From cb35beef2a938b80c9e4b5d6a408eca437aa74db Mon Sep 17 00:00:00 2001 From: Arno Töll Date: Sun, 20 Jul 2014 06:23:00 -1100 Subject: Imported Upstream version 2.4.10 --- modules/proxy/ajp_header.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'modules/proxy/ajp_header.c') diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c index 074f0a8d..8f9a2fcd 100644 --- a/modules/proxy/ajp_header.c +++ b/modules/proxy/ajp_header.c @@ -435,6 +435,26 @@ static apr_status_t ajp_marshal_into_msgb(ajp_msg_t *msg, return AJP_EOVERFLOW; } } + /* Forward the local ip address information, which was forgotten + * from the builtin data of the AJP 13 protocol. + * Since the servlet spec allows to retrieve it via getLocalAddr(), + * we provide the address to the Tomcat connector as a request + * attribute. Modern Tomcat versions know how to retrieve + * the local address from this attribute. + */ + { + const char *key = SC_A_REQ_LOCAL_ADDR; + char *val = r->connection->local_ip; + if (ajp_msg_append_uint8(msg, SC_A_REQ_ATTRIBUTE) || + ajp_msg_append_string(msg, key) || + ajp_msg_append_string(msg, val)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02646) + "ajp_marshal_into_msgb: " + "Error appending attribute %s=%s", + key, val); + return AJP_EOVERFLOW; + } + } /* Use the environment vars prefixed with AJP_ * and pass it to the header striping that prefix. */ -- cgit v1.2.3 From 48802c25dc82a8b13ac351c0c2137ef748256bbd Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Sun, 2 Aug 2015 00:19:16 +0200 Subject: Imported Upstream version 2.4.16 --- ABOUT_APACHE | 10 +- CHANGES | 281 ++++++++ Makefile.in | 24 +- README.cmake | 2 + acinclude.m4 | 4 +- build/config.guess | 10 +- build/config.sub | 22 +- build/ltmain.sh | 81 ++- configure | 12 +- docs/conf/extra/httpd-ssl.conf.in | 49 +- docs/error/HTTP_BAD_GATEWAY.html.var | 24 +- docs/error/HTTP_BAD_REQUEST.html.var | 19 +- docs/error/HTTP_FORBIDDEN.html.var | 36 +- docs/error/HTTP_GONE.html.var | 40 +- docs/error/HTTP_INTERNAL_SERVER_ERROR.html.var | 40 +- docs/error/HTTP_LENGTH_REQUIRED.html.var | 22 +- docs/error/HTTP_METHOD_NOT_ALLOWED.html.var | 19 +- docs/error/HTTP_NOT_FOUND.html.var | 45 +- docs/error/HTTP_NOT_IMPLEMENTED.html.var | 21 +- docs/error/HTTP_PRECONDITION_FAILED.html.var | 19 +- docs/error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var | 18 +- docs/error/HTTP_REQUEST_TIME_OUT.html.var | 19 +- docs/error/HTTP_REQUEST_URI_TOO_LARGE.html.var | 20 +- docs/error/HTTP_SERVICE_UNAVAILABLE.html.var | 22 +- docs/error/HTTP_UNAUTHORIZED.html.var | 37 +- docs/error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var | 16 +- docs/error/HTTP_VARIANT_ALSO_VARIES.html.var | 13 + docs/error/README | 1 + docs/error/contact.html.var | 7 + docs/man/ab.1 | 4 +- docs/manual/bind.html.de | 4 +- docs/manual/bind.html.en | 4 +- docs/manual/bind.html.fr | 4 +- docs/manual/bind.html.ja.utf8 | 4 +- docs/manual/bind.html.ko.euc-kr | 4 +- docs/manual/bind.html.tr.utf8 | 4 +- docs/manual/caching.html.en | 4 +- docs/manual/caching.html.fr | 4 +- docs/manual/caching.html.tr.utf8 | 4 +- docs/manual/configuring.html.de | 4 +- docs/manual/configuring.html.en | 10 +- docs/manual/configuring.html.fr | 11 +- docs/manual/configuring.html.ja.utf8 | 4 +- docs/manual/configuring.html.ko.euc-kr | 4 +- docs/manual/configuring.html.tr.utf8 | 13 +- docs/manual/content-negotiation.html.en | 4 +- docs/manual/content-negotiation.html.fr | 4 +- docs/manual/content-negotiation.html.ja.utf8 | 4 +- docs/manual/content-negotiation.html.ko.euc-kr | 4 +- docs/manual/content-negotiation.html.tr.utf8 | 4 +- docs/manual/convenience.map | 2 + docs/manual/custom-error.html.en | 4 +- docs/manual/custom-error.html.es | 4 +- docs/manual/custom-error.html.fr | 4 +- docs/manual/custom-error.html.ja.utf8 | 4 +- docs/manual/custom-error.html.ko.euc-kr | 4 +- docs/manual/custom-error.html.tr.utf8 | 4 +- docs/manual/developer/API.html.en | 4 +- docs/manual/developer/debugging.html.en | 4 +- docs/manual/developer/documenting.html.en | 4 +- docs/manual/developer/documenting.html.zh-cn.utf8 | 4 +- docs/manual/developer/filters.html.en | 4 +- docs/manual/developer/hooks.html.en | 4 +- docs/manual/developer/index.html.en | 4 +- docs/manual/developer/index.html.zh-cn.utf8 | 4 +- docs/manual/developer/modguide.html.en | 52 +- docs/manual/developer/modules.html.en | 4 +- docs/manual/developer/modules.html.ja.utf8 | 4 +- docs/manual/developer/new_api_2_4.html.en | 4 +- docs/manual/developer/output-filters.html.en | 17 +- docs/manual/developer/request.html.en | 4 +- docs/manual/developer/thread_safety.html.en | 4 +- docs/manual/dns-caveats.html.en | 14 +- docs/manual/dns-caveats.html.fr | 14 +- docs/manual/dns-caveats.html.ja.utf8 | 4 +- docs/manual/dns-caveats.html.ko.euc-kr | 4 +- docs/manual/dns-caveats.html.tr.utf8 | 14 +- docs/manual/dso.html.en | 4 +- docs/manual/dso.html.fr | 4 +- docs/manual/dso.html.ja.utf8 | 4 +- docs/manual/dso.html.ko.euc-kr | 4 +- docs/manual/dso.html.tr.utf8 | 4 +- docs/manual/env.html.en | 6 +- docs/manual/env.html.fr | 6 +- docs/manual/env.html.ja.utf8 | 4 +- docs/manual/env.html.ko.euc-kr | 4 +- docs/manual/env.html.tr.utf8 | 6 +- docs/manual/expr.html.en | 10 +- docs/manual/expr.html.fr | 12 +- docs/manual/faq/index.html.en | 4 +- docs/manual/faq/index.html.fr | 4 +- docs/manual/faq/index.html.tr.utf8 | 4 +- docs/manual/faq/index.html.zh-cn.utf8 | 4 +- docs/manual/filter.html.en | 4 +- docs/manual/filter.html.es | 4 +- docs/manual/filter.html.fr | 4 +- docs/manual/filter.html.ja.utf8 | 4 +- docs/manual/filter.html.ko.euc-kr | 4 +- docs/manual/filter.html.tr.utf8 | 4 +- docs/manual/getting-started.html.en | 4 +- docs/manual/getting-started.html.fr | 4 +- docs/manual/glossary.html.de | 4 +- docs/manual/glossary.html.en | 4 +- docs/manual/glossary.html.es | 4 +- docs/manual/glossary.html.fr | 4 +- docs/manual/glossary.html.ja.utf8 | 4 +- docs/manual/glossary.html.ko.euc-kr | 4 +- docs/manual/glossary.html.tr.utf8 | 4 +- docs/manual/handler.html.en | 6 +- docs/manual/handler.html.es | 4 +- docs/manual/handler.html.fr | 6 +- docs/manual/handler.html.ja.utf8 | 8 +- docs/manual/handler.html.ko.euc-kr | 4 +- docs/manual/handler.html.tr.utf8 | 6 +- docs/manual/handler.html.zh-cn.utf8 | 4 +- docs/manual/howto/access.html.en | 12 +- docs/manual/howto/access.html.fr | 12 +- docs/manual/howto/auth.html.en | 26 +- docs/manual/howto/auth.html.fr | 26 +- docs/manual/howto/auth.html.ja.utf8 | 4 +- docs/manual/howto/auth.html.ko.euc-kr | 4 +- docs/manual/howto/auth.html.tr.utf8 | 26 +- docs/manual/howto/cgi.html.en | 12 +- docs/manual/howto/cgi.html.fr | 12 +- docs/manual/howto/cgi.html.ja.utf8 | 4 +- docs/manual/howto/cgi.html.ko.euc-kr | 4 +- docs/manual/howto/htaccess.html.en | 30 +- docs/manual/howto/htaccess.html.fr | 28 +- docs/manual/howto/htaccess.html.ja.utf8 | 4 +- docs/manual/howto/htaccess.html.ko.euc-kr | 4 +- docs/manual/howto/htaccess.html.pt-br | 4 +- docs/manual/howto/index.html.en | 4 +- docs/manual/howto/index.html.fr | 4 +- docs/manual/howto/index.html.ja.utf8 | 4 +- docs/manual/howto/index.html.ko.euc-kr | 4 +- docs/manual/howto/index.html.zh-cn.utf8 | 4 +- docs/manual/howto/public_html.html.en | 6 +- docs/manual/howto/public_html.html.fr | 6 +- docs/manual/howto/public_html.html.ja.utf8 | 4 +- docs/manual/howto/public_html.html.ko.euc-kr | 4 +- docs/manual/howto/public_html.html.tr.utf8 | 6 +- docs/manual/howto/ssi.html.en | 4 +- docs/manual/howto/ssi.html.fr | 4 +- docs/manual/howto/ssi.html.ja.utf8 | 4 +- docs/manual/howto/ssi.html.ko.euc-kr | 4 +- docs/manual/index.html.da | 4 +- docs/manual/index.html.de | 4 +- docs/manual/index.html.en | 4 +- docs/manual/index.html.es | 4 +- docs/manual/index.html.fr | 4 +- docs/manual/index.html.ja.utf8 | 4 +- docs/manual/index.html.ko.euc-kr | 4 +- docs/manual/index.html.pt-br | 4 +- docs/manual/index.html.tr.utf8 | 4 +- docs/manual/index.html.zh-cn.utf8 | 4 +- docs/manual/install.html.de | 4 +- docs/manual/install.html.en | 15 +- docs/manual/install.html.es | 4 +- docs/manual/install.html.fr | 18 +- docs/manual/install.html.ja.utf8 | 4 +- docs/manual/install.html.ko.euc-kr | 4 +- docs/manual/install.html.tr.utf8 | 13 +- docs/manual/invoking.html.de | 4 +- docs/manual/invoking.html.en | 4 +- docs/manual/invoking.html.es | 4 +- docs/manual/invoking.html.fr | 4 +- docs/manual/invoking.html.ja.utf8 | 4 +- docs/manual/invoking.html.ko.euc-kr | 4 +- docs/manual/invoking.html.tr.utf8 | 4 +- docs/manual/license.html.en | 4 +- docs/manual/logs.html.en | 20 +- docs/manual/logs.html.fr | 23 +- docs/manual/logs.html.ja.utf8 | 4 +- docs/manual/logs.html.ko.euc-kr | 4 +- docs/manual/logs.html.tr.utf8 | 16 +- docs/manual/misc/index.html.en | 4 +- docs/manual/misc/index.html.fr | 4 +- docs/manual/misc/index.html.ko.euc-kr | 4 +- docs/manual/misc/index.html.tr.utf8 | 4 +- docs/manual/misc/index.html.zh-cn.utf8 | 4 +- docs/manual/misc/password_encryptions.html.en | 4 +- docs/manual/misc/password_encryptions.html.fr | 4 +- docs/manual/misc/perf-tuning.html.en | 126 ++-- docs/manual/misc/perf-tuning.html.fr | 20 +- docs/manual/misc/perf-tuning.html.ko.euc-kr | 4 +- docs/manual/misc/perf-tuning.html.tr.utf8 | 24 +- docs/manual/misc/relevant_standards.html.en | 4 +- docs/manual/misc/relevant_standards.html.fr | 4 +- docs/manual/misc/relevant_standards.html.ko.euc-kr | 4 +- docs/manual/misc/security_tips.html.en | 20 +- docs/manual/misc/security_tips.html.fr | 18 +- docs/manual/misc/security_tips.html.ko.euc-kr | 4 +- docs/manual/misc/security_tips.html.tr.utf8 | 17 +- docs/manual/mod/core.html.de | 26 +- docs/manual/mod/core.html.en | 313 +++++---- docs/manual/mod/core.html.es | 24 +- docs/manual/mod/core.html.fr | 342 ++++++---- docs/manual/mod/core.html.ja.utf8 | 26 +- docs/manual/mod/core.html.tr.utf8 | 161 +++-- docs/manual/mod/directive-dict.html.en | 4 +- docs/manual/mod/directive-dict.html.fr | 4 +- docs/manual/mod/directive-dict.html.ja.utf8 | 4 +- docs/manual/mod/directive-dict.html.ko.euc-kr | 4 +- docs/manual/mod/directive-dict.html.tr.utf8 | 4 +- docs/manual/mod/directives.html.de | 6 +- docs/manual/mod/directives.html.en | 6 +- docs/manual/mod/directives.html.es | 6 +- docs/manual/mod/directives.html.fr | 6 +- docs/manual/mod/directives.html.ja.utf8 | 6 +- docs/manual/mod/directives.html.ko.euc-kr | 6 +- docs/manual/mod/directives.html.tr.utf8 | 6 +- docs/manual/mod/directives.html.zh-cn.utf8 | 6 +- docs/manual/mod/event.html.en | 16 +- docs/manual/mod/event.html.fr | 18 +- docs/manual/mod/index.html.de | 4 +- docs/manual/mod/index.html.en | 4 +- docs/manual/mod/index.html.es | 4 +- docs/manual/mod/index.html.fr | 4 +- docs/manual/mod/index.html.ja.utf8 | 4 +- docs/manual/mod/index.html.ko.euc-kr | 4 +- docs/manual/mod/index.html.tr.utf8 | 4 +- docs/manual/mod/index.html.zh-cn.utf8 | 4 +- docs/manual/mod/mod_access_compat.html.en | 12 +- docs/manual/mod/mod_access_compat.html.fr | 20 +- docs/manual/mod/mod_access_compat.html.ja.utf8 | 4 +- docs/manual/mod/mod_actions.html.de | 4 +- docs/manual/mod/mod_actions.html.en | 14 +- docs/manual/mod/mod_actions.html.fr | 18 +- docs/manual/mod/mod_actions.html.ja.utf8 | 4 +- docs/manual/mod/mod_actions.html.ko.euc-kr | 4 +- docs/manual/mod/mod_alias.html.en | 82 ++- docs/manual/mod/mod_alias.html.fr | 168 +++-- docs/manual/mod/mod_alias.html.ja.utf8 | 14 +- docs/manual/mod/mod_alias.html.ko.euc-kr | 14 +- docs/manual/mod/mod_alias.html.tr.utf8 | 157 +++-- docs/manual/mod/mod_allowmethods.html.en | 8 +- docs/manual/mod/mod_allowmethods.html.fr | 10 +- docs/manual/mod/mod_asis.html.en | 14 +- docs/manual/mod/mod_asis.html.fr | 12 +- docs/manual/mod/mod_asis.html.ja.utf8 | 12 +- docs/manual/mod/mod_asis.html.ko.euc-kr | 12 +- docs/manual/mod/mod_auth_basic.html.en | 20 +- docs/manual/mod/mod_auth_basic.html.fr | 28 +- docs/manual/mod/mod_auth_basic.html.ja.utf8 | 4 +- docs/manual/mod/mod_auth_basic.html.ko.euc-kr | 4 +- docs/manual/mod/mod_auth_digest.html.en | 20 +- docs/manual/mod/mod_auth_digest.html.fr | 34 +- docs/manual/mod/mod_auth_digest.html.ko.euc-kr | 16 +- docs/manual/mod/mod_auth_form.html.en | 62 +- docs/manual/mod/mod_auth_form.html.fr | 183 ++--- docs/manual/mod/mod_authn_anon.html.en | 18 +- docs/manual/mod/mod_authn_anon.html.fr | 28 +- docs/manual/mod/mod_authn_anon.html.ja.utf8 | 18 +- docs/manual/mod/mod_authn_anon.html.ko.euc-kr | 14 +- docs/manual/mod/mod_authn_core.html.en | 33 +- docs/manual/mod/mod_authn_core.html.fr | 40 +- docs/manual/mod/mod_authn_dbd.html.en | 20 +- docs/manual/mod/mod_authn_dbd.html.fr | 24 +- docs/manual/mod/mod_authn_dbm.html.en | 4 +- docs/manual/mod/mod_authn_dbm.html.fr | 8 +- docs/manual/mod/mod_authn_dbm.html.ja.utf8 | 4 +- docs/manual/mod/mod_authn_dbm.html.ko.euc-kr | 4 +- docs/manual/mod/mod_authn_file.html.en | 4 +- docs/manual/mod/mod_authn_file.html.fr | 6 +- docs/manual/mod/mod_authn_file.html.ja.utf8 | 4 +- docs/manual/mod/mod_authn_file.html.ko.euc-kr | 4 +- docs/manual/mod/mod_authn_socache.html.en | 26 +- docs/manual/mod/mod_authn_socache.html.fr | 52 +- docs/manual/mod/mod_authnz_fcgi.html.en | 27 +- docs/manual/mod/mod_authnz_ldap.html.en | 53 +- docs/manual/mod/mod_authnz_ldap.html.fr | 97 +-- docs/manual/mod/mod_authz_core.html.en | 40 +- docs/manual/mod/mod_authz_core.html.fr | 56 +- docs/manual/mod/mod_authz_dbd.html.en | 28 +- docs/manual/mod/mod_authz_dbd.html.fr | 39 +- docs/manual/mod/mod_authz_dbm.html.en | 32 +- docs/manual/mod/mod_authz_dbm.html.fr | 28 +- docs/manual/mod/mod_authz_dbm.html.ko.euc-kr | 4 +- docs/manual/mod/mod_authz_groupfile.html.en | 14 +- docs/manual/mod/mod_authz_groupfile.html.fr | 16 +- docs/manual/mod/mod_authz_groupfile.html.ja.utf8 | 4 +- docs/manual/mod/mod_authz_groupfile.html.ko.euc-kr | 4 +- docs/manual/mod/mod_authz_host.html.en | 14 +- docs/manual/mod/mod_authz_host.html.fr | 12 +- docs/manual/mod/mod_authz_owner.html.en | 24 +- docs/manual/mod/mod_authz_owner.html.fr | 22 +- docs/manual/mod/mod_authz_owner.html.ja.utf8 | 12 +- docs/manual/mod/mod_authz_owner.html.ko.euc-kr | 12 +- docs/manual/mod/mod_authz_user.html.en | 14 +- docs/manual/mod/mod_authz_user.html.fr | 12 +- docs/manual/mod/mod_authz_user.html.ja.utf8 | 4 +- docs/manual/mod/mod_authz_user.html.ko.euc-kr | 4 +- docs/manual/mod/mod_autoindex.html.en | 72 +- docs/manual/mod/mod_autoindex.html.fr | 100 ++- docs/manual/mod/mod_autoindex.html.ja.utf8 | 14 +- docs/manual/mod/mod_autoindex.html.ko.euc-kr | 14 +- docs/manual/mod/mod_autoindex.html.tr.utf8 | 15 +- docs/manual/mod/mod_buffer.html.en | 4 +- docs/manual/mod/mod_buffer.html.fr | 6 +- docs/manual/mod/mod_cache.html.en | 52 +- docs/manual/mod/mod_cache.html.fr | 96 +-- docs/manual/mod/mod_cache.html.ja.utf8 | 16 +- docs/manual/mod/mod_cache.html.ko.euc-kr | 16 +- docs/manual/mod/mod_cache_disk.html.en | 4 +- docs/manual/mod/mod_cache_disk.html.fr | 18 +- docs/manual/mod/mod_cache_disk.html.ja.utf8 | 4 +- docs/manual/mod/mod_cache_disk.html.ko.euc-kr | 4 +- docs/manual/mod/mod_cache_socache.html.en | 6 +- docs/manual/mod/mod_cache_socache.html.fr | 59 +- docs/manual/mod/mod_cern_meta.html.en | 4 +- docs/manual/mod/mod_cern_meta.html.fr | 10 +- docs/manual/mod/mod_cern_meta.html.ko.euc-kr | 4 +- docs/manual/mod/mod_cgi.html.en | 16 +- docs/manual/mod/mod_cgi.html.fr | 22 +- docs/manual/mod/mod_cgi.html.ja.utf8 | 16 +- docs/manual/mod/mod_cgi.html.ko.euc-kr | 16 +- docs/manual/mod/mod_cgid.html.en | 4 +- docs/manual/mod/mod_cgid.html.fr | 8 +- docs/manual/mod/mod_cgid.html.ja.utf8 | 4 +- docs/manual/mod/mod_cgid.html.ko.euc-kr | 4 +- docs/manual/mod/mod_charset_lite.html.en | 18 +- docs/manual/mod/mod_charset_lite.html.fr | 24 +- docs/manual/mod/mod_charset_lite.html.ko.euc-kr | 14 +- docs/manual/mod/mod_data.html.en | 6 +- docs/manual/mod/mod_data.html.fr | 6 +- docs/manual/mod/mod_dav.html.en | 34 +- docs/manual/mod/mod_dav.html.fr | 40 +- docs/manual/mod/mod_dav.html.ja.utf8 | 22 +- docs/manual/mod/mod_dav.html.ko.euc-kr | 18 +- docs/manual/mod/mod_dav_fs.html.en | 6 +- docs/manual/mod/mod_dav_fs.html.fr | 8 +- docs/manual/mod/mod_dav_fs.html.ja.utf8 | 4 +- docs/manual/mod/mod_dav_fs.html.ko.euc-kr | 4 +- docs/manual/mod/mod_dav_lock.html.en | 4 +- docs/manual/mod/mod_dav_lock.html.fr | 6 +- docs/manual/mod/mod_dav_lock.html.ja.utf8 | 4 +- docs/manual/mod/mod_dbd.html.en | 20 +- docs/manual/mod/mod_dbd.html.fr | 38 +- docs/manual/mod/mod_deflate.html.en | 83 ++- docs/manual/mod/mod_deflate.html.fr | 88 ++- docs/manual/mod/mod_deflate.html.ja.utf8 | 18 +- docs/manual/mod/mod_deflate.html.ko.euc-kr | 18 +- docs/manual/mod/mod_dialup.html.en | 12 +- docs/manual/mod/mod_dialup.html.fr | 14 +- docs/manual/mod/mod_dir.html.en | 16 +- docs/manual/mod/mod_dir.html.fr | 26 +- docs/manual/mod/mod_dir.html.ja.utf8 | 4 +- docs/manual/mod/mod_dir.html.ko.euc-kr | 4 +- docs/manual/mod/mod_dir.html.tr.utf8 | 5 +- docs/manual/mod/mod_dumpio.html.en | 14 +- docs/manual/mod/mod_dumpio.html.fr | 18 +- docs/manual/mod/mod_dumpio.html.ja.utf8 | 14 +- docs/manual/mod/mod_echo.html.en | 4 +- docs/manual/mod/mod_echo.html.fr | 6 +- docs/manual/mod/mod_echo.html.ja.utf8 | 4 +- docs/manual/mod/mod_echo.html.ko.euc-kr | 4 +- docs/manual/mod/mod_env.html.en | 4 +- docs/manual/mod/mod_env.html.fr | 10 +- docs/manual/mod/mod_env.html.ja.utf8 | 4 +- docs/manual/mod/mod_env.html.ko.euc-kr | 4 +- docs/manual/mod/mod_env.html.tr.utf8 | 4 +- docs/manual/mod/mod_example_hooks.html.en | 20 +- docs/manual/mod/mod_example_hooks.html.fr | 22 +- docs/manual/mod/mod_example_hooks.html.ko.euc-kr | 16 +- docs/manual/mod/mod_expires.html.en | 14 +- docs/manual/mod/mod_expires.html.fr | 22 +- docs/manual/mod/mod_expires.html.ja.utf8 | 14 +- docs/manual/mod/mod_expires.html.ko.euc-kr | 14 +- docs/manual/mod/mod_ext_filter.html.en | 27 +- docs/manual/mod/mod_ext_filter.html.fr | 78 ++- docs/manual/mod/mod_ext_filter.html.ja.utf8 | 14 +- docs/manual/mod/mod_ext_filter.html.ko.euc-kr | 14 +- docs/manual/mod/mod_file_cache.html.en | 14 +- docs/manual/mod/mod_file_cache.html.fr | 18 +- docs/manual/mod/mod_file_cache.html.ko.euc-kr | 14 +- docs/manual/mod/mod_filter.html.en | 30 +- docs/manual/mod/mod_filter.html.fr | 42 +- docs/manual/mod/mod_headers.html.en | 18 +- docs/manual/mod/mod_headers.html.fr | 22 +- docs/manual/mod/mod_headers.html.ja.utf8 | 18 +- docs/manual/mod/mod_headers.html.ko.euc-kr | 18 +- docs/manual/mod/mod_heartbeat.html.en | 14 +- docs/manual/mod/mod_heartbeat.html.fr | 16 +- docs/manual/mod/mod_heartmonitor.html.en | 4 +- docs/manual/mod/mod_heartmonitor.html.fr | 10 +- docs/manual/mod/mod_ident.html.en | 4 +- docs/manual/mod/mod_ident.html.fr | 8 +- docs/manual/mod/mod_ident.html.ja.utf8 | 4 +- docs/manual/mod/mod_ident.html.ko.euc-kr | 4 +- docs/manual/mod/mod_imagemap.html.en | 20 +- docs/manual/mod/mod_imagemap.html.fr | 26 +- docs/manual/mod/mod_imagemap.html.ko.euc-kr | 20 +- docs/manual/mod/mod_include.html.en | 26 +- docs/manual/mod/mod_include.html.fr | 44 +- docs/manual/mod/mod_include.html.ja.utf8 | 24 +- docs/manual/mod/mod_info.html.en | 22 +- docs/manual/mod/mod_info.html.fr | 24 +- docs/manual/mod/mod_info.html.ja.utf8 | 16 +- docs/manual/mod/mod_info.html.ko.euc-kr | 16 +- docs/manual/mod/mod_isapi.html.en | 18 +- docs/manual/mod/mod_isapi.html.fr | 30 +- docs/manual/mod/mod_isapi.html.ko.euc-kr | 18 +- docs/manual/mod/mod_lbmethod_bybusyness.html.en | 14 +- docs/manual/mod/mod_lbmethod_bybusyness.html.fr | 12 +- docs/manual/mod/mod_lbmethod_byrequests.html.en | 14 +- docs/manual/mod/mod_lbmethod_byrequests.html.fr | 12 +- docs/manual/mod/mod_lbmethod_bytraffic.html.en | 14 +- docs/manual/mod/mod_lbmethod_bytraffic.html.fr | 12 +- docs/manual/mod/mod_lbmethod_heartbeat.html.en | 4 +- docs/manual/mod/mod_lbmethod_heartbeat.html.fr | 6 +- docs/manual/mod/mod_ldap.html.en | 76 +-- docs/manual/mod/mod_ldap.html.fr | 110 ++-- docs/manual/mod/mod_log_config.html.en | 59 +- docs/manual/mod/mod_log_config.html.fr | 71 +- docs/manual/mod/mod_log_config.html.ja.utf8 | 16 +- docs/manual/mod/mod_log_config.html.ko.euc-kr | 16 +- docs/manual/mod/mod_log_config.html.tr.utf8 | 17 +- docs/manual/mod/mod_log_debug.html.en | 20 +- docs/manual/mod/mod_log_debug.html.fr | 22 +- docs/manual/mod/mod_log_forensic.html.en | 16 +- docs/manual/mod/mod_log_forensic.html.fr | 18 +- docs/manual/mod/mod_log_forensic.html.ja.utf8 | 16 +- docs/manual/mod/mod_log_forensic.html.tr.utf8 | 16 +- docs/manual/mod/mod_logio.html.en | 38 +- docs/manual/mod/mod_logio.html.fr | 35 +- docs/manual/mod/mod_logio.html.ja.utf8 | 28 +- docs/manual/mod/mod_logio.html.ko.euc-kr | 28 +- docs/manual/mod/mod_logio.html.tr.utf8 | 28 +- docs/manual/mod/mod_lua.html.en | 64 +- docs/manual/mod/mod_lua.html.fr | 126 ++-- docs/manual/mod/mod_macro.html.en | 34 +- docs/manual/mod/mod_macro.html.fr | 40 +- docs/manual/mod/mod_mime.html.en | 53 +- docs/manual/mod/mod_mime.html.fr | 89 ++- docs/manual/mod/mod_mime.html.ja.utf8 | 18 +- docs/manual/mod/mod_mime_magic.html.en | 16 +- docs/manual/mod/mod_mime_magic.html.fr | 18 +- docs/manual/mod/mod_negotiation.html.en | 16 +- docs/manual/mod/mod_negotiation.html.fr | 22 +- docs/manual/mod/mod_negotiation.html.ja.utf8 | 16 +- docs/manual/mod/mod_nw_ssl.html.en | 4 +- docs/manual/mod/mod_nw_ssl.html.fr | 10 +- docs/manual/mod/mod_privileges.html.en | 14 +- docs/manual/mod/mod_privileges.html.fr | 30 +- docs/manual/mod/mod_proxy.html.en | 182 ++--- docs/manual/mod/mod_proxy.html.fr | 255 +++---- docs/manual/mod/mod_proxy.html.ja.utf8 | 26 +- docs/manual/mod/mod_proxy_ajp.html.en | 28 +- docs/manual/mod/mod_proxy_ajp.html.fr | 24 +- docs/manual/mod/mod_proxy_ajp.html.ja.utf8 | 12 +- docs/manual/mod/mod_proxy_balancer.html.en | 46 +- docs/manual/mod/mod_proxy_balancer.html.fr | 42 +- docs/manual/mod/mod_proxy_balancer.html.ja.utf8 | 12 +- docs/manual/mod/mod_proxy_connect.html.en | 14 +- docs/manual/mod/mod_proxy_connect.html.fr | 16 +- docs/manual/mod/mod_proxy_connect.html.ja.utf8 | 4 +- docs/manual/mod/mod_proxy_express.html.en | 8 +- docs/manual/mod/mod_proxy_express.html.fr | 14 +- docs/manual/mod/mod_proxy_fcgi.html.en | 35 +- docs/manual/mod/mod_proxy_fcgi.html.fr | 33 +- docs/manual/mod/mod_proxy_fdpass.html.en | 4 +- docs/manual/mod/mod_proxy_fdpass.html.fr | 4 +- docs/manual/mod/mod_proxy_ftp.html.en | 20 +- docs/manual/mod/mod_proxy_ftp.html.fr | 26 +- docs/manual/mod/mod_proxy_html.html.en | 4 +- docs/manual/mod/mod_proxy_html.html.fr | 28 +- docs/manual/mod/mod_proxy_http.html.en | 14 +- docs/manual/mod/mod_proxy_http.html.fr | 12 +- docs/manual/mod/mod_proxy_scgi.html.en | 54 +- docs/manual/mod/mod_proxy_scgi.html.fr | 55 +- docs/manual/mod/mod_proxy_wstunnel.html.en | 10 +- docs/manual/mod/mod_ratelimit.html.en | 6 +- docs/manual/mod/mod_ratelimit.html.fr | 6 +- docs/manual/mod/mod_reflector.html.en | 18 +- docs/manual/mod/mod_reflector.html.fr | 20 +- docs/manual/mod/mod_remoteip.html.en | 14 +- docs/manual/mod/mod_remoteip.html.fr | 26 +- docs/manual/mod/mod_reqtimeout.html.en | 14 +- docs/manual/mod/mod_reqtimeout.html.fr | 16 +- docs/manual/mod/mod_request.html.en | 4 +- docs/manual/mod/mod_request.html.fr | 6 +- docs/manual/mod/mod_request.html.tr.utf8 | 4 +- docs/manual/mod/mod_rewrite.html.en | 69 +- docs/manual/mod/mod_rewrite.html.fr | 87 ++- docs/manual/mod/mod_sed.html.en | 16 +- docs/manual/mod/mod_sed.html.fr | 20 +- docs/manual/mod/mod_session.html.en | 28 +- docs/manual/mod/mod_session.html.fr | 40 +- docs/manual/mod/mod_session_cookie.html.en | 14 +- docs/manual/mod/mod_session_cookie.html.fr | 20 +- docs/manual/mod/mod_session_crypto.html.en | 14 +- docs/manual/mod/mod_session_crypto.html.fr | 22 +- docs/manual/mod/mod_session_dbd.html.en | 20 +- docs/manual/mod/mod_session_dbd.html.fr | 40 +- docs/manual/mod/mod_setenvif.html.en | 4 +- docs/manual/mod/mod_setenvif.html.fr | 14 +- docs/manual/mod/mod_setenvif.html.ja.utf8 | 4 +- docs/manual/mod/mod_setenvif.html.ko.euc-kr | 4 +- docs/manual/mod/mod_setenvif.html.tr.utf8 | 4 +- docs/manual/mod/mod_slotmem_plain.html.en | 4 +- docs/manual/mod/mod_slotmem_plain.html.fr | 4 +- docs/manual/mod/mod_slotmem_shm.html.en | 4 +- docs/manual/mod/mod_slotmem_shm.html.fr | 4 +- docs/manual/mod/mod_so.html.en | 14 +- docs/manual/mod/mod_so.html.fr | 20 +- docs/manual/mod/mod_so.html.ja.utf8 | 14 +- docs/manual/mod/mod_so.html.ko.euc-kr | 14 +- docs/manual/mod/mod_so.html.tr.utf8 | 14 +- docs/manual/mod/mod_socache_dbm.html.en | 4 +- docs/manual/mod/mod_socache_dbm.html.fr | 4 +- docs/manual/mod/mod_socache_dc.html.en | 4 +- docs/manual/mod/mod_socache_dc.html.fr | 4 +- docs/manual/mod/mod_socache_memcache.html.en | 4 +- docs/manual/mod/mod_socache_memcache.html.fr | 4 +- docs/manual/mod/mod_socache_shmcb.html.en | 4 +- docs/manual/mod/mod_socache_shmcb.html.fr | 4 +- docs/manual/mod/mod_speling.html.en | 6 +- docs/manual/mod/mod_speling.html.fr | 10 +- docs/manual/mod/mod_speling.html.ja.utf8 | 4 +- docs/manual/mod/mod_speling.html.ko.euc-kr | 4 +- docs/manual/mod/mod_ssl.html.en | 161 +++-- docs/manual/mod/mod_ssl.html.fr | 324 +++++---- docs/manual/mod/mod_status.html.en | 16 +- docs/manual/mod/mod_status.html.fr | 16 +- docs/manual/mod/mod_status.html.ja.utf8 | 12 +- docs/manual/mod/mod_status.html.ko.euc-kr | 12 +- docs/manual/mod/mod_status.html.tr.utf8 | 13 +- docs/manual/mod/mod_substitute.html.en | 20 +- docs/manual/mod/mod_substitute.html.fr | 24 +- docs/manual/mod/mod_suexec.html.en | 4 +- docs/manual/mod/mod_suexec.html.fr | 6 +- docs/manual/mod/mod_suexec.html.ja.utf8 | 4 +- docs/manual/mod/mod_suexec.html.ko.euc-kr | 4 +- docs/manual/mod/mod_suexec.html.tr.utf8 | 4 +- docs/manual/mod/mod_unique_id.html.en | 16 +- docs/manual/mod/mod_unique_id.html.fr | 16 +- docs/manual/mod/mod_unique_id.html.ja.utf8 | 12 +- docs/manual/mod/mod_unique_id.html.ko.euc-kr | 12 +- docs/manual/mod/mod_unixd.html.en | 4 +- docs/manual/mod/mod_unixd.html.fr | 12 +- docs/manual/mod/mod_unixd.html.tr.utf8 | 4 +- docs/manual/mod/mod_userdir.html.en | 4 +- docs/manual/mod/mod_userdir.html.fr | 6 +- docs/manual/mod/mod_userdir.html.ja.utf8 | 4 +- docs/manual/mod/mod_userdir.html.ko.euc-kr | 4 +- docs/manual/mod/mod_userdir.html.tr.utf8 | 4 +- docs/manual/mod/mod_usertrack.html.en | 14 +- docs/manual/mod/mod_usertrack.html.fr | 24 +- docs/manual/mod/mod_version.html.en | 4 +- docs/manual/mod/mod_version.html.ja.utf8 | 4 +- docs/manual/mod/mod_version.html.ko.euc-kr | 4 +- docs/manual/mod/mod_vhost_alias.html.en | 34 +- docs/manual/mod/mod_vhost_alias.html.fr | 42 +- docs/manual/mod/mod_vhost_alias.html.tr.utf8 | 17 +- docs/manual/mod/mod_watchdog.html.en | 4 +- docs/manual/mod/mod_xml2enc.html.en | 20 +- docs/manual/mod/mod_xml2enc.html.fr | 26 +- docs/manual/mod/module-dict.html.en | 4 +- docs/manual/mod/module-dict.html.fr | 4 +- docs/manual/mod/module-dict.html.ja.utf8 | 4 +- docs/manual/mod/module-dict.html.ko.euc-kr | 4 +- docs/manual/mod/module-dict.html.tr.utf8 | 4 +- docs/manual/mod/mpm_common.html.de | 4 +- docs/manual/mod/mpm_common.html.en | 4 +- docs/manual/mod/mpm_common.html.fr | 44 +- docs/manual/mod/mpm_common.html.ja.utf8 | 4 +- docs/manual/mod/mpm_common.html.tr.utf8 | 4 +- docs/manual/mod/mpm_netware.html.en | 4 +- docs/manual/mod/mpm_netware.html.fr | 6 +- docs/manual/mod/mpm_winnt.html.de | 4 +- docs/manual/mod/mpm_winnt.html.en | 4 +- docs/manual/mod/mpm_winnt.html.fr | 4 +- docs/manual/mod/mpm_winnt.html.ja.utf8 | 4 +- docs/manual/mod/mpmt_os2.html.en | 4 +- docs/manual/mod/mpmt_os2.html.fr | 4 +- docs/manual/mod/prefork.html.de | 14 +- docs/manual/mod/prefork.html.en | 14 +- docs/manual/mod/prefork.html.fr | 18 +- docs/manual/mod/prefork.html.ja.utf8 | 14 +- docs/manual/mod/prefork.html.tr.utf8 | 14 +- docs/manual/mod/quickreference.html.de | 363 +++++----- docs/manual/mod/quickreference.html.en | 363 +++++----- docs/manual/mod/quickreference.html.es | 363 +++++----- docs/manual/mod/quickreference.html.fr | 386 +++++------ docs/manual/mod/quickreference.html.ja.utf8 | 361 +++++----- docs/manual/mod/quickreference.html.ko.euc-kr | 363 +++++----- docs/manual/mod/quickreference.html.tr.utf8 | 377 +++++------ docs/manual/mod/quickreference.html.zh-cn.utf8 | 363 +++++----- docs/manual/mod/worker.html.de | 14 +- docs/manual/mod/worker.html.en | 14 +- docs/manual/mod/worker.html.fr | 14 +- docs/manual/mod/worker.html.ja.utf8 | 14 +- docs/manual/mod/worker.html.tr.utf8 | 14 +- docs/manual/mpm.html.de | 4 +- docs/manual/mpm.html.en | 4 +- docs/manual/mpm.html.es | 4 +- docs/manual/mpm.html.fr | 4 +- docs/manual/mpm.html.ja.utf8 | 4 +- docs/manual/mpm.html.ko.euc-kr | 4 +- docs/manual/mpm.html.tr.utf8 | 4 +- docs/manual/mpm.html.zh-cn.utf8 | 4 +- docs/manual/new_features_2_0.html.de | 4 +- docs/manual/new_features_2_0.html.en | 4 +- docs/manual/new_features_2_0.html.fr | 4 +- docs/manual/new_features_2_0.html.ja.utf8 | 4 +- docs/manual/new_features_2_0.html.ko.euc-kr | 4 +- docs/manual/new_features_2_0.html.pt-br | 4 +- docs/manual/new_features_2_0.html.ru.koi8-r | 4 +- docs/manual/new_features_2_0.html.tr.utf8 | 4 +- docs/manual/new_features_2_2.html.en | 4 +- docs/manual/new_features_2_2.html.fr | 4 +- docs/manual/new_features_2_2.html.ko.euc-kr | 4 +- docs/manual/new_features_2_2.html.pt-br | 4 +- docs/manual/new_features_2_2.html.tr.utf8 | 4 +- docs/manual/new_features_2_4.html.en | 29 +- docs/manual/new_features_2_4.html.fr | 62 +- docs/manual/new_features_2_4.html.tr.utf8 | 28 +- docs/manual/platform/ebcdic.html.en | 4 +- docs/manual/platform/ebcdic.html.ko.euc-kr | 4 +- docs/manual/platform/index.html.en | 4 +- docs/manual/platform/index.html.fr | 4 +- docs/manual/platform/index.html.ko.euc-kr | 4 +- docs/manual/platform/index.html.zh-cn.utf8 | 4 +- docs/manual/platform/netware.html.en | 4 +- docs/manual/platform/netware.html.fr | 4 +- docs/manual/platform/netware.html.ko.euc-kr | 4 +- docs/manual/platform/perf-hp.html.en | 4 +- docs/manual/platform/perf-hp.html.fr | 4 +- docs/manual/platform/perf-hp.html.ko.euc-kr | 4 +- docs/manual/platform/rpm.html.en | 4 +- docs/manual/platform/win_compiling.html.en | 4 +- docs/manual/platform/win_compiling.html.fr | 4 +- docs/manual/platform/win_compiling.html.ko.euc-kr | 4 +- docs/manual/platform/windows.html.en | 30 +- docs/manual/platform/windows.html.fr | 31 +- docs/manual/platform/windows.html.ko.euc-kr | 4 +- docs/manual/programs/ab.html.en | 6 +- docs/manual/programs/ab.html.fr | 4 +- docs/manual/programs/ab.html.ko.euc-kr | 4 +- docs/manual/programs/ab.html.tr.utf8 | 5 +- docs/manual/programs/apachectl.html.en | 4 +- docs/manual/programs/apachectl.html.fr | 4 +- docs/manual/programs/apachectl.html.ko.euc-kr | 4 +- docs/manual/programs/apachectl.html.tr.utf8 | 4 +- docs/manual/programs/apxs.html.en | 4 +- docs/manual/programs/apxs.html.fr | 4 +- docs/manual/programs/apxs.html.ko.euc-kr | 4 +- docs/manual/programs/apxs.html.tr.utf8 | 4 +- docs/manual/programs/configure.html.en | 4 +- docs/manual/programs/configure.html.fr | 4 +- docs/manual/programs/configure.html.ko.euc-kr | 4 +- docs/manual/programs/configure.html.tr.utf8 | 4 +- docs/manual/programs/dbmmanage.html.en | 4 +- docs/manual/programs/dbmmanage.html.fr | 4 +- docs/manual/programs/dbmmanage.html.ko.euc-kr | 4 +- docs/manual/programs/dbmmanage.html.tr.utf8 | 4 +- docs/manual/programs/fcgistarter.html.en | 4 +- docs/manual/programs/fcgistarter.html.fr | 4 +- docs/manual/programs/fcgistarter.html.tr.utf8 | 4 +- docs/manual/programs/htcacheclean.html.en | 4 +- docs/manual/programs/htcacheclean.html.fr | 4 +- docs/manual/programs/htcacheclean.html.ko.euc-kr | 4 +- docs/manual/programs/htcacheclean.html.tr.utf8 | 4 +- docs/manual/programs/htdbm.html.en | 4 +- docs/manual/programs/htdbm.html.fr | 4 +- docs/manual/programs/htdbm.html.tr.utf8 | 4 +- docs/manual/programs/htdigest.html.en | 4 +- docs/manual/programs/htdigest.html.fr | 4 +- docs/manual/programs/htdigest.html.ko.euc-kr | 4 +- docs/manual/programs/htdigest.html.tr.utf8 | 4 +- docs/manual/programs/htpasswd.html.en | 4 +- docs/manual/programs/htpasswd.html.fr | 4 +- docs/manual/programs/htpasswd.html.ko.euc-kr | 4 +- docs/manual/programs/htpasswd.html.tr.utf8 | 4 +- docs/manual/programs/httpd.html.en | 4 +- docs/manual/programs/httpd.html.fr | 4 +- docs/manual/programs/httpd.html.ko.euc-kr | 4 +- docs/manual/programs/httpd.html.tr.utf8 | 4 +- docs/manual/programs/httxt2dbm.html.en | 4 +- docs/manual/programs/httxt2dbm.html.fr | 4 +- docs/manual/programs/httxt2dbm.html.tr.utf8 | 4 +- docs/manual/programs/index.html.en | 4 +- docs/manual/programs/index.html.es | 4 +- docs/manual/programs/index.html.fr | 4 +- docs/manual/programs/index.html.ko.euc-kr | 4 +- docs/manual/programs/index.html.tr.utf8 | 4 +- docs/manual/programs/index.html.zh-cn.utf8 | 4 +- docs/manual/programs/log_server_status.html.en | 4 +- docs/manual/programs/logresolve.html.en | 4 +- docs/manual/programs/logresolve.html.fr | 4 +- docs/manual/programs/logresolve.html.ko.euc-kr | 4 +- docs/manual/programs/logresolve.html.tr.utf8 | 4 +- docs/manual/programs/other.html.en | 4 +- docs/manual/programs/other.html.fr | 4 +- docs/manual/programs/other.html.ko.euc-kr | 4 +- docs/manual/programs/other.html.tr.utf8 | 4 +- docs/manual/programs/rotatelogs.html.en | 4 +- docs/manual/programs/rotatelogs.html.fr | 4 +- docs/manual/programs/rotatelogs.html.ko.euc-kr | 4 +- docs/manual/programs/rotatelogs.html.tr.utf8 | 4 +- docs/manual/programs/split-logfile.html.en | 4 +- docs/manual/programs/suexec.html.en | 4 +- docs/manual/programs/suexec.html.ko.euc-kr | 4 +- docs/manual/programs/suexec.html.tr.utf8 | 4 +- docs/manual/rewrite/access.html.en | 58 +- docs/manual/rewrite/access.html.fr | 58 +- docs/manual/rewrite/advanced.html.en | 30 +- docs/manual/rewrite/advanced.html.fr | 33 +- docs/manual/rewrite/avoid.html.en | 21 +- docs/manual/rewrite/avoid.html.fr | 22 +- docs/manual/rewrite/flags.html.en | 72 +- docs/manual/rewrite/flags.html.fr | 74 +-- docs/manual/rewrite/htaccess.html.en | 4 +- docs/manual/rewrite/htaccess.html.fr | 4 +- docs/manual/rewrite/index.html.en | 4 +- docs/manual/rewrite/index.html.fr | 6 +- docs/manual/rewrite/index.html.tr.utf8 | 4 +- docs/manual/rewrite/index.html.zh-cn.utf8 | 4 +- docs/manual/rewrite/intro.html.en | 41 +- docs/manual/rewrite/intro.html.fr | 44 +- docs/manual/rewrite/proxy.html.en | 18 +- docs/manual/rewrite/proxy.html.fr | 18 +- docs/manual/rewrite/remapping.html.en | 124 ++-- docs/manual/rewrite/remapping.html.fr | 125 ++-- docs/manual/rewrite/rewritemap.html.en | 35 +- docs/manual/rewrite/rewritemap.html.fr | 32 +- docs/manual/rewrite/tech.html.en | 10 +- docs/manual/rewrite/tech.html.fr | 10 +- docs/manual/rewrite/vhosts.html.en | 44 +- docs/manual/rewrite/vhosts.html.fr | 44 +- docs/manual/sections.html.en | 64 +- docs/manual/sections.html.fr | 64 +- docs/manual/sections.html.ja.utf8 | 4 +- docs/manual/sections.html.ko.euc-kr | 4 +- docs/manual/sections.html.tr.utf8 | 64 +- docs/manual/server-wide.html.en | 4 +- docs/manual/server-wide.html.fr | 4 +- docs/manual/server-wide.html.ja.utf8 | 4 +- docs/manual/server-wide.html.ko.euc-kr | 4 +- docs/manual/server-wide.html.tr.utf8 | 4 +- docs/manual/sitemap.html.de | 4 +- docs/manual/sitemap.html.en | 4 +- docs/manual/sitemap.html.es | 4 +- docs/manual/sitemap.html.fr | 4 +- docs/manual/sitemap.html.ja.utf8 | 4 +- docs/manual/sitemap.html.ko.euc-kr | 4 +- docs/manual/sitemap.html.tr.utf8 | 4 +- docs/manual/sitemap.html.zh-cn.utf8 | 4 +- docs/manual/socache.html.en | 4 +- docs/manual/socache.html.fr | 4 +- docs/manual/ssl/index.html.en | 4 +- docs/manual/ssl/index.html.fr | 4 +- docs/manual/ssl/index.html.ja.utf8 | 4 +- docs/manual/ssl/index.html.tr.utf8 | 4 +- docs/manual/ssl/index.html.zh-cn.utf8 | 4 +- docs/manual/ssl/ssl_compat.html.en | 4 +- docs/manual/ssl/ssl_compat.html.fr | 4 +- docs/manual/ssl/ssl_faq.html.en | 36 +- docs/manual/ssl/ssl_faq.html.fr | 33 +- docs/manual/ssl/ssl_howto.html.en | 46 +- docs/manual/ssl/ssl_howto.html.fr | 46 +- docs/manual/ssl/ssl_intro.html.en | 6 +- docs/manual/ssl/ssl_intro.html.fr | 4 +- docs/manual/ssl/ssl_intro.html.ja.utf8 | 4 +- docs/manual/stopping.html.de | 4 +- docs/manual/stopping.html.en | 4 +- docs/manual/stopping.html.es | 4 +- docs/manual/stopping.html.fr | 4 +- docs/manual/stopping.html.ja.utf8 | 4 +- docs/manual/stopping.html.ko.euc-kr | 4 +- docs/manual/stopping.html.tr.utf8 | 4 +- docs/manual/style/version.ent | 2 +- docs/manual/suexec.html.en | 4 +- docs/manual/suexec.html.fr | 4 +- docs/manual/suexec.html.ja.utf8 | 4 +- docs/manual/suexec.html.ko.euc-kr | 4 +- docs/manual/suexec.html.tr.utf8 | 4 +- docs/manual/upgrading.html.en | 13 +- docs/manual/upgrading.html.fr | 26 +- docs/manual/urlmapping.html.en | 24 +- docs/manual/urlmapping.html.fr | 24 +- docs/manual/urlmapping.html.ja.utf8 | 4 +- docs/manual/urlmapping.html.ko.euc-kr | 4 +- docs/manual/urlmapping.html.tr.utf8 | 24 +- docs/manual/vhosts/details.html.en | 4 +- docs/manual/vhosts/details.html.fr | 4 +- docs/manual/vhosts/details.html.ko.euc-kr | 4 +- docs/manual/vhosts/details.html.tr.utf8 | 4 +- docs/manual/vhosts/examples.html.en | 80 +-- docs/manual/vhosts/examples.html.fr | 80 +-- docs/manual/vhosts/examples.html.ja.utf8 | 4 +- docs/manual/vhosts/examples.html.ko.euc-kr | 4 +- docs/manual/vhosts/examples.html.tr.utf8 | 5 +- docs/manual/vhosts/fd-limits.html.en | 4 +- docs/manual/vhosts/fd-limits.html.fr | 4 +- docs/manual/vhosts/fd-limits.html.ja.utf8 | 4 +- docs/manual/vhosts/fd-limits.html.ko.euc-kr | 4 +- docs/manual/vhosts/fd-limits.html.tr.utf8 | 4 +- docs/manual/vhosts/index.html.de | 4 +- docs/manual/vhosts/index.html.en | 4 +- docs/manual/vhosts/index.html.fr | 4 +- docs/manual/vhosts/index.html.ja.utf8 | 4 +- docs/manual/vhosts/index.html.ko.euc-kr | 4 +- docs/manual/vhosts/index.html.tr.utf8 | 4 +- docs/manual/vhosts/index.html.zh-cn.utf8 | 4 +- docs/manual/vhosts/ip-based.html.en | 16 +- docs/manual/vhosts/ip-based.html.fr | 16 +- docs/manual/vhosts/ip-based.html.ja.utf8 | 4 +- docs/manual/vhosts/ip-based.html.ko.euc-kr | 4 +- docs/manual/vhosts/ip-based.html.tr.utf8 | 5 +- docs/manual/vhosts/mass.html.en | 48 +- docs/manual/vhosts/mass.html.fr | 48 +- docs/manual/vhosts/mass.html.ko.euc-kr | 4 +- docs/manual/vhosts/mass.html.tr.utf8 | 5 +- docs/manual/vhosts/name-based.html.de | 4 +- docs/manual/vhosts/name-based.html.en | 8 +- docs/manual/vhosts/name-based.html.fr | 8 +- docs/manual/vhosts/name-based.html.ja.utf8 | 4 +- docs/manual/vhosts/name-based.html.ko.euc-kr | 4 +- docs/manual/vhosts/name-based.html.tr.utf8 | 5 +- httpd.spec | 2 +- include/ap_config_auto.h.in | 3 + include/ap_mmn.h | 10 +- include/ap_release.h | 2 +- include/http_core.h | 23 +- include/http_protocol.h | 17 + include/http_request.h | 23 + include/httpd.h | 11 +- modules/aaa/mod_allowmethods.c | 139 ++-- modules/aaa/mod_auth_basic.c | 2 +- modules/aaa/mod_authn_dbd.c | 19 +- modules/aaa/mod_authn_dbm.c | 14 +- modules/aaa/mod_authnz_fcgi.c | 9 +- modules/aaa/mod_authnz_fcgi.dsp | 238 +++---- modules/aaa/mod_authz_core.c | 10 + modules/aaa/mod_authz_dbd.c | 10 +- modules/aaa/mod_authz_dbm.c | 12 +- modules/aaa/mod_authz_groupfile.c | 14 +- modules/aaa/mod_authz_owner.c | 3 +- modules/aaa/mod_authz_owner.h | 27 + modules/cache/mod_cache_socache.c | 30 +- modules/cache/mod_file_cache.c | 4 +- modules/cache/mod_socache_dbm.c | 16 +- modules/cache/mod_socache_dbm.dsp | 4 +- modules/cache/mod_socache_dc.c | 11 +- modules/cache/mod_socache_shmcb.c | 94 ++- modules/cache/mod_socache_shmcb.dsp | 4 +- modules/cluster/mod_heartmonitor.c | 2 +- modules/core/mod_macro.c | 24 +- modules/dav/fs/repos.c | 2 +- modules/dav/main/mod_dav.c | 13 +- modules/dav/main/util.c | 6 +- modules/dav/main/util_lock.c | 14 +- modules/examples/mod_case_filter.c | 76 +-- modules/examples/mod_case_filter_in.c | 16 +- modules/examples/mod_example_hooks.c | 9 +- modules/examples/mod_example_ipc.c | 21 +- modules/filters/mod_buffer.c | 40 +- modules/filters/mod_charset_lite.c | 5 + modules/filters/mod_deflate.c | 116 ++-- modules/filters/mod_ext_filter.c | 5 + modules/filters/mod_filter.c | 2 +- modules/filters/mod_reflector.c | 12 +- modules/filters/mod_reqtimeout.c | 101 +-- modules/generators/mod_asis.c | 2 +- modules/generators/mod_cgi.c | 2 +- modules/generators/mod_cgid.c | 31 +- modules/generators/mod_status.c | 40 +- modules/http/http_core.c | 22 +- modules/http/http_filters.c | 733 ++++++++++----------- modules/http/http_protocol.c | 7 +- modules/http/http_request.c | 103 ++- modules/ldap/util_ldap.c | 47 +- modules/loggers/mod_log_config.c | 31 +- modules/loggers/mod_logio.c | 75 ++- modules/lua/lua_request.c | 23 +- modules/lua/mod_lua.c | 4 + modules/mappers/mod_rewrite.c | 50 +- modules/proxy/ajp.h | 1 + modules/proxy/ajp_header.c | 20 + modules/proxy/ajp_header.h | 5 + modules/proxy/balancers/mod_lbmethod_bybusyness.c | 11 +- modules/proxy/balancers/mod_lbmethod_byrequests.c | 8 +- modules/proxy/balancers/mod_lbmethod_bytraffic.c | 9 +- modules/proxy/balancers/mod_lbmethod_heartbeat.c | 12 +- modules/proxy/examples/mod_lbmethod_rr.c | 11 +- modules/proxy/mod_proxy.c | 145 ++-- modules/proxy/mod_proxy.h | 11 + modules/proxy/mod_proxy_ajp.c | 78 ++- modules/proxy/mod_proxy_balancer.c | 4 +- modules/proxy/mod_proxy_connect.c | 30 +- modules/proxy/mod_proxy_express.c | 14 +- modules/proxy/mod_proxy_fcgi.c | 46 +- modules/proxy/mod_proxy_http.c | 21 +- modules/proxy/mod_proxy_scgi.c | 64 +- modules/proxy/mod_proxy_wstunnel.c | 60 +- modules/proxy/mod_proxy_wstunnel.dsp | 246 +++---- modules/proxy/proxy_util.c | 23 +- modules/session/mod_session_dbd.c | 3 +- modules/ssl/mod_ssl.c | 7 +- modules/ssl/ssl_engine_config.c | 35 +- modules/ssl/ssl_engine_init.c | 13 +- modules/ssl/ssl_engine_io.c | 2 +- modules/ssl/ssl_engine_kernel.c | 21 +- modules/ssl/ssl_engine_rand.c | 2 + modules/ssl/ssl_engine_vars.c | 109 +++ modules/ssl/ssl_private.h | 11 +- modules/ssl/ssl_scache.c | 26 +- modules/ssl/ssl_util_ssl.c | 122 ++-- modules/ssl/ssl_util_ssl.h | 2 + modules/ssl/ssl_util_stapling.c | 269 +++++--- modules/test/mod_dialup.c | 6 +- os/unix/unixd.c | 4 +- server/config.c | 6 +- server/connection.c | 1 - server/core.c | 132 +++- server/core_filters.c | 13 +- server/error_bucket.c | 3 + server/log.c | 2 +- server/mpm/event/event.c | 349 +++++++--- server/mpm/event/fdqueue.c | 2 +- server/mpm/netware/mpm_netware.c | 4 +- server/mpm_common.c | 2 +- server/protocol.c | 13 +- server/request.c | 74 ++- server/scoreboard.c | 10 +- server/util.c | 2 +- server/util_expr_eval.c | 32 +- server/util_script.c | 6 +- server/util_xml.c | 1 + support/ab.c | 6 +- support/ab.dsp | 8 +- support/abs.dsp | 8 +- support/htcacheclean.dsp | 8 +- support/htdigest.dsp | 8 +- support/httxt2dbm.dsp | 8 +- support/logresolve.dsp | 8 +- support/rotatelogs.dsp | 8 +- 938 files changed, 12996 insertions(+), 8340 deletions(-) create mode 100644 modules/aaa/mod_authz_owner.h (limited to 'modules/proxy/ajp_header.c') diff --git a/ABOUT_APACHE b/ABOUT_APACHE index f95435b0..d013e5b2 100644 --- a/ABOUT_APACHE +++ b/ABOUT_APACHE @@ -147,13 +147,13 @@ rest of the core members agree. The core group focus is more on than on mainstream code development. The term "The Apache Group" technically refers to this core of project contributors. -The Apache project is a meritocracy -- the more work you have done, the more +The Apache project is a meritocracy--the more work you have done, the more you are allowed to do. The group founders set the original rules, but they can be changed by vote of the active members. There is a group of people who have logins on our server (apache.org) and access to the svn repository. Everyone has access to the svn snapshots. Changes to the code are proposed on the mailing list and usually voted on by active -members -- three +1 (yes votes) and no -1 (no votes, or vetoes) are needed +members--three +1 (yes votes) and no -1 (no votes, or vetoes) are needed to commit a code change during a release cycle; docs are usually committed first and then changed as needed, with conflicts resolved by majority vote. @@ -225,15 +225,15 @@ by using it often contribute back to it by providing feature enhancements, bug fixes, and support for others in public newsgroups. The amount of effort expended by any particular individual is usually fairly light, but the resulting product is made very strong. This kind of community can -only happen with freeware -- when someone pays for software, they usually +only happen with freeware--when someone pays for software, they usually aren't willing to fix its bugs. One can argue, then, that Apache's strength comes from the fact that it's free, and if it were made "not free" it would suffer tremendously, even if that money were spent on a real development team. -We want to see Apache httpd used very widely -- by large companies, small +We want to see Apache httpd used very widely--by large companies, small companies, research institutions, schools, individuals, in the intranet -environment, everywhere -- even though this may mean that companies who +environment, everywhere--even though this may mean that companies who could afford commercial software, and would pay for it without blinking, might get a "free ride" by using Apache httpd. We would even be happy if some commercial software companies completely dropped their own HTTP server diff --git a/CHANGES b/CHANGES index dff64409..62a4702f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,283 @@ -*- coding: utf-8 -*- +Changes with Apache 2.4.16 + + *) http: Fix LimitRequestBody checks when there is no more bytes to read. + [Michael Kaufmann ] + + *) mod_alias: Revert expression parser support for Alias, ScriptAlias + and Redirect due to a regression (introduced in 2.4.13, not released). + + *) mod_reqtimeout: Don't let pipelining checks and keep-alive times interfere + with the timeouts computed for subsequent requests. PR 56729. + [Eric Covener, Yann Ylavic] + + *) core: Avoid a possible truncation of the faulty header included in the + HTML response when LimitRequestFieldSize is reached. [Yann Ylavic] + + *) mod_ldap: In some case, LDAP_NO_SUCH_ATTRIBUTE could be returned instead + of an error during a compare operation. [Eric Covener] + +Changes with Apache 2.4.15 + + *) mod_ext_filter, mod_charset_lite: Avoid inadvertent filtering of protocol + data during read of chunked request bodies. PR 58049. + [Edward Lu ] + + *) mod_ldap: Stop leaking LDAP connections when 'LDAPConnectionPoolTTL 0' + is configured. PR 58037. [Ted Phelps ] + + *) core: Allow spaces after chunk-size for compatibility with implementations + using a pre-filled buffer. [Yann Ylavic, Jeff Trawick] + + *) mod_ssl: Remove deprecated SSLCertificateChainFile warning. + [Yann Ylavic] + +Changes with Apache 2.4.14 + + *) SECURITY: CVE-2015-3183 (cve.mitre.org) + core: Fix chunk header parsing defect. + Remove apr_brigade_flatten(), buffering and duplicated code from + the HTTP_IN filter, parse chunks in a single pass with zero copy. + Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext + authorized characters. [Graham Leggett, Yann Ylavic] + + *) SECURITY: CVE-2015-3185 (cve.mitre.org) + Replacement of ap_some_auth_required (unusable in Apache httpd 2.4) + with new ap_some_authn_required and ap_force_authn hook. [Ben Reser] + +Changes with Apache 2.4.13 + + *) SECURITY: CVE-2015-0253 (cve.mitre.org) + core: Fix a crash with ErrorDocument 400 pointing to a local URL-path + with the INCLUDES filter active, introduced in 2.4.11. PR 57531. + [Yann Ylavic] + + *) SECURITY: CVE-2015-0228 (cve.mitre.org) + mod_lua: A maliciously crafted websockets PING after a script + calls r:wsupgrade() can cause a child process crash. + [Edward Lu ] + + *) mod_proxy: Don't put the worker in error state for 500 or 503 errors + returned by the backend unless failonstatus is configured to. PR 56925. + [Yann Ylavic] + + *) core: Don't lowercase the argument to SetHandler if it begins with + "proxy:unix". PR 57968. [Eric Covener] + + *) mod_ssl OCSP Stapling: Don't block initial handshakes while refreshing + the OCSP response for a different certificate. mod_ssl has an additional + global mutex, "ssl-stapling-refresh". PR 57131 (partial fix). + [Jeff Trawick] + + *) mod_authz_dbm: Fix crashes when "dbm-file-group" is used and + authz modules were loaded in the "wrong" order. [Joe Orton] + + *) mod_authn_dbd, mod_authz_dbd, mod_session_dbd, mod_rewrite: Fix lifetime + of DB lookup entries independently of the selected DB engine. PR 46421. + [Steven whitson , Jan Kaluza, Yann Ylavic]. + + *) In alignment with RFC 7525, the default recommended SSLCipherSuite + and SSLProxyCipherSuite now exclude RC4 as well as MD5. Also, the + default recommended SSLProtocol and SSLProxyProtocol directives now + exclude SSLv3. Existing configurations must be adjusted by the + administrator. [William Rowe] + + *) mod_ssl: Add support for extracting subjectAltName entries of type + rfc822Name and dNSName into SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n + environment variables. Also addresses PR 57207. [Kaspar Brand] + + *) dav_validate_request: avoid validating locks and ETags when there are + no If headers providing them on a resource we aren't modifying. + [Ben Reser] + + *) mod_proxy_scgi: ProxySCGIInternalRedirect now allows an alternate + response header to be used by the application, for when the application + or framework is unable to return Location in the internal-redirect + form. [Jeff Trawick] + + *) core: Cleanup the request soon/even if some output filter fails to + handle the EOR bucket. [Yann Ylavic] + + *) mpm_event: Allow for timer events duplicates. [Jim Jagielski, Yann Ylavic] + + *) mod_proxy, mod_ssl, mod_cache_socache, mod_socache_*: Support machine + readable server-status produced when using the "?auto" query string. + [Rainer Jung] + + *) mod_status: Add more data to machine readable server-status produced + when using the "?auto" query string. [Rainer Jung] + + *) mod_ssl: Check for the Entropy Gathering Daemon (EGD) availability at + configure time (RAND_egd), and complain if SSLRandomSeed requires using + it otherwise. [Bernard Spil , Stefan Sperling, + Kaspar Brand] + + *) mod_ssl: make sure to consistently output SSLCertificateChainFile + deprecation warnings, when encountered in a VirtualHost block. + [Falco Schwarz ] + + *) mod_log_config: Add "%{UNIT}T" format to output request