summaryrefslogtreecommitdiffstats
path: root/changes-entries (follow)
Commit message (Collapse)AuthorAgeFilesLines
* *) mod_http2: new directive 'H2MaxDataFrameLen n' to limit the maximumStefan Eissing2023-02-161-0/+7
| | | | | | | | | | | | | amount of response body bytes put into a single HTTP/2 DATA frame. Setting this to 0 places no limit (but the max size allowed by the protocol is observed). The module, by default, tries to use the maximum size possible, which is somewhat around 16KB. This sets the maximum. When less response data is available, smaller frames will be sent. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1907697 13f79535-47bb-0310-9956-ffa450edef68
* LDAPConnectionPoolTTL should accept negative values in order to allowChristophe Jaillet2023-01-271-0/+4
| | | | | | | connections of any age to be reused. Up to now, a negative value was handled as an error when parsing the configuration file. PR 66421. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1907024 13f79535-47bb-0310-9956-ffa450edef68
* * Report an error if the AJP backend sends an invalid number of headersRuediger Pluem2023-01-231-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906940 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errorsStefan Eissing2023-01-181-0/+4
| | | | | | | | | reported in access logs and error documents. The processing of the reset was correct, only unneccesary reporting was caused. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906775 13f79535-47bb-0310-9956-ffa450edef68
* add -T flag to truncate rotated logs onlyEric Covener2023-01-071-0/+2
| | | | | | | | for strftime formats that will loop back on themselves, like day of month or weekday name. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906433 13f79535-47bb-0310-9956-ffa450edef68
* Use 'command -v' instead of 'which' which is more portable.Ruediger Pluem2023-01-041-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906387 13f79535-47bb-0310-9956-ffa450edef68
* * Add CHANGELOG for r1906379, r1906380Ruediger Pluem2023-01-041-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906382 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_proxy_http2: apply the standard httpd content type handlingStefan Eissing2022-12-171-0/+4
| | | | | | | | | to responses from the backend, as other proxy modules do. Fixes PR 66391. Thanks to Jérôme Billiras for providing the patch. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906051 13f79535-47bb-0310-9956-ffa450edef68
* Add a change entry for r1905229Christophe Jaillet2022-11-191-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1905404 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: field values (headers and trailers) are stripped ofStefan Eissing2022-10-221-4/+5
| | | | | | | | | | | | | leading/trailing whitespace (space +htab) before being processed or send in a response. This is compatible behaviour to HTTP/1.1 parsers that strip incoming headers of such characters. [Stefan Eissing] - removed intermittent "H2HeaderStrictness" directive again. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904777 13f79535-47bb-0310-9956-ffa450edef68
* mod_dav: Allow to disable lock discovery via an DAVLockDiscovery expression.Yann Ylavic2022-10-171-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | mod_dav-fs scales badly when a few clients run PROPFIND requests to discover directory content. Each PROPFIND involves lockdiscovery, which in turn waits for a locked access to the file containing the lock database. Performances quickly drop because of lock contention on this file. Add a DAVLockDiscovery configuration directive that allows lockdiscovery to be disabled. Its argument is an Apache expression so that flexible configuration are possible (per-request). When lock discovery is disabled, an empty lockdiscovery property is returned on POPRFIND methods, just like if no lock was set on the object. That should cause no regression, since a client cannot rely on lockdiscovery to decide when a file should be accessed, the LOCK methood must be used. If DAVLockDiscovery is not specified, the behavior is unchanged. PR 66313. Submitted by: Emmanuel Dreyfus <manu netbsd.org> Reviewed by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904638 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch whenYann Ylavic2022-10-111-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | some dollar substitution (backreference) happens in the hostname or port part of the URL. Address or connection reuse can't work when the autority part of the URL is dynamic (single origin server[:port] handled/assumed in the reslist). Detect such cases and unset worker->s->is_address_reusable to disable reuse regardless of enablereuse/disablereuse. * modules/proxy/proxy_util.c(ap_proxy_define_worker_ex): Lookup for $n substitution in the hostname[:port] when parsing the URL and if present, set worker->->is_address_reusable=0 / worker->s->disablereuse=1. * modules/proxy/proxy_util.c(ap_proxy_initialize_worker): Don't overwrite worker->s->is_address_reusable from enablereuse/disablereuse parameters, and set both consistently. * docs/manual/mod/mod_proxy.xml: Add ProxyPassMatch compatibility note about key=value parameters handled with $n substitutions since 2.4.47. Document the specificities of enablereuse/disablereuse w.r.t. $n subsitutions in the different part of the URL. Axe the note about unparsable URLs when the $n substitution happens in the port, this has been addressed in 2.4.47 too (and works now). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904513 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: new directive "H2HeaderStrictness" to control the complianceStefan Eissing2022-09-261-0/+4
