mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-12-17 23:27:49 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
2aad7d7bb7
nginx/src/http/modules/ngx_http_access_module.c

390 lines
9.8 KiB
C
Raw Normal View History

nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
2004-09-28 16:34:51 +08:00
/*
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
2004-09-30 00:00:49 +08:00
* Copyright (C) Igor Sysoev
Copyright updated.
2012-01-18 23:07:43 +08:00
* Copyright (C) Nginx, Inc.
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
2004-09-28 16:34:51 +08:00
*/
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_http.h>
typedef struct {
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
in_addr_t mask;
in_addr_t addr;
ngx_uint_t deny; /* unsigned deny:1; */
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
} ngx_http_access_rule_t;
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#if (NGX_HAVE_INET6)
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
typedef struct {
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
struct in6_addr addr;
struct in6_addr mask;
ngx_uint_t deny; /* unsigned deny:1; */
} ngx_http_access_rule6_t;
#endif
typedef struct {
ngx_array_t *rules; /* array of ngx_http_access_rule_t */
#if (NGX_HAVE_INET6)
ngx_array_t *rules6; /* array of ngx_http_access_rule6_t */
#endif
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
} ngx_http_access_loc_conf_t;
static ngx_int_t ngx_http_access_handler(ngx_http_request_t *r);
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
static ngx_int_t ngx_http_access_inet(ngx_http_request_t *r,
ngx_http_access_loc_conf_t *alcf, in_addr_t addr);
#if (NGX_HAVE_INET6)
static ngx_int_t ngx_http_access_inet6(ngx_http_request_t *r,
ngx_http_access_loc_conf_t *alcf, u_char *p);
#endif
static ngx_int_t ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd,
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
void *conf);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
static void *ngx_http_access_create_loc_conf(ngx_conf_t *cf);
static char *ngx_http_access_merge_loc_conf(ngx_conf_t *cf,
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
void *parent, void *child);
nginx-0.4.0-RELEASE import *) Change in internal API: the HTTP modules initialization was moved from the init module phase to the HTTP postconfiguration phase. *) Change: now the request body is not read beforehand for the ngx_http_perl_module: it's required to start the reading using the $r->has_request_body method. *) Feature: the ngx_http_perl_module supports the DECLINED return code. *) Feature: the ngx_http_dav_module supports the incoming "Date" header line for the PUT method. *) Feature: the "ssi" directive is available inside the "if" block. *) Bugfix: a segmentation fault occurred if there was an "index" directive with variables and the first index name was without variables; the bug had appeared in 0.1.29.
2006-08-30 18:39:17 +08:00
static ngx_int_t ngx_http_access_init(ngx_conf_t *cf);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
static ngx_command_t ngx_http_access_commands[] = {
{ ngx_string("allow"),
nginx-0.3.37-RELEASE import *) Feature: the "limit_except" directive. *) Feature: the "if" directive supports the "!~", "!~*", "-f", and "!-f" operators. *) Feature: the ngx_http_perl_module supports the $r->request_body method. *) Bugfix: in the ngx_http_addition_filter_module.
2006-04-07 22:08:04 +08:00
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF
|NGX_CONF_TAKE1,
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
ngx_http_access_rule,
NGX_HTTP_LOC_CONF_OFFSET,
0,
NULL },
{ ngx_string("deny"),
nginx-0.3.37-RELEASE import *) Feature: the "limit_except" directive. *) Feature: the "if" directive supports the "!~", "!~*", "-f", and "!-f" operators. *) Feature: the ngx_http_perl_module supports the $r->request_body method. *) Bugfix: in the ngx_http_addition_filter_module.
