diff options
author | 2015-11-30 03:10:21 -0500 | |
---|---|---|
committer | 2015-11-30 03:10:21 -0500 | |
commit | c0b7206652b2852bc574694e7ba07ba1c2acdc00 (patch) | |
tree | 5cb95cb0e19e03610525903df46279df2c3b7eb1 /rubbos/app/httpd-2.0.64/modules/proxy/proxy_http.c | |
parent | b6d3d6e668b793220f2d3af1bc3e828553dc3fe6 (diff) |
delete app
Change-Id: Id4c572809969ebe89e946e88063eaed262cff3f2
Signed-off-by: hongbotian <hongbo.tianhongbo@huawei.com>
Diffstat (limited to 'rubbos/app/httpd-2.0.64/modules/proxy/proxy_http.c')
-rw-r--r-- | rubbos/app/httpd-2.0.64/modules/proxy/proxy_http.c | 1824 |
1 files changed, 0 insertions, 1824 deletions
diff --git a/rubbos/app/httpd-2.0.64/modules/proxy/proxy_http.c b/rubbos/app/httpd-2.0.64/modules/proxy/proxy_http.c deleted file mode 100644 index ca5f038b..00000000 --- a/rubbos/app/httpd-2.0.64/modules/proxy/proxy_http.c +++ /dev/null @@ -1,1824 +0,0 @@ -/* Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* HTTP routines for Apache proxy */ - -#include "mod_proxy.h" - -module AP_MODULE_DECLARE_DATA proxy_http_module; - -int ap_proxy_http_canon(request_rec *r, char *url); -int ap_proxy_http_handler(request_rec *r, proxy_server_conf *conf, - char *url, const char *proxyname, - apr_port_t proxyport); - -typedef struct { - const char *name; - apr_port_t port; - apr_sockaddr_t *addr; - apr_socket_t *sock; - int close; -} proxy_http_conn_t; - -static apr_status_t ap_proxy_http_cleanup(request_rec *r, - proxy_http_conn_t *p_conn, - proxy_conn_rec *backend); - -/* - * Canonicalise http-like URLs. - * scheme is the scheme for the URL - * url is the URL starting with the first '/' - * def_port is the default port for this scheme. - */ -int ap_proxy_http_canon(request_rec *r, char *url) -{ - char *host, *path, *search, sport[7]; - const char *err; - const char *scheme; - apr_port_t port, def_port; - - /* ap_port_of_scheme() */ - if (strncasecmp(url, "http:", 5) == 0) { - url += 5; - scheme = "http"; - } - else if (strncasecmp(url, "https:", 6) == 0) { - url += 6; - scheme = "https"; - } - else { - return DECLINED; - } - def_port = apr_uri_port_of_scheme(scheme); - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: HTTP: canonicalising URL %s", url); - - /* do syntatic check. - * We break the URL into host, port, path, search - */ - port = def_port; - err = ap_proxy_canon_netloc(r->pool, &url, NULL, NULL, &host, &port); - if (err) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "error parsing URL %s: %s", - url, err); - return HTTP_BAD_REQUEST; - } - - /* now parse path/search args, according to rfc1738 */ - /* N.B. if this isn't a true proxy request, then the URL _path_ - * has already been decoded. True proxy requests have r->uri - * == r->unparsed_uri, and no others have that property. - */ - if (r->uri == r->unparsed_uri) { - search = strchr(url, '?'); - if (search != NULL) - *(search++) = '\0'; - } - else - search = r->args; - - /* process path */ - path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, r->proxyreq); - if (path == NULL) - return HTTP_BAD_REQUEST; - - if (port != def_port) - apr_snprintf(sport, sizeof(sport), ":%d", port); - else - sport[0] = '\0'; - - if (ap_strchr_c(host, ':')) { /* if literal IPv6 address */ - host = apr_pstrcat(r->pool, "[", host, "]", NULL); - } - r->filename = apr_pstrcat(r->pool, "proxy:", scheme, "://", host, sport, - "/", path, (search) ? "?" : "", (search) ? search : "", NULL); - return OK; -} - -static const char *ap_proxy_location_reverse_map(request_rec *r, proxy_server_conf *conf, const char *url) -{ - struct proxy_alias *ent; - int i, l1, l2; - char *u; - - /* XXX FIXME: Make sure this handled the ambiguous case of the :80 - * after the hostname */ - - l1 = strlen(url); - ent = (struct proxy_alias *)conf->raliases->elts; - for (i = 0; i < conf->raliases->nelts; i++) { - l2 = strlen(ent[i].real); - if (l1 >= l2 && strncmp(ent[i].real, url, l2) == 0) { - u = apr_pstrcat(r->pool, ent[i].fake, &url[l2], NULL); - return ap_construct_url(r->pool, u, r); - } - } - return url; -} - -/* Clear all connection-based headers from the incoming headers table */ -static void ap_proxy_clear_connection(apr_pool_t *p, apr_table_t *headers) -{ - const char *name; - char *next = apr_pstrdup(p, apr_table_get(headers, "Connection")); - - apr_table_unset(headers, "Proxy-Connection"); - if (!next) - return; - - while (*next) { - name = next; - while (*next && !apr_isspace(*next) && (*next != ',')) { - ++next; - } - while (*next && (apr_isspace(*next) || (*next == ','))) { - *next = '\0'; - ++next; - } - apr_table_unset(headers, name); - } - apr_table_unset(headers, "Connection"); -} - -static -apr_status_t ap_proxy_http_determine_connection(apr_pool_t *p, request_rec *r, - proxy_http_conn_t *p_conn, - conn_rec *c, - proxy_server_conf *conf, - apr_uri_t *uri, - char **url, - const char *proxyname, - apr_port_t proxyport, - char *server_portstr, - int server_portstr_size) { - int server_port; - apr_status_t err; - apr_sockaddr_t *uri_addr; - /* - * Break up the URL to determine the host to connect to - */ - - /* we break the URL into host, port, uri */ - if (APR_SUCCESS != apr_uri_parse(p, *url, uri)) { - return ap_proxyerror(r, HTTP_BAD_REQUEST, - apr_pstrcat(p,"URI cannot be parsed: ", *url, - NULL)); - } - if (!uri->port) { - uri->port = apr_uri_port_of_scheme(uri->scheme); - } - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: HTTP connecting %s to %s:%d", *url, uri->hostname, - uri->port); - - /* do a DNS lookup for the destination host */ - /* see memory note above */ - err = apr_sockaddr_info_get(&uri_addr, apr_pstrdup(c->pool, uri->hostname), - APR_UNSPEC, uri->port, 0, c->pool); - - /* allocate these out of the connection pool - the check on - * r->connection->id makes sure that this string does not get accessed - * past the connection lifetime */ - /* are we connecting directly, or via a proxy? */ - if (proxyname) { - p_conn->name = apr_pstrdup(c->pool, proxyname); - p_conn->port = proxyport; - /* see memory note above */ - err = apr_sockaddr_info_get(&p_conn->addr, p_conn->name, APR_UNSPEC, - p_conn->port, 0, c->pool); - } else { - p_conn->name = apr_pstrdup(c->pool, uri->hostname); - p_conn->port = uri->port; - p_conn->addr = uri_addr; - *url = apr_pstrcat(p, uri->path, uri->query ? "?" : "", - uri->query ? uri->query : "", - uri->fragment ? "#" : "", - uri->fragment ? uri->fragment : "", NULL); - } - - if (err != APR_SUCCESS) { - return ap_proxyerror(r, HTTP_BAD_GATEWAY, - apr_pstrcat(p, "DNS lookup failure for: ", - p_conn->name, NULL)); - } - - /* Get the server port for the Via headers */ - { - server_port = ap_get_server_port(r); - if (ap_is_default_port(server_port, r)) { - strcpy(server_portstr,""); - } else { - apr_snprintf(server_portstr, server_portstr_size, ":%d", - server_port); - } - } - - /* check if ProxyBlock directive on this host */ - if (OK != ap_proxy_checkproxyblock(r, conf, uri_addr)) { - return ap_proxyerror(r, HTTP_FORBIDDEN, - "Connect to remote