Commit Graph

2592 Commits

Author SHA1 Message Date
Maxim Dounin
e6724ebe54 Version bump. 2012-04-12 16:34:59 +00:00
Maxim Dounin
7ae525bd90 Mp4: sanity checks cleanup. 2012-04-12 12:18:14 +00:00
Ruslan Ermilov
3f25e12517 Fixed buffer overflow when long URI is processed by "try_files" in
regex location with "alias" (fixes ticket #135).
2012-04-12 09:19:14 +00:00
Ruslan Ermilov
62b937b333 Fixed directives inheritance. 2012-04-11 09:56:30 +00:00
Maxim Dounin
b9c226abe0 Access module: fixed inheritance of allow/deny ipv6 rules.
Previous (incorrect) behaviour was to inherit ipv6 rules separately from
ipv4 ones.  Now all rules are either inherited (if there are no rules
defined at current level) or not (if there are any rules defined).
2012-04-10 13:25:53 +00:00
Igor Sysoev
3ef52765c8 Fixed debug logging. 2012-04-10 11:28:59 +00:00
Igor Sysoev
654a56e06a Fixed previous commit. 2012-04-10 11:27:43 +00:00
Igor Sysoev
cbc51bb295 Fixed mp4 module seek. 2012-04-10 11:21:47 +00:00
Ruslan Ermilov
47a04aaa27 Fixed spelling in multiline C comments. 2012-04-03 07:37:31 +00:00
Maxim Dounin
a5d4f66ad6 Upstream: reject upstreams without normal servers.
Such upstreams cause CPU hog later in the code as number of peers isn't
expected to be 0.  Currently this may happen either if there are only backup
servers defined in an upstream block, or if server with ipv6 address used
in an upstream block.
2012-04-02 21:29:35 +00:00
Maxim Dounin
525e1f75e4 Version bump. 2012-04-02 21:28:31 +00:00
Ruslan Ermilov
b4ab3ddf9d Corrected spelling of error message (ticket #136). 2012-03-29 19:47:27 +00:00
Ruslan Ermilov
feda353cb3 Replaced ngx_http_realip_from_t with ngx_in_cidr_t. 2012-03-28 09:29:09 +00:00
Ruslan Ermilov
52fcfd042e Fixed calculation of range boundaries. 2012-03-28 06:50:23 +00:00
Maxim Dounin
5d5c866bee Xslt: parser options now set with xmlCtxtUseOptions().
Note that "ctxt->loadsubset = 1" previously used isn't really correct as
ctxt->loadsubset is a bitfield now.  The use of xmlCtxtUseOptions() with
XML_PARSE_DTDLOAD is believed to be a better way to do the same thing.

Patch by Laurence Rowe.
2012-03-28 01:56:49 +00:00
Maxim Dounin
36aef0c383 Fixed unconditional MAX_PATH usage (ticket #22).
POSIX doesn't require it to be defined, and Debian GNU/Hurd doesn't define
it.  Note that if there is no MAX_PATH defined we have to use realpath()
with NULL argument and free() the result.
2012-03-27 16:42:34 +00:00
Maxim Dounin
1aa5fbb1a8 Added xslt_param and xslt_string_param directives.
Based on patch by Samuel Behan.
2012-03-22 10:44:00 +00:00
Maxim Dounin
3333c6c7c8 Fixed off-by-one in xslt parameter parsing.
The problem was introduced in 0.7.44 (r2589) during conversion to complex
values.  Previously string.len included space for terminating NUL, but
with complex values it doesn't.
2012-03-22 10:43:33 +00:00
Maxim Dounin
ae11f08cad Restricted keepalive_disable safari to OS X only.
The problem doesn't affect non-Apple systems for sure, and many pretend
to be Safari now.

Prodded by Piotr Sikora.
2012-03-22 10:42:27 +00:00
Maxim Dounin
dc863179a3 Removed safari from keepalive_disable default.
The bug in question is likely already fixed (though unfortunately we have
no information available as Apple's bugtracker isn't open), and the
workaround seems to be too pessimistic for modern versions of Safari
as well as other webkit-based browsers pretending to be Safari.
2012-03-22 10:41:29 +00:00
Ruslan Ermilov
d4b1e5f58b If we inserted "Last-Modified" in r->headers_out.headers, don't
forget to set the r->headers_out.last_modified pointer to it.
2012-03-21 07:35:43 +00:00
Ruslan Ermilov
89467caf43 Minor ngx_http_headers_filter_module.c code cleanup.
- Removed "hash" element from ngx_http_header_val_t which was always 1.
- Replaced NGX_HTTP_EXPIRES_* with ngx_http_expires_t enum type.
- Added prototype for ngx_http_add_header()
- Simplified ngx_http_set_last_modified().
2012-03-21 06:19:11 +00:00
Maxim Konovalov
acf6c79ac7 For the sake of case/switch code readability, 'fall through'
comments added.
2012-03-19 14:57:29 +00:00
Ruslan Ermilov
926ded6f4c Implemented $tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd, and
$tcpinfo_rcv_space variables.  Supported on Linux and FreeBSD.
2012-03-16 19:15:33 +00:00
Ruslan Ermilov
5d1d368cf4 Local variable "ngx_http_next_filter" renamed to "ngx_http_next_body_filter"
for consistency with other modules.
2012-03-15 20:08:58 +00:00
Ruslan Ermilov
849e3b09ae The "error_log" directive specified in the "http", "server", and
"location" sections now understands the special "stderr" parameter.
It was already treated specially when specified in the main section.
2012-03-15 20:04:50 +00:00
Ruslan Ermilov
091f6ffce6 Slight optimization in ngx_http_get_variable_index(). 2012-03-15 19:41:35 +00:00
Ruslan Ermilov
06733ae8cf - New variable: $connection_requests.
- While here, fixed format specifier for $connection.
2012-03-15 19:37:32 +00:00
Maxim Dounin
d694ff7798 Version bump. 2012-03-15 17:43:54 +00:00
Maxim Dounin
d1ed97b18b Headers with null character are now rejected.
Headers with NUL character aren't allowed by HTTP standard and may cause
various security problems.  They are now unconditionally rejected.
2012-03-15 11:27:57 +00:00
Maxim Dounin
eb526b7d7d Fixed incorrect ngx_cpystrn() usage in ngx_http_*_process_header().
This resulted in a disclosure of previously freed memory if upstream
server returned specially crafted response, potentially exposing
sensitive information.

Reported by Matthew Daley.
2012-03-15 11:27:12 +00:00
Maxim Dounin
030e235ec7 Fixed ssi and perl interaction.
Embedded perl module assumes there is a space for terminating NUL character,
make sure to provide it in all situations by allocating one extra byte for
value buffer.  Default ssi_value_length is reduced accordingly to
preserve 256 byte allocations.

While here, fixed another one byte value buffer overrun possible in
ssi_quoted_symbol_state.

Reported by Matthew Daley.
2012-03-15 11:23:07 +00:00
Maxim Dounin
205394e6f9 Uwsgi: merged r->http_version fixes from scgi module.
Fixed incorrect use of r->http_version (r4372).  Removed duplicate function
declaration (r4373).  Removed error if there is no Status header (r4374).
2012-03-15 11:21:54 +00:00
Maxim Dounin
ee187436af Whitespace fixes. 2012-03-05 18:09:06 +00:00
Maxim Dounin
382499aa1f Version bump. 2012-03-05 18:06:15 +00:00
Maxim Dounin
a95c85e78a Raised simultaneous subrequest limit from 50 to 200.
It wasn't enforced for a long time, and there are reports that people
use up to 100 simultaneous subrequests now.  As this is a safety limit
to prevent loops, it's raised accordingly.
2012-02-28 14:54:23 +00:00
Ruslan Ermilov
b74f8ffce4 Fixed spelling in single-line comments. 2012-02-28 11:31:05 +00:00
Maxim Dounin
7ca6c1ff78 Fix of rbtree lookup on hash collisions.
Previous code incorrectly assumed that nodes with identical keys are linked
together.  This might not be true after tree rebalance.

Patch by Lanshun Zhou.
2012-02-27 22:15:39 +00:00
Valentin Bartenev
5c95f88503 Disable symlinks: added the "from=" parameter to the "disable_symlinks"
directive.
2012-02-27 16:54:10 +00:00
Valentin Bartenev
0e05ca0404 Disable symlinks: initialization of the "disable_symlinks" field in
ngx_open_file_info_t moved to a separate function.

This is preparation for the "from=" parameter implementation of the
"disable_symlinks" directive.
2012-02-27 16:51:28 +00:00
Ruslan Ermilov
1c57fb8790 Added support for the 307 Temporary Redirect. 2012-02-27 11:43:40 +00:00
Ruslan Ermilov
09422e632f Renamed constants and fixed off-by-one error in "msie_padding on" handling. 2012-02-22 16:23:29 +00:00
Maxim Dounin
3c00e341ea Version bump. 2012-02-20 19:12:48 +00:00
Andrey Belov
8ce8f6667f Support for disable_symlinks in various modules. 2012-02-13 16:32:21 +00:00
Andrey Belov
bd1e719bf9 Added disable_symlinks directive.
To completely disable symlinks (disable_symlinks on)
we use openat(O_NOFOLLOW) for each path component
to avoid races.

To allow symlinks with the same owner (disable_symlinks if_not_owner),
use openat() (followed by fstat()) and fstatat(AT_SYMLINK_NOFOLLOW),
and then compare uids between fstat() and fstatat().

