mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-12-17 23:27:49 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
529b5f1938
nginx/src/http/modules/ngx_http_access_module.c

377 lines
9.6 KiB
C
Raw Normal View History

nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
2004-09-28 16:34:51 +08:00
/*
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
2004-09-30 00:00:49 +08:00
* Copyright (C) Igor Sysoev
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
2004-09-28 16:34:51 +08:00
*/
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_http.h>
typedef struct {
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
in_addr_t mask;
in_addr_t addr;
ngx_uint_t deny; /* unsigned deny:1; */
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
} ngx_http_access_rule_t;
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#if (NGX_HAVE_INET6)
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
typedef struct {
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
struct in6_addr addr;
struct in6_addr mask;
ngx_uint_t deny; /* unsigned deny:1; */
} ngx_http_access_rule6_t;
#endif
typedef struct {
ngx_array_t *rules; /* array of ngx_http_access_rule_t */
#if (NGX_HAVE_INET6)
ngx_array_t *rules6; /* array of ngx_http_access_rule6_t */
#endif
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
} ngx_http_access_loc_conf_t;
static ngx_int_t ngx_http_access_handler(ngx_http_request_t *r);
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
static ngx_int_t ngx_http_access_inet(ngx_http_request_t *r,
ngx_http_access_loc_conf_t *alcf, in_addr_t addr);
#if (NGX_HAVE_INET6)
static ngx_int_t ngx_http_access_inet6(ngx_http_request_t *r,
ngx_http_access_loc_conf_t *alcf, u_char *p);
#endif
static ngx_int_t ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd,
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
void *conf);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
static void *ngx_http_access_create_loc_conf(ngx_conf_t *cf);
static char *ngx_http_access_merge_loc_conf(ngx_conf_t *cf,
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
void *parent, void *child);
nginx-0.4.0-RELEASE import *) Change in internal API: the HTTP modules initialization was moved from the init module phase to the HTTP postconfiguration phase. *) Change: now the request body is not read beforehand for the ngx_http_perl_module: it's required to start the reading using the $r->has_request_body method. *) Feature: the ngx_http_perl_module supports the DECLINED return code. *) Feature: the ngx_http_dav_module supports the incoming "Date" header line for the PUT method. *) Feature: the "ssi" directive is available inside the "if" block. *) Bugfix: a segmentation fault occurred if there was an "index" directive with variables and the first index name was without variables; the bug had appeared in 0.1.29.
2006-08-30 18:39:17 +08:00
static ngx_int_t ngx_http_access_init(ngx_conf_t *cf);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
static ngx_command_t ngx_http_access_commands[] = {
{ ngx_string("allow"),
nginx-0.3.37-RELEASE import *) Feature: the "limit_except" directive. *) Feature: the "if" directive supports the "!~", "!~*", "-f", and "!-f" operators. *) Feature: the ngx_http_perl_module supports the $r->request_body method. *) Bugfix: in the ngx_http_addition_filter_module.
2006-04-07 22:08:04 +08:00
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF
|NGX_CONF_TAKE1,
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
ngx_http_access_rule,
NGX_HTTP_LOC_CONF_OFFSET,
0,
NULL },
{ ngx_string("deny"),
nginx-0.3.37-RELEASE import *) Feature: the "limit_except" directive. *) Feature: the "if" directive supports the "!~", "!~*", "-f", and "!-f" operators. *) Feature: the ngx_http_perl_module supports the $r->request_body method. *) Bugfix: in the ngx_http_addition_filter_module.
2006-04-07 22:08:04 +08:00
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF
|NGX_CONF_TAKE1,
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
ngx_http_access_rule,
NGX_HTTP_LOC_CONF_OFFSET,
0,
NULL },
ngx_null_command
};
nginx-0.3.55-RELEASE import *) Feature: the "stub" parameter in the "include" SSI command. *) Feature: the "block" SSI command. *) Feature: the unicode2nginx script was added to contrib. *) Bugfix: if a "root" was specified by variable only, then the root was relative to a server prefix. *) Bugfix: if the request contained "//" or "/./" and escaped symbols after them, then the proxied request was sent unescaped. *) Bugfix: the $r->headers_in("Cookie") of the ngx_http_perl_module now returns all "Cookie" header lines. *) Bugfix: a segmentation fault occurred if "client_body_in_file_only on" was used and nginx switched to a next upstream. *) Bugfix: on some condition while reconfiguration character codes inside the "charset_map" may be treated invalid; the bug had appeared in 0.3.50.