machine blocked"); - } - return OK; -} - -static -apr_status_t ap_proxy_http_create_connection(apr_pool_t *p, request_rec *r, - proxy_http_conn_t *p_conn, - conn_rec *c, conn_rec **origin, - proxy_conn_rec *backend, - proxy_server_conf *conf, - const char *proxyname) { - int failed=0, new=0; - apr_socket_t *client_socket = NULL; - - /* We have determined who to connect to. Now make the connection, supporting - * a KeepAlive connection. - */ - - /* get all the possible IP addresses for the destname and loop through them - * until we get a successful connection - */ - - /* if a keepalive socket is already open, check whether it must stay - * open, or whether it should be closed and a new socket created. - */ - /* see memory note above */ - if (backend->connection) { - client_socket = ap_get_module_config(backend->connection->conn_config, &core_module); - if ((backend->connection->id == c->id) && - (backend->port == p_conn->port) && - (backend->hostname) && - (!apr_strnatcasecmp(backend->hostname, p_conn->name))) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: keepalive address match (keep original socket)"); - } else { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: keepalive address mismatch / connection has" - " changed (close old socket (%s/%s, %d/%d))", - p_conn->name, backend->hostname, p_conn->port, - backend->port); - apr_socket_close(client_socket); - backend->connection = NULL; - } - } - - /* get a socket - either a keepalive one, or a new one */ - new = 1; - if ((backend->connection) && (backend->connection->id == c->id)) { - apr_size_t buffer_len = 1; - char test_buffer[1]; - apr_status_t socket_status; - apr_interval_time_t current_timeout; - - /* use previous keepalive socket */ - *origin = backend->connection; - p_conn->sock = client_socket; - new = 0; - - /* save timeout */ - apr_socket_timeout_get(p_conn->sock, ¤t_timeout); - /* set no timeout */ - apr_socket_timeout_set(p_conn->sock, 0); - socket_status = apr_recv(p_conn->sock, test_buffer, &buffer_len); - /* put back old timeout */ - apr_socket_timeout_set(p_conn->sock, current_timeout); - if ( APR_STATUS_IS_EOF(socket_status) ) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, - "proxy: previous connection is closed, creating a new connection."); - new = 1; - } - } - if (new) { - int rc; - - /* create a new socket */ - backend->connection = NULL; - - /* - * At this point we have a list of one or more IP addresses of - * the machine to connect to. If configured, reorder this - * list so that the "best candidate" is first try. "best - * candidate" could mean the least loaded server, the fastest - * responding server, whatever. - * - * For now we do nothing, ie we get DNS round robin. - * XXX FIXME - */ - failed = ap_proxy_connect_to_backend(&p_conn->sock, "HTTP", - p_conn->addr, p_conn->name, - conf, r->server, c->pool); - - /* handle a permanent error on the connect */ - if (failed) { - if (proxyname) { - return DECLINED; - } else { - return HTTP_BAD_GATEWAY; - } - } - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: socket is connected"); - - /* the socket is now open, create a new backend server connection */ - *origin = ap_run_create_connection(c->pool, r->server, p_conn->sock, - r->connection->id, - r->connection->sbh, c->bucket_alloc); - if (!*origin) { - /* the peer reset the connection already; ap_run_create_connection() - * closed the socket - */ - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, - r->server, "proxy: an error occurred creating a " - "new connection to %pI (%s)", p_conn->addr, - p_conn->name); - apr_socket_close(p_conn->sock); - return HTTP_INTERNAL_SERVER_ERROR; - } - backend->connection = *origin; - backend->hostname = apr_pstrdup(c->pool, p_conn->name); - backend->port = p_conn->port; - - if (backend->is_ssl) { - if (!ap_proxy_ssl_enable(backend->connection)) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, - r->server, "proxy: failed to enable ssl support " - "for %pI (%s)", p_conn->addr, p_conn->name); - return HTTP_INTERNAL_SERVER_ERROR; - } - } - else { - ap_proxy_ssl_disable(backend->connection); - } - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: connection complete to %pI (%s)", - p_conn->addr, p_conn->name); - - /* set up the connection filters */ - rc = ap_run_pre_connection(*origin, p_conn->sock); - if (rc != OK && rc != DONE) { - (*origin)->aborted = 1; - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: HTTP: pre_connection setup failed (%d)", - rc); - return rc; - } - } - return OK; -} - -static void add_te_chunked(apr_pool_t *p, - apr_bucket_alloc_t *bucket_alloc, - apr_bucket_brigade *header_brigade) -{ - apr_bucket *e; - char *buf; - const char te_hdr[] = "Transfer-Encoding: chunked" CRLF; - - buf = apr_pmemdup(p, te_hdr, sizeof(te_hdr)-1); - ap_xlate_proto_to_ascii(buf, sizeof(te_hdr)-1); - - e = apr_bucket_pool_create(buf, sizeof(te_hdr)-1, p, bucket_alloc); - APR_BRIGADE_INSERT_TAIL(header_brigade, e); -} - -static void add_cl(apr_pool_t *p, - apr_bucket_alloc_t *bucket_alloc, - apr_bucket_brigade *header_brigade, - const char *cl_val) -{ - apr_bucket *e; - char *buf; - - buf = apr_pstrcat(p, "Content-Length: ", - cl_val, - CRLF, - NULL); - ap_xlate_proto_to_ascii(buf, strlen(buf)); - e = apr_bucket_pool_create(buf, strlen(buf), p, bucket_alloc); - APR_BRIGADE_INSERT_TAIL(header_brigade, e); -} - -#define ASCII_CRLF "\015\012" -#define ASCII_ZERO "\060" - -static void terminate_headers(apr_bucket_alloc_t *bucket_alloc, - apr_bucket_brigade *header_brigade) -{ - apr_bucket *e; - - /* add empty line at the end of the headers */ - e = apr_bucket_immortal_create(ASCII_CRLF, 2, bucket_alloc); - APR_BRIGADE_INSERT_TAIL(header_brigade, e); -} - -static apr_status_t pass_brigade(apr_bucket_alloc_t *bucket_alloc, - request_rec *r, proxy_http_conn_t *p_conn, - conn_rec *origin, apr_bucket_brigade *bb, - int flush) -{ - apr_status_t status; - - if (flush) { - apr_bucket *e = apr_bucket_flush_create(bucket_alloc); - APR_BRIGADE_INSERT_TAIL(bb, e); - } - status = ap_pass_brigade(origin->output_filters, bb); - if (status != