Commit Graph

390 Commits

Author SHA1 Message Date
Maxim Dounin
7dff998495 Core: protection from cycles with named locations and post_action.
Now redirects to named locations are counted against normal uri changes
limit, and post_action respects this limit as well.  As a result at least
the following (bad) configurations no longer trigger infinite cycles:

1. Post action which recursively triggers post action:

    location / {
        post_action /index.html;
    }

2. Post action pointing to nonexistent named location:

    location / {
        post_action @nonexistent;
    }

3. Recursive error page for 500 (Internal Server Error) pointing to
   a nonexistent named location:

    location / {
        recursive_error_pages on;
        error_page 500 @nonexistent;
        return 500;
    }
2012-02-13 15:35:48 +00:00
Maxim Dounin
1b0ad6ee72 Core: protection from subrequest loops.
Without the protection, subrequest loop results in r->count overflow and
SIGSEGV.  Protection was broken in 0.7.25.

Note that this also limits number of parallel subrequests.  This
wasn't exactly the case before 0.7.25 as local subrequests were
completed directly.

See here for details:
http://nginx.org/pipermail/nginx-ru/2010-February/032184.html
2012-02-13 15:33:08 +00:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Valentin Bartenev
1373558163 Added support for IP-literal in the Host header and request line (ticket #1).
Additional parsing logic added to correctly handle RFC 3986 compliant IPv6 and
IPvFuture characters enclosed in square brackets.

The host validation was completely rewritten. The behavior for non IP literals
was changed in a more proper and safer way:

 - Host part is now delimited either by the first colon or by the end of string
   if there's no colon. Previously the last colon was used as delimiter which
   allowed substitution of a port number in the $host variable.
   (e.g. Host: 127.0.0.1:9000:80)

 - Fixed stripping of the ending dot in the Host header when the host was also
   followed by a port number.
   (e.g. Host: nginx.com.:80)

 - Fixed upper case characters detection. Previously it was broken which led to
   wasting memory and CPU.
2011-11-28 09:15:33 +00:00
Maxim Dounin
0560ae55bc Fixed segfault on ssl servers without cert with SNI (ticket #54).
Non-default servers may not have ssl context created if there are no
certificate defined.  Make sure to check if ssl context present before
using it.
2011-11-22 16:27:45 +00:00
Maxim Dounin
0f5f4cb180 Fix for socket leak with "aio sendfile" and "limit_rate".
Second aio post happened when timer set by limit_rate expired while we have
aio request in flight, resulting in "second aio post" alert and socket leak.

The patch adds actual protection from aio calls with r->aio already set to
aio sendfile code in ngx_http_copy_filter().  This should fix other cases
as well, e.g. when sending buffered to disk upstream replies while still
talking to upstream.

The ngx_http_writer() is also fixed to handle the above case (though it's
mostly optimization now).

Reported by Oleksandr V. Typlyns'kyi.
2011-10-11 18:00:23 +00:00
Maxim Dounin
b7af402cc4 Fix for connection drops with AIO.
Connections serving content with AIO to fast clients were dropped with
"client timed out" messages after send_timeout from response start.
2011-10-11 17:58:51 +00:00
Maxim Dounin
fbc51e4c44 Better handling of various per-server ssl options with SNI.
SSL_set_SSL_CTX() doesn't touch values cached within ssl connection
structure, it only changes certificates (at least as of now, OpenSSL
1.0.0d and earlier).

As a result settings like ssl_verify_client, ssl_verify_depth,
ssl_prefer_server_ciphers are only configurable on per-socket basis while
with SNI it should be possible to specify them different for two servers
listening on the same socket.

Workaround is to explicitly re-apply settings we care about from context
to ssl connection in servername callback.

Note that SSL_clear_options() is only available in OpenSSL 0.9.8m+.  I.e.
with older versions it is not possible to clear ssl_prefer_server_ciphers
option if it's set in default server for a socket.
2011-08-23 14:36:31 +00:00
Igor Sysoev
21fd22d089 always set timer in discard body handler, this fixes the cases
when request for static file is redirected by error_page to an SSI page

patch by Maxim Dounin
2011-08-01 13:52:54 +00:00
Igor Sysoev
2505587b4d lingering_close "off|on|always"
patch by Maxim Dounin
2011-08-01 13:26:55 +00:00
Igor Sysoev
41c8a1d27f do not send RST on normal lingering close read timeout,
if reset_timedout_connection is on

