core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
otherwise confusing modules that examined or modified
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior.
Submitted By: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener
Committed By: covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610814 13f79535-47bb-0310-9956-ffa450edef68
Allows for several "connections" all resulting in
a single real connection that talks to the network.
Right now, nothing uses this though.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1565657 13f79535-47bb-0310-9956-ffa450edef68
HttpContentLengthHeadZero - allow Content-Length of 0 to be returned on HEAD
HttpExpectStrict - allow admin to control whether we must see "100-continue"
This is helpful when using Ceph's radosgw and httpd.
Inspired by: Yehuda Sadeh <yehuda@inktank.com>
See https://github.com/ceph/apache2/commits/precise
* include/http_core.h
(core_server_config): Add http_cl_head_zero and http_expect_strict fields.
* modules/http/http_filters.c
(ap_http_header_filter): Only clear out the C-L if http_cl_head_zero is not
explictly set.
* server/core.c
(merge_core_server_configs): Add new fields.
(set_cl_head_zero, set_expect_strict): New config helpers.
(HttpContentLengthHeadZero, HttpExpectStrict): Declare new directives.
* server/protocol.c
(ap_read_request): Allow http_expect_strict to control if we return 417.
* include/ap_mmn.h
(MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR): Bump.
* CHANGES: Add a brief description.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1554303 13f79535-47bb-0310-9956-ffa450edef68
This is a first stab, the checks will likely have to be revised.
For now, we check
* if the request line contains control characters
* if the request uri has fragment or username/password
* that the request method is standard or registered with RegisterHttpMethod
* that the request protocol is of the form HTTP/[1-9]+.[0-9]+,
or missing for 0.9
* if there is garbage in the request line after the protocol
* if any request header contains control characters
* if any request header has an empty name
* for the host name in the URL or Host header:
- if an IPv4 dotted decimal address: Reject octal or hex values, require
exactly four parts
- if a DNS host name: Reject non-alphanumeric characters besides '.' and
'-'. As a side effect, this rejects multiple Host headers.
* if any response header contains control characters
* if any response header has an empty name
* that the Location response header (if present) has a valid scheme and is
absolute
If we have a host name both from the URL and the Host header, we replace the
Host header with the value from the URL to enforce RFC conformance.
There is a log-only mode, but the loglevels of the logged messages need some
thought/work. Currently, the checks for incoming data log for 'core' and the
checks for outgoing data log for 'http'. Maybe we need a way to configure the
loglevels separately from the core/http loglevels.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1426877 13f79535-47bb-0310-9956-ffa450edef68
This reverts r1407643, but changes the syntax of HttpProtocol to
min=0.9|1.0, which is less ambiguous than the previous +0.9|-0.9.
Allowing to configure an arbitrary version range was a bad idea,
because it only checked the version in the request line, without
affecting the semantics of the headers, etc.
A tighter restriction off the version in the request line is still
possible with <If "%{SERVER_PROTOCOL_NUM} ..."> .
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1425366 13f79535-47bb-0310-9956-ffa450edef68
* server/core.c: add 'Warning' directive by extending the 'Error'
directive implementation. The 'Error' behavior is slightly changed
so as to use verbose ap_log_error instead of returning the message.
* docs/manual/mod/core.xml: add documentation for 'Warning'.
* server/config.c: add comment about syntax vs configuration errors.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1418677 13f79535-47bb-0310-9956-ffa450edef68
This is necessary to properly disallow directives that don't work in
<If>.
A separate NOT_IN_IF flag may be nicer, but would create much more
hassle when being backported to 2.4.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1406495 13f79535-47bb-0310-9956-ffa450edef68
other directive notice that they are in a config section.
This fixes LogLevel not working in <If> sections that are not in
Location/Directory/File sections.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1406493 13f79535-47bb-0310-9956-ffa450edef68
excluded from this cleanup as they must be signature identical to the
clib functions, and although the definition of size_t has been flakey,
the definition of those functions appears to be generally clean since
ANSI C.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1228323 13f79535-47bb-0310-9956-ffa450edef68
