opting in to connection reuse and other proxy options (max=, etc).
adds 'enablereuse' proxyoption and a minor MMN bump to share
proxy_desocketfy outside of mod_proxy.c, which is required to
match workers to URLs.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1647009 13f79535-47bb-0310-9956-ffa450edef68
less intrusive.
Submitted by: Yingqi Lu <yingqi.lu@intel.com>
Modified/Committed by: ylavic
Add ListenCoresBucketsRatio which is a configurable ratio between the number of
CPU cores (online) and the number of listeners buckets to create, defaulting to
zero (so that listeners buckets become an opt-in, ie. ncpus / ratio > 1).
This could also be made an opt-out by using the previous hardcoded value (8) as
default.
Make ap_close_listeners() act on all the listeners (including duplicated ones),
since the function is also called externally (eg. mod_cgid, mod_ssl_ct and
possibly any third party module) to cleanup opened descriptors when a process
is forked (the duplicated listeners are kept in a scoped/static variable).
Add ap_close_listeners_ex() to close a single bucket of listeners, used by the
children to close unused duplicates and internally by ap_close_listeners().
Make ap_duplicate_listeners() compute the number of buckets to be used, instead
of each MPM. This number is now based on the above ratio and will not change
unless asked to (given *num_buckets < 1, that is when the MPM does not run in
one-process mode nor after a graceful restart).
Remove some global variables (mpm_listen, enable_default_listeners) previously
used to communicate between MPMs and ap_listen, since ap_duplicate_listeners()
API can now be used to do so.
Also rename num_buckets as ap_num_listen_buckets, and prefix have_so_reuseport
with ap_ (both printed by ap_log_common(), hence kept global).
Detect ap_have_so_reuseport once only at startup.
Restore dummy_connection() as before r1599531 since sending POD signals should
not depend on the number of listeners buckets (there is still one single socket
receiving the connections).
For each MPM (concerned), move the bucket data (pod, listeners and eventually
accept mutex) into a struct and instanciate an array of them (sized by the
number of buckets), for each child to use its own data according to its bucket
index, and the parent to maintain the whole.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1635521 13f79535-47bb-0310-9956-ffa450edef68
and silently adjust the configured number of processes/threads to
be above the computed number of listener buckets (depending on the
CPU cores).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1629909 13f79535-47bb-0310-9956-ffa450edef68
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
otherwise confusing modules that examined or modified
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior.
Submitted By: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener
Committed By: covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610814 13f79535-47bb-0310-9956-ffa450edef68
proxy configuration, a remote attacker could send a carefully crafted
request which could crash a server process, resulting in denial of
service.
Thanks to Marek Kroemeke working with HP's Zero Day Initiative for
reporting this issue.
* server/util.c (ap_parse_token_list_strict): New function.
* modules/proxy/proxy_util.c (find_conn_headers): Use it here.
* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response):
Send a 400 for a malformed Connection header.
Submitted by: Edward Lu, breser, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610674 13f79535-47bb-0310-9956-ffa450edef68
which could lead to a heap buffer overflow. Thanks to Marek Kroemeke
working with HP's Zero Day Initiative for reporting this.
* include/scoreboard.h: Add ap_copy_scoreboard_worker.
* server/scoreboard.c (ap_copy_scoreboard_worker): New function.
* modules/generators/mod_status.c (status_handler): Use it.
* modules/lua/lua_request.c (lua_ap_scoreboard_worker): Likewise.
Reviewed by: trawick, jorton, covener, jim
Submitted by: jorton, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610491 13f79535-47bb-0310-9956-ffa450edef68
end-of-request time, and only update it after a round-trip with the LDAP
server rather than every time we check back into the pool.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1607960 13f79535-47bb-0310-9956-ffa450edef68
When a socket callback has a timeout, an associated timer event is used to
remove the sockets from the pollset and call a timeout function.
* This includes a noteworthy change to the main event loop. Previously,
we would call epoll, then process the timer events, then iterate through the
poll results. After this patch, the timer events are processed before the poll()
a _non-queued_ action can change the pollset conents (a users timed callback
function conversely could easily sit in a queue while the main thread continues
down into epoll)
* timer events can now have sockets associated with them, those sockets are
removed from the pollset when the timer event fires w/o a queue to the worker.
* timer events now have a canceled flag that can be toggled without locking
the timer list.
* Drop the severity of some wstunnel messages from DEBUG to TRACE1
* Lift the restriction on using asynchronous websockets connections but having
an idle timeout
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1593857 13f79535-47bb-0310-9956-ffa450edef68
several stages of initialization and connection handling. See
mod_ssl_openssl.h.
This is enough to allow implementation of Certificate Transparency
outside of mod_ssl.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1587607 13f79535-47bb-0310-9956-ffa450edef68
The immediate use is for a SSL-related module which works
on the backend proxy connection to be able to "leak" information
into the client r for logging.
This could be useful with other proxy scheme handlers.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1586719 13f79535-47bb-0310-9956-ffa450edef68
Allows for several "connections" all resulting in
a single real connection that talks to the network.
Right now, nothing uses this though.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1565657 13f79535-47bb-0310-9956-ffa450edef68
HttpContentLengthHeadZero - allow Content-Length of 0 to be returned on HEAD
HttpExpectStrict - allow admin to control whether we must see "100-continue"
This is helpful when using Ceph's radosgw and httpd.
Inspired by: Yehuda Sadeh <yehuda@inktank.com>
See https://github.com/ceph/apache2/commits/precise
* include/http_core.h
(core_server_config): Add http_cl_head_zero and http_expect_strict fields.
* modules/http/http_filters.c
(ap_http_header_filter): Only clear out the C-L if http_cl_head_zero is not
explictly set.
* server/core.c
(merge_core_server_configs): Add new fields.
(set_cl_head_zero, set_expect_strict): New config helpers.
(HttpContentLengthHeadZero, HttpExpectStrict): Declare new directives.
* server/protocol.c
(ap_read_request): Allow http_expect_strict to control if we return 417.
* include/ap_mmn.h
(MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR): Bump.
* CHANGES: Add a brief description.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1554303 13f79535-47bb-0310-9956-ffa450edef68
when the thread/connection relationship changes. (Currently implemented
only for the Event MPM; should be implemented for all async MPMs.)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1546759 13f79535-47bb-0310-9956-ffa450edef68
is reusable as of this point in processing.
mod_proxy_fcgi uses the new API to determine if FCGI_CONN_CLOSE
should be enabled, but that doesn't change existing behavior
since the connection is currently marked for closure elsewhere
in the module.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1526189 13f79535-47bb-0310-9956-ffa450edef68
to the output filters, which is bogus in the proxy case. Create a
clean mapping from APR codes to HTTP status codes, and use it where
needed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1482522 13f79535-47bb-0310-9956-ffa450edef68
with weak validation combined with If-Range and Range headers. Break
out explicit conditional header checks to be useable elsewhere in the
server. Ensure weak validation RFC compliance in the byteranges filter.
Ensure RFC validation compliance when serving cached entities. PR 16142
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1479905 13f79535-47bb-0310-9956-ffa450edef68
full advantage of the event MPM. Enable the ability for a module
to reverse the sense of a poll event from a read to a write or vice
versa.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1470679 13f79535-47bb-0310-9956-ffa450edef68
