summaryrefslogtreecommitdiffstats
path: root/CHANGES (follow)
Commit message (Collapse)AuthorAgeFilesLines
* * Correctly merge configurations that have client certificates setRuediger Pluem2018-10-161-0/+3
| | | | | | | | | | | by SSLProxyMachineCertificate{File|Path}. The certificates and keys loaded during configuration time got lost during runtime if e.g. SSLProxyMachineCertificate{File|Path} was set on virtual host level and there was an SSL directive at directory level, e.g. SSLRequire. This fixes a regression likely introduced in r1740928. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1844002 13f79535-47bb-0310-9956-ffa450edef68
* * Ensure that aborted connections are logged as such.Ruediger Pluem2018-10-151-0/+3
| | | | | | | | | | | | | Set c->aborted before apr_brigade_cleanup to have the correct status when logging the request as apr_brigade_cleanup triggers the logging of the request if it contains an EOR bucket. PR: 62823 Submitted by: Arnaud Grandville <contact@grandville.net> Reviewed by:rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843939 13f79535-47bb-0310-9956-ffa450edef68
* mpm_event: avoid AH00484 with idle threadsEric Covener2018-10-101-0/+5
| | | | | | | | | | | mpm_event: Stop issuing AH00484 "server reached MaxRequestWorkers..." when there are still idle threads available. When there are less idle threads than MinSpareThreads, issue new one-time message AH10159. Matches worker MPM. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843513 13f79535-47bb-0310-9956-ffa450edef68
* mod_http2: adding defensive code for stream EOS handling, in case the ↵Stefan Eissing2018-10-101-0/+5
| | | | | | | | | | | | request handler missed to signal it the normal way (eos buckets). Addresses github issues https://github.com/icing/mod_h2/issues/164, https://github.com/icing/mod_h2/issues/167 and https://github.com/icing/mod_h2/issues/170. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843426 13f79535-47bb-0310-9956-ffa450edef68
* Add CHANGES entryChristophe Jaillet2018-10-091-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843290 13f79535-47bb-0310-9956-ffa450edef68
* mod_session_cookie: avoid adding the Set-Cookie headerLuca Toscano2018-10-091-0/+3
| | | | | | | | | | | | | | | | | | | | in both r->headers_out and r->err_headers_out to avoid duplication. In session_cookie_save it seems that ap_cookie_write is called with r->headers_out and r->err_headers_out, ending up in the same Set-Cookie header on both tables and eventually duplicated in the HTTP response. I took Emmanuel's patch and trimmed out the bits that remove the header only from r->err_headers_out (leaving it to do the work on both tables) as attempt to change this bit of code in the most conservative way as possible. Sending a commit for a broader review. PR: 60910,56098,55278 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843244 13f79535-47bb-0310-9956-ffa450edef68
* Add changes, docs for DefaultStateDir and DavLockDB default change.Joe Orton2018-10-051-0/+6
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842938 13f79535-47bb-0310-9956-ffa450edef68
* * Pickup the proxy related configuration for verify mode and verify depth andRuediger Pluem2018-10-011-1/+5
| | | | | | | | | | not the configuration settings for frontend connections in case of connections by the proxy to the backend. PR: 62769 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842540 13f79535-47bb-0310-9956-ffa450edef68
* ab: Add client certificate support.Graham Leggett2018-09-231-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1841784 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_hcheck: Fix issues with TCP health checks. PR 61499Jim Jagielski2018-09-111-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840582 13f79535-47bb-0310-9956-ffa450edef68
* cleanup after backportStefan Eissing2018-09-111-4/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840575 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-09-041-0/+4
| | | | | | | | | | mod_http2: connection IO event handling reworked. Instead of reacting on incoming bytes, the state machine now acts on incoming frames that are affecting it. This reduces state transitions. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840010 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1835845 and r1839571: CHANGES entry.Yann Ylavic2018-08-291-0/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1839583 13f79535-47bb-0310-9956-ffa450edef68
* Add StrictHostCheck Eric Covener2018-08-141-0/+3
| | | | | | | | | | | .. to allow ucnonfigured hostnames to be rejected. The checks happen during NVH mapping and checks that the mapped VH itself has the host as a name or alias. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1838055 13f79535-47bb-0310-9956-ffa450edef68
* Remove backported items from trunk/CHANGESChristophe Jaillet2018-08-101-33/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837804 13f79535-47bb-0310-9956-ffa450edef68