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, - "proxy: pass request body failed to %pI (%s)", - p_conn->addr, p_conn->name); - return status; - } - apr_brigade_cleanup(bb); - return APR_SUCCESS; -} - -static apr_status_t stream_reqbody_chunked(apr_pool_t *p, - request_rec *r, - proxy_http_conn_t *p_conn, - conn_rec *origin, - apr_bucket_brigade *header_brigade, - apr_bucket_brigade *input_brigade) -{ - int seen_eos = 0; - apr_size_t hdr_len; - apr_off_t bytes; - apr_status_t status; - apr_bucket_alloc_t *bucket_alloc = r->connection->bucket_alloc; - apr_bucket_brigade *bb; - apr_bucket *e; - - add_te_chunked(p, bucket_alloc, header_brigade); - terminate_headers(bucket_alloc, header_brigade); - - while (!APR_BUCKET_IS_EOS(APR_BRIGADE_FIRST(input_brigade))) - { - char chunk_hdr[20]; /* must be here due to transient bucket. */ - - /* If this brigade contains EOS, either stop or remove it. */ - if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade))) { - seen_eos = 1; - - /* We can't pass this EOS to the output_filters. */ - e = APR_BRIGADE_LAST(input_brigade); - apr_bucket_delete(e); - } - - apr_brigade_length(input_brigade, 1, &bytes); - - hdr_len = apr_snprintf(chunk_hdr, sizeof(chunk_hdr), - "%" APR_UINT64_T_HEX_FMT CRLF, - (apr_uint64_t)bytes); - - ap_xlate_proto_to_ascii(chunk_hdr, hdr_len); - e = apr_bucket_transient_create(chunk_hdr, hdr_len, - bucket_alloc); - APR_BRIGADE_INSERT_HEAD(input_brigade, e); - - /* - * Append the end-of-chunk CRLF - */ - e = apr_bucket_immortal_create(ASCII_CRLF, 2, bucket_alloc); - APR_BRIGADE_INSERT_TAIL(input_brigade, e); - - if (header_brigade) { - /* we never sent the header brigade, so go ahead and - * take care of that now - */ - bb = header_brigade; - - /* - * Save input_brigade in bb brigade. (At least) in the SSL case - * input_brigade contains transient buckets whose data would get - * overwritten during the next call of ap_get_brigade in the loop. - * ap_save_brigade ensures these buckets to be set aside. - * Calling ap_save_brigade with NULL as filter is OK, because - * bb brigade already has been created and does not need to get - * created by ap_save_brigade. - */ - status = ap_save_brigade(NULL, &bb, &input_brigade, p); - if (status != APR_SUCCESS) { - return status; - } - - header_brigade = NULL; - } - else { - bb = input_brigade; - } - - /* The request is flushed below this loop with chunk EOS header */ - status = pass_brigade(bucket_alloc, r, p_conn, origin, bb, 0); - if (status != APR_SUCCESS) { - return status; - } - - if (seen_eos) { - break; - } - - status = ap_get_brigade(r->input_filters, input_brigade, - AP_MODE_READBYTES, APR_BLOCK_READ, - HUGE_STRING_LEN); - - if (status != APR_SUCCESS) { - return status; - } - } - - if (header_brigade) { - /* we never sent the header brigade because there was no request body; - * send it now - */ - bb = header_brigade; - } - else { - if (!APR_BRIGADE_EMPTY(input_brigade)) { - /* input brigade still has an EOS which we can't pass to the output_filters. */ - e = APR_BRIGADE_LAST(input_brigade); - AP_DEBUG_ASSERT(APR_BUCKET_IS_EOS(e)); - apr_bucket_delete(e); - } - bb = input_brigade; - } - - e = apr_bucket_immortal_create(ASCII_ZERO ASCII_CRLF - /* <trailers> */ - ASCII_CRLF, - 5, bucket_alloc); - APR_BRIGADE_INSERT_TAIL(bb, e); - - /* Now we have headers-only, or the chunk EOS mark; flush it */ - status = pass_brigade(bucket_alloc, r, p_conn, origin, bb, 1); - return status; -} - -static apr_status_t stream_reqbody_cl(apr_pool_t *p, - request_rec *r, - proxy_http_conn_t *p_conn, - conn_rec *origin, - apr_bucket_brigade *header_brigade, - apr_bucket_brigade *input_brigade, - const char *old_cl_val) -{ - int seen_eos = 0; - apr_status_t status = APR_SUCCESS; - apr_bucket_alloc_t *bucket_alloc = r->connection->bucket_alloc; - apr_bucket_brigade *bb; - apr_bucket *e; - apr_off_t cl_val = 0; - apr_off_t bytes; - apr_off_t bytes_streamed = 0; - - if (old_cl_val) { - add_cl(p, bucket_alloc, header_brigade, old_cl_val); - cl_val = atol(old_cl_val); - } - terminate_headers(bucket_alloc, header_brigade); - - while (!APR_BUCKET_IS_EOS(APR_BRIGADE_FIRST(input_brigade))) - { - apr_brigade_length(input_brigade, 1, &bytes); - bytes_streamed += bytes; - - /* If this brigade contains EOS, either stop or remove it. */ - if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade))) { - seen_eos = 1; - - /* We can't pass this EOS to the output_filters. */ - e = APR_BRIGADE_LAST(input_brigade); - apr_bucket_delete(e); - } - - /* C-L < bytes streamed?!? - * We will error out after the body is completely - * consumed, but we can't stream more bytes at the - * back end since they would in part be interpreted - * as another request! If nothing is sent, then - * just send nothing. - * - * Prevents HTTP Response Splitting. - */ - if (bytes_streamed > cl_val) - continue; - - if (header_brigade) { - /* we never sent the header brigade, so go ahead and - * take care of that now - */ - bb = header_brigade; - - /* - * Save input_brigade in bb brigade. (At least) in the SSL case - * input_brigade contains transient buckets whose data would get - * overwritten during the next call of ap_get_brigade in the loop. - * ap_save_brigade ensures these buckets to be set aside. - * Calling ap_save_brigade with NULL as filter is OK, because - * bb brigade already has been created and does not need to get - * created by ap_save_brigade. - */ - status = ap_save_brigade(NULL, &bb, &input_brigade, p); - if (status != APR_SUCCESS) { - return status; - } - - header_brigade = NULL; - } - else { - bb = input_brigade; - } - - /* Once we hit EOS, we are ready to flush. */ - status = pass_brigade(bucket_alloc, r, p_conn, origin, bb, seen_eos); - if (status != APR_SUCCESS) { - return status; - } - - if (seen_eos) { - break; - } - - status = ap_get_brigade(r->input_filters, input_brigade, - AP_MODE_READBYTES, APR_BLOCK_READ, - HUGE_STRING_LEN); - - if (status != APR_SUCCESS) { - return status; - } - } - - if (bytes_streamed != cl_val) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, - "proxy: client %s given Content-Length did not match" - " number of body bytes read", r->connection->remote_ip); - return APR_EOF; - } - - if (header_brigade) { - /* we never sent the header brigade since there was no request - * body; send it now with the flush flag - */ - bb = header_brigade; - status = pass_brigade(bucket_alloc, r, p_conn, origin, bb, 1); - } - return status; -} - -#define MAX_MEM_SPOOL 16384 - -static apr_status_t spool_reqbody_cl(apr_pool_t *p, - request_rec *r, - proxy_http_conn_t *p_conn, - conn_rec *origin, - apr_bucket_brigade *header_brigade, - apr_bucket_brigade *input_brigade, - int force_cl) -{ - int seen_eos = 0; - apr_status_t status; - apr_bucket_alloc_t *bucket_alloc = r->connection->bucket_alloc; - apr_bucket_brigade *body_brigade; - apr_bucket *e; - apr_off_t bytes, bytes_spooled = 0, fsize = 0; - apr_file_t *tmpfile = NULL; - - body_brigade = apr_brigade_create(p, bucket_alloc); - - while (!APR_BUCKET_IS_EOS(APR_BRIGADE_FIRST(input_brigade))) - { - /* If this brigade contains EOS, either stop or remove it. */ - if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade))) { - seen_eos = 1; - - /* We can't pass this EOS to the output_filters. */ - e = APR_BRIGADE_LAST(input_brigade); - apr_bucket_delete(e); - } - - apr_brigade_length(input_brigade, 1, &bytes); - - if (bytes_spooled + bytes > MAX_MEM_SPOOL) { - /* can't spool any more in memory; write latest brigade to disk */ - if (tmpfile == NULL) { - const char *temp_dir; - char *template; - - status = apr_temp_dir_get(&temp_dir, p); - if (status != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, - "proxy: search for temporary directory failed"); - return status; - } - apr_filepath_merge(&template, temp_dir, - "modproxy.tmp.XXXXXX", - APR_FILEPATH_NATIVE, p); - status = apr_file_mktemp(&tmpfile, template, 0, p); - if (status != