1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 /* Utility routines for Apache proxy */
18 #include "mod_proxy.h"
21 static int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r);
22 static int proxy_match_domainname(struct dirconn_entry *This, request_rec *r);
23 static int proxy_match_hostname(struct dirconn_entry *This, request_rec *r);
24 static int proxy_match_word(struct dirconn_entry *This, request_rec *r);
26 APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(proxy, PROXY, int, create_req,
27 (request_rec *r, request_rec *pr), (r, pr),
30 /* already called in the knowledge that the characters are hex digits */
31 PROXY_DECLARE(int) ap_proxy_hex2c(const char *x)
35 #if !APR_CHARSET_EBCDIC
39 else if (apr_isupper(ch))
48 else if (apr_isupper(ch))
53 #else /*APR_CHARSET_EBCDIC*/
54 /* we assume that the hex value refers to an ASCII character
55 * so convert to EBCDIC so that it makes sense locally;
59 * client specifies %20 in URL to refer to a space char;
60 * at this point we're called with EBCDIC "20"; after turning
61 * EBCDIC "20" into binary 0x20, we then need to assume that 0x20
62 * represents an ASCII char and convert 0x20 to EBCDIC, yielding
67 if (1 == sscanf(x, "%2x", &i)) {
69 ap_xlate_proto_from_ascii(buf, 1);
75 #endif /*APR_CHARSET_EBCDIC*/
78 PROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x)
80 #if !APR_CHARSET_EBCDIC
86 x[1] = ('A' - 10) + i;
92 x[2] = ('A' - 10) + i;
95 #else /*APR_CHARSET_EBCDIC*/
96 static const char ntoa[] = { "0123456789ABCDEF" };
102 ap_xlate_proto_to_ascii(buf, 1);
105 x[1] = ntoa[(buf[0] >> 4) & 0x0F];
106 x[2] = ntoa[buf[0] & 0x0F];
108 #endif /*APR_CHARSET_EBCDIC*/
112 * canonicalise a URL-encoded string
116 * Convert a URL-encoded string to canonical form.
117 * It decodes characters which need not be encoded,
118 * and encodes those which must be encoded, and does not touch
119 * those which must not be touched.
121 PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len, enum enctype t,
126 char *allowed; /* characters which should not be encoded */
127 char *reserved; /* characters which much not be en/de-coded */
129 /* N.B. in addition to :@&=, this allows ';' in an http path
130 * and '?' in an ftp path -- this may be revised
132 * Also, it makes a '+' character in a search string reserved, as
133 * it may be form-encoded. (Although RFC 1738 doesn't allow this -
134 * it only permits ; / ? : @ = & as reserved chars.)
137 allowed = "$-_.+!*'(),;:@&=";
138 else if (t == enc_search)
139 allowed = "$-_.!*'(),;:@&=";
140 else if (t == enc_user)
141 allowed = "$-_.+!*'(),;@&=";
142 else if (t == enc_fpath)
143 allowed = "$-_.+!*'(),?:@&=";
144 else /* if (t == enc_parm) */
145 allowed = "$-_.+!*'(),?/:@&=";
149 else if (t == enc_search)
154 y = apr_palloc(p, 3 * len + 1);
156 for (i = 0, j = 0; i < len; i++, j++) {
157 /* always handle '/' first */
159 if (strchr(reserved, ch)) {
163 /* decode it if not already done */
164 if (isenc && (isenc != PROXYREQ_REVERSE) && (ch == '%')) {
165 if (!apr_isxdigit(x[i + 1]) || !apr_isxdigit(x[i + 2]))
167 ch = ap_proxy_hex2c(&x[i + 1]);
169 if (ch != 0 && strchr(reserved, ch)) { /* keep it encoded */
170 ap_proxy_c2hex(ch, &y[j]);
175 /* recode it, if necessary */
176 if (!apr_isalnum(ch) && !strchr(allowed, ch)) {
177 ap_proxy_c2hex(ch, &y[j]);
188 * Parses network-location.
189 * urlp on input the URL; on output the path, after the leading /
190 * user NULL if no user/password permitted
191 * password holder for password
192 * host holder for host
193 * port port number; only set if one is supplied.
195 * Returns an error string.
