Commit Graph

304 Commits (fbe55825b417a71e9cced7f977cf5759ebf3bcb2)

Author SHA1 Message Date
Glenn Strauss 371e1bf723 [mod_extforward] support Forwarded HTTP Extension (#2703)
enable with, e.g.:
extforward.headers = ( "Forwarded" )
or
extforward.headers = ( "Forwarded", "X-Forwarded-For" )
or
extforward.headers = ( "Forwarded", "X-Forwarded-For", "Forwarded-For" )

The default remains:
extforward.headers = ( "X-Forwarded-For", "Forwarded-For" )

Support for "Forwarded" is not enabled by default since intermediate
proxies might not be aware of Forwarded, and might therefore pass
spoofed Forwarded header received from client.

extforward.params = ( # overwrite "Host" with Forwarded value
                      #"host" => 1
                      # set REMOTE_USER with Forwarded value
                      #"remote_user" => 1
                    )
Note: be cautious configuring trusted proxies if enabling these options
since Forwarded header may be spoofed and passed along indescriminantly
by proxies which do not handle Forwarded.

To remove "Forwarded" from incoming requests, do not enable these
options and instead use mod_setenv to clear the request header:
  setenv.set-request-header = ( "Forwarded" => "" )

Other proxy-related headers which admin might evaluate to keep or clear:
  setenv.set-request-header = ( "X-Forwarded-For" => "",
                                "X-Forwarded-By" => "",
                                "X-Forwarded-Server" => "",
                                "X-Origin-IP" => "",
                                "Via" => "",
                                #...
                              )

x-ref:
  "Forwarded HTTP Extension"
  https://tools.ietf.org/html/rfc7239
  "Forward authenticated user to proxied requests"
  https://redmine.lighttpd.net/issues/2703
6 years ago
Glenn Strauss aa14493e47 [tests] reduce time waiting for backends to start
reduce time spent waiting for backends to start

tests check for active listening port before proceeding

test runs now complete in about 2/3 the time
6 years ago
Glenn Strauss 0a635fc8be [core] consolidate dynamic handler response parse
- consolidate dynamic handler HTTP response parsing code
- reduce string copies for CGI, FastCGI, SCGI, proxy response headers
- let read() signal EOF or EAGAIN instead of ioctl FIONREAD 0-data-ready
6 years ago
Glenn Strauss 57ab20ace5 [mod_cgi] cgi.local-redir = [enable|disable] (#2108, #2793)
new directive cgi.local-redir = [enable|disable]

*disable* RFC3875 6.2.2 local-redir by default.
(behavior change from when local-redir support added in lighttpd 1.4.40)

The reason for this behavior change is that CGI local-redir support
(RFC3875 6.2.2) is an optimization.  Absence of support may result in
additional latency in servicing a request due the additional round-trip
to the client, but that was the prior behavior (before lighttpd 1.4.40)
and is the behavior of web servers which do not support CGI local-redir.

However, enabling CGI local-redir by default may result in broken links
in the case where a user config (unaware of CGI local-redir behavior)
returns HTML pages containing *relative* paths (not root-relative paths)
which are relative to the location of the local-redir target document,
and the local-redir target document is located at a different URL-path
from the original CGI request.

x-ref:
  RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response
  http://www.ietf.org/rfc/rfc3875
  "CGI local redirect not implemented correctly"
  https://redmine.lighttpd.net/issues/2108
  "1.4.40 regression: broken redirect (using Location) between url.rewrite-once URLs"
  https://redmine.lighttpd.net/issues/2793
6 years ago
Glenn Strauss ab077790f2 [tests] correct skip count for mod-scgi.t 6 years ago
Glenn Strauss 739ccb5de0 [tests] remove unused file depending on CGI.pm
lighttpd tests do not depend on CGI.pm.

remove *unused* file tests/docroot/www/404.fcgi
which used CGI::Fast, which depends on CGI.pm.
6 years ago
Glenn Strauss 4a68780e1b [mod_scgi] tests/mod-scgi.t unit tests
(copied from tests/mod-fastcgi.t fcgi-responder tests)
6 years ago
Glenn Strauss 37dac9a23c [core] support Expect: 100-continue with HTTP/1.1 (fixes #377, #1017, #1953, #2438)
support Expect: 100-continue with HTTP/1.1 requests

Ignore config option server.reject-expect-100-with-417;
server.reject-expect-100-with-417 will be removed in a future release.

