Commits · 9e1a503f1948a241c57dda8fe074a59ee179d25a · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

Jan 17, 2011

* modules/ssl/ssl_engine_io.c: Revamp output buffering: add a · 9e1a503f

Joe Orton authored Jan 17, 2011

  "coalesce" filter which buffers the plaintext, and remove buffering
  of the SSL records -- i.e. buffer before the SSL output filter,
  rather than after it.  This aims to reduce the network overhead
  imposed by the output of many small brigades (such as produced by
  chunked HTTP response), which can now be transformed into a few
  large TLS records rather than many small ones.

  (ssl_filter_ctx_t): Remove "nobuffer" field.
  (bio_filter_out_ctx_t): Remove length, buffer, blen fields.
  (bio_filter_out_pass): Split from bio_filter_out_flush.
  (bio_filter_out_write): Remove handling of buffer.
  (bio_filter_out_ctrl): Adjust to reflect lack of buffer.
  (ssl_io_filter_coalesce): Add new filter...
  (ssl_io_filter_init): ...add it to the filter chain...
  (ssl_io_filter_register): ...and register it.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1059910 13f79535-47bb-0310-9956-ffa450edef68

9e1a503f

Merge the <If> sections in a separate step ap_if_walk, after ap_location_walk. · f03240fe

Stefan Fritsch authored Jan 17, 2011

This makes <If> apply to all requests, not only to file base requests and
it allows to use <If> inside <Directory>, <Location>, and <Files> sections.

The merging of <If> sections always happens after the merging of <Location>
sections, even if the <If> section is embedded inside a <Directory> or
<Files> section.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1059867 13f79535-47bb-0310-9956-ffa450edef68

f03240fe

Jan 13, 2011

It's a change · 4674cb71

Jim Jagielski authored Jan 13, 2011

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1058660 13f79535-47bb-0310-9956-ffa450edef68

4674cb71

Jan 09, 2011

mod_status: Don't show slots which are disabled by MaxClients as open. · aa4cdfe7

Stefan Fritsch authored Jan 09, 2011

PR: 47022
Submitted by: Jordi Prats <jordi prats gmail com>, Stefan Fritsch


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1057048 13f79535-47bb-0310-9956-ffa450edef68

aa4cdfe7

Fix ap_mpm_query results: · c0b17fc6

Stefan Fritsch authored Jan 09, 2011

AP_MPMQ_MAX_THREADS: Single threaded means one thread per child, not zero
AP_MPMQ_MAX_DAEMONS: Max # daemons by config is determined by MaxClients, not
ServerLimit

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1057045 13f79535-47bb-0310-9956-ffa450edef68

c0b17fc6

Jan 08, 2011

Fix a bug in authz logic merging which caused · 39888312

Stefan Fritsch authored Jan 08, 2011

        section->op == AUTHZ_LOGIC_AND
        auth_result == AUTHZ_DENIED_NO_USER
        child_result == AUTHZ_GRANTED
to return AUTHZ_GRANTED instead of AUTHZ_DENIED_NO_USER.

While there, refactor the if blocks to make them a bit more readable.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1056713 13f79535-47bb-0310-9956-ffa450edef68

39888312

Jan 05, 2011

Change AuthnCacheProvider --> AuthnCacheProvideFor to deal with overloading · 0ccc1f15

Nick Kew authored Jan 05, 2011

of "provider" and likely confusion with AuthnCacheSOCache.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1055447 13f79535-47bb-0310-9956-ffa450edef68

0ccc1f15

mod_proxy_http: Allocate the fake backend request from a child pool · 06db2334

Graham Leggett authored Jan 05, 2011

of the backend connection, instead of misusing the pool of the frontend
request. Fixes a thread safety issue where buckets set aside in the
backend connection leak into other threads, and then disappear when
the frontend request is cleaned up, in turn causing corrupted buckets
to make other threads spin.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1055250 13f79535-47bb-0310-9956-ffa450edef68

06db2334

Jan 01, 2011

Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables · 2e5ee430

Stefan Fritsch authored Jan 01, 2011

to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
escape other special characters with backslashes. The old format can
still be used with the LegacyDNStringFormat argument to SSLOptions.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1054323 13f79535-47bb-0310-9956-ffa450edef68