As there is a race between openat() and fstatat() we don't
know if openat() in fact opened symlink or not.  Therefore,
we have to compare uids even if fstatat() reports the opened
component isn't a symlink (as we don't know whether it was
symlink during openat() or not).

Default value is off, i.e. symlinks are allowed.
2012-02-13 16:29:04 +00:00
Maxim Dounin
9f38b20db5 Time parsing cleanup.
Nuke NGX_PARSE_LARGE_TIME, it's not used since 0.6.30.  The only error
ngx_parse_time() can currently return is NGX_ERROR, check it explicitly
and make sure to cast it to appropriate type (either time_t or ngx_msec_t)
to avoid signedness warnings on platforms with unsigned time_t (notably QNX).
2012-02-13 15:41:11 +00:00
Maxim Dounin
8cb7134f49 Fixed build with embedded perl and --with-openssl. 2012-02-13 15:38:48 +00:00
Maxim Dounin
7dff998495 Core: protection from cycles with named locations and post_action.
Now redirects to named locations are counted against normal uri changes
limit, and post_action respects this limit as well.  As a result at least
the following (bad) configurations no longer trigger infinite cycles:

1. Post action which recursively triggers post action:

    location / {
        post_action /index.html;
    }

2. Post action pointing to nonexistent named location:

    location / {
        post_action @nonexistent;
    }

3. Recursive error page for 500 (Internal Server Error) pointing to
   a nonexistent named location:

    location / {
        recursive_error_pages on;
        error_page 500 @nonexistent;
        return 500;
    }
2012-02-13 15:35:48 +00:00
Maxim Dounin
1b0ad6ee72 Core: protection from subrequest loops.
Without the protection, subrequest loop results in r->count overflow and
SIGSEGV.  Protection was broken in 0.7.25.

Note that this also limits number of parallel subrequests.  This
wasn't exactly the case before 0.7.25 as local subrequests were
completed directly.

See here for details:
http://nginx.org/pipermail/nginx-ru/2010-February/032184.html
2012-02-13 15:33:08 +00:00
Maxim Dounin
947fc03ca3 Variables: honor no_cacheable for not_found variables.
Variables with the "not_found" flag set follow the same rules as ones with
the "valid" flag set.  Make sure ngx_http_get_flushed_variable() will flush
non-cacheable variables with the "not_found" flag set.

This fixes at least one known problem with $args not available in a subrequest
(with args) when there were no args in the main request and $args variable was
queried in the main request (reported by Laurence Rowe aka elro on irc).

Also this eliminates unneeded call to ngx_http_get_indexed_variable() in
cacheable case (as it will return cached value anyway).
2012-02-13 15:31:07 +00:00
Maxim Dounin
01c133cda4 Fix for proxy_store leaving temporary files for subrequests.
Temporary files might not be removed if the "proxy_store" or "fastcgi_store"
directives were used for subrequests (e.g. ssi includes) and client closed
connection prematurely.

Non-active subrequests are finalized out of the control of the upstream
module when client closes a connection.  As a result, the code to remove
unfinished temporary files in ngx_http_upstream_process_request() wasn't
executed.

Fix is to move relevant code into ngx_http_upstream_finalize_request() which
is called in all cases, either directly or via the cleanup handler.
2012-02-13 15:28:19 +00:00
Maxim Dounin
71ce7a13ed Gzip filter: handling of empty flush buffers.
Empty flush buffers are legitimate and may happen e.g. due to $r->flush()
calls in embedded perl.  If there are no data buffered in zlib, deflate()
will return Z_BUF_ERROR (i.e. no progress possible) without adding anything
to output.  Don't treat Z_BUF_ERROR as fatal and correctly send empty flush
buffer if we have no data in output at all.

See this thread for details:
http://mailman.nginx.org/pipermail/nginx/2010-November/023693.html
2012-02-13 15:23:43 +00:00
Maxim Dounin
37c6228d43 Removed r->cache/r->cached dependencies in range filter.
This is a layering violation, use correct offset calculations instead.
2012-02-13 15:20:49 +00:00
Valentin Bartenev
a113cb3543 Proxy: added the "proxy_cookie_path" directive. 2012-02-13 11:08:05 +00:00
Valentin Bartenev
e9df2d6f46 Proxy: added the "proxy_cookie_domain" directive. 2012-02-13 11:04:45 +00:00
Valentin Bartenev
b3e3b2e75a Upstream: added callback hook for the "Set-Cookie" header.
No functional changes.
2012-02-13 11:01:58 +00:00
Valentin Bartenev
85551e58fe Proxy: generic regex related code from the "proxy_redirect" directive moved
to a separate function.

No functional changes.
2012-02-13 11:00:08 +00:00
Valentin Bartenev
7c611aa186 Proxy: generic rewrite code from the "proxy_redirect" handlers moved to a
separate function with trivial optimization.

No functional changes.
2012-02-13 10:56:09 +00:00
Valentin Bartenev
582dac116d Proxy: renamed some "proxy_redirect" related declarations to a more general and
reusable.

No functional changes.
2012-02-13 10:42:44 +00:00
Maxim Dounin
060b92451b Upstream: fixed "too big header" check.
If header filter postponed processing of a header by returning NGX_AGAIN
and not moved u->buffer->pos, previous check incorrectly assumed there
is additional space and did another recv() with zero-size buffer.  This
resulted in "upstream prematurely closed connection" error instead
of correct "upstream sent too big header" one.

Patch by Feibo Li.
2012-02-10 14:31:04 +00:00
Valentin Bartenev
9e8708cbd6 Limit conn: returned to the old behavior of using the first actual limit on
the way.

It was unintentionally changed in r4272, so that it could only limit the first
location where the processing of the request has reached PREACCESS phase.
2012-02-10 10:48:58 +00:00
Valentin Bartenev
e35ff2a08c Fixed module name in comment. It was forgotten in r4281. 2012-02-10 09:56:37 +00:00
Maxim Dounin
0f3d6715e7 Version bump. 2012-02-09 16:18:02 +00:00
Maxim Dounin
11cc9dac44 Limit req: unbreak compilation with MSVC. 2012-01-30 13:19:25 +00:00
Valentin Bartenev
3feafa765f Fixed proxy_redirect off inheritance.
Example configuration to reproduce:

  server {
      proxy_redirect off;

      location / {
          proxy_pass http://localhost:8000;
          proxy_redirect http://localhost:8000/ /;

          location ~ \.php$ {
              proxy_pass http://localhost:8000;
              # proxy_redirect must be inherited from the level above,
              # but instead it was switched off here
          }
      }
  }
2012-01-30 11:22:56 +00:00
Valentin Bartenev
b06200f3dc Limit req: support for multiple "limit_req" limits. 2012-01-30 10:17:56 +00:00
Valentin Bartenev
73d0b6a721 Limit req: number of cleanup calls reduced.
Doing a cleanup before every lookup seems to be too aggressive. It can lead to
premature removal of the nodes still usable, which increases the amount of work
under a mutex lock and therefore decreases performance.

In order to improve cleanup behavior, cleanup function call has been moved right
before the allocation of a new node.
2012-01-30 10:01:39 +00:00
Valentin Bartenev
8dab3b5a39 Limit req: allocation and initialization of a new node moved to the lookup
function.

No functional changes.
2012-01-30 09:41:49 +00:00
Valentin Bartenev
5f5205ba87 Limit req: improved error handling when parsing "zone" parameter of
"limit_req_zone" directive; minimum size of zone is increased.

Previously an unsigned variable was used to keep the return value of
ngx_parse_size() function, which led to an incorrect zone size if NGX_ERROR
was returned.

The new code has been taken from the "limit_conn_zone" directive.
2012-01-30 09:26:08 +00:00
Valentin Bartenev
d4dbf6ad59 Limit req: error messages fixed. 2012-01-30 09:02:29 +00:00
Maxim Dounin
b3e461e63c Fixed AIO error handling on FreeBSD.
The aio_return() must be called regardless of the error returned by
aio_error().  Not calling it resulted in various problems up to segmentation
faults (as AIO events are level-triggered and were reported again and again).

Additionally, in "aio sendfile" case r->blocked was incremented in case of
error returned from ngx_file_aio_read(), thus causing request hangs.
2012-01-30 07:39:47 +00:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Maxim Konovalov
8e1ef760da Version bump. 2012-01-18 15:04:17 +00:00
Maxim Dounin
9572920af0 Fixed handling of mp4 above 2G and 32bit offsets (ticket #84). 2012-01-16 11:03:27 +00:00
Maxim Dounin
2c55914a9f Fixed proxy_cache_use_stale in "no live upstreams" case. 2012-01-16 11:01:52 +00:00
Maxim Dounin
4efcbce328 Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Support for TLSv1.1 and TLSv1.2 protocols was introduced in OpenSSL 1.0.1
(-beta1 was recently released).  This change makes it possible to disable
these protocols and/or enable them without other protocols.
2012-01-11 11:15:00 +00:00
Maxim Dounin
f2ef9db230 Fixed limit_req burst/nodelay inheritance (ticket #76).
The problem was introduced in r4381 (1.1.12).
2012-01-11 11:09:05 +00:00
Valentin Bartenev
b8ef9d9255 Fixed: proxy_redirect with regex might broke Refresh header.
The problem was localized in ngx_http_proxy_rewrite_redirect_regex() handler
function which did not take into account prefix when overwriting header value.
2012-01-10 15:09:45 +00:00
Maxim Dounin
11f09dd07d Version bump. 2011-12-27 11:56:48 +00:00
Maxim Dounin
947bdfa7fe Fixed build without debug. 2011-12-26 11:33:11 +00:00
Maxim Dounin
da8a43dee9 Cache lock support for fastcgi, scgi, uwsgi. 2011-12-26 11:16:19 +00:00
Maxim Dounin
822fe46934 Cache locks initial implementation.
New directives: proxy_cache_lock on/off, proxy_cache_lock_timeout.  With
proxy_cache_lock set to on, only one request will be allowed to go to
upstream for a particular cache item.  Others will wait for a response
to appear in cache (or cache lock released) up to proxy_cache_lock_timeout.