* mod_status: Cumulate CPU time of exited childRainer Jung2018-08-071-0/+5
| | | | | | | | | processes in the "cu" and "cs" values. Add CPU time of the parent process to the "c" and "s" values. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837595 13f79535-47bb-0310-9956-ffa450edef68
* mod_status: Add cumulated response duration timeRainer Jung2018-08-071-0/+3
| | | | | | | in milliseconds. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837590 13f79535-47bb-0310-9956-ffa450edef68
* mod_status: Complete the data shown for asyncRainer Jung2018-08-071-0/+4
| | | | | | | | | MPMs in "auto" mode. Added number of processes, number of stopping processes and number of busy and idle workers. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837589 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy: Improve the balancer member data shownRainer Jung2018-08-071-0/+4
| | | | | | | | | in mod_status when "ProxyStatus" is "On": add "busy" count and show byte counts in auto mode always in units of kilobytes. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837588 13f79535-47bb-0310-9956-ffa450edef68
* update after backportStefan Eissing2018-08-031-3/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837359 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-08-031-0/+3
| | | | | | | | mod_md: When the last domain name from an MD is moved to another one, that now empty MD gets moved to the store archive. PR 62572. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837357 13f79535-47bb-0310-9956-ffa450edef68
* If ProxyPassReverse is used for reverse mapping of relative redirects, ↵Christophe Jaillet2018-08-011-0/+4
| | | | | | | | subsequent ProxyPassReverse statements, whether they are relative or absolute, may fail. PR 60408 [Peter Haworth <pmh1wheel gmail.com>] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837250 13f79535-47bb-0310-9956-ffa450edef68
* Fix PR54848 in a 2.4.x backportable format. Ideally deprecating the useJim Jagielski2018-08-011-1/+3
| | | | | | | | of ->client in whatever version of 2.4 this is added into would be more logical. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837225 13f79535-47bb-0310-9956-ffa450edef68
* mod_ratelimit: Don't interfere with "chunked" encoding.Yann Ylavic2018-07-311-0/+3
| | | | | | | | | | | | | | | | | | | By the time ap_http_header_filter() sends the header brigade and adds the "CHUNK" filter, we need to garantee that the header went through all the filters' stack, and more specifically above ap_http_chunk_filter() which assumes that all it receives is content data. Since rate_limit_filter() may retain the header brigade, make it run after ap_http_chunk_filter(), just before AP_FTYPE_CONNECTION filters. Also, ap_http_header_filter() shouldn't eat the EOS for HEAD/no-body responses. For instance mod_ratelimit depends on it since r1835168, but any next request filter may as well to flush and/or bail out approprietely. This fixes the regression introduced in 2.4.34 (r1835168). PR 62568. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837130 13f79535-47bb-0310-9956-ffa450edef68
* Backported in 2.4.34.Yann Ylavic2018-07-301-3/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837058 13f79535-47bb-0310-9956-ffa450edef68
* http: Enforce consistently no response body with both 204 and 304 statuses.Yann Ylavic2018-07-301-0/+3
| | | | | | | | | | Provide AP_STATUS_IS_HEADER_ONLY() helper/macro to check for 204 or 304 and use it where some special treatment is needed when no body is expected. Some of those places handled 204 only. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837056 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_http: forward 100-continue.Yann Ylavic2018-07-241-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Handle end-to-end 100-continue, according to RFC 7231, such that the client request body is not read/forwarded (according to its "Expect:" header) until the backend wants to receive it (with interim 100 continue response), or never forwarded if the backend provides a (non-interim) response and doesn't need the client body at all. This is achieved by filling the header_brigade in ap_proxy_http_prefetch() and letting ap_proxy_http_request() determine whether it should forward that brigade only (with the "Expect: 100-continue" specified by the client or added according to "ping=" configuration), or forward the whole body for the usual case (as before). When 100-continue expectation is in place, the body is actually forwarded by ap_proxy_http_process_response() when/if a "100 continue" response is sent by the backend, otherwise the body is discarded; a future enhancement could make so that in a balancer configuration, the body could be forwarded to another balancer member depending on the status/error from the backend. So stream_reqbody_cl() and stream_reqbody_chunked() functions