summaryrefslogtreecommitdiffstats
path: root/include (follow)
Commit message (Collapse)AuthorAgeFilesLines
* new Protocols directive and core API changes to enable protocol switching on ↵Stefan Eissing2015-07-242-0/+106
| | | | | | HTTP Upgrade or ALPN, implemented in mod_ssl and mod_h2 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1692486 13f79535-47bb-0310-9956-ffa450edef68
* s/\<\(\w\+\)\>\s\+\<\1\>/\1/gYann Ylavic2015-07-091-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1690137 13f79535-47bb-0310-9956-ffa450edef68
* http, mod_ssl: Introduce and return the 421 (Misdirected Request) status codeYann Ylavic2015-06-121-0/+1
| | | | | | | | | | | | | | | for clients requesting a hostname on a reused connection whose SNI (from the TLS handshake) does not match. PR 5802. This allows HTTP/2 clients to fall back to a new connection as per: https://tools.ietf.org/html/rfc7540#section-9.1.2 Proposed by: Stefan Eissing <stefan eissing.org> Reviewed by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1685069 13f79535-47bb-0310-9956-ffa450edef68
* SECURITY: CVE-2015-3185 (cve.mitre.org)William A. Rowe Jr2015-06-092-1/+27
| | | | | | | | | | Replacement of ap_some_auth_required (unusable in Apache httpd 2.4) with new ap_some_authn_required and ap_force_authn hook. Submitted by: breser git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1684524 13f79535-47bb-0310-9956-ffa450edef68
* Allow for array of multiple simul requests per connection andJim Jagielski2015-05-281-0/+3
| | | | | | | | keep track of them (mostly need to worry about when there are no more requests, but having the list could be useful later on) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1682280 13f79535-47bb-0310-9956-ffa450edef68
* core: Follow up to r1599601: s/ap_log_common/ap_log_mpm_common/.Yann Ylavic2015-05-162-4/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1679714 13f79535-47bb-0310-9956-ffa450edef68
* * mod_dav_fs: set default value of DavLockDB using installation layoutJan Kaluža2015-04-171-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1674222 13f79535-47bb-0310-9956-ffa450edef68
* Not that hard to explain...William A. Rowe Jr2015-04-021-2/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1670805 13f79535-47bb-0310-9956-ffa450edef68
* http: Add support for RFC2324/RFC7168.Graham Leggett2015-04-012-1/+5
| | | | | | | Sample implementation: http://people.apache.org/~minfrin/mod_teapot.c git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1670594 13f79535-47bb-0310-9956-ffa450edef68
* core: Follow up to r1664071: comments on new keep_alive_timeout_set flag.Yann Ylavic2015-03-051-2/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1664299 13f79535-47bb-0310-9956-ffa450edef68
* core: If explicitly configured, use the KeepaliveTimeout value of theYann Ylavic2015-03-042-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | virtual host which handled the latest request on the connection, or by default the one of the first virtual host bound to the same IP:port. For non-async MPMs, use either r->server's or c->base_server's value in ap_process_http_sync_connection() depending on a new server_rec's flag called keep_alive_timeout_set and determined at config time. For event MPM, use a queue per timeout value, chaining the queues per type (keepalive wrt KeepAliveTimeout, write completion wrt to Timeout) so that maintenance can be done on all the queues from the head, and such that insertions/maintenance remain in O(1). A server config is created and pointing to the queue of each vhost at post_config time, hence the config can be associated to the connection state (cs) at post_read_request time (keep_alive_timeout_set is used to determine r->server vs c->base_server here), and we can simply insert with TO_QUEUE_INSERT(cs->sc->q, cs). PR56226. While at it, since each queue now embeds it own timeout and hence the expiration_time of the cs has changed to a queue_timestamp (the time it was queued), we can detect clock skews and expire entries immediatly if the system is set (eg. far) in the past during runtime and we want to avoid waiting for (eg.) centuries before the current logic kills them. Any entry which is registered above now + q->timeout is concerned, and is now cleaned from the queue when encountered. PR57374. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1664071 13f79535-47bb-0310-9956-ffa450edef68
* PR54613: protect the invoke_mtx with #if APR_HAS_THREADS.Eric Covener2015-03-021-0/+2