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, - "proxy: creation of temporary file in directory %s failed", - temp_dir); - return status; - } - } - for (e = APR_BRIGADE_FIRST(input_brigade); - e != APR_BRIGADE_SENTINEL(input_brigade); - e = APR_BUCKET_NEXT(e)) { - const char *data; - apr_size_t bytes_read, bytes_written; - - apr_bucket_read(e, &data, &bytes_read, APR_BLOCK_READ); - status = apr_file_write_full(tmpfile, data, bytes_read, &bytes_written); - if (status != APR_SUCCESS) { - const char *tmpfile_name; - - if (apr_file_name_get(&tmpfile_name, tmpfile) != APR_SUCCESS) { - tmpfile_name = "(unknown)"; - } - ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, - "proxy: write to temporary file %s failed", - tmpfile_name); - return status; - } - AP_DEBUG_ASSERT(bytes_read == bytes_written); - fsize += bytes_written; - } - apr_brigade_cleanup(input_brigade); - } - else { - - /* - * Save input_brigade in body_brigade. (At least) in the SSL case - * input_brigade contains transient buckets whose data would get - * overwritten during the next call of ap_get_brigade in the loop. - * ap_save_brigade ensures these buckets to be set aside. - * Calling ap_save_brigade with NULL as filter is OK, because - * body_brigade already has been created and does not need to get - * created by ap_save_brigade. - */ - status = ap_save_brigade(NULL, &body_brigade, &input_brigade, p); - if (status != APR_SUCCESS) { - return status; - } - - } - - bytes_spooled += bytes; - - if (seen_eos) { - break; - } - - status = ap_get_brigade(r->input_filters, input_brigade, - AP_MODE_READBYTES, APR_BLOCK_READ, - HUGE_STRING_LEN); - - if (status != APR_SUCCESS) { - return status; - } - } - - if (bytes_spooled || force_cl) { - add_cl(p, bucket_alloc, header_brigade, apr_off_t_toa(p, bytes_spooled)); - } - terminate_headers(bucket_alloc, header_brigade); - APR_BRIGADE_CONCAT(header_brigade, body_brigade); - if (tmpfile) { - /* For platforms where the size of the file may be larger than - * that which can be stored in a single bucket (where the - * length field is an apr_size_t), split it into several - * buckets: */ - if (sizeof(apr_off_t) > sizeof(apr_size_t) - && fsize > AP_MAX_SENDFILE) { - e = apr_bucket_file_create(tmpfile, 0, AP_MAX_SENDFILE, p, - bucket_alloc); - while (fsize > AP_MAX_SENDFILE) { - apr_bucket *ce; - apr_bucket_copy(e, &ce); - APR_BRIGADE_INSERT_TAIL(header_brigade, ce); - e->start += AP_MAX_SENDFILE; - fsize -= AP_MAX_SENDFILE; - } - e->length = (apr_size_t)fsize; /* Resize just the last bucket */ - } - else { - e = apr_bucket_file_create(tmpfile, 0, (apr_size_t)fsize, p, - bucket_alloc); - } - APR_BRIGADE_INSERT_TAIL(header_brigade, e); - } - /* This is all a single brigade, pass with flush flagged */ - status = pass_brigade(bucket_alloc, r, p_conn, origin, header_brigade, 1); - return status; -} - -static -apr_status_t ap_proxy_http_request(apr_pool_t *p, request_rec *r, - proxy_http_conn_t *p_conn, conn_rec *origin, - proxy_server_conf *conf, - apr_uri_t *uri, - char *url, - apr_bucket_brigade *header_brigade, - char *server_portstr) -{ - conn_rec *c = r->connection; - apr_bucket_alloc_t *bucket_alloc = c->bucket_alloc; - apr_bucket_brigade *input_brigade; - apr_bucket_brigade *temp_brigade; - apr_bucket *e; - char *buf; - const apr_array_header_t *headers_in_array; - const apr_table_entry_t *headers_in; - int counter; - apr_status_t status; - enum rb_methods {RB_INIT, RB_STREAM_CL, RB_STREAM_CHUNKED, RB_SPOOL_CL}; - enum rb_methods rb_method = RB_INIT; - const char *old_cl_val = NULL; - const char *old_te_val = NULL; - apr_off_t bytes_read = 0; - apr_off_t bytes; - int force10; - - /* - * Send the HTTP/1.1 request to the remote server - */ - - /* strip connection listed hop-by-hop headers from the request */ - /* even though in theory a connection: close coming from the client - * should not affect the connection to the server, it's unlikely - * that subsequent client requests will hit this thread/process, - * so we cancel server keepalive if the client does. - */ - if (ap_proxy_liststr(apr_table_get(r->headers_in, - "Connection"), "close")) { - p_conn->close++; - /* XXX: we are abusing r->headers_in rather than a copy, - * give the core output handler a clue the client would - * rather just close. - */ - c->keepalive = AP_CONN_CLOSE; - } - ap_proxy_clear_connection(p, r->headers_in); - - if (apr_table_get(r->subprocess_env, "force-proxy-request-1.0")) { - buf = apr_pstrcat(p, r->method, " ", url, " HTTP/1.0" CRLF, NULL); - force10 = 1; - p_conn->close++; - } else { - buf = apr_pstrcat(p, r->method, " ", url, " HTTP/1.1" CRLF, NULL); - force10 = 0; - } - if (apr_table_get(r->subprocess_env, "proxy-nokeepalive")) { - origin->keepalive = AP_CONN_CLOSE; - p_conn->close++; - } - ap_xlate_proto_to_ascii(buf, strlen(buf)); - e = apr_bucket_pool_create(buf, strlen(buf), p, c->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(header_brigade, e); - if (conf->preserve_host == 0) { - if (uri->port_str && uri->port != DEFAULT_HTTP_PORT) { - buf = apr_pstrcat(p, "Host: ", uri->hostname, ":", uri->port_str, - CRLF, NULL); - } else { - buf = apr_pstrcat(p, "Host: ", uri->hostname, CRLF, NULL); - } - } - else { - /* don't want to use r->hostname, as the incoming header might have a - * port attached - */ - const char* hostname = apr_table_get(r->headers_in,"Host"); - if (!hostname) { - hostname = r->server->server_hostname; - ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, - "proxy: no HTTP 0.9 request (with no host line) " - "on incoming request and preserve host set " - "forcing hostname to be %s for uri %s", - hostname, - r->uri ); - } - buf = apr_pstrcat(p, "Host: ", hostname, CRLF, NULL); - } - ap_xlate_proto_to_ascii(buf, strlen(buf)); - e = apr_bucket_pool_create(buf, strlen(buf), p, c->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(header_brigade, e); - - /* handle Via */ - if (conf->viaopt == via_block) { - /* Block all outgoing Via: headers */ - apr_table_unset(r->headers_in, "Via"); - } else if (conf->viaopt != via_off) { - const char *server_name = ap_get_server_name(r); - /* If USE_CANONICAL_NAME_OFF was configured for the proxy virtual host, - * then the server name returned by ap_get_server_name() is the - * origin server name (which does make too much sense with Via: headers) - * so we use the proxy vhost's name instead. - */ - if (server_name == r->hostname) - server_name = r->server->server_hostname; - /* Create a "Via:" request header entry and merge it */ - /* Generate outgoing Via: header with/without server comment: */ - apr_table_mergen(r->headers_in, "Via", - (conf->viaopt == via_full) - ? apr_psprintf(p, "%d.%d %s%s (%s)", - HTTP_VERSION_MAJOR(r->proto_num), - HTTP_VERSION_MINOR(r->proto_num), - server_name, server_portstr, - AP_SERVER_BASEVERSION) - : apr_psprintf(p, "%d.