Don't decode r->uri when pre_trans returns DONE instead of OK, which allows to
preserve previous behaviour where decoding was avoided for "ProxyRequests on"
or post_read_request RewriteRule [P] only, but not ProxyPass'ed requests.
This also preserves decoded location walk in most/same cases.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879137 13f79535-47bb-0310-9956-ffa450edef68
This allows any module to work with un-decoded URI-path (besides
unreserved characters) in r->uri, and eventually to avoid decoding by
returning OK.
The first candidate is mod_proxy (following commit) when
ProxyMappingDecoded is disabled, such that the forwarded URI is
equivalent to the original one.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879076 13f79535-47bb-0310-9956-ffa450edef68
Morphing buckets are not only those with ->length == -1, so the macro is
misleading. Modify comments to talk about opaque buckets when length == -1
and about morphing buckets (once) for opaque and FILE buckets.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1877077 13f79535-47bb-0310-9956-ffa450edef68
By setting EOR->r->flushed in the core output filter, allow one to determine at
log_transaction hook time whether the request has been fully flushed through
the network, or not (network issue, filter error, n-th pipelined resposne...).
Introduce the ap_bucket_eor_request() helper to get the request bound to an EOR
bucket, and uses it in ap_core_output_filter() to mark the EOR's request just
before destroying it, after all the previous buckets have been sent.
While at it, rename the request_rec* member of struct ap_bucket_eor from "data"
to "r", which makes the code clearer (not to be confused with b->data).
Finally, add CustomLog format %F, showing "F" or "-" depending on r->flushed,
for admins to figure out for each request.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876017 13f79535-47bb-0310-9956-ffa450edef68
The purpose of ap_request_core_filter() is not clear, it seems to prevent
potential morphing buckets to go through AP_FTYPE_CONNECTION filters which
would fail to set them aside (ENOTIMPL), and read them (unbounded) in memory.
This patch allows ap_filter_setaside_brigade() to set morphing buckets aside
by simply moving them, assuming they have the correct lifetime (either until
some further EOR, or the connection lifetime, or whatever). IOW, the module is
responsible for sending morphing buckets whose lifetime needs not be changed
by the connection filters.
Now since morphing buckets consume no memory until (apr_bucket_)read, like FILE
buckets, we don't account for them in flush_max_threshold either. This changes
ap_filter_reinstate_brigade() to only account for in-memory and EOR buckets to
flush_upto.
Also, since the EOR bucket is sent only to c->output_filters once the request
is processed, when all the filters < AP_FTYPE_CONNECTION have done their job
and stopped retaining data (after the EOS bucket, if ever), we prevent misuse
of ap_filter_{setaside,reinstate}_brigade() outside connection filters by
returning ENOTIMPL. This is not the right API for request filters as of now.
Finally, ap_request_core_filter() and co can be removed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1875947 13f79535-47bb-0310-9956-ffa450edef68
Export [ap_]check_pipeline() and use it also for ap_proxy_check_connection(),
so that all the necessary checks on the connection are done before reusing it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1756186 13f79535-47bb-0310-9956-ffa450edef68
Replacement of ap_some_auth_required (unusable in Apache httpd 2.4)
with new ap_some_authn_required and ap_force_authn hook.
Submitted by: breser
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1684524 13f79535-47bb-0310-9956-ffa450edef68
which both must run well before auth_checker. No other contrast is possible so
assuming this doc is just a typo.
access_checker vs. access_checker_ex is discussed here:
Subject: svn commit: r964156 - in /httpd/httpd/trunk: docs/manual/developer/ include/ modules/aaa/ server/
http://svn.apache.org/viewvc?rev=964156&view=rev
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1511878 13f79535-47bb-0310-9956-ffa450edef68
This makes <If> apply to all requests, not only to file base requests and
it allows to use <If> inside <Directory>, <Location>, and <Files> sections.
The merging of <If> sections always happens after the merging of <Location>
sections, even if the <If> section is embedded inside a <Directory> or
<Files> section.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1059867 13f79535-47bb-0310-9956-ffa450edef68
etc. causes problems because the authentication module calls
note_*_auth_failure if authentication fails. This is inappropriate if access is
later allowed because of the IP.
So, instead of calling the auth_checker hook even if authentication failed, we
introduce a new access_checker_ex hook that runs between the access_checker and
the check_user_id hooks. If an access_checker_ex functions returns OK, the
request will be allowed without authentication.
To make use of this, change mod_authz_core to walk the require blocks in the
access_checker_ex phase and deny/allow the request if the authz result does not
depend on an authenticated user. To distinguish a real AUTHZ_DENIED from an
authz provider from an authz provider needing an authenticated user, the latter
must return the new AUTHZ_DENIED_NO_USER code.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@964156 13f79535-47bb-0310-9956-ffa450edef68
I added a few more fixes, and there are still more that might
need a doxygen expert.
