summaryrefslogtreecommitdiffstats
path: root/server/vhost.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* fix StrictHostCheck crash w/ HTTP/1.0Eric Covener2021-04-171-1/+1
| | | | | | | | not released git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1888871 13f79535-47bb-0310-9956-ffa450edef68
* Reverse the order of 2 tests to potentially save a few cycles.Christophe Jaillet2019-01-131-4/+5
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1851198 13f79535-47bb-0310-9956-ffa450edef68
* move the assignment to the end of the loop.Eric Covener2018-09-121-1/+2
| | | | | | | | This is more readable and isn't miscompiled w/ -O3 on a certain unnamed EBCDIC platforms compiler. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840678 13f79535-47bb-0310-9956-ffa450edef68
* fix StrictHostCheck in single/non-NVH vhostsEric Covener2018-09-061-3/+3
| | | | | | | | | | While all VH'es are NVH'es in 2.4 and later, something special happens once a second NVH in a set is added. This case covers the global server config scenario as well. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840229 13f79535-47bb-0310-9956-ffa450edef68
* Add StrictHostCheck Eric Covener2018-08-141-6/+32
| | | | | | | | | | | .. to allow ucnonfigured hostnames to be rejected. The checks happen during NVH mapping and checks that the mapped VH itself has the host as a name or alias. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1838055 13f79535-47bb-0310-9956-ffa450edef68
* Re-allow '_' (underscore) in hostnames.Eric Covener2018-06-251-1/+1
| | | | | | | | | '_' was not permitted in hostnames since 2.4.25's "HTTP Strict" changes. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834318 13f79535-47bb-0310-9956-ffa450edef68
* * server/vhost.c: Remove redundant vhost_check_config hook which neverJoe Orton2018-04-121-14/+0
| | | | | | | fails, r1053230 removed all the places where config_error was set. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828983 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-02-011-3/+3
| | | | | | | | | adding AP_DECLARE for ap_parse_vhost_addrs() and minor bumb mmn. Resolves building mod_ssl on Windows. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1822872 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-12-131-1/+1
| | | | | | | | updated missing log tags. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1818030 13f79535-47bb-0310-9956-ffa450edef68
* Support IPv6 link-local scope IDs in Listen and VirtualHost, if builtJoe Orton2017-11-291-1/+18
| | | | | | | | | | | | | | | | | with APR 1.7 or later: * server/listen.c (match_address): New function, factored out from find_listeners. (find_listeners): Use it; add scope and temp pool arguments. (alloc_listener): Take scope_id and pool arguments and pass through; set zone for addresses if present. (ap_set_listener): Pass through temp pool and scope id. * server/vhost.c (get_addresses): Set zone for vhost address if present. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1816609 13f79535-47bb-0310-9956-ffa450edef68
* Fix some tiny style issues (missing space)Christophe Jaillet2017-01-061-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1777594 13f79535-47bb-0310-9956-ffa450edef68
* 'repl' is already allocated in the request pool by 'construct_host_header()' ↵Christophe Jaillet2017-01-061-1/+1
| | | | | | | | the line just before. So this is safe to use the 'apr_table_setn' variant in order to save a few bytes of memory. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1777593 13f79535-47bb-0310-9956-ffa450edef68
* remove initial isascii check entirelyEric Covener2016-12-221-6/+0
| | | | | | | | | We are already checking an even narrower set of characters just below. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1775664 13f79535-47bb-0310-9956-ffa450edef68
* Fix strict Host: header checking on EBCDICEric Covener2016-12-201-1/+4
| | | | | | | | | on zOS, isascii() really means 7 bit ascii, but our strings are in ebcdic for 99.95% of the lifetime of the server. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1775199 13f79535-47bb-0310-9956-ffa450edef68