2006-07-28 23:16:17 +08:00
static ngx_http_module_t ngx_http_access_module_ctx = {
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
NULL, /* preconfiguration */
nginx-0.4.0-RELEASE import *) Change in internal API: the HTTP modules initialization was moved from the init module phase to the HTTP postconfiguration phase. *) Change: now the request body is not read beforehand for the ngx_http_perl_module: it's required to start the reading using the $r->has_request_body method. *) Feature: the ngx_http_perl_module supports the DECLINED return code. *) Feature: the ngx_http_dav_module supports the incoming "Date" header line for the PUT method. *) Feature: the "ssi" directive is available inside the "if" block. *) Bugfix: a segmentation fault occurred if there was an "index" directive with variables and the first index name was without variables; the bug had appeared in 0.1.29.
2006-08-30 18:39:17 +08:00
ngx_http_access_init, /* postconfiguration */
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
NULL, /* create main configuration */
NULL, /* init main configuration */
NULL, /* create server configuration */
NULL, /* merge server configuration */
ngx_http_access_create_loc_conf, /* create location configuration */
ngx_http_access_merge_loc_conf /* merge location configuration */
};
ngx_module_t ngx_http_access_module = {
nginx-0.1.29-RELEASE import *) Feature: the ngx_http_ssi_module supports "include virtual" command. *) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. *) Feature: the "ssi_ignore_recycled_buffers" directive. *) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. *) Change: the ngx_http_proxy_module was rewritten. *) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. *) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. *) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. *) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. *) Feature: the "fastcgi_param" directive. *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. *) Feature: the "index" directive can use the variables. *) Feature: the "index" directive can be used at http and server levels. *) Change: the last index only in the "index" directive can be absolute. *) Feature: the "rewrite" directive can use the variables. *) Feature: the "internal" directive. *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. *) Change: nginx now passes the invalid lines in a client request headers or a backend response header. *) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. *) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. *) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. *) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. *) Bugfix: nginx did not take into account trailing dot in "Host" header line. *) Bugfix: the ngx_http_auth_module did not work under Linux. *) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 22:58:06 +08:00
NGX_MODULE_V1,
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
&ngx_http_access_module_ctx, /* module context */
ngx_http_access_commands, /* module directives */
NGX_HTTP_MODULE, /* module type */
nginx-0.1.45-RELEASE import *) Change: the "ssl_engine" directive was canceled in the ngx_http_ssl_module and now is introduced at global level. *) Bugfix: the responses with SSI subrequests did not transferred via SSL connection. *) Various bug fixes in the IMAP/POP3 proxy.
2005-09-08 22:36:09 +08:00
NULL, /* init master */
nginx-0.4.0-RELEASE import *) Change in internal API: the HTTP modules initialization was moved from the init module phase to the HTTP postconfiguration phase. *) Change: now the request body is not read beforehand for the ngx_http_perl_module: it's required to start the reading using the $r->has_request_body method. *) Feature: the ngx_http_perl_module supports the DECLINED return code. *) Feature: the ngx_http_dav_module supports the incoming "Date" header line for the PUT method. *) Feature: the "ssi" directive is available inside the "if" block. *) Bugfix: a segmentation fault occurred if there was an "index" directive with variables and the first index name was without variables; the bug had appeared in 0.1.29.
2006-08-30 18:39:17 +08:00
NULL, /* init module */
nginx-0.1.45-RELEASE import *) Change: the "ssl_engine" directive was canceled in the ngx_http_ssl_module and now is introduced at global level. *) Bugfix: the responses with SSI subrequests did not transferred via SSL connection. *) Various bug fixes in the IMAP/POP3 proxy.
2005-09-08 22:36:09 +08:00
NULL, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
NULL, /* exit master */
NGX_MODULE_V1_PADDING
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
};
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
static ngx_int_t
ngx_http_access_handler(ngx_http_request_t *r)
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
{
nginx-0.1.14-RELEASE import *) Feature: the autoconfiguration directives: --http-client-body-temp-path=PATH, --http-proxy-temp-path=PATH, and --http-fastcgi-temp-path=PATH *) Change: the directory name for the temporary files with the client request body is specified by directive client_body_temp_path, by default it is <prefix>/client_body_temp. *) Feature: the ngx_http_fastcgi_module and the directives: fastcgi_pass, fastcgi_root, fastcgi_index, fastcgi_params, fastcgi_connect_timeout, fastcgi_send_timeout, fastcgi_read_timeout, fastcgi_send_lowat, fastcgi_header_buffer_size, fastcgi_buffers, fastcgi_busy_buffers_size, fastcgi_temp_path, fastcgi_max_temp_file_size, fastcgi_temp_file_write_size, fastcgi_next_upstream, and fastcgi_x_powered_by. *) Bugfix: the "[alert] zero size buf" error; the bug had appeared in 0.1.3. *) Change: the URI must be specified after the host name in the proxy_pass directive. *) Change: the %3F symbol in the URI was considered as the argument string start. *) Feature: the unix domain sockets support in the ngx_http_proxy_module. *) Feature: the ssl_engine and ssl_ciphers directives. Thanks to Sergey Skvortsov for SSL-accelerator.