%d %s%s", - HTTP_VERSION_MAJOR(r->proto_num), - HTTP_VERSION_MINOR(r->proto_num), - server_name, server_portstr) - ); - } - - /* X-Forwarded-*: handling - * - * XXX Privacy Note: - * ----------------- - * - * These request headers are only really useful when the mod_proxy - * is used in a reverse proxy configuration, so that useful info - * about the client can be passed through the reverse proxy and on - * to the backend server, which may require the information to - * function properly. - * - * In a forward proxy situation, these options are a potential - * privacy violation, as information about clients behind the proxy - * are revealed to arbitrary servers out there on the internet. - * - * The HTTP/1.1 Via: header is designed for passing client - * information through proxies to a server, and should be used in - * a forward proxy configuation instead of X-Forwarded-*. See the - * ProxyVia option for details. - */ - - if (PROXYREQ_REVERSE == r->proxyreq) { - const char *buf; - - /* Add X-Forwarded-For: so that the upstream has a chance to - * determine, where the original request came from. - */ - apr_table_mergen(r->headers_in, "X-Forwarded-For", - r->connection->remote_ip); - - /* Add X-Forwarded-Host: so that upstream knows what the - * original request hostname was. - */ - if ((buf = apr_table_get(r->headers_in, "Host"))) { - apr_table_mergen(r->headers_in, "X-Forwarded-Host", buf); - } - - /* Add X-Forwarded-Server: so that upstream knows what the - * name of this proxy server is (if there are more than one) - * XXX: This duplicates Via: - do we strictly need it? - */ - apr_table_mergen(r->headers_in, "X-Forwarded-Server", - r->server->server_hostname); - } - - /* send request headers */ - proxy_run_fixups(r); - headers_in_array = apr_table_elts(r->headers_in); - headers_in = (const apr_table_entry_t *) headers_in_array->elts; - for (counter = 0; counter < headers_in_array->nelts; counter++) { - if (headers_in[counter].key == NULL - || headers_in[counter].val == NULL - - /* Already sent */ - || !strcasecmp(headers_in[counter].key, "Host") - - /* Clear out hop-by-hop request headers not to send - * RFC2616 13.5.1 says we should strip these headers - */ - || !strcasecmp(headers_in[counter].key, "Keep-Alive") - || !strcasecmp(headers_in[counter].key, "TE") - || !strcasecmp(headers_in[counter].key, "Trailer") - || !strcasecmp(headers_in[counter].key, "Upgrade") - - /* XXX: @@@ FIXME: "Proxy-Authorization" should *only* be - * suppressed if THIS server requested the authentication, - * not when a frontend proxy requested it! - * - * The solution to this problem is probably to strip out - * the Proxy-Authorisation header in the authorisation - * code itself, not here. This saves us having to signal - * somehow whether this request was authenticated or not. - */ - || !strcasecmp(headers_in[counter].key,"Proxy-Authorization") - || !strcasecmp(headers_in[counter].key,"Proxy-Authenticate")) { - continue; - } - - /* Skip Transfer-Encoding and Content-Length for now. - */ - if (!strcasecmp(headers_in[counter].key, "Transfer-Encoding")) { - old_te_val = headers_in[counter].val; - continue; - } - if (!strcasecmp(headers_in[counter].key, "Content-Length")) { - old_cl_val = headers_in[counter].val; - continue; - } - - /* for sub-requests, ignore freshness/expiry headers */ - if (r->main) { - if ( !strcasecmp(headers_in[counter].key, "If-Match") - || !strcasecmp(headers_in[counter].key, "If-Modified-Since") - || !strcasecmp(headers_in[counter].key, "If-Range") - || !strcasecmp(headers_in[counter].key, "If-Unmodified-Since") - || !strcasecmp(headers_in[counter].key, "If-None-Match")) { - continue; - } - } - - buf = apr_pstrcat(p, headers_in[counter].key, ": ", - headers_in[counter].val, CRLF, - NULL); - ap_xlate_proto_to_ascii(buf, strlen(buf)); - e = apr_bucket_pool_create(buf, strlen(buf), p, c->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(header_brigade, e); - } - - /* We have headers, let's figure out our request body... */ - input_brigade = apr_brigade_create(p, bucket_alloc); - - /* sub-requests never use keepalives, and mustn't pass request bodies. - * Because the new logic looks at input_brigade, we will self-terminate - * input_brigade and jump past all of the request body logic... - * Reading anything with ap_get_brigade is likely to consume the - * main request's body or read beyond EOS - which would be unplesant. - */ - if (r->main) { - p_conn->close++; - if (old_cl_val) { - old_cl_val = NULL; - apr_table_unset(r->headers_in, "Content-Length"); - } - if (old_te_val) { - old_te_val = NULL; - apr_table_unset(r->headers_in, "Transfer-Encoding"); - } - rb_method = RB_STREAM_CL; - e = apr_bucket_eos_create(input_brigade->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(input_brigade, e); - goto skip_body; - } - - /* WE only understand chunked. Other modules might inject - * (and therefore, decode) other flavors but we don't know - * that the can and have done so unless they they remove - * their decoding from the headers_in T-E list. - * XXX: Make this extensible, but in doing so, presume the - * encoding has been done by the extensions' handler, and - * do not modify add_te_chunked's logic - */ - if (old_te_val && strcmp(old_te_val, "chunked") != 0) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, - "proxy: %s Transfer-Encoding is not supported", - old_te_val); - return APR_EINVAL; - } - - if (old_cl_val && old_te_val) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, APR_ENOTIMPL, r->server, - "proxy: client %s (%s) requested Transfer-Encoding body" - " with Content-Length (C-L ignored)", - c->remote_ip, c->remote_host ? c->remote_host: ""); - apr_table_unset(r->headers_in, "Content-Length"); - old_cl_val = NULL; - origin->keepalive = AP_CONN_CLOSE; - p_conn->close++; - } - - /* Prefetch MAX_MEM_SPOOL bytes - * - * This helps us avoid any election of C-L v.s. T-E - * request bodies, since we are willing to keep in - * memory this much data, in any case. This gives - * us an instant C-L election if the body is of some - * reasonable size. - */ - temp_brigade = apr_brigade_create(p, bucket_alloc); - do { - status = ap_get_brigade(r->input_filters, temp_brigade, - AP_MODE_READBYTES, APR_BLOCK_READ, - MAX_MEM_SPOOL - bytes_read); - if (status != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, - "proxy: prefetch request body failed to %s" - " from %s (%s)", - p_conn->name ? p_conn->name: "", - c->remote_ip, c->remote_host ? c->remote_host: ""); - return status; - } - - apr_brigade_length(temp_brigade, 1, &bytes); - bytes_read += bytes; - - /* - * Save temp_brigade in input_brigade. (At least) in the SSL case - * temp_brigade contains transient buckets whose data would get - * overwritten during the next call of ap_get_brigade in the loop. - * ap_save_brigade ensures these buckets to be set aside. - * Calling ap_save_brigade with NULL as filter is OK, because - * input_brigade already has been created and does not need to get - * created by ap_save_brigade. - */ - status = ap_save_brigade(NULL, &input_brigade, &temp_brigade, p); - if (status != