Checkout Tools
  • last updated 3 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Merge of r1864693,1864695,1864703 from trunk;

*) mod_proxy: Improve XSRF/XSS protection. [Joe Orton]

  1. … 3 more files in changeset.
Merge of r1864191 from trunk:

*) core, proxy: remove request URL and headers from error docs

[Eric Covener]

  1. … 6 more files in changeset.
Merge r1856829 from trunk:

*) mod_proxy: Load balancer byrequests required when bytraffic chosen

PR 62372

  1. … 2 more files in changeset.
mod_proxy_http: forward 100-continue, and minimize race conditions when

reusing backend connections. PR 60330.

+1: ylavic, icing, jim

ylavic: plus (opt-out)

2.4.x patch:

+1: ylavic, jim, minfrin

  1. … 10 more files in changeset.
Merge r1859371, r1859422 from trunk:

mod_proxy/ssl: Proxy SSL client certificate

configuration and other proxy SSL configurations

broken inside <Proxy> context.

PR 63430

Triggered by r1855646+r1855748.

Patch from rpluem (proxy) and ylavic (ssl).

Follow up to r1859371: extend to other ap_proxy_connection_create[_ex]() users.

This function now now handles SSL reuse as well as the "proxy-request-hostname"

note (SNI), so let's also call it unconditionnaly in all proxy modules.

On the mod_ssl side, since this note has the lifetime of the connection, don't

reset/unset it during handshake (ssl_io_filter_handshake).

Submitted by: rjung, ylavic

Reviewed by: rjung, rpluem, ylavic

  1. … 10 more files in changeset.
Merge r1818726 from trunk:

mod_proxy: allow SSLProxyCheckPeer* usage for all proxy modules.

PR 61857.

Proposed by: Markus Gausling <markusgausling>

Reviewed by: ylavic, rjung, rpluem

  1. … 4 more files in changeset.
Merge r1855646, r1855748 from trunk:

mod_proxy/ssl: cleanup per-request SSL configuration for recycled proxy conns.

The SSL dir config of proxy/backend connections is stored in r->per_dir_config

but those connections have a lifetime independent of the requests they handle.

So we need to allow the external ssl_engine_set() function to reset mod_ssl's

dir config in between proxy requests, or the first sslconn->dc could be used

after free for the next requests.

mod_proxy can then reset/reinit the request config when recycling its backend


* Solve a chicken and egg problem here:

We need to have sslconn->dc set correctly when we want to

init sslconn, but we need to allocate memory for it first.

PR 63256.

Submitted by: ylavic, rpluem

Reviewed by: ylavic, jorton, jim

  1. … 3 more files in changeset.
Merge r1837250 from trunk:

If ProxyPassReverse is used for reverse mapping of relative redirects, subsequent ProxyPassReverse statements, whether they are relative or absolute, may fail.

PR 60408 [Peter Haworth <pmh1wheel>]

Submitted by: jailletc36

Reviewed by: jailletc36, rpluem, jim

  1. … 3 more files in changeset.
Merge r1836381, r1836382, r1836383, r1836386, r1836603 from trunk:

* mod_proxy: Remove load order and link dependency between mod_lbmethod_*

modules and mod_proxy by providing mod_proxy's ap_proxy_balancer_get_best_worker

as an optional function.

PR: 62557

* Remove invalid copy and paste comments

* Always retrieve conditional function. static variable might contain garbage if module was reloaded in a static build.

* Add missing log numbers

* ap_proxy_balancer_get_best_worker cannot be exported and used as an optional

function at the same time. So rename ap_proxy_balancer_get_best_worker to

proxy_balancer_get_best_worker and make it static which is then used as an

optional function and recreate ap_proxy_balancer_get_best_worker as an

exported thin wrapper of proxy_balancer_get_best_worker.

Submitted by: rpluem

Reviewed by: covener, jim, ylavic

  1. … 11 more files in changeset.
Merge r1418761, r1418765, r1510295, r1757147, r1805163, r1818924, r1827374, r1831772, r1832351, r1832951, r1815004 from trunk:

Don't claim "BIO dump follows" if it is not logged due to log level config.

make ssl_io_data_dump respect per-conn loglevel

add high trace level log messages for debugging buffering and write completion

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SessionTicket): Fail

if RAND_bytes() fails; possible per API, although not in practice

with the OpenSSL implementation.

