| Commit message (Collapse) | Author | Files | Lines |
|---|
|
mod_ratelimit works by splitting data in "chunks"
to send to the client, sleeping a predefined amount
of time between them (200ms). So for example,
a rate-limit 40 value would correspond to a chunk size
of 8192 bytes, flushed to the client every 200ms.
The idea works fine when httpd directly serves the
content, since the filter will be called once with
a single bucket brigade. In the context of a proxied
content though the filter is likely to be called multiple
times, with a bucket brigade size that corresponds to
the maximum allowed buffer size. If this value is lower
or higher than the chunk size, the filter will not
properly rate limit the data going to the client.
This patch solves the problem with two fix:
1) do_sleep is now stored in the ctx context struct,
so if the filter is invoked multiple times it
will still sleep when needed. For example, say
that the chunk_size is 8192 and the bucket brigate
len is 10240: the filter will flush 8192 bytes
on the first invocation, sleep 200ms, flush the
remaining bytes and then finish. The next invocation
will do the same, clearly not leading to the
correct "sleeping pattern".
2) The example above highlights also another issue:
mod_ratelimit should flush only chunk_size bytes
at the time (I am now excluding the burst calculation
from the picture), and buffer between invocations
unless the brigade contains EOS.
The change has been tested with various scenarios and
it looks working as expected, but of course more
feedback/testing is welcome.
The original patch was written by me and then Yann
refactored the code to be more precise and efficient,
basically transforming an axe in a wonderful Japanese
katana sword, so credits to him for this work.
PR: 62362
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833875 13f79535-47bb-0310-9956-ffa450edef68
|
|
Not strictly necessary for trunk, but in 2.4.x if the main ErrorLog is
using syslog, these messages are lost. In trunk, the low-level logging
routines reach up and find the syslog provider when no server_rec is provided
but that backport is stalled.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833827 13f79535-47bb-0310-9956-ffa450edef68
|
|
LibreSSL seems to be openssl-1.1 API compatible only in version 2.8 (master).
So use that for MODSSL_USE_OPENSSL_PRE_1_1_API instead of 2.7, the two 2.7
compatibility-exceptions are handled explicitely but overall it's simpler.
Regarding CRYPTO_malloc_init vs OPENSSL_malloc_init, libreSSL uses none, the
former used to be a no-op but depends is LIBRESSL_INTERNAL in latest versions,
while the latter has never been (and will never be) defined. So don't call any
with LibreSSL.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833598 13f79535-47bb-0310-9956-ffa450edef68
|
|
More meaningful than SSL_OP_NO_TLSv1_3, hopefully...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833589 13f79535-47bb-0310-9956-ffa450edef68
|
|
This is already forbidden by the protocol, enforced by OpenSSL, and the
current logic can't work (ssl_callback_Info() may be called multiple times
with TLS 1.3).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833588 13f79535-47bb-0310-9956-ffa450edef68
|
|
Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto
can use the same crypto library (e.g. openssl), use the new APR crypto loading
API so that they can work together and initialize/terminate the lib either once
for all or on demand and reusable by the others.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833452 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833416 13f79535-47bb-0310-9956-ffa450edef68
|
|
initialized by the subsequent memcpy/strcpy) and '(int)strlen(p)' can be replaced by 'plen - 1' to save some cycles.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833415 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833400 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833383 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833368 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833242 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833241 13f79535-47bb-0310-9956-ffa450edef68
|
|
check-no rule. Only regenerate the test suite on repeated
"make check" run if a header file has changed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833122 13f79535-47bb-0310-9956-ffa450edef68
|
|
This function, along with ap_make_etag(), is used by the default_handler in
core.c, and in several modules other than builtin mod_http, breaking static
linking and httpdunit tests build.
The move is done by "svn move modules/http/http_etag.c server/util_etag.c".
MMN major bumped, not backportable (as is) to 2.4.x.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833083 13f79535-47bb-0310-9956-ffa450edef68
|
|
ap_process_request): Cache and retrieve the brigade structure used
to send EOR and FLUSH between requests in c->pool userdata, to avoid
allocating a brigade structure per-request out of c->pool.
Submitted by: rpluem, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833014 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833013 13f79535-47bb-0310-9956-ffa450edef68
|
|
* eliminated SSLPolicyRec as name no longer used
* eliminated some left over parameters in internal functions due to policy def removal
* reverted a NULL test, necessary before
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832994 13f79535-47bb-0310-9956-ffa450edef68
|
|
Remove unused bucket allocator created off pconf.
Tag the subpool.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832991 13f79535-47bb-0310-9956-ffa450edef68
|
|
for debugging unless debug-level logging is enabled. No functional change.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832951 13f79535-47bb-0310-9956-ffa450edef68
|
|
using memcpy instead of strncpy to make intentions more clear
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832937 13f79535-47bb-0310-9956-ffa450edef68
|
|
* MDNotifyCmd can now specify arguments to the command
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832935 13f79535-47bb-0310-9956-ffa450edef68
|
|
r1831231 breakage.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832934 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832880 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832879 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832613 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832581 13f79535-47bb-0310-9956-ffa450edef68
|
|
Overwriting server config in pre_config hook breaks EXEC_ON_READ directives,
it's automatically created on purpose anyway.
