validate UTF-8 in url-decoded paths obtained elsewhere than from request
(burl_normalize(), if enabled with server.http-parseopts, checks url for
overlong encodings of ASCII chars in the HTTP request-line)
quickly clear buffer instead of buffer_string_set_length(b, 0) or
buffer_reset(b). Avoids free() of large buffers about to be reused,
or buffers that are module-scoped, persistent, and reused.
(buffer_reset() should still be used with buffers in connection *con
when the data in the buffers is supplied by external, untrusted source)
fix bug resulting in status code being overwritten from 301 to 302 if
Location response header is returned by a backend which is not mod_proxy
(regression in lighttpd 1.4.51)
(thx shochodev)
x-ref:
"lighttpd is not obeying the http status code sent by our application (302 sent by lighttpd when 301 is sent by application)"
https://redmine.lighttpd.net/issues/2918
reject Transfer-Encoding from backend for mod_proxy.
mod_proxy currently sends HTTP/1.0 requests to the backend,
for which Transfer-Encoding: chunked is not a valid response header.
Additionally, there is no value to Transfer-Encoding: chunked from
backend since lighttpd mod_proxy sends HTTP/1.0 request along with
Connection: close, so the backend closing the socket is the end of
the response from the backend.
x-ref:
"Reverse proxy does not work with sandstorm"
https://redmine.lighttpd.net/issues/2913
handle CGI partial write of first response header
e.g. gSoap stdsoap2.c might inefficiently write "Status" to response
pipe and lighttpd might read that prior to the backend writing the
subsequent ": " which marks "Status:" as a response header.
x-ref:
https://redmine.lighttpd.net/boards/2/topics/8028
provide standard types in first.h instead of base.h
provide lighttpd types in base_decls.h instead of settings.h
reduce headers exposed by headers for core data structures
do not expose <pcre.h> or <stdlib.h> in headers
move stat_cache_entry to stat_cache.h
reduce use of "server.h" and "base.h" in headers
fix rare race condition from backends with server.stream-response-body=2
(thx abelbeck)
x-ref:
"fastcgi and stream-response-body=2 hangs on last chunk"
https://redmine.lighttpd.net/issues/2878
When backend returns an invalid response header which is exactly a
blank line (\n or \r\n), adjust the offset so as not to discard the
first character following, which is probably intended to be the
beginning of the response body.
Prior code was effectively a 1-element cache after the initial fill
of the array since only the first element was replaced after the
initial fill. New code does round-robin replacement.
(whether or not #define FILE_CACHE_MAX 16 is appropriately sized here
is a question for another day)
common codebase for socket backends, based off mod_fastcgi with
some features added for mod_proxy
(mostly intended to reduce code duplication and enhance code isolation)
mod_fastcgi and mod_scgi can now use fastcgi.balance and scgi.balance
for similar behavior as proxy.balance, but the balancing is per-host
and not per-proc. proxy.balance is also per-host and not per-proc.
mod_proxy and mod_scgi can now use proxy.map-extensions and
scgi.map-extensions, similar to fastcgi.map-extensions.
mod_fastcgi behavior change (affects only mod_status):
- statistics tags have been renamed from "fastcgi.*" to "gw.*"
"fastcgi.backend.*" -> "gw.backend.*"
"fastcgi.active-requests" -> "gw.active-requests"
("fastcgi.requests" remains "fastcgi.requests")
("proxy.requests" is new)
("scgi.requests" is new)
mod_scgi behavior change (likely minor):
- removed scgi_proclist_sort_down() and scgi_proclist_sort_up().
procs now chosen based on load as measured by num socket connnections
Note:
modules using gw_backend.[ch] are currently still independent modules.
If it had been written as a single module with fastcgi, scgi, proxy
implementations, then there would have been a chance of breaking some
existing user configurations where module ordering made a difference
for which module handled a given request, though for most people, this
would have made no difference.
Details about mod_fastcgi code transformations:
unsigned int debug -> int debug
fastcgi_env member removed from plugin_config
renamed "fcgi" and "fastcgi" to "gw", and "FCGI" to "GW"
reorganize routines for high-level and lower-level interfaces
some lower-level internal interfaces changed to use host,proc,debug
args rather than knowing about higher-level (app) hctx and plugin_data
tabs->spaces and reformatting
Better handling if server.error_handler_404 is a dynamic handler which
returns X-Sendfile pointing to a file which does not exist
(server.error_handler_404 historically did not reset con->file_started,
and for mod_fastcgi, an X-Sendfile failure in the error handler would
result in an empty response body.)
x-ref:
"Option to map send-file file-not-found error to normal 404"
https://redmine.lighttpd.net/issues/2474
Use same funcs as other dynamic handlers to recv data from backend.
Add hook for fastcgi to process FastCGI packets (and other future
dynamic handlers may hook this in order to handle custom data framing)
Provide a simple mechanism for mapping host and urlpath header strings
in proxied request and response well-known headers. This *is not*
intended as a one-size-fits-all, infinitely extensible, regex rewriting
engine. Instead, the proxy.header directive aims to provide built-in
functionality in mod_proxy for a few common use cases by performing
simple host matching or urlpath prefix matching, and using the
mapping of the first match. More complex use cases could possibly be
handled by a custom lighttpd module (which does not currently exist).
Note: the contents of the HTTP request-line and HTTP headers may or
may not be in normalized canonical forms, which may or may not influence
the simple matching performed. Admins should take care to provide safe
defaults (fail closed) if mapping is expected to occur and blindly
passing non-mapped requests is undesirable.
proxy.header = (
#"map-host-request" => (
#"-" => "...",#replace provided given Host request authority
#"..." => "-",#preserve existing authority (no further matching)
#"..." => "", #preserve existing authority (no further matching)
# #(equivalent to "xxx" => "xxx")
#"xxx" => "yyy", #map one string ("xxx") to another ("yyy")
#),
#"map-host-response" => (
#"-" => "...",#replace authority used in backend request
#"..." => "-",#replace with original authority
#"..." => "", #preserve existing authority (no further matching)
# #(equivalent to "xxx" => "xxx")
#"xxx" => "yyy", #map one string ("xxx") to another ("yyy")
#),
#"map-urlpath" => (
#"/xxx" => "/yyy",#map one urlpath prefix to another
#"/xxx/" => "/", #map one urlpath prefix to another
#"/xxx" => "", #map one urlpath prefix to another
#"/key" => "/value",
# Note: request headers have matching "key" prefix replaced with
# "value", and response headers have matching "value" prefix
# replaced with "key", with a pre-test of the "value" from the
# first-matched "key" in request headers (if there was a match)
#),
#"https-remap" => "enable",
# For https requests from client, map https:// to http://
# when map-host-request matches URI in request, and map http://
# to https:// when map-host-response matches URI in response.
# (mod_proxy currently sends all backend requests as http)
)
x-ref:
"feature to remove part of the URI when passing along requests..."
https://redmine.lighttpd.net/issues/152
This patch fixes the build issue introduced with when code has been
shared in commit a448886485.
http-header-glue.c: In function 'http_cgi_headers':
http-header-glue.c:1555:39: error: 'b2' undeclared (first use in this function)
http-header-glue.c:1555:39: note: each undeclared identifier is reported only once for each function it appears in
github: closes #79
fbrosson