197 PROXY_DECLARE(char *)
198 ap_proxy_canon_netloc(apr_pool_t *p, char **const urlp, char **userp,
199 char **passwordp, char **hostp, apr_port_t *port)
201 char *addr, *scope_id, *strp, *host, *url = *urlp;
202 char *user = NULL, *password = NULL;
206 if (url[0] != '/' || url[1] != '/')
207 return "Malformed URL";
209 url = strchr(host, '/');
213 *(url++) = '\0'; /* skip seperating '/' */
215 /* find _last_ '@' since it might occur in user/password part */
216 strp = strrchr(host, '@');
224 strp = strchr(user, ':');
227 password = ap_proxy_canonenc(p, strp + 1, strlen(strp + 1), enc_user, 1);
228 if (password == NULL)
229 return "Bad %-escape in URL (password)";
232 user = ap_proxy_canonenc(p, user, strlen(user), enc_user, 1);
234 return "Bad %-escape in URL (username)";
239 if (passwordp != NULL) {
240 *passwordp = password;
243 /* Parse the host string to separate host portion from optional port.
244 * Perform range checking on port.
246 rv = apr_parse_addr_port(&addr, &scope_id, &tmp_port, host, p);
247 if (rv != APR_SUCCESS || addr == NULL || scope_id != NULL) {
248 return "Invalid host/port";
250 if (tmp_port != 0) { /* only update caller's port if port was specified */
254 ap_str_tolower(addr); /* DNS names are case-insensitive */
263 * If the date is a valid RFC 850 date or asctime() date, then it
264 * is converted to the RFC 1123 format.
266 PROXY_DECLARE(const char *)
267 ap_proxy_date_canon(apr_pool_t *p, const char *date)
272 apr_time_t time = apr_date_parse_http(date);
277 ndate = apr_palloc(p, APR_RFC822_DATE_LEN);
278 rv = apr_rfc822_date(ndate, time);
279 if (rv != APR_SUCCESS) {
286 PROXY_DECLARE(request_rec *)ap_proxy_make_fake_req(conn_rec *c, request_rec *r)
288 request_rec *rp = apr_pcalloc(c->pool, sizeof(*r));
291 rp->status = HTTP_OK;
293 rp->headers_in = apr_table_make(c->pool, 50);
294 rp->subprocess_env = apr_table_make(c->pool, 50);
295 rp->headers_out = apr_table_make(c->pool, 12);
296 rp->err_headers_out = apr_table_make(c->pool, 5);
297 rp->notes = apr_table_make(c->pool, 5);
299 rp->server = r->server;
300 rp->proxyreq = r->proxyreq;
301 rp->request_time = r->request_time;
303 rp->output_filters = c->output_filters;
304 rp->input_filters = c->input_filters;
305 rp->proto_output_filters = c->output_filters;
306 rp->proto_input_filters = c->input_filters;
308 rp->request_config = ap_create_request_config(c->pool);
309 proxy_run_create_req(r, rp);
315 * Reads headers from a buffer and returns an array of headers.
316 * Returns NULL on file error
317 * This routine tries to deal with too long lines and continuation lines.
319 * Note: Currently the headers are passed through unmerged. This has to be
320 * done so that headers which react badly to merging (such as Set-Cookie
321 * headers, which contain commas within the date field) do not get stuffed
324 PROXY_DECLARE(apr_table_t *)ap_proxy_read_headers(request_rec *r, request_rec *rr, char *buffer, int size, conn_rec *c)
326 apr_table_t *headers_out;
329 char field[MAX_STRING_LEN];
331 void *sconf = r->server->module_config;
332 proxy_server_conf *psc;
334 psc = (proxy_server_conf *) ap_get_module_config(sconf, &proxy_module);
336 headers_out = apr_table_make(r->pool, 20);
339 * Read header lines until we get the empty separator line, a read error,
340 * the connection closes (EOF), or we timeout.