PR 62220.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832580 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832500 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832497 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832479 13f79535-47bb-0310-9956-ffa450edef68
|
|
delays on systemd.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832383 13f79535-47bb-0310-9956-ffa450edef68
|
|
except this one.
So add it here too.
Probably spotted with the help of the Coccinelle software (Thx Julia for the patch and for Coccinelle)
See PR 53016
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832351 13f79535-47bb-0310-9956-ffa450edef68
|
|
this one.
So add it here too.
Probably spotted with the help of the Coccinelle software (Thx Julia for the patch and for Coccinelle)
See PR 53015
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832348 13f79535-47bb-0310-9956-ffa450edef68
|
|
The SSLRandomSeed builtin, uses 128 bytes of stack, not 1kb of scoreboard data.
See PR 54752
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832346 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832333 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832332 13f79535-47bb-0310-9956-ffa450edef68
|
|
This can not be a runtime ixsue, because, in such a case, we would assert and abort before.
PR 59819.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832317 13f79535-47bb-0310-9956-ffa450edef68
|
|
first existing one are checked. If the file is not found there, the other possible directories are not checked. The doc clearly states that they will be checked one by one, until a match is found or an external redirect is performed.
PR 59636.
While at it, add some debug messages to better understand what is performed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832306 13f79535-47bb-0310-9956-ffa450edef68
|
|
mod_proxy_hcheck: add some hyperlinks, improve syntax highlight, add some missing trailing dot, be more consistent with other modules in the way 'Syntax' lines are displayed
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832294 13f79535-47bb-0310-9956-ffa450edef68
|
|
'Set-Cookie' header field in order to avoid updating the wrong one.
This could happen if the header field has something like 'fakepath=foo;path=bar". In this case fakepath would be updated instead of path.
We don't need regex anymore in order to parse the field values and 'ap_proxy_strmatch_domain' and 'ap_proxy_strmatch_path' are now useless. (and should be axed IMHO)
PR 61560
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832280 13f79535-47bb-0310-9956-ffa450edef68
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832277 13f79535-47bb-0310-9956-ffa450edef68
|
|
See PR 60086.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832202 13f79535-47bb-0310-9956-ffa450edef68
|
|
See PR 60086.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832200 13f79535-47bb-0310-9956-ffa450edef68
|
|
/!\ This commit is _NOT COMPILE TESTED_. (I don't have a windows build environment available)
See PR 60086.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832198 13f79535-47bb-0310-9956-ffa450edef68
|
|
ap_send_error_response
While debugging PR 61860 I found a chain of events
that leads to duplicate headers in the HTTP response
if Header always set is used in the httpd's config.
As far as can understand, mod_headers uses err_headers_out
when dealing with the 'always' setting, since it is expected
to be preserved even on error. The current code seems
to correctly preserve the important headers like Location
(happening before the bit of code that changed), but then
it swaps headers_out with err_headers_out and clears
err_headers_out. My understanding is that this will cause
mod_headers, if called again, to re-insert the headers
set via 'always' again in err_headers_out, leading to a
duplication in the response. So far I managed to reproduce this
only with the specific use case outlined by the PR, but
there might be more.
r1831585 was added to the test suite for PR 61860,
(marked as TODO), and now it seems to pass as expected.
Since this part of the codebase has been working fine
for years I was reluctant to change it, but it seems
the right change to me. I didn't run into any regression
while testing this change (including running the test suite),
but as always I'd be glad to get feedback from a more expert
eye. If I missed a clear regression I'll make sure to
add it to the test suite as part of the follow up.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832092 13f79535-47bb-0310-9956-ffa450edef68
|
|
actually done?
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832078 13f79535-47bb-0310-9956-ffa450edef68
|
|
so repeated "make check" still works.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832013 13f79535-47bb-0310-9956-ffa450edef68
|
|
dummy install root at $builddir/check.
* Makefile.in (check-binaries): New target.
(check/bin/apxs): Moved target inside check/bin.
(check/build/config_vars.mk): Override bindir as well.
(check): Use apxs at new location.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832011 13f79535-47bb-0310-9956-ffa450edef68
|
|
Otherwise, when BalancerPersist is enabled, we might fail (re)starting with a
saved slotmem if a BalancerMember was renamed (e.g. PR 62308's port change).
This is because the renamed member is considered a new one, while the old name
still reserves a slot, so we end up missing one room. The overall number of
members does not change so the sizes check succeeds thus the persisted slotmem
is not invalidated. Yet the slomem is not really compatible.
By clearing inuse flags, we still allow for slots to be reused if their index
did not change (thanks to ap_proxy_find_balancershm() and slotmem_fgrab() at
the given index), but will also invalidate renamed slots which don't match the
index. We now have the correct behaviour by slot and the server (re)starts in
any case.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831938 13f79535-47bb-0310-9956-ffa450edef68
|
