This makes <If> apply to all requests, not only to file base requests and
it allows to use <If> inside <Directory>, <Location>, and <Files> sections.
The merging of <If> sections always happens after the merging of <Location>
sections, even if the <If> section is embedded inside a <Directory> or
<Files> section.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1059867 13f79535-47bb-0310-9956-ffa450edef68
etc. causes problems because the authentication module calls
note_*_auth_failure if authentication fails. This is inappropriate if access is
later allowed because of the IP.
So, instead of calling the auth_checker hook even if authentication failed, we
introduce a new access_checker_ex hook that runs between the access_checker and
the check_user_id hooks. If an access_checker_ex functions returns OK, the
request will be allowed without authentication.
To make use of this, change mod_authz_core to walk the require blocks in the
access_checker_ex phase and deny/allow the request if the authz result does not
depend on an authenticated user. To distinguish a real AUTHZ_DENIED from an
authz provider from an authz provider needing an authenticated user, the latter
must return the new AUTHZ_DENIED_NO_USER code.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@964156 13f79535-47bb-0310-9956-ffa450edef68
I added a few more fixes, and there are still more that might
need a doxygen expert.
PR: 48061
Submitted by: Brad Hards
Reviewed by: poirier
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@830527 13f79535-47bb-0310-9956-ffa450edef68
Using this basic framework, you can return SUSPENDED from an HTTP Handler,
and then register a callback that is invoked by the MPM at a later time.
This initial version only supports _timers_ as callbacks, but in the future I
would like to add things like wait for socket activity, on a socket specified by
the handler.
Once in a callback, It is then the responsibility of the callback fucntion
to finish the HTTP Request handling, but this alows you to do cool things like
a fully async proxy, COMET support, or even rate limiting.
To prove I'm not insane, I've inlcuded an example module, mod_dialup.
You can configure it like this:
<Location "/docs">
ModemStandard "V.32"
</Location>
And for static files inside that path, you will be rate limited to V.32 speeds,
aka 9.6 kilobits/second.
Does anyone besides Rüdiger read commit emails :-) ?
I know there are likely huge problems with this, but I would like to see how far
we can push the Event MPM, figure out what to do better, if there is anything,
and then really dive into the 3.0 development before ApacheCon.
* server/mpm/experimental/event/fdqueue.h:
(timer_event_t): New structure to hold timer events and callback functions.
* server/mpm/experimental/event/fdqueue.c
(ap_queue_empty): Modify to also look at Timer Ring.
(ap_queue_init): Initialize Timer Ring.
(ap_queue_push_timer): New function, pushes a timer event into the queue.
(ap_queue_pop_something): Renamed function, returns a timer event or
a socket/pool for a worker thread to run.
* server/mpm/experimental/event/event.c
(process_socket): If the connection is in SUSPENDED state, don't force it
into linger mode yet, the callback will have to take care of that.
(push_timer2worker): New shortcut function, pushes timer event into queue
for a worker to run.
(timer_free_ring): New global data structure to recycle memory used by
timer events.
(timer_ring): New global data structure to hold active timer events.
(g_timer_ring_mtx): Thread mutex to protect timer event data structures.
(ap_mpm_register_timed_callback): New Function, registers a callback to be
invoked by the MPM at a later time.
(listener_thread): Calculate our wakeup time based on the upcoming Event
Queue, and after pollset_poll runs, push any Timers that have passed
onto worker threads to run.
(worker_thread): Call new queue pop method, and if the Timer Event is
non-null, invoke the callback. Once the callback is done, push the
structure onto the timer_free_ring, to be recycled.
(child_main): Initialize new mutex and ring structures.
* server/config.c
(ap_invoke_handler): Allow SUSPENDED aa valid return code from handlers.
* modules/http/http_core.c
(ap_process_http_async_connection): Don't close the connection when in
SUSPENDED state.
* modules/http/http_request.c
(ap_process_request_after_handler): New function, body pulled from the old,
ap_process_async_request. Split to let handlers invoke this so they
don't need to know all of the details of finishing a request.
(ap_process_async_request): If the handler returns SUSPENDED, don't do
anything but return.