| | | | | | | | | | | | | | | | level of header checks as defined in the HTTP/2 RFCs. Default is 7540. 9113 activates the checks for forbidden leading/trailing whitespace in field values (available from nghttp2 v1.50.0 on). - source sync with github version - fix for keepalive idle wait in mpm_worker setup - ensuring EOS when secondary connection has been handled - fixed race in late input EOS arrival when stream was already scheduled for execution. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904269 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_proxy_http2: use only the ':authority' header to forward 'Host'Stefan Eissing2022-09-201-0/+4
| | | | | | | | | information to a backend. Deduce ':authority' from what the client sent when 'ProxyPreserveHost' is on. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904164 13f79535-47bb-0310-9956-ffa450edef68
* mod_md v2.4.19 from github syncStefan Eissing2022-08-251-0/+8
| | | | | | | | | | | | | | | *) mod_md: a new directive `MDStoreLocks` can be used on cluster setups with a shared file system for `MDStoreDir` to order activation of renewed certificates when several cluster nodes are restarted at the same time. Store locks are not enabled by default. Restored curl_easy cleanup behaviour from v2.4.14 and refactored the use of curl_multi for OCSP requests to work with that. Fixes <https://github.com/icing/mod_md/issues/293>. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1903677 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_ssl: when a proxy connection had handled a request using SSL, anStefan Eissing2022-08-011-0/+5
| | | | | | | | | | error was logged when "SSLProxyEngine" was only configured in the location/proxy section and not the overall server. The connection continued to work, the error log was in error. Fixed PR66190. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1903167 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: fixed trailer handling. Empty response bodiesStefan Eissing2022-07-021-0/+5
| | | | | | | | | | prevented trailers from being sent to a client. See <https://github.com/icing/mod_h2/issues/233> for how this affected gRPC use. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1902409 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES [skip ci]Yann Ylavic2022-06-024-14/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901551 13f79535-47bb-0310-9956-ffa450edef68
* update of mod_md change description. [skip ci]Stefan Eissing2022-06-021-3/+5
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901546 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: SSLFIPS compatible with OpenSSL 3.0. PR 66063.Yann Ylavic2022-06-011-0/+2
| | | | | | | | | | | | | | | | * modules/ssl/ssl_private.h(): #define modssl_fips_is_enabled() and modssl_fips_enable() to wrap the native OpenSSL FIPS functions available on OPENSSL_VERSION_NUMBER. * modules/ssl/ssl_engine_init.c(ssl_init_Module, modssl_fips_cleanup): Use the new wrappers instead of the OPENSSL_VERSION_NUMBER < 3.0 functions. Submitted by: Petr Sumbera <petr.sumbera oracle.com>, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901470 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_http: Avoid 417 responses for non forwardable 100-continue. PR 65666.Yann Ylavic2022-05-301-0/+2
| | | | | | | | | | | | | | | Stop returning 417 when mod_proxy has to forward an HTTP/1.1 request with both "Expect: 100-continue" and "force-proxy-request-1.0" set, mod_proxy can instead handle the 100-continue by itself before forwarding the request, like in the "Proxy100Continue Off" case. Note that this does not change the behaviour of httpd receiving an HTTP/1.0 request with an Expect header, ap_check_request_header() will still correctly return 417 in this case. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901420 13f79535-47bb-0310-9956-ffa450edef68
* Merge of PR 318:Stefan Eissing2022-05-261-0/+4
| | | | | | | | | | | *) core: the conf/mime.types has been updated in conformance with RFC 9239: - .js moved from 'application/javascript' to 'text/javascript' - .mjs was added as 'text/javascript' [Mathias Bynens <@mathiasbynens> via PR 318] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901273 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: a logic bug in sending long OCSP HTTP request bodies was fixed.Stefan Eissing2022-05-251-0/+4
| | | | | | | | | This did not happen in normal use as request sizes for OSCP queries never exceed that length. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901230 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES entries [skip ci]Yann Ylavic2022-05-1821-86/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901034 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1899858: CHANGES entry.Yann Ylavic2022-05-171-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900991 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: the `MDCertificateAuthority` directive can take more than one ↵Stefan Eissing2022-05-131-0/+7
