Commit Graph

44 Commits

Author SHA1 Message Date
Maxim Dounin
e3d6c5a33c Improved access log escaping to better protect other software.
Some character sets (notably ISO-8859-1) have C1 control characters in
upper half, make sure to escape them.

Reported by Jesus Olmos Gonzalez.
2011-10-11 17:54:38 +00:00
Ruslan Ermilov
a823c550e4 Replaced "can not" with "cannot" and "could not" in a bunch of places.
Fixed nearby grammar errors.
2011-09-19 14:48:29 +00:00
Igor Sysoev
c42be75569 removal of error message about %name log_format parameters,
they have been deleted long ago in 0.5.0-RELEASE
2011-08-03 16:01:36 +00:00
Igor Sysoev
c9d671cd81 $time_iso8601 log variable
patch by Michael Lustfield
2011-03-16 15:46:57 +00:00
Igor Sysoev
05b1a8f1e3 ngx_str_set() and ngx_str_null() 2010-05-14 09:56:37 +00:00
Igor Sysoev
328df7a5cc use ngx_min() and ngx_max() 2010-05-14 09:55:33 +00:00
Igor Sysoev
f8b50b9c96 log proxied HTTP/0.9 responses status as "009" 2009-11-29 20:49:29 +00:00
Igor Sysoev
612ecb7674 optimize some cycles:
*) delete surplus variable;
*) on i386/amd64 "while (n) / n--" is smaller than "while (n--)",
   because the platforms have no postfix operations
2009-11-02 17:12:09 +00:00
Igor Sysoev
e0f1d0afcc style fix 2009-09-11 13:57:50 +00:00
Igor Sysoev
a79f8a5655 strict testing "access_log off" 2009-08-23 17:06:33 +00:00
Igor Sysoev
260c4321d7 return NULL instead of NGX_CONF_ERROR on a create conf failure 2009-06-02 16:09:44 +00:00
Igor Sysoev
f1cc457d7f *) of.test_only to not open file if only stat() is enough
*) of.failed to return exact name of failed syscall
2009-04-27 09:55:53 +00:00
Igor Sysoev
1f4220ee86 small optimization: " == NGX_ERROR" > " != NGX_OK" 2009-02-24 10:42:23 +00:00
Igor Sysoev
ad1e123bfa NGX_OPEN_FILE_DIRECTIO_OFF 2008-10-16 13:31:00 +00:00
Igor Sysoev
2eec1e1ff2 *) log_subrequest
*) flush variables in access log
2008-09-27 15:08:02 +00:00
Igor Sysoev
0f8ea4de46 disable directio for access_log with variables 2008-09-12 13:44:10 +00:00
Igor Sysoev
5d4e80b8fb remove unused #include's 2008-09-05 15:25:47 +00:00
Igor Sysoev
edf1c8c1b8 always test root existence for access_log with variables 2008-07-07 09:26:13 +00:00
Igor Sysoev
06d2147139 NULL script in default access_log 2008-07-01 06:26:48 +00:00
Igor Sysoev
0da6d2f675 fix variable access_log merging 2008-06-30 15:51:28 +00:00
Igor Sysoev
504efffca8 fix error message 2008-06-30 15:32:57 +00:00
Igor Sysoev
b882154636 variables in access_log 2008-06-30 12:27:24 +00:00
Igor Sysoev
7f6b2ffc60 *) back out r2040
*) refactor ngx_palloc()
*) introduce ngx_pnalloc()
*) additional pool blocks have smaller header
2008-06-17 15:00:30 +00:00
Igor Sysoev
2ae6727da7 fix error log message 2008-05-26 10:54:59 +00:00
Igor Sysoev
5f3521cf4f escape 0x00-0x1f, ", and \ in access log variables 2008-05-15 15:09:39 +00:00
Igor Sysoev
1d04b14c09 64-bit time_t compatibility 2007-11-15 14:26:36 +00:00
Igor Sysoev
3fc6ee4501 allow access_log inside limit_except 2007-10-09 18:45:49 +00:00
Igor Sysoev
28eafa574e add comment 2007-07-06 11:28:20 +00:00
Igor Sysoev
b4ccb9f5bd $request_time has millisecond precision 2007-04-21 07:50:19 +00:00
Igor Sysoev
da4b660274 use 60 seconds interval but not 61 seconds 2007-04-03 21:54:13 +00:00
Igor Sysoev
3a58cc90b5 fix "access_log off" 2007-01-24 09:15:25 +00:00
Igor Sysoev
d0863c106d log a failure of the writing to access_log once per minute 2007-01-21 19:01:01 +00:00
Igor Sysoev
63ba5a61b5 fix highly unlikely bug 2006-12-12 15:46:53 +00:00
Igor Sysoev
a8c54c082c axe old % log format 2006-11-27 14:46:15 +00:00
Igor Sysoev
8f1255877c nginx-0.3.55-RELEASE import
*) Feature: the "stub" parameter in the "include" SSI command.