* include/ap_mmn.h: Bump MMN.
* include/ap_mpm.h
(ap_mpm_register_timed_callback): New function.
* include/httpd.h:
(SUSPENDED): New return code for handlers.
(request_rec::invoke_mtx): New mutex to protect callback invokcations
from being run before the original handler finishes running.
(conn_state_e): Add a suspended state.
* include/http_request.h
(ap_process_request_after_handler): New function to make it easier for
handlers to finish the HTTP Request.
* modules/test/config.m4: Add mod_dialup to build.
* modules/test/mod_dialup.c: New rate limiting module, requires the Event MPM
to work.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@697357 13f79535-47bb-0310-9956-ffa450edef68
This define serves no modern purpose, since every module in the wild, including
our own define it, for no purpose.
If you have functions which you do not want in the 'public' API, put them
in a private header, that is not installed, just like mod_ssl does.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645412 13f79535-47bb-0310-9956-ffa450edef68
configurations which match those of the initial request. Revert to
the original behaviour (call access control hooks for internal requests
with URIs different from the initial request) if any access control hooks
or providers are not registered as permitting this optimization.
Introduce wrappers for access control hook and provider registration
which can accept additional mode and flag data.
The configuration walk optimizations were originally proposed a while
ago (see http://marc.info/?l=apache-httpd-dev&m=116536713506234&w=2);
they have been used since then in production systems and appear to be
stable and effective. They permit certain combinations of modules
and clients to function efficiently, especially when a deeply recursive
series of internal requests, such as those generated by certain WebDAV
requests, are all subject to the identical authentication and authorization
directives.
The major change from the original proposal is a cleaner mechanism for
detecting modules which may expect the old behaviour. This has been
tested successfully with Subversion's mod_authz_svn, which specifically
requires the old behaviour when performing path-based authorization based
against its own private access control configuration files.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@644525 13f79535-47bb-0310-9956-ffa450edef68
working again. Also rounds out our fix to work around negotiated
directories which Greg Ames fixed; this addition in request.c simply
shortcuts all further processing.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93045 13f79535-47bb-0310-9956-ffa450edef68
strings to numbers in places where the methods are known at compile
time.
(Justin fixed the va_end() call to be correct.)
Submitted by: Brian Pane <bpane@pacbell.net>
Reviewed by: Justin Erenkrantz
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91078 13f79535-47bb-0310-9956-ffa450edef68
from the primary request, redirects and sub-requests.
This will significantly reduce opporunities for inconsistancy (such
as Ian observed, and as I repaired only a month ago.)
This promotes process_request_internal to an ap_ namespace protected
entity in server/request.c (from it's old home in http/http_request.c)
since this fn has no http specifics.
Reviewed (in concept): Cliff Woolley, Ian Holsman
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90832 13f79535-47bb-0310-9956-ffa450edef68
the directory_walk and file_walk for non-file requests. TRACE
shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the
directory_walk/file_walk happen as APR_HOOK_VERY_LAST in core.c.
A seperate patch to mod_proxy is required to short circuit both the
TRACE and directory_walk/file_walk stuff. That patch is next.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90665 13f79535-47bb-0310-9956-ffa450edef68
and add an ap_sub_req_lookup_dirent() to create a subrequest from the
results of an apr_dir_read() for mod_negotiation and mod_autoindex.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89437 13f79535-47bb-0310-9956-ffa450edef68
a request while it is being created. This hook is called for all
request_rec's, main request, sub request, and internal redirect.
When this hook is called, the the r->main, r->prev, r->next
pointers have been set, so modules can determine what kind of
request this is.
Currently, this is only used by the core module, but protocol modules
are going to need to have the ability to affect the request while it is
being read.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88532 13f79535-47bb-0310-9956-ffa450edef68
modules to not have to muck with the output_filter after it creates the
sub-request. Without this change, modules that create a sub-request have
to manually edit the output_filters, and therefore skip the sub-request
output_filter. If they skip the sub-request output_filter, then we end
up sending multiple EOS buckets to the core_output_filter.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87065 13f79535-47bb-0310-9956-ffa450edef68
