Checkout Tools
  • last updated 1 hour ago
Constraints: committers
Constraints: files
Constraints: dates
* Correctly initialize nomime member
ap_http_header_filter: avoid double encoding of output headers in traces.

When output headers are logged (TRACE4) in send_all_header_fields(), we don't

need to explicitely ap_escape_logitem() them since ap_log_rerror() takes care

of log files escaping already.

Otherwise, characters like '"' are unncesseralily encoded, and '\\' is doubly

encoded (including for controls).

remove request details from error documents

  1. … 4 more files in changeset.
revert r1857857.

The comment is useful and the dead-code is future proof (and should be axed by the compiler anyway)

Axe a useless comment.

Remove some dead code and innacurate comment. 'r' can not be dereferenced later in the function. (this is obvious since r1814659)

(Reverted in r1858070)

allow mod_mime to be de disabled per-dir too

  1. … 2 more files in changeset.
spotted by Ruediger

mod_mime: Add `MimeOptions`

mod_mime: Add `MimeOptions` directive to allow Content-Type or all metadata

detection to use only the last (right-most) file extension.

  1. … 2 more files in changeset.
http: Fix possible empty response with mod_ratelimit for HEAD requests.

Don't eat the EOS in ap_http_header_filter() if it comes in single brigade

with a full response to a HEAD request, otherwise mod_ratelimit will never

flush its pending data.

  1. … 1 more file in changeset.
* include/httpd.h: Define HTTP_TOO_EARLY (425) per RFC 8470.

* modules/http/http_protocol.c (status_lines,

get_canned_error_string): Add 425 response.

  1. … 1 more file in changeset.
Follow up to r1840265: really privatize ap_filter_{recycle,adopt_brigade}().

Move ap_filter_adopt_brigade()'s declaration to "server/core.h" (private).

For ap_filter_recycle(), make it static/internal to util_filter (renamed to

recycle_dead_filters() which better fits what it does). It's now also called

unconditionally from ap_filter_input_pending() which itself is always called

after the request processing and from MPM event (as input_pending hook).

  1. … 4 more files in changeset.
Follow up to r1840149: core input filter pending data.

Since r1840149 ap_core_input_filter() can't use use f->[priv->]bb directly, so

ap_filter_input_pending() stopped accounting for its pending data.

But ap_core_input_filter() can't (and doesn't need to) setaside its socket

bucket, so ap_filter_setaside_brigade() is not an option. This commit adds

ap_filter_adopt_brigade() which simply moves the given buckets (brigade) into

f->priv->bb, and since this is not something to be done blindly (the buckets

need to have c->pool/bucket_alloc lifetime, which is the case in the core

filter) the function is not AP_DECLAREd/exported thus can be used in core only.

With ap_filter_adopt_brigade() and ap_filter_reinstate_brigade(), the core

input is now ap_filter_input_pending() friendly.

Also, ap_filter_recycle() is no more part of the API (AP_DECLARE removed too),

there really is no point to call it outside core code. MAJOR bumped once again

because of this.

  1. … 4 more files in changeset.
util_filter: protect ap_filter_t private fields from external (ab)use.

Introduce opaque struct ap_filter_private to move ap_filter_t "pending", "bb"

and "deferred_pool" fields to the "priv" side of things.

This allows to trust values set internally (only!) in util_filter code, and

make useful assertions between the different functions calls, along with the

usual nice extensibility property.

Likewise, the private struct ap_filter_conn_ctx in conn_rec (from r1839997)

allows now to implement the new ap_acquire_brigade() and ap_release_brigade()

functions useful to get a brigade with c->pool's lifetime. They obsolete

ap_reuse_brigade_from_pool() which is replaced where previously used.

Some comments added in ap_request_core_filter() regarding the lifetime of the

data it plays with, up to EOR...

MAJOR bumped (once again).

  1. … 7 more files in changeset.
core: follow up to r1839997: some runtime optimizations.

We don't mind about cleaning up a connection filter when its pool is being

cleaned up already. For request filters, let pending_filter_cleanup() do

nothing if the given filter is not pending (anymore), which allows to save a

cleanup kill when the filter is removed.

Clear (zero) the reused filters (ap_filter_t) on reuse rather than cleanup,

then a single APR_RING_CONCAT() can be used to recycle dead_filters in a one


Always call ap_filter_recycle() in ap_filter_output_pending(), even if no

filter is pending, and while at it fix s/ap_filter_recyle/ap_filter_recycle/

silly typo.

  1. … 3 more files in changeset.
core: follow up to r1839997: recycle request filters to a delayed ring first.

We want not only ap_filter_output_pending() to be able to access each pending

filter's *f after the EOR is destroyed, but also each request filter to do

the same until it returns.

So request filters are now always cleaned up into a dead_filters ring which is

merged into spare_filters only when ap_filter_recycle() is called explicitely,

that is in ap_process_request_after_handler() and ap_filter_output_pending().

The former takes care of recycling at the end of the request, with any MPM,

while the latter keeps recycling during MPM event's write completion.

  1. … 4 more files in changeset.
Fix a cppcheck warning.

Remove some dead code. '!r->content_languages' is known to be true at this point.

mod_ratelimit: Don't interfere with "chunked" encoding.

By the time ap_http_header_filter() sends the header brigade and adds the

"CHUNK" filter, we need to garantee that the header went through all the

filters' stack, and more specifically above ap_http_chunk_filter() which

assumes that all it receives is content data.