Waiting requests will recheck if they have cached response ready (or are
allowed to run) every 500ms.

Note: we intentionally don't intercept NGX_DECLINED possibly returned by
ngx_http_file_cache_read().  This needs more work (possibly safe, but needs
further investigation).  Anyway, it's exceptional situation.

Note: probably there should be a way to disable caching of responses
if there is already one request fetching resource to cache (without waiting
at all).  Two possible ways include another cache lock option ("no_cache")
or using proxy_no_cache with some supplied variable.

Note: probably there should be a way to lock updating requests as well.  For
now "proxy_cache_use_stale updating" is available.
2011-12-26 11:15:23 +00:00
Maxim Dounin
0c88994a03 Fixed interaction of limit_rate and sendfile_max_chunk.
It's possible that configured limit_rate will permit more bytes per
single operation than sendfile_max_chunk.  To protect disk from takeover
by a single client it is necessary to apply sendfile_max_chunk as a limit
regardless of configured limit_rate.

See here for report (in Russian):
http://mailman.nginx.org/pipermail/nginx-ru/2010-March/032806.html
2011-12-26 10:51:24 +00:00
Maxim Dounin
41a77d183c Fixed throughput problems with large limit_rate.
Previous attempt to fix this was in r1658 (0.6.18), though that one wasn't
enough (it was a noop).
2011-12-26 10:49:57 +00:00
Maxim Dounin
6a56732e98 Fixed mp4 if first entry in stsc was skipped (ticket #72).
If first entry in stsc atom was skipped, and seek was to chunk boundary,
than first_chunk in the generated stsc table wasn't set to 1.
2011-12-26 10:49:03 +00:00
Valentin Bartenev
b65597ecd5 SSI: added regex captures support in the expression of the "if" command. 2011-12-25 20:08:37 +00:00
Valentin Bartenev
39f01e526f Fixed limit_conn_log_level/limit_req_log_level inheritance.
The directives did not work if there were no limit_conn/limit_req specified on
the same level.
2011-12-25 19:32:31 +00:00
Maxim Dounin
aa4492612b Proxy: made proxy_pass with variables more consistent.
If proxy_pass was used with variables and there was no URI component,
nginx always used unparsed URI.  This isn't consistent with "no variables"
case, where e.g. rewrites are applied even if there is no URI component.

Fix is to use the same logic in both cases, i.e. only use unparsed URI if
it's valid and request is the main one.
2011-12-23 16:04:09 +00:00
Maxim Dounin
d79f4523f8 Added clearing of r->valid_unparsed_uri on internal redirects.
This resolves issue with try_files (see ticket #70), configuration like

   location / { try_files $uri /index.php; }
   location /index.php { proxy_pass http://backend; }

caused nginx to use original request uri in a request to a backend.

Historically, not clearing of the r->valid_unparsed_uri on internal redirect
was a feature: it allowed to pass the same request to (another) upstream
server via error_page redirection.  Since then named locations appeared
though, and it's time to start resetting r->valid_unparsed_uri on internal
redirects.  Configurations still using this feature should be converted
to use named locations instead.

Patch by Lanshun Zhou.
2011-12-19 14:11:48 +00:00
Valentin Bartenev
c5968a998c SSI bugfix: the "if" command did not work inside the "block" command and
produced parsing errors.
2011-12-19 13:28:22 +00:00
Maxim Dounin
8a85ab8e20 Scgi: removed error if there is no Status header.
The SCGI specification doesn't specify format of the response, and assuming
CGI specs should be used there is no reason to complain.  RFC 3875
explicitly states that "A Status header field is optional, and status
200 'OK' is assumed if it is omitted".
2011-12-19 11:25:40 +00:00
Maxim Dounin
32e2038026 Scgi: removed duplicate function declaration. 2011-12-19 11:24:32 +00:00
Maxim Dounin
4d1e32d9d8 Fixed incorrect use of r->http_version in scgi module.
The r->http_version is a version of client's request, and modules must
not set it unless they are really willing to downgrade protocol version
used for a response (i.e. to HTTP/0.9 if no response headers are available).
In neither case r->http_version may be upgraded.

The former code downgraded response from HTTP/1.1 to HTTP/1.0 for no reason,
causing various problems (see ticket #66).  It was also possible that
HTTP/0.9 requests were upgraded to HTTP/1.0.
2011-12-19 11:23:16 +00:00
Maxim Dounin
afb7f22c03 Version bump. 2011-12-19 11:21:46 +00:00
Maxim Dounin
614a7ef18d Cache: only complain on long locked entries.
There have been multiple reports of cases where a real locked entry was
removed, resulting in a segmentation fault later in a worker which locked
the entry.  It looks like default inactive timeout isn't enough in real
life.

For now just ignore such locked entries, and move them to the top of the
inactive queue to allow processing of other entries.
2011-12-12 10:49:14 +00:00
Maxim Dounin
64a9f70092 Cache: handling of cache files with long headers.
There are two possible situations which can lead to this: response was
cached with bigger proxy_buffer_size value (and nginx was restared since
then, i.e. shared memory zone content was lost), or due to the race in
the cache update code (see [1]) we've end up with fcn->body_start from
a different response stored in shared memory zone.

[1] http://mailman.nginx.org/pipermail/nginx-devel/2011-September/001287.html
2011-12-12 10:47:48 +00:00
Maxim Dounin
b839e6febb Cache: obsolete code removed.
The ngx_http_cache() and ngx_http_no_cache_set_slot() functions were replaced
by ngx_http_test_predicates() and ngx_http_set_predicate_slot() in 0.8.46 and
no longer used since then.
2011-12-12 10:46:43 +00:00
Ruslan Ermilov
f28b7e8ef3 Renamed some constants to improve readability, no functional changes. 2011-12-12 10:45:05 +00:00
Valentin Bartenev
0be9554bda Proxy: added variables and regexp support to the first parameter of
the "proxy_redirect" directive.
2011-12-12 09:02:29 +00:00
Valentin Bartenev
8d3ef1a3b3 Fixed: some of $sent_http_* variables may contain header entries that actually
haven't been sent to a client.

The ngx_http_variable_headers() and ngx_http_variable_unknown_header() functions
did not ignore response header entries with zero "hash" field.

Thanks to Yichun Zhang (agentzh).
2011-12-09 16:17:12 +00:00
Valentin Bartenev
247332a1e2 Added the $https variable. 2011-12-09 14:38:11 +00:00
Valentin Bartenev
df54c36d90 SCGI: added "if_not_empty" flag support to the "scgi_param" directive. 2011-12-09 14:03:06 +00:00
Valentin Bartenev
582b5319b7 uwsgi: added "if_not_empty" flag support to the "uwsgi_param" directive. 2011-12-09 13:47:04 +00:00
Valentin Bartenev
a826eb6720 FastCGI: added "if_not_empty" flag support to the "fastcgi_param" directive. 2011-12-09 13:32:51 +00:00
Valentin Bartenev
50546b26d9 Added the ngx_http_upstream_param_set_slot(). 2011-12-09 13:19:57 +00:00
Ruslan Ermilov
59a2b77039 - Improved error message when parsing of the "buffer" parameter of the
"access_log" directive fails.

- Added a warning if "log_format" is used in contexts other than "http".
2011-12-06 21:07:10 +00:00
Maxim Dounin
8618370487 Fix for read_head with try_files and open_file_cache.
The of.read_ahead wasn't set in try_files code path, causing read_ahead
directive to be a nop if try_files and open_file_cache were used.
2011-12-06 13:23:37 +00:00
Maxim Dounin
08f2256b29 Version bump. 2011-12-06 13:22:32 +00:00
Valentin Bartenev
92edf47ff9 Added the "so_keepalive=" parameter to the "listen" directive.
The "so_keepalive" directive in mail module was deprecated.

Thanks to Vsevolod Stakhov for initial work.
2011-12-05 08:06:15 +00:00
Maxim Dounin
b99492595c Version bump. 2011-11-29 17:25:31 +00:00
Maxim Dounin
1d13c0dd34 Allowed add_header for proxied 206 replies.
It was working for nginx's own 206 replies as they are seen as 200 in the
headers filter module (range filter goes later in the headers filter chain),
but not for proxied replies.
2011-11-28 10:00:47 +00:00
Valentin Bartenev
1373558163 Added support for IP-literal in the Host header and request line (ticket #1).
Additional parsing logic added to correctly handle RFC 3986 compliant IPv6 and
IPvFuture characters enclosed in square brackets.