patch by Maxim Dounin
2011-08-01 13:08:03 +00:00
Igor Sysoev
2f3668b59b enable lingering close for pipelined requests
patch by Maxim Dounin
2011-08-01 11:08:57 +00:00
Igor Sysoev
6652cc5962 Accept-Encoding refactoring: remove ancient MSIE 4.x test for gzip 2011-07-30 06:20:06 +00:00
Igor Sysoev
4956ac5108 reuse keepalive connections if there are no free worker connections
patch by Maxim Dounin
2011-04-04 12:26:53 +00:00
Igor Sysoev
26cf2c96ea introduce 494 code "Request Header Too Large" 2011-01-20 10:37:58 +00:00
Igor Sysoev
ec4df838c8 "If-Unmodified-Since" support 2010-12-06 11:11:05 +00:00
Igor Sysoev
a5ee005a27 fix recognition of SSLv2 Client Hello Packet large than 255 bytes 2010-07-05 13:35:20 +00:00
Igor Sysoev
da7b5e15de allow spaces in URI 2010-06-15 09:31:19 +00:00
Igor Sysoev
04e1156d2e test default NTFS stream "::$DATA" 2010-06-04 15:37:49 +00:00
Igor Sysoev
8164f329fe disable keepalive for Safari:
https://bugs.webkit.org/show_bug.cgi?id=5760
2010-02-01 12:01:01 +00:00
Igor Sysoev
77860d74a5 skip URI trailing spaces under Win32 2010-01-28 14:09:28 +00:00
Igor Sysoev
918ef947da Fix segfault when while discarding body a write event handler is called,
runs ngx_http_core_run_phases(), and starts a request processing again.
The write event has clear type and remained in a keepalive connection.
The bug was introduced in r3050.
2010-01-28 08:33:24 +00:00
Igor Sysoev
c05f20ec2e regex named captures 2009-11-16 12:19:02 +00:00
Igor Sysoev
bdc154bb73 r->chrome 2009-11-12 14:23:18 +00:00
Igor Sysoev
51aa6dec4d fix segfault if there is single large_client_header_buffers
and a request line fills it completely
2009-11-03 18:12:20 +00:00
Igor Sysoev
663e957957 do not run regex for empty host name since regex always fails in this case,
the bug had been introduced in r2196
2009-10-22 09:48:42 +00:00
Igor Sysoev
cd8b43cde7 rename core_srv_conf fields to more understandable default_server and server 2009-10-21 16:52:10 +00:00
Igor Sysoev
2a634f5342 fix r3218:
Initially building lists of ports, addresses, and server names had been
placed at final configuration stage, because complete set of the "listen"s
and the "server_names" were required for this operation. r3218 broke it,
because the "listen"s go usually first in configuration, and
cscf->server_names is empty at this stage, therefore no virtual names
were configured.