Fix typo in log message.

ap_add_common_vars(): use apr_pstrmemdup().

This avoids a transient replacement/restore of '?' by '\0' in r->filename.

Use 'ap_request_has_body()' instead of duplicating its implemenation.

The logic in 'ap_request_has_body()' is:

has_body = (!r->header_only

&& (r->kept_body

|| apr_table_get(r->headers_in, "Transfer-Encoding")

|| ( (cls = apr_table_get(r->headers_in, "Content-Length"))

&& (apr_strtoff(&cl, cls, &estr, 10) == APR_SUCCESS)

&& (!*estr)

&& (cl > 0) )



So the test is slighly different from the original code. (but this looks fine to me)

This also has the advantage to avoid a redundant call to 'apr_table_get()' and to improve readability.

While at it, move the test '!r->expecting_100' a few lines above because it is cheap.

PR62368: Print the unparsed URI in AH03454

... to include r->args and get otherwise get as close to possible to

what came in over the wire.

Submitted By: Hank Ibell <hwibell>

Committed By: covener

All error handling paths of this function call 'apr_brigade_destroy()' , except this one.

So add it here too.

Probably spotted with the help of the Coccinelle software (Thx Julia for the patch and for Coccinelle)

See PR 53016

* modules/proxy/proxy_util.c (ap_proxy_share_worker): Skip creating subpool

for debugging unless debug-level logging is enabled. No functional change.

mod_watchdog: Correct some log messages and fix

compiler warning

"'rv' may be used uninitialized in this function".

Follow up to r1722154.

Submitted by: sf, jorton, jorton, ylavic, jailletc36, covener, jailletc36, jorton, rjung

Reviewed by: jailletc36, jim, jorton

  1. … 10 more files in changeset.
Merge r1832280 from trunk:

In 'ap_proxy_cookie_reverse_map', iterate over each token of the 'Set-Cookie' header field in order to avoid updating the wrong one.

This could happen if the header field has something like 'fakepath=foo;path=bar". In this case fakepath would be updated instead of path.

We don't need regex anymore in order to parse the field values and 'ap_proxy_strmatch_domain' and 'ap_proxy_strmatch_path' are now useless. (and should be axed IMHO)

PR 61560

Submitted by: jailletc36

Reviewed by: jailletc36, rpluem, ylavic

  1. … 2 more files in changeset.
Merge r1834012, r1834013 from trunk:

Add default schema ports for websockets

Nore userland/PR change

PR: 62480

Submitted by: Lubos Uhliarik <luhliari>

Reviewed by: jim, rpluem, covener

  1. … 2 more files in changeset.
Merge r1828890, r1832500 from trunk:

mod_proxy_balancer: Add hot spare member type and corresponding flag (R). Hot spare members are

used as drop-in replacements for unusable workers in the same load balancer set. This differs

from hot standbys which are only used when all workers in a set are unusable. PR 61140.

mod_proxy_balancer: follow up to r1828890: indentation and 80 col.

Submitted by: jhriggs, ylavic

Reviewed by: jhriggs, jim, ylavic

  1. … 11 more files in changeset.
Merge r1822849, r1822858, r1822878, r1822879, r1822883, r1828485, r1828493 from trunk:

* When mod_http2 is loaded more then ThreadsPerChild backend connections can

be useful as mod_http2 has an additional thread pool on top of


But leave the default with ThreadsPerChild.

* Add some some comment why we do not limit hmax any longer

mod_proxy: follow up to r1822849.

Get the help(er) of mod_http2 to determine how much connections should

be handled in the reslist by default (i.e. max_threads).

mod_proxy: follow up to r1822849 and r1822878.

Does r1822878's "static" APR_RETRIEVE_OPTIONAL_FN work if, say, mod_proxy is

builtin but mod_http2 isn't?

Not worth taking the risk here since it's not a fast path...

Note: if this is an issue, I'm afraid it applies elsewhere too.

mod_proxy: follow up to r1822849 and r1822879.