duration in + seconds, milliseconds or microseconds depending on UNIT ("s", "ms", "us"). + [Ben Reser, Rainer Jung] + + *) Allow FallbackResource to work when a directory is requested and + there is no autoindex nor DirectoryIndex. + [Jack , Eric Covener] + + *) mod_proxy_wstunnel: Bypass the handler while the connection is not + upgraded to WebSocket, so that other modules can possibly take over + the leading HTTP requests. [Yann Ylavic] + + *) mod_http: Fix incorrect If-Match handling. PR 57358 + [Kunihiko Sakamoto ] + + *) mod_ssl: Add a warning if protocol given in SSLProtocol or SSLProxyProtocol + will override other parameters given in the same directive. This could be + a missing + or - prefix. PR 52820 [Christophe Jaillet] + + *) core, modules: Avoid error response/document handling by the core if some + handler or input filter already did it while reading the request (causing + a double response body). [Yann Ylavic] + + *) mod_proxy_ajp: Fix client connection errors handling and logged status + when it occurs. PR 56823. [Yann Ylavic] + + *) mod_proxy: Use the correct server name for SNI in case the backend + SSL connection itself is established via a proxy server. + PR 57139 [Szabolcs Gyurko ] + + *) mod_ssl: Fix possible crash when loading server certificate constraints. + PR 57694. [Paul Spangler , Yann Ylavic] + + *) build: Don't load both mod_cgi and mod_cgid in the default configuration + if they're both built. [olli hauer ] + + *) mod_logio: Add LogIOTrackTTFB and %^FB logformat to log the time + taken to start writing response headers. [Eric Covener] + + *) mod_ssl: Avoid compilation errors with LibreSSL related to + the use of ENGINE_CTRL_CHIL_SET_FORKCHECK. + [Stuart Henderson ] + + *) mod_proxy_http: Use the "Connection: close" header for requests to + backends not recycling connections (disablereuse), including the default + reverse and forward proxies. [Yann Ylavic] + + *) mod_proxy: Add ap_connection_reusable() for checking if a connection + is reusable as of this point in processing. [Jeff Trawick] + + *) mod_proxy_wstunnel: Avoid an empty response by failing with 502 (Bad + Gateway) when no response is ever received from the backend. + [Jan Kaluza] + + *) core_filters: Restore/disable TCP_NOPUSH option after non-blocking + sendfile. [Yann Ylavic] + + *) mod_buffer: Forward flushed input data immediately and avoid (unlikely) + access to freed memory. [Yann Ylavic, Christophe Jaillet] + + *) core: Add CGIPassAuth directive to control whether HTTP authorization + headers are passed to scripts as CGI variables. PR 56855. [Jeff + Trawick] + + *) core: Initialize scoreboard's used optional functions on graceful restarts + to avoid a crash when relocation occurs. PR 57177. [Yann Ylavic] + + *) mod_dav: Avoid a potential integer underflow in the lock timeout value sent + back to a client. The answer to a LOCK request could be an extremly large + integer if the time needed to lock the resource was longer that the + requested timeout given in the LOCK request. In such a case, we now answer + "Second-0". PR55420 + [Christophe Jaillet] + + *) mod_cgid: Within the first minute of a server start or restart, + allow mod_cgid to retry connecting to its daemon process. Previously, + 'No such file or directory: unable to connect to cgi daemon...' could + be logged without an actual retry. PR57685. + [Edward Lu ] + + *) mod_proxy: Use the original (non absolute) form of the request-line's URI + for requests embedded in CONNECT payloads used to connect SSL backends via + a ProxyRemote forward-proxy. PR 55892. [Hendrik Harms , William Rowe, Yann Ylavic] + + *) http: Make ap_die() robust against any HTTP error code and not modify + response status (finally logged) when nothing is to be done. PR 56035. + [Yann Ylavic] + + *) mod_proxy_connect/wstunnel: If both client and backend sides get readable + at the same time, don't lose errors occuring while forwarding on the first + side when none occurs next on the other side, and abort. [Yann Ylavic] + + *) mod_rewrite: Improve relative substitutions in per-directory/htaccess + context for directories found by mod_userdir and mod_alias. These no + longer require RewriteBase to be specified. [Eric Covener] + + *) mod_proxy_http: Don't expect the backend to ack the "Connection: close" to + finally close those not meant to be kept alive by SetEnv proxy-nokeepalive + or force-proxy-request-1.0. [Yann Ylavic] + + *) core: If explicitly configured, use the KeepaliveTimeout value of the + virtual host which handled the latest request on the connection, or by + default the one of the first virtual host bound to the same IP:port. + PR56226. [Yann Ylavic] + + *) mod_lua: After a r:wsupgrade(), mod_lua was not properly + responding to a websockets PING but instead invoking the specified + script. PR57524. [Edward Lu ] + + *) mod_ssl: Add the SSL_CLIENT_CERT_RFC4523_CEA variable, which provides + a combination of certificate serialNumber and issuer as defined by + CertificateExactMatch in RFC4523. [Graham Leggett] + + *) core: Add expression support to ErrorDocument. Switch from a fixed + sized 664 byte array per merge to a hash table. [Graham Leggett] + + *) ab: Add missing longest request (100%) to CSV export. + [Marcin Fabrykowski ] + + *) mod_macro: Clear macros before initialization to avoid use-after-free + on startup or restart when the module is linked statically. PR 57525 + [apache.org tech.futurequest.net, Yann Ylavic] + + *) mod_alias: Introduce expression parser support for Alias, ScriptAlias + and Redirect. [Graham Leggett] + + *) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. + PR 57100. [Michael Kaufmann , + Yann Ylavic] + + *) mpm_event: Avoid access to the scoreboard from the connection while + it is suspended (waiting for events). [Eric Covener, Jeff Trawick] + + *) mod_ssl: Fix renegotiation failures redirected to an ErrorDocument. + PR 57334. [Yann Ylavic]. + + *) mod_deflate: A misplaced check prevents limiting small bodies with the + new inflate limits. PR56872. [Edward Lu, Eric Covener, Yann Ylavic] + + *) mod_proxy_ajp: Forward SSL protocol name (SSLv3, TLSv1.1 etc.) as a + request attribute to the backend. Recent Tomcat versions will extract + it and provide it as a servlet request attribute named + "org.apache.tomcat.util.net.secure_protocol_version". [Rainer Jung] + + *) core: Optimize string concatenation in expression parser when evaluating + a string expression. [Rainer Jung] + + *) acinclude.m4: Generate #LoadModule directive in default httpd.conf for + every --enable-mpms-shared. PR 53882. [olli hauer , + Yann Ylavic] + + *) mod_authn_dbd: Fix the error message logged in case of error while querying + the database. This is associated to AH01656 and AH01661. [Christophe Jaillet] + + *) mod_authz_groupfile: Reduce the severity of AH01667 from ERROR to DEBUG, + because it may be evaluated inside . PR55523. [Eric Covener] + + *) mod_ssl: Fix small memory leak during initialization when ECDH is used. + [Jan Kaluza] + Changes with Apache 2.4.12 *) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for @@ -11,6 +289,9 @@ Changes with Apache 2.4.12 *) configure: Fix --enable-v4-mapped configuration on *BSD. PR 53824. [ olli hauer , Yann Ylavic ] + *) Reverted behavior regression introduced in 2.4.11 + (not released). + Changes with Apache 2.4.11 *) SECURITY: CVE-2014-3583 (cve.mitre.org) diff --git a/Makefile.in b/Makefile.in index 09e97145..c1b08f9b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -58,6 +58,16 @@ install-conf: -e 's#@@SSLPort@@#$(SSLPORT)#g' \ -e 'p' \ < $$i; \ + if echo " $(DSO_MODULES) "|$(EGREP) " cgi " > /dev/null ; then \ + have_cgi="1"; \ + else \ + have_cgi="0"; \ + fi; \ + if echo " $(DSO_MODULES) "|$(EGREP) " cgid " > /dev/null ; then \ + have_cgid="1"; \ + else \ + have_cgid="0"; \ + fi; \ for j in $(DSO_MODULES) "^EOL^"; do \ if test $$j != "^EOL^"; then \ if echo ",$(ENABLED_DSO_MODULES),"|$(EGREP) ",$$j," > /dev/null ; then \ @@ -68,8 +78,18 @@ install-conf: if test "$(LOAD_ALL_MODULES)" = "yes"; then \ loading_disabled=""; \ fi; \ - echo "$${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ - fi; \ + if test $$j = "cgid" -a "$$have_cgi" = "1"; then \ + echo ""; \ + echo " $${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ + echo ""; \ + elif test $$j = "cgi" -a "$$have_cgid" = "1"; then \ + echo ""; \ + echo " $${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ + echo ""; \ + else \ + echo "$${loading_disabled}LoadModule $${j}_module $(rel_libexecdir)/mod_$${j}.so"; \ + fi; \ + fi; \ done; \ sed -e '1,/@@LoadModule@@/d' \ -e '/@@LoadModule@@/d' \ diff --git a/README.cmake b/README.cmake index 1b0589b3..ed769958 100644 --- a/README.cmake +++ b/README.cmake @@ -31,6 +31,8 @@ Prerequisites The following tools must be in PATH: * cmake, version 2.8 or later + cmake version 3.1.3 or later is required to work with current OpenSSL + releases. (OpenSSL is an optional prerequisite of httpd.) * Perl * If the WITH_MODULES feature is used: awk * If using a command-line compiler: compiler and linker and related tools diff --git a/acinclude.m4 b/acinclude.m4 index 580eb4ab..d94f8aae 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -267,9 +267,9 @@ DISTCLEAN_TARGETS = modules.mk static = shared = $libname EOF + DSO_MODULES="$DSO_MODULES mpm_$1" # add default MPM to LoadModule list if test $1 = $default_mpm; then - DSO_MODULES="$DSO_MODULES mpm_$1" ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mpm_$1" fi fi @@ -576,7 +576,7 @@ AC_DEFUN(APACHE_CHECK_OPENSSL,[ liberrors="" AC_CHECK_HEADERS([openssl/engine.h]) AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"]) - AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines]) + AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines RAND_egd]) if test "x$liberrors" != "x"; then AC_MSG_WARN([OpenSSL libraries are unusable]) fi diff --git a/build/config.guess b/build/config.guess index 72625d40..1f5c50c0 100755 --- a/build/config.guess +++ b/build/config.guess @@ -2,7 +2,7 @@ # Attempt to guess a canonical system name. # Copyright 1992-2014 Free Software Foundation, Inc. -timestamp='2014-02-12' +timestamp='2014-03-23' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -826,7 +826,7 @@ EOF *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS*:*) + *:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) @@ -969,10 +969,10 @@ EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; - or1k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + openrisc*:Linux:*:*) + echo or1k-unknown-linux-${LIBC} exit ;; - or32:Linux:*:*) + or32:Linux:*:* | or1k*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) diff --git a/build/config.sub b/build/config.sub index 092cff00..bba4efb8 100755 --- a/build/config.sub +++ b/build/config.sub @@ -2,7 +2,7 @@ # Configuration validation subroutine script. # Copyright 1992-2014 Free Software Foundation, Inc. -timestamp='2014-01-01' +timestamp='2014-09-11' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -283,8 +283,10 @@ case $basic_machine in | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipsr5900 | mipsr5900el \ @@ -296,11 +298,11 @@ case $basic_machine in | nds32 | nds32le | nds32be \ | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ - | open8 \ - | or1k | or32 \ + | open8 | or1k | or1knd | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ + | riscv32 | riscv64 \ | rl78 | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ @@ -402,8 +404,10 @@ case $basic_machine in | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipsr5900-* | mipsr5900el-* \ @@ -415,6 +419,7 @@ case $basic_machine in | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ + | or1k*-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ @@ -824,6 +829,10 @@ case $basic_machine in basic_machine=powerpc-unknown os=-morphos ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; msdos) basic_machine=i386-pc os=-msdos @@ -1369,14 +1378,14 @@ case $os in | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1594,9 +1603,6 @@ case $basic_machine in mips*-*) os=-elf ;; - or1k-*) - os=-elf - ;; or32-*) os=-coff ;; diff --git a/build/ltmain.sh b/build/ltmain.sh index 5eca4aea..0f0a2da3 100644 --- a/build/ltmain.sh +++ b/build/ltmain.sh @@ -2,11 +2,11 @@ ## DO NOT EDIT - This file generated from ./build-aux/ltmain.in ## by inline-source v2014-01-03.01 -# libtool (GNU libtool) 2.4.4 +# libtool (GNU libtool) 2.4.6 # Provide generalized library-building support services. # Written by Gordon Matzigkeit , 1996 -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2015 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -31,8 +31,8 @@ PROGRAM=libtool PACKAGE=libtool -VERSION=2.4.4 -package_revision=2.4.4 +VERSION=2.4.6 +package_revision=2.4.6 ## ------ ## @@ -64,12 +64,12 @@ package_revision=2.4.4 # libraries, which are installed to $pkgauxdir. # Set a version string for this script. -scriptversion=2014-01-03.01; # UTC +scriptversion=2015-01-20.17; # UTC # General shell script boiler plate, and helper functions. # Written by Gary V. Vaughan, 2004 -# Copyright (C) 2004-2014 Free Software Foundation, Inc. +# Copyright (C) 2004-2015 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -192,7 +192,7 @@ func_path_progs () _G_path_prog_max=0 _G_path_prog_found=false - _G_save_IFS=$IFS; IFS=$PATH_SEPARATOR + _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:} for _G_dir in $_G_PATH; do IFS=$_G_save_IFS test -z "$_G_dir" && _G_dir=. @@ -1375,7 +1375,7 @@ scriptversion=2014-01-07.03; # UTC # A portable, pluggable option parser for Bourne shell. # Written by Gary V. Vaughan, 2010 -# Copyright (C) 2010-2014 Free Software Foundation, Inc. +# Copyright (C) 2010-2015 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -1977,7 +1977,7 @@ func_version () # End: # Set a version string. -scriptversion='(GNU libtool) 2.4.4' +scriptversion='(GNU libtool) 2.4.6' # func_echo ARG... @@ -2039,7 +2039,12 @@ usage_message="Options: " # Additional text appended to 'usage_message' in response to '--help'. -long_help_message=$long_help_message" +func_help () +{ + $debug_cmd + + func_usage_message + $ECHO "$long_help_message MODE must be one of the following: @@ -2063,13 +2068,15 @@ include the following information: compiler: $LTCC compiler flags: $LTCFLAGS linker: $LD (gnu? $with_gnu_ld) - version: $progname (GNU libtool) 2.4.4 + version: $progname (GNU libtool) 2.4.6 automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` Report bugs to . GNU libtool home page: . General help using GNU software: ." + exit 0 +} # func_lo2o OBJECT-NAME @@ -6461,6 +6468,24 @@ func_win32_import_lib_p () esac } +# func_suncc_cstd_abi +# !!ONLY CALL THIS FOR SUN CC AFTER $compile_command IS FULLY EXPANDED!! +# Several compiler flags select an ABI that is incompatible with the +# Cstd library. Avoid specifying it if any are in CXXFLAGS. +func_suncc_cstd_abi () +{ + $debug_cmd + + case " $compile_command " in + *" -compat=g "*|*\ -std=c++[0-9][0-9]\ *|*" -library=stdcxx4 "*|*" -library=stlport4 "*) + suncc_use_cstd_abi=no + ;; + *) + suncc_use_cstd_abi=yes + ;; + esac +} + # func_mode_link arg... func_mode_link () { @@ -7437,6 +7462,9 @@ func_mode_link () eval sys_lib_search_path=\"$sys_lib_search_path_spec\" eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" + # Definition is injected by LT_CONFIG during libtool generation. + func_munge_path_list sys_lib_dlsearch_path "$LT_SYS_LIBRARY_PATH" + func_dirname "$output" "/" "" output_objdir=$func_dirname_result$objdir func_to_tool_file "$output_objdir/" @@ -8599,6 +8627,37 @@ func_mode_link () eval $var=\"$tmp_libs\" done # for var fi + + # Add Sun CC postdeps if required: + test CXX = "$tagname" && { + case $host_os in + linux*) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C++ 5.9 + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + + solaris*) + func_cc_basename "$CC" + case $func_cc_basename_result in + CC* | sunCC*) + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + esac + } + # Last step: remove runtime libs from dependency_libs # (they stay in deplibs) tmp_libs= diff --git a/configure b/configure index 296148e9..d38a9e84 100755 --- a/configure +++ b/configure @@ -24885,7 +24885,7 @@ else fi done - for ac_func in ENGINE_init ENGINE_load_builtin_engines + for ac_func in ENGINE_init ENGINE_load_builtin_engines RAND_egd do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -27866,9 +27866,9 @@ DISTCLEAN_TARGETS = modules.mk static = shared = $libname EOF + DSO_MODULES="$DSO_MODULES mpm_event" # add default MPM to LoadModule list if test event = $default_mpm; then - DSO_MODULES="$DSO_MODULES mpm_event" ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mpm_event" fi fi @@ -27949,9 +27949,9 @@ DISTCLEAN_TARGETS = modules.mk static = shared = $libname EOF + DSO_MODULES="$DSO_MODULES mpm_prefork" # add default MPM to LoadModule list if test prefork = $default_mpm; then - DSO_MODULES="$DSO_MODULES mpm_prefork" ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mpm_prefork" fi fi @@ -28021,9 +28021,9 @@ DISTCLEAN_TARGETS = modules.mk static = shared = $libname EOF + DSO_MODULES="$DSO_MODULES mpm_winnt" # add default MPM to LoadModule list if test winnt = $default_mpm; then - DSO_MODULES="$DSO_MODULES mpm_winnt" ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mpm_winnt" fi fi @@ -28093,9 +28093,9 @@ DISTCLEAN_TARGETS = modules.mk static = shared = $libname EOF + DSO_MODULES="$DSO_MODULES mpm_worker" # add default MPM to LoadModule list if test worker = $default_mpm; then - DSO_MODULES="$DSO_MODULES mpm_worker" ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mpm_worker" fi fi @@ -30418,9 +30418,9 @@ DISTCLEAN_TARGETS = modules.mk static = shared = $libname EOF + DSO_MODULES="$DSO_MODULES mpm_mpmt_os2" # add default MPM to LoadModule list if test mpmt_os2 = $default_mpm; then - DSO_MODULES="$DSO_MODULES mpm_mpmt_os2" ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mpm_mpmt_os2" fi fi diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in index 246b3dd7..f093b328 100644 --- a/docs/conf/extra/httpd-ssl.conf.in +++ b/docs/conf/extra/httpd-ssl.conf.in @@ -43,22 +43,41 @@ Listen @@SSLPort@@ ## # SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 +# List the ciphers that the client is permitted to negotiate, +# and that httpd will negotiate as the client of a proxied server. +# See the OpenSSL documentation for a complete list of ciphers, and +# ensure these follow appropriate best practices for this deployment. +# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers, +# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a. +SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 +SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 -# Speed-optimized SSL Cipher configuration: -# If speed is your main concern (on busy HTTPS servers e.g.), -# you might want to force clients to specific, performance -# optimized ciphers. In this case, prepend those ciphers -# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. -# Caveat: by giving precedence to RC4-SHA and AES128-SHA -# (as in the example below), most connections will no longer -# have perfect forward secrecy - if the server's key is -# compromised, captures of past or future traffic must be -# considered compromised, too. -#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 -#SSLHonorCipherOrder on +# By the end of 2016, only TLSv1.2 ciphers should remain in use. +# Older ciphers should be disallowed as soon as possible, while the +# kRSA ciphers do not offer forward secrecy. These changes inhibit +# older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy +# non-browser tooling) from successfully connecting. +# +# To restrict mod_ssl to use only TLSv1.2 ciphers, and disable +# those protocols which do not support forward secrecy, replace +# the SSLCipherSuite and SSLProxyCipherSuite directives above with +# the following two directives, as soon as practical. +# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA +# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA + +# User agents such as web browsers are not configured for the user's +# own preference of either security or performance, therefore this +# must be the prerogative of the web server administrator who manages +# cpu load versus confidentiality, so enforce the server's cipher order. +SSLHonorCipherOrder on + +# SSL Protocol support: +# List the protocol versions which clients are allowed to connect with. +# Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be +# disabled as quickly as practical. By the end of 2016, only the TLSv1.2 +# protocol or later should remain in use. +SSLProtocol all -SSLv3 +SSLProxyProtocol all -SSLv3 # Pass Phrase Dialog: # Configure the pass phrase gathering process. diff --git a/docs/error/HTTP_BAD_GATEWAY.html.var b/docs/error/HTTP_BAD_GATEWAY.html.var index 29ac361d..a9061b30 100644 --- a/docs/error/HTTP_BAD_GATEWAY.html.var +++ b/docs/error/HTTP_BAD_GATEWAY.html.var @@ -54,11 +54,11 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - El servidor 'proxy' recibió información - inválida del servidor solicitante. + El servidor 'proxy' ha recibido; información + no válida del servidor de origen. @@ -176,6 +176,24 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + Proxyserveren mottok et ugyldig svar fra + en oppstrøms server. + + + + + + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_BAD_REQUEST.html.var b/docs/error/HTTP_BAD_REQUEST.html.var index fb0d31cb..8f892c78 100644 --- a/docs/error/HTTP_BAD_REQUEST.html.var +++ b/docs/error/HTTP_BAD_REQUEST.html.var @@ -39,11 +39,11 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - Su buscador (o 'proxy') envió una solicitud - que el servidor no pudo entender. + Su navegador (o 'proxy') ha enviado una petición + que el servidor no ha podido entender. ----------es-- @@ -126,6 +126,19 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + Din nettleser eller proxy sendte en forespørsel + som denne serveren ikke kunne forstå. + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_FORBIDDEN.html.var b/docs/error/HTTP_FORBIDDEN.html.var index c95b2ecd..16995cab 100644 --- a/docs/error/HTTP_FORBIDDEN.html.var +++ b/docs/error/HTTP_FORBIDDEN.html.var @@ -68,20 +68,20 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - Usted no tiene permiso para accesar al directorio solicitado. + Usted no tiene permiso para acceder al directorio solicitado. No existe un documento índice, o el directorio está protegido contra lectura. - Usted no tiene permiso de accesar al objeto solicitado. - El objeto está protegido contra lectura, o no - puede ser leido por el servidor. + Usted no tiene permiso para acceder al objeto solicitado. + El objeto está protegido contra lectura o + el servidor no puede leerlo. @@ -128,7 +128,7 @@ Body:----------ga-- Níl cead agat rochtain a dhéanamh ar an aidhm faoi iarratais. Is féidir go bhfuil cosaint ar lé air, nó go bhfuil - sé doléite don freastalaí. + sé doléite don freastalaí. @@ -225,6 +225,30 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + + + Du har ikke tilstrekkelige rettigheter for å få tilgang til den + ønskede katalogen. Det eksisterer ikke et indeksdokument, eller + katalogen er lesebeskyttet. + + + + Du har ikke tilstrekkelige rettigheter for å få adgang til det + ønskede dokumentet. Objektet er lesebeskyttet, eller ikke lesbart + for serveren. + + + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_GONE.html.var b/docs/error/HTTP_GONE.html.var index f9356dc9..cd58bccf 100644 --- a/docs/error/HTTP_GONE.html.var +++ b/docs/error/HTTP_GONE.html.var @@ -79,22 +79,22 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - El URL solicitado actualmente no esta disponible en este servidor y - no existe una dirección a la cual referirlo. + La URL solicitada ya no está disponible en este servidor y + no existe una dirección a la cual remitirle. - Por favor comunique al autor de la + Por favor, comunique al autor de la ">página - que lo refirió que el URL es obsoleto. + que le ha remitido que la URL está obsoleta. - Si usted siguió el URL desde una página externa, - por favor contacte al autor de esa página. + Si usted ha seguido un enlace de una página externa, + por favor contacte con el autor de esa página. @@ -256,6 +256,32 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + Den ønskede adressen er ikke lenger tilgjengelig hos denne + serveren og det finnes ingen adresse for videresending. + + + + Venligst informer forfatteren bak + ">den + aktuelle siden om at lenken er utdatert. + + + + Om du fulgte en lenke fra en ekstern side, venligst kontakt + forfatteren bak den siden. + + + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_INTERNAL_SERVER_ERROR.html.var b/docs/error/HTTP_INTERNAL_SERVER_ERROR.html.var index 825fedcd..7cb84203 100644 --- a/docs/error/HTTP_INTERNAL_SERVER_ERROR.html.var +++ b/docs/error/HTTP_INTERNAL_SERVER_ERROR.html.var @@ -85,11 +85,11 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - Se produjo un error interno en el servidor y le - fue imposible completar su solicitud. + Se ha producido un error interno en el servidor y no + se ha podido completar su solicitud. @@ -99,8 +99,10 @@ Body:----------es-- - El servidor puede estar sobrecargado, o hubo un - error en la ejecución de un programa 'CGI'. + Se ha producido un error interno en el servidor y no se + ha podido completar su solicitud. O el servidor está + sobrecargado o ha habido un fallo en la ejecución de + un programa CGI. @@ -274,6 +276,34 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + + + Det inntraff en intern feil hos serveren, og det var ikke mulig å + gjennomføre din forespørsel. + + + + Feilmelding: +