The host validation was completely rewritten. The behavior for non IP literals
was changed in a more proper and safer way:

 - Host part is now delimited either by the first colon or by the end of string
   if there's no colon. Previously the last colon was used as delimiter which
   allowed substitution of a port number in the $host variable.
   (e.g. Host: 127.0.0.1:9000:80)

 - Fixed stripping of the ending dot in the Host header when the host was also
   followed by a port number.
   (e.g. Host: nginx.com.:80)

 - Fixed upper case characters detection. Previously it was broken which led to
   wasting memory and CPU.
2011-11-28 09:15:33 +00:00
Ruslan Ermilov
1e5f239170 Fixed "rotate" to always work when combined with "resize/crop". 2011-11-23 10:22:44 +00:00
Ruslan Ermilov
ca2cce23cc Cosmetics. 2011-11-23 10:16:30 +00:00
Igor Sysoev
79df789b47 Fix of mp4 module seeking. 2011-11-23 07:22:15 +00:00
Maxim Dounin
0560ae55bc Fixed segfault on ssl servers without cert with SNI (ticket #54).
Non-default servers may not have ssl context created if there are no
certificate defined.  Make sure to check if ssl context present before
using it.
2011-11-22 16:27:45 +00:00
Ruslan Ermilov
1725621e8a Fixed "keepalive_disable".
Patch by Alexander Usov.  The bug has been introduced in r4267.
2011-11-21 07:31:59 +00:00
Maxim Dounin
e0c1a63028 Upstream: don't cache unfinished responses.
Check if received data length match Content-Length header (if present),
don't cache response if no match found.  This prevents caching of corrupted
response in case of premature connection close by upstream.
2011-11-18 15:09:08 +00:00
Maxim Dounin
5eef168a22 Fixed flv header to match specification.
Used "\x5" in 5th byte to claim presence of both audio and video.  Used
previous tag size 0 in the beginning of the flv body (bytes 10 .. 13) as
required by specification (see http://www.adobe.com/devnet/f4v.html).

Patch by Piotr Sikora.
2011-11-18 14:41:01 +00:00
Valentin Bartenev
963315aca0 Fixed incorrect counting the length of headers in a SCGI request. 2011-11-16 12:51:27 +00:00
Maxim Dounin
2fd9b49334 Version bump. 2011-11-15 20:33:37 +00:00
Igor Sysoev
dd4490c4e4 Fix of "Content-Length" header of MP4 response if start argument was used.
Patch by Piotr Sikora.
2011-11-14 14:42:48 +00:00
Valentin Bartenev
255e20ad21 Renamed ngx_http_limit_zone_module to ngx_http_limit_conn_module. 2011-11-14 14:04:42 +00:00
Maxim Dounin
030523dff0 Fixed fastcgi/scgi/uwsgi_param inheritance.
The following problems were fixed:

1. Directive fastcgi_cache affected headers sent to backends in unrelated
   servers / locations (see ticket #45).

2. If-Unmodified-Since, If-Match and If-Range headers were sent to backends
   if fastcgi_cache was used.

3. Cache-related headers were sent to backends if there were no fastcgi_param
   directives and fastcgi_cache was used at server level.
2011-11-14 13:26:18 +00:00
Maxim Dounin
ca01f46103 Separate functions to merge fastcgi/scgi/uwsgi params.
No functional changes.
2011-11-14 13:24:43 +00:00
Maxim Dounin
86a851907b Fixed Upgrade header clearing with proxy_cache.
This was missed in proxy HTTP/1.1 support commit (r4127).
2011-11-14 13:21:10 +00:00
Maxim Dounin
962727b259 Fixed proxy_set_header inheritance with proxy_set_body. 2011-11-14 13:19:56 +00:00
Maxim Dounin
b5984de06b Fixed proxy_set_header inheritance with proxy_cache (ticket #45).
Headers cleared with cache enabled (If-Modified-Since etc.) might be cleared
in unrelated servers/locations without proxy_cache enabled if proxy_cache was
used in some server/location.

Example config which triggered the problem:

    proxy_set_header X-Test "test";
    server { location /1 { proxy_cache name; proxy_pass ... } }
    server { location /2 { proxy_pass ... } }

Another one:

    server {
        proxy_cache name;
        location /1 { proxy_pass ... }
        location /2 { proxy_cache off; proxy_pass ... }
    }

In both cases If-Modified-Since header wasn't sent to backend in location /2.

Fix is to not modify conf->headers_source, but instead merge user-supplied
headers from conf->headers_source and default headers (either cache or not)
into separate headers_merged array.
2011-11-14 13:18:15 +00:00
Sergey Budnevitch
66a60a62cc Fixed NGX_CONF_TAKE1/NGX_CONF_FLAG misuse. 2011-11-14 09:12:15 +00:00
Valentin Bartenev
1dbd331849 Limit zone: added the "limit_conn_zone" directive.
It supersedes old "limit_zone" directive (deprecated accordingly) and uses
syntax consistent with the "limit_req_zone" directive.
2011-11-10 16:25:08 +00:00
Valentin Bartenev
aaf5a5772f Limit zone: support for multiple "limit_conn" limits. 2011-11-10 16:08:13 +00:00
Valentin Bartenev
54660dcf74 Limit zone: rbtree lookup moved to a separate function.
No functional changes.
2011-11-10 15:51:55 +00:00
Ruslan Ermilov
2f37fbc8f9 Changed error message to be more appropriate in the imaginary
"open_file_cache max=0" case.
2011-11-10 09:13:09 +00:00
Igor Sysoev
d0bcad3445 Fix of "keepalive_disable" directive. 2011-11-08 13:48:23 +00:00
Igor Sysoev
a8963fbbcf The "image_filter_sharpen" directive. 2011-11-08 13:17:14 +00:00
Igor Sysoev
ff2bee1fa9 Ancient incomplete ngx_http_status_module removal. 2011-11-01 15:16:28 +00:00
Igor Sysoev
0d03a44aab Version bump. 2011-11-01 15:10:46 +00:00
Maxim Dounin
ca495238bd Fixed segfault on configuration testing with ssl (ticket #37).
The following config caused segmentation fault due to conf->file not
being properly set if "ssl on" was inherited from the http level:

http {
    ssl on;
    server {
    }
}
2011-10-31 09:57:14 +00:00
Igor Sysoev
620718102b Support of several servers in the "resolver" directive.
Patch by Kirill A. Korinskiy.
2011-10-24 16:09:05 +00:00
Maxim Dounin
b167c46ca2 Fixed "expires @time" with unknown last modified time (ticket #32). 2011-10-17 17:32:08 +00:00
Maxim Dounin
81b43370d5 Fixed "expires @00h". 2011-10-17 17:30:18 +00:00
Igor Sysoev
6242f77617 Version bump. 2011-10-17 15:39:59 +00:00
Maxim Dounin
31f5a59fae Added clearing of modules' contexts in ngx_http_named_location().
Patch by Yichun Zhang (agentzh).
2011-10-15 21:42:03 +00:00
Igor Sysoev
d51bcf6f63 Skipping location rewrite phase for server null location. 2011-10-13 12:43:22 +00:00
Maxim Dounin
b713e480ca Better recheck of dead upstream servers.
Previously nginx used to mark backend again as live as soon as fail_timeout
passes (10s by default) since last failure.  On the other hand, detecting
dead backend takes up to 60s (proxy_connect_timeout) in typical situation
"backend is down and doesn't respond to any packets".  This resulted in
suboptimal behaviour in the above situation (up to 23% of requests were
directed to dead backend with default settings).

More detailed description of the problem may be found here (in Russian):
http://mailman.nginx.org/pipermail/nginx-ru/2011-August/042172.html

Fix is to only allow one request after fail_timeout passes, and
mark backend as "live" only if this request succeeds.

Note that with new code backend will not be marked "live" unless "check"
request is completed, and this may take a while in some specific workloads
(e.g. streaming).  This is believed to be acceptable.
2011-10-12 14:22:48 +00:00
Maxim Dounin
72df0f400a Clear old Location header (if any) while adding a new one.
This prevents incorrect behaviour when another redirect is issued within
error_page 302 handler.
2011-10-12 13:28:03 +00:00
Maxim Dounin
8650c1eb24 Wording fix, "many data" is incorrect.
Noted by Piotr Sikora.
2011-10-12 13:24:59 +00:00
Ruslan Ermilov
fc55962698 Fixed two minor bugs in "types" parsing code. 2011-10-12 09:36:21 +00:00
Ruslan Ermilov
b5c3336e3e Fixed grammar in a comment. 2011-10-12 09:34:53 +00:00
Ruslan Ermilov
dce7a0c00f Replaced magic constants representing default values of some directives
with appropriate #define's.
2011-10-12 09:33:43 +00:00
Ruslan Ermilov
51a2423633 Stylistic change in checking the boolean expression. 2011-10-12 09:27:34 +00:00
Igor Sysoev
bfe7be45b8 Preallocating exact number of default MIME types entries. 2011-10-12 09:19:57 +00:00
Ruslan Ermilov
c8fdda4c2f Removed old warning that suggested to use "server_name_in_redirect off"
(now the default) in place of no longer supported "server_name *".
2011-10-12 07:20:20 +00:00
Maxim Dounin
b8203e46a0 Additional headers for proxy/fastcgi/uwsgi/scgi_ignore_headers.
Now the following headers may be ignored as well: X-Accel-Limit-Rate,
X-Accel-Buffering, X-Accel-Charset.
2011-10-11 18:10:49 +00:00
Maxim Dounin
012e6b6378 Handling of Content-Encoding set from perl.
This fixes double gzipping in case of gzip filter being enabled while perl
returns already gzipped response.
2011-10-11 18:01:38 +00:00
Maxim Dounin
0f5f4cb180 Fix for socket leak with "aio sendfile" and "limit_rate".
Second aio post happened when timer set by limit_rate expired while we have
aio request in flight, resulting in "second aio post" alert and socket leak.

The patch adds actual protection from aio calls with r->aio already set to
aio sendfile code in ngx_http_copy_filter().  This should fix other cases
as well, e.g. when sending buffered to disk upstream replies while still
talking to upstream.

The ngx_http_writer() is also fixed to handle the above case (though it's
mostly optimization now).

