static int rewrite_url(request_rec *r, proxy_worker *worker,
char **url)
{
const char *scheme = strstr(*url, "://");
const char *path = NULL;
if (scheme)
path = ap_strchr_c(scheme + 3, '/');
/* we break the URL into host, port, uri */
if (!worker) {
return ap_proxyerror(r, HTTP_BAD_REQUEST, apr_pstrcat(r->pool,
"missing worker. URI cannot be parsed: ", *url,
NULL));
}
*url = apr_pstrcat(r->pool, worker->name, path, NULL);
return OK;
}
PROXY_DECLARE(int) ap_proxy_pass_brigade(apr_bucket_alloc_t *bucket_alloc,
request_rec *r, proxy_conn_rec *p_conn,
conn_rec *origin, apr_bucket_brigade *bb,
int flush)
{
apr_status_t status;
apr_off_t transferred;
if (flush) {
apr_bucket *e = apr_bucket_flush_create(bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
}
apr_brigade_length(bb, 0, &transferred);
if (transferred != -1)
p_conn->worker->s->transferred += transferred;
status = ap_pass_brigade(origin->output_filters, bb);
if (status != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, "AH01084: "
"pass request body failed to %pI (%s)",
p_conn->addr, p_conn->hostname);
if (origin->aborted) {
const char *ssl_note;
if (((ssl_note = apr_table_get(origin->notes, "SSL_connect_rv"))
!= NULL) && (strcmp(ssl_note, "err") == 0)) {
return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
"Error during SSL Handshake with"
" remote server");
}
return APR_STATUS_IS_TIMEUP(status) ? HTTP_GATEWAY_TIME_OUT : HTTP_BAD_GATEWAY;
}
else {
return HTTP_BAD_REQUEST;
}
}
apr_brigade_cleanup(bb);
return OK;
}
/* CONNECT handler */
static int proxy_connect_handler(request_rec *r, proxy_worker *worker,
proxy_server_conf *conf,
char *url, const char *proxyname,
apr_port_t proxyport)
{
apr_pool_t *p = r->pool;
apr_socket_t *sock;
apr_status_t err, rv;
apr_size_t i, o, nbytes;
char buffer[HUGE_STRING_LEN];
apr_socket_t *client_socket = ap_get_module_config(r->connection->conn_config, &core_module);
int failed;
apr_pollset_t *pollset;
apr_pollfd_t pollfd;
const apr_pollfd_t *signalled;
apr_int32_t pollcnt, pi;
apr_int16_t pollevent;
apr_sockaddr_t *uri_addr, *connect_addr;
apr_uri_t uri;
const char *connectname;
int connectport = 0;
/* is this for us? */
if (r->method_number != M_CONNECT) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: declining URL %s", url);
return DECLINED;
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: serving URL %s", url);
/*
* Step One: Determine Who To Connect To
*
* Break up the URL to determine the host to connect to
*/
/* we break the URL into host, port, uri */
if (APR_SUCCESS != apr_uri_parse_hostinfo(p, url, &uri)) {
return ap_proxyerror(r, HTTP_BAD_REQUEST,
apr_pstrcat(p, "URI cannot be parsed: ", url, NULL));
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: connecting %s to %s:%d", url, uri.hostname, uri.port);
/* do a DNS lookup for the destination host */
err = apr_sockaddr_info_get(&uri_addr, uri.hostname, APR_UNSPEC, uri.port, 0, p);
/* are we connecting directly, or via a proxy? */
if (proxyname) {
connectname = proxyname;
connectport = proxyport;
err = apr_sockaddr_info_get(&connect_addr, proxyname, APR_UNSPEC, proxyport, 0, p);
}
else {
connectname = uri.hostname;
connectport = uri.port;
connect_addr = uri_addr;
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: connecting to remote proxy %s on port %d", connectname, connectport);
/* check if ProxyBlock directive on this host */
if (OK != ap_proxy_checkproxyblock(r, conf, uri_addr)) {
return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked");
}
/* Check if it is an allowed port */
if (conf->allowed_connect_ports->nelts == 0) {
/* Default setting if not overridden by AllowCONNECT */
switch (uri.port) {
case APR_URI_HTTPS_DEFAULT_PORT:
case APR_URI_SNEWS_DEFAULT_PORT:
break;
default:
/* XXX can we call ap_proxyerror() here to get a nice log message? */
return HTTP_FORBIDDEN;
}
} else if(!allowed_port(conf, uri.port)) {
/* XXX can we call ap_proxyerror() here to get a nice log message? */
return HTTP_FORBIDDEN;
}
/*
* Step Two: Make the Connection
*
* We have determined who to connect to. Now make the connection.
