Checkout Tools
  • last updated 2 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
proxy: add local address to body-forwarding errors

Adds the local/ephemeral port for the backend connection

Axe an empty line in order to synch with 2.4.x
mod_proxy: Improve tunneling loop.

Support half closed connections and pending data draining (for protocols like

rsync). PR 61616.

When reading on one side goes faster than writing on the other side, the output

filters chain may start buffering data and finally block, which will break

bidirectional tunneling for some protocols.

To avoid this, proxy_tunnel_run() now stops polling/reading until pending data

are drained, and recovers appropriately.

  1. … 2 more files in changeset.
mod_proxy: Add proxy check_trans hook.

This allows proxy modules to decline request handling at early stage.

Then mod_proxy_wstunnel can implement that hook to verify that an Upgrade

is requested, and otherwise hand over to mod_proxy_http.

  1. … 2 more files in changeset.
mod_proxy: factorize mod_proxy_{connect,wstunnel} tunneling code in proxy_util.

This commit adds struct proxy_tunnel_rec that contains the fields needed for a

poll() loop through the filters chains, plus functions ap_proxy_tunnel_create()

and ap_proxy_tunnel_run() to respectively initialize a tunnel and (re)start it.

Proxy connect and wstunnel modules now make use of this new API to avoid

duplicating logic and code.

  1. … 3 more files in changeset.
mod_proxy_http: follow up to r1869216.

Let's call stream_reqbody() for all rb_methods, no RB_SPOOL_CL special case.

This both simplifies code and allows to keep EOS into the input_brigade until

it's sent, and thus detect whether we already fetched the whole body if/when

proxy_http_handler() re-enters for different balancer members.

Revert r1869222, wrong files committed.
  1. … 2 more files in changeset.
mod_proxy_http: follow up to r1869216.

Let's call stream_reqbody() for all rb_methods, no RB_SPOOL_CL special case.

This both simplifies code and allows to keep EOS into the input_brigade until

it's sent, and thus detect whether we already fetched the whole body if/when

proxy_http_handler() re-enters for different balancer members.

[reverted by r1869223]

  1. … 2 more files in changeset.
mod_proxy_http: fix load-balancer fallback for requests with a body.

Since r1656259 (or r1656259 in 2.4.41) and the move of prefetch before connect,

the balancer fallback case where proxy_http_handler() is re-entered with the

next balancer member broke.

We need to save the body (partially) prefetched the first time and reuse it on

successive calls, otherwise we might forward partial or empty body.

  1. … 1 more file in changeset.
mod_proxy_http: follow up to r1868576.

Omit sending 100 continue if the body is (partly) prefetched, per

RFC 7231 (section 5.1.1).

  1. … 1 more file in changeset.
mod_proxy_http: revert r1868625.

The HTTP_IN filter handles "100 Continue" the first time it's called only,

and in spool_reqbody_cl() we have already tried to prefetch the body, so

it's too late.

Synch 2.4.x and trunk.

There is an extra space on trunk. Axe it.

mod_proxy_http: follow up to r1868576.

As suggested by Ruediger, let the HTTP_IN filter handle the 100 continue from

spool_reqbody_cl().

Also, according to rfc7231#section-5.1.1, we don't need the interim response

if we "already received some or all of the message body", which is now also

taken into account.

mod_proxy_http: Fix 100-continue deadlock for spooled request bodies. PR 63855.

Send "100 Continue", if needed, before fetching/blocking on the request body in

spool_reqbody_cl(), otherwise mod_proxy and the client can wait for each other,

leading to a request timeout (408).

While at it, make so that ap_send_interim_response() uses the default status

line if none is set in r->status_line.

  1. … 2 more files in changeset.
Fix pool concurrency problems

Create a subpool of the connection pool for worker scoped DNS resolutions.

This is needed to avoid race conditions in using the connection pool by multiple

threads during ramp up.

Recheck after obtaining the lock if we still need to do things or if they

were already done by another thread while we were waiting on the lock.

* modules/proxy/proxy_util.c: Create a subpool of the connection pool for worker

scoped DNS resolutions and use it.

* modules/proxy/mod_proxy.h: Define AP_VOLATILIZE_T and add dns_pool to

struct proxy_conn_pool.

* modules/proxy/mod_proxy_ftp.c: Use dns_pool and consider that

worker->cp->addr is volatile in this location of the code.

PR: 63503

  1. … 2 more files in changeset.
* Add back logging goodness

Add back logging goodness added by covener in r1865938.

* Revert r1865944 and r1865938

Revert r1865944 and r1865938 in order to provide a better patch with less

locking and thus contention.

lognos

PR63503: fix pool concurrency problems in mod_proxy

reslist and resolver related calls could concurrently access the same pool.

Submitted By: Don Poitras <Don.Poitras sas.com>

Committed By: covener

restore use of global mutex under !APR_HAS_THREADS

followup to r1852442 which appears to have been too agressive in wrapping

blocks with #if APR_HAS_THREADS. With !APR_HAS_THREADS a global mutex

is a proc mutex.

* Lock the worker, not the balancer. We even do not know if we have a balancer
lognos

PR63503: fix pool concurrency problems in mod_proxy

reslist and resolver related calls could concurrently access the same pool.

Submitted By: Don Poitras <Don.Poitras sas.com>

Committed By: covener

remove APR_HAS_THREADS check

no need to wrap these after r1865936

no-op PROXY_THREAD_LOCK if !APR_HAS_THREADS

... instead of wrapping them in #if themselves in the C code.

r1852442 is a trunk-only change to make mod_proxy compile with !APR_HAS_THREADS.

PR63688 balancer csrf problems

fix case-sensitive referer check

Submitted By: Armin Abfalterer

  1. … 1 more file in changeset.
* modules/proxy/mod_proxy_balancer.c (balancer_display_page):

Add more HTML-escaping.

Submitted by: Niels Heinen <heinenn google.com>

lognos

* modules/proxy/mod_proxy_balancer.c (balancer_handler): Check Referer

to improve on protection against balancer-manager XSRF attacks

provided by the nonce.

* modules/proxy/proxy_util.c (ap_proxy_share_balancer): Create the

nonce as a pseudo-UUID using the PRNG.

remove request details from error documents

  1. … 2 more files in changeset.
Synch trunk and 2.4.x

Remove some useless spaces which have never been backported in 2.4.x.

This was part of r1724879 and was backported in r1744951