new directive cgi.local-redir = [enable|disable]
*disable* RFC3875 6.2.2 local-redir by default.
(behavior change from when local-redir support added in lighttpd 1.4.40)
The reason for this behavior change is that CGI local-redir support
(RFC3875 6.2.2) is an optimization. Absence of support may result in
additional latency in servicing a request due the additional round-trip
to the client, but that was the prior behavior (before lighttpd 1.4.40)
and is the behavior of web servers which do not support CGI local-redir.
However, enabling CGI local-redir by default may result in broken links
in the case where a user config (unaware of CGI local-redir behavior)
returns HTML pages containing *relative* paths (not root-relative paths)
which are relative to the location of the local-redir target document,
and the local-redir target document is located at a different URL-path
from the original CGI request.
x-ref:
RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response
http://www.ietf.org/rfc/rfc3875
"CGI local redirect not implemented correctly"
https://redmine.lighttpd.net/issues/2108
"1.4.40 regression: broken redirect (using Location) between url.rewrite-once URLs"
https://redmine.lighttpd.net/issues/2793
secdownload.path-segments = <number>
include only given number of path segments in hash digest calculation
secdownload.hash-querystr = "enable" | "disable"
include the query string in the hash digest calculation
x-ref:
"secdownload.path_elements support"
https://redmine.lighttpd.net/issues/646
"mod_secdownload option to include url GET parameters in md5"
https://redmine.lighttpd.net/issues/1904
directives to set value, rather than append values to headers, env
setenv.set-request-header
setenv.set-response-header
setenv.set-environment
These directives take precedence over the setenv.add-* counterparts
Set a blank value for request or response header to remove the header
(blank value in environment will be set as the value; not removed)
setenv.*-environment is now deferred to handle_request_env hook.
setenv.*-response-header is now processed in handle_response_start hook.
x-ref:
"setenv.add-or-replace-response-header"
https://redmine.lighttpd.net/issues/650
"set-request-header or remove-request-header support for mod_setenv"
https://redmine.lighttpd.net/issues/2295
url.access-allow is list of allowed url suffixes (e.g. file extensions)
If url.access-allow has been set, then deny any URL that does not match
the explicitly listed suffixes.
(thx japc)
x-ref:
"access_allow directive for lighttpd"
https://redmine.lighttpd.net/issues/1421
- condition logging is way too noisy and rarely useful
- increate timeout to wait for port bind; if the process dies we fail
early anyway
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2978 152afb58-edef-0310-8abb-c4023f1b3aa9
* This patch may "break" some configs, if they do stupid things. Like setting
ssl.pemfile to a not existing file in a "non-socket/non-ssl" block.
Fix them! :)
From: Peter Colberg <peter@colberg.org>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2648 152afb58-edef-0310-8abb-c4023f1b3aa9
Peter Colberg