342 while ((len = ap_getline(buffer, size, rr, 1)) > 0) {
344 if (!(value = strchr(buffer, ':'))) { /* Find the colon separator */
346 /* We may encounter invalid headers, usually from buggy
347 * MS IIS servers, so we need to determine just how to handle
348 * them. We can either ignore them, assume that they mark the
349 * start-of-body (eg: a missing CRLF) or (the default) mark
350 * the headers as totally bogus and return a 500. The sole
351 * exception is an extra "HTTP/1.0 200, OK" line sprinkled
352 * in between the usual MIME headers, which is a favorite
355 /* XXX: The mask check is buggy if we ever see an HTTP/1.10 */
357 if (!apr_date_checkmask(buffer, "HTTP/#.# ###*")) {
358 if (psc->badopt == bad_error) {
359 /* Nope, it wasn't even an extra HTTP header. Give up. */
362 else if (psc->badopt == bad_body) {
363 /* if we've already started loading headers_out, then
364 * return what we've accumulated so far, in the hopes
365 * that they are useful. Otherwise, we completely bail.
367 /* FIXME: We've already scarfed the supposed 1st line of
368 * the body, so the actual content may end up being bogus
369 * as well. If the content is HTML, we may be lucky.
372 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
373 "proxy: Starting body due to bogus non-header in headers "
374 "returned by %s (%s)", r->uri, r->method);
377 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
378 "proxy: No HTTP headers "
379 "returned by %s (%s)", r->uri, r->method);
384 /* this is the psc->badopt == bad_ignore case */
385 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
386 "proxy: Ignoring bogus HTTP header "
387 "returned by %s (%s)", r->uri, r->method);
393 /* XXX: RFC2068 defines only SP and HT as whitespace, this test is
394 * wrong... and so are many others probably.
396 while (apr_isspace(*value))
397 ++value; /* Skip to start of value */
399 /* should strip trailing whitespace as well */
400 for (end = &value[strlen(value)-1]; end > value && apr_isspace(*end); --end)
403 /* make sure we add so as not to destroy duplicated headers */
404 apr_table_add(headers_out, buffer, value);
407 /* the header was too long; at the least we should skip extra data */
408 if (len >= size - 1) {
409 while ((len = ap_getline(field, MAX_STRING_LEN, rr, 1))
410 >= MAX_STRING_LEN - 1) {
411 /* soak up the extra data */
413 if (len == 0) /* time to exit the larger loop as well */
422 * list is a comma-separated list of case-insensitive tokens, with
423 * optional whitespace around the tokens.
424 * The return returns 1 if the token val is found in the list, or 0
427 PROXY_DECLARE(int) ap_proxy_liststr(const char *list, const char *val)
434 while (list != NULL) {
435 p = ap_strchr_c(list, ',');
440 while (apr_isspace(*p));
445 while (i > 0 && apr_isspace(list[i - 1]))
447 if (i == len && strncasecmp(list, val, len) == 0)
455 * list is a comma-separated list of case-insensitive tokens, with
456 * optional whitespace around the tokens.
457 * if val appears on the list of tokens, it is removed from the list,
458 * and the new list is returned.
460 PROXY_DECLARE(char *)ap_proxy_removestr(apr_pool_t *pool, const char *list, const char *val)
468 while (list != NULL) {
469 p = ap_strchr_c(list, ',');
474 while (apr_isspace(*p));
479 while (i > 0 && apr_isspace(list[i - 1]))
481 if (i == len && strncasecmp(list, val, len) == 0) {
486 new = apr_pstrcat(pool, new, ",", apr_pstrndup(pool, list, i), NULL);
488 new = apr_pstrndup(pool, list, i);
496 * Converts 8 hex digits to a time integer
498 PROXY_DECLARE(int) ap_proxy_hex2sec(const char *x)
503 for (i = 0, j = 0; i < 8; i++) {
508 else if (apr_isupper(ch))
509 j |= ch - ('A' - 10);
511 j |= ch - ('a' - 10);
514 return -1; /* so that it works with 8-byte ints */
520 * Converts a time integer to 8 hex digits
522 PROXY_DECLARE(void) ap_proxy_sec2hex(int t, char *y)
