- Jun 19, 2018
-
-
Luca Toscano authored
mod_ratelimit works by splitting data in "chunks" to send to the client, sleeping a predefined amount of time between them (200ms). So for example, a rate-limit 40 value would correspond to a chunk size of 8192 bytes, flushed to the client every 200ms. The idea works fine when httpd directly serves the content, since the filter will be called once with a single bucket brigade. In the context of a proxied content though the filter is likely to be called multiple times, with a bucket brigade size that corresponds to the maximum allowed buffer size. If this value is lower or higher than the chunk size, the filter will not properly rate limit the data going to the client. This patch solves the problem with two fix: 1) do_sleep is now stored in the ctx context struct, so if the filter is invoked multiple times it will still sleep when needed. For example, say that the chunk_size is 8192 and the bucket brigate len is 10240: the filter will flush 8192 bytes on the first invocation, sleep 200ms, flush the remaining bytes and then finish. The next invocation will do the same, clearly not leading to the correct "sleeping pattern". 2) The example above highlights also another issue: mod_ratelimit should flush only chunk_size bytes at the time (I am now excluding the burst calculation from the picture), and buffer between invocations unless the brigade contains EOS. The change has been tested with various scenarios and it looks working as expected, but of course more feedback/testing is welcome. The original patch was written by me and then Yann refactored the code to be more precise and efficient, basically transforming an axe in a wonderful Japanese katana sword, so credits to him for this work. PR: 62362 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833875 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
Not strictly necessary for trunk, but in 2.4.x if the main ErrorLog is using syslog, these messages are lost. In trunk, the low-level logging routines reach up and find the syslog provider when no server_rec is provided but that backport is stalled. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833827 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 15, 2018
-
-
Yann Ylavic authored
LibreSSL seems to be openssl-1.1 API compatible only in version 2.8 (master). So use that for MODSSL_USE_OPENSSL_PRE_1_1_API instead of 2.7, the two 2.7 compatibility-exceptions are handled explicitely but overall it's simpler. Regarding CRYPTO_malloc_init vs OPENSSL_malloc_init, libreSSL uses none, the former used to be a no-op but depends is LIBRESSL_INTERNAL in latest versions, while the latter has never been (and will never be) defined. So don't call any with LibreSSL. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833598 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
More meaningful than SSL_OP_NO_TLSv1_3, hopefully... git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833589 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
This is already forbidden by the protocol, enforced by OpenSSL, and the current logic can't work (ssl_callback_Info() may be called multiple times with TLS 1.3). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833588 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 13, 2018
-
-
Yann Ylavic authored
Both libapr[-util], mod_ssl, mod_crypto and mod_session_crypto can use the same crypto library (e.g. openssl), use the new APR crypto loading API so that they can work together and initialize/terminate the lib approprietly, either once for all or on demand and reusable by the others. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833452 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 12, 2018
-
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833416 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
apr_pcalloc can be turned into apr_palloc (the allocated memory is fully initialized by the subsequent memcpy/strcpy) and '(int)strlen(p)' can be replaced by 'plen - 1' to save some cycles. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833415 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833400 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833383 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 11, 2018
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833368 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 09, 2018
-
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833242 13f79535-47bb-0310-9956-ffa450edef68
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833241 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 07, 2018
-
-
Joe Orton authored
check-no rule. Only regenerate the test suite on repeated "make check" run if a header file has changed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833122 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 06, 2018
-
-
Yann Ylavic authored
This function, along with ap_make_etag(), is used by the default_handler in core.c, and in several modules other than builtin mod_http, breaking static linking and httpdunit tests build. The move is done by "svn move modules/http/http_etag.c server/util_etag.c". MMN major bumped, not backportable (as is) to 2.4.x. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833083 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
ap_process_request): Cache and retrieve the brigade structure used to send EOR and FLUSH between requests in c->pool userdata, to avoid allocating a brigade structure per-request out of c->pool. Submitted by: rpluem, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833014 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833013 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
* eliminated SSLPolicyRec as name no longer used * eliminated some left over parameters in internal functions due to policy def removal * reverted a NULL test, necessary before git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832994 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
Remove unused bucket allocator created off pconf. Tag the subpool. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832991 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 05, 2018
-
-
Joe Orton authored
for debugging unless debug-level logging is enabled. No functional change. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832951 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
* mod_proxy_http2: ressurrecting some of the good parts of r1831231 and using memcpy instead of strncpy to make intentions more clear git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832937 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
* MDNotifyCmd can now specify arguments to the command git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832935 13f79535-47bb-0310-9956-ffa450edef68
-
Stefan Eissing authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832934 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 04, 2018
-
-
Gregg Lewis Smith authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832880 13f79535-47bb-0310-9956-ffa450edef68
-
Gregg Lewis Smith authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832879 13f79535-47bb-0310-9956-ffa450edef68
-
- May 31, 2018
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832613 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832581 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
Overwriting server config in pre_config hook breaks EXEC_ON_READ directives, it's automatically created on purpose anyway. PR 62220. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832580 13f79535-47bb-0310-9956-ffa450edef68
-
- May 29, 2018
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832500 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832497 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832479 13f79535-47bb-0310-9956-ffa450edef68
-
- May 28, 2018
-
-
Graham Leggett authored
delays on systemd. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832383 13f79535-47bb-0310-9956-ffa450edef68
-
- May 27, 2018
-
-
Christophe Jaillet authored
So add it here too. Probably spotted with the help of the Coccinelle software (Thx Julia for the patch and for Coccinelle) See PR 53016 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832351 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
So add it here too. Probably spotted with the help of the Coccinelle software (Thx Julia for the patch and for Coccinelle) See PR 53015 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832348 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
The SSLRandomSeed builtin, uses 128 bytes of stack, not 1kb of scoreboard data. See PR 54752 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832346 13f79535-47bb-0310-9956-ffa450edef68
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832333 13f79535-47bb-0310-9956-ffa450edef68
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832332 13f79535-47bb-0310-9956-ffa450edef68
-
- May 26, 2018
-
-
Christophe Jaillet authored
This can not be a runtime ixsue, because, in such a case, we would assert and abort before. PR 59819. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832317 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
If several directories are given in a UserDir directive, only files in the first existing one are checked. If the file is not found there, the other possible directories are not checked. The doc clearly states that they will be checked one by one, until a match is found or an external redirect is performed. PR 59636. While at it, add some debug messages to better understand what is performed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832306 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
mod_proxy_hcheck: add some hyperlinks, improve syntax highlight, add some missing trailing dot, be more consistent with other modules in the way 'Syntax' lines are displayed git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832294 13f79535-47bb-0310-9956-ffa450edef68
-