brigade, always process the request bucket first. This gives the proper
context in which to evaluate the error bucket in.
Some error access r->method, for example, in their response body.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1910530 13f79535-47bb-0310-9956-ffa450edef68
*) core/mod_http: use REQUEST meta buckets and a new HTTP/1.x specific
input filter to separate the handling for HTTP requests from the
handling of HTTP/1.x request parsing and checks.
A new HTTP1_REQUEST_IN filter installs itself on http/1.1 connections
before a request is being read. It generates either a REQUEST meta
bucket on success or an ERROR bucket with the proposed response status.
The core connection processing, relying on ap_read_request(), now expects
a REQUEST or ERROR bucket from the input filters and is agnostic to
specific HTTP versions and how they bring requests into the server.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899799 13f79535-47bb-0310-9956-ffa450edef68
filter to send responses through the output filter chain.
Specifically: the HTTP_HEADER output filter and ap_send_interim_response()
create a RESPONSE bucket and no longer are concerned with HTTP/1.x
serialization.
A new HTTP1_RESPONSE_OUT transcode filter writes the proper HTTP/1.x
bytes when dealing with a RESPONSE bucket. That filter installs itself
on the pre_read_request hook when the connection has protocol 'http/1.1'.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899648 13f79535-47bb-0310-9956-ffa450edef68
- adds new meta bucket types REQUEST, RESPONSE and HEADERS to the API.
- adds a new method for setting standard response headers Date and Server
- adds helper methods for formatting parts of HTTP/1.x, like headers and
end chunks for use in non-core parts of the server, e.g. mod_proxy
- splits the HTTP_IN filter into a "generic HTTP" and "specific HTTP/1.x"
filter. The latter one named HTTP1_BODY_IN.
- Uses HTTP1_BODY_IN only for requests with HTTP version <= 1.1
- Removes the chunked input simulation from mod_http2
- adds body_indeterminate flag to request_rec that indicates that a request
body may be present and needs to be read/discarded. This replaces logic
that thinks without Content-Length and Transfer-Encoding, no request
body can exist.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899547 13f79535-47bb-0310-9956-ffa450edef68
If ap_discard_request_body() sets AP_CONN_CLOSE by itself it simplifies and
allows to consolidate end_output_stream() and error_output_stream().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898683 13f79535-47bb-0310-9956-ffa450edef68
have an http(s) scheme, and that the ones to be forward proxied have a
hostname, per HTTP specifications.
The early checks avoid failing the request later on and thus save cycles
for those invalid cases.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895921 13f79535-47bb-0310-9956-ffa450edef68
read_request_line() failure was cought by ap_parse_request() with r->method
being NULL, so have a .rodata pointer to "-" instead.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893044 13f79535-47bb-0310-9956-ffa450edef68
* server/protocol.c(read_request_line):
Set r->method_number to M_INVALID and r->{method,uri,unparsed_uri} to "-"
when read fails, ap_parse_request_line() will never be called.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893030 13f79535-47bb-0310-9956-ffa450edef68
* server/protocol.c(read_request_line):
Set r->method_number to M_INVALID and r->{method,uri,unparsed_uri} to "-"
when read fails, ap_parse_request_line() will never be called.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893026 13f79535-47bb-0310-9956-ffa450edef68
* server/protocol.c(read_request_line):
Move r->request_time initialization before first APLOG_TRACE5,
ap_log_rerror() may run the generate_log_id hooks and call mod_unique_id
with no timestamp initialized (zero).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893001 13f79535-47bb-0310-9956-ffa450edef68
certificate and key instead of file names.
Added support for this in mod_ssl and verified with a local mod_md
version that uses it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887151 13f79535-47bb-0310-9956-ffa450edef68
- ap_ssl_add_cert_files() to enable other modules like mod_md to provide
certificate and keys for an SSL module like mod_ssl.
- ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to
provide a fallback certificate in case no 'proper' certificate is
available for an SSL module like mod_ssl.
- ap_ssl_answer_challenge() to enable other modules like mod_md to
provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge
for the ACME protocol for an SSL module like mod_ssl.
- Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and
'ssl_answer_challenge' where modules like mod_md can provide providers
to the above mentioned functions.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887085 13f79535-47bb-0310-9956-ffa450edef68
These function are always available, even when no module providing
SSL is loaded. They provide their own "shadowing" implementation for
the optional functions of similar name that mod_ssl and impersonators
of mod_ssl provide.
This enables loading of several SSL providing modules when all but
one of them registers itself into the new hooks. Two old-style SSL
modules will not work, as they replace the others optional functions
with their own.
Modules using the old-style optional functions will continue to work
as core supplies its own versions of those.
The following has been added so far:
- ap_ssl_conn_is_ssl() to query if a connection is using SSL.
- ap_ssl_var_lookup() to query SSL related variables for a
server/connection/request.
- Hooks for 'ssl_conn_is_ssl' and 'ssl_var_lookup' where modules
providing SSL can install their own value supplying functions.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1886840 13f79535-47bb-0310-9956-ffa450edef68
Disable keepalive on the connection if we received both Content-Length and
chunked Transfer-Encoding in the request, to avoid confusion with front
intermediaries and potential further request/response splitting.
This is what we do already for mod_proxy backend connections in the same case.
While at it, replace draft httpbis links with final RFC7230's.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879373 13f79535-47bb-0310-9956-ffa450edef68
RFC 7230 requires that the request-line URI be absolute, besides
"CONNECT authority-form" and "OPTIONS asterisk-form".