| | | | | | | | | | | | | | URL/name of an ACME CA. This gives a failover for renewals when several consecutive attempts to get a certificate failed. A new directive was added: `MDRetryDelay` sets the delay of retries. A new directive was added: `MDRetryFailover` sets the number of errored attempts before an alternate CA is selected for certificate renewals. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900852 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: fixed a bug leading to failed transfers for OCSPStefan Eissing2022-05-061-0/+3
| | | | | | | | | stapling information when more than 6 certificates needed updates in the same run. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900628 13f79535-47bb-0310-9956-ffa450edef68
* ab: Add the -W option to use worker threads.Yann Ylavic2022-04-281-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows for multiple CPUs to handle the load, the number of requests and concurrency level asked are distributed over the configured number of workers, allowing for as much parallelism. On unixes (only for now), -W0 will use all the CPUs available on the system. To avoid synchronization during runtime, the stats and requests times are gathered per worker and consolidated at the end of the run before being printed. Connection closes, keepalives and errors are now handled in a single place, namely cleanup_connection(), which takes care of the good/bad state of each request based on the response fully received or not. When multiple workers are running, SIGINT is handled by the main thread only and masked in workers, workers are asked to stop and woken up if waiting in poll(). A single worker is started first to determine the connectivity with the peer, if that fails (10 tries) ab will stop early still without starting the other workers, otherwise the first worker will signal the main thread to start the others. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900362 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: remove unused and insecure code. Fixes PR66037.Stefan Eissing2022-04-281-0/+3
| | | | | | | | Thanks to Ronald Crane (Zippenhop LLC) for reporting this. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900356 13f79535-47bb-0310-9956-ffa450edef68
* * removing duplicatae changes entryStefan Eissing2022-04-271-5/+0
| | | | | | | [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900315 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: implement full auto status ("key: value" type status output).Stefan Eissing2022-04-271-0/+5
| | | | | | | | | | | | Especially not only status summary counts for certificates and OCSP stapling but also lists. Auto status format is similar to what was used for mod_proxy_balancer. added change desription for code added in r1900313. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900314 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: added support for managing certificates via aStefan Eissing2022-04-271-0/+5
| | | | | | | | | | local tailscale demon for users of that secure networking. This gives trusted certificates for tailscale assigned domain names in the *.ts.net space. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900313 13f79535-47bb-0310-9956-ffa450edef68
* * Use apr_size_t instead of int to avoid an overflowRuediger Pluem2022-04-271-0/+2
| | | | | | | PR: 66034 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900307 13f79535-47bb-0310-9956-ffa450edef68
* * Avoid an overflow on large inputsRuediger Pluem2022-04-271-0/+2
| | | | | | | PR: 66033 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900306 13f79535-47bb-0310-9956-ffa450edef68
* ab: Allow for TLSv1.3 when the SSL library supports it.Yann Ylavic2022-04-221-0/+2
| | | | | | | | | | | | | | | | When TLS1_3_VERSION is defined by the SSL library, bump the maximum TLS protocol to that and use it for "-f ALL" or "-f TLSv1.3". This mixes proposed patches from BZ 63594 and 64699. BZ: 63594, 64699 Submitted by: abhilash <abhilash1232 gmail.com> Submitted by: xiaolongx.jiang intel.com Submitted & Reviewed by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900157 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: a possible NULL pointer deref was fixed inStefan Eissing2022-04-221-0/+4
| | | | | | | | | the JSON code for persisting time periods (start+end). Fixes #282 on mod_md's github. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900145 13f79535-47bb-0310-9956-ffa450edef68
* core: Disable TCP_NOPUSH optimization on OSX. BZ 66019.Yann Ylavic2022-04-211-0/+2
| | | | | | | | | | | | | | | | | | OSX supports TCP_NOPUSH but does not release the data retained (in TCP stack) when the option is unset. It seems that unsetting it before the last write does not help either so just disable the optimization for OSX in the core output filter to avoid uncontrollable transmission delays. * server/core_filters.c(): Add the sock_nopush() helper that does nothing on OSX and platforms not supporting TCP_NOPUSH or TCP_CORK. * server/core_filters.c(send_brigade_nonblocking): Use sock_nopush() instead of apr_socket_opt_set() for APR_TCP_NOPUSH option. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900100 13f79535-47bb-0310-9956-ffa450edef68