are adapted to be called by either ap_proxy_http_request() or ap_proxy_http_process_response(), while spool_reqbody_cl() still spools the body in ap_proxy_http_prefetch() thus before the backend is connected/reused to avoid inactivity on the connection for the prefetch time (the prefetched body is also forwarded according to the 100-continue expectation, though). Also, since the brigades and other runtime objects now need to be shared by the ap_proxy_http_*() functions chain, a proxy_http_req_t struct/context is created from the start and passed to them as (the single) argument. This is also a good candidate for a future async baton, if we wanted to let the MPM event wait for connection data for us at any stage and be called back ;) Finally, ap_send_interim_response() is modified to correcly handle 100 continue responses once, and take care of clearing r->expecting_100 only for them. PR 60330. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1836588 13f79535-47bb-0310-9956-ffa450edef68
* * Credits to Bill for the analysis and the pointer to the solution.Ruediger Pluem2018-07-201-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1836384 13f79535-47bb-0310-9956-ffa450edef68
* * mod_proxy: Remove load order and link dependency between mod_lbmethod_*Ruediger Pluem2018-07-201-0/+3
| | | | | | | | | | modules and mod_proxy by providing mod_proxy's ap_proxy_balancer_get_best_worker as an optional function. PR: 62557 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1836381 13f79535-47bb-0310-9956-ffa450edef68
* backportedEric Covener2018-07-021-3/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834897 13f79535-47bb-0310-9956-ffa450edef68
* mod_md: more robust handling of http-01 challenges and hands-off when moduleStefan Eissing2018-06-291-0/+3
| | | | | | | should not be involved, e.g. challenge setup by another ACME client. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834667 13f79535-47bb-0310-9956-ffa450edef68
* Re-allow '_' (underscore) in hostnames.Eric Covener2018-06-251-0/+4
| | | | | | | | | '_' was not permitted in hostnames since 2.4.25's "HTTP Strict" changes. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834318 13f79535-47bb-0310-9956-ffa450edef68
* Add a CHANGES entryChristophe Jaillet2018-06-241-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834254 13f79535-47bb-0310-9956-ffa450edef68
* If several parameters are used in a AuthzProviderAlias directive, if these ↵Christophe Jaillet2018-06-231-0/+5
| | | | | | | | | parameters are not enclosed in quotation mark, only the first one is handled. The other ones are silently ignored. Add a message to warn about such a spurious configuration. PR 62469 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834209 13f79535-47bb-0310-9956-ffa450edef68
* Axe some CHANGES entries backported to 2.4.x.Yann Ylavic2018-06-221-14/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834107 13f79535-47bb-0310-9956-ffa450edef68
* Nore userland/PR changeJim Jagielski2018-06-211-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834013 13f79535-47bb-0310-9956-ffa450edef68
* mod_ratelimit: fix behavior with proxied contentLuca Toscano2018-06-201-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mod_ratelimit works by splitting data in "chunks" to send to the client, sleeping a predefined amount of time between them (200ms). So for example, a rate-limit 40 value would correspond to a chunk size of 8192 bytes, flushed to the client every 200ms. The idea works fine when httpd directly serves the content, since the filter will be called once with a single bucket brigade. In the context of a proxied content though the filter is likely to be called multiple times, with a bucket brigade size that corresponds to the maximum allowed buffer size. If this value is lower or higher than the chunk size, the filter will not properly rate limit the data going to the client. This patch solves the problem with two fix: 1) do_sleep is now stored in the ctx context struct, so if the filter is invoked multiple times it will still sleep when needed. For example, say that the chunk_size is 8192 and the bucket brigate len is 10240: the filter will flush 8192 bytes on the first invocation, sleep 200ms, flush the remaining bytes and then finish. The next invocation will do the same, clearly not leading to the correct "sleeping pattern". 2) The example above highlights also another issue: mod_ratelimit should flush only chunk_size bytes at the time (I am now excluding the burst calculation from the picture), and buffer between invocations unless the brigade contains EOS. The change has been tested with various scenarios and it looks working as expected, but of course more feedback/testing is welcome. The original patch was written by me and then Yann refactored the code to be more precise and efficient, basically transforming an axe in a wonderful Japanese katana sword, so credits to him for this work. PR: 62362 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833875 13f79535-47bb-0310-9956-ffa450edef68