| | | | | | | | | No MMN bump, httpd.h cannot be compiled today without APR_HAS_THREADS. With APR_HAS_THREADS there is no structure layout change. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1663375 13f79535-47bb-0310-9956-ffa450edef68
* Follow-up to r1661487:Jeff Trawick2015-02-221-2/+2
| | | | | | | Change the real MMN git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1661489 13f79535-47bb-0310-9956-ffa450edef68
* Provide separate SSL_CT_*_STATUS variables for client vs. proxyJeff Trawick2015-02-221-0/+1
| | | | | | | | connections, courtesy of a new flag passed from mod_ssl on its pre_connection "optional hook." git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1661487 13f79535-47bb-0310-9956-ffa450edef68
* core: Add expression support to ErrorDocument. Switch from a fixedGraham Leggett2015-02-222-7/+10
| | | | | | | sized 664 byte array per merge to a hash table. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1661448 13f79535-47bb-0310-9956-ffa450edef68
* expand commentEric Covener2015-01-301-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1656062 13f79535-47bb-0310-9956-ffa450edef68
* Provide a way for EXEC_ON_READ directives to see their contextEric Covener2015-01-302-2/+6
| | | | | | | | | | | | | | (parent directive). Usually, this context is not also EXEC_ON_READ so it's not fully processed, so e.g cmd->path is not fluffed up yet because the closing tag of the section is not read yet and ap_check_cmd_context() doesn't work) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1656058 13f79535-47bb-0310-9956-ffa450edef68
* AP_INIT_NO_ARGS mishandled in macroEric Covener2015-01-271-2/+2
| | | | | | | | | | Submitted by: Joachim Zobel <jzobel heute-morgen.de>, covener Committed by: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1655146 13f79535-47bb-0310-9956-ffa450edef68
* Bump mmn as documented in commit log msg r1653666William A. Rowe Jr2015-01-211-2/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1653667 13f79535-47bb-0310-9956-ffa450edef68
* Revert r4635428 corresponding to PR41867.William A. Rowe Jr2015-01-211-1/+0
| | | | | | | | | | | | | | | | | | | | | | The code reverted attempted to restrict comparisons of the r->filename to given DirectoryMatch blocks. r->filename was already a non-directory entity at this point, because we have already fallen out of the } while (thisinfo.filetype == APR_DIR); block above. The addition of r->d_is_directory was redundant. That is what is always returned by ap_get_core_module_config(r->per_dir_config). Note modifying dir_config required an MMN major bump as this commit could have realigned the offset of refs (had it been added to the end, this would correspond to an mmn minor bump) and other fields packed into the same bytes (this is undefined). Bump on revert to prevent unexpected crashes. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1653666 13f79535-47bb-0310-9956-ffa450edef68
* Happy New Year 2015Rainer Jung2015-01-011-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1648840 13f79535-47bb-0310-9956-ffa450edef68
* Allow SetHandler+UDS+fcgi to take advantage of dedicated workers includingEric Covener2014-12-201-1/+2
| | | | | | | | | | | | opting in to connection reuse and other proxy options (max=, etc). adds 'enablereuse' proxyoption and a minor MMN bump to share proxy_desocketfy outside of mod_proxy.c, which is required to match workers to URLs. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1647009 13f79535-47bb-0310-9956-ffa450edef68
* minor commentary and indentation fixes for ap_log_*data()Jeff Trawick2014-12-061-6/+6
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643538 13f79535-47bb-0310-9956-ffa450edef68
* core: Add CGIPassAuth directive to control whether HTTP authorizationJeff Trawick2014-12-022-1/+12
| | | | | | | | | headers are passed to scripts as CGI variables. PR: 56855 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1642847 13f79535-47bb-0310-9956-ffa450edef68
* * ap_exr: Add replace(string, from, to) function.Jan Kaluža2014-11-271-1/+13
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1642154 13f79535-47bb-0310-9956-ffa450edef68