* Actually cause the Host header to be overridden, as noted by rpluem,William A. Rowe Jr2016-11-161-6/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and simplify now that there isn't a log-only mode. I believe this logic to be busted. Given this request; GET http://distant-host.com/ HTTP/1.1 Host: proxy-host we would now fail to evaluate the proxy-host virtual host rules. This seems like a breaking change to our config. mod_proxy already follows this rule of RFC7230 section 5.4; When a proxy receives a request with an absolute-form of request-target, the proxy MUST ignore the received Host header field (if any) and instead replace it with the host information of the request-target. A proxy that forwards such a request MUST generate a new Host field-value based on the received request-target rather than forward the received Host field-value. Section 5.5 of RFC7230 has this to say; Once the effective request URI has been constructed, an origin server needs to decide whether or not to provide service for that URI via the connection in which the request was received. For example, the request might have been misdirected, deliberately or accidentally, such that the information within a received request-target or Host header field differs from the host or port upon which the connection has been made. If the connection is from a trusted gateway, that inconsistency might be expected; otherwise, it might indicate an attempt to bypass security filters, trick the server into delivering non-public content, or poison a cache. See Section 9 for security considerations regarding message routing. Section 5.3.1 states; To allow for transition to the absolute-form for all requests in some future version of HTTP, a server MUST accept the absolute-form in requests, even though HTTP/1.1 clients will only send them in requests to proxies. It seems to me we should simply trust the Host: header and dump this whole mess. If we want to reject requests in absolute form after the proxy modules have had a chance to accept them, that wouldn't be a bad solution. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769965 13f79535-47bb-0310-9956-ffa450edef68
* Rename the previously undocumented HTTPProtocol directiveWilliam A. Rowe Jr2016-08-161-14/+7
| | | | | | | | | | | | | | | | | | | | | | | | to EnforceHTTPProtocol, and invert the default behavior to strictly observe RFC 7230 unless otherwise configured. And Document This. The relaxation option is renamed 'Unsafe'. 'Strict' is no longer case sensitive. 'min=0.9|1.0' is now the verbose 'Allow0.9' or 'Require1.0' case-insenstive grammer. The exclusivity tests have been modified to detect conflicts. The 'strict,log' option failed to enforce strict conformance, and has been removed. Unsafe, informational logging is possible in any loadable module, after the request data is unsafely accepted. This triggers a group of failures in t/apache/headers.t as expected since those patterns violated RFC 7230 section 3.2.4. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1756540 13f79535-47bb-0310-9956-ffa450edef68
* Fix spelling in comments and text files.Rainer Jung2016-08-111-2/+2
| | | | | | | | No functional change. PR 59990 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1756038 13f79535-47bb-0310-9956-ffa450edef68
* Added many log numbers to log statements thatRainer Jung2016-01-191-1/+3
| | | | | | | | | had none. Those were not detected by the coccinelle script. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1725485 13f79535-47bb-0310-9956-ffa450edef68
* name-based vhosts listed twice with apachectl -SEric Covener2013-09-201-1/+2
| | | | | | | | | | | | | When processing a vhost with * or _default_, we'd add the "names" once for 0.0.0.0 and once for [::], but these are stored in the same "default" ip chain. Catch the back-to-back wildcard + same port and short-circuit the second add. Submitted By: rjung Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1525000 13f79535-47bb-0310-9956-ffa450edef68
* PR54948: wildcard name-based vhosts printed twice in apachectl -SEric Covener2013-05-111-3/+12
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1481306 13f79535-47bb-0310-9956-ffa450edef68
* * Ensure that is_v6literal is always initializedRuediger Pluem2013-01-211-1/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1436457 13f79535-47bb-0310-9956-ffa450edef68
* remove comment; empty host headers can happen in proxy requestsStefan Fritsch2012-12-301-4/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1426988 13f79535-47bb-0310-9956-ffa450edef68
* add log tags missing in r1426877Stefan Fritsch2012-12-301-3/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1426879 13f79535-47bb-0310-9956-ffa450edef68