*/
/* get all the possible IP addresses for the destname and loop through them
* until we get a successful connection
*/
if (APR_SUCCESS != err) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, apr_pstrcat(p,
"DNS lookup failure for: ",
connectname, NULL));
}
/*
* At this point we have a list of one or more IP addresses of
* the machine to connect to. If configured, reorder this
* list so that the "best candidate" is first try. "best
* candidate" could mean the least loaded server, the fastest
* responding server, whatever.
*
* For now we do nothing, ie we get DNS round robin.
* XXX FIXME
*/
failed = ap_proxy_connect_to_backend(&sock, "CONNECT", connect_addr,
connectname, conf, r->server,
r->pool);
/* handle a permanent error from the above loop */
if (failed) {
if (proxyname) {
return DECLINED;
}
else {
return HTTP_BAD_GATEWAY;
}
}
/*
* Step Three: Send the Request
*
* Send the HTTP/1.1 CONNECT request to the remote server
*/
/* we are acting as a tunnel - the output filter stack should
* be completely empty, because when we are done here we are done completely.
* We add the NULL filter to the stack to do this...
*/
r->output_filters = NULL;
r->connection->output_filters = NULL;
/* If we are connecting through a remote proxy, we need to pass
* the CONNECT request on to it.
*/
if (proxyport) {
/* FIXME: Error checking ignored.
*/
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: sending the CONNECT request to the remote proxy");
nbytes = apr_snprintf(buffer, sizeof(buffer),
"CONNECT %s HTTP/1.0" CRLF, r->uri);
apr_socket_send(sock, buffer, &nbytes);
nbytes = apr_snprintf(buffer, sizeof(buffer),
"Proxy-agent: %s" CRLF CRLF, ap_get_server_banner());
apr_socket_send(sock, buffer, &nbytes);
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: Returning 200 OK Status");
nbytes = apr_snprintf(buffer, sizeof(buffer),
"HTTP/1.0 200 Connection Established" CRLF);
ap_xlate_proto_to_ascii(buffer, nbytes);
apr_socket_send(client_socket, buffer, &nbytes);
nbytes = apr_snprintf(buffer, sizeof(buffer),
"Proxy-agent: %s" CRLF CRLF, ap_get_server_banner());
ap_xlate_proto_to_ascii(buffer, nbytes);
apr_socket_send(client_socket, buffer, &nbytes);
#if 0
/* This is safer code, but it doesn't work yet. I'm leaving it
* here so that I can fix it later.
*/
r->status = HTTP_OK;
r->header_only = 1;
apr_table_set(r->headers_out, "Proxy-agent: %s", ap_get_server_banner());
ap_rflush(r);
#endif
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: setting up poll()");
/*
* Step Four: Handle Data Transfer
*
* Handle two way transfer of data over the socket (this is a tunnel).
*/
/* r->sent_bodyct = 1;*/
if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS)
{
apr_socket_close(sock);
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"proxy: CONNECT: error apr_pollset_create()");
return HTTP_INTERNAL_SERVER_ERROR;
}
/* Add client side to the poll */
pollfd.p = r->pool;
pollfd.desc_type = APR_POLL_SOCKET;
pollfd.reqevents = APR_POLLIN;
pollfd.desc.s = client_socket;
pollfd.client_data = NULL;
apr_pollset_add(pollset, &pollfd);
/* Add the server side to the poll */
pollfd.desc.s = sock;
apr_pollset_add(pollset, &pollfd);
while (1) { /* Infinite loop until error (one side closes the connection) */
if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled)) != APR_SUCCESS) {
apr_socket_close(sock);
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "proxy: CONNECT: error apr_poll()");
return HTTP_INTERNAL_SERVER_ERROR;
}
#ifdef DEBUGGING
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: woke from select(), i=%d", pollcnt);
#endif
for (pi = 0; pi < pollcnt; pi++) {
const apr_pollfd_t *cur = &signalled[pi];
if (cur->desc.s == sock) {
pollevent = cur->rtnevents;
if (pollevent & APR_POLLIN) {
#ifdef DEBUGGING
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: sock was set");
#endif
nbytes = sizeof(buffer);
rv = apr_socket_recv(sock, buffer, &nbytes);
if (rv == APR_SUCCESS) {
o = 0;
i = nbytes;
while(i > 0)
{
nbytes = i;
/* This is just plain wrong. No module should ever write directly
* to the client. For now, this works, but this is high on my list of