* MPMs, core: make duplicated listeners (SO_REUSEPORT) introduced in r1599531Yann Ylavic2014-10-302-15/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | less intrusive. Submitted by: Yingqi Lu <yingqi.lu@intel.com> Modified/Committed by: ylavic Add ListenCoresBucketsRatio which is a configurable ratio between the number of CPU cores (online) and the number of listeners buckets to create, defaulting to zero (so that listeners buckets become an opt-in, ie. ncpus / ratio > 1). This could also be made an opt-out by using the previous hardcoded value (8) as default. Make ap_close_listeners() act on all the listeners (including duplicated ones), since the function is also called externally (eg. mod_cgid, mod_ssl_ct and possibly any third party module) to cleanup opened descriptors when a process is forked (the duplicated listeners are kept in a scoped/static variable). Add ap_close_listeners_ex() to close a single bucket of listeners, used by the children to close unused duplicates and internally by ap_close_listeners(). Make ap_duplicate_listeners() compute the number of buckets to be used, instead of each MPM. This number is now based on the above ratio and will not change unless asked to (given *num_buckets < 1, that is when the MPM does not run in one-process mode nor after a graceful restart). Remove some global variables (mpm_listen, enable_default_listeners) previously used to communicate between MPMs and ap_listen, since ap_duplicate_listeners() API can now be used to do so. Also rename num_buckets as ap_num_listen_buckets, and prefix have_so_reuseport with ap_ (both printed by ap_log_common(), hence kept global). Detect ap_have_so_reuseport once only at startup. Restore dummy_connection() as before r1599531 since sending POD signals should not depend on the number of listeners buckets (there is still one single socket receiving the connections). For each MPM (concerned), move the bucket data (pod, listeners and eventually accept mutex) into a struct and instanciate an array of them (sized by the number of buckets), for each child to use its own data according to its bucket index, and the parent to maintain the whole. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1635521 13f79535-47bb-0310-9956-ffa450edef68
* core: Do not match files when using DirectoryMatch. PR41867.Jan Kaluža2014-10-301-0/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1635428 13f79535-47bb-0310-9956-ffa450edef68
* core: Use process scoreboard to store each child's listener bucket,Yann Ylavic2014-10-072-1/+3
| | | | | | | | | | and silently adjust the configured number of processes/threads to be above the computed number of listener buckets (depending on the CPU cores). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1629909 13f79535-47bb-0310-9956-ffa450edef68
* Minor mmn bump due to r1612940.Rainer Jung2014-07-241-1/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1613189 13f79535-47bb-0310-9956-ffa450edef68
* Forgotten file needed for r1612934.Rainer Jung2014-07-231-0/+15
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1612940 13f79535-47bb-0310-9956-ffa450edef68
* Fix comment.Christophe Jaillet2014-07-191-5/+1
| | | | | | Remove @file and @brief from within the @defgroup to be consistenbt with doxygen comments from other files. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1611919 13f79535-47bb-0310-9956-ffa450edef68
* Move comment from .c to .h in order to make use of it in doxygen.Christophe Jaillet2014-07-191-8/+22
| | | | | | | Fix the comment that states that these vars are NULL on ASCII machine, they seem to be undefined instead. Rework some comments. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1611916 13f79535-47bb-0310-9956-ffa450edef68
* Improve doxygen comment.Christophe Jaillet2014-07-191-3/+6
| | | | | | Generate the doc even if build on non-EBCDIC system + fix a comment about non-EBCDIC system. In this case, these vars are undefined, not NULL. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1611908 13f79535-47bb-0310-9956-ffa450edef68
* Improve doxygen comment.Christophe Jaillet2014-07-191-13/+11
| | | | | | | Use a comment already present as the doxygen description of the module. Remove a useless @def. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1611880 13f79535-47bb-0310-9956-ffa450edef68
* Improve doxygen comment.Christophe Jaillet2014-07-191-10/+18
| | | | | | Improve layout, fix typo, generate relevant doc even if build on non-EBCDIC system + add note that these functions are mostly noop on non-EBCDIC system. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1611858 13f79535-47bb-0310-9956-ffa450edef68
* Fix typo spotted by Mike RumphChristophe Jaillet2014-07-171-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1611481 13f79535-47bb-0310-9956-ffa450edef68
* Improve doxygen comment.Christophe Jaillet2014-07-171-61/+71
