Checkout Tools
  • last updated 12 mins ago
Constraints: committers
Constraints: files
Constraints: dates
Merge r1865749 from trunk:

PR63688 balancer csrf problems

fix case-sensitive referer check

Submitted By: Armin Abfalterer

Reviewed by: covener, jim, jorton

PR: 63688

  1. … 1 more file in changeset.
Merge of r1864693,1864695,1864703 from trunk;

*) mod_proxy: Improve XSRF/XSS protection. [Joe Orton]

  1. … 3 more files in changeset.
Easy patches: synch 2.4.x and trunk

- core: 80 chars

- http_core: Clean-uo and style. No functional change overall

- http_core: One more style fix in ap_process_http_async_connection()

- mod_mime: Fix a cppcheck warning

- mod_proxy_ajp: Fix a harmless clang warning

- suexec: avoid a potential sprintf overflow

- mod_headers: This is harmless, but this really should be an 'echo_do *'

- core: Fix typo

- core: Update a comment about the 'PATCH' HTTP command

- mod_proxy_balancer: Fix some HTML syntax issues

trunk patch:











2.4.x patch: svn merge -c 1780282,1814659,1814660,1838285,1842881,1846253,1853757,1851702,1853980,1855614 ^/httpd/httpd/trunk .

+1: jailletc36, jim, rjung

  1. … 11 more files in changeset.
Merge r1836381, r1836382, r1836383, r1836386, r1836603 from trunk:

* mod_proxy: Remove load order and link dependency between mod_lbmethod_*

modules and mod_proxy by providing mod_proxy's ap_proxy_balancer_get_best_worker

as an optional function.

PR: 62557

* Remove invalid copy and paste comments

* Always retrieve conditional function. static variable might contain garbage if module was reloaded in a static build.

* Add missing log numbers

* ap_proxy_balancer_get_best_worker cannot be exported and used as an optional

function at the same time. So rename ap_proxy_balancer_get_best_worker to

proxy_balancer_get_best_worker and make it static which is then used as an

optional function and recreate ap_proxy_balancer_get_best_worker as an

exported thin wrapper of proxy_balancer_get_best_worker.

Submitted by: rpluem

Reviewed by: covener, jim, ylavic

  1. … 11 more files in changeset.
* modules/proxy/mod_proxy_balancer.c (make_server_id):

Fix APR 1.4 compatibility by avoiding use of apr_escape.h.

Submitted by: jorton

Reviewed by: jorton, rpluem, ylavic

  1. … 1 more file in changeset.
Merge r1831868, r1831869, r1831870, r1831871, r1831872, r1831935, r1831938, r1832479 from trunk:

Restore mod_slotmem_shm from 2.4.29.

Will restart from there to really fix PR 62308 (and PR 62044 still).

This effectively reverts:

- r1831394,

- r1830800,

- r1826970,

- r1826845,

- r1823572,

- r1823416,

- r1823415,

- r1823412,

- r1822511,

- r1822509.

(in 2.4.x, this is part of r1824180)

mod_slotmem_shm: use a generation number for SHM filename on all platforms.

Successive generations can't share the same SHMs because restarts may modify

them under the terminating children, while SHMs are not extensible when all

slots are in use.

This effectively restores r1822341 which was reverted by r1822505.

mod_slotmem_shm: follow up to r1831869.

Don't try to attach SHMs on startup, they might be from a previous crash and

prevent the server to start (on failure to reuse it).

On mpm_winnt though, the pre/post_config() phases are re-run in child process,

and the parent process already created the SMs, so they must be attached there.

mod_slotmem_shm: follow up to r1831869 (check persistent files).

Since persistent files are also reused on stop/start, we must ensure that

they match the same descriptor when reused on the next startup, so add it

to integrity metadata.

Also, the descriptor being the first field in the SHM, we don't need to

copy on the stack it in several places, and can handle it as a pointer.

Follow up to r1831869: update CHANGES entry.

mod_slotmem_shm: follow up to r1831869: fix persisted file size's checksum.

mod_proxy_balancer: clear slotmem slots' inuse flags from persisted files.