x-ref:
  "Incorrect handling of the 100 (Continue) Status"
  https://redmine.lighttpd.net/issues/377
  "'Expect' header gives HTTP error 417"
  https://redmine.lighttpd.net/issues/1017
  "Improve DAV support to be able to handle git as a client"
  https://redmine.lighttpd.net/issues/1953
  "Change server.reject-expect-100-with-417 from flag to regular expression matching the URL"
  https://redmine.lighttpd.net/issues/2438
6 years ago
Glenn Strauss afce434e0b [mod_secdownload] new directives modify hash path (fixes #646, fixes #1904)
secdownload.path-segments = <number>
  include only given number of path segments in hash digest calculation

secdownload.hash-querystr = "enable" | "disable"
  include the query string in the hash digest calculation

x-ref:
  "secdownload.path_elements support"
  https://redmine.lighttpd.net/issues/646
  "mod_secdownload option to include url GET parameters in md5"
  https://redmine.lighttpd.net/issues/1904
6 years ago
Glenn Strauss 4d92366ab2 [mod_setenv] directives to overwrite/remove hdrs (fixes #650, fixes #2295)
directives to set value, rather than append values to headers, env
  setenv.set-request-header
  setenv.set-response-header
  setenv.set-environment
These directives take precedence over the setenv.add-* counterparts

Set a blank value for request or response header to remove the header
(blank value in environment will be set as the value; not removed)

setenv.*-environment is now deferred to handle_request_env hook.
setenv.*-response-header is now processed in handle_response_start hook.

x-ref:
  "setenv.add-or-replace-response-header"
  https://redmine.lighttpd.net/issues/650
  "set-request-header or remove-request-header support for mod_setenv"
  https://redmine.lighttpd.net/issues/2295
6 years ago
Glenn Strauss 83b2b71527 [tests] give time for periodic jobs to detect exit
give time for periodic jobs to detect backend exit
6 years ago
Glenn Strauss 16f171588f [tests] FCGI_Finish() final request before exit 6 years ago
Glenn Strauss 32443ea1c7 [tests] update test skip count for !fcgi-responder 6 years ago
Glenn Strauss 64df38aad8 [mod_fastcgi] detect child exit, restart proactively
(instead of detecting upon a subsequent HTTP request)

(for backends spawned by mod_fastcgi)
6 years ago
Glenn Strauss f57d8c54b4 [mod_cgi] skip local-redir handling if to self (fixes #2779, #2108)
Loosen local redirect handling in mod_cgi to skip handling as local
redirect if the Location matches con->uri.path, since if the request
is intended to redirect back to the same CGI using the same request
method, path info, and query string, the CGI would logically just
return the final intended response.  Loosening this handling avoids a
problem with applications (potentially) accessible through multiple
gateways, where the application is not aware of this specific handling
of Location in the Common Gateway Interface (CGI/1.1), the application
sends abs-path in the Location response header instead of absoluteURI,
and the application expects the client to receive this Location response
header instead of the server to process as a CGI local redirect.

One example of such an application is LuCI,
which sends Set-Cookie with Location: /abs-path
  https://github.com/openwrt/luci

(Note that this loose check for matching con->uri.path is not perfect
 and might not match if the CGI returned a path with a different case
 and the server is on a case-insensitive filesystem, or if the path
 returned by the CGI is rewritten elsewhere to a different con->uri.path
 before getting to mod_cgi.)

RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response
http://www.ietf.org/rfc/rfc3875

x-ref:
  "CGI local-redir handling conflicts with LuCI redirect w/ Set-Cookie"
  https://redmine.lighttpd.net/issues/2779
  "CGI local redirect not implemented correctly"
  https://redmine.lighttpd.net/issues/2108
6 years ago
Glenn Strauss 15bc2313a4 [tests] mark tests/docroot/www/*.pl scripts a+x 7 years ago
Glenn Strauss 0f4cc0d697 [mod_evhost] fix an incorrect error trace 7 years ago
Glenn Strauss 4d7f5737f1 [core] support Transfer-Encoding: chunked req body (fixes #2156)
support Transfer-Encoding: chunked request body in conjunction with
  server.stream-request-body = 0

dynamic handlers will still return 411 Length Required if
  server.stream-request-body = 1 or 2 (!= 0)
  since CGI-like env requires CONTENT_LENGTH be set
  (and mod_proxy currently sends HTTP/1.0 requests to backends,
   and Content-Length recommended for robust interaction with backend)