* Add an option to enforce stricter HTTP conformanceStefan Fritsch2012-12-301-18/+145
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a first stab, the checks will likely have to be revised. For now, we check * if the request line contains control characters * if the request uri has fragment or username/password * that the request method is standard or registered with RegisterHttpMethod * that the request protocol is of the form HTTP/[1-9]+.[0-9]+, or missing for 0.9 * if there is garbage in the request line after the protocol * if any request header contains control characters * if any request header has an empty name * for the host name in the URL or Host header: - if an IPv4 dotted decimal address: Reject octal or hex values, require exactly four parts - if a DNS host name: Reject non-alphanumeric characters besides '.' and '-'. As a side effect, this rejects multiple Host headers. * if any response header contains control characters * if any response header has an empty name * that the Location response header (if present) has a valid scheme and is absolute If we have a host name both from the URL and the Host header, we replace the Host header with the value from the URL to enforce RFC conformance. There is a log-only mode, but the loglevels of the logged messages need some thought/work. Currently, the checks for incoming data log for 'core' and the checks for outgoing data log for 'http'. Maybe we need a way to configure the loglevels separately from the core/http loglevels. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1426877 13f79535-47bb-0310-9956-ffa450edef68
* Correctly parse an IPv6 literal host specification in an absolute URLStefan Fritsch2012-12-291-48/+114
| | | | | | | | | | | | in the request line. - Fix handling of brackets [ ] surrounding the IPv6 address. - Skip parsing r->hostname again if not necessary. - Do some checks that the IPv6 address is sane. This is not done by apr_parse_addr_port(). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1426827 13f79535-47bb-0310-9956-ffa450edef68
* log client error at level debug, log broken Host header valueStefan Fritsch2012-11-081-2/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1407006 13f79535-47bb-0310-9956-ffa450edef68
* Add lots of unique tags to error log messagesStefan Fritsch2011-12-031-4/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209766 13f79535-47bb-0310-9956-ffa450edef68
* Cleanup effort in prep for GA push:Jim Jagielski2011-09-231-17/+17
| | | | | | | | Trim trailing whitespace... no func change git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1174751 13f79535-47bb-0310-9956-ffa450edef68
* * Correctly obey ServerName / ServerAlias if the Host header from theRuediger Pluem2011-09-171-12/+25
| | | | | | | | | | | request matches the VirtualHost address. PR: 51709 Submitted by: Micha Lenk <micha lenk.info> Reviewed by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1172002 13f79535-47bb-0310-9956-ffa450edef68
* * server/vhost.c (get_addresses): For '*' and '_default_', returnJoe Orton2011-07-181-4/+11
| | | | | | | | address(es) for any address family, not IPv4 only. (dump_a_vhost): Use '*' for v4 or v6 wildcard address. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1147806 13f79535-47bb-0310-9956-ffa450edef68
* Various code cleanupStefan Fritsch2011-06-221-2/+2
| | | | | | | | PR: 51398 Submitted by: Christophe Jaillet <christophe jaillet wanadoo fr> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1138627 13f79535-47bb-0310-9956-ffa450edef68
* Introduce ap_(get|set)_core_module_config() functions/macros and use themStefan Fritsch2011-06-061-1/+3
| | | | | | | | | | | | everywhere. We know that the core module has module_index 0. Therefore we can save some pointer operations in ap_get_module_config(cv, &core_module) and ap_set_module_config(cv, &core_module, val). As these are called rather often, this may actually have some (small) measurable effect. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1132781 13f79535-47bb-0310-9956-ffa450edef68
* prefer exact port matches in ip-based VH lookup over wildcards.Eric Covener2010-12-281-6/+18
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1053309 13f79535-47bb-0310-9956-ffa450edef68
* Remove need for NameVirtualHost directive by implicitly configuring any ↵Eric Covener2010-12-281-138/+61