Reported by Oleksandr V. Typlyns'kyi.
2011-10-11 18:00:23 +00:00
Maxim Dounin
b7af402cc4 Fix for connection drops with AIO.
Connections serving content with AIO to fast clients were dropped with
"client timed out" messages after send_timeout from response start.
2011-10-11 17:58:51 +00:00
Maxim Dounin
5cc1fb1d5b Autoindex: escape html in file names. 2011-10-11 17:57:41 +00:00
Maxim Dounin
6226fe3512 Autoindex: escape '?' in file names.
For files with '?' in their names autoindex generated links with '?' not
escaped.  This resulted in effectively truncated links as '?' indicates
query string start.

This is an updated version of the patch originally posted at [1].  It
introduces generic NGX_ESCAPE_URI_COMPONENT which escapes everything but
unreserved characters as per RFC 3986.  This approach also renders unneeded
special colon processing (as colon is percent-encoded now), it's dropped
accordingly.

[1] http://nginx.org/pipermail/nginx-devel/2010-February/000112.html

Reported by Konstantin Leonov.
2011-10-11 17:56:51 +00:00
Maxim Dounin
e3d6c5a33c Improved access log escaping to better protect other software.
Some character sets (notably ISO-8859-1) have C1 control characters in
upper half, make sure to escape them.

Reported by Jesus Olmos Gonzalez.
2011-10-11 17:54:38 +00:00
Igor Sysoev
0d19f020ba Fixing directive name in error message if types hash size is not enough. 2011-10-11 11:11:44 +00:00
Igor Sysoev
840ef3980c Fixing mp4 module seeking on 32-bit platforms. 2011-10-11 10:12:44 +00:00
Ruslan Ermilov
2fdb547f3a Fixed macro name. 2011-10-10 08:38:28 +00:00
Igor Sysoev
3f34960fde Version bump. 2011-10-07 10:41:13 +00:00
Ruslan Ermilov
6e86fb02d6 Tweaked error messages. 2011-10-07 07:57:24 +00:00
Igor Sysoev
ab0078a4c8 Version bump. 2011-10-05 13:13:25 +00:00
Maxim Dounin
20139ff13a Fixed cache bypass caching of non-cacheable replies (ticket #21).
If cache was bypassed with proxy_cache_bypass, cache-controlling headers
(Cache-Control, Expires) wasn't considered and response was cached even
if it was actually non-cacheable.

Patch by John Ferlito.
2011-10-05 10:14:21 +00:00
Maxim Dounin
3aba768855 Added uwsgi_buffering and scgi_buffering directives.
Patch by Peter Smit.
2011-09-30 11:53:27 +00:00
Igor Sysoev
f3ae6a6102 Using strtod() instead of atofp() to support a lot of digits after dot in
"start" parameter value.
2011-09-30 09:18:28 +00:00
Igor Sysoev
a40e7eed30 Fix of building on platforms with 32-bit off_t. (closed #23) 2011-09-29 15:19:36 +00:00
Maxim Dounin
5cc90f309d Fixed segmentation fault with empty config on Windows.
See here for report:
http://mailman.nginx.org/pipermail/nginx-ru/2011-September/043288.html
2011-09-27 12:07:09 +00:00
Maxim Dounin
554768dabb Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). 2011-09-27 12:06:07 +00:00
Maxim Dounin
886c6295ee Better handling of late upstream creation.
Configuration with duplicate upstream blocks defined after first use, i.e.
like

    server {
        ...
        location / {
            proxy_pass http://backend;
        }
    }

    upstream backend { ... }
    upstream backend { ... }

now correctly results in "duplicate upstream" error.

Additionally, upstream blocks defined after first use now handle various
server directive parameters ("weight", "max_fails", etc.).  Previously
configuration like

    server {
        ...
        location / {
            proxy_pass http://backend;
        }
    }

    upstream backend {
        server 127.0.0.1 max_fails=5;
    }

incorrectly resulted in "invalid parameter "max_fails=5"" error.
2011-09-27 11:18:51 +00:00
Maxim Dounin
b16918ed08 Cache: fix for sending of stale responses.
For normal cached responses ngx_http_cache_send() sends last buffer and then
request finalized via ngx_http_finalize_request() call, i.e. everything is
ok.

But for stale responses (i.e. when upstream died, but we have something in
cache) the same ngx_http_cache_send() sends last buffer, but then in
ngx_http_upstream_finalize_request() another last buffer is send.  This
causes duplicate final chunk to appear if chunked encoding is used (and
resulting problems with keepalive connections and so on).

Fix this by not sending in ngx_http_upstream_finalize_request()
another last buffer if we know response was from cache.
2011-09-27 11:17:11 +00:00
Maxim Dounin
84c58a30e6 Cache: fix for sending of empty responses.
Revert wrong fix for empty responses introduced in 0.8.31 and apply new one,
rewritten to match things done by static module as close as possible.
2011-09-27 11:15:35 +00:00
Maxim Dounin
4a3884ae56 Incorrect special case for "return 204" removed.
The special case in question leads to replies without body in
configuration like

    location / { error_page 404 /zero; return 404; }
    location /zero { return 204; }

while replies with empty body are expected per protocol specs.

Correct one will look like

    if (status == NGX_HTTP_NO_CONTENT) {

        rc = ngx_http_send_header(r);

        if (rc == NGX_ERROR || r->header_only) {
            return rc;
        }

        return ngx_http_send_special(r, NGX_HTTP_LAST);
    }

though it looks like it's better to drop this special case at all.
2011-09-27 11:14:02 +00:00
Maxim Dounin
77ca973d11 Fix for "return 202" not discarding body.
Big POST (not fully preread) to a

    location / {
        return 202;
    }

resulted in incorrect behaviour due to "return" code path not calling
ngx_http_discard_request_body().  The same applies to all "return" used
with 2xx/3xx codes except 201 and 204, and to all "return ... text" uses.

Fix is to add ngx_http_discard_request_body() call to ngx_http_send_response()
function where it looks appropriate.  Discard body call from emtpy gif module
removed as it's now redundant.

Reported by Pyry Hakulinen, see
http://mailman.nginx.org/pipermail/nginx/2011-August/028503.html
2011-09-27 11:13:00 +00:00
Maxim Dounin
ad5ef15e08 Fix for double content when return is used in error_page handler.
Test case:

   location / {
       error_page 405 /nope;
       return 405;
   }

   location /nope {
       return 200;
   }

This is expected to return 405 with empty body, but in 0.8.42+ will return
builtin 405 error page as well (though not counted in Content-Length, thus
breaking protocol).

Fix is to use status provided by rewrite script execution in case
it's less than NGX_HTTP_BAD_REQUEST even if r->error_status set.  This
check is in line with one in ngx_http_script_return_code().

Note that this patch also changes behaviour for "return 302 ..." and
"rewrite ... redirect" used as error handler.  E.g.

    location / {
        error_page 405 /redirect;
        return 405;
    }

    location /redirect {
        rewrite ^ http://example.com/;
    }

will actually return redirect to "http://example.com/" instead of builtin 405
error page with meaningless Location header.  This looks like correct change
and it's in line with what happens on e.g. directory redirects in error
handlers.
2011-09-27 11:11:30 +00:00
Maxim Dounin
bfb42ad97c Fix for incorrect 201 replies from dav module.
Replies with 201 code contain body, and we should clearly indicate it's
empty if it's empty.  Before 0.8.32 chunked was explicitly disabled for
201 replies and as a result empty body was indicated by connection close
(not perfect, but worked).  Since 0.8.32 chunked is enabled, and this
causes incorrect responses from dav module when HTTP/1.1 is used: with
"Transfer-Encoding: chunked" but no chunks at all.

Fix is to actually return empty body in special response handler instead
of abusing r->header_only flag.