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, - "proxy: processing prefetched request body failed" - " to %s from %s (%s)", - p_conn->name ? p_conn->name: "", - c->remote_ip, c->remote_host ? c->remote_host: ""); - return status; - } - - /* Ensure we don't hit a wall where we have a buffer too small - * for ap_get_brigade's filters to fetch us another bucket, - * surrender once we hit 80 bytes less than MAX_MEM_SPOOL - * (an arbitrary value.) - */ - } while ((bytes_read < MAX_MEM_SPOOL - 80) - && !APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade))); - - /* Use chunked request body encoding or send a content-length body? - * - * Prefer C-L when: - * - * We have no request body (handled by RB_STREAM_CL) - * - * We have a request body length <= MAX_MEM_SPOOL - * - * The administrator has setenv force-proxy-request-1.0 - * - * The client sent a C-L body, and the administrator has - * not setenv proxy-sendchunked or has set setenv proxy-sendcl - * - * The client sent a T-E body, and the administrator has - * setenv proxy-sendcl, and not setenv proxy-sendchunked - * - * If both proxy-sendcl and proxy-sendchunked are set, the - * behavior is the same as if neither were set, large bodies - * that can't be read will be forwarded in their original - * form of C-L, or T-E. - * - * To ensure maximum compatibility, setenv proxy-sendcl - * To reduce server resource use, setenv proxy-sendchunked - * - * Then address specific servers with conditional setenv - * options to restore the default behavior where desireable. - * - * We have to compute content length by reading the entire request - * body; if request body is not small, we'll spool the remaining - * input to a temporary file. Chunked is always preferable. - * - * We can only trust the client-provided C-L if the T-E header - * is absent, and the filters are unchanged (the body won't - * be resized by another content filter). - */ - if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade))) { - /* The whole thing fit, so our decision is trivial, use - * the filtered bytes read from the client for the request - * body Content-Length. - * - * If we expected no body, and read no body, do not set - * the Content-Length. - */ - if (old_cl_val || old_te_val || bytes_read) { - old_cl_val = apr_off_t_toa(r->pool, bytes_read); - } - rb_method = RB_STREAM_CL; - } - else if (old_te_val) { - if (force10 - || (apr_table_get(r->subprocess_env, "proxy-sendcl") - && !apr_table_get(r->subprocess_env, "proxy-sendchunks") - && !apr_table_get(r->subprocess_env, "proxy-sendchunked"))) { - rb_method = RB_SPOOL_CL; - } - else { - rb_method = RB_STREAM_CHUNKED; - } - } - else if (old_cl_val) { - if (r->input_filters == r->proto_input_filters) { - rb_method = RB_STREAM_CL; - } - else if (!force10 - && (apr_table_get(r->subprocess_env, "proxy-sendchunks") - || apr_table_get(r->subprocess_env, "proxy-sendchunked")) - && !apr_table_get(r->subprocess_env, "proxy-sendcl")) { - rb_method = RB_STREAM_CHUNKED; - } - else { - rb_method = RB_SPOOL_CL; - } - } - else { - /* This is an appropriate default; very efficient for no-body - * requests, and has the behavior that it will not add any C-L - * when the old_cl_val is NULL. - */ - rb_method = RB_SPOOL_CL; - } - -/* Yes I hate gotos. This is the subrequest shortcut */ -skip_body: - /* Handle Connection: header */ - if (!force10 && p_conn->close) { - buf = apr_pstrdup(p, "Connection: close" CRLF); - ap_xlate_proto_to_ascii(buf, strlen(buf)); - e = apr_bucket_pool_create(buf, strlen(buf), p, c->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(header_brigade, e); - } - - /* send the request body, if any. */ - switch(rb_method) { - case RB_STREAM_CHUNKED: - status = stream_reqbody_chunked(p, r, p_conn, origin, header_brigade, - input_brigade); - break; - case RB_STREAM_CL: - status = stream_reqbody_cl(p, r, p_conn, origin, header_brigade, - input_brigade, old_cl_val); - break; - case RB_SPOOL_CL: - status = spool_reqbody_cl(p, r, p_conn, origin, header_brigade, - input_brigade, (old_cl_val != NULL) - || (old_te_val != NULL) - || (bytes_read > 0)); - break; - default: - ap_assert(1 != 1); - break; - } - - if (status != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, - "proxy: pass request body failed to %pI (%s)" - " from %s (%s)", - p_conn->addr, p_conn->name ? p_conn->name: "", - c->remote_ip, c->remote_host ? c->remote_host: ""); - return status; - } - - return APR_SUCCESS; -} - -static int addit_dammit(void *v, const char *key, const char *val) -{ - apr_table_addn(v, key, val); - return 1; -} - -/* - * Limit the number of interim respones we sent back to the client. Otherwise - * we suffer from a memory build up. Besides there is NO sense in sending back - * an unlimited number of interim responses to the client. Thus if we cross - * this limit send back a 502 (Bad Gateway). - */ -#ifndef AP_MAX_INTERIM_RESPONSES -#define AP_MAX_INTERIM_RESPONSES 10 -#endif - -static -apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, - proxy_http_conn_t *p_conn, - conn_rec *origin, - proxy_conn_rec *backend, - proxy_server_conf *conf, - apr_bucket_brigade *bb, - char *server_portstr) { - conn_rec *c = r->connection; - char buffer[HUGE_STRING_LEN]; - const char *buf; - char keepchar; - request_rec *rp; - apr_bucket *e; - apr_table_t *save_table; - int len, backasswards; - int received_continue = 1; /* flag to indicate if we should - * loop over response parsing logic - * in the case that the origin told us - * to HTTP_CONTINUE - */ - - /* Get response from the remote server, and pass it up the - * filter chain - */ - - rp = ap_proxy_make_fake_req(origin, r); - /* In case anyone needs to know, this is a fake request that is really a - * response. - */ - rp->proxyreq = PROXYREQ_RESPONSE; - - while (received_continue && (received_continue <= AP_MAX_INTERIM_RESPONSES)) { - apr_brigade_cleanup(bb); - - len = ap_getline(buffer, sizeof(buffer), rp, 0); - if (len == 0) { - /* handle one potential stray CRLF */ - len = ap_getline(buffer, sizeof(buffer), rp, 0); - } - if (len <= 0) { - apr_socket_close(p_conn->sock); - backend->connection = NULL; - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "proxy: error reading status line from remote " - "server %s", p_conn->name); - return ap_proxyerror(r, HTTP_BAD_GATEWAY, - "Error reading from remote server"); - } - - /* Is it an HTTP/1 response? - * This is buggy if we ever see an HTTP/1.10 - */ - if (apr_date_checkmask(buffer, "HTTP/#.# ###*")) { - int major, minor; - - if (2 != sscanf(buffer, "HTTP/%u.