x-ref:
  "request: support Chunked Transfer Coding for HTTP PUT"
  https://redmine.lighttpd.net/issues/2156
7 years ago
Glenn Strauss 7d339e21db comment out auth.backend.ldap.* in tests/*.conf
(mod_authn_ldap is not loaded in these test confs,
 so mod_authn_ldap directives are not available)
7 years ago
Glenn Strauss f664e77909 load mod_auth & mod_authn_file in sample/test.conf 7 years ago
Glenn Strauss 75040e9988 [mod_evhost] mod-evhost.t tests (#1194)
(thx Daniel-Brandt)

x-ref:
  "Partial matching in mod_evhost patterns"
  https://redmine.lighttpd.net/issues/1194
7 years ago
Glenn Strauss b11d059843 [cmake] build fcgi-auth, fcgi-responder for tests
Aside: must have cmake enable building openssl for tests to pass
due to tests/lighttpd.conf including config options requiring openssl
algorithms in mod_secdownload.c:
  (secdownload.algorithm       = "hmac-sha1")
  (secdownload.algorithm       = "hmac-sha256")

$ cmake -L .
$ cmake -DWITH_OPENSSL:BOOL=ON .
$ make -j 4 -k
$ make test

x-ref:
  https://blog.lighttpd.net/articles/2006/12/25/1-5-0-goes-cmake/
7 years ago
Glenn Strauss e9ee22c204 [autobuild] skip two new tests if no fcgi-auth 7 years ago
Glenn Strauss 7ba06c71a6 [mod_auth] structured data, register auth schemes
- parse auth.* directives into structured data during config processing
- register auth schemes (basic, digest, extern, ...) for extensibility
- remove auth.debug directive
7 years ago
Glenn Strauss 7b7350ee19 [mod_fastcgi] allow authorizer, responder for same path/ext (#321)
allow authorizer and responder to be configured for same path or ext

x-ref:
  "mod_fastcgi authorizers cannot protect fastcgi responders"
  https://redmine.lighttpd.net/issues/321
7 years ago
Christoph Kreutzer 7ef569b204 [tests] test coverage for issues (#321, #322)
FastCGI Authorizer support with FastCGI Responders

x-ref:
  "mod_fastcgi authorizers cannot protect fastcgi responders"
  http://redmine.lighttpd.net/issues/321

x-ref:
  "FastCGI Authorizer support for Variable-name variable passing"
  http://redmine.lighttpd.net/issues/322
7 years ago
Glenn Strauss 6ec66c4dce [core] better DragonFlyBSD support (fixes #2746)
(thx xenu)

x-ref:
  "[PATCH] better DragonFlyBSD support; fix crash"
  https://redmine.lighttpd.net/issues/2746
7 years ago
Glenn Strauss 4bc06bfc0b [core] check if client half-closed TCP if POLLHUP (#2743)
Check if client half-closed TCP connection if POLLHUP is received.
This more robustly handles if client called shutdown(fd, SHUT_WR).

This patch reverts commit:ab05eb7c which should now be handled properly.
(Time will tell.)

x-ref:
  "1.4.40/41 mod_proxy, mod_scgi may trigger POLLHUP on *BSD,Darwin"
  https://redmine.lighttpd.net/issues/2743
7 years ago
Glenn Strauss 9af58a9716 revert 1.4.40 swap of REQUEST_URI, REDIRECT_URI (fixes #2738)
reverts part of commit:dbdab5db which swapped REQUEST_URI, REDIRECT_URI

x-ref:
  "mediawiki redirect loop if REQUEST_URI not orig req in 1.4.40"
  https://redmine.lighttpd.net/issues/2738

Explanation:

REQUEST_URI and REDIRECT_URI are not part of CGI standard environment.
The reason for their existence is that PATH_INFO in CGI environment may
be different from the path in the current request.  The main reason for
this potential difference is that the URI path is normalized to a path
in the filesystem and tested against the filesystem to determine which
part is SCRIPT_NAME and which part is PATH_INFO.  In case-insensitive
filesystems, the URI might be lowercased before testing against the
filesystem, leading to loss of case-sensitive submission in any
resulting PATH_INFO.  Also, duplicated slashes "///" and directory
references "/." and "/.." are removed, including prior path component in
the case of "/..".  This might be undesirable when the information after
the SCRIPT_NAME is virtual information and there target script needs the
virtual path preserved as-is.  In that case, the target script can
re-parse REQUEST_URI (or REDIRECT_URI, as appropriate) to obtain the
unmodified information from the URI.

con->request.uri is equivalent to con->request.orig_uri unless the
request has been internally rewritten (e.g. by mod_rewrite, mod_magnet,
others), in which case con->request.orig_uri is the request made by the
client, and con->request.uri is the current URI being processed.