527 for (i = 7; i >= 0; i--) {
531 y[i] = ch + ('A' - 10);
538 PROXY_DECLARE(int) ap_proxyerror(request_rec *r, int statuscode, const char *message)
540 apr_table_setn(r->notes, "error-notes",
542 "The proxy server could not handle the request "
543 "<em><a href=\"", ap_escape_uri(r->pool, r->uri),
544 "\">", ap_escape_html(r->pool, r->method),
546 ap_escape_html(r->pool, r->uri), "</a></em>.<p>\n"
548 ap_escape_html(r->pool, message),
549 "</strong></p>", NULL));
551 /* Allow "error-notes" string to be printed by ap_send_error_response() */
552 apr_table_setn(r->notes, "verbose-error-to", apr_pstrdup(r->pool, "*"));
554 r->status_line = apr_psprintf(r->pool, "%3.3u Proxy Error", statuscode);
555 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
556 "proxy: %s returned by %s", message, r->uri);
561 proxy_get_host_of_request(request_rec *r)
563 char *url, *user = NULL, *password = NULL, *err, *host;
566 if (r->hostname != NULL)
569 /* Set url to the first char after "scheme://" */
570 if ((url = strchr(r->uri, ':')) == NULL
571 || url[1] != '/' || url[2] != '/')
574 url = apr_pstrdup(r->pool, &url[1]); /* make it point to "//", which is what proxy_canon_netloc expects */
576 err = ap_proxy_canon_netloc(r->pool, &url, &user, &password, &host, &port);
579 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
584 return host; /* ought to return the port, too */
587 /* Return TRUE if addr represents an IP address (or an IP network address) */
588 PROXY_DECLARE(int) ap_proxy_is_ipaddr(struct dirconn_entry *This, apr_pool_t *p)
590 const char *addr = This->name;
595 /* if the address is given with an explicit netmask, use that */
596 /* Due to a deficiency in apr_inet_addr(), it is impossible to parse */
597 /* "partial" addresses (with less than 4 quads) correctly, i.e. */
598 /* 192.168.123 is parsed as 192.168.0.123, which is not what I want. */
599 /* I therefore have to parse the IP address manually: */
600 /*if (proxy_readmask(This->name, &This->addr.s_addr, &This->mask.s_addr) == 0) */
601 /* addr and mask were set by proxy_readmask() */
604 /* Parse IP addr manually, optionally allowing */
605 /* abbreviated net addresses like 192.168. */
607 /* Iterate over up to 4 (dotted) quads. */
608 for (quads = 0; quads < 4 && *addr != '\0'; ++quads) {
611 if (*addr == '/' && quads > 0) /* netmask starts here. */
614 if (!apr_isdigit(*addr))
615 return 0; /* no digit at start of quad */
617 ip_addr[quads] = strtol(addr, &tmp, 0);
619 if (tmp == addr) /* expected a digit, found something else */
622 if (ip_addr[quads] < 0 || ip_addr[quads] > 255) {
629 if (*addr == '.' && quads != 3)
630 ++addr; /* after the 4th quad, a dot would be illegal */
633 for (This->addr.s_addr = 0, i = 0; i < quads; ++i)
634 This->addr.s_addr |= htonl(ip_addr[i] << (24 - 8 * i));
636 if (addr[0] == '/' && apr_isdigit(addr[1])) { /* net mask follows: */
641 bits = strtol(addr, &tmp, 0);
643 if (tmp == addr) /* expected a digit, found something else */
648 if (bits < 0 || bits > 32) /* netmask must be between 0 and 32 */
653 /* Determine (i.e., "guess") netmask by counting the */
654 /* number of trailing .0's; reduce #quads appropriately */
655 /* (so that 192.168.0.0 is equivalent to 192.168.) */
656 while (quads > 0 && ip_addr[quads - 1] == 0)
659 /* "IP Address should be given in dotted-quad form, optionally followed by a netmask (e.g., 192.168.111.0/24)"; */
663 /* every zero-byte counts as 8 zero-bits */
666 if (bits != 32) /* no warning for fully qualified IP address */
667 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
668 "Warning: NetMask not supplied with IP-Addr; guessing: %s/%ld",
669 inet_ntoa(This->addr), bits);
672 This->mask.s_addr = htonl(APR_INADDR_NONE << (32 - bits));
674 if (*addr == '\0' && (This->addr.s_addr & ~This->mask.s_addr) != 0) {