%u", &major, &minor)) { - major = 1; - minor = 1; - } - /* If not an HTTP/1 message or - * if the status line was > 8192 bytes - */ - else if ((buffer[5] != '1') || (len >= sizeof(buffer)-1)) { - apr_socket_close(p_conn->sock); - backend->connection = NULL; - return ap_proxyerror(r, HTTP_BAD_GATEWAY, - apr_pstrcat(p, "Corrupt status line returned by remote " - "server: ", buffer, NULL)); - } - backasswards = 0; - - keepchar = buffer[12]; - buffer[12] = '\0'; - r->status = atoi(&buffer[9]); - - if (keepchar != '\0') { - buffer[12] = keepchar; - } else { - /* 2616 requires the space in Status-Line; the origin - * server may have sent one but ap_rgetline_core will - * have stripped it. */ - buffer[12] = ' '; - buffer[13] = '\0'; - } - r->status_line = apr_pstrdup(p, &buffer[9]); - - /* read the headers. */ - /* N.B. for HTTP/1.0 clients, we have to fold line-wrapped headers*/ - /* Also, take care with headers with multiple occurences. */ - - /* First, tuck away all already existing cookies */ - save_table = apr_table_make(r->pool, 2); - apr_table_do(addit_dammit, save_table, r->headers_out, - "Set-Cookie", NULL); - - r->headers_out = ap_proxy_read_headers(r, rp, buffer, - sizeof(buffer), origin); - if (r->headers_out == NULL) { - ap_log_error(APLOG_MARK, APLOG_WARNING, 0, - r->server, "proxy: bad HTTP/%d.%d header " - "returned by %s (%s)", major, minor, r->uri, - r->method); - p_conn->close += 1; - /* - * ap_send_error relies on a headers_out to be present. we - * are in a bad position here.. so force everything we send out - * to have nothing to do with the incoming packet - */ - r->headers_out = apr_table_make(r->pool,1); - r->status = HTTP_BAD_GATEWAY; - r->status_line = "bad gateway"; - return r->status; - } - - /* Now, add in the just read cookies */ - apr_table_do(addit_dammit, save_table, r->headers_out, - "Set-Cookie", NULL); - - /* and now load 'em all in */ - if (!apr_is_empty_table(save_table)) { - apr_table_unset(r->headers_out, "Set-Cookie"); - r->headers_out = apr_table_overlay(r->pool, - r->headers_out, - save_table); - } - - /* can't have both Content-Length and Transfer-Encoding */ - if (apr_table_get(r->headers_out, "Transfer-Encoding") - && apr_table_get(r->headers_out, "Content-Length")) { - /* 2616 section 4.4, point 3: "if both Transfer-Encoding - * and Content-Length are received, the latter MUST be - * ignored"; so unset it here to prevent any confusion - * later. */ - apr_table_unset(r->headers_out, "Content-Length"); - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, - r->server, - "proxy: server %s returned Transfer-Encoding and Content-Length", - p_conn->name); - p_conn->close += 1; - } - - /* strip connection listed hop-by-hop headers from response */ - p_conn->close += ap_proxy_liststr(apr_table_get(r->headers_out, - "Connection"), - "close"); - ap_proxy_clear_connection(p, r->headers_out); - if ((buf = apr_table_get(r->headers_out, "Content-Type"))) { - ap_set_content_type(r, apr_pstrdup(p, buf)); - } - if (!ap_is_HTTP_INFO(r->status)) { - ap_proxy_pre_http_request(origin, rp); - } - - /* handle Via header in response */ - if (conf->viaopt != via_off && conf->viaopt != via_block) { - const char *server_name = ap_get_server_name(r); - /* If USE_CANONICAL_NAME_OFF was configured for the proxy virtual host, - * then the server name returned by ap_get_server_name() is the - * origin server name (which does make too much sense with Via: headers) - * so we use the proxy vhost's name instead. - */ - if (server_name == r->hostname) - server_name = r->server->server_hostname; - - /* create a "Via:" response header entry and merge it */ - apr_table_mergen(r->headers_out, "Via", - (conf->viaopt == via_full) - ? apr_psprintf(p, "%d.%d %s%s (%s)", - HTTP_VERSION_MAJOR(r->proto_num), - HTTP_VERSION_MINOR(r->proto_num), - server_name, - server_portstr, - AP_SERVER_BASEVERSION) - : apr_psprintf(p, "%d.%d %s%s", - HTTP_VERSION_MAJOR(r->proto_num), - HTTP_VERSION_MINOR(r->proto_num), - server_name, - server_portstr) - ); - } - - /* cancel keepalive if HTTP/1.0 or less */ - if ((major < 1) || (minor < 1)) { - p_conn->close += 1; - origin->keepalive = AP_CONN_CLOSE; - } - } else { - /* an http/0.9 response */ - backasswards = 1; - r->status = 200; - r->status_line = "200 OK"; - p_conn->close += 1; - } - - if ( r->status != HTTP_CONTINUE ) { - received_continue = 0; - } else { - received_continue++; - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, - "proxy: HTTP: received 100 CONTINUE"); - } - - /* we must accept 3 kinds of date, but generate only 1 kind of date */ - if ((buf = apr_table_get(r->headers_out, "Date")) != NULL) { - apr_table_set(r->headers_out, "Date", - ap_proxy_date_canon(p, buf)); - } - if ((buf = apr_table_get(r->headers_out, "Expires")) != NULL) { - apr_table_set(r->headers_out, "Expires", - ap_proxy_date_canon(p, buf)); - } - if ((buf = apr_table_get(r->headers_out, "Last-Modified")) != NULL) { - apr_table_set(r->headers_out, "Last-Modified", - ap_proxy_date_canon(p, buf)); - } - - /* munge the Location and URI response headers according to - * ProxyPassReverse - */ - if ((buf = apr_table_get(r->headers_out, "Location")) != NULL) { - apr_table_set(r->headers_out, "Location", - ap_proxy_location_reverse_map(r, conf, buf)); - } - if ((buf = apr_table_get(r->headers_out, "Content-Location")) != NULL) { - apr_table_set(r->headers_out, "Content-Location", - ap_proxy_location_reverse_map(r, conf, buf)); - } - if ((buf = apr_table_get(r->headers_out, "URI")) != NULL) { - apr_table_set(r->headers_out, "URI", - ap_proxy_location_reverse_map(r, conf, buf)); - } - - if ((r->status == 401) && (conf->error_override != 0)) { - const char *wa = "WWW-Authenticate"; - if ((buf = apr_table_get(r->headers_out, wa))) { - apr_table_set(r->err_headers_out, wa, buf); - } else { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: origin server sent 401 without WWW-Authenticate header"); - } - } - - r->sent_bodyct = 1; - /* Is it an HTTP/0.9 response? If so, send the extra data */ - if (backasswards) { - apr_ssize_t cntr = len; - e = apr_bucket_heap_create(buffer, cntr, NULL, c->bucket_alloc); - APR_BRIGADE_INSERT_TAIL(bb, e); - } - - /* send body - but only if a body is expected */ - if ((!r->header_only) && /* not HEAD request */ - (r->status > 199) && /* not any 1xx response */ - (r->status != HTTP_NO_CONTENT) && /* not 204 */ - (r->status != HTTP_RESET_CONTENT) && /* not 205 */ - (r->status != HTTP_NOT_MODIFIED)) { /* not 304 */ - - /* We need to copy the output headers and treat them as input - * headers as well. BUT, we need to do this before we remove - * TE, so that they are preserved accordingly for - * ap_http_filter to know where to end. - */ - rp->headers_in = apr_table_copy(r->pool, r->headers_out); - - apr_table_unset(r->headers_out,"Transfer-Encoding"); - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: start body send"); - - /* - * if we are overriding the errors, we can't put the content - * of the page into the brigade - */ - if ( (conf->error_override ==0) || r->status < 400 ) { - - /* read the body, pass it to the output filters */ - int finish = FALSE; - while (ap_get_brigade(rp->input_filters, - bb, - AP_MODE_READBYTES, - APR_BLOCK_READ, - conf->io_buffer_size) == APR_SUCCESS) { -#if DEBUGGING - { - apr_off_t readbytes; - apr_brigade_length(bb, 0, &readbytes); - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, - r->server, "proxy (PID %d): readbytes: %#x", - getpid(), readbytes); - } -#endif - /* sanity check */ - if (APR_BRIGADE_EMPTY(bb)) { - apr_brigade_cleanup(bb); - break; - } - - /* found the last brigade? */ - if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb))) { - /* if this is the last brigade, cleanup the - * backend connection first to prevent the - * backend server from hanging around waiting - * for a slow client to eat these bytes - */ - ap_proxy_http_cleanup(r, p_conn, backend); - /* signal that we must leave */ - finish = TRUE; - } - - /* try send what we read */ - if (ap_pass_brigade(r->output_filters, bb) != APR_SUCCESS - || c->aborted) { - /* Ack! Phbtt! Die! User aborted! */ - p_conn->close = 1; /* this causes socket close below */ - finish = TRUE; - } - - /* make sure we always clean up after ourselves */ - apr_brigade_cleanup(bb); - - /* if we are done, leave */ - if (TRUE == finish) { - break; - } - } - } - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: end body send"); - } else { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: header only"); - } - } - - /* See define of AP_MAX_INTERIM_RESPONSES for why */ - if (received_continue > AP_MAX_INTERIM_RESPONSES) { - return ap_proxyerror(r, HTTP_BAD_GATEWAY, - apr_psprintf(p, - "Too many (%d) interim responses from origin server", - received_continue)); - } - - if ( conf->error_override ) { - /* the code above this checks for 'OK' which is what the hook expects */ - if ( r->status == HTTP_OK ) - return OK; - else { - /* clear r->status for override error, otherwise ErrorDocument - * thinks that this is a recursive error, and doesn't find the - * custom error page - */ - int status = r->status; - r->status = HTTP_OK; - /* Discard body, if one is expected */ - if ((status > 199) && /* not any 1xx response */ - (status != HTTP_NO_CONTENT) && /* not 204 */ - (status != HTTP_RESET_CONTENT) && /* not 205 */ - (status != HTTP_NOT_MODIFIED)) { /* not 304 */ - ap_discard_request_body(rp); - } - return status; - } - } else - return OK; -} - -static -apr_status_t ap_proxy_http_cleanup(request_rec *r, proxy_http_conn_t *p_conn, - proxy_conn_rec *backend) { - /* If there are no KeepAlives, or if the connection has been signalled - * to close, close the socket and clean up - */ - - /* if the connection is < HTTP/1.1, or Connection: close, - * we close the socket, otherwise we leave it open for KeepAlive support - */ - if (p_conn->close || (r->proto_num < HTTP_VERSION(1,1))) { - if (p_conn->sock) { - apr_socket_close(p_conn->sock); - p_conn->sock = NULL; - backend->connection = NULL; - } - } - return OK; -} - -/* - * This handles http:// URLs, and other URLs using a remote proxy over http - * If proxyhost is NULL, then contact the server directly, otherwise - * go via the proxy. - * Note that if a proxy is used, then URLs other than http: can be accessed, - * also, if we have trouble which is clearly specific to the proxy, then - * we return DECLINED so that we can try another proxy. (Or the direct - * route.) - */ -int ap_proxy_http_handler(request_rec *r, proxy_server_conf *conf, - char *url, const char *proxyname, - apr_port_t proxyport) -{ - int status; - char server_portstr[32]; - conn_rec *origin = NULL; - proxy_conn_rec *backend = NULL; - int is_ssl = 0; - - /* Note: Memory pool allocation. - * A downstream keepalive connection is always connected to the existence - * (or not) of an upstream keepalive connection. If this is not done then - * load balancing against multiple backend servers breaks (one backend - * server ends up taking 100% of the load), and the risk is run of - * downstream keepalive connections being kept open unnecessarily. This - * keeps webservers busy and ties up resources. - * - * As a result, we allocate all sockets out of the upstream connection - * pool, and when we want to reuse a socket, we check first whether the - * connection ID of the current upstream connection is the same as that - * of the connection when the socket was opened. - */ - apr_pool_t *p = r->connection->pool; - conn_rec *c = r->connection; - apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc); - apr_uri_t *uri = apr_palloc(r->connection->pool, sizeof(*uri)); - proxy_http_conn_t *p_conn = apr_pcalloc(r->connection->pool, - sizeof(*p_conn)); - - /* is it for us? */ - if (strncasecmp(url, "https:", 6) == 0) { - if (!ap_proxy_ssl_enable(NULL)) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: HTTPS: declining URL %s" - " (mod_ssl not configured?)", url); - return DECLINED; - } - is_ssl = 1; - } - else if (!(strncasecmp(url, "http:", 5)==0 || (strncasecmp(url, "ftp:", 4)==0 && proxyname))) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: HTTP: declining URL %s", url); - return DECLINED; /* only interested in HTTP, or FTP via proxy */ - } - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "proxy: HTTP: serving URL %s", url); - - - /* only use stored info for top-level pages. Sub requests don't share - * in keepalives - */ - if (!r->main) { - backend = (proxy_conn_rec *) ap_get_module_config(c->conn_config, - &proxy_http_module); - } - /* create space for state information */ - if (!backend) { - backend = apr_pcalloc(c->pool, sizeof(proxy_conn_rec)); - backend->connection = NULL; - backend->hostname = NULL; - backend->port = 0; - if (!r->main) { - ap_set_module_config(c->conn_config, &proxy_http_module, backend); - } - } - - backend->is_ssl = is_ssl; - - /* Step One: Determine Who To Connect To */ - status = ap_proxy_http_determine_connection(p, r, p_conn, c, conf, uri, - &url, proxyname, proxyport, - server_portstr, - sizeof(server_portstr)); - if ( status != OK ) { - return status; - } - - /* Step Two: Make the Connection */ - status = ap_proxy_http_create_connection(p, r, p_conn, c, &origin, backend, - conf, proxyname); - if ( status != OK ) { - return status; - } - - /* Step Three: Send the Request */ - status = ap_proxy_http_request(p, r, p_conn, origin, conf, uri, url, bb, - server_portstr); - if ( status != OK ) { - return status; - } - - /* Step Four: Receive the Response */ - status = ap_proxy_http_process_response(p, r, p_conn, origin, backend, conf, - bb, server_portstr); - if ( status != OK ) { - /* clean up even if there is an error */ - ap_proxy_http_cleanup(r, p_conn, backend); - return status; - } - - /* Step Five: Clean Up */ - status = ap_proxy_http_cleanup(r, p_conn, backend); - if ( status != OK ) { - return status; - } - - return OK; -} - -static void ap_proxy_http_register_hook(apr_pool_t *p) -{ - proxy_hook_scheme_handler(ap_proxy_http_handler, NULL, NULL, APR_HOOK_FIRST); - proxy_hook_canon_handler(ap_proxy_http_canon, NULL, NULL, APR_HOOK_FIRST); -} - -module AP_MODULE_DECLARE_DATA proxy_http_module = { - STANDARD20_MODULE_STUFF, - NULL, /* create per-directory config structure */ - NULL, /* merge per-directory config structures */ - NULL, /* create per-server config structure */ - NULL, /* merge per-server config structures */ - NULL, /* command apr_table_t */ - ap_proxy_http_register_hook/* register hooks */ -}; - |