2006-04-07 22:08:04 +08:00
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF
|NGX_CONF_TAKE1,
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
ngx_http_access_rule,
NGX_HTTP_LOC_CONF_OFFSET,
0,
NULL },
ngx_null_command
};
nginx-0.3.55-RELEASE import *) Feature: the "stub" parameter in the "include" SSI command. *) Feature: the "block" SSI command. *) Feature: the unicode2nginx script was added to contrib. *) Bugfix: if a "root" was specified by variable only, then the root was relative to a server prefix. *) Bugfix: if the request contained "//" or "/./" and escaped symbols after them, then the proxied request was sent unescaped. *) Bugfix: the $r->headers_in("Cookie") of the ngx_http_perl_module now returns all "Cookie" header lines. *) Bugfix: a segmentation fault occurred if "client_body_in_file_only on" was used and nginx switched to a next upstream. *) Bugfix: on some condition while reconfiguration character codes inside the "charset_map" may be treated invalid; the bug had appeared in 0.3.50.
2006-07-28 23:16:17 +08:00
static ngx_http_module_t ngx_http_access_module_ctx = {
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
NULL, /* preconfiguration */
nginx-0.4.0-RELEASE import *) Change in internal API: the HTTP modules initialization was moved from the init module phase to the HTTP postconfiguration phase. *) Change: now the request body is not read beforehand for the ngx_http_perl_module: it's required to start the reading using the $r->has_request_body method. *) Feature: the ngx_http_perl_module supports the DECLINED return code. *) Feature: the ngx_http_dav_module supports the incoming "Date" header line for the PUT method. *) Feature: the "ssi" directive is available inside the "if" block. *) Bugfix: a segmentation fault occurred if there was an "index" directive with variables and the first index name was without variables; the bug had appeared in 0.1.29.
2006-08-30 18:39:17 +08:00
ngx_http_access_init, /* postconfiguration */
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
NULL, /* create main configuration */
NULL, /* init main configuration */
NULL, /* create server configuration */
NULL, /* merge server configuration */
ngx_http_access_create_loc_conf, /* create location configuration */
ngx_http_access_merge_loc_conf /* merge location configuration */
};
ngx_module_t ngx_http_access_module = {
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
NGX_MODULE_V1,
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
&ngx_http_access_module_ctx, /* module context */
ngx_http_access_commands, /* module directives */
NGX_HTTP_MODULE, /* module type */
nginx-0.1.45-RELEASE import *) Change: the "ssl_engine" directive was canceled in the ngx_http_ssl_module and now is introduced at global level. *) Bugfix: the responses with SSI subrequests did not transferred via SSL connection. *) Various bug fixes in the IMAP/POP3 proxy.
2005-09-08 22:36:09 +08:00
NULL, /* init master */
nginx-0.4.0-RELEASE import *) Change in internal API: the HTTP modules initialization was moved from the init module phase to the HTTP postconfiguration phase. *) Change: now the request body is not read beforehand for the ngx_http_perl_module: it's required to start the reading using the $r->has_request_body method. *) Feature: the ngx_http_perl_module supports the DECLINED return code. *) Feature: the ngx_http_dav_module supports the incoming "Date" header line for the PUT method. *) Feature: the "ssi" directive is available inside the "if" block. *) Bugfix: a segmentation fault occurred if there was an "index" directive with variables and the first index name was without variables; the bug had appeared in 0.1.29.
2006-08-30 18:39:17 +08:00
NULL, /* init module */
nginx-0.1.45-RELEASE import *) Change: the "ssl_engine" directive was canceled in the ngx_http_ssl_module and now is introduced at global level. *) Bugfix: the responses with SSI subrequests did not transferred via SSL connection. *) Various bug fixes in the IMAP/POP3 proxy.
2005-09-08 22:36:09 +08:00
NULL, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
NULL, /* exit master */
NGX_MODULE_V1_PADDING
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
};
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
static ngx_int_t
ngx_http_access_handler(ngx_http_request_t *r)
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
{
nginx-0.1.14-RELEASE import *) Feature: the autoconfiguration directives: --http-client-body-temp-path=PATH, --http-proxy-temp-path=PATH, and --http-fastcgi-temp-path=PATH *) Change: the directory name for the temporary files with the client request body is specified by directive client_body_temp_path, by default it is <prefix>/client_body_temp. *) Feature: the ngx_http_fastcgi_module and the directives: fastcgi_pass, fastcgi_root, fastcgi_index, fastcgi_params, fastcgi_connect_timeout, fastcgi_send_timeout, fastcgi_read_timeout, fastcgi_send_lowat, fastcgi_header_buffer_size, fastcgi_buffers, fastcgi_busy_buffers_size, fastcgi_temp_path, fastcgi_max_temp_file_size, fastcgi_temp_file_write_size, fastcgi_next_upstream, and fastcgi_x_powered_by. *) Bugfix: the "[alert] zero size buf" error; the bug had appeared in 0.1.3. *) Change: the URI must be specified after the host name in the proxy_pass directive. *) Change: the %3F symbol in the URI was considered as the argument string start. *) Feature: the unix domain sockets support in the ngx_http_proxy_module. *) Feature: the ssl_engine and ssl_ciphers directives. Thanks to Sergey Skvortsov for SSL-accelerator.