Historical REQUEST_URI (environment variable) lighttpd inconsistencies
- mod_cml     set REQUEST_URI to con->request.orig_uri
- mod_cgi     set REQUEST_URI to con->request.orig_uri
- mod_fastcgi set REQUEST_URI to con->request.orig_uri
- mod_scgi    set REQUEST_URI to con->request.orig_uri

- mod_ssi     set            REQUEST_URI to current con->request.uri
- mod_magnet  set MAGNET_ENV_REQUEST_URI to current con->request.uri
              and MAGNET_ENV_REQUEST_ORIG_URI to con->request.orig_uri

Historical REDIRECT_URI (environment variable) previously set only in
mod_fastcgi and mod_scgi, and set to con->request.uri

Since lighttpd 1.4.40 provides REDIRECT_URI with con->request.orig_uri,
changes were made to REQUEST_URI for consistency, with the hope that
there would be little impact to existing configurations since the
request uri and original request uri are the same unless there has been
an internal redirect.  It turns out that various PHP frameworks use
REQUEST_URI and require that it be the original URI requested by client.

Therefore, this change is being reverted, and lighttpd will set
REQUEST_URI to con->request.orig_uri in mod_cgi, mod_fastcgi, mod_scgi
as was done in lighttpd 1.4.39 and earlier.  Similarly, REDIRECT_URI
also has the prior behavior in mod_fastcgi and mod_scgi, and added to
mod_cgi.

A future release of lighttpd might change mod_ssi to be consistent with
the other modules in setting REQUEST_URI to con->request.orig_uri and to
add REDIRECT_URI, when an internal redirect has occurred.
7 years ago
Glenn Strauss 00cc4d7c0e [mod_auth] fix Digest auth to be better than Basic (fixes #1844)
Make Digest authentication more compliant with RFC.

Excerpt from https://www.rfc-editor.org/rfc/rfc7616.txt Section 5.13:
    The bottom line is that any compliant implementation will be
    relatively weak by cryptographic standards, but any compliant
    implementation will be far superior to Basic Authentication.

x-ref:
  "Serious security problem in Digest Authentication"
  https://redmine.lighttpd.net/issues/1844
7 years ago
Glenn Strauss 8861c2bb54 [mod_cgi] handle local redirect response (fixes #2108)
RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response
http://www.ietf.org/rfc/rfc3875

x-ref:
  "CGI local redirect not implemented correctly"
  https://redmine.lighttpd.net/issues/2108
7 years ago
Glenn Strauss bcddcf8b0e [tests] remove some tests duplicated in mod-cgi.t 7 years ago
Glenn Strauss ce7d040bf3 [mod_access] new directive url.access-allow (fixes #1421)
url.access-allow is list of allowed url suffixes (e.g. file extensions)
If url.access-allow has been set, then deny any URL that does not match
the explicitly listed suffixes.

(thx japc)

x-ref:
  "access_allow directive for lighttpd"
  https://redmine.lighttpd.net/issues/1421
7 years ago
Glenn Strauss d147673d40 [tests] remove dependency on CGI.pm
CGI.pm is no longer shipped as part of Perl core distribution
(and is easily replaced)
7 years ago
Glenn Strauss 8dcbd61a45 [cygwin] fix mod_proxy and mod_fastcgi ioctl use
cygwin does not support ioctl on sockets, returning EOPTNOTSUPP
(would be better if cygwin used Windows ioctlsocket() instead)