* things to fix. The correct line is:
* if ((nbytes = ap_rwrite(buffer + o, nbytes, r)) < 0)
* rbb
*/
rv = apr_socket_send(client_socket, buffer + o, &nbytes);
if (rv != APR_SUCCESS)
break;
o += nbytes;
i -= nbytes;
}
}
else
break;
}
else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP))
break;
}
else if (cur->desc.s == client_socket) {
pollevent = cur->rtnevents;
if (pollevent & APR_POLLIN) {
#ifdef DEBUGGING
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: client was set");
#endif
nbytes = sizeof(buffer);
rv = apr_socket_recv(client_socket, buffer, &nbytes);
if (rv == APR_SUCCESS) {
o = 0;
i = nbytes;
#ifdef DEBUGGING
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: read %d from client", i);
#endif
while(i > 0)
{
nbytes = i;
rv = apr_socket_send(sock, buffer + o, &nbytes);
if (rv != APR_SUCCESS)
break;
o += nbytes;
i -= nbytes;
}
}
else
break;
}
else if ((pollevent & APR_POLLERR) || (pollevent & APR_POLLHUP)) {
rv = APR_EOF;
break;
}
}
else
break;
}
if (rv != APR_SUCCESS) {
break;
}
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: finished with poll() - cleaning up");
/*
* Step Five: Clean Up
*
* Close the socket and clean up
*/
apr_socket_close(sock);
return OK;
}
/* CONNECT handler */
static int proxy_connect_handler(request_rec *r, proxy_worker *worker,
proxy_server_conf *conf,
char *url, const char *proxyname,
apr_port_t proxyport)
{
connect_conf *c_conf =
ap_get_module_config(r->server->module_config, &proxy_connect_module);
apr_pool_t *p = r->pool;
apr_socket_t *sock;
conn_rec *c = r->connection;
conn_rec *backconn;
apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc);
apr_status_t rv;
apr_size_t nbytes;
char buffer[HUGE_STRING_LEN];
apr_socket_t *client_socket = ap_get_conn_socket(c);
int failed, rc;
int client_error = 0;
apr_pollset_t *pollset;
apr_pollfd_t pollfd;
const apr_pollfd_t *signalled;
apr_int32_t pollcnt, pi;
apr_int16_t pollevent;
apr_sockaddr_t *nexthop;
apr_uri_t uri;
const char *connectname;
int connectport = 0;
/* is this for us? */
if (r->method_number != M_CONNECT) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "declining URL %s", url);
return DECLINED;
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "serving URL %s", url);
/*
* Step One: Determine Who To Connect To
*
* Break up the URL to determine the host to connect to
*/
/* we break the URL into host, port, uri */
if (APR_SUCCESS != apr_uri_parse_hostinfo(p, url, &uri)) {
return ap_proxyerror(r, HTTP_BAD_REQUEST,
apr_pstrcat(p, "URI cannot be parsed: ", url,
NULL));
}
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01019)
"connecting %s to %s:%d", url, uri.hostname, uri.port);
/* Determine host/port of next hop; from request URI or of a proxy. */
connectname = proxyname ? proxyname : uri.hostname;
connectport = proxyname ? proxyport : uri.port;
/* Do a DNS lookup for the next hop */
rv = apr_sockaddr_info_get(&nexthop, connectname, APR_UNSPEC,
connectport, 0, p);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(02327)
"failed to resolve hostname '%s'", connectname);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
apr_pstrcat(p, "DNS lookup failure for: ",
connectname, NULL));
}
/* Check ProxyBlock directive on the hostname/address. */
if (ap_proxy_checkproxyblock2(r, conf, uri.hostname,
proxyname ? NULL : nexthop) != OK) {
return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked");
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
"connecting to remote proxy %s on port %d",
connectname, connectport);
/* Check if it is an allowed port */
if(!allowed_port(c_conf, uri.port)) {
return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked");
}
/*
* Step Two: Make the Connection
*
* We have determined who to connect to. Now make the connection.
*/
/*
* At this point we have a list of one or more IP addresses of
* the machine to connect to. If configured, reorder this
* list so that the "best candidate" is first try. "best
* candidate" could mean the least loaded server, the fastest
* responding server, whatever.
*
* For now we do nothing, ie we get DNS round robin.