2005-01-18 21:03:58 +08:00
struct sockaddr_in *sin;
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
ngx_http_access_loc_conf_t *alcf;
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
2011-05-16 22:01:23 +08:00
#if (NGX_HAVE_INET6)
u_char *p;
in_addr_t addr;
struct sockaddr_in6 *sin6;
#endif
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
alcf = ngx_http_get_module_loc_conf(r, ngx_http_access_module);
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
2011-05-16 22:01:23 +08:00
switch (r->connection->sockaddr->sa_family) {
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
2011-05-16 22:01:23 +08:00
case AF_INET:
if (alcf->rules) {
sin = (struct sockaddr_in *) r->connection->sockaddr;
return ngx_http_access_inet(r, alcf, sin->sin_addr.s_addr);
}
break;
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
2011-05-16 22:01:23 +08:00
#if (NGX_HAVE_INET6)
case AF_INET6:
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
sin6 = (struct sockaddr_in6 *) r->connection->sockaddr;
p = sin6->sin6_addr.s6_addr;
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
2011-05-16 22:01:23 +08:00
if (alcf->rules && IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
addr = p[12] << 24;
addr += p[13] << 16;
addr += p[14] << 8;
addr += p[15];
return ngx_http_access_inet(r, alcf, htonl(addr));
}
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
2011-05-16 22:01:23 +08:00
if (alcf->rules6) {
return ngx_http_access_inet6(r, alcf, p);
}
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#endif
a prelimiary IPv6 support, HTTP listen
2009-02-21 15:02:02 +08:00
}
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
return NGX_DECLINED;
}
static ngx_int_t
ngx_http_access_inet(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf,
in_addr_t addr)
{
ngx_uint_t i;
ngx_http_access_rule_t *rule;
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
rule = alcf->rules->elts;
for (i = 0; i < alcf->rules->nelts; i++) {
nginx-0.1.5-RELEASE import *) Bugfix: on Solaris and Linux there may be too many "recvmsg() returned not enough data" alerts. *) Bugfix: there were the "writev() failed (22: Invalid argument)" errors on Solaris in proxy mode without sendfile. On other platforms that do not support sendfile at all the process got caught in an endless loop. *) Bugfix: segmentation fault on Solaris in proxy mode and using sendfile. *) Bugfix: segmentation fault on Solaris. *) Bugfix: on-line upgrade did not work on Linux. *) Bugfix: the ngx_http_autoindex_module module did not escape the spaces, the quotes, and the percent signs in the directory listing. *) Change: the decrease of the copy operations. *) Feature: the userid_p3p directive.
2004-11-11 22:07:14 +08:00
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
"access: %08XD %08XD %08XD",
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
addr, rule[i].mask, rule[i].addr);
if ((addr & rule[i].mask) == rule[i].addr) {
return ngx_http_access_found(r, rule[i].deny);
}
}
return NGX_DECLINED;
}
nginx-0.0.9-2004-07-30-21:05:14 import
2004-07-31 01:05:14 +08:00
nginx-0.3.53-RELEASE import *) Change: the "add_header" directive adds the string to 204, 301, and 302 responses. *) Feature: the "server" directive in the "upstream" context supports the "weight" parameter. *) Feature: the "server_name" directive supports the "*" wildcard. *) Feature: nginx supports the request body size more than 2G. *) Bugfix: if a client was successfully authorized using "satisfy_any on", then anyway the message "access forbidden by rule" was written in the log. *) Bugfix: the "PUT" method may erroneously not create a file and return the 409 code. *) Bugfix: if the IMAP/POP3 backend returned an error, then nginx continued proxying anyway.
