"ProxyErrorOverride On" hang until proxy timeout.
Regression from 2.2. It was introduced by r912063
in order to fix PR41646.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1615289 13f79535-47bb-0310-9956-ffa450edef68
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
otherwise confusing modules that examined or modified
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior.
Submitted By: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener
Committed By: covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610814 13f79535-47bb-0310-9956-ffa450edef68
proxy configuration, a remote attacker could send a carefully crafted
request which could crash a server process, resulting in denial of
service.
Thanks to Marek Kroemeke working with HP's Zero Day Initiative for
reporting this issue.
* server/util.c (ap_parse_token_list_strict): New function.
* modules/proxy/proxy_util.c (find_conn_headers): Use it here.
* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response):
Send a 400 for a malformed Connection header.
Submitted by: Edward Lu, breser, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610674 13f79535-47bb-0310-9956-ffa450edef68
The immediate use is for a SSL-related module which works
on the backend proxy connection to be able to "leak" information
into the client r for logging.
This could be useful with other proxy scheme handlers.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1586719 13f79535-47bb-0310-9956-ffa450edef68
Don't reuse a SSL backend connection whose SNI differs. PR 55782.
This may happen when ProxyPreserveHost is on and the proxy-worker
handles connections to different Hosts.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1572630 13f79535-47bb-0310-9956-ffa450edef68
scpool and this pool can be freed before this brigade.
POSSIBLE (but as yet unconfirmed) fix for crashes seen with threaded servers,
e.g. PR 50335.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1550061 13f79535-47bb-0310-9956-ffa450edef68
if we added the default port or not during the canonizing
phase... Baseline the http method (don't add unless the
port provided isn't the default).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1542562 13f79535-47bb-0310-9956-ffa450edef68
brigade lifetime for the header brigade as the other brigades.
POSSIBLE (but as yet unconfirmed) fix for crashes seen with threaded
servers, e.g. PR 50335; appears correct or at least not harmful.
PR: 50335
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1534321 13f79535-47bb-0310-9956-ffa450edef68
to the output filters, which is bogus in the proxy case. Create a
clean mapping from APR codes to HTTP status codes, and use it where
needed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1482522 13f79535-47bb-0310-9956-ffa450edef68
504 Gateway Timout as opposed to 502 Bad Gateway, in order to be
compliant with RFC2616 14.9.4 Cache Revalidation and Reload Controls.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1480058 13f79535-47bb-0310-9956-ffa450edef68
The field "closed" was changed from an int to a bit
field of size one in 2.4.x.
For historical reasons a close instruction was coded
as an increment on the field, which in 2.4.x flips
the field each time. There were mutliple code paths
that would flip it several times for a single error,
so effectively the connection was no longer closed
in these cases.
Especially in the case of an aborted client connection
this lead to a non consumed back end buffer and thus to
response mixup between users.
PR 53727
CVE-2012-3052
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1373955 13f79535-47bb-0310-9956-ffa450edef68
optionally modified by a module when the effective IP of the client
is not the same as the real IP of the client (such as a load balancer).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1204968 13f79535-47bb-0310-9956-ffa450edef68
* remove "proxy:", "FCGI", etc. prefixes and pid which are now
included in the error log format
* propagate frontend request's logconfig to backend request
* use ap_log_rerror where possible
* remove obsolete APLOG_NOERRNO
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1203859 13f79535-47bb-0310-9956-ffa450edef68
