-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge r1881790, r1904513, r1909400, r1909401, r1909402, r1909451, r1912459 from trunk #389
Merge r1881790, r1904513, r1909400, r1909401, r1909402, r1909451, r1912459 from trunk #389
Commits on Oct 30, 2023
-
mod_proxy: Add support for an optional third argument to ProxyRemote*
to configure the Basic auth credentials to send to the remote proxy. (Note that credentials are always sent w/o waiting for a challenge as with proxy-chain-auth, and only Basic is supported - both of which are not exactly ideal - but better than nothing.) * modules/proxy/mod_proxy.h (struct proxy_remote): Add creds field. * modules/proxy/mod_proxy.c (proxy_handler): Pass forward proxy credentials via r->notes. (add_proxy): Take credentials and base64-encode into ->creds field if passed. (add_proxy_noregex, add_proxy_regex): Take optional creds argument. * modules/proxy/proxy_util.c (ap_proxy_determine_connection): Use proxy credentials from r->notes if available. (ap_proxy_create_hdrbrgd): Set Proxy-Authorization header from credentials in r->notes if present. PR: 37355 Github: closes apache#135 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1881790 13f79535-47bb-0310-9956-ffa450edef68 (cherry picked from commit c77e6ab)
Configuration menu - View commit details
-
Copy full SHA for 23c4df1 - Browse repository at this point
Copy the full SHA 23c4df1View commit details -
mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch …
…when some dollar substitution (backreference) happens in the hostname or port part of the URL. Address or connection reuse can't work when the autority part of the URL is dynamic (single origin server[:port] handled/assumed in the reslist). Detect such cases and unset worker->s->is_address_reusable to disable reuse regardless of enablereuse/disablereuse. * modules/proxy/proxy_util.c(ap_proxy_define_worker_ex): Lookup for $n substitution in the hostname[:port] when parsing the URL and if present, set worker->->is_address_reusable=0 / worker->s->disablereuse=1. * modules/proxy/proxy_util.c(ap_proxy_initialize_worker): Don't overwrite worker->s->is_address_reusable from enablereuse/disablereuse parameters, and set both consistently. * docs/manual/mod/mod_proxy.xml: Add ProxyPassMatch compatibility note about key=value parameters handled with $n substitutions since 2.4.47. Document the specificities of enablereuse/disablereuse w.r.t. $n subsitutions in the different part of the URL. Axe the note about unparsable URLs when the $n substitution happens in the port, this has been addressed in 2.4.47 too (and works now). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904513 13f79535-47bb-0310-9956-ffa450edef68 (cherry picked from commit c74bf2f)
Configuration menu - View commit details
-
Copy full SHA for 4a0afba - Browse repository at this point
Copy the full SHA 4a0afbaView commit details -
* For retriggering a DNS lookup worker->cp->addr should be set to NUL…
…L and thus we need to avoid a race that worker->cp->addr switches to NULL after we checked it to be non NULL but before we assign it to conn->addr in an else tree which would leave conn->addr to NULL and likely cause a segfault later. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909400 13f79535-47bb-0310-9956-ffa450edef68 (cherry picked from commit dc498e9)
Configuration menu - View commit details
-
Copy full SHA for f6343d4 - Browse repository at this point
Copy the full SHA f6343d4View commit details -
* Clear the dns_pool before to avoid a memory leak in case we did the…
… lookup again. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909401 13f79535-47bb-0310-9956-ffa450edef68 (cherry picked from commit 12b589f)
Configuration menu - View commit details
-
Copy full SHA for a229059 - Browse repository at this point
Copy the full SHA a229059View commit details -
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909402 13f79535-47bb-0310-9956-ffa450edef68 (cherry picked from commit 34c5832)
Configuration menu - View commit details
-
Copy full SHA for d7a759d - Browse repository at this point
Copy the full SHA d7a759dView commit details -
* If we fail to connect to all looked up IP's from the worker lookup …
…cache it might be caused by a change on DNS side. Try another DNS lookup in this case and in case this causes a successful connection trigger a refresh of the worker lookup cache. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909451 13f79535-47bb-0310-9956-ffa450edef68 (cherry picked from commit 9a8eb4a)
Configuration menu - View commit details
-
Copy full SHA for 428b3a6 - Browse repository at this point
Copy the full SHA 428b3a6View commit details -
mod_proxy: Handle backend address renewal with address_ttl= parameter.
