www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2026-01-06 09:01:14 +03:00
Code Activity
24,469 Commits 62 Branches 306 Tags
c51c85911809df414d77efeb3ddc8ed746cef736
Commit Graph

1148 Commits

Author SHA1 Message Date
Guenter Knauf
2eb1a07d4a Stupid CodeWarrior compiler cant take vars with struct inits. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1428145 13f79535-47bb-0310-9956-ffa450edef68
 2013-01-03 02:25:23 +00:00
Stefan Fritsch
d47f71f7d9 Remove support for Request-Range header sent by Navigator 2-3 and 
MSIE 3


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1427465 13f79535-47bb-0310-9956-ffa450edef68
 2013-01-01 17:00:23 +00:00
Stefan Fritsch
8283707a4f add log tags missing in r1426877 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1426879 13f79535-47bb-0310-9956-ffa450edef68
 2012-12-30 01:28:17 +00:00
Stefan Fritsch
f726113d33 Add an option to enforce stricter HTTP conformance 
This is a first stab, the checks will likely have to be revised.
For now, we check

 * if the request line contains control characters
 * if the request uri has fragment or username/password
 * that the request method is standard or registered with RegisterHttpMethod
 * that the request protocol is of the form HTTP/[1-9]+.[0-9]+,
   or missing for 0.9
 * if there is garbage in the request line after the protocol
 * if any request header contains control characters
 * if any request header has an empty name
 * for the host name in the URL or Host header:
   - if an IPv4 dotted decimal address: Reject octal or hex values, require
     exactly four parts
   - if a DNS host name: Reject non-alphanumeric characters besides '.' and
     '-'. As a side effect, this rejects multiple Host headers.
 * if any response header contains control characters
 * if any response header has an empty name
 * that the Location response header (if present) has a valid scheme and is
   absolute

If we have a host name both from the URL and the Host header, we replace the
Host header with the value from the URL to enforce RFC conformance.

There is a log-only mode, but the loglevels of the logged messages need some
thought/work. Currently, the  checks for incoming data log for 'core' and the
checks for outgoing data log for 'http'. Maybe we need a way to configure the
loglevels separately from the core/http loglevels.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1426877 13f79535-47bb-0310-9956-ffa450edef68
 2012-12-30 01:23:24 +00:00
Christophe Jaillet
af32fbebef Avoid unnecessary %s substitution 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1419755 13f79535-47bb-0310-9956-ffa450edef68
 2012-12-10 20:53:24 +00:00
Eric Covener
7eb8fbe0ba also copy r->invoke_mtx when creating a subrequest 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1402924 13f79535-47bb-0310-9956-ffa450edef68
 2012-10-28 02:37:41 +00:00
Stefan Fritsch
8ec0c56b02 Code clean up (remove useless memory allocation) 
Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr>
PR: 52648


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1361803 13f79535-47bb-0310-9956-ffa450edef68
 2012-07-15 21:19:54 +00:00
Stefan Fritsch
8c960a8c15 Various code clean up 
Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr>
PR: 52893 


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1361801 13f79535-47bb-0310-9956-ffa450edef68
 2012-07-15 21:14:00 +00:00
Rainer Jung
bfbbc819d5 Add missing HTTP status codes taken from 
http://www.iana.org/assignments/http-status-codes/http-status-codes.xml 

The new codes are now known and some canned error
strings are provided. The web server does not yet actually
produce them in responses or reacts on getting them
from an origin server when acting as a proxy or gateway.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1361784 13f79535-47bb-0310-9956-ffa450edef68
 2012-07-15 20:22:03 +00:00
Graham Leggett
e666d3a64e mod_mime: Don't arbitrarily bypass AddOutputFilter during a ProxyPass, 
but then allow AddOutputFilter during a RewriteRule [P]. Make mod_mime
behave identically in both cases. PR52342.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1222370 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-22 17:48:17 +00:00
Stefan Fritsch
76f782e188 Various code cleanup to avoid compiler, cppcheck, or clang warnings: 
modules/debugging/mod_firehose.c: Make some internal functions static
                                  (to do: logs_cleanup() is unused)