* XXX FIXME
*/
failed = ap_proxy_connect_to_backend(&sock, "CONNECT", nexthop,
connectname, conf, r);
/* handle a permanent error from the above loop */
if (failed) {
if (proxyname) {
return DECLINED;
}
else {
return HTTP_SERVICE_UNAVAILABLE;
}
}
/* setup polling for connection */
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "setting up poll()");
if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) {
apr_socket_close(sock);
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01020)
"error apr_pollset_create()");
return HTTP_INTERNAL_SERVER_ERROR;
}
/* Add client side to the poll */
pollfd.p = r->pool;
pollfd.desc_type = APR_POLL_SOCKET;
pollfd.reqevents = APR_POLLIN;
pollfd.desc.s = client_socket;
pollfd.client_data = NULL;
apr_pollset_add(pollset, &pollfd);
/* Add the server side to the poll */
pollfd.desc.s = sock;
apr_pollset_add(pollset, &pollfd);
/*
* Step Three: Send the Request
*
* Send the HTTP/1.1 CONNECT request to the remote server
*/
backconn = ap_run_create_connection(c->pool, r->server, sock,
c->id, c->sbh, c->bucket_alloc);
if (!backconn) {
/* peer reset */
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01021)
"an error occurred creating a new connection "
"to %pI (%s)", nexthop, connectname);
apr_socket_close(sock);
return HTTP_INTERNAL_SERVER_ERROR;
}
ap_proxy_ssl_disable(backconn);
rc = ap_run_pre_connection(backconn, sock);
if (rc != OK && rc != DONE) {
backconn->aborted = 1;
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01022)
"pre_connection setup failed (%d)", rc);
return HTTP_INTERNAL_SERVER_ERROR;
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r,
"connection complete to %pI (%s)",
nexthop, connectname);
apr_table_setn(r->notes, "proxy-source-port", apr_psprintf(r->pool, "%hu",
backconn->local_addr->port));
/* If we are connecting through a remote proxy, we need to pass
* the CONNECT request on to it.
*/
if (proxyport) {
/* FIXME: Error checking ignored.
*/
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"sending the CONNECT request to the remote proxy");
ap_fprintf(backconn->output_filters, bb,
"CONNECT %s HTTP/1.0" CRLF, r->uri);
ap_fprintf(backconn->output_filters, bb,
"Proxy-agent: %s" CRLF CRLF, ap_get_server_banner());
ap_fflush(backconn->output_filters, bb);
}
else {
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "Returning 200 OK");
nbytes = apr_snprintf(buffer, sizeof(buffer),
"HTTP/1.0 200 Connection Established" CRLF);
ap_xlate_proto_to_ascii(buffer, nbytes);
ap_fwrite(c->output_filters, bb, buffer, nbytes);
nbytes = apr_snprintf(buffer, sizeof(buffer),
"Proxy-agent: %s" CRLF CRLF,
ap_get_server_banner());
ap_xlate_proto_to_ascii(buffer, nbytes);
ap_fwrite(c->output_filters, bb, buffer, nbytes);
ap_fflush(c->output_filters, bb);
#if 0
/* This is safer code, but it doesn't work yet. I'm leaving it
* here so that I can fix it later.
*/
r->status = HTTP_OK;
r->header_only = 1;
apr_table_set(r->headers_out, "Proxy-agent: %s", ap_get_server_banner());
ap_rflush(r);
#endif
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "setting up poll()");
/*
* Step Four: Handle Data Transfer
*
* Handle two way transfer of data over the socket (this is a tunnel).
*/
/* we are now acting as a tunnel - the input/output filter stacks should
* not contain any non-connection filters.
*/
r->output_filters = c->output_filters;
r->proto_output_filters = c->output_filters;
r->input_filters = c->input_filters;
r->proto_input_filters = c->input_filters;
/* r->sent_bodyct = 1;*/
while (1) { /* Infinite loop until error (one side closes the connection) */
if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled))
!= APR_SUCCESS) {
if (APR_STATUS_IS_EINTR(rv)) {
continue;
}
apr_socket_close(sock);
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01023) "error apr_poll()");
return HTTP_INTERNAL_SERVER_ERROR;
}
#ifdef DEBUGGING
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01024)
"woke from poll(), i=%d", pollcnt);
#endif
for (pi = 0; pi < pollcnt; pi++) {
const apr_pollfd_t *cur = &signalled[pi];
if (cur->desc.s == sock) {
pollevent = cur->rtnevents;
if (pollevent & APR_POLLIN) {
#ifdef DEBUGGING
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01025)
"sock was readable");
#endif
rv = proxy_connect_transfer(r, backconn, c, bb, "sock");
}
else if ((pollevent & APR_POLLERR)
|| (pollevent & APR_POLLHUP)) {
rv = APR_EPIPE;
ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, APLOGNO(01026)
"err/hup on backconn");
}
if (rv != APR_SUCCESS)
client_error = 1;
}
else if (cur->desc.s == client_socket) {
pollevent = cur->rtnevents;
if (pollevent & APR_POLLIN) {
#ifdef DEBUGGING
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01027)
"client was readable");
#endif
rv = proxy_connect_transfer(r, c, backconn, bb, "client");
}
}
else {
rv = APR_EBADF;
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01028)
"unknown socket in pollset");
}
}
if (rv != APR_SUCCESS) {
break;
}
}
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"finished with poll() - cleaning up");
/*
* Step Five: Clean Up
*
* Close the socket and clean up
*/
if (client_error)
apr_socket_close(sock);
else
ap_lingering_close(backconn);
c->aborted = 1;
c->keepalive = AP_CONN_CLOSE;
return OK;
}
/*
* This handles http:// URLs, and other URLs using a remote proxy over http
* If proxyhost is NULL, then contact the server directly, otherwise
* go via the proxy.