675 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
676 "Warning: NetMask and IP-Addr disagree in %s/%ld",
677 inet_ntoa(This->addr), bits);
678 This->addr.s_addr &= This->mask.s_addr;
679 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
681 inet_ntoa(This->addr), bits);
685 This->matcher = proxy_match_ipaddr;
689 return (*addr == '\0'); /* okay iff we've parsed the whole string */
692 /* Return TRUE if addr represents an IP address (or an IP network address) */
693 static int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r)
696 struct in_addr addr, *ip;
697 const char *host = proxy_get_host_of_request(r);
699 if (host == NULL) /* oops! */
702 memset(&addr, '\0', sizeof addr);
703 memset(ip_addr, '\0', sizeof ip_addr);
705 if (4 == sscanf(host, "%d.%d.%d.%d", &ip_addr[0], &ip_addr[1], &ip_addr[2], &ip_addr[3])) {
706 for (addr.s_addr = 0, i = 0; i < 4; ++i)
707 addr.s_addr |= htonl(ip_addr[i] << (24 - 8 * i));
709 if (This->addr.s_addr == (addr.s_addr & This->mask.s_addr)) {
711 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
712 "1)IP-Match: %s[%s] <-> ", host, inet_ntoa(addr));
713 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
714 "%s/", inet_ntoa(This->addr));
715 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
716 "%s", inet_ntoa(This->mask));
722 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
723 "1)IP-NoMatch: %s[%s] <-> ", host, inet_ntoa(addr));
724 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
725 "%s/", inet_ntoa(This->addr));
726 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
727 "%s", inet_ntoa(This->mask));
732 struct apr_sockaddr_t *reqaddr;
734 if (apr_sockaddr_info_get(&reqaddr, host, APR_UNSPEC, 0, 0, r->pool)
737 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
738 "2)IP-NoMatch: hostname=%s msg=Host not found",
744 /* Try to deal with multiple IP addr's for a host */
745 /* FIXME: This needs to be able to deal with IPv6 */
747 ip = (struct in_addr *) reqaddr->ipaddr_ptr;
748 if (This->addr.s_addr == (ip->s_addr & This->mask.s_addr)) {
750 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
751 "3)IP-Match: %s[%s] <-> ", host,
753 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
754 "%s/", inet_ntoa(This->addr));
755 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
756 "%s", inet_ntoa(This->mask));
762 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
763 "3)IP-NoMatch: %s[%s] <-> ", host,
765 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
766 "%s/", inet_ntoa(This->addr));
767 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
768 "%s", inet_ntoa(This->mask));
771 reqaddr = reqaddr->next;
778 /* Return TRUE if addr represents a domain name */
779 PROXY_DECLARE(int) ap_proxy_is_domainname(struct dirconn_entry *This, apr_pool_t *p)
781 char *addr = This->name;
784 /* Domain name must start with a '.' */
788 /* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */
789 for (i = 0; apr_isalnum(addr[i]) || addr[i] == '-' || addr[i] == '.'; ++i)
793 if (addr[i] == ':') {
794 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
795 "@@@@ handle optional port in proxy_is_domainname()");
796 /* @@@@ handle optional port */
803 /* Strip trailing dots */
804 for (i = strlen(addr) - 1; i > 0 && addr[i] == '.'; --i)
807 This->matcher = proxy_match_domainname;
811 /* Return TRUE if host "host" is in domain "domain" */
812 static int proxy_match_domainname(struct dirconn_entry *This, request_rec *r)
814 const char *host = proxy_get_host_of_request(r);
815 int d_len = strlen(This->name), h_len;
817 if (host == NULL) /* some error was logged already */
820 h_len = strlen(host);
822 /* @@@ do this within the setup? */
823 /* Ignore trailing dots in domain comparison: */
824 while (d_len > 0 && This->name[d_len - 1] == '.')
826 while (h_len > 0 && host[h_len - 1] == '.')