    *) Feature: the "block" SSI command.

    *) Feature: the unicode2nginx script was added to contrib.

    *) Bugfix: if a "root" was specified by variable only, then the root
       was relative to a server prefix.

    *) Bugfix: if the request contained "//" or "/./" and escaped symbols
       after them, then the proxied request was sent unescaped.

    *) Bugfix: the $r->headers_in("Cookie") of the ngx_http_perl_module now
       returns all "Cookie" header lines.

    *) Bugfix: a segmentation fault occurred if
       "client_body_in_file_only on" was used and nginx switched to a next
       upstream.

    *) Bugfix: on some condition while reconfiguration character codes
       inside the "charset_map" may be treated invalid; the bug had
       appeared in 0.3.50.
2006-07-28 15:16:17 +00:00
Igor Sysoev
1765f47544 nginx-0.3.53-RELEASE import
*) Change: the "add_header" directive adds the string to 204, 301, and
       302 responses.

    *) Feature: the "server" directive in the "upstream" context supports
       the "weight" parameter.

    *) Feature: the "server_name" directive supports the "*" wildcard.

    *) Feature: nginx supports the request body size more than 2G.

    *) Bugfix: if a client was successfully authorized using "satisfy_any
       on", then anyway the message "access forbidden by rule" was written
       in the log.

    *) Bugfix: the "PUT" method may erroneously not create a file and
       return the 409 code.

    *) Bugfix: if the IMAP/POP3 backend returned an error, then nginx
       continued proxying anyway.
2006-07-07 16:33:19 +00:00
Igor Sysoev
ef809b86c3 nginx-0.3.50-RELEASE import
*) Change: the "proxy_redirect_errors" and "fastcgi_redirect_errors"
       directives was renamed to the "proxy_intercept_errors" and
       "fastcgi_intercept_errors" directives.

    *) Feature: the ngx_http_charset_module supports the recoding from the
       single byte encodings to the UTF-8 encoding and back.

    *) Feature: the "X-Accel-Charset" response header line is supported in
       proxy and FastCGI mode.

    *) Bugfix: the "\" escape symbol in the "\"" and "\'" pairs in the SSI
       command was removed only if the command also has the "$" symbol.

    *) Bugfix: the "<!--" string might be added on some conditions in the
       SSI after inclusion.

    *) Bugfix: if the "Content-Length: 0" header line was in response, then
       in nonbuffered proxying mode the client connection was not closed.
2006-06-28 16:00:26 +00:00
Igor Sysoev
ac72bd17d1 nginx-0.3.44-RELEASE import
*) Feature: the "wait" parameter in the "include" SSI command.

    *) Feature: the Ukrainian and Byelorussian characters were added to
       koi-win conversion table.

    *) Bugfix: in the SSI.
2006-05-04 15:32:46 +00:00
Igor Sysoev
8a2b2fb4fb nginx-0.3.38-RELEASE import
*) Feature: the ngx_http_dav_module.

    *) Change: the ngx_http_perl_module optimizations.
       Thanks to Sergey Skvortsov.

    *) Feature: the ngx_http_perl_module supports the $r->request_body_file
       method.

    *) Feature: the "client_body_in_file_only" directive.

    *) Workaround: now on disk overflow nginx tries to write access logs
       once a second only.
       Thanks to Anton Yuzhaninov and Maxim Dounin.

    *) Bugfix: now the "limit_rate" directive more precisely limits rate if
       rate is more than 100 Kbyte/s.
       Thanks to ForJest.

    *) Bugfix: now the IMAP/POP3 proxy escapes the "\r" and "\n" symbols in
       login and password to pass authorization server.
       Thanks to Maxim Dounin.
2006-04-14 09:53:38 +00:00
Igor Sysoev
c31a9bb5e3 nginx-0.3.12-RELEASE import
*) Security: if nginx was built with the ngx_http_realip_module and the
       "satisfy_any on" directive was used, then access and authorization
       directives did not work. The ngx_http_realip_module was not built
       and is not built by default.

    *) Change: the "$time_gmt" variable name was changed to "$time_local".

    *) Change: the "proxy_header_buffer_size" and
       "fastcgi_header_buffer_size" directives was renamed to the
       "proxy_buffer_size" and "fastcgi_buffer_size" directives.

    *) Feature: the ngx_http_memcached_module.

    *) Feature: the "proxy_buffering" directive.

