git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204357 13f79535-47bb-0310-9956-ffa450edef68

PR51471: IndexIgnore doesn't work in DirectoryMatch.




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204342 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204320 13f79535-47bb-0310-9956-ffa450edef68

PR39923: Allow AddDescription to work with absolute filesystem paths,
by not adding "*/" to their prefix (intended for relative paths)




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204309 13f79535-47bb-0310-9956-ffa450edef68

mod_cache_disk: Remove the unnecessary intermediate brigade while
writing to disk. Fixes a problem where mod_disk_cache was leaving 
buckets in the intermediate brigade and not passing them to out on 
exit.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1204102 13f79535-47bb-0310-9956-ffa450edef68

Change the SSLCipherSuite default to a shorter, whitelist
oriented definition, and add an example for a speed-optimized
configuration (commented out by default).

In the SSL How-To, streamline the SSLCipherSuite examples where
applicable (explicitly banning EXP and NULL is not needed when
only HIGH is specified).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1203753 13f79535-47bb-0310-9956-ffa450edef68

drop SSLv2 support (set SSL_OP_NO_SSLv2 for any new SSL_CTX)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1203495 13f79535-47bb-0310-9956-ffa450edef68

add per-dir config merging to mod_lua so LuaHook* in multiple per-dir sections
behaves as expected instead of discarding previous sections.


Reviewed by: covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201445 13f79535-47bb-0310-9956-ffa450edef68

Server directive display (-L): Include directives of DSOs.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201358 13f79535-47bb-0310-9956-ffa450edef68

mod_cache: Make sure we merge headers correctly when we handle a
non cacheable conditional response. PR52120.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201332 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201216 13f79535-47bb-0310-9956-ffa450edef68

Part 3: Remote MPM simple.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201214 13f79535-47bb-0310-9956-ffa450edef68

Part 2: Remove mod_serf.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201210 13f79535-47bb-0310-9956-ffa450edef68

Part 1: mod_noloris was superseded by mod_reqtimeout.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201164 13f79535-47bb-0310-9956-ffa450edef68

Set MaxMemFree 2048 by default


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201161 13f79535-47bb-0310-9956-ffa450edef68

Fix assertion failure during very high load by preventing race condition
between appending to the timeout queues and adding to the pollset. We don't
add additional locking calls but only extend the present calls to include the
apr_pollset_add. Therefore this hopefully should not cause too much performance
regression.

Add some comments 

Replace two AP_DEBUG_ASSERTS with better error handling


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201149 13f79535-47bb-0310-9956-ffa450edef68

1) Promoted from "most" to "yes/few"

- mod_headers

2) Demoted from "yes/few" to "most"

- mod_actions
- mod_allowmethods
- mod_auth_form
- mod_buffer
- mod_cgi(d)
- mod_include
- mod_negotiation
- mod_ratelimit
- mod_request
- mod_userdir

Remember: default module set is "most",
but only the LoadModule lines of all
modules except "yes/few" are commented out by default.

The following modules will now be loaded by default:

- mod_access_compat
- mod_alias
- mod_auth_basic
- mod_authn_core
- mod_authn_file
- mod_authz_core
- mod_authz_groupfile
- mod_authz_host
- mod_authz_user
- mod_autoindex
- mod_dir
- mod_env
- mod_filter
- mod_headers
- mod_log_config
- mod_mime
- mod_mpm_event
- mod_reqtimeout
- mod_setenvif
- mod_status
- mod_unixd
- mod_version

Backport of r1201111 from trunk.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201118 13f79535-47bb-0310-9956-ffa450edef68

Backport of r1201042 from trunk.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201046 13f79535-47bb-0310-9956-ffa450edef68

Merge r1200475, r1200478, r1200482, r1200491, r1200513, r1200550, r1200580, r1200605, r1200612, r1200614, r1200639, r1200646, r1200656, r1200667, r1200679, r1200699, r1200957, r1200961, r1200963 from trunk:

fix issue with incorrect munging of the lua package path -- LuaPackagePath directives were not working

Default to not allowing htaccess in /, instead of just the documentroot, which gets a nice 10% performance boost by default for me.

* modules/ssl/ssl_private.h, modules/ssl/ssl_engine_kernel.c
  (ssl_callback_tlsext_tickets): Use unsigned char * to fix gcc
  -Wpointer-sign warnings.


Only load the really imporant modules (i.e. those enabled by the 'few'
selection) by default. Don't handle modules enabled with --enable-foo
specially.

This fixes problems with module dependencies until someone implements a
mechanism for resolving module dependencies.


remove last traces of the code cache

* modules/proxy/mod_proxy_html.c (comp_urlmap): Fix const-ness warning.


* modules/lua/mod_lua.c (ap_lua_ssl_is_https): New function.
  (lua_post_config): Pick up ssl_is_https optional function.

* modules/lua/lua_request.c (req_ssl_is_https_field): New function.
  (ap_lua_load_request): Map is_https field to above.


remove some debug logging which snuck in

remove ability to set min and max pool sizes for server scope in prep for removing server scope

remove lingering reslist references before killing server scope

replace server scope with thread scope

use a sub-pool for scope_once

Fix installation of conf/extra/proxy-html.conf.

Otherwise httpd does no longer start, because
it is the only extra file required in the main
config at the moment.


Rebuild xdoc transform


Clarify docs for LimitRequestLine, as per bug #51665.


Rebuild doc transforms.

Submitted by: brianm, pquerna, jorton, sf, brianm, jorton, jorton, sf, pquerna, brianm, brianm, brianm, brianm, brianm, jorton, rjung, rbowen, rbowen, rbowen
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1200981 13f79535-47bb-0310-9956-ffa450edef68

temporary intervals with no active MPM children.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1200449 13f79535-47bb-0310-9956-ffa450edef68

* SSLTicketKeyFile: To store the private information for the encryption of the ticket.
* SSLTicketKeyDefault To set the default, otherwise the first listed token is used.  This enables key rotation across servers.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1200040 13f79535-47bb-0310-9956-ffa450edef68

advantage that we don't leak internal IP addresses in reverse proxy setups.
Also, use hex to make the cookie shorter.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199987 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199519 13f79535-47bb-0310-9956-ffa450edef68

when using --enable-load-all-modules with configure.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199467 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199447 13f79535-47bb-0310-9956-ffa450edef68

etag generation in mod_dav_fs to the new default.

PR 49623.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199086 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199056 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199031 13f79535-47bb-0310-9956-ffa450edef68

or explicitly selected by a configure --enable-foo argument. The
LoadModule statements for modules enabled by --enable-mods-shared=most
and friends will be commented out.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199027 13f79535-47bb-0310-9956-ffa450edef68

with mod_setenvif via a malicious .htaccess

CVE-2011-3607
http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1198940 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1198904 13f79535-47bb-0310-9956-ffa450edef68

Directory/Filename/htaccess



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1197853 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1197782 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1197413 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1197405 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1194997 13f79535-47bb-0310-9956-ffa450edef68

and decoding.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1194870 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1189553 13f79535-47bb-0310-9956-ffa450edef68

Submitted by: Jan Kaluža <jkaluza redhat.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1189220 13f79535-47bb-0310-9956-ffa450edef68

better error reporting. Modify ap_varbuf_regsub() to be similar to
ap_pregsub_ex().


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1188950 13f79535-47bb-0310-9956-ffa450edef68