everywhere.
We know that the core module has module_index 0. Therefore we can save
some pointer operations in ap_get_module_config(cv, &core_module) and
ap_set_module_config(cv, &core_module, val). As these are called rather often,
this may actually have some (small) measurable effect.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1132781 13f79535-47bb-0310-9956-ffa450edef68
and context document root (which is the file system directory that
this URL prefix is mapped to). This generalization of the document
root makes it easier for scripts to create self-referential URLs and
to find their files.
- Expose CONTEXT_DOCUMENT_ROOT and CONTEXT_PREFIX as envvars, in mod_rewrite,
and in ap_expr.
- Make mod_alias and mod_userdir set the context information.
- Allow to override the document root on a per-request basis. This allows
mass vhosting modules to set DOCUMENT_ROOT correctly.
- Make mod_vhost_alias set the per-request document root
PR: 26052, 46198, 49705
Remaining tasks:
- Use the context document root & prefix in mod_rewrite to make RewriteBase
unneccessary in many cases. Do this without breaking compatibility.
- Write docs.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1132494 13f79535-47bb-0310-9956-ffa450edef68
necessary if a module (like mod_perl) registers additional modules later than the
EXEC_ON_READ phase.
Tested by: Torsten Foertsch <torsten foertsch gmx net>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1096569 13f79535-47bb-0310-9956-ffa450edef68
in request URL path info but not decode them. Change behavior of option
"On" to decode the encoded slashes as 2.0 and 2.2 do. PR 35256,
PR 46830.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1082196 13f79535-47bb-0310-9956-ffa450edef68
if the current configuration run is the initial one at server startup,
and if the server is started for testing/config dumping only.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1070151 13f79535-47bb-0310-9956-ffa450edef68
This makes <If> apply to all requests, not only to file base requests and
it allows to use <If> inside <Directory>, <Location>, and <Files> sections.
The merging of <If> sections always happens after the merging of <Location>
sections, even if the <If> section is embedded inside a <Directory> or
<Files> section.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1059867 13f79535-47bb-0310-9956-ffa450edef68
the new parser. Rework ap_expr's public interface and provide hooks for modules
to add variables and functions.
The Netware and Windows build files still need to be adjusted
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1032073 13f79535-47bb-0310-9956-ffa450edef68
of the message is higher than a specified value. This allows to achive
the old behaviour for the source file name/line number of being only
logged for debug and higher.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1001381 13f79535-47bb-0310-9956-ffa450edef68
additional information that is logged once per connection or request.
Add error log IDs for connections and request to allow correlating error log
lines and the corresponding access log entry.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@992806 13f79535-47bb-0310-9956-ffa450edef68
ap_get_server_name_for_url() and use it where appropriate. This fixes
mod_rewrite generating invalid URLs for redirects to IPv6 literal addresses.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@900022 13f79535-47bb-0310-9956-ffa450edef68
total byte count of last request.
core: Use ap_logio_get_last_bytes to report more accurate byte counts in
mod_status if mod_logio is loaded. Without mod_logio, don't increment
counts for HEAD requests.
PR: 25656
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@823337 13f79535-47bb-0310-9956-ffa450edef68
'AllowOverride Options=IncludesNoExec' does not permit Includes with
exec= enabled to be configured in an .htaccess file:
* include/http_core.h: Change semantics of Includes/IncludeNoExec
options bits to be additive; OPT_INCLUDES now means SSI is enabled
without exec=. OPT_INCLUDES|OPT_INC_WITH_EXEC means SSI is enabled
with exec=.
* server/core.c (create_core_dir_config): Remove defunct OPT_INCNOEXEC
from default override_opts; no functional change.
(merge_core_dir_configs): Update logic to ensure that exec= is
disabled in a context where IncludesNoexec is configured, even if
Includes-with-exec is permitted in the inherited options set.
(set_allow_opts, set_options): Update to reflect new semantics
of OPT_INCLUDES, OPT_INC_WITH_EXEC.
* server/config.c: Update to remove OPT_INCNOEXEC from default
override_opts; no functional change.
* modules/filters/mod_include.c (includes_filter): Update to reflect
new options semantics - disable exec= support if the
OPT_INC_WITH_EXEC bit is not set.
Submitted by: Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>,
jorton
Thanks to: Vincent Danon <vdanon redhat.com>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@772997 13f79535-47bb-0310-9956-ffa450edef68
from core. We now exclude Content-Type from responses for which
a media type has not been configured via mime.types, AddType,
ForceType, or some other mechanism. MMN major bump to NZ time.
PR: 13986
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@739382 13f79535-47bb-0310-9956-ffa450edef68
(core_dir_config): Fix warning: overflow in implicit constant conversion,
generated by core.c line 117, which sets content_md5 to '2', which is too big
for a signed value -- but it looks like this was really meant to be unsigned.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@708828 13f79535-47bb-0310-9956-ffa450edef68
This define serves no modern purpose, since every module in the wild, including
our own define it, for no purpose.
If you have functions which you do not want in the 'public' API, put them
in a private header, that is not installed, just like mod_ssl does.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645412 13f79535-47bb-0310-9956-ffa450edef68
Merge from branches/authz-dev
Basically here is a list of what has been done:
- Convert all of the authz modules from hook based to provider based
- Remove the ap_requires field from the core_dir_config structure
- Remove the function ap_requires() since its functionality is no
longer supported or necessary in the refactoring
- Remove the calls to ap_some_auth_required() in the core request
handling to allow the hooks to be called in all cases.