* Note that if a proxy is used, then URLs other than http: can be accessed,
* also, if we have trouble which is clearly specific to the proxy, then
* we return DECLINED so that we can try another proxy. (Or the direct
* route.)
*/
int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url,
const char *proxyhost, int proxyport)
{
const char *strp;
char *strp2;
const char *err, *desthost;
int i, j, sock,/* len,*/ backasswards;
table *req_hdrs, *resp_hdrs;
array_header *reqhdrs_arr;
table_entry *reqhdrs_elts;
BUFF *f;
char buffer[HUGE_STRING_LEN];
char portstr[32];
pool *p = r->pool;
int chunked = 0, destport = 0;
char *destportstr = NULL;
const char *urlptr = NULL;
const char *datestr, *urlstr;
struct addrinfo hints, *res, *res0;
int error;
int result, major, minor;
const char *content_length;
const char *peer;
int destportstrtonum;
const char *errstr;
void *sconf = r->server->module_config;
proxy_server_conf *conf =
(proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
struct nocache_entry *ncent = (struct nocache_entry *) conf->nocaches->elts;
int nocache = 0;
if (conf->cache.root == NULL)
nocache = 1;
/* We break the URL into host, port, path-search */
urlptr = strstr(url, "://");
if (urlptr == NULL)
return HTTP_BAD_REQUEST;
destport = DEFAULT_HTTP_PORT;
urlptr += 3;
ap_hook_use("ap::mod_proxy::http::handler::set_destport",
AP_HOOK_SIG2(int,ptr),
AP_HOOK_TOPMOST,
&destport, r);
ap_snprintf(portstr, sizeof(portstr), "%d", destport);
destportstr = portstr;
strp = strchr(urlptr, '/');
if (strp == NULL) {
desthost = ap_pstrdup(p, urlptr);
urlptr = "/";
}
else {
char *q = ap_palloc(p, strp - urlptr + 1);
memcpy(q, urlptr, strp - urlptr);
q[strp - urlptr] = '\0';
urlptr = strp;
desthost = q;
}
if (*desthost == '['){
char *u = strrchr(desthost+1, ']');
if (u){
desthost++;
*u = '\0';
if (*(u+1) == ':'){ /* [host]:xx */
strp2 = u+1;
}
else if (*(u+1) == '\0'){ /* [host] */
strp2 = NULL;
}
else
return HTTP_BAD_REQUEST;
}
else
return HTTP_BAD_REQUEST;
}
else
strp2 = strrchr(desthost, ':');
if (strp2 != NULL) {
*(strp2++) = '\0';
if (ap_isdigit(*strp2))
destportstr = strp2;
}
/* Make sure peer is always set to prevent a segfault in the SSL handler */
peer = desthost;
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
error = getaddrinfo(desthost, destportstr, &hints, &res0);
if (error && proxyhost == NULL) {
return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
gai_strerror(error)); /* give up */
}
/* check if ProxyBlock directive on this host */
for (i = 0; i < conf->noproxies->nelts; i++) {
int fail;
struct sockaddr_in *sin;
fail = 0;
if (npent[i].name != NULL && strstr(desthost, npent[i].name))
fail++;
if (npent[i].name != NULL && strcmp(npent[i].name, "*") == 0)
fail++;
for (res = res0; res; res = res->ai_next) {
switch (res->ai_family) {
case AF_INET:
sin = (struct sockaddr_in *)res->ai_addr;
if (sin->sin_addr.s_addr == npent[i].addr.s_addr)
fail++;
break;
}
}
if (fail) {
if (res0 != NULL)
freeaddrinfo(res0);
return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked");
}
}
if (proxyhost != NULL) {
char pbuf[10];
if (res0 != NULL)
freeaddrinfo(res0);
ap_snprintf(pbuf, sizeof(pbuf), "%d", proxyport);
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
error = getaddrinfo(proxyhost, pbuf, &hints, &res0);
if (error)
return DECLINED; /* try another */
}
/* check if ProxyBlock directive on this host */
for (i = 0; i < conf->noproxies->nelts; i++) {
peer = ap_psprintf(p, "%s:%s", desthost, destportstr);
}
/*
* we have worked out who exactly we are going to connect to, now make
* that connection...