Windows uses signed (socklen_t), so add some casts to quiet warnings

Windows path handling is convoluted, so disable one tests in mod_fastcgi
since trailing spaces are removed from URL for _WIN32 and __CYGWIN__ in
response.c
7 years ago
Glenn Strauss 16a3f3b6fc [build] update Makefile.am EXTRA_DIST w/ new files 7 years ago
Glenn Strauss a5fcfee6fc [mod_ssi] more flexible quoting (fixes #1768)
allow double-quotes, single-quotes or no quote on SSI param values

remove use of PCRE from mod_ssi

fix misspelling of 'unknow' to be 'unknown'

x-ref:
  "mod_ssi doesn't accept single quotes"
  https://redmine.lighttpd.net/issues/1768
7 years ago
Glenn Strauss df146a7724 [mod_ssi] fix SSI statement parser
bug introduced in 8e3c6bf7 when statement parser was replaced
7 years ago
Glenn Strauss b47c393e26 [mod_auth] skip blank lines and comment lines (fixes #2327)
x-ref:
  "Ignore comments and empty lines in ht{digest,passwd} files"
  https://redmine.lighttpd.net/issues/2327
7 years ago
Glenn Strauss dbdab5dbc9 [core] server.error-handler new directive for error pages (fixes #2702)
server.error-handler preserves HTTP status error code when error page
is static, and allows dynamic handlers to change HTTP status code
when error page is provided by dynamic handler.  server.error-handler
intercepts all HTTP status codes >= 400 except when the content is
generated by a dynamic handler (cgi, ssi, fastcgi, scgi, proxy, lua).
The request method is unconditionally changed to GET for the request
to service the error handler, and the original request method is
later restored (for logging purposes).  request body from the
original request, if present, is discarded.

server.error-handler is somewhat similar to server.error-handler-404,
but server.error-handler-404 is now deprecated, intercepts only 404
and 403 HTTP status codes, and returns 200 OK for static error pages,
a source of confusion for some admins.  On the other hand, the new
server.error-handler, when set, will intercept all HTTP status error
codes >= 400.  server.error-handler takes precedence over
server.error-handler-404 when both are set.

NOTE: a major difference between server.error-handler and the
now-deprecated server.error-handler-404 is that the values of the
non-standard CGI environment variables REQUEST_URI and REDIRECT_URI
have been swapped.  Since REDIRECT_STATUS is the original HTTP
status code, REDIRECT_URI is now the original request, and REQUEST_URI
is the current request (e.g. the URI/URL to the error handler).
The prior behavior -- which reversed REQUEST_URI and REDIRECT_URI values
from those described above -- is preserved for server.error-handler-404.

Additionally, REDIRECT_STATUS is now available to mod_magnet, which
continues to have access to request.uri and request.orig_uri.

See further discussion at https://redmine.lighttpd.net/issues/2702
and https://redmine.lighttpd.net/issues/1828

github: closes #36
7 years ago
Glenn Strauss 1c01a42aa3 [core] never evaluate else branches until the previous branches are aready (fixes #2598)
The first condition which evaluates true in any if-else... condition
chain short-circuits the chain, and any remaining conditions in the
chain are marked false.

Previous conditions in if-else condition chaining must be evaluatable
(to true or false) -- must not remain in unset (not yet evaluatable)
state -- prior to evaluating later conditions.  Since any true
condition short-circuits remaining conditions, all prev conditions
must be false prior to evaluating later conditions.

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3081 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler ab05eb7cec [tests] do not half-close socket before having received the response (fixes #2688)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3058 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 1566748b1a [tests] test apr-md5 in mod-auth.t
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3057 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Kyle J. McKay 2bcb73cdb8 mod-auth.t: no crypt md5 for darwin
Darwin's crypt does not support the '$...' extensions.

Signed-off-by: Kyle J. McKay

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3056 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler bfaa48260a [mod_secdownload] add required algorithm option; old behaviour available as "md5", new options "hmac-sha1" and "hmac-sha256"
Differential Revision: https://review.lighttpd.net/D7

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3054 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 85d8a17575 [core] encode path with ENCODING_REL_URI in redirect to directory (fixes #2661, thx gstrauss)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3052 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 68284bd7f1 [scons] various improvements
- don't generate files in src/
- move all build stuff to sconsbuild/
- have different output directories for static/ and fullstatic/,
  so we can use that directory for the test suite
- each build type (dynamic, static, fullstatic) has its own check target
- read CFLAGS, LDFLAGS and LIBS from environment
  (LIBS are appended after all other dependencies)

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3030 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 9290e923d9 [tests] fix warning about newline in filename
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3021 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 87c5ec9651 [tests] search for perl in PATH instead of /usr/bin; whitespace + test config cleanups
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3019 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 403afcd251 [cmake] lowercase commands, whitespace cleanup, remove clutter in else(...), endif(...), endforeach(...)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3013 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 9f05b61ab4 parse If-None-Match for ETag validation (fixes #2578)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2994 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler e6925949ab add some until now missing files to dist tarball
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2990 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 673923daf8 [tests] fix undefined index warning in sendfile.php
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2985 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler adfa06de99 [tests] improve valgrind and strace TRACEME, disable condition logging in normal configs
- condition logging is way too noisy and rarely useful
- increate timeout to wait for port bind; if the process dies we fail
  early anyway

