The goal is to minimize the delay between this connection is considered alive
and the first bytes sent (should the client's link be slow or some input filter
retain the data).
This is a best effort to prevent the backend from closing (from under us) what
it thinks is an idle connection, hence to reduce to the minimum the unavoidable
local ap_proxy_is_socket_connected() vs remote keepalive race condition.
PR 56541.
Also, allow the new subprocess_env variable "proxy-flushall" to prevent any
buffering of the request body before it is forwarded to the backend.
When set, the prefetch is still done (although non-blocking), so we can still
determine Content-Length vs chunked vs spooled (depending on data available
with the header or while reading it), and then all brigades are flushed when
passed to the backend.
PR 37920.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1656259 13f79535-47bb-0310-9956-ffa450edef68
opting in to connection reuse and other proxy options (max=, etc).
adds 'enablereuse' proxyoption and a minor MMN bump to share
proxy_desocketfy outside of mod_proxy.c, which is required to
match workers to URLs.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1647009 13f79535-47bb-0310-9956-ffa450edef68
proxy configuration, a remote attacker could send a carefully crafted
request which could crash a server process, resulting in denial of
service.
Thanks to Marek Kroemeke working with HP's Zero Day Initiative for
reporting this issue.
* server/util.c (ap_parse_token_list_strict): New function.
* modules/proxy/proxy_util.c (find_conn_headers): Use it here.
* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response):
Send a 400 for a malformed Connection header.
Submitted by: Edward Lu, breser, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610674 13f79535-47bb-0310-9956-ffa450edef68
and ProxyMatch section to distinguish between normal workers and workers
with regex substitutions in the name. Implement handling of such workers
in ap_proxy_get_worker(). PR 43513
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1609680 13f79535-47bb-0310-9956-ffa450edef68
the backend worker match whatever the scheme of the
incoming request was...
For example:
ProxyPass / auto://foo.example.com/
If the incoming request is http:.../lala then
the resultant will be http://foo.example.com/lala
If it's wws:.../lolo then we'd send
wws://foo.example.com/lolo
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1602523 13f79535-47bb-0310-9956-ffa450edef68
Since deferred_write_pool is needed by the core_output_filter and is a subpool
of the connection, shutdown in a pre_cleanup of the connection's pool to avoid
a freed memory access (SEGV).
Reported By: takashi
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1601630 13f79535-47bb-0310-9956-ffa450edef68
Shouldn't have commited the latter without disussing it on dev@.
Since the former creates upper APLOGNOs, revert and then recommit with the reverted next tag number.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1601290 13f79535-47bb-0310-9956-ffa450edef68
to ap_proxy_determine_connection(): it must be a buffer of at
least one byte in size.
(And don't bother with using strcpy in order to zap a string.)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1592514 13f79535-47bb-0310-9956-ffa450edef68
Don't reuse a SSL backend connection whose SNI differs. PR 55782.
This may happen when ProxyPreserveHost is on and the proxy-worker
handles connections to different Hosts.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1572630 13f79535-47bb-0310-9956-ffa450edef68
if we added the default port or not during the canonizing
phase... Baseline the http method (don't add unless the
port provided isn't the default).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1542562 13f79535-47bb-0310-9956-ffa450edef68