+ + + + Det inntraff en intern feil hos serveren, og det var ikke mulig å + gjennomføre din forespørsel. Serveren er enten overbelastet, eller + CGI-skriptet inneholder feil. + + + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_LENGTH_REQUIRED.html.var b/docs/error/HTTP_LENGTH_REQUIRED.html.var index d13c359c..f542b9d4 100644 --- a/docs/error/HTTP_LENGTH_REQUIRED.html.var +++ b/docs/error/HTTP_LENGTH_REQUIRED.html.var @@ -41,13 +41,12 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - Una solicitud con el método - requiere que el contenido de la variable de los encabezados - Content-Length sea válida. + Una petición con el método requiere que el encabezado + Content-Length sea válido. ----------es-- @@ -136,6 +135,19 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + En forespørsel med + metoden krever en korrekt Content-Length header. + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_METHOD_NOT_ALLOWED.html.var b/docs/error/HTTP_METHOD_NOT_ALLOWED.html.var index 124cd589..1eefb9d7 100644 --- a/docs/error/HTTP_METHOD_NOT_ALLOWED.html.var +++ b/docs/error/HTTP_METHOD_NOT_ALLOWED.html.var @@ -39,11 +39,11 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - El método - no está permitido para el URL solicitado. + No se permite el método + para la URL solicitada. ----------es-- @@ -126,6 +126,19 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + metoden er ikke + tillatt for den forespurte adressen. + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_NOT_FOUND.html.var b/docs/error/HTTP_NOT_FOUND.html.var index 90fdcf7e..442f4968 100644 --- a/docs/error/HTTP_NOT_FOUND.html.var +++ b/docs/error/HTTP_NOT_FOUND.html.var @@ -82,23 +82,23 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - El URL solicitado no ha sido localizado en este servidor. + No se ha localizado la URL solicitada en este servidor. - El URL de la ">página que lo refirió - parece ser equivocado u obsoleto. Por favor comunique al autor - de ">esa - página acerca del error. + La URL de la ">página que le ha remitido + parece ser errónea o estar obsoleta. Por favor, informe del error + al autor de ">esa + página. - Si usted tecleó el URL manualmente, por favor revise su - ortografía y vuélvalo a intentar. + Si usted ha introducido la URL manualmente, por favor revise su + ortografía e inténtelo de nuevo. @@ -267,6 +267,33 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + Den etterspurte adressen finnes ikke på denne serveren. + + + + Lenken på den + ">forrige siden +ser ut til å være feil eller utdatert. Venligst informer forfatteren av + ">siden + om feilen. + + + + Om du skrev inn adressen manuelt, vennligst kontroller stavingen og + forsøk igjen. + + + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_NOT_IMPLEMENTED.html.var b/docs/error/HTTP_NOT_IMPLEMENTED.html.var index 99f19f6a..8dc2f7d9 100644 --- a/docs/error/HTTP_NOT_IMPLEMENTED.html.var +++ b/docs/error/HTTP_NOT_IMPLEMENTED.html.var @@ -37,11 +37,11 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - El servidor no tiene implementada la acción - solicitada por el buscador. + El servidor no soporta la acción + solicitada por el navegador. ----------es-- @@ -119,6 +119,19 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + Serveren støtter ikke den handlingen som ønskes utført av + nettleseren. + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- @@ -184,7 +197,7 @@ Content-language: sv Content-type: text/html; charset=UTF-8 Body:----------sv-- Servern stödjer inte den handling som önskades diff --git a/docs/error/HTTP_PRECONDITION_FAILED.html.var b/docs/error/HTTP_PRECONDITION_FAILED.html.var index ef93e6e1..da69e2b6 100644 --- a/docs/error/HTTP_PRECONDITION_FAILED.html.var +++ b/docs/error/HTTP_PRECONDITION_FAILED.html.var @@ -38,11 +38,11 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - La pre-condición de la solicitud para el - URL no se evaluó positivamente. + No se ha evaluado positivamente la pre-condición + de la petición para la URL. ----------es-- @@ -121,6 +121,19 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + Den nødvendige forutsetningen for forespørselen passerte ikke + vurderingen med positivt resultat. + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var b/docs/error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var index f3e0f661..20bceff6 100644 --- a/docs/error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +++ b/docs/error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var @@ -42,10 +42,10 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - El método + El método no permite transmitir la información, o el volumen de la información excede los límites de capacidad del mismo. @@ -135,6 +135,20 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + metoden tillater ikke + de sendte data eller så overskrider datamengenden + kapasitetsbegrensningen. + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_REQUEST_TIME_OUT.html.var b/docs/error/HTTP_REQUEST_TIME_OUT.html.var index 3f395657..85004a0e 100644 --- a/docs/error/HTTP_REQUEST_TIME_OUT.html.var +++ b/docs/error/HTTP_REQUEST_TIME_OUT.html.var @@ -40,11 +40,11 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - El servidor cerró la conección de red - debido a que el buscador no termino la solicitud + El servidor ha cerrado la conexión de red + debido a que el navegador no ha finalizado la solicitud dentro del tiempo permitido. @@ -129,6 +129,19 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + Serveren stengte forbindelsen fordi nettleseren ikke avsluttet + forespørselen innen tidsgrensen. + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_REQUEST_URI_TOO_LARGE.html.var b/docs/error/HTTP_REQUEST_URI_TOO_LARGE.html.var index ba5b409a..4831c472 100644 --- a/docs/error/HTTP_REQUEST_URI_TOO_LARGE.html.var +++ b/docs/error/HTTP_REQUEST_URI_TOO_LARGE.html.var @@ -40,11 +40,11 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - La longitud del URL solicitado excede el límite de - capacidad para este servidor. La solicitud no puede ser procesada. + La longitud de la URL solicitada excede el límite de + capacidad para este servidor. No se puede procesar la solicitud. ----------es-- @@ -128,6 +128,20 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + Lengden på adressen som etterspurtes overskrider + kapasitetsgrensen for denne serveren. Forespørselen kan + ikke prosesseres. + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_SERVICE_UNAVAILABLE.html.var b/docs/error/HTTP_SERVICE_UNAVAILABLE.html.var index ec021344..e5905ebb 100644 --- a/docs/error/HTTP_SERVICE_UNAVAILABLE.html.var +++ b/docs/error/HTTP_SERVICE_UNAVAILABLE.html.var @@ -43,13 +43,12 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - Por el momento el servidor no puede atender su solicitud - debido a que está en mantenimiento o a que tiene - problemas de capacidad. Por favor intente nuevamente - más tarde. + El servidor no puede procesar su solicitud en este momento + debido a tareas de mantenimiento o a problemas de capacidad. + Por favor, inténtelo de nuevo más tarde. ----------es-- @@ -138,6 +137,19 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + Serveren er midlertidig ikke i stand til å utføre din + forespørsel. Vennligst prøv igjen senere. + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_UNAUTHORIZED.html.var b/docs/error/HTTP_UNAUTHORIZED.html.var index bd799579..2a8994f0 100644 --- a/docs/error/HTTP_UNAUTHORIZED.html.var +++ b/docs/error/HTTP_UNAUTHORIZED.html.var @@ -62,20 +62,20 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + El servidor no puede certificar que usted esté autorizado - para accesar el URL "". - Pudo haber suministrado información incorrecta (ej. - contraseña inválida) o, el buscador no sabe - como suministrar la información requerida. + para acceder a la URL "". + Ha podido suministrar información incorrecta (ej. + contraseña no válida) o el navegador no sabe + cómo suministrar la información requerida. - En caso de que a usted le este permitido accesar el documento, - verifique su nombre de usuario y contraseña y vuélvalo - a intentar. + En caso de que usted tenga permiso para acceder al documento, + por favor verifique su nombre de usuario y contraseña y + vuélvalo a intentar. ----------es-- @@ -209,6 +209,27 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + Serveren kunne ikke verifisere at du har tillatelse til å besøke + adressen "". Enten + oppga du feil opplysninger (f.eks. feil passord) eller så støtter + ikke din nettleser dette autentiseringsystemet. + + + + Om du har tillatelse til å besøke siden, vennligst kontroler ditt + brukernavn og passord og forsøk igjen. + + +----------nb-- + + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var b/docs/error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var index a5a74872..44094cde 100644 --- a/docs/error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +++ b/docs/error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var @@ -37,10 +37,10 @@ Body:----------en-- Content-language: es Content-type: text/html Body:----------es-- - + - El servidor no tiene implementado el tipo + El servidor no soporta el tipo de medio transmitido en la solicitud. @@ -120,6 +120,18 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + Serveren støtter ikke den mediatypen som ble forespurt. + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/HTTP_VARIANT_ALSO_VARIES.html.var b/docs/error/HTTP_VARIANT_ALSO_VARIES.html.var index c38afd47..ba9609c6 100644 --- a/docs/error/HTTP_VARIANT_ALSO_VARIES.html.var +++ b/docs/error/HTTP_VARIANT_ALSO_VARIES.html.var @@ -133,6 +133,19 @@ Body:----------nl-- ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- + + + En variant av den forespurte enheten er i seg selv en forhandelbar + ressurs. Tilgang ikke mulig. + + +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/error/README b/docs/error/README index b369187f..b660d07e 100644 --- a/docs/error/README +++ b/docs/error/README @@ -24,6 +24,7 @@ | Italian (it) | Luigi Rosa | | Japanese (ja) | TAKAHASHI Makoto | | Korean (ko) | Jaeho Shin | + | Norwegian Bokmål (nb) | Tom Fredrik Klaussen | | Polish (pl) | Tomasz Kepczynski | | Romanian (ro) | Andrei Besleaga | | Serbian (sr) | Nikola Smolenski | diff --git a/docs/error/contact.html.var b/docs/error/contact.html.var index 4dea0126..62044cf0 100644 --- a/docs/error/contact.html.var +++ b/docs/error/contact.html.var @@ -74,6 +74,13 @@ Indien u van oordeel bent dat deze server in fout is, gelieve de ">webmaster te contacteren. ----------nl-- +Content-language: nb +Content-type: text/html; charset=UTF-8 +Body:----------nb-- +Om du tror dette skyldes en serverfeil, venligst kontakt +">webansvarlig. +----------nb-- + Content-language: pl Content-type: text/html; charset=UTF-8 Body:----------pl-- diff --git a/docs/man/ab.1 b/docs/man/ab.1 index f9df604f..cbca2f80 100644 --- a/docs/man/ab.1 +++ b/docs/man/ab.1 @@ -19,7 +19,7 @@ .el .ne 3 .IP "\\$1" \\$2 .. -.TH "AB" 1 "2014-06-24" "Apache HTTP Server" "ab" +.TH "AB" 1 "2015-05-01" "Apache HTTP Server" "ab" .SH NAME ab \- Apache HTTP server benchmarking tool @@ -80,7 +80,7 @@ Do HEAD requests instead of GET\&. Enable the HTTP KeepAlive feature, \fIi\&.e\&.\fR, perform multiple requests within one HTTP session\&. Default is no KeepAlive\&. .TP -l -Do not report errors if the length of the responses is not constant\&. This can be usefull for dynamic pages\&. Available in 2\&.4\&.7 and later\&. +Do not report errors if the length of the responses is not constant\&. This can be useful for dynamic pages\&. Available in 2\&.4\&.7 and later\&. .TP -m \fIHTTP-method\fR Custom HTTP method for the requests\&. Available in 2\&.4\&.10 and later\&. diff --git a/docs/manual/bind.html.de b/docs/manual/bind.html.de index cdaba989..02af1105 100644 --- a/docs/manual/bind.html.de +++ b/docs/manual/bind.html.de @@ -1,6 +1,8 @@ - +mod_http2 - Apache HTTP Server Version 2.4 + + + + + + + +
+