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2978 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler d1a2356916 fix SQL injection / host name validation (thx Jann Horn)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2959 152afb58-edef-0310-8abb-c4023f1b3aa9
9 years ago
Stefan Bühler d7c90814c3 [tests] add cleanup.sh to cmake test runs, reset SLOWREQUEST in request.t
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2932 152afb58-edef-0310-8abb-c4023f1b3aa9
10 years ago
Stefan Bühler a4640b457e [tests] use list for perl exec to skip the sh wrapper
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2903 152afb58-edef-0310-8abb-c4023f1b3aa9
10 years ago
Stefan Bühler 95dc1ed79e [tests] add mod_simplevhost tests
* next commit fixes the bug

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2897 152afb58-edef-0310-8abb-c4023f1b3aa9
10 years ago
Stefan Bühler f0a2c0f293 [mod_user] add test cases to check handling of encoded ~ as %7E (#2124)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2881 152afb58-edef-0310-8abb-c4023f1b3aa9
10 years ago
Stefan Bühler c26b50d9ad [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better.
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2870 152afb58-edef-0310-8abb-c4023f1b3aa9
10 years ago
Stefan Bühler 543bd249fb fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors); follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags.
See:
 http://tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-21#section-5
 > it makes sense to ignore the If-Modified-Since when entity tags are
 > understood and available for the selected representation.

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2865 152afb58-edef-0310-8abb-c4023f1b3aa9
11 years ago
Stefan Bühler 6200764f05 tests: check different combination of empty values, leading/trailing spaces and commas in the Connection header
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2859 152afb58-edef-0310-8abb-c4023f1b3aa9
11 years ago
Cyril Brulebois 4f4bcdd3c3 tests: make sure mod_proxy doesn't leave running processes (fixes #2435, thx kibi)
In case the proxy instance goes wrong, the clean-up doesn't kill the
real instance. So close both instances explicitly in the clean-up
phase.

Signed-off-by: Cyril Brulebois <kibi@debian.org>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2857 152afb58-edef-0310-8abb-c4023f1b3aa9
11 years ago
Cyril Brulebois 0c6a564543 Fix non-ANSI function declarations.
The proper way to declare a function taking no parameters isn't:
  foo bar();

But this instead:
  foo bar(void);

Signed-off-by: Cyril Brulebois <kibi@debian.org>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2843 152afb58-edef-0310-8abb-c4023f1b3aa9
11 years ago
Stefan Bühler 7187271fb6 [auth] Add "AUTH_TYPE" environment (for *cgi), remove fastcgi specific workaround, add fastcgi test case (fixes #889)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2833 152afb58-edef-0310-8abb-c4023f1b3aa9
11 years ago
Stefan Bühler 6c9dff7cda [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2806 152afb58-edef-0310-8abb-c4023f1b3aa9
12 years ago
Stefan Bühler e05f1b3eec Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2803 152afb58-edef-0310-8abb-c4023f1b3aa9
12 years ago
Stefan Bühler bf0d57d505 two additional test cases for absolute http(s) uris in the request line
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2787 152afb58-edef-0310-8abb-c4023f1b3aa9
12 years ago
Stefan Bühler 1eef447d32 [tests] Add path traversal check with $HTTP['url']
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2777 152afb58-edef-0310-8abb-c4023f1b3aa9
12 years ago
Stefan Bühler 48fea28651 Fix request parser to handle packets with splitted \r\n\r\n (fixes #2105)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2696 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler 6ecb86159c Fix accesslog escape segfault (#1551)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2664 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler 8c83976dbe mod_fastcgi: Add "X-Sendfile2" - supporting multiple ranged files (fixes #2008)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2651 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Peter Colberg 8b6dae4139 Add TLS servername indication (SNI) support (fixes #386, thx Peter Colberg <peter@colberg.org>)
* This patch may "break" some configs, if they do stupid things. Like setting
  ssl.pemfile to a not existing file in a "non-socket/non-ssl" block.
  Fix them! :)