PR: 48061
Submitted by: Brad Hards
Reviewed by: poirier
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@830527 13f79535-47bb-0310-9956-ffa450edef68
Using this basic framework, you can return SUSPENDED from an HTTP Handler,
and then register a callback that is invoked by the MPM at a later time.
This initial version only supports _timers_ as callbacks, but in the future I
would like to add things like wait for socket activity, on a socket specified by
the handler.
Once in a callback, It is then the responsibility of the callback fucntion
to finish the HTTP Request handling, but this alows you to do cool things like
a fully async proxy, COMET support, or even rate limiting.
To prove I'm not insane, I've inlcuded an example module, mod_dialup.
You can configure it like this:
<Location "/docs">
ModemStandard "V.32"
</Location>
And for static files inside that path, you will be rate limited to V.32 speeds,
aka 9.6 kilobits/second.
Does anyone besides Rüdiger read commit emails :-) ?
I know there are likely huge problems with this, but I would like to see how far
we can push the Event MPM, figure out what to do better, if there is anything,
and then really dive into the 3.0 development before ApacheCon.
* server/mpm/experimental/event/fdqueue.h:
(timer_event_t): New structure to hold timer events and callback functions.
* server/mpm/experimental/event/fdqueue.c
(ap_queue_empty): Modify to also look at Timer Ring.
(ap_queue_init): Initialize Timer Ring.
(ap_queue_push_timer): New function, pushes a timer event into the queue.
(ap_queue_pop_something): Renamed function, returns a timer event or
a socket/pool for a worker thread to run.
* server/mpm/experimental/event/event.c
(process_socket): If the connection is in SUSPENDED state, don't force it
into linger mode yet, the callback will have to take care of that.
(push_timer2worker): New shortcut function, pushes timer event into queue
for a worker to run.
(timer_free_ring): New global data structure to recycle memory used by
timer events.
(timer_ring): New global data structure to hold active timer events.
(g_timer_ring_mtx): Thread mutex to protect timer event data structures.
(ap_mpm_register_timed_callback): New Function, registers a callback to be
invoked by the MPM at a later time.
(listener_thread): Calculate our wakeup time based on the upcoming Event
Queue, and after pollset_poll runs, push any Timers that have passed
onto worker threads to run.
(worker_thread): Call new queue pop method, and if the Timer Event is
non-null, invoke the callback. Once the callback is done, push the
structure onto the timer_free_ring, to be recycled.
(child_main): Initialize new mutex and ring structures.
* server/config.c
(ap_invoke_handler): Allow SUSPENDED aa valid return code from handlers.
* modules/http/http_core.c
(ap_process_http_async_connection): Don't close the connection when in
SUSPENDED state.
* modules/http/http_request.c
(ap_process_request_after_handler): New function, body pulled from the old,
ap_process_async_request. Split to let handlers invoke this so they
don't need to know all of the details of finishing a request.
(ap_process_async_request): If the handler returns SUSPENDED, don't do
anything but return.
* include/ap_mmn.h: Bump MMN.
* include/ap_mpm.h
(ap_mpm_register_timed_callback): New function.
* include/httpd.h:
(SUSPENDED): New return code for handlers.
(request_rec::invoke_mtx): New mutex to protect callback invokcations
from being run before the original handler finishes running.
(conn_state_e): Add a suspended state.
* include/http_request.h
(ap_process_request_after_handler): New function to make it easier for
handlers to finish the HTTP Request.
* modules/test/config.m4: Add mod_dialup to build.
* modules/test/mod_dialup.c: New rate limiting module, requires the Event MPM
to work.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@697357 13f79535-47bb-0310-9956-ffa450edef68
This define serves no modern purpose, since every module in the wild, including
our own define it, for no purpose.
If you have functions which you do not want in the 'public' API, put them
in a private header, that is not installed, just like mod_ssl does.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645412 13f79535-47bb-0310-9956-ffa450edef68
configurations which match those of the initial request. Revert to
the original behaviour (call access control hooks for internal requests
with URIs different from the initial request) if any access control hooks
or providers are not registered as permitting this optimization.
Introduce wrappers for access control hook and provider registration
which can accept additional mode and flag data.
The configuration walk optimizations were originally proposed a while
ago (see http://marc.info/?l=apache-httpd-dev&m=116536713506234&w=2);
they have been used since then in production systems and appear to be
stable and effective. They permit certain combinations of modules
and clients to function efficiently, especially when a deeply recursive
series of internal requests, such as those generated by certain WebDAV
requests, are all subject to the identical authentication and authorization
directives.
The major change from the original proposal is a cleaner mechanism for
detecting modules which may expect the old behaviour. This has been
tested successfully with Subversion's mod_authz_svn, which specifically
requires the old behaviour when performing path-based authorization based
against its own private access control configuration files.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@644525 13f79535-47bb-0310-9956-ffa450edef68
