When processing a vhost with * or _default_, we'd add the "names" once
for 0.0.0.0 and once for [::], but these are stored in the same "default"
ip chain. Catch the back-to-back wildcard + same port and short-circuit the
second add.
Submitted By: rjung
Committed By: covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1525000 13f79535-47bb-0310-9956-ffa450edef68
This is a first stab, the checks will likely have to be revised.
For now, we check
* if the request line contains control characters
* if the request uri has fragment or username/password
* that the request method is standard or registered with RegisterHttpMethod
* that the request protocol is of the form HTTP/[1-9]+.[0-9]+,
or missing for 0.9
* if there is garbage in the request line after the protocol
* if any request header contains control characters
* if any request header has an empty name
* for the host name in the URL or Host header:
- if an IPv4 dotted decimal address: Reject octal or hex values, require
exactly four parts
- if a DNS host name: Reject non-alphanumeric characters besides '.' and
'-'. As a side effect, this rejects multiple Host headers.
* if any response header contains control characters
* if any response header has an empty name
* that the Location response header (if present) has a valid scheme and is
absolute
If we have a host name both from the URL and the Host header, we replace the
Host header with the value from the URL to enforce RFC conformance.
There is a log-only mode, but the loglevels of the logged messages need some
thought/work. Currently, the checks for incoming data log for 'core' and the
checks for outgoing data log for 'http'. Maybe we need a way to configure the
loglevels separately from the core/http loglevels.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1426877 13f79535-47bb-0310-9956-ffa450edef68
in the request line.
- Fix handling of brackets [ ] surrounding the IPv6 address.
- Skip parsing r->hostname again if not necessary.
- Do some checks that the IPv6 address is sane. This is not done by
apr_parse_addr_port().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1426827 13f79535-47bb-0310-9956-ffa450edef68
everywhere.
We know that the core module has module_index 0. Therefore we can save
some pointer operations in ap_get_module_config(cv, &core_module) and
ap_set_module_config(cv, &core_module, val). As these are called rather often,
this may actually have some (small) measurable effect.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1132781 13f79535-47bb-0310-9956-ffa450edef68
VH addresses as name-based virtual hosts. This also combines _default_ and *
into a single type of wildcard since these presented a false dichotomy between
address specs.
These are post-config only changes and do not change the runtime lookups.
The biggest loss here is that an unintended duplication of virtual host addresses
can no longer be reported as directly in the past, but should still be debuggabl
via apachectl -S (unintended NVH). These problems are a drop in the bucket compared
to the difficulty users have with using NameVirtualHost.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1053230 13f79535-47bb-0310-9956-ffa450edef68
than an assert() for errors which plague users on Solaris boxes which
don't have a properly configured resolver.
PR: 27525
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@230453 13f79535-47bb-0310-9956-ffa450edef68
catch all port-based NameVirtualHosts without defined VirtualHosts,
preventing segfaults later in some misconfigurations.
PR: 27731
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103400 13f79535-47bb-0310-9956-ffa450edef68
the implementation matches the comments. (Note: The current virtual
hosting code does case-insensitive host matching, so this fix is useful
mostly to help ensure that custom modules and any future vhosting code
don't get tripped up by case-sensitivity issues.)
Submitted by: Perry Harrington <pedward@webcom.com>
Reviewed by: Brian Pane
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95866 13f79535-47bb-0310-9956-ffa450edef68
Previously, request that sent:
GET / HTTP/1.1
Host:
would get a 400. RFC 2616 specifically allows for a "blank" host field.
The read_request code properly handled this, but the fix_hostname in
vhost.c would cause the 400. Now, simply return in fix_hostname when
we see a blank hostname rather than erroring out.
PR: 7441
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94655 13f79535-47bb-0310-9956-ffa450edef68