* * modules/http/http_request.c (ap_process_request_after_handler,Joe Orton2018-06-061-0/+3
| | | | | | | | | | | ap_process_request): Cache and retrieve the brigade structure used to send EOR and FLUSH between requests in c->pool userdata, to avoid allocating a brigade structure per-request out of c->pool. Submitted by: rpluem, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833014 13f79535-47bb-0310-9956-ffa450edef68
* These are in 2.4.xJim Jagielski2018-05-311-16/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832613 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1832580: correct CHANGES entry.Yann Ylavic2018-05-311-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832581 13f79535-47bb-0310-9956-ffa450edef68
* mod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30.Yann Ylavic2018-05-311-0/+3
| | | | | | | | | | Overwriting server config in pre_config hook breaks EXEC_ON_READ directives, it's automatically created on purpose anyway. PR 62220. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832580 13f79535-47bb-0310-9956-ffa450edef68
* Axe backported entries.Yann Ylavic2018-05-291-28/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832497 13f79535-47bb-0310-9956-ffa450edef68
* If several directories are given in a UserDir directive, only files in the ↵Christophe Jaillet2018-05-261-0/+7
| | | | | | | | | | first existing one are checked. If the file is not found there, the other possible directories are not checked. The doc clearly states that they will be checked one by one, until a match is found or an external redirect is performed. PR 59636. While at it, add some debug messages to better understand what is performed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832306 13f79535-47bb-0310-9956-ffa450edef68
* In 'ap_proxy_cookie_reverse_map', iterate over each token of the ↵Christophe Jaillet2018-05-261-0/+5
| | | | | | | | | | | | | 'Set-Cookie' header field in order to avoid updating the wrong one. This could happen if the header field has something like 'fakepath=foo;path=bar". In this case fakepath would be updated instead of path. We don't need regex anymore in order to parse the field values and 'ap_proxy_strmatch_domain' and 'ap_proxy_strmatch_path' are now useless. (and should be axed IMHO) PR 61560 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832280 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1831869: update CHANGES entry.Yann Ylavic2018-05-181-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831872 13f79535-47bb-0310-9956-ffa450edef68
* mod_slotmem_shm: use a generation number for SHM filename on all platforms.Yann Ylavic2018-05-181-0/+3
| | | | | | | | | | | | Successive generations can't share the same SHMs because restarts may modify them under the terminating children, while SHMs are not extensible when all slots are in use. This effectively restores r1822341 which was reverted by r1822505. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831869 13f79535-47bb-0310-9956-ffa450edef68
* Restore mod_slotmem_shm from 2.4.29.Yann Ylavic2018-05-181-5/+0
| | | | | | | | | | | | | | | | | | | | Will restart from there to really fix PR 62308 (and PR 62044 still). This effectively reverts: - r1831394, - r1830800, - r1826970, - r1826845, - r1823572, - r1823416, - r1823415, - r1823412, - r1822511, - r1822509. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831868 13f79535-47bb-0310-9956-ffa450edef68
* PR62311: only create the rewritelock when neededEric Covener2018-05-171-0/+4
| | | | | | | | | | Submitted By: Hank Ibell <hwibell gmail.com> Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831773 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: Add support for loading TLS certificates through the PKCS#11Joe Orton2018-05-081-2/+3
| | | | | | | | | | | | | | | | | | | | | | | engine. * modules/ssl/ssl_util.c (modssl_is_engine_id): Renamed from modssl_is_engine_key. * modules/ssl/ssl_engine_config.c (ssl_cmd_SSLCertificateKeyFile): Adjust accordingly. (ssl_cmd_SSLCertificateFile): Also allow ENGINE cert ids. * modules/ssl/ssl_engine_pphrase.c (modssl_load_engine_keypair): Rename from modssl_load_engine_key; load certificate if cert id is passed. * modules/ssl/ssl_engine_init.c (ssl_init_server_certs): Optionally load the certificate from the engine as well. * docs/manual/: Update manual. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831168 13f79535-47bb-0310-9956-ffa450edef68
* mod_ldap: log and abort locking errors.Eric Covener2018-05-081-0/+2
| | | | | | | | | | | | related to PR60296 investigation RMM corruption is really nasty, so abort on locking failures. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831165 13f79535-47bb-0310-9956-ffa450edef68
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 01:42:36 +0100