Otherwise, when BalancerPersist is enabled, we might fail (re)starting with a

saved slotmem if a BalancerMember was renamed (e.g. PR 62308's port change).

This is because the renamed member is considered a new one, while the old name

still reserves a slot, so we end up missing one room. The overall number of

members does not change so the sizes check succeeds thus the persisted slotmem

is not invalidated. Yet the slomem is not really compatible.

By clearing inuse flags, we still allow for slots to be reused if their index

did not change (thanks to ap_proxy_find_balancershm() and slotmem_fgrab() at

the given index), but will also invalidate renamed slots which don't match the

index. We now have the correct behaviour by slot and the server (re)starts in

any case.

mod_slotmem_shm: follow up to r1831869: fix dead else if condition.

Submitted by: jim, ylavic

Reviewed by: ylavic, jim, druggeri

  1. … 3 more files in changeset.
Merge r1828890, r1832500 from trunk:

mod_proxy_balancer: Add hot spare member type and corresponding flag (R). Hot spare members are

used as drop-in replacements for unusable workers in the same load balancer set. This differs

from hot standbys which are only used when all workers in a set are unusable. PR 61140.

mod_proxy_balancer: follow up to r1828890: indentation and 80 col.

Submitted by: jhriggs, ylavic

Reviewed by: jhriggs, jim, ylavic

  1. … 11 more files in changeset.
Merge r1824176, r1824460, r1824482 from trunk:

mod_proxy: Provide an RFC1035 compliant version of the hostname in the

proxy_worker_shared structure. PR62085

Tone down the message that worker hostname is too long noting it only

affects legacy modules not yet using hostname_ex.

Set the notice when hostname is too long for legacy proxy modules to info level.

Submitted by: minfrin

Reviewed by: minfrin, jim, ylavic

  1. … 10 more files in changeset.
Merge r1822509, r1822511, r1823412, r1823415, r1823416, r1823564, r1823572, r1823575 from trunk:

mod_slotmem_shm: Rework SHM reuse/deletion.

To fix races with graceful restarts (PR 62044).

This commit does:

1/ use a constant file name for all systems (no generation suffix which

makes a new SHM to be created for each restart, losing previous data)

2/ maintain the list of the created SHMs accross restarts (ap_pglobal list)

3/ not unlink the files on restart anymore (otherwise we can't reuse them)

4/ not attach existing SHMs in slotmem_create() anymore (not suitable since

those are necessarily crash remainders)

5/ add type/sizes consistency check for persisted slots on restoration

6/ unlink the files only on stop/exit or before creating them (crash recovery)

We could possibly avoid 6/ (since we don't need to re-open files now) if we

remove the file just after the SHM is created. This would at least work for

systems with "unlink semantic" (i.e. unlink succeeds even if some descriptors

are opened, the "real" thing happening when the last one desciptor closed), but

this wouldn't work for other systems so I kept the code generic for now.

mod_slotmem_shm: follow up tp r1822509.

Please buildbot (and incidentally users of older APR) by using

apr_shm_remove() instead of the new(er) apr_shm_delete().

mod_slotmem_shm: follow up tp r1822509.

Check SHM sizes when reused, reload may have changed the needs.

mod_slotmem_shm: follow up tp r1822509.

Do not bind attached slotmems to the global list, they should be detached with

the given pool (pchild) is cleaned up, but not destroyed/removed (doubly) with


mod_slotmem_shm: follow up tp r1822509.

Complete layout of SHM and persited file (ascii art).

Simplify an "if" condition, no functional change.

mod_proxy_balancer: follow up tp r1822509.

Rework server_rec ID so that it doesn't change on restart (or stop/start)

unless it's Host(s)/IP(s):port(s), ServerName and/or ServerAlias(es) changed.