829 && strncasecmp(&host[h_len - d_len], This->name, d_len) == 0;
832 /* Return TRUE if host represents a host name */
833 PROXY_DECLARE(int) ap_proxy_is_hostname(struct dirconn_entry *This, apr_pool_t *p)
835 struct apr_sockaddr_t *addr;
836 char *host = This->name;
839 /* Host names must not start with a '.' */
843 /* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */
844 for (i = 0; apr_isalnum(host[i]) || host[i] == '-' || host[i] == '.'; ++i);
846 if (host[i] != '\0' || apr_sockaddr_info_get(&addr, host, APR_UNSPEC, 0, 0, p) != APR_SUCCESS)
849 This->hostaddr = addr;
851 /* Strip trailing dots */
852 for (i = strlen(host) - 1; i > 0 && host[i] == '.'; --i)
855 This->matcher = proxy_match_hostname;
859 /* Return TRUE if host "host" is equal to host2 "host2" */
860 static int proxy_match_hostname(struct dirconn_entry *This, request_rec *r)
862 char *host = This->name;
863 const char *host2 = proxy_get_host_of_request(r);
867 if (host == NULL || host2 == NULL)
868 return 0; /* oops! */
870 h2_len = strlen(host2);
871 h1_len = strlen(host);
874 struct apr_sockaddr_t *addr = *This->hostaddr;
876 /* Try to deal with multiple IP addr's for a host */
878 if (addr->ipaddr_ptr == ? ? ? ? ? ? ? ? ? ? ? ? ?)
884 /* Ignore trailing dots in host2 comparison: */
885 while (h2_len > 0 && host2[h2_len - 1] == '.')
887 while (h1_len > 0 && host[h1_len - 1] == '.')
889 return h1_len == h2_len
890 && strncasecmp(host, host2, h1_len) == 0;
893 /* Return TRUE if addr is to be matched as a word */
894 PROXY_DECLARE(int) ap_proxy_is_word(struct dirconn_entry *This, apr_pool_t *p)
896 This->matcher = proxy_match_word;
900 /* Return TRUE if string "str2" occurs literally in "str1" */
901 static int proxy_match_word(struct dirconn_entry *This, request_rec *r)
903 const char *host = proxy_get_host_of_request(r);
904 return host != NULL && ap_strstr_c(host, This->name) != NULL;
907 /* checks whether a host in uri_addr matches proxyblock */
908 PROXY_DECLARE(int) ap_proxy_checkproxyblock(request_rec *r, proxy_server_conf *conf,
909 apr_sockaddr_t *uri_addr)
912 apr_sockaddr_t * src_uri_addr = uri_addr;
913 /* XXX FIXME: conf->noproxies->elts is part of an opaque structure */
914 for (j = 0; j < conf->noproxies->nelts; j++) {
915 struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
916 struct apr_sockaddr_t *conf_addr = npent[j].addr;
917 uri_addr = src_uri_addr;
918 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
919 "proxy: checking remote machine [%s] against [%s]", uri_addr->hostname, npent[j].name);
920 if ((npent[j].name && ap_strstr_c(uri_addr->hostname, npent[j].name))
921 || npent[j].name[0] == '*') {
922 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
923 "proxy: connect to remote machine %s blocked: name %s matched", uri_addr->hostname, npent[j].name);
924 return HTTP_FORBIDDEN;
930 apr_sockaddr_ip_get(&conf_ip, conf_addr);
931 apr_sockaddr_ip_get(&uri_ip, uri_addr);
932 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
933 "proxy: ProxyBlock comparing %s and %s", conf_ip, uri_ip);
934 if (!apr_strnatcasecmp(conf_ip, uri_ip)) {
935 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
936 "proxy: connect to remote machine %s blocked: IP %s matched", uri_addr->hostname, conf_ip);
937 return HTTP_FORBIDDEN;
939 uri_addr = uri_addr->next;
941 conf_addr = conf_addr->next;
947 /* set up the minimal filter set */
948 PROXY_DECLARE(int) ap_proxy_pre_http_request(conn_rec *c, request_rec *r)
950 ap_add_input_filter("HTTP_IN", NULL, r, c);
954 /* converts a series of buckets into a string
955 * XXX: BillS says this function performs essentially the same function as
956 * ap_rgetline() in protocol.c. Deprecate this function and use ap_rgetline()
957 * instead? I think ap_proxy_string_read() will not work properly on non ASCII
958 * (EBCDIC) machines either.