2005-01-18 21:03:58 +08:00
struct sockaddr_in *sin;
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
ngx_http_access_loc_conf_t *alcf;
alcf = ngx_http_get_module_loc_conf(r, ngx_http_access_module);
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#if (NGX_HAVE_INET6)
fix segfault if no rules are defined, introduced in r3279
2009-11-04 00:04:07 +08:00
if (alcf->rules6 && r->connection->sockaddr->sa_family == AF_INET6) {
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
u_char *p;
in_addr_t addr;
struct sockaddr_in6 *sin6;
sin6 = (struct sockaddr_in6 *) r->connection->sockaddr;
p = sin6->sin6_addr.s6_addr;
if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
addr = p[12] << 24;
addr += p[13] << 16;
addr += p[14] << 8;
addr += p[15];
return ngx_http_access_inet(r, alcf, htonl(addr));
}
return ngx_http_access_inet6(r, alcf, p);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
}
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#endif
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
fix segfault if no rules are defined, introduced in r3279
2009-11-04 00:04:07 +08:00
if (alcf->rules && r->connection->sockaddr->sa_family == AF_INET) {
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
sin = (struct sockaddr_in *) r->connection->sockaddr;
return ngx_http_access_inet(r, alcf, sin->sin_addr.s_addr);
a prelimiary IPv6 support, HTTP listen
2009-02-21 15:02:02 +08:00
}
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
return NGX_DECLINED;
}
static ngx_int_t
ngx_http_access_inet(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf,
in_addr_t addr)
{
ngx_uint_t i;
ngx_http_access_rule_t *rule;
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
rule = alcf->rules->elts;
for (i = 0; i < alcf->rules->nelts; i++) {
nginx-0.1.5-RELEASE import *) Bugfix: on Solaris and Linux there may be too many "recvmsg() returned not enough data" alerts. *) Bugfix: there were the "writev() failed (22: Invalid argument)" errors on Solaris in proxy mode without sendfile. On other platforms that do not support sendfile at all the process got caught in an endless loop. *) Bugfix: segmentation fault on Solaris in proxy mode and using sendfile. *) Bugfix: segmentation fault on Solaris. *) Bugfix: on-line upgrade did not work on Linux. *) Bugfix: the ngx_http_autoindex_module module did not escape the spaces, the quotes, and the percent signs in the directory listing. *) Change: the decrease of the copy operations. *) Feature: the userid_p3p directive.
2004-11-11 22:07:14 +08:00
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
nginx-0.3.8-RELEASE import *) Security: nginx now checks URI got from a backend in "X-Accel-Redirect" header line or in SSI file for the "/../" paths and zeroes. *) Change: nginx now does not treat the empty user name in the "Authorization" header line as valid one. *) Feature: the "ssl_session_timeout" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the "auth_http_header" directive of the ngx_imap_auth_http_module. *) Feature: the "add_header" directive. *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, $request_time, $request_length, $upstream_status, $upstream_response_time, $gzip_ratio, $uid_got, $uid_set, $connection, $pipe, and $msec. The parameters in the "%name" form will be canceled soon. *) Change: now the false variable values in the "if" directive are the empty string "" and string starting with "0". *) Bugfix: while using proxied or FastCGI-server nginx may leave connections and temporary files with client requests in open state. *) Bugfix: the worker processes did not flush the buffered logs on graceful exit. *) Bugfix: if the request URI was changes by the "rewrite" directive and the request was proxied in location given by regular expression, then the incorrect request was transferred to backend; the bug had appeared in 0.2.6. *) Bugfix: the "expires" directive did not remove the previous "Expires" header. *) Bugfix: nginx may stop to accept requests if the "rtsig" method and several worker processes were used. *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in SSI commands. *) Bugfix: if the response was ended just after the SSI command and gzipping was used, then the response did not transferred complete or did not transferred at all.