Fix my maths, thanks Stefan and Rüdiger!

needs mod_http2.h

* Add missing CHANGES entry for revisions 1822849,1822858,1822878,1822879,1822883,1828485

Submitted by: rpluem, ylavic, ylavic, ylavic, gsmith, rpluem

Reviewed by: rpluem, jim, ylavic

  1. … 9 more files in changeset.
Merge r1824176, r1824460, r1824482 from trunk:

mod_proxy: Provide an RFC1035 compliant version of the hostname in the

proxy_worker_shared structure. PR62085

Tone down the message that worker hostname is too long noting it only

affects legacy modules not yet using hostname_ex.

Set the notice when hostname is too long for legacy proxy modules to info level.

Submitted by: minfrin

Reviewed by: minfrin, jim, ylavic

  1. … 10 more files in changeset.
proxy_util: Schemes and hostnames that are "too long" are

no longer automatically fatal errors but are instead logged

and truncated, at which point the admin can determine if that

is OK or not.

trunk patch:

+1: jim, minfrin, rpluem

  1. … 3 more files in changeset.
  1. … 30 more files in changeset.
Merge r1805188, r1805190, r1805206, r1808723 from trunk:

loadfactor now decimal

Umm. This is C :)

Fix remaining lint from ms capability for hchecks.

format typo

Reviewed by: jim, humbedooh, ylavic

  1. … 8 more files in changeset.
Merge r1775775 from trunk:

mod_proxy_{ajp,fcgi}: Fix a possible crash when reusing an established

backend connection, happening with LogLevel trace2 or higher configured,

or at any log level with compilers not detected as C99 compliant (e.g.

MSVC on Windows).

Submitted by: ylavic

Reviewed by: ylavic, jim, covener

  1. … 3 more files in changeset.
Merge of r1750392,r1750412,r1750416,r1750474,r1750494,r1750508 from trunk:

mod_proxy_{http,ajp,fcgi}: don't reuse backend connections with data

available before the request is sent. PR 57832.

  1. … 8 more files in changeset.
Merge r1756038 from trunk:

Fix spelling in comments and text files.

No functional change.

PR 59990

Submitted by: rjung

Reviewed/backported by: jim

  1. … 72 more files in changeset.
Fix r1744951 which introduced a tab when r1610674 has been backported.
Merge r1722177, r1722195, r1722229, r1722320, r1722328, r1722334, r1722350, r1722351, r1722358, r1722377, r1723953, r1724879, r1724992, r1724993, r1724995, r1725018, r1725031, r1725120, r1725328, r1725387, r1725489, r1725498, r1725499, r1725523, r1725545, r1725567, r1725581, r1725602, r1725822, r1725967, r1726038, r1726049, r1726051, r1726052, r1726055, r1725090, r1728326, r1737020 from trunk:

Commit framework impl of health-check module plus

required changes. The actual health checking is

currently in progress, but wanted to add in at

this stage.

Make aware of new status: Failed Health Check.

Store the number of current passes/fails in shm

finish looping logic... place-holder for actual checking

Better check

move to per server conf, useful for adding HealthCheckCondition

Now implement the condition ruleset definition. The

actual checking will be done in the actual health check


just check watched servers... use 'hc' prefix for sub directives

Check that we have names for both templates and


command changes

Don't bother w/ methods that return bodies. We don't

handle them now anyway.

Use enums and structs to keep things better organized

1st cut of 'simple' tcp check... We reuse various proxy

function and so this *could* be more streamlined, but

use this to show how the other would work, since we need

brigades, SSL/TLS support, etc.

Since every check needs this, do this in the main

check loop. Allows some optimizations.

move scope

pull this out... large enough for a func

Move to a set of health check workers, mapping to

each worker itself, instead of a single reused generic


some ordering optimization

Make balancer manager health-check aware

And we now allow for health checks via OPTIONS *

Leverage the OPTIONS code for HEAD as well...

So we now support: TCP, OPTIONS and HEAD.

Right now, anything other than an error (even a 404)

is consider a PASS.

Fill in APLOGNO.

I hope that doesn't result in merge trouble

for Jim.

Open up hook/scar to allow for passes/fails and

method to be changed via bal-man...

OPTIONS/HEAD proxy function should be diff from simple TCP check

For OPTIONS and HEAD, only 2xx and 3xx are considered "passing"

(until I implement the conditions expr testing)... honor

the pass/fail count and LOG_INFO when the health check enables

or disables a backend worker.