| | | | | | | | | | | | | | | | | | | duplicated VH addresses as name-based virtual hosts. This also combines _default_ and * into a single type of wildcard since these presented a false dichotomy between address specs. These are post-config only changes and do not change the runtime lookups. The biggest loss here is that an unintended duplication of virtual host addresses can no longer be reported as directly in the past, but should still be debuggabl via apachectl -S (unintended NVH). These problems are a drop in the bucket compared to the difficulty users have with using NameVirtualHost. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1053230 13f79535-47bb-0310-9956-ffa450edef68
* Fail startup for vhost configuration problems, rather thanDaniel Earl Poirier2010-08-301-7/+27
| | | | | | | running with a configuration with undefined behavior. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@990844 13f79535-47bb-0310-9956-ffa450edef68
* With -S, show ServerAlias values that go with the virtual hostsDaniel Earl Poirier2010-08-051-0/+20
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@982629 13f79535-47bb-0310-9956-ffa450edef68
* Use the new APLOG_USE_MODULE/AP_DECLARE_MODULE macros everywhere to takeStefan Fritsch2010-06-061-0/+2
| | | | | | | advantage of per-module loglevels git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@951895 13f79535-47bb-0310-9956-ffa450edef68
* Expand the "NameVirtualHost has no VirtualHosts" error message, since itRich Bowen2010-04-161-1/+3
| | | | | | | seems that we have to explain a dozen times a day what it really means. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@934984 13f79535-47bb-0310-9956-ffa450edef68
* non-static directive parsers should be AP_DECLARE_NONSTD()Jeff Trawick2009-11-241-2/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@883860 13f79535-47bb-0310-9956-ffa450edef68
* Vhosts: treating a pure-numeric Host header as a port is nonsense.Nick Kew2009-11-021-8/+10
| | | | | | | PR 44979 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@832172 13f79535-47bb-0310-9956-ffa450edef68
* Output -M and -S dumps (modules and vhosts) to stdout instead of stderr.Paul J. Reder2008-12-171-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@727452 13f79535-47bb-0310-9956-ffa450edef68
* Remove all references to CORE_PRIVATE.Paul Querna2008-04-071-1/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645455 13f79535-47bb-0310-9956-ffa450edef68
* update license header textRoy T. Fielding2006-07-111-6/+6
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@420983 13f79535-47bb-0310-9956-ffa450edef68
* Update the copyright year in all .c, .h and .xml filesColm MacCarthaigh2006-04-191-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@395228 13f79535-47bb-0310-9956-ffa450edef68
* No functional Change: Removing trailing whitespace. This alsoJim Jagielski2005-11-101-10/+10
| | | | | | | | means that "blank" lines consisting of just spaces or tabs are now really blank lines git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@332306 13f79535-47bb-0310-9956-ffa450edef68
* No functional change: simple detabbing of indented code.Jim Jagielski2005-11-101-4/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@332305 13f79535-47bb-0310-9956-ffa450edef68
* Doxygen fixup / cleanupIan Holsman2005-08-291-3/+4
| | | | | | | | | submited by: Neale Ranns neale ranns.org reviewed by: Ian Holsman git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@263931 13f79535-47bb-0310-9956-ffa450edef68
* * server/vhost.c (get_addresses): Fix double negative and make errorsJoe Orton2005-08-051-3/+3
| | | | | | | consistent; thanks Joshua. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@230469 13f79535-47bb-0310-9956-ffa450edef68
* * server/vhost.c (get_addresses): Fail with an error message ratherJoe Orton2005-08-051-2/+8
| | | | | | | | | | than an assert() for errors which plague users on Solaris boxes which don't have a properly configured resolver. PR: 27525 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@230453 13f79535-47bb-0310-9956-ffa450edef68
* Add ap_vhost_iterate_given_conn() as I had previously mentioned on the ↵Paul Querna2005-04-251-0/+50
| | | | | | mailing list. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@164538 13f79535-47bb-0310-9956-ffa450edef68
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 15:37:34 +0100