2006-07-08 00:33:19 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#if (NGX_HAVE_INET6)
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
static ngx_int_t
ngx_http_access_inet6(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf,
u_char *p)
{
ngx_uint_t n;
ngx_uint_t i;
ngx_http_access_rule6_t *rule6;
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
rule6 = alcf->rules6->elts;
for (i = 0; i < alcf->rules6->nelts; i++) {
#if (NGX_DEBUG)
{
size_t cl, ml, al;
u_char ct[NGX_INET6_ADDRSTRLEN];
u_char mt[NGX_INET6_ADDRSTRLEN];
u_char at[NGX_INET6_ADDRSTRLEN];
cl = ngx_inet6_ntop(p, ct, NGX_INET6_ADDRSTRLEN);
ml = ngx_inet6_ntop(rule6[i].mask.s6_addr, mt, NGX_INET6_ADDRSTRLEN);
al = ngx_inet6_ntop(rule6[i].addr.s6_addr, at, NGX_INET6_ADDRSTRLEN);
fix building by msvc7
2010-07-09 00:17:11 +08:00
ngx_log_debug6(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
"access: %*s %*s %*s", cl, ct, ml, mt, al, at);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
}
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#endif
for (n = 0; n < 16; n++) {
if ((p[n] & rule6[i].mask.s6_addr[n]) != rule6[i].addr.s6_addr[n]) {
goto next;
}
}
return ngx_http_access_found(r, rule6[i].deny);
next:
continue;
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
}
return NGX_DECLINED if access directives are not active, this fixes case when satisfy any does not test active directives at all
2007-12-27 22:15:34 +08:00
return NGX_DECLINED;
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
}
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#endif
static ngx_int_t
ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny)
{
ngx_http_core_loc_conf_t *clcf;
if (deny) {
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
if (clcf->satisfy == NGX_HTTP_SATISFY_ALL) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"access forbidden by rule");
}
return NGX_HTTP_FORBIDDEN;
}
return NGX_OK;
}
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
static char *
ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
{
ngx_http_access_loc_conf_t *alcf = conf;
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
ngx_int_t rc;
ngx_uint_t all;
ngx_str_t *value;
ngx_cidr_t cidr;
ngx_http_access_rule_t *rule;
#if (NGX_HAVE_INET6)
ngx_http_access_rule6_t *rule6;
#endif
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
ngx_memzero(&cidr, sizeof(ngx_cidr_t));
value = cf->args->elts;
all = (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0);
if (!all) {
rc = ngx_ptocidr(&value[1], &cidr);
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid parameter \"%V\"", &value[1]);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
return NGX_CONF_ERROR;
}
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", &value[1]);
}
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
}
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
switch (cidr.family) {
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#if (NGX_HAVE_INET6)
case AF_INET6:
case 0: /* all */
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
if (alcf->rules6 == NULL) {
alcf->rules6 = ngx_array_create(cf->pool, 4,
sizeof(ngx_http_access_rule6_t));
if (alcf->rules6 == NULL) {
return NGX_CONF_ERROR;
}
}
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
rule6 = ngx_array_push(alcf->rules6);
if (rule6 == NULL) {
return NGX_CONF_ERROR;
}
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
rule6->mask = cidr.u.in6.mask;
rule6->addr = cidr.u.in6.addr;
rule6->deny = (value[0].data[0] == 'd') ? 1 : 0;
ignore meaningless bits in CIDR and warn about them
2007-08-10 21:13:28 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
if (!all) {
break;
}
ignore meaningless bits in CIDR and warn about them
2007-08-10 21:13:28 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
/* "all" passes through */
#endif
prepare ngx_ptocidr() for IPv6
2009-02-24 22:01:40 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
default: /* AF_INET */
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
if (alcf->rules == NULL) {
alcf->rules = ngx_array_create(cf->pool, 4,
sizeof(ngx_http_access_rule_t));
if (alcf->rules == NULL) {
return NGX_CONF_ERROR;
}
}
rule = ngx_array_push(alcf->rules);
if (rule == NULL) {
return NGX_CONF_ERROR;
}
rule->mask = cidr.u.in.mask;
rule->addr = cidr.u.in.addr;
rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
}
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
return NGX_CONF_OK;
}
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
static void *
ngx_http_access_create_loc_conf(ngx_conf_t *cf)
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
{
ngx_http_access_loc_conf_t *conf;
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_access_loc_conf_t));
if (conf == NULL) {
return NULL instead of NGX_CONF_ERROR on a create conf failure
2009-06-03 00:09:44 +08:00
return NULL;
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
}
return conf;
}
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
static char *
ngx_http_access_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
{
ngx_http_access_loc_conf_t *prev = parent;
ngx_http_access_loc_conf_t *conf = child;
Access module: fixed inheritance of allow/deny ipv6 rules. Previous (incorrect) behaviour was to inherit ipv6 rules separately from ipv4 ones. Now all rules are either inherited (if there are no rules defined at current level) or not (if there are any rules defined).