Now server configurations are stored in array for each address:port
to configure virtual names. Also regex captures flag is moved from
server names to core server configuration.
2009-10-21 16:27:48 +00:00
Igor Sysoev
e418e0661c fix two previous commits: an early parallel body discarding completion
disables incomplete ngx_http_writer()
2009-10-20 11:48:28 +00:00
Igor Sysoev
9a1f0ac730 allow discarding body while a long response transfer 2009-10-19 16:13:38 +00:00
Igor Sysoev
801a35df3c restore discard body handler after ngx_http_set_writer() set it to
ngx_http_test_reading(), the bug was introduced in r3050
2009-10-19 16:12:13 +00:00
Igor Sysoev
2495c4d50b add lingering timeout if a response is short and a request body is being
discarded, the bug was introduced in r3050
2009-10-19 14:08:09 +00:00
Igor Sysoev
2d24d749e4 clear r->keepalive to disable preventively calling
ngx_http_set_keepalive() while request cleanup
2009-10-02 11:30:47 +00:00
Igor Sysoev
689064b91a log 499 instead 0, the bug was introduced in r3050 2009-09-30 12:05:08 +00:00
Igor Sysoev
f63a48ce7e update the previous commit: use ngx_strlow() 2009-09-24 13:23:25 +00:00
Igor Sysoev
6749e92938 $host is always in low case:
*) move low case convertation from ngx_http_find_virtual_server()
   to ngx_http_validate_host()
*) add in ngx_http_validate_host() capability to copy host name in the pool
   allocated memory
2009-09-24 13:15:50 +00:00
Igor Sysoev
7386cf58a7 fix request counter for post_action, the bug was introduced in r3050 2009-09-21 18:34:22 +00:00
Igor Sysoev
56f06e69df use %*s instead of %V 2009-09-01 12:35:52 +00:00
Igor Sysoev
ddda411d14 *) ngx_http_ephemeral
*) use preallocated terminal_posted_request
2009-08-30 09:47:11 +00:00
Igor Sysoev
aa4200b551 do not disable gzip for MSIE 6.0 SV1 in "gzip_disable msie6" 2009-08-28 08:19:02 +00:00
Igor Sysoev
a962506498 FreeBSD and Linux AIO support 2009-08-28 08:12:35 +00:00
Igor Sysoev
1163af9fae style fix 2009-08-28 07:50:45 +00:00
Igor Sysoev
5297d456d8 axe r->connection->destroyed testing 2009-08-26 16:14:57 +00:00
Igor Sysoev
b603dd4b43 request reference counter 2009-08-26 16:04:05 +00:00
Igor Sysoev
1099f9f657 fix segfault if 400 or 414 errors are handled intricately 2009-07-24 19:20:29 +00:00
Igor Sysoev
5b4b7c58cc *) $ssl_client_verify
*) "ssl_verify_client ask" was changed to "ssl_verify_client optional"
2009-07-22 17:41:42 +00:00
Igor Sysoev
a4038c8e71 fix r2972, it caused "zero size buf" alert. 2009-07-22 13:06:27 +00:00
Igor Sysoev
15e3b01819 geo module supports trusted proxies 2009-07-22 09:43:14 +00:00
Igor Sysoev
2376d6082a skip URI trailing dots under Win32 2009-07-14 08:51:20 +00:00
Igor Sysoev
2e9542b910 fix ngx_http_send_special() for subrequests handled by perl 2009-07-09 13:32:51 +00:00
Igor Sysoev
a5fe5881c6 ignore ngx_atomic_fetch_add() result
this fixes building at least by gcc 4.2.1 on Mac OS X 10.6
2009-06-18 13:14:51 +00:00
Igor Sysoev
8416832621 fix "out of memory" case handling 2009-05-29 11:42:55 +00:00
Igor Sysoev
e959128b4a keepalive_requests 2009-05-25 15:38:36 +00:00
Igor Sysoev
3b74b8eeb9 fix socket leak introduced in r2378 2009-05-25 09:56:01 +00:00
Igor Sysoev
2a9ce62631 use ngx_connection_local_sockaddr() instead of ngx_http_server_addr() 2009-05-18 12:58:19 +00:00
Igor Sysoev
868d805c8b delete unneeded cast 2009-05-18 07:47:58 +00:00
Igor Sysoev
fd4191845b handle big responses for "size" and "test" image_filters 2009-05-08 14:25:51 +00:00
Igor Sysoev
0cd76ea290 *) refactor error_log processing: listen socket log might inherit built-in
error_log with zero level, and r2447, r2466, r2467 were not enough
*) remove bogus "stderr" level
*) some functions and fields renames
2009-04-30 13:53:42 +00:00
Igor Sysoev
bf14b000e6 ngx_path_separator() 2009-04-23 16:38:59 +00:00
Igor Sysoev
e46943965d backout r2535: virtual names is a property of address:port pair,
but is not a property of server configuration
2009-04-09 13:56:16 +00:00
Igor Sysoev
1dcaa97ccc refactor ngx_http_arg() using ngx_strcasestrn(),
