Commit Graph

104 Commits

Author SHA1 Message Date
Igor Sysoev
a552ab476e check unsafe Destination 2009-09-25 09:30:06 +00:00
Igor Sysoev
97aa4c86a1 handle "/../" case more reliably 2009-09-14 07:42:01 +00:00
Igor Sysoev
63494b4c79 discrease slightly ngx_http_parse_header_line() size:
this line is not required for LF, however, this case is very seldom
2009-09-02 07:02:49 +00:00
Igor Sysoev
2e9ea35fd7 fix segfault when a header starts with "\rX"
and logging is set to info or debug level
2009-09-01 12:32:37 +00:00
Igor Sysoev
55d47a81a9 do not test "..." case since it's Win9x family feature only 2009-07-20 12:23:04 +00:00
Igor Sysoev
df4b230ede allow underscore in request method 2009-07-13 09:33:34 +00:00
Igor Sysoev
bf14b000e6 ngx_path_separator() 2009-04-23 16:38:59 +00:00
Igor Sysoev
1dcaa97ccc refactor ngx_http_arg() using ngx_strcasestrn(),
back out zero termination introduced in r2138
2009-04-04 17:51:38 +00:00
Igor Sysoev
f072a02ec5 fix r2579 2009-03-30 14:15:47 +00:00
Igor Sysoev
9bc41a4281 style fix: remove tabs 2009-03-22 15:50:07 +00:00
Igor Sysoev
2c7cb55ac1 ngx_http_split_args() 2009-03-19 13:41:29 +00:00
Igor Sysoev
84d17bba65 ngx_http_arg() 2008-12-22 12:02:05 +00:00
Igor Sysoev
753792e108 underscores_in_headers 2008-09-24 14:02:50 +00:00
Igor Sysoev
f8c4ae3151 allow underscores in client request header lines 2008-09-08 08:26:42 +00:00
Igor Sysoev
70d0961658 test the more likely case first 2008-03-16 16:47:16 +00:00
Igor Sysoev
8c8a6e5f2f use the more correct mask 2008-03-16 13:29:49 +00:00
Igor Sysoev
b862cf4076 fix merge_slashes 2007-12-14 14:33:00 +00:00
Igor Sysoev
81924e8e16 compatibility with mget: space after HTTP/1.1 2007-10-26 11:34:10 +00:00
Igor Sysoev
8decab3dd9 merge_slashes 2007-10-18 11:36:58 +00:00
Igor Sysoev
4c5207fd56 allow full URL without URI part: "GET http://host HTTP/1.0" 2007-10-18 11:33:31 +00:00
Igor Sysoev
544e9f1fd7 optimize HTTP method parsing for i386 and amd64 2007-05-07 06:27:14 +00:00
Igor Sysoev
3e933d2919 disable TRACE method 2007-03-30 18:59:26 +00:00
Igor Sysoev
f367b11a62 fix segfault when $host is used and request is "GET http://host HTTP/1.0" 2006-12-14 22:42:52 +00:00
Igor Sysoev
95ead46111 use host part in URL 2006-11-23 20:20:23 +00:00
Igor Sysoev
8365f731bf add more WebDAV methods 2006-11-14 12:43:48 +00:00
Igor Sysoev
e9b7809178 style fix 2006-10-31 12:30:24 +00:00
Igor Sysoev
bc808a7bab style fix 2006-10-31 12:27:32 +00:00
Igor Sysoev
addd3c8676 treat '\' as special character in win32 only 2006-10-30 20:36:54 +00:00
Igor Sysoev
b5c75dc88a style fix 2006-10-28 14:36:44 +00:00
Igor Sysoev
0593b63c6a undo the previous wrong commit 2006-10-28 14:32:39 +00:00
Igor Sysoev
e6d99d831c bad commit 2006-10-28 14:20:13 +00:00
Igor Sysoev
a994bd0ae2 change order 2006-10-28 13:59:56 +00:00
Igor Sysoev
0359ba8cc1 optimize the most frequent cases 2006-10-28 12:04:43 +00:00
Igor Sysoev
e23b4849b5 handle the most frequent case first 2006-10-28 10:47:11 +00:00
Igor Sysoev
a724100799 axe unused state 2006-10-28 10:42:24 +00:00
Igor Sysoev
b80a7f4318 omit "#fragment" 2006-10-28 10:15:31 +00:00
Igor Sysoev
4346bab52e we do not need the zero terminated r->uri for a long time 2006-10-28 08:45:01 +00:00
Igor Sysoev
bb8bbb7c0b backout r783 and add comment 2006-10-17 12:47:14 +00:00
Igor Sysoev
e5efadb60e add 255th array element 2006-10-16 11:28:33 +00:00
Igor Sysoev
8f1255877c nginx-0.3.55-RELEASE import
*) Feature: the "stub" parameter in the "include" SSI command.