See here for initial report:
http://mailman.nginx.org/pipermail/nginx-ru/2010-October/037535.html
2011-09-27 11:09:55 +00:00
Maxim Dounin
5c56f20ae7 Proxy: logging levels tuned, double logging fixed. 2011-09-25 20:04:20 +00:00
Maxim Dounin
aa12f3c7f3 Proxy: whitespaces after chunk size allowed.
Whitespaces after chunk size seems to be be allowed by the "implied *LWS" rule
and emitted by some servers.
2011-09-25 20:03:27 +00:00
Maxim Dounin
28b001f897 Upstream: clearing of u->peer.connection on close.
This fixes crashes observed with some 3rd party balancer modules.  Standard
balancer modules (round-robin and ip hash) explicitly set pc->connection
(aka u->peer.connection) to NULL and aren't affected.
2011-09-25 20:00:36 +00:00
Ruslan Ermilov
b1565cf96b Fixed error message. 2011-09-23 20:15:27 +00:00
Maxim Dounin
afe2e3d082 Fix of separate pool for upstream connections (r4117).
Pool may not be created if connection was created but rejected in connect()
call.  Make sure to check if it is here before trying to destroy it.
2011-09-20 10:00:46 +00:00
Maxim Dounin
d1b9a0388d Fixed loss of chain links in fastcgi module. 2011-09-20 09:56:05 +00:00
Ruslan Ermilov
a823c550e4 Replaced "can not" with "cannot" and "could not" in a bunch of places.
Fixed nearby grammar errors.
2011-09-19 14:48:29 +00:00
Ruslan Ermilov
3b7ed02583 Cosmetics: replaced NGX_CONF_TAKE1 to NGX_CONF_FLAG for "sendfile"
and "chunked_transfer_encoding" directives, to be in line with all
directives taking a boolean argument.  Both flags will ensure that
a directive takes one argument.
2011-09-19 12:41:13 +00:00
Ruslan Ermilov
5d4aed0175 Overhauled diagnostic messages. 2011-09-19 12:37:22 +00:00
Maxim Dounin
c6353a5654 Trailing space fix. 2011-09-16 12:08:52 +00:00
Maxim Dounin
44002e541f Upstream keepalive module. 2011-09-15 19:28:18 +00:00
Maxim Dounin
2fe0a7a0f6 Proxy: basic HTTP/1.1 support (including keepalive).
By default we still send requests using HTTP/1.0.  This may be changed with
new proxy_http_version directive.
2011-09-15 19:23:20 +00:00
Maxim Dounin
f2fcf11b25 Protocol version parsing in ngx_http_parse_status_line().
Once we know protocol version, set u->headers_in.connection_close to indicate
implicitly assumed connection close with HTTP before 1.1.
2011-09-15 19:22:35 +00:00
Maxim Dounin
f84c69a301 Upstream: Connection header processing. 2011-09-15 19:21:19 +00:00
Maxim Dounin
4686f30a0c Upstream: Transfer-Encoding header processing. 2011-09-15 19:20:08 +00:00
Maxim Dounin
2da36b30c3 Keepalive support in fastcgi.
By default follow the old behaviour, i.e. FASTCGI_KEEP_CONN flag isn't set
in request and application is responsible for closing connection once request
is done.  To keep connections alive fastcgi_keep_conn must be activated.
2011-09-15 19:05:23 +00:00
Maxim Dounin
05552a23a2 Keepalive support in memcached. 2011-09-15 19:04:25 +00:00
Maxim Dounin
2d6be3fe93 Upstream: keepalive flag.
This patch introduces r->upstream->keepalive flag, which is set by protocol
handlers if connection to upstream is in good state and can be kept alive.
2011-09-15 19:03:15 +00:00
Maxim Dounin
a746bab7c1 Upstream: pipe length and input_filter_init in buffered mode.
As long as ngx_event_pipe() has more data read from upstream than specified
in p->length it's passed to input filter even if buffer isn't yet full.  This
allows to process data with known length without relying on connection close
to signal data end.

By default p->length is set to -1 in upstream module, i.e. end of data is
indicated by connection close.  To set it from per-protocol handlers upstream
input_filter_init() now called in buffered mode (as well as in
unbuffered mode).
2011-09-15 19:00:47 +00:00
Maxim Dounin
ffe4f11417 Upstream: r->upstream->length type change to off_t.
Previous use of size_t may cause wierd effects on 32bit platforms with certain
big responses transferred in unbuffered mode.

Nuke "if (size > u->length)" check as it's not usefull anyway (preread
body data isn't subject to this check) and now requires additional check
for u->length being positive.
2011-09-15 18:43:19 +00:00
Maxim Dounin
e19f005daf Upstream: content_length_n API change.
We no longer use r->headers_out.content_length_n as a primary source of
backend's response length.  Instead we parse response length to
u->headers_in.content_length_n and copy to r->headers_out.content_length_n
when needed.
2011-09-15 18:33:43 +00:00
Maxim Dounin
360ed25d65 Upstream: separate pool for peer connections.
This is required to support persistent https connections as various ssl
structures are allocated from connection's pool.
2011-09-15 18:21:24 +00:00
Maxim Dounin
c42c70f478 Workaround for cpu hog on errors with cached connections.
Just doing another connect isn't safe as peer.get() may expect peer.tries
to be strictly positive (this is the case e.g. with round robin with multiple
upstream servers).  Increment peer.tries to at least avoid cpu hog in
round robin balancer (with the patch alert will be seen instead).

This is not enough to fully address the problem though, hence TODO.  We
should be able to inform balancer that the error wasn't considered fatal
and it may make sense to retry the same peer.
2011-09-15 18:12:58 +00:00
Maxim Dounin
d7c2673d3f API change: ngx_chain_update_chains() now requires pool.
The ngx_chain_update_chains() needs pool to free chain links used for buffers
with non-matching tags.  Providing one helps to reduce memory consumption
for long-lived requests.
2011-09-15 16:03:17 +00:00
Maxim Dounin
a890b313f3 Buffers reuse in chunked filter.
There were 2 buffers allocated on each buffer chain sent through chunked
filter (one buffer for chunk size, another one for trailing CRLF, about
120 bytes in total on 32-bit platforms).  This resulted in large memory
consumption with long-lived requests sending many buffer chains.  Usual
example of problematic scenario is streaming though proxy with
proxy_buffering set to off.

Introduced buffers reuse reduces memory consumption in the above problematic
scenario.

See here for initial report:
http://mailman.nginx.org/pipermail/nginx/2010-April/019814.html
2011-09-15 15:25:42 +00:00
Igor Sysoev
57b4fdb6c8 MP4 co64 atom support added. 2011-09-15 13:23:03 +00:00
Igor Sysoev
c940f5fc99 Fix of struct field name. 2011-09-15 05:15:16 +00:00
Igor Sysoev
1fc9a8dec6 Style fix. 2011-09-14 15:26:11 +00:00
Igor Sysoev
acdac73688 Fixing building by gcc-4.7. 2011-09-14 15:25:46 +00:00
Igor Sysoev
4a383594fb Version bump. 2011-09-14 15:20:01 +00:00
Igor Sysoev
2cc42b74c7 Skipping traks with unsupported media formats. 2011-09-14 14:04:41 +00:00
Igor Sysoev
dcea2ce7d1 Fix of case when start sample does not reside on chunk boundary. 2011-09-14 05:16:20 +00:00
Igor Sysoev
f824fb47fe Fix of debug message format. 2011-09-12 15:15:00 +00:00
Igor Sysoev
d44855067d Fix of codec debug message. 2011-09-12 14:54:28 +00:00
Igor Sysoev
3d9ae84bf9 Fix of error message. 2011-09-12 14:46:06 +00:00
Igor Sysoev
7e8ee656a8 Fix of error message. 2011-09-12 13:06:22 +00:00
Igor Sysoev
e07a3577a9 mp4_max_moov_size directive has been renamed to mp4_max_buffer_size. 2011-09-12 09:38:04 +00:00
Igor Sysoev
b1c79a449e bugfix of r4086: nginx could not be built without debug log. 2011-09-09 11:56:49 +00:00
Igor Sysoev
5d01ac5af3 Bugfix of r4086: directio was always enabled if mp4 file was sent as is. 2011-09-09 11:13:55 +00:00
Igor Sysoev
dde4d7e300 ngx_http_mp4_module 2011-09-09 10:22:34 +00:00
Igor Sysoev
3a73e50498 Version bump. 2011-09-05 16:26:51 +00:00
Maxim Dounin
bfbbfc85df Bugfix: read event was not blocked after reading body.
Read event should be blocked after reading body, else undefined behaviour
might occur on additional client activity.  This fixes segmentation faults
observed with proxy_ignore_client_abort set.
2011-09-05 12:43:31 +00:00
Igor Sysoev
09be2f18c5 Now if client requests more ranges than "max_ranges" permits,
nginx disables ranges and returns just the source response.
2011-09-01 13:03:55 +00:00
Igor Sysoev
f560419c54 The "max_ranges" directive.
"max_ranges 0" disables ranges support at all,
"max_ranges 1" allows the single range, etc.
By default number of ranges is unlimited, to be precise, 2^31-1.
2011-08-31 09:40:55 +00:00
Igor Sysoev
e81c293289 Style fix: removal of tabs introduced in the previous commit. 2011-08-31 09:26:07 +00:00
Igor Sysoev
65b1592d02 *) fix of r4060: start value should be tested after the "found" label;
*) optimization: start value may be tested against end value only,
   since end value here may not be greater than content_length.
2011-08-30 20:34:58 +00:00
Igor Sysoev
1f3280bae2 Unsatisfiable range with start value greater than content length
was not properly skipped. The bug has been introduced in r4057.
2011-08-30 14:25:35 +00:00
Igor Sysoev
e766153451 ngx_http_range_parse() should be static. 2011-08-30 13:07:33 +00:00
Igor Sysoev
9162057731 Ranges processing small optimization. 2011-08-30 13:06:12 +00:00
Igor Sysoev
451df22b3f Now unsatisfiable ranges are processed according to RFC 2616. 2011-08-30 13:01:55 +00:00
Igor Sysoev
584703b84a Ranges processing small optimization. 2011-08-30 12:45:24 +00:00
Igor Sysoev
f2575bd878 Style fix. 2011-08-30 12:28:01 +00:00
Igor Sysoev
c2c3e3105f Now if total size of all ranges is greater than source response size,
then nginx disables ranges and returns just the source response.
This fix should not affect well-behaving applications but will defeat
DoS attempts exploiting malicious byte ranges.
2011-08-26 09:42:50 +00:00
Igor Sysoev
8b2bf08165 Cache size accounting fix: actual cache size on disk was less than
needed by sum of sizes of files loaded by worker processes themselves
while cache loader was running.

The bug has been introduced in r3900.
2011-08-25 17:29:34 +00:00
Maxim Dounin
fbc51e4c44 Better handling of various per-server ssl options with SNI.
SSL_set_SSL_CTX() doesn't touch values cached within ssl connection
structure, it only changes certificates (at least as of now, OpenSSL
1.0.0d and earlier).

As a result settings like ssl_verify_client, ssl_verify_depth,
ssl_prefer_server_ciphers are only configurable on per-socket basis while
with SNI it should be possible to specify them different for two servers
listening on the same socket.

Workaround is to explicitly re-apply settings we care about from context
to ssl connection in servername callback.