*/
sock = i = -1;
for (res = res0; res; res = res->ai_next) {
sock = ap_psocket(p, res->ai_family, res->ai_socktype,
res->ai_protocol);
if (sock < 0)
continue;
if (conf->recv_buffer_size) {
if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF,
(const char *)&conf->recv_buffer_size, sizeof(int))
== -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"setsockopt(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
}
}
i = ap_proxy_doconnect(sock, res->ai_addr, r);
if (i == 0)
break;
ap_pclosesocket(p, sock);
}
freeaddrinfo(res0);
if (i == -1) {
if (proxyhost != NULL)
return DECLINED; /* try again another way */
else
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
"Could not connect to remote machine: ",
strerror(errno), NULL));
}
/* record request_time for HTTP/1.1 age calculation */
c->req_time = time(NULL);
/*
* build upstream-request headers by stripping r->headers_in from
* connection specific headers. We must not remove the Connection: header
* from r->headers_in, we still have to react to Connection: close
*/
req_hdrs = ap_copy_table(r->pool, r->headers_in);
ap_proxy_clear_connection(r->pool, req_hdrs);
/*
* At this point, we start sending the HTTP/1.1 request to the remote
* server (proxy or otherwise).
*/
f = ap_bcreate(p, B_RDWR | B_SOCKET);
ap_bpushfd(f, sock, sock);
{
char *errmsg = NULL;
ap_hook_use("ap::mod_proxy::http::handler::new_connection",
AP_HOOK_SIG4(ptr,ptr,ptr,ptr),
AP_HOOK_DECLINE(NULL),
&errmsg, r, f, peer);
if (errmsg != NULL)
return ap_proxyerror(r, HTTP_BAD_GATEWAY, errmsg);
}
ap_hard_timeout("proxy send", r);
ap_bvputs(f, r->method, " ", proxyhost ? url : urlptr, " HTTP/1.1" CRLF,
NULL);
{
int rc = DECLINED;
ap_hook_use("ap::mod_proxy::http::handler::write_host_header",
AP_HOOK_SIG6(int,ptr,ptr,ptr,ptr,ptr),
AP_HOOK_DECLINE(DECLINED),
&rc, r, f, desthost, destportstr, destportstr);
if (rc == DECLINED) {
destportstrtonum = strtonum(destportstr, 0, 65535, &errstr);
if (errstr)
errx(1, "The destination port is %s: %s", errstr, destportstr);
if (destportstr != NULL && destportstrtonum != destport)
ap_bvputs(f, "Host: ", desthost, ":", destportstr, CRLF, NULL);
else
ap_bvputs(f, "Host: ", desthost, CRLF, NULL);
}
}
if (conf->viaopt == via_block) {
/* Block all outgoing Via: headers */
ap_table_unset(req_hdrs, "Via");
}
else if (conf->viaopt != via_off) {
/* Create a "Via:" request header entry and merge it */
i = ap_get_server_port(r);
if (ap_is_default_port(i, r)) {
strlcpy(portstr, "", sizeof(portstr));
}
else {
ap_snprintf(portstr, sizeof portstr, ":%d", i);
}
/* Generate outgoing Via: header with/without server comment: */
ap_table_mergen(req_hdrs, "Via",
(conf->viaopt == via_full)
? ap_psprintf(p, "%d.%d %s%s (%s)",
HTTP_VERSION_MAJOR(r->proto_num),
HTTP_VERSION_MINOR(r->proto_num),
ap_get_server_name(r), portstr,
SERVER_BASEVERSION)
: ap_psprintf(p, "%d.%d %s%s",
HTTP_VERSION_MAJOR(r->proto_num),
HTTP_VERSION_MINOR(r->proto_num),
ap_get_server_name(r), portstr)
);
}
/* the X-* headers are only added if we are a reverse
* proxy, otherwise we would be giving away private information.
*/
if (r->proxyreq == PROXY_PASS) {
const char *buf;
/*
* Add X-Forwarded-For: so that the upstream has a chance to determine,
* where the original request came from.
*/
ap_table_mergen(req_hdrs, "X-Forwarded-For", r->connection->remote_ip);
/* Add X-Forwarded-Host: so that upstream knows what the
* original request hostname was.
*/
if ((buf = ap_table_get(r->headers_in, "Host"))) {
ap_table_mergen(req_hdrs, "X-Forwarded-Host", buf);
}
/* Add X-Forwarded-Server: so that upstream knows what the
* name of this proxy server is (if there are more than one)
* XXX: This duplicates Via: - do we strictly need it?