960 PROXY_DECLARE(apr_status_t) ap_proxy_string_read(conn_rec *c, apr_bucket_brigade *bb,
961 char *buff, apr_size_t bufflen, int *eos)
970 /* start with an empty string */
974 /* loop through each brigade */
976 /* get brigade from network one line at a time */
977 if (APR_SUCCESS != (rv = ap_get_brigade(c->input_filters, bb,
983 /* loop through each bucket */
985 if (*eos || APR_BRIGADE_EMPTY(bb)) {
986 /* The connection aborted or timed out */
987 return APR_ECONNABORTED;
989 e = APR_BRIGADE_FIRST(bb);
990 if (APR_BUCKET_IS_EOS(e)) {
994 if (APR_SUCCESS != apr_bucket_read(e, (const char **)&response, &len, APR_BLOCK_READ)) {
997 /* is string LF terminated?
998 * XXX: This check can be made more efficient by simply checking
999 * if the last character in the 'response' buffer is an ASCII_LF.
1000 * See ap_rgetline() for an example.
1002 if (memchr(response, APR_ASCII_LF, len)) {
1005 /* concat strings until buff is full - then throw the data away */
1006 if (len > ((bufflen-1)-(pos-buff))) {
1007 len = (bufflen-1)-(pos-buff);
1010 pos = apr_cpystrn(pos, response, len);
1013 APR_BUCKET_REMOVE(e);
1014 apr_bucket_destroy(e);
1021 /* unmerge an element in the table */
1022 PROXY_DECLARE(void) ap_proxy_table_unmerge(apr_pool_t *p, apr_table_t *t, char *key)
1024 apr_off_t offset = 0;
1025 apr_off_t count = 0;
1028 /* get the value to unmerge */
1029 const char *initial = apr_table_get(t, key);
1033 value = apr_pstrdup(p, initial);
1035 /* remove the value from the headers */
1036 apr_table_unset(t, key);
1038 /* find each comma */
1039 while (value[count]) {
1040 if (value[count] == ',') {
1042 apr_table_add(t, key, value + offset);
1047 apr_table_add(t, key, value + offset);
1050 PROXY_DECLARE(int) ap_proxy_connect_to_backend(apr_socket_t **newsock,
1051 const char *proxy_function,
1052 apr_sockaddr_t *backend_addr,
1053 const char *backend_name,
1054 proxy_server_conf *conf,
1062 while (backend_addr && !connected) {
1063 if ((rv = apr_socket_create(newsock, backend_addr->family,
1064 SOCK_STREAM, p)) != APR_SUCCESS) {
1065 loglevel = backend_addr->next ? APLOG_DEBUG : APLOG_ERR;
1066 ap_log_error(APLOG_MARK, loglevel, rv, s,
1067 "proxy: %s: error creating fam %d socket for target %s",
1069 backend_addr->family,
1071 /* this could be an IPv6 address from the DNS but the
1072 * local machine won't give us an IPv6 socket; hopefully the
1073 * DNS returned an additional address to try
1075 backend_addr = backend_addr->next;
1079 #if !defined(TPF) && !defined(BEOS)
1080 if (conf->recv_buffer_size > 0 &&
1081 (rv = apr_socket_opt_set(*newsock, APR_SO_RCVBUF,
1082 conf->recv_buffer_size))) {
1083 ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
1084 "apr_socket_opt_set(SO_RCVBUF): Failed to set "
1085 "ProxyReceiveBufferSize, using default");
1089 /* Set a timeout on the socket */
1090 if (conf->timeout_set == 1) {
1091 apr_socket_timeout_set(*newsock, conf->timeout);
1094 apr_socket_timeout_set(*newsock, s->timeout);
1097 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1098 "proxy: %s: fam %d socket created to connect to %s",
1099 proxy_function, backend_addr->family, backend_name);
1101 /* make the connection out of the socket */
1102 rv = apr_connect(*newsock, backend_addr);
1104 /* if an error occurred, loop round and try again */
1105 if (rv != APR_SUCCESS) {
1106 apr_socket_close(*newsock);
1107 loglevel = backend_addr->next ? APLOG_DEBUG : APLOG_ERR;
1108 ap_log_error(APLOG_MARK, loglevel, rv, s,
1109 "proxy: %s: attempt to connect to %pI (%s) failed",
1113 backend_addr = backend_addr->next;
1118 return connected ? 0 : 1;