Note that SSL_clear_options() is only available in OpenSSL 0.9.8m+.  I.e.
with older versions it is not possible to clear ssl_prefer_server_ciphers
option if it's set in default server for a socket.
2011-08-23 14:36:31 +00:00
Igor Sysoev
631fa929d3 Version bump. 2011-08-23 14:22:34 +00:00
Igor Sysoev
0d18687b03 The change in adaptive loader behaviour introduced in r3975:
now cache loader processes either as many files as specified by loader_files
or works no more than time specified by loader_threshold during each iteration.

loader_threshold was previously used to decrease loader_files or
to increase loader_timeout and this might eventually result in
downgrading loader_files to 1 and increasing loader_timeout to large values
causing loading cache for forever.
2011-08-22 10:16:49 +00:00
Maxim Dounin
5a52d67a08 Fix ignored headers handling in fastcgi/scgi/uwsgi.
The bug had appeared in r3561 (fastcgi), r3638 (scgi), r3567 (uwsgi).
2011-08-19 20:11:39 +00:00
Maxim Dounin
b7fcb430c1 Upstream: properly allocate memory for tried flags.
Previous allocation only took into account number of non-backup servers, and
this caused memory corruption with many backup servers.

See report here:
http://mailman.nginx.org/pipermail/nginx/2011-May/026531.html
2011-08-18 17:04:52 +00:00
Maxim Dounin
624fbe94a2 Fixing cpu hog with all upstream servers marked "down".
The following configuration causes nginx to hog cpu due to infinite loop
in ngx_http_upstream_get_peer():

    upstream backend {
        server 127.0.0.1:8080 down;
        server 127.0.0.1:8080 down;
    }

    server {
       ...
       location / {
           proxy_pass http://backend;
       }
    }

Make sure we don't loop infinitely in ngx_http_upstream_get_peer() but stop
after resetting peer weights once.

Return 0 if we are stuck.  This is guaranteed to work as peer 0 always exists,
and eventually ngx_http_upstream_get_round_robin_peer() will do the right
thing falling back to backup servers or returning NGX_BUSY.
2011-08-18 16:52:38 +00:00
Maxim Dounin
9bc8fc4602 Fixing proxy_set_body and proxy_pass_request_body with SSL.
Flush flag wasn't set in constructed buffer and this prevented any data
from being actually sent to upstream due to SSL buffering.  Make sure
we always set flush in the last buffer we are going to sent.

See here for report:
http://nginx.org/pipermail/nginx-ru/2011-June/041552.html
2011-08-18 16:34:24 +00:00
Igor Sysoev
c4ff39ae2b Fix names of the referer hash size directives introduced in r3940. 2011-08-18 16:27:30 +00:00
Maxim Dounin
b09ceca261 Fix body with request_body_in_single_buf.
If there were preread data and request body was big enough first part
of the request body was duplicated.

See report here:
http://mailman.nginx.org/pipermail/nginx/2011-July/027756.html
2011-08-18 15:52:00 +00:00
Maxim Dounin
f48b451195 Correctly set body if it's preread and there are extra data.
Previously all available data was used as body, resulting in garbage after
real body e.g. in case of pipelined requests.  Make sure to use only as many
bytes as request's Content-Length specifies.
2011-08-18 15:27:57 +00:00
Igor Sysoev
de236d3a2c fix gzip quantity: "q=0." and "q=1." are valid values according to RFC 2011-08-05 08:51:29 +00:00
Igor Sysoev
48d17bca94 refactor gzip quantity introduced in r3981: it ignored "q=1.000" 2011-08-04 14:50:59 +00:00
Igor Sysoev
dfd81a23b2 A new fix for the case when ssl_session_cache defined, but ssl is not
enabled in any server. The previous r1033 does not help when unused zone
becomes used after reconfiguration, so it is backed out.

The initial thought was to make SSL modules independed from SSL implementation
and to keep OpenSSL code dependance as much as in separate files.
2011-08-04 11:12:30 +00:00
Igor Sysoev
c42be75569 removal of error message about %name log_format parameters,
they have been deleted long ago in 0.5.0-RELEASE
2011-08-03 16:01:36 +00:00
Igor Sysoev
7cce1cacaa fix typo introduced in r3985 2011-08-02 12:43:01 +00:00
Igor Sysoev
475a5dfcf1 bump version 2011-08-02 12:39:38 +00:00
Igor Sysoev
72a96bfdcb fix r3981 again for case "Accept-Encoding: gzip" 2011-08-01 14:38:09 +00:00
Igor Sysoev
21fd22d089 always set timer in discard body handler, this fixes the cases
when request for static file is redirected by error_page to an SSI page

patch by Maxim Dounin
2011-08-01 13:52:54 +00:00
Igor Sysoev
2505587b4d lingering_close "off|on|always"
patch by Maxim Dounin
2011-08-01 13:26:55 +00:00
Igor Sysoev
41c8a1d27f do not send RST on normal lingering close read timeout,
if reset_timedout_connection is on

patch by Maxim Dounin
2011-08-01 13:08:03 +00:00
Igor Sysoev
bd7dfe44c5 fix r3981 for case "Accept-Encoding: gzip" 2011-08-01 11:21:46 +00:00
Igor Sysoev
2f3668b59b enable lingering close for pipelined requests
patch by Maxim Dounin
2011-08-01 11:08:57 +00:00
Igor Sysoev
721f47ed3c Accept-Encoding refactoring: "gzip; q=0" support 2011-08-01 11:02:12 +00:00
Igor Sysoev
d743a2339e Accept-Encoding refactoring: test first the most common case "gzip," 2011-07-30 07:34:12 +00:00
Igor Sysoev
6652cc5962 Accept-Encoding refactoring: remove ancient MSIE 4.x test for gzip 2011-07-30 06:20:06 +00:00
Igor Sysoev
c9468026e7 test length of proxy_pass with variables
patch by Lanshun Zhou
2011-07-30 06:11:46 +00:00
Igor Sysoev
c2f852c260 update r3945 with more descriptive error message 2011-07-29 15:33:03 +00:00
Igor Sysoev
922f106582 loader_files, loader_sleep, and loader_threshold 2011-07-29 15:09:02 +00:00
Igor Sysoev
d5a25a4b97 set correct configuration file values while adding path
patch by Maxim Dounin
2011-07-25 10:22:38 +00:00
Igor Sysoev
1850ce09a1 rename ngx_http_file_cache_manager_sleep() to ngx_http_file_cache_loader_sleep()
and do not use it all in cache manager: this is a vestige of the times when
cache manager loaded cache
2011-07-25 09:45:00 +00:00
Igor Sysoev
d8ce166e2e do not close connection if cache file is too small: replace it with valid one 2011-07-24 20:04:47 +00:00
Igor Sysoev
c2cafadfa5 elimination of reading cache files by cache loader 2011-07-24 19:46:53 +00:00
Igor Sysoev
92161bac79 fix r3968 2011-07-24 19:43:52 +00:00
Igor Sysoev
6cb6fc4a09 update the previous commit:
removing dependencies on file uniq since WIN32_FIND_DATA has no such field
2011-07-24 17:36:26 +00:00
Igor Sysoev
c1250b6a49 The cache loader performs two tasks: inserting cache objects in inactivity
list and evaluating total cache size. Reading just directory is enough for
this purpose. Elimination of reading cache files saves at least one disk I/O
operation per file.

Preparation for elimination of reading cache files by cache loader:
removing dependencies on the reading:
*) cache node valid_sec and valid_msec are used only for caching errors;
*) upstream buffer size can be used instead of cache node body_start.
2011-07-24 16:47:31 +00:00
Igor Sysoev
bb389f6111 fuse two if's in one condition 2011-07-24 16:10:06 +00:00
Igor Sysoev
64d024605a style fix 2011-07-24 16:06:24 +00:00
Igor Sysoev
08b597592f do not try to reuse and save a SSL session for a peer created on the fly
by ngx_http_upstream_create_round_robin_peer(), since the peer lives
only during request so the saved SSL session will never be used again
and just causes memory leak

patch by Maxim Dounin
2011-07-22 16:30:17 +00:00
Igor Sysoev
a3741fb24d finalizing with rc == 0 in unbuffered proxy mode caused nginx to wait
for another send_timeout before actually closing client's connection
if client timed out while still talking to upstream server