2005-11-10 01:25:55 +08:00
"access: %08XD %08XD %08XD",
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
addr, rule[i].mask, rule[i].addr);
if ((addr & rule[i].mask) == rule[i].addr) {
return ngx_http_access_found(r, rule[i].deny);
}
}
return NGX_DECLINED;
}
nginx-0.0.9-2004-07-30-21:05:14 import
2004-07-31 01:05:14 +08:00
nginx-0.3.53-RELEASE import *) Change: the "add_header" directive adds the string to 204, 301, and 302 responses. *) Feature: the "server" directive in the "upstream" context supports the "weight" parameter. *) Feature: the "server_name" directive supports the "*" wildcard. *) Feature: nginx supports the request body size more than 2G. *) Bugfix: if a client was successfully authorized using "satisfy_any on", then anyway the message "access forbidden by rule" was written in the log. *) Bugfix: the "PUT" method may erroneously not create a file and return the 409 code. *) Bugfix: if the IMAP/POP3 backend returned an error, then nginx continued proxying anyway.
2006-07-08 00:33:19 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#if (NGX_HAVE_INET6)
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
static ngx_int_t
ngx_http_access_inet6(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf,
u_char *p)
{
ngx_uint_t n;
ngx_uint_t i;
ngx_http_access_rule6_t *rule6;
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
rule6 = alcf->rules6->elts;
for (i = 0; i < alcf->rules6->nelts; i++) {
#if (NGX_DEBUG)
{
size_t cl, ml, al;
u_char ct[NGX_INET6_ADDRSTRLEN];
u_char mt[NGX_INET6_ADDRSTRLEN];
u_char at[NGX_INET6_ADDRSTRLEN];
cl = ngx_inet6_ntop(p, ct, NGX_INET6_ADDRSTRLEN);
ml = ngx_inet6_ntop(rule6[i].mask.s6_addr, mt, NGX_INET6_ADDRSTRLEN);
al = ngx_inet6_ntop(rule6[i].addr.s6_addr, at, NGX_INET6_ADDRSTRLEN);
fix building by msvc7
2010-07-09 00:17:11 +08:00
ngx_log_debug6(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
"access: %*s %*s %*s", cl, ct, ml, mt, al, at);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
}
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#endif
for (n = 0; n < 16; n++) {
if ((p[n] & rule6[i].mask.s6_addr[n]) != rule6[i].addr.s6_addr[n]) {
goto next;
}
}
return ngx_http_access_found(r, rule6[i].deny);
next:
continue;
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
}
return NGX_DECLINED if access directives are not active, this fixes case when satisfy any does not test active directives at all
2007-12-27 22:15:34 +08:00
return NGX_DECLINED;
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
}
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#endif
static ngx_int_t
ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny)
{
ngx_http_core_loc_conf_t *clcf;
if (deny) {
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
if (clcf->satisfy == NGX_HTTP_SATISFY_ALL) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"access forbidden by rule");
}
return NGX_HTTP_FORBIDDEN;
}
return NGX_OK;
}
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
static char *
ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
{
ngx_http_access_loc_conf_t *alcf = conf;
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
ngx_int_t rc;
ngx_uint_t all;
ngx_str_t *value;
ngx_cidr_t cidr;
ngx_http_access_rule_t *rule;
#if (NGX_HAVE_INET6)
ngx_http_access_rule6_t *rule6;
#endif
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
ngx_memzero(&cidr, sizeof(ngx_cidr_t));
value = cf->args->elts;
all = (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0);
if (!all) {
rc = ngx_ptocidr(&value[1], &cidr);
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid parameter \"%V\"", &value[1]);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
return NGX_CONF_ERROR;
}
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", &value[1]);
}
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
}
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
switch (cidr.family) {
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#if (NGX_HAVE_INET6)
case AF_INET6:
case 0: /* all */
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
if (alcf->rules6 == NULL) {
alcf->rules6 = ngx_array_create(cf->pool, 4,
sizeof(ngx_http_access_rule6_t));
if (alcf->rules6 == NULL) {
return NGX_CONF_ERROR;
}
}
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
rule6 = ngx_array_push(alcf->rules6);
if (rule6 == NULL) {
return NGX_CONF_ERROR;
}
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
rule6->mask = cidr.u.in6.mask;
rule6->addr = cidr.u.in6.addr;
rule6->deny = (value[0].data[0] == 'd') ? 1 : 0;
ignore meaningless bits in CIDR and warn about them
2007-08-10 21:13:28 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
if (!all) {
break;
}
ignore meaningless bits in CIDR and warn about them