    *) Feature: the "block" SSI command.

    *) Feature: the unicode2nginx script was added to contrib.

    *) Bugfix: if a "root" was specified by variable only, then the root
       was relative to a server prefix.

    *) Bugfix: if the request contained "//" or "/./" and escaped symbols
       after them, then the proxied request was sent unescaped.

    *) Bugfix: the $r->headers_in("Cookie") of the ngx_http_perl_module now
       returns all "Cookie" header lines.

    *) Bugfix: a segmentation fault occurred if
       "client_body_in_file_only on" was used and nginx switched to a next
       upstream.

    *) Bugfix: on some condition while reconfiguration character codes
       inside the "charset_map" may be treated invalid; the bug had
       appeared in 0.3.50.
2006-07-28 15:16:17 +00:00
Igor Sysoev
ef809b86c3 nginx-0.3.50-RELEASE import
*) Change: the "proxy_redirect_errors" and "fastcgi_redirect_errors"
       directives was renamed to the "proxy_intercept_errors" and
       "fastcgi_intercept_errors" directives.

    *) Feature: the ngx_http_charset_module supports the recoding from the
       single byte encodings to the UTF-8 encoding and back.

    *) Feature: the "X-Accel-Charset" response header line is supported in
       proxy and FastCGI mode.

    *) Bugfix: the "\" escape symbol in the "\"" and "\'" pairs in the SSI
       command was removed only if the command also has the "$" symbol.

    *) Bugfix: the "<!--" string might be added on some conditions in the
       SSI after inclusion.

    *) Bugfix: if the "Content-Length: 0" header line was in response, then
       in nonbuffered proxying mode the client connection was not closed.
2006-06-28 16:00:26 +00:00
Igor Sysoev
3338cfdfbc nginx-0.3.46-RELEASE import
*) Feature: the "proxy_hide_header", "proxy_pass_header",
       "fastcgi_hide_header", and "fastcgi_pass_header" directives.

    *) Change: the "proxy_pass_x_powered_by", "fastcgi_x_powered_by", and
       "proxy_pass_server" directives were canceled.

    *) Feature: the "X-Accel-Buffering" response header line is supported
       in proxy mode.

    *) Bugfix: the reconfiguration bug and memory leaks in the
       ngx_http_perl_module.
2006-05-11 14:43:47 +00:00
Igor Sysoev
4ecb4d721d nginx-0.3.41-RELEASE import
*) Feature: the -v switch.

    *) Bugfix: the segmentation fault may occurred if the SSI page has
       remote subrequests.

    *) Bugfix: in FastCGI handling.

    *) Bugfix: if the perl modules path was not set using
       --with-perl_modules_path=PATH or the "perl_modules", then the
       segmentation fault was occurred.
2006-04-21 12:06:44 +00:00
Igor Sysoev
7bdb720d6a nginx-0.3.40-RELEASE import
*) Feature: the ngx_http_dav_module supports the MKCOL method.

    *) Feature: the "create_full_put_path" directive.

    *) Feature: the "$limit_rate" variable.
2006-04-19 15:30:56 +00:00
Igor Sysoev
8a2b2fb4fb nginx-0.3.38-RELEASE import
*) Feature: the ngx_http_dav_module.

    *) Change: the ngx_http_perl_module optimizations.
       Thanks to Sergey Skvortsov.

    *) Feature: the ngx_http_perl_module supports the $r->request_body_file
       method.

    *) Feature: the "client_body_in_file_only" directive.

    *) Workaround: now on disk overflow nginx tries to write access logs
       once a second only.
       Thanks to Anton Yuzhaninov and Maxim Dounin.