2e5ee430

Dec 30, 2010
- Make the REQUEST_SCHEME variable available to scripts and mod_rewrite · f04c9baf
  Stefan Fritsch authored Dec 30, 2010
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1053872 13f79535-47bb-0310-9956-ffa450edef68
```
  f04c9baf
Dec 29, 2010

Allow to use arbitrary boolean expressions (ap_expr) in RewriteCond. · b4b7a277
Stefan Fritsch authored Dec 29, 2010
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1053750 13f79535-47bb-0310-9956-ffa450edef68
```
b4b7a277

Allow to unset environment variables using E=!VAR. · a4e48875

Stefan Fritsch authored Dec 29, 2010

PR: 49512
Submitted by: Mark Drayton <mark markdrayton info>, Stefan Fritsch


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1053726 13f79535-47bb-0310-9956-ffa450edef68

a4e48875

revert r1031670: · 6ec25d2d

Eric Covener authored Dec 29, 2010

Change the default of the Header directive to apply to responses of all types
instead of just 2xx successful responses.

This turned out to be do more harm than good for anything other
than "set", since "always" doesn't ever see/operate on existing
r->headers_out headers -- just err_headers_out.

I think onsuccess needs to remain the default and this needs to move into a
doc revamp.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1053516 13f79535-47bb-0310-9956-ffa450edef68

6ec25d2d

add a 2.3.9-era CHANGES entry that should have been noted for · 6820bb09

Eric Covener authored Dec 29, 2010

mod_headers defaults.

Should I flag this CHANGES entry in any way?


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1053515 13f79535-47bb-0310-9956-ffa450edef68

6820bb09

Dec 28, 2010

Applying patch from PR 33078 (with slight changes to its return values) · 670c6408

Igor Galić authored Dec 28, 2010

This patch disallows the mixing of relative (+/-) and absolute Options where insensible.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1053375 13f79535-47bb-0310-9956-ffa450edef68

670c6408

Correct typo in CHANGES, as per tid50321 · dc3820d0

Richard Bowen authored Dec 28, 2010


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1053358 13f79535-47bb-0310-9956-ffa450edef68

dc3820d0

When exporting request headers to HTTP_* environment variables, drop variables · c291b461

Stefan Fritsch authored Dec 28, 2010

whose names contain invalid characters. Describe in the docs how to restore the
old behaviour.

Submitted by: Malte S. Stretz <mss apache org>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1053353 13f79535-47bb-0310-9956-ffa450edef68

c291b461

prefer exact port matches in ip-based VH lookup over wildcards. · 2c1daa5e
Eric Covener authored Dec 28, 2010
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1053309 13f79535-47bb-0310-9956-ffa450edef68
```
2c1daa5e

Remove need for NameVirtualHost directive by implicitly configuring any duplicated · 5adade03

Eric Covener authored Dec 28, 2010

VH addresses as name-based virtual hosts. This also combines _default_ and *
into a single type of wildcard since these presented a false dichotomy between
address specs.

These are post-config only changes and do not change the runtime lookups.

The biggest loss here is that an unintended duplication of virtual host addresses
can no longer be reported as directly in the past, but should still be debuggabl
via apachectl -S (unintended NVH). These problems are a drop in the bucket compared
to the difficulty users have with using NameVirtualHost.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1053230 13f79535-47bb-0310-9956-ffa450edef68

5adade03

Dec 24, 2010

Changing the default Options from All to FollowSymlinks. · 7b2d10a5

Igor Galić authored Dec 24, 2010


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1052419 13f79535-47bb-0310-9956-ffa450edef68

7b2d10a5

Dec 21, 2010

rotatelogs: Add -e option to write logs through to stdout for optional · d84444c3

Graham Leggett authored Dec 21, 2010

further processing.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1051582 13f79535-47bb-0310-9956-ffa450edef68

d84444c3

* Do not drop contents of incomplete lines, but safe them for the next · a96a8339

Ruediger Pluem authored Dec 21, 2010

  round of reading.

PR: 50481


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1051468 13f79535-47bb-0310-9956-ffa450edef68

a96a8339

Dec 18, 2010

Add new AuthzSendForbiddenOnFailure directive to allow sending '403 FORBIDDEN' · b0afc479

Stefan Fritsch authored Dec 18, 2010

instead of '401 UNAUTHORIZED' if authorization fails for an authenticated user

PR: 40721

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1050677 13f79535-47bb-0310-9956-ffa450edef68

b0afc479

Dec 13, 2010

And roll on 2.3.11... · dc015d90

Jim Jagielski authored Dec 13, 2010


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1045185 13f79535-47bb-0310-9956-ffa450edef68

dc015d90

Dec 11, 2010

PR 50447: mod_rewrite escapes the original [escaped] query string even when · 078b91a4

Eric Covener authored Dec 11, 2010

you haven't modified it.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1044673 13f79535-47bb-0310-9956-ffa450edef68

078b91a4

Dec 07, 2010

PR50349: Honor 'AcceptPathInfo OFF' during internal redirects, · 71d0567b

Eric Covener authored Dec 07, 2010

such as per-directory mod_rewrite substitutions. This would be left floating
around in the request_rec with a pcalloc'ed value, so the core fixup
hook thought some module had overridden it.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1043023 13f79535-47bb-0310-9956-ffa450edef68

71d0567b

Dec 04, 2010

PR 39313: allow the user to configure which rules come first when RewriteRules · 9b749a4b

Eric Covener authored Dec 04, 2010

are merged with RewriteOptions Inherit.

Submitted By: Jérôme Grandjanny <jerome.grandjanny cea.fr> 
Reviewed By: covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1042255 13f79535-47bb-0310-9956-ffa450edef68

9b749a4b

PR#24243: allow some control over how IndexIgnore'd files are merged. · dc752339
Eric Covener authored Dec 04, 2010
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1042209 13f79535-47bb-0310-9956-ffa450edef68
```
dc752339