*/
ap_table_mergen(req_hdrs, "X-Forwarded-Server", r->server->server_hostname);
}
/* we don't yet support keepalives - but we will soon, I promise! */
ap_table_set(req_hdrs, "Connection", "close");
reqhdrs_arr = ap_table_elts(req_hdrs);
reqhdrs_elts = (table_entry *)reqhdrs_arr->elts;
for (i = 0; i < reqhdrs_arr->nelts; i++) {
if (reqhdrs_elts[i].key == NULL || reqhdrs_elts[i].val == NULL
/*
* Clear out hop-by-hop request headers not to send: RFC2616 13.5.1
* says we should strip these headers:
*/
|| !strcasecmp(reqhdrs_elts[i].key, "Host") /* Already sent */
|| !strcasecmp(reqhdrs_elts[i].key, "Keep-Alive")
|| !strcasecmp(reqhdrs_elts[i].key, "TE")
|| !strcasecmp(reqhdrs_elts[i].key, "Trailer")
|| !strcasecmp(reqhdrs_elts[i].key, "Transfer-Encoding")
|| !strcasecmp(reqhdrs_elts[i].key, "Upgrade")
/*
* XXX: @@@ FIXME: "Proxy-Authorization" should *only* be suppressed
* if THIS server requested the authentication, not when a frontend
* proxy requested it!
*
* The solution to this problem is probably to strip out the
* Proxy-Authorisation header in the authorisation code itself, not
* here. This saves us having to signal somehow whether this request
* was authenticated or not.
*/
|| !strcasecmp(reqhdrs_elts[i].key, "Proxy-Authorization"))
continue;
ap_bvputs(f, reqhdrs_elts[i].key, ": ", reqhdrs_elts[i].val, CRLF, NULL);
}
/* the obligatory empty line to mark the end of the headers */
ap_bputs(CRLF, f);
/* and flush the above away */
ap_bflush(f);
/* and kill the send timeout */
ap_kill_timeout(r);
/* read the request data, and pass it to the backend.
* we might encounter a stray 100-continue reponse from a PUT or POST,
* if this happens we ignore the 100 continue status line and read the
* response again.
*/
{
/* send the request data, if any. */
ap_hard_timeout("proxy receive request data", r);
if (ap_should_client_block(r)) {
while ((i = ap_get_client_block(r, buffer, sizeof buffer)) > 0) {
ap_reset_timeout(r);
ap_bwrite(f, buffer, i);
}
}
ap_bflush(f);
ap_kill_timeout(r);
/* then, read a response line */
ap_hard_timeout("proxy receive response status line", r);
result = ap_proxy_read_response_line(f, r, buffer, sizeof(buffer)-1, &backasswards, &major, &minor);
ap_kill_timeout(r);
/* trap any errors */
if (result != OK) {
ap_bclose(f);
return result;
}
/* if this response was 100-continue, a stray response has been caught.
* read the line again for the real response
*/
if (r->status == 100) {
ap_hard_timeout("proxy receive response status line", r);
result = ap_proxy_read_response_line(f, r, buffer, sizeof(buffer)-1, &backasswards, &major, &minor);
ap_kill_timeout(r);
/* trap any errors */
if (result != OK) {
ap_bclose(f);
return result;
}
}
}
/*
* We have our response status line from the convoluted code above,
* now we read the headers to continue.
*/
ap_hard_timeout("proxy receive response headers", r);
/*
* Is it an HTTP/1 response? Do some sanity checks on the response. (This
* is buggy if we ever see an HTTP/1.10)
*/
if (backasswards == 0) {
/* read the response headers. */
/* N.B. for HTTP/1.0 clients, we have to fold line-wrapped headers */
/* Also, take care with headers with multiple occurences. */
resp_hdrs = ap_proxy_read_headers(r, buffer, sizeof(buffer), f);
if (resp_hdrs == NULL) {
ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_NOERRNO, r->server,
"proxy: Bad HTTP/%d.%d header returned by %s (%s)",
major, minor, r->uri, r->method);
resp_hdrs = ap_make_table(p, 20);
nocache = 1; /* do not cache this broken file */
}
/* handle Via header in the response */
if (conf->viaopt != via_off && conf->viaopt != via_block) {
/* Create a "Via:" response header entry and merge it */
i = ap_get_server_port(r);
if (ap_is_default_port(i, r)) {
strlcpy(portstr, "", sizeof(portstr));
}
else {
ap_snprintf(portstr, sizeof portstr, ":%d", i);
}
ap_table_mergen((table *)resp_hdrs, "Via",
(conf->viaopt == via_full)
? ap_psprintf(p, "%d.%d %s%s (%s)",
major, minor,
ap_get_server_name(r), portstr,
SERVER_BASEVERSION)
: ap_psprintf(p, "%d.%d %s%s",
major, minor,
ap_get_server_name(r), portstr)
);
}
/* is this content chunked? */
chunked = ap_find_last_token(r->pool,
ap_table_get(resp_hdrs, "Transfer-Encoding"),
"chunked");
/* strip hop-by-hop headers defined by Connection and RFC2616 */
ap_proxy_clear_connection(p, resp_hdrs);
content_length = ap_table_get(resp_hdrs, "Content-Length");
if (content_length != NULL) {
c->len = ap_strtol(content_length, NULL, 10);
if (c->len < 0) {
ap_kill_timeout(r);
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
"Invalid Content-Length from remote server",
NULL));
}
}
}
else {
/* an http/0.9 response */
/* no headers */
resp_hdrs = ap_make_table(p, 20);
}
ap_kill_timeout(r);
/*
* HTTP/1.1 requires us to accept 3 types of dates, but only generate one
* type
*/
/*
* we SET the dates here, obliterating possible multiple dates, as only
* one of each date makes sense in each response.