The goal being to reuse SHMs (and persisted files) names as much as possible,

with minimal bindings to configuration changes (as far as mod_proxy_balancer

is concerned). So if the ServerName and first Host/IP:port are unique we use

that first, otherwise the ServerAlias(es) and other Host(s)/IP(s):port(s) are

also taken into account, and finally if that's still not enough the server

index is also used (pathological case handled for correctness with regard to

the underlying mod_slotmem_shm's reuse code).

mod_slotmem_shm: follow up tp r1822509.

Fishy "unlink semantic" (description) does not apply anymore.

Follow up to r1822509: amend CHANGES entry.

Submitted by: ylavic

Reviewed by: ylavic, jim, minfrin

  1. … 2 more files in changeset.
Merge r1805188, r1805190, r1805206, r1808723 from trunk:

loadfactor now decimal

Umm. This is C :)

Fix remaining lint from ms capability for hchecks.

format typo

Reviewed by: jim, humbedooh, ylavic

  1. … 8 more files in changeset.
Merge r1799435, r1799437, r1805206, r1805322 from trunk:

Allow WatchdogInterval to be sub 1 second

Allow finer control over hcheck intervals... minimum is whatever

the watchdog slice is.

Fix remaining lint from ms capability for hchecks.

userland change = we now are OK w/ ms

Submitted by: jim

Reviewed by: jim, covener, ylavic

  1. … 5 more files in changeset.
Merge r1753594 from trunk:

* Prevent redirect loops between workers within a balancer by limiting the

number of redirects to the number balancer members.

PR: 59864

Submitted by: rpluem

Reviewed by: rpluem, jim, ylavic

  1. … 3 more files in changeset.
Merge r1722177, r1722195, r1722229, r1722320, r1722328, r1722334, r1722350, r1722351, r1722358, r1722377, r1723953, r1724879, r1724992, r1724993, r1724995, r1725018, r1725031, r1725120, r1725328, r1725387, r1725489, r1725498, r1725499, r1725523, r1725545, r1725567, r1725581, r1725602, r1725822, r1725967, r1726038, r1726049, r1726051, r1726052, r1726055, r1725090, r1728326, r1737020 from trunk:

Commit framework impl of health-check module plus

required changes. The actual health checking is

currently in progress, but wanted to add in at

this stage.

Make aware of new status: Failed Health Check.

Store the number of current passes/fails in shm

finish looping logic... place-holder for actual checking

Better check

move to per server conf, useful for adding HealthCheckCondition

Now implement the condition ruleset definition. The

actual checking will be done in the actual health check


just check watched servers... use 'hc' prefix for sub directives

Check that we have names for both templates and


command changes

Don't bother w/ methods that return bodies. We don't

handle them now anyway.

Use enums and structs to keep things better organized

1st cut of 'simple' tcp check... We reuse various proxy

function and so this *could* be more streamlined, but

use this to show how the other would work, since we need

brigades, SSL/TLS support, etc.

Since every check needs this, do this in the main

check loop. Allows some optimizations.

move scope

pull this out... large enough for a func

Move to a set of health check workers, mapping to

each worker itself, instead of a single reused generic


some ordering optimization

Make balancer manager health-check aware

And we now allow for health checks via OPTIONS *

Leverage the OPTIONS code for HEAD as well...

So we now support: TCP, OPTIONS and HEAD.

Right now, anything other than an error (even a 404)

is consider a PASS.

Fill in APLOGNO.

I hope that doesn't result in merge trouble

for Jim.

Open up hook/scar to allow for passes/fails and

method to be changed via bal-man...

OPTIONS/HEAD proxy function should be diff from simple TCP check

For OPTIONS and HEAD, only 2xx and 3xx are considered "passing"

(until I implement the conditions expr testing)... honor

the pass/fail count and LOG_INFO when the health check enables

or disables a backend worker.

Start impl of expr conditions for runtime checks

Adjust log levels

correct error string

Use worker status character defines taken

from mod_proxy.h instead of explicit characters.

Noted by rpluem.

