections) and makes it difficult to determine what is going on. Therefore it is not a useful fix for the scoreboard-full issues (PR 53555). The consent on the dev list is that we should allocate/use more scoreboard entries instead. Use all available scoreboard slots Allow to use all slots up to ServerLimit. This makes 'scoreboard full' errors much less likely. And if ther is a situation where the scoreboard is full, don't make any more processes finish gracefully due to reduced load until some old processes have terminated. Otherwise, the situation would get worse once the load increases again. ap_daemon_limit is renamed to the more descriptive active_server_limit, to make sure that all its uses are taken care of. PR 53555 mpm_event: add clarifying comment from jim Submitted by: sf Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772335 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
When shutting down a process, free resources early Due to lingering connections, shutting down a process may take a very long time. Free all recycled pools early in the hope that we can already give some memory back to the OS. rename some variables to be more descriptive pid -> pslot tid -> tslot remove unused 'sd' Terminate keep-alive connections when dying When shutting down a process gracefully, terminate keep-alive connections so that we don't get any new requests which may keep the dying process alive longer. Exit threads early during shutdown During graceful shutdown, if there are more running worker threads than open connections, terminate some threads. This frees resources faster, which may be needed for new processes. Exit threads early during shutdown, part 2 Follow up to r1738466: During graceful shutdown, when the listener thread is closing a connection, it needs to wake up a worker thread so that it may terminate. Submitted by: sf Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772334 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Display process slot number in the async overview Fix the number of column for 'Async connections'. There are only 3 columns (writing, keep-alive, closing), not 4. Try to improve the code layout for it to be more readable. Each <th> is on its own line so keep the corresponding "colspan" <td> fields grouped together. r1738628 introduced a new column, 'Slot'. Add an empty cell for it in the last line of the table, in order to fix the layout of the Totals. Replace tab by spaces to be consistent mod_status: note stopping procs in async info table * add new column "stopping", denoting if a process is shutting down * add additional "(old gen)", if a process is from before a graceful reload * add counts of processes and stopping processes to summary line Submitted by: sf, jailletc36, jailletc36, sf Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772333 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Merge r1597533, r1649491, r1665216, r1756553, r1756631, r1726675, r1718496, r1718476, r1747469 from trunk: mod_cache: try to use the key of a possible open but stale cache entry if we have one in cache_try_lock(). PR 50317 Submitted by: Ruediger Pluem * modules/cache/mod_socache_memcache.c (socache_mc_store): Pass through expiration time. Submitted by: Faidon Liambotis <paravoid debian.org>, jorton * mod_cache: Preserve the Content-Type in case of 304 response. 304 does not contain Content-Type and mod_mime regenerates the Content-Type based on the r->filename. This later leads to original Content-Type to be lost (overwriten by whatever mod_mime generates). mod_cache: Use the actual URI path and query-string for identifying the cached entity (key), such that rewrites are taken into account when running afterwards (CacheQuickHandler off). PR 21935. mod_cache: follow up to r1756553: log the real/actual cached URI (debug). better s-maxage support + *) mod_cache: Consider Cache-Control: s-maxage in expiration + calculations. [Eric Covener] + + *) mod_cache: Allow caching of responses with an Expires header + in the past that also has Cache-Control: max-age or s-maxage. + PR55156. [Eric Covener] remove dead code leftover from r1023387. Prior to this revision, there was an apr_atoi64 in this context. Now, ap_cache_control() sets control.max_age (which is checked here) when the maxage value was parsed OK. duplicate debug-level AH00764 in the just-validated path. Rename ap_casecmpstr[n]() to ap_cstr_casecmp[n](), update with APR doxygen Submitted by: jkaluza, jorton, jkaluza, ylavic, ylavic, covener, covener, covener, wrowe Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772331 13f79535-47bb-0310-9956-ffa450edef68
-
- 23 Nov, 2016 1 commit
-
-
Stefan Eissing authored
mod_http2: new directive H2EarlyHints git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1771018 13f79535-47bb-0310-9956-ffa450edef68
-
- 22 Nov, 2016 1 commit
-
-
Jim Jagielski authored
mod_ssl: Fix quick renegotiation (OptRenegotiaton) with no intermediate in the client certificate chain. PR 55786. This is done by handling an empty cert chain as no/NULL chain. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770838 13f79535-47bb-0310-9956-ffa450edef68
-
- 21 Nov, 2016 1 commit
-
-
Jim Jagielski authored
Avoid adding duplicate subequest filters, as they would not be stripped properly during an ap_internal_fast_redirect. Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1770672 13f79535-47bb-0310-9956-ffa450edef68
-
- 14 Nov, 2016 4 commits
-
-
Yann Ylavic authored
ab: follow up to r1733537: CHANGES entry. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1769610 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1769601 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1769599 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
mod_http2: new directive 'H2PushResource' to enable early pushes before processing of the main request starts. Resources are announced to the client in Link headers on a 103 early hint response. All responses with status code <400 are inspected for Link header and trigger pushes accordingly. 304 still does prevent pushes. 'H2PushResource' can mark resources as 'critical' which gives them higher priority than the main resource. This leads to preferred scheduling for processing and, when content is available, will send it first. 'critical' is also recognized on Link headers. mod_proxy_http2: uris in Link headers are now mapped back to a suitable local url when available. Relative uris with an absolute path are mapped as well. This makes reverse proxy mapping available for resources announced in this header. With 103 interim responses being forwarded to the main client connection, this effectively allows early pushing of resources by a reverse proxied backend server. adding support for newly proposed 103 status code. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1769595 13f79535-47bb-0310-9956-ffa450edef68
-
- 04 Nov, 2016 2 commits
-
-
Jim Jagielski authored
http: Respond with "408 Request Timeout" when a timeout occurs while reading the request body. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1768079 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mpm_unix: Apache fails to start if previously crashed then restarted with the same PID (e.g. in container). PR 60261. Proposed by: Val <valentin.bremond gmail.com> Reviewed by: ylavic Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1768078 13f79535-47bb-0310-9956-ffa450edef68
-
- 02 Nov, 2016 1 commit
-
-
Eric Covener authored
cleanup next git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1767647 13f79535-47bb-0310-9956-ffa450edef68
-
- 01 Nov, 2016 3 commits
-
-
Stefan Eissing authored
mod_http2/mod_proxy_http2 improvments as in CHANGES git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1767563 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_remoteip: Use r->useragent_addr as the root trusted address for verifying. This fixes issue resulting in setting of bad useragent_ip when internal redirection has been generated as response to the request (typically as result of "ErrorDocument 40x"). In this case, the original request has been handled by mod_remoteip and its useragent_ip has been changed properly, but when internal redirection to ErrorDocument has been generated later, the mod_remoteip's handler has been executed again with *the same* c->client_addr as in the original request. If c->client_addr IP is trusted, this results in bad useragent_ip being set. When using r->useragent_addr as the root trusted address instead of c->client_addr, the internal redirection uses the first non-trusted IP in this particular case, so it won't change the r->useragent_ip during the internal redirection to ErrorDocument. Submitted by: jkaluza Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1767483 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1767482 13f79535-47bb-0310-9956-ffa450edef68
-