* * Implement full auto status ("key: value" type status output).Stefan Eissing2022-04-191-0/+5
| | | | | | | | | | | Especially not only status summary counts for certificates and OCSP stapling but also lists. Auto status format is similar to what was used for mod_proxy_balancer. [Rainer Jung] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900039 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_proxy: Add backend port to log messages toRainer Jung2022-04-191-0/+2
| | | | | | | ease identification of involved service. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900028 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_heartmonitor: Set the documented default valueRainer Jung2022-04-191-0/+3
| | | | | | | | "10" for HeartbeatMaxServers instead of "0". With "0" no shared memory slotmem was initialized. [Rainer Jung] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900026 13f79535-47bb-0310-9956-ffa450edef68
* * Add Changelog for r1899451, r1899454, r1899562, r1899564, r1899584Ruediger Pluem2022-04-151-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899886 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: use the new REQUEST buckets to forward requestStefan Eissing2022-04-131-0/+4
| | | | | | | | | on secondary connections. Use the now generic ap_process_connection() in h2 workers to process those. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899802 13f79535-47bb-0310-9956-ffa450edef68
* Merge PR 311:Stefan Eissing2022-04-131-0/+10
| | | | | | | | | | | | | | | | *) core/mod_http: use REQUEST meta buckets and a new HTTP/1.x specific input filter to separate the handling for HTTP requests from the handling of HTTP/1.x request parsing and checks. A new HTTP1_REQUEST_IN filter installs itself on http/1.1 connections before a request is being read. It generates either a REQUEST meta bucket on success or an ERROR bucket with the proposed response status. The core connection processing, relying on ap_read_request(), now expects a REQUEST or ERROR bucket from the input filters and is agnostic to specific HTTP versions and how they bring requests into the server. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899799 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1899777: CHANGES entry [skip ci].Yann Ylavic2022-04-121-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899786 13f79535-47bb-0310-9956-ffa450edef68
* *) core/mod_http: use RESPONSE meta buckets and a new HTTP/1.x specificStefan Eissing2022-04-071-0/+9
| | | | | | | | | | | | | | filter to send responses through the output filter chain. Specifically: the HTTP_HEADER output filter and ap_send_interim_response() create a RESPONSE bucket and no longer are concerned with HTTP/1.x serialization. A new HTTP1_RESPONSE_OUT transcode filter writes the proper HTTP/1.x bytes when dealing with a RESPONSE bucket. That filter installs itself on the pre_read_request hook when the connection has protocol 'http/1.1'. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899648 13f79535-47bb-0310-9956-ffa450edef68
* *) core: make ap_escape_quotes() work correctly on stringsStefan Eissing2022-04-061-0/+4
| | | | | | | | | with more than MAX_INT/2 characters, counting quotes double. Credit to <generalbugs@zippenhop.com> for finding this. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899609 13f79535-47bb-0310-9956-ffa450edef68
* *) core: adding a new hook and method to the API:Stefan Eissing2022-03-181-0/+11
| | | | | | | | | | | | | | | | | create_secondary_connection and ap_create_secondary_connection() to setup connections related to a "master" one, as used in the HTTP/2 protocol implementation. *) mod_http2: using the new API calls to get rid of knowledge about how the core handles conn_rec specifics. Improvements in pollset stream handling to use less sets. Using atomic read/writes instead of volatiles now. Keeping a reserve of "transit" pools and bucket_allocs for use on secondary connections to avoid repeated setup/teardowns. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899032 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES entries [skip ci]Yann Ylavic2022-03-0713-51/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898697 13f79535-47bb-0310-9956-ffa450edef68
* core: Make sure and check that LimitXMLRequestBody fits in system memory.Yann Ylavic2022-03-071-0/+2
| | | | | | | | | | | | LimitXMLRequestBody can not exceed the size needed to ap_escape_html2() the body without failing to allocate memory, so enforce this at load time based on APR_SIZE_MAX, and make sure that ap_escape_html2() is within the bounds. Document the limits for LimitXMLRequestBody in our docs. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898686 13f79535-47bb-0310-9956-ffa450edef68
* core: Simpler connection close logic if discarding the request body fails.Yann Ylavic2022-03-071-0/+2
| | | | | | | | | If ap_discard_request_body() sets AP_CONN_CLOSE by itself it simplifies and allows to consolidate end_output_stream() and error_output_stream(). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898683 13f79535-47bb-0310-9956-ffa450edef68
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 22:12:06 +0100