With the updated ap_expr, we can now check for the

returned response body, stored in kept_body

Assign log message tags

Implement expr lookup in mod_proxy_hcheck for

variables whose names start with "HC_" and for

the new function hc().

Currently only HC_BODY and hc(body) are supported.

Both return the saved body of the health check

response to be used in an expr that decides about

success of a check.

Fix copy&paste error in new function.

Try fixing new proxy_hcheck expr extension.

Interestingly mod_ssl using NULL as well,

but some other module I wrote uses parms->name.


clash :)

Enabling a worker via health-check also moves them out of

ERROR more (which may have been set via the static

"health" check done via mod_proxy).

Some flow improvements...

Submitted by: jim, rjung, jim, jim, jim, jim, jim, jim, rjung, jim, jim, rjung, rjung, rjung, jim, jim, olegk, jim, jim

Reviewed/backported by: jim

  1. … 350 more files in changeset.
Merge r1705776 from trunk:

Adjust since we are now in shared mem area

Thx Werror: error: address of array 'balancer->s->sticky' will always evaluate to 'true'

Reviewed/backported by: jim

  1. … 2 more files in changeset.
core, modules: Avoid error response/document handling by the core if some

handler or input filter already did it while reading the request (causing

a double response body).

Submitted by: ylavic

Backports: r1482522 (partial, ap_map_http_request_error() things only!),

r1529988, r1529991, r1643537, r1643543, r1657897, r1665625,

r1665721, r1674056

Reviewed by: ylavic, minfrin, wrowe

  1. … 26 more files in changeset.
Merge r1664133, r1643284, r1621417 from trunk:

* Fix typo in error message

mpm_event(opt): zero is immutable.

Fix printf format spotted by cppcheck.


Submitted by: rpluem, ylavic, jailletc36

Reviewed/backported by: jim

  1. … 7 more files in changeset.
Merge r1626050 from trunk:

Concat string at compile time when possible.

Doing so, sometimes also give the opportunity to turn a 'ap_fputstrs' into a 'ap_fputs'.

PR 53741

Submitted by: jailletc36

Reviewed/backported by: jim

  1. … 7 more files in changeset.
Merge r1572905, r1595305, r1597182, r1586827, r1534892, r1563193, r1597639 from trunk:

core: avoid a double apr_time_now() call on the first succeeding read.

* Correctly escape user provided data.

PR: 56532

Submitted by: Maksymilian <max>

Reviewed by: rpluem

Save a few bytes of memory. This can be done in temp_pool.

Fix layout

don't pass uninitialized rv passed to ap_log_rerror()

(rv wasn't interesting / follow an existing example)

stop throwing away a pointer on the heap

(clang scan-build)

add the URI to DEBUG message 00765 (and drop an exclamation point):

Cache provider's store_body failed!

Doxygen fix + reorg to match how other header files are built

Submitted by: ylavic, rpluem, jailletc36, jailletc36, trawick, covener, jailletc36

Reviewed/backported by: jim

  1. … 8 more files in changeset.
Merge r1451633, r1451905, r1451921, r1452259, r1453981, r1501913, r1513508, r1531340, r1531370, r1531962, r1533065, r1540052 from trunk:

Add in rough uds support (Bugx 54101) from Blaise Tarr <>

Make AF_UNIX aware... fix Windows/Netware??

Follow-up to r1451905 to fix NetWare/Windows compilation.

apr trunk-able

message tag for dom sock

Note about new UDS support

UDS subsequent request on a connection fix

Reformat the UDS support inline with a new naming structure.

Use a flag for speed for testing.

syntax sugar... if the worker is associated w/ a UDS,

then make sure the log reporting has a visual clue.

Ensure that userland format of UDS is the same as how it is

configured, no matter how we store and use it internally.

Eclipse code analysis warning

UDS urls need to be desockified when configuring...