    *) Bugfix: the changes in accept mutex handling when the "rtsig" method
       was used; the bug had appeared in 0.3.0.

    *) Bugfix: if the client sent the "Transfer-Encoding: chunked" header
       line, then nginx returns the 411 error.

    *) Bugfix: if the "auth_basic" directive was inherited from the http
       level, then the realm in the "WWW-Authenticate" header line was
       without the "Basic realm" text.

    *) Bugfix: if the "combined" format was explicitly specified in the
       "access_log" directive, then the empty lines was written to the log;
       the bug had appeared in 0.3.8.

    *) Bugfix: nginx did not run on the sparc platform under any OS except
       Solaris.

    *) Bugfix: now it is not necessary to place space between the quoted
       string and closing bracket in the "if" directive.
2005-11-26 10:11:11 +00:00
Igor Sysoev
0e5dc5cff6 nginx-0.3.10-RELEASE import
*) Change: the "valid_referers" directive and the "$invalid_referer"
       variable were moved to the new ngx_http_referer_module from the
       ngx_http_rewrite_module.

    *) Change: the "$apache_bytes_sent" variable name was changed to
       "$body_bytes_sent".

    *) Feature: the "$sent_http_..." variables.

    *) Feature: the "if" directive supports the "=" and "!=" operations.

    *) Feature: the "proxy_pass" directive supports the HTTPS protocol.

    *) Feature: the "proxy_set_body" directive.

    *) Feature: the "post_action" directive.

    *) Feature: the ngx_http_empty_gif_module.

    *) Feature: the "worker_cpu_affinity" directive for Linux.

    *) Bugfix: the "rewrite" directive did not unescape URI part in
       redirect, now it is unescaped except the %00-%25 and %7F-%FF
       characters.

    *) Bugfix: nginx could not be built by the icc 9.0 compiler.

    *) Bugfix: if the SSI was enabled for zero size static file, then the
       chunked response was encoded incorrectly.
2005-11-15 13:30:52 +00:00
Igor Sysoev
09c684b2d5 nginx-0.3.8-RELEASE import
*) Security: nginx now checks URI got from a backend in
       "X-Accel-Redirect" header line or in SSI file for the "/../" paths
       and zeroes.

    *) Change: nginx now does not treat the empty user name in the
       "Authorization" header line as valid one.

    *) Feature: the "ssl_session_timeout" directives of the
       ngx_http_ssl_module and ngx_imap_ssl_module.

    *) Feature: the "auth_http_header" directive of the
       ngx_imap_auth_http_module.

    *) Feature: the "add_header" directive.

    *) Feature: the ngx_http_realip_module.

    *) Feature: the new variables to use in the "log_format" directive:
       $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri,
       $request_time, $request_length, $upstream_status,
       $upstream_response_time, $gzip_ratio, $uid_got, $uid_set,
       $connection, $pipe, and $msec. The parameters in the "%name" form
       will be canceled soon.

    *) Change: now the false variable values in the "if" directive are the
       empty string "" and string starting with "0".

    *) Bugfix: while using proxied or FastCGI-server nginx may leave
       connections and temporary files with client requests in open state.

    *) Bugfix: the worker processes did not flush the buffered logs on
       graceful exit.

    *) Bugfix: if the request URI was changes by the "rewrite" directive
       and the request was proxied in location given by regular expression,
       then the incorrect request was transferred to backend; the bug had
       appeared in 0.2.6.

    *) Bugfix: the "expires" directive did not remove the previous
       "Expires" header.

    *) Bugfix: nginx may stop to accept requests if the "rtsig" method and
       several worker processes were used.

    *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in
       SSI commands.

    *) Bugfix: if the response was ended just after the SSI command and
       gzipping was used, then the response did not transferred complete or
       did not transferred at all.
2005-11-09 17:25:55 +00:00
Igor Sysoev
697d1aea0c nginx-0.3.7-RELEASE import
*) Feature: the "access_log" supports the "buffer=" parameter.

    *) Bugfix: nginx could not be built on platforms different from i386,
       amd64, sparc, and ppc; the bug had appeared in 0.3.2.
2005-10-27 15:46:13 +00:00
Igor Sysoev
9ac946bcc9 nginx-0.3.6-RELEASE import
*) Change: now the IMAP/POP3 proxy do not send the empty login to
       authorization server.

    *) Feature: the "log_format" supports the variables in the $name form.

    *) Bugfix: if at least in one server was no the "listen" directive,
       then nginx did not listen on the 80 port; the bug had appeared in
       0.3.3.

    *) Bugfix: if the URI part is omitted in "proxy_pass" directive, the
       the 80 port was always used.
2005-10-24 15:09:41 +00:00