body by closing the connection to the backend in this case instead of reusing it.
CVE: CVE-2008-5519
PR: 46949
Reviewed by: jim, wrowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@763394 13f79535-47bb-0310-9956-ffa450edef68
calls to ap_mpm_query() must be deferred until after the register-hooks hook, since that's
where the MPM registers its mpm-query hook
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@761226 13f79535-47bb-0310-9956-ffa450edef68
stricter checking of remote server certificates.
(docs/manual/mod/mod_ssl.xml)
Documentation of SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.
(modules/proxy/mod_proxy_http.c)
Set the hostname of the request URL as note on the connection.
(modules/ssl/ssl_private.h)
Add proxy_ssl_check_peer_expire and proxy_ssl_check_peer_cn fields to
the SSLSrvConfigRec.
(modules/ssl/ssl_engine_config.c)
Directives stuff for SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.
(modules/ssl/ssl_engine_io.c)
Check whether the remote servers certificate is expired / if there is a
mismatch between the requested hostanme and the remote server certificates
CN field.
Be able to parse ASN1 times.
(modules/ssl/mod_ssl.c)
Directives stuff for SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@760866 13f79535-47bb-0310-9956-ffa450edef68
- Use brigade_write instead of immortal buckets that aren't immortal.
- Read HTTP status code from serf.
- Remove extra logging.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@759462 13f79535-47bb-0310-9956-ffa450edef68
Convert the 100ms timed callback to a single cleanup callback that is added
when the request is ready to finish. Basically works, though it has
some issues with flushing and closing the connection.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@759460 13f79535-47bb-0310-9956-ffa450edef68
completely async from the original thread.
Right now it uses a 100ms timer to determine when the request is actaully complete,
but I think this can be removed in the long run with a better mechanism.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@759414 13f79535-47bb-0310-9956-ffa450edef68
* modules/proxy/mod_serf.c
(serf_config_t): Add preservehost member.
(setup_request): If preservehost is set, use the client provided Host header,
otherwise use the one from the configuration.
(is_true): New helper function for decoding true/false strings.
(add_pass): Change to an argv configuration function, check for not enough
args, and parse everything after the URI into key/value pairs.
(create_dir_config): Default to setting preservehost to on.
(serf_cmds): Change add_pass to a take argv directive.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@759395 13f79535-47bb-0310-9956-ffa450edef68
Add Clustered proxying support to mod_serf, by using the heartbeats system.
No preconfiguration of cluster members is needed.
Just a config like this:
SerfCluster sweet heartbeat file=/var/cache/apache/hb.dat
SerfCluster sour heartbeat file=/var/cache/apache/cluster2.dat
<Location "/">
SerfPass cluster://sweet
</Location>
<Location "/different_cluster">
SerfPass cluster://sour
</Location>
The location of all possible destination servers is provided by a new
providers interface, that includes configuration checking of the arguments to
the SerfCluster command, solving one of the worst problems with the mod_proxy
load balancer subsystem.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@759386 13f79535-47bb-0310-9956-ffa450edef68
to allow filenames with globbing characters to be retrieved instead of
presented in a directory listing.
Submitted by: Dan Poirier <poirier pobox.com>
Reviewed by: covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@758626 13f79535-47bb-0310-9956-ffa450edef68
from core. We now exclude Content-Type from responses for which
a media type has not been configured via mime.types, AddType,
ForceType, or some other mechanism. MMN major bump to NZ time.
PR: 13986
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@739382 13f79535-47bb-0310-9956-ffa450edef68
Also move '#error' after the includes, because it seems
CMSG_DATA is commonly defined in sys/socket.h.
The check also overwrites _apmod_error_fatal in case
CMSG_DATA is not defined to allow building when configure
was called with "--enable-proxy". Otherwise one would need
to explicitly disable mod_proxy_fdpass.
We might want to remove the #error completely, because the
new feature test prevents the building of the module when
the symbol is not defined.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@730803 13f79535-47bb-0310-9956-ffa450edef68