Since rate_limit_filter() may retain the header brigade, make it run after

ap_http_chunk_filter(), just before AP_FTYPE_CONNECTION filters.

Also, ap_http_header_filter() shouldn't eat the EOS for HEAD/no-body responses.

For instance mod_ratelimit depends on it since r1835168, but any next request

filter may as well to flush and/or bail out approprietely.

This fixes the regression introduced in 2.4.34 (r1835168).

PR 62568.

  1. … 2 more files in changeset.
http: Enforce consistently no response body with both 204 and 304 statuses.

Provide AP_STATUS_IS_HEADER_ONLY() helper/macro to check for 204 or 304 and

use it where some special treatment is needed when no body is expected.

Some of those places handled 204 only.

  1. … 8 more files in changeset.
core: axe data_in_in/output_filter from conn_rec.

They were superseded by ap_filter_should_yield() and ap_run_in/output_pending()

in r1706669 and had poor semantics since then (we can't maintain pending

semantics both by filter and for the whole connection).

Register ap_filter_input_pending() as the default input_pending hook (which

seems to have been forgotten in the first place).

On the MPM event side, we don't need to flush pending output data when the

connection has just been processed, ap_filter_should_yield() is lightweight and

enough to determine whether we should really enter write completion state or go

straight to reading. ap_run_output_pending() is used only when write completion

is in place and needs to be completed before more processing.

  1. … 6 more files in changeset.
core: integrate data_in_{in,out}put_filter to ap_filter_{in,out}put_pending().

Straightforward for ap_filter_input_pending() since c->data_in_input_filter is

always checked wherever ap_run_input_pending(c) is.

For ap_filter_output_pending(), this allows to set c->data_in_output_filter in

ap_process_request_after_handler() and avoid an useless flush from mpm_event.

  1. … 5 more files in changeset.
core: Add ap_reuse_brigade_from_pool().

Current RETRIEVE_BRIGADE_FROM_POOL macro from "http_request.c" is turned into

a helper and used in ap_request_core_filter().

We will need it in a subsequent commit in "util_filter.c" too.

  1. … 4 more files in changeset.
Avoid cyclic dependency by moving ap_set_etag() from module http to core.

This function, along with ap_make_etag(), is used by the default_handler in

core.c, and in several modules other than builtin mod_http, breaking static

linking and httpdunit tests build.

The move is done by "svn move modules/http/http_etag.c server/util_etag.c".

MMN major bumped, not backportable (as is) to 2.4.x.

  1. … 7 more files in changeset.
* modules/http/http_request.c (ap_process_request_after_handler,

ap_process_request): Cache and retrieve the brigade structure used

to send EOR and FLUSH between requests in c->pool userdata, to avoid

allocating a brigade structure per-request out of c->pool.

Submitted by: rpluem, jorton

  1. … 1 more file in changeset.
http_protocol.c: avoid duplicate headers when using


While debugging PR 61860 I found a chain of events

that leads to duplicate headers in the HTTP response

if Header always set is used in the httpd's config.

As far as can understand, mod_headers uses err_headers_out

when dealing with the 'always' setting, since it is expected

to be preserved even on error. The current code seems

to correctly preserve the important headers like Location

(happening before the bit of code that changed), but then

it swaps headers_out with err_headers_out and clears

err_headers_out. My understanding is that this will cause

mod_headers, if called again, to re-insert the headers

set via 'always' again in err_headers_out, leading to a

duplication in the response. So far I managed to reproduce this

only with the specific use case outlined by the PR, but

there might be more.

r1831585 was added to the test suite for PR 61860,

(marked as TODO), and now it seems to pass as expected.

Since this part of the codebase has been working fine

for years I was reluctant to change it, but it seems

the right change to me. I didn't run into any regression

while testing this change (including running the test suite),

but as always I'd be glad to get feedback from a more expert

eye. If I missed a clear regression I'll make sure to

add it to the test suite as part of the follow up.

Restore comment about LimitRequestBody vs proxied responses.

ResponseFieldSize actually applies to headers (not body), so the comment was

valid but did match the code (addressed by r1829642 still).

http: LimitRequestBody applies to proxied requests.

If f->r->proxyreq is PROXYREQ_PROXY or PROXYREQ_REVERSE in ap_http_filter(),

we are still handling the request, not the response where LimitRequestBody

does not apply.

  1. … 1 more file in changeset.
PR62186: preserve %<m for ErrorDocument internal redirects

*) core: Preserve the original HTTP request method in the '%<m' LogFormat

when an path-based ErrorDocument is used. PR 62186.

[Micha Lenk <micha>]

Submitted By: Micha Lenk

Committed By: covener

  1. … 1 more file in changeset.
Fix some typos reported in PR 59998

Most add already been fixed when PR 59990 had been applied on trunk.

Thx klemens

  1. … 15 more files in changeset.
Fix timeout logging in ap_process_request().

We can't use 'r' after ap_process_request_after_handler(), the core output

filter might have cleaned up its deferred bucket brigade on error, including

the EOR bucket.

Reported by: steffenal

Fixes SpiderLabs/ModSecurity#1542

core: don't send EOR bucket through request filters.

The core request filter is the only one which should take care of it.

In theory the other request filters should have bailed out on EOS already,

but that's not always the case (and even less the case on error).

So be safe by not sending them a bucket which may destroy the request (and

their brigade) underneath them.