Enforce it in ap_parse_request_line().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879078 13f79535-47bb-0310-9956-ffa450edef68
Don't let invalid invalid Content-Length header go beyond ap_read_request()
and protocol validation. The check in ap_http_filter() is still useful if
some modules mangles the header, but it's too late for the usual case.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1877955 13f79535-47bb-0310-9956-ffa450edef68
Unless ap_read_request() failed to read the request line or header, or
Transfer-Encoding is invalid, we can still provide the request body to custom
error handlers (ErrorDocument) that ask it (e.g. internal redirects to CGI).
So this commit splits early failure path (previously die_early label) in two,
die_unusable_input and die_before_hooks, where the latter preserves input
filters (including HTTP_IN).
Also, the code to apply the connection timeout and r->per_dir_config from the
server is now in a new apply_server_config() helper since it's used multiple
times. Note that apr_socket_timeout_set() is a noop if the new timeout is the
same as the one already in place, so there is no need to cache the old timeout
nor use apr_socket_timeout_get(). Likewise, r->server is initially set to
c->base_server so apply_server_config() is overall a noop when no change is
needed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876784 13f79535-47bb-0310-9956-ffa450edef68
Extract parsing/validation code from read_request_line() and ap_read_request()
into ap_parse_request_line() and ap_check_request_header() helpers such that
mod_http2 can validate its HTTP/1 request with the same/configured policy.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876674 13f79535-47bb-0310-9956-ffa450edef68
The core output filters depend on EOR being sent at some point for correct
accounting of setaside limits and lifetime.
Rework ap_read_request() early failure (including in post_read_request() hooks)
so that it always sends the EOR after ap_die().
Apply the same scheme in h2_request_create_rec() which is the HTTP/2 to HTTP/1
counterpart.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876664 13f79535-47bb-0310-9956-ffa450edef68
Let's call stream_reqbody() for all rb_methods, no RB_SPOOL_CL special case.
This both simplifies code and allows to keep EOS into the input_brigade until
it's sent, and thus detect whether we already fetched the whole body if/when
proxy_http_handler() re-enters for different balancer members.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1869222 13f79535-47bb-0310-9956-ffa450edef68
Send "100 Continue", if needed, before fetching/blocking on the request body in
spool_reqbody_cl(), otherwise mod_proxy and the client can wait for each other,
leading to a request timeout (408).
While at it, make so that ap_send_interim_response() uses the default status
line if none is set in r->status_line.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1868576 13f79535-47bb-0310-9956-ffa450edef68
.. to allow ucnonfigured hostnames to be rejected.
The checks happen during NVH mapping and checks that the
mapped VH itself has the host as a name or alias.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1838055 13f79535-47bb-0310-9956-ffa450edef68
Provide AP_STATUS_IS_HEADER_ONLY() helper/macro to check for 204 or 304 and
use it where some special treatment is needed when no body is expected.
Some of those places handled 204 only.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837056 13f79535-47bb-0310-9956-ffa450edef68
Handle end-to-end 100-continue, according to RFC 7231, such that the client
request body is not read/forwarded (according to its "Expect:" header) until
the backend wants to receive it (with interim 100 continue response), or never
forwarded if the backend provides a (non-interim) response and doesn't need
the client body at all.
This is achieved by filling the header_brigade in ap_proxy_http_prefetch()
and letting ap_proxy_http_request() determine whether it should forward that
brigade only (with the "Expect: 100-continue" specified by the client or added
according to "ping=" configuration), or forward the whole body for the usual
case (as before).
When 100-continue expectation is in place, the body is actually forwarded by
ap_proxy_http_process_response() when/if a "100 continue" response is sent by
the backend, otherwise the body is discarded; a future enhancement could make
so that in a balancer configuration, the body could be forwarded to another
balancer member depending on the status/error from the backend.
So stream_reqbody_cl() and stream_reqbody_chunked() functions are adapted to be
called by either ap_proxy_http_request() or ap_proxy_http_process_response(),
while spool_reqbody_cl() still spools the body in ap_proxy_http_prefetch() thus
before the backend is connected/reused to avoid inactivity on the connection
for the prefetch time (the prefetched body is also forwarded according to the
100-continue expectation, though).
Also, since the brigades and other runtime objects now need to be shared by the
ap_proxy_http_*() functions chain, a proxy_http_req_t struct/context is created
from the start and passed to them as (the single) argument. This is also a good
candidate for a future async baton, if we wanted to let the MPM event wait for
connection data for us at any stage and be called back ;)
Finally, ap_send_interim_response() is modified to correcly handle 100 continue
responses once, and take care of clearing r->expecting_100 only for them.
PR 60330.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1836588 13f79535-47bb-0310-9956-ffa450edef68
... to include r->args and get otherwise get as close to possible to
what came in over the wire.
Submitted By: Hank Ibell <hwibell gmail.com>
Committed By: covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831772 13f79535-47bb-0310-9956-ffa450edef68
Rename ap_fgetline_impl() to ap_fgetline_core(), and do missing EBCDIC
translation in ap_fgetline().
Also restore EBCDIC translation for ap_getline(), as noted by Ruediger this
was changed (unexpectedly) in r1829659.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829789 13f79535-47bb-0310-9956-ffa450edef68
It allows to read a line directly from an input filter, in blocking mode
or not. Since no request_rec is needed, a pool may be given.
Existing ap_[r]getline() function are now based off ap_fgetline() by calling:
ap_fgetline(s, n, read, r->proto_input_filters, flags, bb, r->pool);
Will follow up with a new ap_get_mime_headers_*() flavor which can be used by
any filter that needs non-blocking and not necessarily has a request_rec (e.g.
ap_http_filter() to read proxied response trailers).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829659 13f79535-47bb-0310-9956-ffa450edef68