2007-08-10 21:13:28 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
/* "all" passes through */
#endif
prepare ngx_ptocidr() for IPv6
2009-02-24 22:01:40 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
default: /* AF_INET */
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
if (alcf->rules == NULL) {
alcf->rules = ngx_array_create(cf->pool, 4,
sizeof(ngx_http_access_rule_t));
if (alcf->rules == NULL) {
return NGX_CONF_ERROR;
}
}
rule = ngx_array_push(alcf->rules);
if (rule == NULL) {
return NGX_CONF_ERROR;
}
rule->mask = cidr.u.in.mask;
rule->addr = cidr.u.in.addr;
rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
}
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
return NGX_CONF_OK;
}
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
static void *
ngx_http_access_create_loc_conf(ngx_conf_t *cf)
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
{
ngx_http_access_loc_conf_t *conf;
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_access_loc_conf_t));
if (conf == NULL) {
return NULL instead of NGX_CONF_ERROR on a create conf failure
2009-06-03 00:09:44 +08:00
return NULL;
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
}
return conf;
}
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
static char *
ngx_http_access_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
{
ngx_http_access_loc_conf_t *prev = parent;
ngx_http_access_loc_conf_t *conf = child;
if (conf->rules == NULL) {
conf->rules = prev->rules;
}
IPv6 support in ngx_http_access_module
2009-11-03 21:42:45 +08:00
#if (NGX_HAVE_INET6)
if (conf->rules6 == NULL) {
conf->rules6 = prev->rules6;
}
#endif
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
return NGX_CONF_OK;
}
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
static ngx_int_t
nginx-0.4.0-RELEASE import *) Change in internal API: the HTTP modules initialization was moved from the init module phase to the HTTP postconfiguration phase. *) Change: now the request body is not read beforehand for the ngx_http_perl_module: it's required to start the reading using the $r->has_request_body method. *) Feature: the ngx_http_perl_module supports the DECLINED return code. *) Feature: the ngx_http_dav_module supports the incoming "Date" header line for the PUT method. *) Feature: the "ssi" directive is available inside the "if" block. *) Bugfix: a segmentation fault occurred if there was an "index" directive with variables and the first index name was without variables; the bug had appeared in 0.1.29.
2006-08-30 18:39:17 +08:00
ngx_http_access_init(ngx_conf_t *cf)
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
{
ngx_http_handler_pt *h;
ngx_http_core_main_conf_t *cmcf;
nginx-0.4.0-RELEASE import *) Change in internal API: the HTTP modules initialization was moved from the init module phase to the HTTP postconfiguration phase. *) Change: now the request body is not read beforehand for the ngx_http_perl_module: it's required to start the reading using the $r->has_request_body method. *) Feature: the ngx_http_perl_module supports the DECLINED return code. *) Feature: the ngx_http_dav_module supports the incoming "Date" header line for the PUT method. *) Feature: the "ssi" directive is available inside the "if" block. *) Bugfix: a segmentation fault occurred if there was an "index" directive with variables and the first index name was without variables; the bug had appeared in 0.1.29.
2006-08-30 18:39:17 +08:00
cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
nginx-0.1.25-RELEASE import *) Bugfix: nginx did run on Linux parisc. *) Feature: nginx now does not start under FreeBSD if the sysctl kern.ipc.somaxconn value is too big. *) Bugfix: if a request was internally redirected by the ngx_http_index_module module to the ngx_http_proxy_module or ngx_http_fastcgi_module modules, then the index file was not closed after request completion. *) Feature: the "proxy_pass" can be used in location with regular expression. *) Feature: the ngx_http_rewrite_filter_module module supports the condition like "if ($HTTP_USER_AGENT ~ MSIE)". *) Bugfix: nginx started too slow if the large number of addresses and text values were used in the "geo" directive. *) Change: a variable name must be declared as "$name" in the "geo" directive. The previous variant without "$" is still supported, but will be removed soon. *) Feature: the "%{VARIABLE}v" logging parameter. *) Feature: the "set $name value" directive. *) Bugfix: gcc 4.0 compatibility. *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 20:38:37 +08:00
h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers);
nginx-0.0.7-2004-06-24-20:07:04 import
2004-06-25 00:07:04 +08:00
if (h == NULL) {
return NGX_ERROR;
}
*h = ngx_http_access_handler;
return NGX_OK;
}
Reference in New Issue Copy Permalink