| | | | | | | | Improve layout, add trailing '.' in function description, capitalize first letter of description, fix typo, turn \0 into \\0. Move the detailed description after @defgroup so that it is taken into account. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1611252 13f79535-47bb-0310-9956-ffa450edef68
* Improve doxygen comment.Christophe Jaillet2014-07-171-4/+3
| | | | | | Improve layout, add trailing '.' in function description, remove unneeded @fn. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1611210 13f79535-47bb-0310-9956-ffa450edef68
* Improve doxygen comment.Christophe Jaillet2014-07-171-17/+13
| | | | | | Improve layout, add trailing '.' in function description, remove unneeded @fn. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1611202 13f79535-47bb-0310-9956-ffa450edef68
* *) SECURITY: CVE-2013-5704 (cve.mitre.org)Eric Covener2014-07-153-1/+11
| | | | | | | | | | | | | | | core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior. Submitted By: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610814 13f79535-47bb-0310-9956-ffa450edef68
* SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverseJoe Orton2014-07-152-1/+19
| | | | | | | | | | | | | | | | | | | | | proxy configuration, a remote attacker could send a carefully crafted request which could crash a server process, resulting in denial of service. Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting this issue. * server/util.c (ap_parse_token_list_strict): New function. * modules/proxy/proxy_util.c (find_conn_headers): Use it here. * modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response): Send a 400 for a malformed Connection header. Submitted by: Edward Lu, breser, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610674 13f79535-47bb-0310-9956-ffa450edef68
* SECURITY (CVE-2014-0226): Fix a race condition in scoreboard handling,Joe Orton2014-07-142-1/+19
| | | | | | | | | | | | | | | | | | | which could lead to a heap buffer overflow. Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting this. * include/scoreboard.h: Add ap_copy_scoreboard_worker. * server/scoreboard.c (ap_copy_scoreboard_worker): New function. * modules/generators/mod_status.c (status_handler): Use it. * modules/lua/lua_request.c (lua_ap_scoreboard_worker): Likewise. Reviewed by: trawick, jorton, covener, jim Submitted by: jorton, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610491 13f79535-47bb-0310-9956-ffa450edef68
* bump mmn because of r1609680Jan Kaluža2014-07-111-1/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1609709 13f79535-47bb-0310-9956-ffa450edef68
* make LDAPConnectionPoolTTL more conservative, use r->request_time rather thanEric Covener2014-07-052-1/+3
| | | | | | | | | end-of-request time, and only update it after a round-trip with the LDAP server rather than every time we check back into the pool. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1607960 13f79535-47bb-0310-9956-ffa450edef68
* Revert r1601943, r1602058, r1605307 (socket callback returning pollfds)Takashi Sato2014-06-273-7/+7
| | | | | | | | | | Revert r1605369 (wstunnel refactoring) per discassion on dev@httpd.a.o thread Message-ID: <CALK=YjN9HfThP_k_rF9iJPcUhcQk9sNOaDPxZNG+HcJNWS4ZAQ@mail.gmail.com> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1605946 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy: Don't limit the size of the connectable Unix Domain Socket paths.Yann Ylavic2014-06-161-1/+2
| | | | | | | | Since connect() to UDS path is used at several places, introduce ap_proxy_connect_uds() in proxy_util. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1602989 13f79535-47bb-0310-9956-ffa450edef68
* Follow up r1601943:Takashi Sato2014-06-121-1/+1
| | | | | | | | | Fix typo. No functional change. Pointed out by mrumph git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1602058 13f79535-47bb-0310-9956-ffa450edef68
* fix AP_IS_DEAULT_HANDLER_NAMEJeff Trawick2014-06-111-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1601995 13f79535-47bb-0310-9956-ffa450edef68
* Socket event callback now takes pollfd.Takashi Sato2014-06-113-6/+11
| | | | | | | | User (e.g. mod_proxy_wstunnel) can know which socket is ready. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1601943 13f79535-47bb-0310-9956-ffa450edef68
* mpm_event[opt]: Send the SSL close notify alert when the KeepAliveTimeoutYann Ylavic2014-06-082-1/+11
| | | | | | | expires. PR54998. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1601185 13f79535-47bb-0310-9956-ffa450edef68
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 08:24:40 +0100