From: Peter Colberg <peter@colberg.org>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2648 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler 83145e8ba6 mod_rewrite: add url.rewrite-[repeat-]if-not-file to rewrite if file doesn't exist or is not a regular file (fixes #985, thx lucas aerbeydt)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2647 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler fd13e94427 mod_fastcgi: restart local procs immediately after they terminated, fix local procs handling
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2639 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler ce74fd521c tests: Rename env-var to select tests to RUNTESTS
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2637 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler d21c645bfa mod_compress: match partial+full content-type (fixes #1552)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2634 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler 17d0c36eed Read hostname from absolute uris in the request line (fixes #1937)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2631 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler 0eff441bb6 tests: fix endless loop if connect fails without the child dying
Found as make check on ubuntu hardy hanged itself, as perl-base
dependencies were broken and didn't require /etc/protocols but it
needed the file.


git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2610 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler 64c2e93336 Cleanup tree: remove .cvsignore and ChangeLog (deprecated by NEWS)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2600 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler b3ba9f0fb9 tests: use breakage log
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2555 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler 5865a2e3f2 Removed sendfile.php from dist
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2543 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler b2108c436c Remove X-Sendfile-Range feature; it will be replaced with something more powerful (#2005, #2008)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2542 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler 60e745695a Fix 100% cpu usage if time() < 0 (thx to gaspa and cate, fixes #1964)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2532 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler ad1e80e5af Add X-Sendfile-Range feature (fixes #2005)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2531 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler 59eaedf353 [tests] Remove index.html~ from repository, create it on the fly for tests
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2530 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler 3af67d1392 Ignore multiple "If-None-Match" headers (only use first one, fixes #753)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2528 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler 57066345e4 Workaround broken operating systems: check for trailing '/' in filenames (fixes #1989)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2510 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler b8b4fe19c8 Finally removed spawn-fcgi
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2423 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler ce39062dd2 Fix workaround for incorrect path info/scriptname if fastcgi prefix is "/" (fixes #729)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2421 152afb58-edef-0310-8abb-c4023f1b3aa9
14 years ago
Stefan Bühler b06a8648df [tests] Fix mod-rewrite test (skipped too many tests if php wasn't running)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2393 152afb58-edef-0310-8abb-c4023f1b3aa9
15 years ago
Stefan Bühler fdcb6f60f4 Allow mod_compress to return 304 (Not Modified); compress ignores the static-file.etags option.(fixes #1884)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2384 152afb58-edef-0310-8abb-c4023f1b3aa9
15 years ago
Stefan Bühler 36f74e5d23 Revert url decoding+simplifying before matching of mod_rewrite/mod_redirect
- Lot of regressions (we forgot to reencode the result)
  - Generic problem: after decode and rewrite "a?b?c": which '?' was the path?query seperator?
  - Possible solution: only decode printable characters (without '?'), and encode the result; do not encode the '%' of a not decoded character.
  - Still a problem with path simplifying, it seems many people use urls like this: http://server1/http%3a//server2/xxx
    and rewrite the path into the querystring.
  - Probably only usable with an extra config option

  => Do NOT use rewrite/redirect to protect specific urls.


git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2362 152afb58-edef-0310-8abb-c4023f1b3aa9
15 years ago
Stefan Bühler 454aefc51a [cmake] Add basic cmake support
- Not distributed yet (so only available in svn checkout)


git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2359 152afb58-edef-0310-8abb-c4023f1b3aa9
15 years ago
Stefan Bühler 34172dfb09 [tests] Fix tests/mod-compress.conf distribution
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2358 152afb58-edef-0310-8abb-c4023f1b3aa9
15 years ago
Elan Ruusamäe c6c2bf8308 - Add possibility to disable methods in mod_compress (#1773)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2325 152afb58-edef-0310-8abb-c4023f1b3aa9
15 years ago
Stefan Bühler 80a4f7a721 Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2324 152afb58-edef-0310-8abb-c4023f1b3aa9
15 years ago
Stefan Bühler 124d8cd555 Fix make dist (remove dummydir)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2293 152afb58-edef-0310-8abb-c4023f1b3aa9
15 years ago
Stefan Bühler 24804542d2 [tests] fix skip in mod-rewrite
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2284 152afb58-edef-0310-8abb-c4023f1b3aa9
15 years ago
Stefan Bühler 3cb2c1c39c [tests] Added env var TESTS to select only a subset of tests
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2279 152afb58-edef-0310-8abb-c4023f1b3aa9
15 years ago