Author: niq
Date: Sun Oct 7 07:14:32 2007
New Revision: 582635
URL: http://svn.apache.org/viewvc?rev=582635&view=rev
Log:
Backport r581117
Default to NOT setting Max-Forwards in violation of RFC2616
PR 16137
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.xml
httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy.c
httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy.h
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=582635&r1=582634&r2=582635&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sun Oct 7 07:14:32 2007
@@ -1,6 +1,11 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.7
+ *) mod_proxy: Don't by default violate RFC2616 by setting
+ Max-Forwards when the client didn't send it to us.
+ Leave that as a configuration option.
+ PR 16137 [Nick Kew]
+
*) scoreboard: improve error message on apr_shm_create failure
PR 40037 [Nick Kew]
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=582635&r1=582634&r2=582635&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Sun Oct 7 07:14:32 2007
@@ -79,15 +79,6 @@
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_proxy: Don't by default violate RFC2616 by setting
- Max-Forwards when the client didn't send it to us.
- PR 16137
- http://svn.apache.org/viewvc?view=rev&revision=581117 (code)
- http://svn.apache.org/viewvc?view=rev&revision=581253 (docs)
- +1: niq, rpluem, trawick (who assumes that the "/2.3" in "default
- behaviour changed in 2.2.7/2.3" will be stripped from trunk
- and 2.2.x as part of the backport operation)
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.xml?rev=582635&r1=582634&r2=582635&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.xml Sun Oct 7 07:14:32 2007
@@ -1080,20 +1080,29 @@
<description>Maximium number of proxies that a request can be forwarded
through</description>
<syntax>ProxyMaxForwards <var>number</var></syntax>
-<default>ProxyMaxForwards 10</default>
+<default>ProxyMaxForwards -1</default>
<contextlist><context>server config</context><context>virtual host</context>
</contextlist>
-<compatibility>Available in Apache 2.0 and later</compatibility>
+<compatibility>Available in Apache 2.0 and later;
+ default behaviour changed in 2.2.7</compatibility>
<usage>
<p>The <directive>ProxyMaxForwards</directive> directive specifies
the
maximum number of proxies through which a request may pass, if there's no
- <code>Max-Forwards</code> header supplied with the request. This is
- set to prevent infinite proxy loops, or a DoS attack.</p>
+ <code>Max-Forwards</code> header supplied with the request. This may
+ be set to prevent infinite proxy loops, or a DoS attack.</p>
<example><title>Example</title>
ProxyMaxForwards 15
</example>
+
+ <p>Note that setting <directive>ProxyMaxForwards</directive> is a
+ violation of the HTTP/1.1 protocol (RFC2616), which forbids a Proxy
+ setting <code>Max-Forwards</code> if the Client didn't set it.
+ Earlier Apache versions would always set it. A negative
+ <directive>ProxyMaxForwards</directive> value, including the
+ default -1, gives you protocol-compliant behaviour, but may
+ leave you open to loops.</p>
</usage>
</directivesynopsis>
Modified: httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy.c?rev=582635&r1=582634&r2=582635&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy.c (original)
+++ httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy.c Sun Oct 7 07:14:32 2007
@@ -692,8 +692,10 @@
/* set configured max-forwards */
maxfwd = conf->maxfwd;
}
- apr_table_set(r->headers_in, "Max-Forwards",
- apr_psprintf(r->pool, "%ld", (maxfwd > 0) ? maxfwd : 0));
+ if (maxfwd > 0) {
+ apr_table_set(r->headers_in, "Max-Forwards",
+ apr_psprintf(r->pool, "%ld", (maxfwd > 0) ? maxfwd : 0));
+ }
if (r->method_number == M_TRACE) {
core_server_config *coreconf = (core_server_config *)
@@ -1440,9 +1442,6 @@
proxy_server_conf *psf =
ap_get_module_config(parms->server->module_config, &proxy_module);
long s = atol(arg);
- if (s < 0) {
- return "ProxyMaxForwards must be greater or equal to zero..";
- }
psf->maxfwd = s;
psf->maxfwd_set = 1;
Modified: httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy.h?rev=582635&r1=582634&r2=582635&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy.h (original)
+++ httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy.h Sun Oct 7 07:14:32 2007
@@ -94,7 +94,10 @@
#endif /*APR_CHARSET_EBCDIC*/
/* default Max-Forwards header setting */
-#define DEFAULT_MAX_FORWARDS 10
+/* Set this to -1, which complies with RFC2616 by not setting
+ * max-forwards if the client didn't send it to us.
+ */
+#define DEFAULT_MAX_FORWARDS -1
/* static information about a remote proxy */
struct proxy_remote {
|