- Add the new module mod_authz_core which will act as the authorization
provider vector and contain common authz directives such as 'Require',
'Reject' and '<RequireAlias>'
- Add the new module mod_authn_core which will contain common
authentication directives such as 'AuthType', 'AuthName' and
'<AuthnProviderAlias>'
- Move the check for METHOD_MASK out of the authz providers and into
the authz_core provider vector
- Define the status codes that can be returned by the authz providers
as AUTHZ_DENIED, AUTHZ_GRANTED and AUTHZ_GENERAL_ERROR
- Remove the 'Satisfy' directive
- Implement the '<RequireAll>', '<RequireOne>' block directives to
handle the 'and' and 'or' logic for authorization.
- Remove the 'AuthzXXXAuthoritative' directives from all of the authz
providers
- Implement the 'Reject' directive that will deny authorization if the
argument is true
- Fold the 'Reject' directive into the '<RequireAll>', '<RequireOne>'
logic
- Reimplement the host based authorization functionality provided by
'allow', 'deny' and 'order' as authz providers
- Remove the 'allow', 'deny' and 'order' directives
- Merge mod_authn_alias into mod_authn_core
- Add '<RequireAlias>' functionality which is similar to
'<AuthnProviderAlias>' but specific to authorization aliasing
- Remove all of the references to the 'authzxxxAuthoritative'
directives from the documentation
- Remove the 'Satisfy' directive from the documentation
- Remove 'Allow', 'Deny', 'Order' directives from the documentation
- Document '<RequireAll>', '<RequireOne>', 'Reject' directives
- Reimplement the APIs ap_auth_type(), ap_auth_name() as optional
functions and move the actual implementation into mod_authn_core
- Reimplement the API ap_some_auth_required() as an optional function
and move the actual implementation into mod_authz_core
Major Changes:
- Added the directives <RequireAll>, <RequireOne>, <RequireAlias>,
Reject
- Expanded the functionality of the directive 'Require' to handle all
authorization and access control
- Added the new authz providers 'env', 'ip', 'host', 'all' to handle
host-based access control
- Removed the directives 'Allow', 'Deny', 'Order', 'Satisfy',
'AuthzXXXAuthoritative'
- Removed the ap_require() API
- Moved the directives 'AuthType', 'AuthName' out of mod_core and into
mod_authn_core
- Moved the directive 'Require' out of mod_core and into
mod_authz_core
- Merged mod_authn_alias into mod_authn_core
- Renamed mod_authz_dbm authz providers from 'group' and 'file-group'
to 'dbm-group' and 'dbm-file-group'
Benefits:
- All authorization and access control is now handle through two
directives, 'Require' and 'Reject'
- Authorization has been expanded to allow for complex 'AND/OR' control
logic through the directives '<RequireAll>' and '<RequireOne>'
- Configuration is now much simpler and consistent across the board
- Other modules like mod_ssl and mod_proxy should be able to plug into
and take advantage of the same provider based authorization mechanism
by implementing their own providers
Issues:
- Backwards compatibility between 2.2 and 2.3 configurations will be
broken in the area of authorization and access control due to the fact
that the directives 'allow', 'deny', 'order' and 'satisfy' have been
removed. When moving from 2.2 to 2.3 these directives will have to be
changed to 'Require all granted', 'Require all denied' or some variation
of the authz host-based providers.
- Existing third party authorization modules will have to adapt to the
new structure.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@368027 13f79535-47bb-0310-9956-ffa450edef68
basically allows Apache to configurably ( :) )
use the physical port when constructing the
canonical port. Also add the exact ordering to
the docs, so people can easily see how it works.
We now have compatibility with both 2.0 and 1.3.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@344369 13f79535-47bb-0310-9956-ffa450edef68
The core filter will NOT operate correctly across platforms
(even between Linux/Solaris) without setting up the conn->timeout,
so always apply the timeout when establishing the core filter.
The keep-alive-timeout is entirely an HTTP-ism, and needs to
move to the http protocol handler. Note #1; this isn't triggered
in the event mpm, but the event mpm introspects s->keep_alive_timeout
directly adding it to the pollset, so this is a non-sequitor.
Finally, once the headers are read, the named virtual host may
have a different (more/less permissive) timeout for the remainder
of the request body. This http-centric patch picks up that subtle
detail and can switch to a named-vhost timeout.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@306495 13f79535-47bb-0310-9956-ffa450edef68
I will be adding documentation for the new directives hopefully in the next day or so.
* server/core.c: Added 'Protocol' to the core module config
Added ap_{set,get}_server_protocol API.
Added new directive: 'AcceptFilter'.
Enable 'httpready' by default on systems that support it. Use dataready filters for others.
* server/listen.c: Attempt to inherit protocols from Listener Records to Server configs.
The 'Listen' directive can now optionally take a protocol arg
Move bits that determined which accept filter is applied to core.c.
Added bits to find the correct accept filter based on the core's configuration.
* include/{ap_listen.h,http_core.h}: Add Protocol to respective structures.
* include/http_core.h: Add the accf_map table to the core_server_config structure
* include/ap_mmn.h: Minor MMN Bump for the new interfacces.
* modules/ssl/ssl_engine_init.c: Use the new protocol framework to enable mod_ssl for 'https' websites.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@190563 13f79535-47bb-0310-9956-ffa450edef68