2012-04-10 21:25:53 +08:00
#if (NGX_HAVE_INET6)
if (conf->rules == NULL && conf->rules6 == NULL) {
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
conf->rules = prev->rules;
Access module: fixed inheritance of allow/deny ipv6 rules. Previous (incorrect) behaviour was to inherit ipv6 rules separately from ipv4 ones. Now all rules are either inherited (if there are no rules defined at current level) or not (if there are any rules defined).
2012-04-10 21:25:53 +08:00
conf->rules6 = prev->rules6;
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
}
Access module: fixed inheritance of allow/deny ipv6 rules. Previous (incorrect) behaviour was to inherit ipv6 rules separately from ipv4 ones. Now all rules are either inherited (if there are no rules defined at current level) or not (if there are any rules defined).
2012-04-10 21:25:53 +08:00
#else
if (conf->rules == NULL) {
conf->rules = prev->rules;
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
}
Access module: fixed inheritance of allow/deny ipv6 rules. Previous (incorrect) behaviour was to inherit ipv6 rules separately from ipv4 ones. Now all rules are either inherited (if there are no rules defined at current level) or not (if there are any rules defined).
2012-04-10 21:25:53 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#endif
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
return NGX_CONF_OK;
}
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
static ngx_int_t
nginx-0.4.0-RELEASE import *) Change in internal API: the HTTP modules initialization was moved from the init module phase to the HTTP postconfiguration phase. *) Change: now the request body is not read beforehand for the ngx_http_perl_module: it's required to start the reading using the $r->has_request_body method. *) Feature: the ngx_http_perl_module supports the DECLINED return code. *) Feature: the ngx_http_dav_module supports the incoming "Date" header line for the PUT method. *) Feature: the "ssi" directive is available inside the "if" block. *) Bugfix: a segmentation fault occurred if there was an "index" directive with variables and the first index name was without variables; the bug had appeared in 0.1.29.
2006-08-30 18:39:17 +08:00
ngx_http_access_init(ngx_conf_t *cf)
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
{
ngx_http_handler_pt *h;
ngx_http_core_main_conf_t *cmcf;
nginx-0.4.0-RELEASE import *) Change in internal API: the HTTP modules initialization was moved from the init module phase to the HTTP postconfiguration phase. *) Change: now the request body is not read beforehand for the ngx_http_perl_module: it's required to start the reading using the $r->has_request_body method. *) Feature: the ngx_http_perl_module supports the DECLINED return code. *) Feature: the ngx_http_dav_module supports the incoming "Date" header line for the PUT method. *) Feature: the "ssi" directive is available inside the "if" block. *) Bugfix: a segmentation fault occurred if there was an "index" directive with variables and the first index name was without variables; the bug had appeared in 0.1.29.
2006-08-30 18:39:17 +08:00
cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
if (h == NULL) {
return NGX_ERROR;
}
*h = ngx_http_access_handler;
return NGX_OK;
}
Reference in New Issue Copy Permalink