Add support for RLimit* in mod_cgid. PR 42135. · ecf87adb

Eric Covener authored Dec 04, 2010



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1042194 13f79535-47bb-0310-9956-ffa450edef68

ecf87adb

core: Fail startup when the argument to ServerName looks like a glob · cec340b9

Eric Covener authored Dec 04, 2010

or a regular expression instead of a hostname (*?[]).  PR 39863 

Submitted By: Rahul Nair <rahul.g.nair gmail.com>
Reviewed By: covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1042098 13f79535-47bb-0310-9956-ffa450edef68

cec340b9

re-fix wording · 769f29d2

Eric Covener authored Dec 04, 2010


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1042096 13f79535-47bb-0310-9956-ffa450edef68

769f29d2

clarify about "enable/disable". · f674b24d

Eric Covener authored Dec 04, 2010



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1042095 13f79535-47bb-0310-9956-ffa450edef68

f674b24d

PR44076: allow "userdir disabled" or "userdir public_html" in global scope to · d6f3bfbb

Eric Covener authored Dec 04, 2010

be merged with lists of enabled users in virtual host context as one would
expect.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1042090 13f79535-47bb-0310-9956-ffa450edef68

d6f3bfbb

Nov 29, 2010

PR50350: When no -k option is provided on the httpd command line, the server · 54cf61d6

Eric Covener authored Nov 29, 2010

was starting without checking for an existing pidfile.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1039989 13f79535-47bb-0310-9956-ffa450edef68

54cf61d6

Nov 26, 2010

* Put a note in the connection notes that the SSL handshake to the backend · 748aa1f0

Ruediger Pluem authored Nov 26, 2010

  failed such that mod_proxy can put the worker in error state.

PR: 50332
Submitted by: Daniel Ruggeri <DRuggeri primary.net>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1039304 13f79535-47bb-0310-9956-ffa450edef68

748aa1f0

Fix Windows build of mod_cache_disk which was broken after · 238f8d14

Rainer Jung authored Nov 26, 2010

renaming the module.

Submitted by: Gregg L. Smith <lists glsnet net>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1039295 13f79535-47bb-0310-9956-ffa450edef68

238f8d14

Nov 23, 2010

· 5c69bc09

Jim Jagielski authored Nov 23, 2010

Roll on .10


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1038144 13f79535-47bb-0310-9956-ffa450edef68

5c69bc09

Nov 20, 2010

mod_include: Add the onerror attribute to the include element, allowing · 172fad6f

Graham Leggett authored Nov 20, 2010

an URL to be specified to include on error.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1037335 13f79535-47bb-0310-9956-ffa450edef68

172fad6f

mod_disk_cache renamed to mod_cache_disk, to be consistent with the · 29df3741

Graham Leggett authored Nov 20, 2010

naming of other modules.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1037229 13f79535-47bb-0310-9956-ffa450edef68

29df3741

Add SetEnvIfExpr directive to set env var depending on expression. · 97422d56
Stefan Fritsch authored Nov 20, 2010
```
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1037137 13f79535-47bb-0310-9956-ffa450edef68
```
97422d56