modules/filters/mod_charset_lite.c: Remove dead assignments

modules/filters/mod_include.c: likewise

modules/metadata/mod_usertrack.c: likewise

modules/proxy/mod_proxy_ftp.c: likewise

modules/ssl/ssl_engine_pphrase.c: likewise

modules/proxy/mod_proxy_balancer.c: likewise;
                                    Remove NULL check that can never happen

modules/proxy/proxy_util.c: Axe NULL-check that can never happen and if it
                            would, it would just mask another bug

os/unix/unixd.c: likewise

modules/http/http_filters.c: Remove sub-condition that is always true

modules/lua/mod_lua.c: Add default cases to switch statements

modules/generators/mod_autoindex.c: Unsigned value can never be < 0

server/util_expr_eval.c: Fix compiler warnings with VC and on OS2



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1220493 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-18 17:52:59 +00:00
Graham Leggett
2af2fa44ad Further clarify the naming of the entity that originates the request by 
calling that entity a useragent instead of a client.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1214003 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-14 00:31:51 +00:00
Stefan Fritsch
92e366007c Add lots of unique tags to error log messages 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209766 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-02 23:02:04 +00:00
Graham Leggett
394e5594d6 Introduce a per connection "peer_ip" and a per request "client_ip" to 
distinguish between the raw IP address of the connection and the effective
IP address of the request.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1206291 13f79535-47bb-0310-9956-ffa450edef68
 2011-11-25 19:42:04 +00:00
Graham Leggett
4ee7eea4cf Introduce a per request version of the remote IP address, which can be 
optionally modified by a module when the effective IP of the client
is not the same as the real IP of the client (such as a load balancer).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1204968 13f79535-47bb-0310-9956-ffa450edef68
 2011-11-22 13:10:39 +00:00
Stefan Fritsch
2bffeda10b Downgrade some more error messages about broken client behavior to level 
info.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1204630 13f79535-47bb-0310-9956-ffa450edef68
 2011-11-21 18:16:01 +00:00
Stefan Fritsch
ab7b448082 Fix segfault caused by r1204104 on non-async mpms. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1204180 13f79535-47bb-0310-9956-ffa450edef68
 2011-11-20 16:41:42 +00:00
Stefan Fritsch
40ac38ff05 Remove MPM-private stuff from conn_state_t 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1204104 13f79535-47bb-0310-9956-ffa450edef68
 2011-11-19 23:35:46 +00:00
Stefan Fritsch
4db71797ea Fix 3xx responses with local URLs as ErrorDocument 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1187985 13f79535-47bb-0310-9956-ffa450edef68
 2011-10-23 22:07:50 +00:00
Stefan Fritsch
a524f440c3 Adjust log message to reflect changed behaviour 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1175992 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-26 18:50:28 +00:00
Jim Jagielski
a7433ead1d Put 0- on the fast-track 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1175980 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-26 18:12:41 +00:00
Stefan Fritsch
1951a037bf More cleanup: Expand tabs and some more indentation fixes 
No functional change


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1174929 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-23 18:08:42 +00:00
Jim Jagielski
427c85bd23 Cleanup effort in prep for GA push: 
Trim trailing whitespace... no func change



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1174751 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-23 13:39:32 +00:00
Stefan Fritsch
b279698681 use random value as multipart range boundary to prevent leaking information 
about the used MPM


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1171250 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-15 19:55:27 +00:00
Stefan Fritsch
2d4e23d88b Create wrapper API for apr_random; 
use in mod_lbmethod_heartbeat and mod_serf to
- replace some needles use of apr_generate_random_bytes
- remove code duplication


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1171247 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-15 19:53:59 +00:00
Jim Jagielski
625b89a7e2 Add in MaxRangeOverlaps and MaxRangeReversals to accomodate 
more control over acceptable Range headers:

        See: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/311

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1169756 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-12 14:15:53 +00:00
Jim Jagielski
0693a7054e Save creation of merged until we know we will actually need and use it. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1167310 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-09 17:44:37 +00:00
Jim Jagielski
c34f001809 return some range params admins may want to control (overlaps and reversals) 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1167309 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-09 17:44:31 +00:00
Jim Jagielski
9cbc0b6774 Remove function so we can grab over core_conf elements easily 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1167308 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-09 17:44:29 +00:00
Jim Jagielski
2ab6b78667 Reorg so we don't need forward def... 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1167307 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-09 17:44:26 +00:00
Jim Jagielski
fe74b5b58a Reset 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1167264 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-09 16:02:21 +00:00
Jim Jagielski
92e6b2882b No reason for the advanced def... 
Open hook for other conf factors (number of overlaps, etc)...
Return some range params...