Define a new proxy_address struct holding the current/latest sockaddr in use by each proxy worker and conn. Since backend addresses can be updated when their TTL expires and while connections are being processed, each address is refcounted and freed only when the last worker (or conn) using it grabs the new one. The lifetime of the addresses is handled at a single place by the new ap_proxy_determine_address() function. It guarantees to bind the current/latest backend address to the passed in conn (or do nothing if it's up to date already). The function is called indirectly by ap_proxy_determine_connection() for the proxy modules that use it, or directly by mod_proxy_ftp and mod_proxy_hcheck. It also is called eventually by ap_proxy_connect_backend() when connect()ing all the current addresses fails, to check (PROXY_DETERMINE_ADDRESS_CHECK) if some new addrs are available. This commit is also a rework of the lifetime of conn->addr, conn->hostname and conn->forward, using the conn->uds_pool and conn->fwd_pool for the cases where the backend is connected through a UDS socket and a remote CONNECT proxy respectively. * include/ap_mmn.h: Minor bump for new function/fields. * modules/proxy/mod_proxy.h (struct proxy_address, ap_proxy_determine_addresss()): Declare ap_proxy_determine_addresss() and opaque struct proxy_address, new fields to structs proxy_conn_rec/proxy_worker_shared/proxy_worker. * modules/proxy/mod_proxy.c (set_worker_param): Parse/set the new worker->address_ttl parameter. * modules/proxy/proxy_util.c (proxy_util_register_hooks(), ap_proxy_initialize_worker(), ap_proxy_connection_reusable(), ap_proxyerror(), proxyerror_core(), init_conn_pool(), make_conn_subpool(), connection_make(), connection_cleanup(), connection_constructor()): Initialize *proxy_start_time in proxy_util_register_hooks() as the epoch from which expiration times are relative (i.e. seconds stored in an uint32_t for atomic changes). Make sure worker->s->is_address_reusable and worker->s->disablereuse are consistant in ap_proxy_initialize_worker(), thus no need to check for both in ap_proxy_connection_reusable(). New proxyerror_core() helper taking an apr_status_t to log, wrap in ap_proxyerror(). New make_conn_subpool() to create worker->cp->{pool,dns} with their own allocator. New connection_make() helper to factorize code in connection_cleanup() and connection_constructor(). * modules/proxy/proxy_util.c (proxy_address_inc(), proxy_address_dec(), proxy_address_cleanup(), proxy_address_set_expired(), worker_address_get(), worker_address_set(), worker_address_resolve(), proxy_addrs_equal(), ap_proxy_determine_address(), ap_proxy_determine_connection(), ap_proxy_connect_backend()): Implement ap_proxy_determine_address() using the above helpers for atomic changes, and call it from ap_proxy_determine_connection() and ap_proxy_connect_backend(). * modules/proxy/mod_proxy_ftp.c (proxy_ftp_handler): Use ap_proxy_determine_address() and use the returned backend->addr. * modules/proxy/mod_proxy_hcheck.c (hc_determine_connection, hc_get_backend, hc_init_worker, hc_watchdog_callback): Use ap_proxy_determine_address() in hc_determine_connection() and call the latter from hc_get_backend(), replace hc_init_worker() by hc_init_baton() which now calls hc_get_hcworker() and hc_get_backend() to resolve the first address at init time. * modules/proxy/mod_proxy_http.c (proxy_http_handler): Use backend->addr and ->hostname instead of worker->cp->addr and worker->s->hostname_ex respectively. * modules/proxy/mod_proxy_ajp.c (ap_proxy_ajp_request): Use backend->addr and ->hostname instead of worker->cp->addr and worker->s->hostname_ex respectively. Closes apache#367 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1912459 13f79535-47bb-0310-9956-ffa450edef68 (cherry picked from commit 3c7f67f)
Configuration menu - View commit details
-
Copy full SHA for 533be3b - Browse repository at this point
Copy the full SHA 533be3bView commit details