treatment of headers_out, resolving PR 48359 by keeping subrequest
scope changes out of the main request headers. This ensures that all
requests-without-bodies behave as the requests-with-bodies code has.
Mitre: CVE-2010-0434
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@901578 13f79535-47bb-0310-9956-ffa450edef68
Log 408 errors in access log as was done in Apache 1.3.x.
PR: 39785
Submitted by: Nobutaka Mantani, Stefan Fritsch
Reviewed and added to by: Dan Poirier
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@820760 13f79535-47bb-0310-9956-ffa450edef68
from core. We now exclude Content-Type from responses for which
a media type has not been configured via mime.types, AddType,
ForceType, or some other mechanism. MMN major bump to NZ time.
PR: 13986
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@739382 13f79535-47bb-0310-9956-ffa450edef68
subrequests to support message bodies. Make sure that safety
checks within the core and within the proxy are not triggered
when kept_body is present. This makes it possible to embed
proxied POST requests within mod_include.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@654968 13f79535-47bb-0310-9956-ffa450edef68
time) but empty it (via APR_BRIGADE_PREPEND) and reuse it.
Submitted by: Stefan Fritsch <sf sfritsch.de>
Reviewed by: rpluem
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@603227 13f79535-47bb-0310-9956-ffa450edef68
termination is completely unneeded and superflous. In
which case, the original allocation size is sufficient
since nothing external worries about a NULL nor
looks for it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@602491 13f79535-47bb-0310-9956-ffa450edef68
We'll need this option to fix PR#43711, and ap_send_interim_response
is fortunately too new an API to have made it into anything stable.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@588806 13f79535-47bb-0310-9956-ffa450edef68
against APR_ASCII_LF at the end of the loop if bb only contains an
EOS bucket.
PR: 39282
Submitted by: Davi Arnaut <davi haxent.com.br>
Reviewed by: rpluem
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@394070 13f79535-47bb-0310-9956-ffa450edef68
faults e.g. in mod_cache. Set it to "/" in this case.
PR: 39259
Submitted by: Davi Arnaut <davi haxent.com.br>
Reviewed by: rpluem
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@393037 13f79535-47bb-0310-9956-ffa450edef68
already backported) by inserting the HTTP_IN filter uncondionally before
we call ap_send_error_response or ap_die. This ensures that
ap_discard_request_body called by ap_die and by ap_send_error_response works
correctly on status codes that do not cause the connection to be dropped and
in situations where the connection should be kept alive.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@371132 13f79535-47bb-0310-9956-ffa450edef68
in the request rec. The point of this is to allow asynchronous
MPMs do do nonblocking reads of requests. (Backported from the
async-read-dev branch)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@360461 13f79535-47bb-0310-9956-ffa450edef68
The core filter will NOT operate correctly across platforms
(even between Linux/Solaris) without setting up the conn->timeout,
so always apply the timeout when establishing the core filter.
The keep-alive-timeout is entirely an HTTP-ism, and needs to
move to the http protocol handler. Note #1; this isn't triggered
in the event mpm, but the event mpm introspects s->keep_alive_timeout
directly adding it to the pollset, so this is a non-sequitor.
Finally, once the headers are read, the named virtual host may
have a different (more/less permissive) timeout for the remainder
of the request body. This http-centric patch picks up that subtle
detail and can switch to a named-vhost timeout.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@306495 13f79535-47bb-0310-9956-ffa450edef68
that not one other member of the r->vars is initialized
herein. Move this initialization elsewhere.
(If this is the 'default' - it really aught to be the
zero value, for that matter).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@295141 13f79535-47bb-0310-9956-ffa450edef68