    *) Bugfix: now the "limit_rate" directive more precisely limits rate if
       rate is more than 100 Kbyte/s.
       Thanks to ForJest.

    *) Bugfix: now the IMAP/POP3 proxy escapes the "\r" and "\n" symbols in
       login and password to pass authorization server.
       Thanks to Maxim Dounin.
2006-04-14 09:53:38 +00:00
Igor Sysoev
455a7fcc1e nginx-0.3.34-RELEASE import
*) Feature: the "add_header" directive supports the variables.
2006-03-21 08:20:41 +00:00
Igor Sysoev
8fea885cbf nginx-0.3.33-RELEASE import
*) Feature: the "http_503" parameter of the "proxy_next_upstream" or
       "fastcgi_next_upstream" directives.

    *) Bugfix: ngx_http_perl_module did not work with inlined in the
       configuration code, if it was not started with the "sub" word.

    *) Bugfix: in the "post_action" directive.
2006-03-15 09:53:04 +00:00
Igor Sysoev
0e5dc5cff6 nginx-0.3.10-RELEASE import
*) Change: the "valid_referers" directive and the "$invalid_referer"
       variable were moved to the new ngx_http_referer_module from the
       ngx_http_rewrite_module.

    *) Change: the "$apache_bytes_sent" variable name was changed to
       "$body_bytes_sent".

    *) Feature: the "$sent_http_..." variables.

    *) Feature: the "if" directive supports the "=" and "!=" operations.

    *) Feature: the "proxy_pass" directive supports the HTTPS protocol.

    *) Feature: the "proxy_set_body" directive.

    *) Feature: the "post_action" directive.

    *) Feature: the ngx_http_empty_gif_module.

    *) Feature: the "worker_cpu_affinity" directive for Linux.

    *) Bugfix: the "rewrite" directive did not unescape URI part in
       redirect, now it is unescaped except the %00-%25 and %7F-%FF
       characters.

    *) Bugfix: nginx could not be built by the icc 9.0 compiler.

    *) Bugfix: if the SSI was enabled for zero size static file, then the
       chunked response was encoded incorrectly.
2005-11-15 13:30:52 +00:00
Igor Sysoev
3fc6f64bd2 nginx-0.3.9-RELEASE import
*) Bugfix: nginx considered URI as unsafe if two any symbols was
       between two slashes; the bug had appeared in 0.3.8.
2005-11-10 07:44:53 +00:00
Igor Sysoev
09c684b2d5 nginx-0.3.8-RELEASE import
*) Security: nginx now checks URI got from a backend in
       "X-Accel-Redirect" header line or in SSI file for the "/../" paths
       and zeroes.

    *) Change: nginx now does not treat the empty user name in the
       "Authorization" header line as valid one.

    *) Feature: the "ssl_session_timeout" directives of the
       ngx_http_ssl_module and ngx_imap_ssl_module.

    *) Feature: the "auth_http_header" directive of the
       ngx_imap_auth_http_module.

    *) Feature: the "add_header" directive.

    *) Feature: the ngx_http_realip_module.

    *) Feature: the new variables to use in the "log_format" directive:
       $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri,
       $request_time, $request_length, $upstream_status,
       $upstream_response_time, $gzip_ratio, $uid_got, $uid_set,
       $connection, $pipe, and $msec. The parameters in the "%name" form
       will be canceled soon.

    *) Change: now the false variable values in the "if" directive are the
       empty string "" and string starting with "0".

    *) Bugfix: while using proxied or FastCGI-server nginx may leave
       connections and temporary files with client requests in open state.

    *) Bugfix: the worker processes did not flush the buffered logs on
       graceful exit.

    *) Bugfix: if the request URI was changes by the "rewrite" directive
       and the request was proxied in location given by regular expression,
       then the incorrect request was transferred to backend; the bug had
       appeared in 0.2.6.

    *) Bugfix: the "expires" directive did not remove the previous
       "Expires" header.

    *) Bugfix: nginx may stop to accept requests if the "rtsig" method and
       several worker processes were used.

    *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in
       SSI commands.

    *) Bugfix: if the response was ended just after the SSI command and
       gzipping was used, then the response did not transferred complete or
       did not transferred at all.
2005-11-09 17:25:55 +00:00