back out zero termination introduced in r2138
2009-04-04 17:51:38 +00:00
Igor Sysoev
3658a5bdc6 fix $server_addr for wildcard listen, the has been introduced in r2513 2009-03-18 12:23:57 +00:00
Igor Sysoev
648b0dcf28 fix building without PCRE, introduced in r2553 2009-03-12 11:42:34 +00:00
Igor Sysoev
0bd7b00eb7 ignore EINVAL from setsockopt() on Solaris 2009-03-12 07:16:15 +00:00
Igor Sysoev
000609ae76 fix segfaults introduced in r2549 and r2550 2009-03-11 13:04:02 +00:00
Igor Sysoev
dc34dee2f2 fix segfaults introduced in r2550 2009-03-09 08:50:34 +00:00
Igor Sysoev
7ac9f3605c captures support in server_name 2009-03-06 12:50:20 +00:00
Igor Sysoev
1f4220ee86 small optimization: " == NGX_ERROR" > " != NGX_OK" 2009-02-24 10:42:23 +00:00
Igor Sysoev
fed1ca0dc7 move r->virtual_names to ngx_http_core_srv_conf_t 2009-02-24 07:56:47 +00:00
Igor Sysoev
1966aedd6d axe r->port_text 2009-02-24 07:29:55 +00:00
Igor Sysoev
80a4f29c8a axe r->port 2009-02-23 21:19:35 +00:00
Igor Sysoev
2d95c82f91 axe r->in_addr 2009-02-23 21:05:10 +00:00
Igor Sysoev
a35eaccdec a prelimiary IPv6 support, HTTP listen 2009-02-21 07:02:02 +00:00
Igor Sysoev
32856e1bc8 avoid a double redirect response if
*) a request is going in a keep alive state,
*) the request body should be discarded,
*) epoll/rtsig reports about the response header has been sent,
*) and write event handler calls core phase handler
2009-01-31 20:44:30 +00:00
Igor Sysoev
c9aae14a7e use "!= NGX_OK" instead of "== NGX_ERROR" 2008-12-09 17:27:48 +00:00
Igor Sysoev
f8ffc2eb59 delete unneeded call 2008-12-09 16:49:52 +00:00
Igor Sysoev
851cd73f1d *) refactor subrequest handling, now they run as separate posted requests
*) now $upstream_addr, $upstream_status, $upstream_response_time can be used
   with log_subrequest
2008-12-08 14:23:20 +00:00
Igor Sysoev
5bf2087462 allow POST without Content-Length 2008-12-08 14:04:31 +00:00
Igor Sysoev
abe378e820 ngx_http_limit_req_module 2008-11-10 15:22:33 +00:00
Igor Sysoev
eb62fa0e73 refactor log_subrequest 2008-09-29 13:18:41 +00:00
Igor Sysoev
5d1dcce2c5 update log_subrequest 2008-09-29 07:12:04 +00:00
Igor Sysoev
9059ecae83 fix the previous commit 2008-09-29 04:46:21 +00:00
Igor Sysoev
2eec1e1ff2 *) log_subrequest
*) flush variables in access log
2008-09-27 15:08:02 +00:00
Igor Sysoev
753792e108 underscores_in_headers 2008-09-24 14:02:50 +00:00
Igor Sysoev
05a7656d2c set request handlers, this fixes complex proxied 400 handler with SSI includes 2008-09-15 16:44:37 +00:00
Igor Sysoev
5d4e80b8fb remove unused #include's 2008-09-05 15:25:47 +00:00
Igor Sysoev
f100c7816d *) listen ssl
*) no default ssl_cetificate and ssl_cetificate_key
2008-09-01 14:19:01 +00:00
Igor Sysoev
54477e417a gzip_disable msie6 2008-08-26 15:09:28 +00:00
Igor Sysoev
b29426deb8 server_name "" support 2008-08-21 12:56:10 +00:00
Igor Sysoev
cbc7c6177c fix $r->header_in() for "User-Agent", "Connection", and "Host"
broken in r2005, r2006, and r2008.
2008-08-19 19:40:45 +00:00
Igor Sysoev
42511c05c7 $arg_... variable 2008-08-04 11:10:52 +00:00
Igor Sysoev
6a07833d47 ngx_hash_strlow() 2008-08-04 10:18:36 +00:00
Igor Sysoev
777b019c73 ngx_strlow() 2008-08-04 10:07:00 +00:00
Igor Sysoev
49ed6f3eec *) ssl_verify_client ask
*) test ssl_client_certificate for ssl_verify_client
*) $ssl_client_cert adds TAB before each line except first one
*) $ssl_client_raw_cert contains certificate as is
2008-07-29 14:29:02 +00:00
Igor Sysoev
504efffca8 fix error message 2008-06-30 15:32:57 +00:00
Igor Sysoev
1e1f4c8a04 the "Expect" header support 2008-06-26 13:00:39 +00:00
Igor Sysoev
7f6b2ffc60 *) back out r2040
*) refactor ngx_palloc()
*) introduce ngx_pnalloc()
*) additional pool blocks have smaller header
2008-06-17 15:00:30 +00:00
Igor Sysoev
cdd4354b49 style fix 2008-05-21 17:39:51 +00:00
Igor Sysoev
48242f4b08 avoid recursive loop 2008-05-19 10:24:22 +00:00
Igor Sysoev
5fd0931a61 *) host in request line has priority
*) allow several Host headers
*) validate host
2008-05-15 14:44:47 +00:00