Submitted by: jim, fuankg, jim, jim, druggeri, druggeri, jim, jim, jim, jim, jim

Reviewed/backported by: jim

  1. … 13 more files in changeset.
Merge r1524158 from trunk:

More cool info ;)

Reviewed/backported by: jim

  1. … 2 more files in changeset.
Merge r1524101 from trunk:

Add note to balancer manager whether changes will/will not survive a restart

Submitted by: druggeri

Reviewed/backported by: jim

  1. … 7 more files in changeset.
Merge r1501399 from trunk:

We are no longer pre-grabbing.

Reviewed/backported by: jim

  1. … 2 more files in changeset.
Merge r1501369 from trunk:

Ensure balancer runs after proxy for mutex creation

Reviewed/backported by: jim

  1. … 1 more file in changeset.
Merge r1480627, r1482859, r1483190, r1484343, r1500437 from trunk:

Mod_proxy used the global pool w/o mutex. fix.

mod_proxy: Use a global mutex for handling workers.

add in child_init which is needed

Add in logno's

conf->mutex is not used... Also, ensure that pool

use is protected

Submitted by: jim, minfrin, jim, jim, jim

Reviewed/backported by: jim

  1. … 6 more files in changeset.
mod_proxy_balancer: Add failontimeout parameter. Timeout will put worker

in error state if an IO timeout is detected.

trunk patch:

2.4.x patch:

Submitted by: druggeri

Reviewed by: jim, minfrin

  1. … 6 more files in changeset.
Merge r1387110, r1387444, r1387979, r1387607, r1387693, r1407085, r1421953 from trunk:

Persist local balancer-manager changes across restart/graceful.

Use identifying server_rec info when we know we have

unique and useful data :)

fix clang warning (dead initialization)

Log whether or not the restore from shm actually

resulted in a match of shm data, or whether it

was stale.

and this one as well... persist isn't inherited

better logging for re-use/use of shm

Allow for searching w/i shm slots for a specific worker and balancer

Reviewed/backported by: jim

  1. … 10 more files in changeset.
Merge r1419796 from trunk:

mod_proxy_balancer: It's totally unclear what Drn, Dis, Ign, Stby means.

PR 52478

Submitted by: jailletc36

Reviewed/backported by: jim

  1. … 3 more files in changeset.
Merge r1407459, r1407460, r1419781, r1418524, r1401448, r1405407, r1405973, r1419726, r1418769, r1417197 from trunk:

remove warning:

mod_remoteip.c:404:38: warning: data argument not used by format string [-Wformat-extra-args]

It's a hack, but maintain the orig hack ;)

Remove warnings

mod_speling.c:400:41: warning: data argument not used by format string [-Wformat-extra-args]

r->uri, nuri, ref);

mod_speling.c:508:53: warning: data argument not used by format string [-Wformat-extra-args]

r->uri, candidates->nelts, ref);

Use 'apr_is_empty_table()' instead of testing against 'apr_table_elts(...)->nelts'

Use ap_rputs instead of ap_rvputs where applicable.

No need to apr_pstrdup things here, 'apr_socket_accept_filter' already makes it own copy.

Not compiled nor tested as on my system APR_HAS_SO_ACCEPTFILTER is set to 0.

revert r1401448 and add a comment on why there's a bewildering copy

of args passed to apr_socket_accept_filter()

cppCheck: kill two warnings about incorrect printf parameters.

'worker_thread_count' is unsigned

cppCheck: same expression on both side of '|'.

Fix it the same way other messages are managed in the function.

Fix a few 'too many arguments for format' warnings

cppCheck: kill a unread variable warning

Submitted by: jim, jailletc36, jailletc36, jailletc36, trawick, jailletc36, jailletc36, sf, jailletc36

Reviewed/backported by: jim

  1. … 13 more files in changeset.
Merge r1392345, r1392346 from trunk:

Bring XML output up to snuff for balancer-manager

and allow the xml param

Reviewed/backported by: jim

  1. … 5 more files in changeset.
Merge r1413732, r1418752:

various mods: host and URI escaping:

Be sure to escape potential troubled strings

add missing html escaping

Submitted by: jim, sf

Reviewed by: covener, minfrin, sf

  1. … 8 more files in changeset.