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1167263 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-09 16:02:18 +00:00
William A. Rowe Jr
72d4ba405b What getpid()? No backport of this edit is needed. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1167147 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-09 13:09:25 +00:00
Eric Covener
c45e14b246 refactor to pull setting of Accept-Ranges header into http_protocol.c which 
had been copied to other handlers.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1166663 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-08 12:56:08 +00:00
Eric Covener
189a8b1eb5 add AP_ prefix to recently added DEFAULT_MAX_RANGES 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1166349 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-07 19:51:01 +00:00
Eric Covener
fe5f7b561d take care of some MaxRanges feedback: 
* allow "none" to be expressed in config
 * send Accept-Ranges: none with MaxRanges none
 * stop accepting confusing/ambiguous "0", start accepting "unlimited".



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1166282 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-07 17:29:49 +00:00
Joe Orton
571b03678e * modules/http/byterange_filter.c (ap_byterange_filter): Don't reveal 
the pid in the boundary delimiter (part of CVE-2003-1418).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1165268 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-05 12:59:07 +00:00
Stefan Fritsch
464bddc2c4 Revert r1163833: 
Send a 206 response for a "Range: bytes=0-" request, even if 200 would be
    more efficient.

As discussed on list: Clients that use the 206 response to detect range
support are considered broken and should be fixed to use the Accept-Ranges
header instead.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1165062 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-04 16:04:38 +00:00
Ruediger Pluem
975bdc6377 * Buckets of known length should be always splitable. So we don't need to care 
about the APR_ENOTIMPL case.

Submitted by: jorton
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1164840 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-03 09:50:21 +00:00
Ruediger Pluem
c7c14f473f * Fix a regression in the CVE-2011-3192 byterange fix: 
Range: bytes=-1

  Resulted in the first two bytes delivered, not in the last one.

PR: 51748
Submitted by: low_priority <lowprio20 gmail.com>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1163985 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-01 10:25:45 +00:00
Stefan Fritsch
3652b5bd72 Remove log message left over from debugging. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1163920 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-01 06:42:40 +00:00
Ruediger Pluem
f3ac51aba0 * Fix error message 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1163918 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-01 06:30:02 +00:00
Ruediger Pluem
701c4d3035 * Whitespace police. No functional change 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1163917 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-01 06:25:57 +00:00
Ruediger Pluem
191278d046 * Ranges like --2 or -0 are invalid 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1163916 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-01 06:24:53 +00:00
Stefan Fritsch
da2c87459c Fix some RFC 2616 14.35.1 compliance issues: 
- If there is at least one syntactically invalid byte-range-spec,
  we must ignore the whole header.
- If all ranges are unsatisfiable, send 416.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1163851 13f79535-47bb-0310-9956-ffa450edef68
 2011-08-31 22:37:32 +00:00
Stefan Fritsch
c1e78e71e8 Send a 206 response for a "Range: bytes=0-" request, even if 200 would be more 
efficient.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1163833 13f79535-47bb-0310-9956-ffa450edef68
 2011-08-31 21:37:38 +00:00
Ruediger Pluem
6b7fd6d6ea * Silence compiler warning 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1163197 13f79535-47bb-0310-9956-ffa450edef68
 2011-08-30 13:14:14 +00:00
Stefan Fritsch
0d91fd2826 Remove some unused code that was included in r1162131 by accident or merge 
error.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1162878 13f79535-47bb-0310-9956-ffa450edef68
 2011-08-29 15:49:56 +00:00
Ruediger Pluem
33dc927198 * We don't need a copy of the original range as we don't change it. A pointer to it is sufficient 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1162687 13f79535-47bb-0310-9956-ffa450edef68
 2011-08-29 09:04:56 +00:00
Ruediger Pluem
547ed3b549 * Bit operators should be more efficient then the modulo operator (provided the compiler does not optimize on its own) 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1162669 13f79535-47bb-0310-9956-ffa450edef68
 2011-08-29 07:51:29 +00:00