Start impl of expr conditions for runtime checks

Adjust log levels

correct error string

Use worker status character defines taken

from mod_proxy.h instead of explicit characters.

Noted by rpluem.

With the updated ap_expr, we can now check for the

returned response body, stored in kept_body

Assign log message tags

Implement expr lookup in mod_proxy_hcheck for

variables whose names start with "HC_" and for

the new function hc().

Currently only HC_BODY and hc(body) are supported.

Both return the saved body of the health check

response to be used in an expr that decides about

success of a check.

Fix copy&paste error in new function.

Try fixing new proxy_hcheck expr extension.

Interestingly mod_ssl using NULL as well,

but some other module I wrote uses parms->name.


clash :)

Enabling a worker via health-check also moves them out of

ERROR more (which may have been set via the static

"health" check done via mod_proxy).

Some flow improvements...

Submitted by: jim, rjung, jim, jim, jim, jim, jim, jim, rjung, jim, jim, rjung, rjung, rjung, jim, jim, olegk, jim, jim

Reviewed/backported by: jim

  1. … 350 more files in changeset.
Merge r1729826, r1729847, r1732986, r1733056 from trunk:

mod_proxy: Play/restore the TLS-SNI on new backend connections which

had to be issued because the remote closed the previous/reusable one

during idle (keep-alive) time.

mod_proxy: follow up to r1729826: really copy conn->ssl_hostname.

mod_proxy: follow up to r1729826 + r1729847.

Adjust stacked ssl_hostname maximum size.

mod_proxy: follow up to r1729826 + r1729847 + r1732986.

Don't use magic constants.

Submitted by: ylavic

Reviewed/backported by: jim

  1. … 4 more files in changeset.
Merge r1732954 from trunk:

mod_proxy: add missing APLOGNO()s.

Submitted by: ylavic

Reviewed/backported by: jim

  1. … 2 more files in changeset.
mod_proxy_wstunnel, mod_proxy_connect: Use the correct pool and allocator

lifetime when sending brigades and buckets down the filter chain

  1. … 5 more files in changeset.
Merge r1725485 from trunk:

Added many log numbers to log statements that

had none.

Those were not detected by the coccinelle script.

Submitted by: rjung

Reviewed/backported by: jim

  1. … 34 more files in changeset.
r1678763 | ylavic | 2015-05-11 16:53:34 +0200 (Mon, 11 May 2015) | 7 lines

mod_proxy: only cleanup the socket for a connection asked to be closed but

whose address can still be reused.

This saves unnecessary socket pool destroy and creation at cleanup and reuse

time, plus the same initialization of conn->pool's associated data which can

be reused in that case.

r1703807 | ylavic | 2015-09-18 12:58:58 +0200 (Fri, 18 Sep 2015) | 5 lines

mod_proxy: don't recyle backend announced "Connection: close" connections.

Failing to do this may lead to a race condition where we send a new request

before the backend really closes the connection (or lost SSL-Alert/FIN make

us think the connection is still alive, until the retransmission).

r1703813 | ylavic | 2015-09-18 13:48:31 +0200 (Fri, 18 Sep 2015) | 1 line

mod_proxy: follow up to r1703807: CHANGES entry.

Submitted by: ylavic

Committed by: ylavic

Reviewed by: ylavic, rjung, trawick

  1. … 2 more files in changeset.
Merge r1703902 from trunk:

mod_proxy: Fix ProxySourceAddress binding failure with AH00938. PR 56687.

Proposed by: Arne de Bruijn <apache>

Reviewed by: ylavic

Submitted by: ylavic

Reviewed/backported by: jim

  1. … 2 more files in changeset.
Merge r1664709, r1697323 from trunk:

* Do not reset the retry timeout if the worker is in error at this stage even

if the connection to the backend was successful. It was likely set into

error by a different thread / process in parallel e.g. for a timeout or

bad status. We should respect this and should not continue with a connection

via this worker even if we got one.

* Do a more complete cleanup here. At this point we cannot end up with something useful with the data we created so far.

Submitted by: rpluem

Reviewed/backported by: jim

  1. … 3 more files in changeset.