patch by Maxim Dounin
2011-07-22 13:30:16 +00:00
Igor Sysoev
f39642a907 ECDHE support
patch by Adrian Kotelba
2011-07-20 15:42:40 +00:00
Igor Sysoev
e61ba26744 MSIE export versions are rare now, so RSA 512 key is generated on demand
and is shared among all hosts instead of pregenerating for every HTTPS host
on configuraiton phase. This decreases start time for configuration with
large number of HTTPS hosts.
2011-07-20 12:59:24 +00:00
Igor Sysoev
2551f4a55d bump version: 1.1.0 development version 2011-07-20 09:29:25 +00:00
Igor Sysoev
6c3c3bbe42 fix segfault if cache key is larger than upstream buffer size
patch by Lanshun Zhou
2011-07-19 11:24:16 +00:00
Igor Sysoev
82afb9cc86 $uid_reset 2011-07-19 11:21:50 +00:00
Igor Sysoev
a0202f26c6 fix r3756: release lock to allow other process to delete cache node
patch by Maxim Dounin
2011-07-19 10:35:02 +00:00
Igor Sysoev
87ee007022 revert r3935 and fix "stalled cache updating" alert
by freeing cache at upstream finalize phase
patch by Maxim Dounin
2011-06-28 13:26:08 +00:00
Igor Sysoev
f58154db2f referer_hash_max_size and referer_hash_bucket_size directives
patch by Witold Filipczyk
2011-06-28 10:40:44 +00:00
Igor Sysoev
8d7b1d222e use !aNULL to disable all anonymous cipher suites
patch by Rob Stradling
2011-06-27 15:47:51 +00:00
Igor Sysoev
0a860a1c1d bump version 2011-06-27 15:34:44 +00:00
Igor Sysoev
1788ec0c48 fix "stalled cache updating" alert,
when non-cachable HEAD response did not not free an expired cache node
2011-06-01 08:02:34 +00:00
Igor Sysoev
5343bf3221 revert r3875 since now map uses case sensetive regexes by default 2011-05-30 14:24:17 +00:00
Igor Sysoev
53d05b969b change ngx_http_map_find(): use case sensitive regexes 2011-05-30 12:36:17 +00:00
Igor Sysoev
ce2229e2f7 bump version 2011-05-26 07:31:40 +00:00
Igor Sysoev
5dc5945ccf "$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
patch by Maxim Dounin
2011-05-16 14:54:50 +00:00
Igor Sysoev
ffc7271250 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined 2011-05-16 14:01:23 +00:00
Igor Sysoev
529b5f1938 support IPv4 mapped to IPv6 in geo module 2011-05-16 13:54:42 +00:00
Igor Sysoev
dd39f60014 support IPv4 mapped to IPv6 in geoip module 2011-05-16 13:50:58 +00:00
Igor Sysoev
868db976d7 fix debug logging 2011-05-13 10:06:56 +00:00
Igor Sysoev
0d6283918f fix a broken cached response if bypass/no_cache directive values are different,
the bug has been introduced in r3700
2011-05-13 10:05:38 +00:00
Igor Sysoev
50733a53ec geoip_org
patch by Alexander Uskov
2011-05-11 09:34:21 +00:00
Igor Sysoev
20b52bec63 fix typo 2011-05-11 09:25:37 +00:00
Igor Sysoev
dc336358ab bump version 2011-05-11 09:19:48 +00:00
Igor Sysoev
49ae93034d gdImageCopyRotated() may images of even height or width
patch by Adam Bocim
2011-05-10 12:04:57 +00:00
Igor Sysoev
e691d94a39 bump version 2011-05-04 12:20:32 +00:00
Igor Sysoev
eecc540da8 test zero value in an "if" directive consistently with predicates fixed in r3894
thanks to Maxim Dounin
2011-05-03 09:52:27 +00:00
Igor Sysoev
ef1f33b0db Use more precise stat.st_blocks to account cache size on Unix
instead of file length rounded to a file system block size.
There is no similar way on Windows, so rounding to a cache->bsize is kept.
2011-04-22 10:06:43 +00:00
Igor Sysoev
64efecc2b5 allow to use $upstream_... variables in SSI 2011-04-21 10:07:07 +00:00
Igor Sysoev
423ee58e76 fix r3713
thanks to Igor A. Valcov
2011-04-19 12:29:16 +00:00
Igor Sysoev
14fe2dd94a values starting with '0' were incorrectly assumed to be false
patch by Maxim Dounin
2011-04-15 12:24:18 +00:00
Igor Sysoev
432760ee4d use MurmurHash2 for split_clients, because
its distribution is much better than CRC32's one
2011-04-15 10:59:57 +00:00
Igor Sysoev
0bd0b2894c bump version 2011-04-15 10:58:44 +00:00
Igor Sysoev
d63104eea4 use memmove() in appropriate places 2011-04-12 08:02:46 +00:00
Igor Sysoev
d80bcbcd0f "satisfy any" disabled custom 401 error page 2011-04-11 14:17:31 +00:00
Igor Sysoev
711eeb8514 fix CPU hog in cache manager
patch by Maxim Dounin
2011-04-08 15:27:53 +00:00
Igor Sysoev
ea38fe54bd fix "image_filter rotate 180" and crop case
the bug has been introduced in r3879
2011-04-07 09:12:30 +00:00
Igor Sysoev
f352259dd6 bump version 2011-04-07 09:08:52 +00:00
Igor Sysoev
4956ac5108 reuse keepalive connections if there are no free worker connections
patch by Maxim Dounin
2011-04-04 12:26:53 +00:00
Igor Sysoev
fde7d51392 fix case when a host in fastcgi_pass, scgi_pass, and uwsgi_pass
is given by expression and refers to a defined upstream
2011-04-04 10:43:21 +00:00
Igor Sysoev
450c981ab9 image filter rotate
patch by Adam Bocim
2011-04-04 09:57:32 +00:00
Igor Sysoev
b8fb0a15a2 bump version 2011-04-04 09:46:00 +00:00
Igor Sysoev
921ac21acf map tests values in low case only, so caseless regex has no sense 2011-03-21 15:18:59 +00:00
Igor Sysoev
c9d671cd81 $time_iso8601 log variable
patch by Michael Lustfield
2011-03-16 15:46:57 +00:00
Igor Sysoev
0519b43a77 allow regex as "map" parameter 2011-03-16 15:32:31 +00:00
Igor Sysoev
22434e4c72 fix warnings 2011-02-21 11:44:26 +00:00
Igor Sysoev
2a526d4969 bump version 2011-02-21 10:03:28 +00:00
Igor Sysoev
b2492255f8 always test proxy_redirect with slash, this fixes a case when nginx uses
proxy_pass "http://www", upstream redirects to "http://www.host/uri",
and nginx rewrites it as ".host/uri"
patch by Maxim Dounin
2011-02-17 11:54:35 +00:00
Igor Sysoev
64d5f9ba26 fix "error_page 497 https://" case
patch by Maxim Dounin
the bug has been introduced in r3782
2011-02-01 16:18:55 +00:00
Igor Sysoev
eb1a344dd3 utf8 parameter of geoip_country and geoip_city
patch by Denis F. Latypoff
2011-01-27 12:51:59 +00:00
Igor Sysoev
ab54e21633 bump version 2011-01-27 12:43:11 +00:00
Igor Sysoev
8dbc8a97dd server_name $hostname 2011-01-20 15:31:24 +00:00
Igor Sysoev
d19c93d127 style fix: remove trailing spaces 2011-01-20 15:29:53 +00:00
Igor Sysoev
cfc5c25589 move setting conf->server_name in merge phase 2011-01-20 15:15:50 +00:00
Igor Sysoev
8e8251a317 fix large stderr handling without http cache
patch by Maxim Dounin
the bug has been introduced in r3461
2011-01-20 12:23:00 +00:00
Igor Sysoev
26cf2c96ea introduce 494 code "Request Header Too Large" 2011-01-20 10:37:58 +00:00
Igor Sysoev
87f744c24b use boolean expression instead of "if" 2010-12-15 14:10:33 +00:00
Igor Sysoev
f00e81d75a rename NGX_HTTP_OWN_CODES to NGX_HTTP_NGINX_CODES 2010-12-14 23:04:26 +00:00
Igor Sysoev
dc61c0a153 bump version 2010-12-14 22:54:04 +00:00
Igor Sysoev
5644c43caf always run regex in server_name to get captures for IPv6 addresses,
the same fix for IPv4 addresses has been made in r2584
2010-12-12 21:13:27 +00:00
Igor Sysoev
1fdb004f52 test wildcard tail hash existance for IPv6 addresses,
the same fix for IPv4 addresses has been made in r2581
2010-12-12 21:10:59 +00:00
Igor Sysoev
7c2611a231 style fix 2010-12-12 20:11:31 +00:00
Igor Sysoev
5491139caf bump version 2010-12-06 14:40:40 +00:00
Igor Sysoev
ec4df838c8 "If-Unmodified-Since" support 2010-12-06 11:11:05 +00:00
Igor Sysoev
86ffd9b10f bump version 2010-11-30 13:26:21 +00:00
Igor Sysoev
f5798d8c0d fix comment 2010-11-29 19:41:53 +00:00
Igor Sysoev
bd4c8e88ee revert processing NGX_OK in rewrite phase changed in r3798,
this broke "return 204" and "return code text"
2010-11-29 19:40:54 +00:00
Igor Sysoev
c219a6f7d0 bump version 2010-11-29 19:39:26 +00:00
Igor Sysoev
8c6144f022 revert processing NGX_OK and NGX_DONE in rewrite phase changed in r3634 2010-11-29 14:01:17 +00:00
Igor Sysoev
f83d6cf0f7 style fix 2010-11-26 13:58:28 +00:00
Igor Sysoev
02677300d1 fix building by icc8 2010-11-26 13:36:36 +00:00
Igor Sysoev
6946ed75b6 keepalive_disable 2010-11-26 12:40:56 +00:00
Igor Sysoev
97d32cb169 allow variable as "map" value 2010-11-26 12:25:51 +00:00
Igor Sysoev
07335d89df use "\" to escape "default", "include", and "hostnames" values instead of "!" 2010-11-25 15:36:24 +00:00
Igor Sysoev
04e145d2da allow empty value as "map" parameter 2010-11-25 15:24:29 +00:00
Igor Sysoev
67e6bafc90 allow expressions in the first "map" parameter 2010-11-25 15:22:43 +00:00
Igor Sysoev
601ca7cd6e bump version 2010-11-24 13:41:37 +00:00
Igor Sysoev
a64b716b22 allow override redirect status in error_page 2010-10-18 10:14:00 +00:00
Igor Sysoev
c5d1790e1d change order of limit_req lookup result processing 2010-10-14 09:20:01 +00:00