httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r1374375 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/proxy/mod_proxy_ajp.c
Date Fri, 17 Aug 2012 17:37:09 GMT
Author: wrowe
Date: Fri Aug 17 17:37:09 2012
New Revision: 1374375

URL: http://svn.apache.org/viewvc?rev=1374375&view=rev
Log:
mod_proxy_ajp: Add support for 'ProxyErrorOverride on'.

PR: 50945
Submitted by: Peter Pramberger <peter pramberger.at>, jim
Reviewed by: igalic, rpluem
Backports: r1087864


Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1374375&r1=1374374&r2=1374375&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Fri Aug 17 17:37:09 2012
@@ -5,6 +5,9 @@ Changes with Apache 2.2.23
      envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
      current working directory to be searched for DSOs. [Stefan Fritsch]
 
+  *) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.
+     [Peter Pramberger <peter pramberger.at>, Jim Jagielski]
+
   *) Added SSLProxyMachineCertificateChainFile directive so the proxy client
      can select the proper client certificate when using a chain and the
      remote server only lists the root CA as allowed.

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1374375&r1=1374374&r2=1374375&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Fri Aug 17 17:37:09 2012
@@ -93,24 +93,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * mod_ssl: Add SSLProxyMachineCertificateChainFile directive
-    Uses openssl to construct a chain for each proxy cert. When a remote server requests
-    a client certificate that is NOT the direct issuer of any available client
-    certificate, the chain for that certificate will be used to trace it to a
-    known CA and that client certificate will be used.
-    Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1160863
-                 http://svn.apache.org/viewvc?view=revision&revision=1162103
-                 http://svn.apache.org/viewvc?view=revision&revision=1170833
-                 http://svn.apache.org/viewvc?view=revision&revision=1172010
-                 http://svn.apache.org/viewvc?view=revision&revision=1175946
-                 http://svn.apache.org/viewvc?view=revision&revision=1242089
-    2.2.x patch: http://people.apache.org/~druggeri/patches/httpd-2.2-SSLProxyMachineCertificateChainFile.patch
-    +1: druggeri, kbrand, rpluem
-
-  * mod_proxy_ajp: Missing support for ErrorOverride
-    Trunk patch: http://svn.apache.org/viewvc?rev=1087864&view=rev
-    2.2.x patch: http://people.apache.org/~jim/patches/mod_proxy_ajp-erroroverride.patch
-    +1: igalic, jim, rpluem
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

Modified: httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c?rev=1374375&r1=1374374&r2=1374375&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c (original)
+++ httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c Fri Aug 17 17:37:09 2012
@@ -191,6 +191,8 @@ static int ap_proxy_ajp_request(apr_pool
     apr_size_t maxsize = AJP_MSG_BUFFER_SZ;
     int send_body = 0;
     apr_off_t content_length = 0;
+    int original_status = r->status;
+    const char *original_status_line = r->status_line;
 
     if (psf->io_buffer_size_set)
        maxsize = psf->io_buffer_size;
@@ -442,12 +444,27 @@ static int ap_proxy_ajp_request(apr_pool
                 if (status != APR_SUCCESS) {
                     backend_failed = 1;
                 }
+                else if ((r->status == 401) && psf->error_override) {
+                    const char *buf;
+                    const char *wa = "WWW-Authenticate";
+                    if ((buf = apr_table_get(r->headers_out, wa))) {
+                        apr_table_set(r->err_headers_out, wa, buf);
+                    } else {
+                        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+                                     "ap_proxy_ajp_request: origin server "
+                                     "sent 401 without WWW-Authenticate header");
+                    }
+                }
                 headers_sent = 1;
                 break;
             case CMD_AJP13_SEND_BODY_CHUNK:
                 /* AJP13_SEND_BODY_CHUNK: piece of data */
                 status = ajp_parse_data(r, conn->data, &size, &send_body_chunk_buff);
                 if (status == APR_SUCCESS) {
+                    /* If we are overriding the errors, we can't put the content
+                     * of the page into the brigade.
+                     */
+                    if (!psf->error_override || !ap_is_HTTP_ERROR(r->status)) {
                     /* AJP13_SEND_BODY_CHUNK with zero length
                      * is explicit flush message
                      */
@@ -464,8 +481,19 @@ static int ap_proxy_ajp_request(apr_pool
                     else {
                         apr_status_t rv;
 
+                        /* Handle the case where the error document is itself reverse
+                         * proxied and was successful. We must maintain any previous
+                         * error status so that an underlying error (eg HTTP_NOT_FOUND)
+                         * doesn't become an HTTP_OK.
+                         */
+                        if (psf->error_override && !ap_is_HTTP_ERROR(r->status)
+                                && ap_is_HTTP_ERROR(original_status)) {
+                            r->status = original_status;
+                            r->status_line = original_status_line;
+                        }
+
                         e = apr_bucket_transient_create(send_body_chunk_buff, size,
-                                                    r->connection->bucket_alloc);
+                                                        r->connection->bucket_alloc);
                         APR_BRIGADE_INSERT_TAIL(output_brigade, e);
 
                         if ((conn->worker->flush_packets == flush_on) ||
@@ -494,6 +522,7 @@ static int ap_proxy_ajp_request(apr_pool
                         apr_brigade_cleanup(output_brigade);
                     }
                 }
+            }
                 else {
                     backend_failed = 1;
                 }
@@ -503,16 +532,22 @@ static int ap_proxy_ajp_request(apr_pool
                 if (status != APR_SUCCESS) {
                     backend_failed = 1;
                 }
-                e = apr_bucket_eos_create(r->connection->bucket_alloc);
-                APR_BRIGADE_INSERT_TAIL(output_brigade, e);
-                if (ap_pass_brigade(r->output_filters,
-                                    output_brigade) != APR_SUCCESS) {
-                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                                  "proxy: error processing end");
-                    output_failed = 1;
+                /* If we are overriding the errors, we must not send anything to
+                 * the client, especially as the brigade already contains headers.
+                 * So do nothing here, and it will be cleaned up below.
+                 */
+                if (!psf->error_override || !ap_is_HTTP_ERROR(r->status)) {
+                    e = apr_bucket_eos_create(r->connection->bucket_alloc);
+                    APR_BRIGADE_INSERT_TAIL(output_brigade, e);
+                    if (ap_pass_brigade(r->output_filters,
+                                        output_brigade) != APR_SUCCESS) {
+                        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+                                      "proxy: error processing end");
+                        output_failed = 1;
+                    }
+                    /* XXX: what about flush here? See mod_jk */
+                    data_sent = 1;
                 }
-                /* XXX: what about flush here? See mod_jk */
-                data_sent = 1;
                 request_ended = 1;
                 break;
             default:
@@ -591,7 +626,17 @@ static int ap_proxy_ajp_request(apr_pool
                      "proxy: got response from %pI (%s)",
                      conn->worker->cp->addr,
                      conn->worker->hostname);
-        rv = OK;
+
+        if (psf->error_override && ap_is_HTTP_ERROR(r->status)) {
+            /* clear r->status for override error, otherwise ErrorDocument
+             * thinks that this is a recursive error, and doesn't find the
+             * custom error page
+             */
+            rv = r->status;
+            r->status = HTTP_OK;
+        } else {
+            rv = OK;
+        }
     }
 
     if (backend_failed) {



Mime
View raw message