*/
if ((datestr = ap_table_get(resp_hdrs, "Date")) != NULL)
ap_table_set(resp_hdrs, "Date", ap_proxy_date_canon(p, datestr));
if ((datestr = ap_table_get(resp_hdrs, "Last-Modified")) != NULL)
ap_table_set(resp_hdrs, "Last-Modified", ap_proxy_date_canon(p, datestr));
if ((datestr = ap_table_get(resp_hdrs, "Expires")) != NULL)
ap_table_set(resp_hdrs, "Expires", ap_proxy_date_canon(p, datestr));
/* handle the ProxyPassReverse mappings */
if ((urlstr = ap_table_get(resp_hdrs, "Location")) != NULL)
ap_table_set(resp_hdrs, "Location", proxy_location_reverse_map(r, urlstr));
if ((urlstr = ap_table_get(resp_hdrs, "URI")) != NULL)
ap_table_set(resp_hdrs, "URI", proxy_location_reverse_map(r, urlstr));
if ((urlstr = ap_table_get(resp_hdrs, "Content-Location")) != NULL)
ap_table_set(resp_hdrs, "Content-Location", proxy_location_reverse_map(r, urlstr));
/* check if NoCache directive on this host */
{
struct sockaddr_in *sin;
struct sockaddr_in6 *sin6;
if (nocache == 0) {
for (i = 0; i < conf->nocaches->nelts; i++) {
if (ncent[i].name != NULL &&
(ncent[i].name[0] == '*' ||
strstr(desthost, ncent[i].name) != NULL)) {
nocache = 1;
break;
}
switch (res->ai_addr->sa_family) {
case AF_INET:
sin = (struct sockaddr_in *)res->ai_addr;
if (sin->sin_addr.s_addr == ncent[i].addr.s_addr) {
nocache = 1;
break;
}
}
}
/* update the cache file, possibly even fulfilling the request if
* it turns out a conditional allowed us to serve the object from the
* cache...
*/
i = ap_proxy_cache_update(c, resp_hdrs, !backasswards, nocache);
if (i != DECLINED) {
ap_bclose(f);
return i;
}
/* write status line and headers to the cache file */
ap_proxy_write_headers(c, ap_pstrcat(p, "HTTP/1.1 ", r->status_line, NULL), resp_hdrs);
}
}
/* Setup the headers for our client from upstreams response-headers */
ap_proxy_table_replace(r->headers_out, resp_hdrs);
/* Add X-Cache header - be careful not to obliterate any upstream headers */
ap_table_mergen(r->headers_out, "X-Cache",
ap_pstrcat(r->pool, "MISS from ",
ap_get_server_name(r), NULL));
/* The Content-Type of this response is the upstream one. */
r->content_type = ap_table_get(r->headers_out, "Content-Type");
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Content-Type: %s", r->content_type);
/* finally output the headers to the client */
ap_send_http_header(r);
/*
* Is it an HTTP/0.9 respose? If so, send the extra data we read from
* upstream as the start of the reponse to client
*/
/* FIXME: This code is broken: we try and write a buffer and length that
* were never intelligently initialised. Rather have a bit of broken protocol
* handling for now than broken code.
*/
/*
if (backasswards) {
ap_hard_timeout("proxy send assbackward", r);
ap_bwrite(r->connection->client, buffer, len);
if (c != NULL && c->fp != NULL && ap_bwrite(c->fp, buffer, len) != len) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
"proxy: error writing extra data to %s", c->tempfile);
c = ap_proxy_cache_error(c);
}
ap_kill_timeout(r);
}
*/
/* send body */
/* if header only, then cache will be NULL */
/* HTTP/1.0 tells us to read to EOF, rather than content-length bytes */
/* XXX CHANGEME: We want to eventually support keepalives, which means
* we must read content-length bytes... */
if (!r->header_only) {
/* we need to set this for ap_proxy_send_fb()... */
c->cache_completion = conf->cache.cache_completion;
/* XXX CHECKME: c->len should be the expected content length, or -1 if the
* content length is not known. We need to make 100% sure c->len is always
* set correctly before we get here to correctly do keepalive.
*/
ap_proxy_send_fb(f, r, c, c->len, 0, chunked, conf->io_buffer_size);
}
/* ap_proxy_send_fb() closes the socket f for us */
ap_proxy_cache_tidy(c);
ap_proxy_garbage_coll(r);
return OK;
}