Modules | Directives | FAQ | Glossary | Sitemap

+

Apache HTTP Server Version 2.4

+
+
<-
+ +
+

Apache Module mod_http2

+
+

Available Languages:  en 

+
+ + + +
Description:Support for the HTTP/2 transport layer
Status:Extension
ModuleIdentifier:h2_module
SourceFile:mod_http2.c
+

Summary

+ +

This module provides HTTP/2 (RFC 7540) support for the Apache + HTTP Server.

+ +

This module relies on libnghttp2 + to provide the core http/2 engine.

+ +

Warning

+

This module is experimental. Its behaviors, directives, and + defaults are subject to more change from release to + release relative to other standard modules. Users are encouraged to + consult the "CHANGES" file for potential updates.

+
+
+ + +
top
+

H2Direct Directive

+ + + + + + + +
Description:H2 Direct Protocol Switch
Syntax:H2Direct on|off
Default:H2Direct on (for non TLS)
Context:server config, virtual host
Status:Extension
Module:mod_http2
+

+ This directive toggles the usage of the HTTP/2 Direct Mode. This + should be used inside a + <VirtualHost> + section to enable direct HTTP/2 communication for that virtual host. + Direct communication means that if the first bytes received by the + server on a connection match the HTTP/2 preamble, the HTTP/2 + protocol is switched to immediately without further negotiation. + This mode falls outside the RFC 7540 but has become widely implemented + as it is very convenient for development and testing. + By default the direct HTTP/2 mode is enabled. +

+

Example

H2Direct on
+
+ +
+
top
+

H2MaxSessionStreams Directive

+ + + + + + + +
Description:Maximum number of active streams per HTTP/2 session.
Syntax:H2MaxSessionStreams n
Default:H2MaxSessionStreams 100
Context:server config, virtual host
Status:Extension
Module:mod_http2
+

+ This directive sets the maximum number of active streams per HTTP/2 session (e.g. connection) + that the server allows. A stream is active if it is not idle or + closed according to RFC 7540. +

+

Example

H2MaxSessionStreams 20
+
+ +
+
top
+

H2MaxWorkerIdleSeconds Directive

+ + + + + + + +
Description:Maximum number of seconds h2 workers remain idle until shut down.
Syntax:H2MaxWorkerIdleSeconds n
Default:H2MaxWorkerIdleSeconds 600
Context:server config
Status:Extension
Module:mod_http2
+

+ This directive sets the maximum number of seconds a h2 worker may + idle until it shuts itself down. This only happens while the number of + h2 workers exceeds H2MinWorkers. +

+

Example

H2MaxWorkerIdleSeconds 20
+
+ +
+
top
+

H2MaxWorkers Directive

+ + + + + + +
Description:Maximum number of worker threads to use per child process.
Syntax:H2MaxWorkers n
Context:server config
Status:Extension
Module:mod_http2
+

+ This directive sets the maximum number of worker threads to spawn + per child process for HTTP/2 processing. If this directive is not used, + mod_http2 will chose a value suitable for the mpm + module loaded. +

+

Example

H2MaxWorkers 20
+
+ +
+
top
+

H2MinWorkers Directive

+ + + + + + +
Description:Minimal number of worker threads to use per child process.
Syntax:H2MinWorkers n
Context:server config
Status:Extension
Module:mod_http2
+

+ This directive sets the minimum number of worker threads to spawn + per child process for HTTP/2 processing. If this directive is not used, + mod_http2 will chose a value suitable for the mpm + module loaded. +

+

Example

H2MinWorkers 10
+
+ +
+
top
+

H2SerializeHeaders Directive

+ + + + + + + +
Description:Serialize Request/Resoonse Processing Switch
Syntax:H2SerializeHeaders on|off
Default:H2SerializeHeaders off
Context:server config, virtual host
Status:Extension
Module:mod_http2
+

+ This directive toggles if HTTP/2 requests shall be serialized in + HTTP/1.1 format for processing by httpd core or if + received binary data shall be passed into the request_recs + directly. +

+

+ Serialization will lower performance, but gives more backward + compatibility in case custom filters/hooks need it. +

+

Example

H2SerializeHeaders on
+
+ +
+
top
+

H2SessionExtraFiles Directive

+ + + + + + + +
Description:Number of Extra File Handles
Syntax:H2SessionExtraFiles n
Default:H2SessionExtraFiles 5
Context:server config, virtual host
Status:Extension
Module:mod_http2
+

+ This directive sets maximum number of extra file handles + a HTTP/2 session is allowed to use. A file handle is counted as + extra when it is transfered from a h2 worker thread to + the main HTTP/2 connection handling. This commonly happens when + serving static files. +

+ Depending on the processing model configured on the server, the + number of connections times number of active streams may exceed + the number of file handles for the process. On the other hand, + converting every file into memory bytes early results in too + many buffer writes. This option helps to mitigate that. +

+ The number of file handles used by a server process is then in + the order of: +

+ 
(h2_connections * extra_files) + (h2_max_worker)
+

Example

H2SessionExtraFiles 10
+
+ +
+
top
+

H2StreamMaxMemSize Directive

+ + + + + + + +
Description:Maximum amount of output data buffered per stream.
Syntax:H2StreamMaxMemSize bytes
Default:H2StreamMaxMemSize 65536
Context:server config, virtual host
Status:Extension
Module:mod_http2
+

+ This directive sets the maximum number of outgoing data bytes buffered in memory + for an active streams. This memory is not allocated per stream as such. Allocations + are counted against this limit when they are about to be done. Stream processing + freezes when the limit has been reached and will only continue when buffered data + has been sent out to the client. +

+

Example

H2StreamMaxMemSize 128000
+
+ +
+
top
+

H2WindowSize Directive

+ + + + + + + +
Description:Size of Stream Window for upstream data.
Syntax:H2WindowSize bytes
Default:H2WindowSize 65536
Context:server config, virtual host
Status:Extension
Module:mod_http2
+

+ This directive sets the size of the window that is used for flow control + from client to server and limits the amount of data the server has to buffer. + The client will stop sending on a stream once the limit has been reached until + the server announces more available space (as it has processed some of the data). +

+ This limit affects only request bodies, not its meta data such as headers. Also, + it has no effect on response bodies as the window size for those are managed + by the clients. +

+

Example

H2WindowSize 128000
+
+ +
+
+
+

Available Languages:  en 

+
top

Comments

Notice:
This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our mailing lists.
+
+ \ No newline at end of file diff --git a/docs/manual/mod/mod_info.html.en b/docs/manual/mod/mod_info.html.en index 7cef7935..f21851b0 100644 --- a/docs/manual/mod/mod_info.html.en +++ b/docs/manual/mod/mod_info.html.en @@ -91,11 +91,11 @@ configuration

Access control

<Location "/server-info">
     SetHandler server-info
-    Order allow,deny
     # Allow access from server itself
-    Allow from 127.0.0.1
+    Require ip 127.0.0.1
+
     # Additionally, allow access from local workstation
-    Allow from 192.168.1.17
+    Require ip 192.168.1.17
 </Location>
top
diff --git a/docs/manual/mod/mod_info.html.fr b/docs/manual/mod/mod_info.html.fr index 3489ea2d..4ea2c3c7 100644 --- a/docs/manual/mod/mod_info.html.fr +++ b/docs/manual/mod/mod_info.html.fr @@ -94,12 +94,12 @@ serveur

Contrle d'accs

<Location "/server-info">
     SetHandler server-info
-    Order allow,deny
     # Autorisation d'accs depuis le serveur lui-mme
-    Allow from 127.0.0.1
+    Require ip 127.0.0.1
+
     # Autorisation d'accs depuis une station de travail du rseau
 # local
-    Allow from 192.168.1.17
+    Require ip 192.168.1.17
 </Location>
top
diff --git a/docs/manual/mod/mod_log_config.html.tr.utf8 b/docs/manual/mod/mod_log_config.html.tr.utf8 index e9af66ff..bbdbbfdf 100644 --- a/docs/manual/mod/mod_log_config.html.tr.utf8 +++ b/docs/manual/mod/mod_log_config.html.tr.utf8 @@ -32,7 +32,6 @@  ko  |  tr 

-
Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.
@@ -202,17 +201,25 @@ - + + + - + - + - + - + - + - - - + + + - + - +
Açıklama:Sunucuya yapılan isteklerin günlük kayıtlarının tutulması
Durum:Temel
%T Saniye cinsinden, isteği sunmak için harcanan zaman.
%u
%{BİRİM}TBİRİM ile belirtilen zaman birimi cinsinden, isteği + sunmak için harcanan zaman. Geçerli birimler: milisaniye için + ms, mikrosaniye için us, saniye için + s. s kullanımı birimsiz %T ile + aynı sonucu verir; us kullanımı %D ile aynı + sonucu verir. Birimli %T kullanımı 2.4.13 ve sonrasında + geçerlidir.
%u Uzak kullanıcı (kimlik doğrulaması istenmişse vardır; durum kodu (%s) 401 ise yanlış olabilir).
%U
%U Herhangi bir sorgu dizgesi içermeksizin istenen URL yolu.
%v
%v İsteği sunan sunucunun meşru sunucu ismi (ServerName).
%V
%V UseCanonicalName ayarı ile ilgili sunucu ismi.
%X
%X Yanıt tamamlandığında bağlantı durumu: @@ -224,20 +231,22 @@
- = Yanıt gönderildikten sonra bağlantı kapatılacak.
%I
%I İstek ve başlıklar dahil alınan bayt sayısı. Sıfır olamaz. Bunu kullanmak için mod_logio etkin olmalıdır.
%OBaşlıklar dahil gönderilen bayt sayısı. Sıfır olamaz. Bunu - kullanmak için mod_logio etkin olmalıdır.
%S
%OBaşlıklar dahil gönderilen bayt sayısı. Bir yanıtın + gönderilmesinden önce istekten vazgeçilmesi gibi nadir durumlarda + sıfır olabilir. Bunu kullanmak için mod_logio etkin + olmalıdır.
%S Aktarılan bayt sayısı (alınan ve gönderilen), istekler ve başlıklar dahil; sıfır olamaz. %I ve %O'nun birleşimidir. Bunu kullanmak için mod_logio etkinleştirilmelidir.
%{ALANADI}^ti
%{ALANADI}^ti Sunucuya gönderilen istekteki ALANADI: Trailer satır(lar)ının içeriği.
%{VARNAME}^to
%{VARNAME}^to Sunucudan gönderilen yanıttaki ALANADI: Trailer satır(lar)ının içeriği.
@@ -417,10 +426,10 @@ expr=ifade] 
# Biçem dizgesi yerine takma ad içeren CustomLog
 LogFormat "%h %l %u %t \"%r\" %>s %b" common
-CustomLog logs/access_log common
+CustomLog "logs/access_log" common
 
 # Biçem dizgesinin kendisini içeren CustomLog
-CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b"
+CustomLog "logs/access_log" "%h %l %u %t \"%r\" %>s %b"

Üçüncü argüman isteğe bağlı olup,belli bir isteğin günlüğe kaydedilip @@ -438,15 +447,15 @@ CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b" isterseniz:

SetEnvIf Request_URI \.gif$ gif-image
-CustomLog gif-requests.log common env=gif-image
-CustomLog nongif-requests.log common env=!gif-image
+CustomLog "gif-requests.log" common env=gif-image +CustomLog "nongif-requests.log" common env=!gif-image

Veya eski RefererIgnore yönergesinin davranışını taklit etmek isterseniz:

SetEnvIf Referer example\.com localreferer
-CustomLog referer.log referer env=!localreferer
+CustomLog "referer.log" referer env=!localreferer @@ -506,7 +515,7 @@ CustomLog referer.log referer env=!localreferer belirtilmedikçe Ortak Günlük Biçemi öntanımlıdır.

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
-TransferLog logs/access_log
+TransferLog "logs/access_log" diff --git a/docs/manual/mod/mod_logio.html.tr.utf8 b/docs/manual/mod/mod_logio.html.tr.utf8 index e3f43b03..3706245f 100644 --- a/docs/manual/mod/mod_logio.html.tr.utf8 +++ b/docs/manual/mod/mod_logio.html.tr.utf8 @@ -32,7 +32,6 @@  ko  |  tr 

-
Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.
@@ -88,6 +87,9 @@ + +
Açıklama:Her isteğin girdi ve çıktı uzunluklarının günlüklenmesi.
Durum:Eklenti
Aktarılan bayt sayısı (alınan ve gönderilen), istekler ve başlıklar dahil; sıfır olamaz. %I ve %O'nun birleşimidir.
Apache 2.4.7 ve sonrasında kullanılabilmektedir.
%^FBİstek gelip yanıt başlıklarının ilk baytı yazılana kadar mikrosaniye cinsinden geçen zaman. Sadece LogIOTrackTTFB yönergesine ON atanmışsa kullanılabilir.
+ Apache 2.4.13 ve sonrasında kullanılabilir.

Genel olarak, işlevsellik şöyle kullanılır:

@@ -101,16 +103,20 @@
top

LogIOTrackTTFB Yönergesi

- + - -
Açıklama:Enable tracking of time to first byte (TTFB)
Açıklama:İlk baytın yazılmasına kadar geçen süreyi izler
Sözdizimi:LogIOTrackTTFB ON|OFF
Öntanımlı:LogIOTrackTTFB OFF
Bağlam:sunucu geneli, sanal konak, dizin, .htaccess
Geçersizleştirme:none
Durum:Eklenti
Modül:mod_logio
Uyumluluk:Apache HTTP Server 2.4.13 and later

Bu yönergenin belgesi henüz Türkçeye çevrilmedi. - Lütfen İngilizce sürümüne bakınız.

+Uyumluluk:Apache 2.4.13 ve sonrasında kullanılabilir + +

Bu yönerge isteğin okunmasından yanıt başlığının ilk baytının + yazılmasına kadar geçen sürenin izlenmesini yapılandırır. Sonuçlanan + değeri %^FB biçemi ile günlüğe kaydettirebilirsiniz.

+ +

Mevcut Diller:  en  | diff --git a/docs/manual/mod/mod_lua.html.en b/docs/manual/mod/mod_lua.html.en index f5f6989e..f695985e 100644 --- a/docs/manual/mod/mod_lua.html.en +++ b/docs/manual/mod/mod_lua.html.en @@ -165,7 +165,7 @@ function handle(r) -- use our own Error contents r:puts("Unsupported HTTP method " .. r.method) r.status = 405 - return apache2.ok + return apache2.OK else -- use the ErrorDocument return 501 diff --git a/docs/manual/mod/mod_lua.html.fr b/docs/manual/mod/mod_lua.html.fr index a9581f7c..67f37bba 100644 --- a/docs/manual/mod/mod_lua.html.fr +++ b/docs/manual/mod/mod_lua.html.fr @@ -173,7 +173,7 @@ function handle(r) -- message d'erreur personnalis r:puts("Unsupported HTTP method " .. r.method) r.status = 405 - return apache2.ok + return apache2.OK else -- message d'erreur ErrorDocument return 501 diff --git a/docs/manual/mod/mod_proxy.html.en b/docs/manual/mod/mod_proxy.html.en index 81b70bfb..5ce4af60 100644 --- a/docs/manual/mod/mod_proxy.html.en +++ b/docs/manual/mod/mod_proxy.html.en @@ -58,7 +58,7 @@ capabilities

  • mod_proxy_balancer and one or more - balancer modules, if load balancing is required. (See + balancer modules if load balancing is required. (See mod_proxy_balancer for more information.)
  • one or more proxy scheme, or protocol, modules: @@ -93,7 +93,7 @@
  • Basic Examples
  • Access via Handler
  • Workers
    • -
  • Controlling access to your proxy
    • +
  • Controlling Access to Your Proxy
  • Slow Startup
  • Intranet Proxy
  • Protocol Adjustments
    • @@ -157,7 +157,7 @@ server that sits between the client and the origin server. In order to get content from the origin server, the client sends a request to the proxy naming the origin server - as the target and the proxy then requests the content from the + as the target. The proxy then requests the content from the origin server and returns it to the client. The client must be specially configured to use the forward proxy to access other sites.

    @@ -177,15 +177,15 @@

    A reverse proxy (or gateway), by contrast, appears to the client just like an ordinary web server. No special configuration on the client is necessary. - The client makes ordinary requests for content in the name-space + The client makes ordinary requests for content in the namespace of the reverse proxy. The reverse proxy then decides where to - send those requests, and returns the content as if it was itself + send those requests and returns the content as if it were itself the origin.

    A typical usage of a reverse proxy is to provide Internet users access to a server that is behind a firewall. Reverse proxies can also be used to balance load among several back-end - servers, or to provide caching for a slower back-end server. + servers or to provide caching for a slower back-end server. In addition, reverse proxies can be used simply to bring several servers into the same URL space.

    @@ -238,7 +238,7 @@ ProxyVia On

    Workers

    The proxy manages the configuration of origin servers and their communication parameters in objects called workers. - There are two built-in workers, the default forward proxy worker and the + There are two built-in workers: the default forward proxy worker and the default reverse proxy worker. Additional workers can be configured explicitly.

    @@ -258,7 +258,7 @@ ProxyVia On

    This will create a worker associated with the origin server URL - http://backend.example.com and using the given timeout + http://backend.example.com that will use the given timeout values. When used in a forward proxy, workers are usually defined via the ProxySet directive:

    @@ -276,13 +276,13 @@ ProxyVia On

    Using explicitly configured workers in the forward mode is not very common, because forward proxies usually communicate with many different origin servers. Creating explicit workers for some of the - origin servers can still be useful, if they are used very often. + origin servers can still be useful if they are used very often. Explicitly configured workers have no concept of forward or reverse proxying by themselves. They encapsulate a common concept of communication with origin servers. A worker created by ProxyPass for use in a - reverse proxy will be also used for forward proxy requests whenever - the URL to the origin server matches the worker URL and vice versa.

    + reverse proxy will also be used for forward proxy requests whenever + the URL to the origin server matches the worker URL, and vice versa.

    The URL identifying a direct worker is the URL of its origin server including any path components given:

    @@ -307,13 +307,13 @@ ProxyPass "/examples" "http://backend.example.com/examples" timeout=10 worker is used. The benefit is, that there is only one connection pool, so connections are more often reused. Note that all configuration attributes given explicitly for the later worker will be ignored. This will be logged - as a warning. In the above example the resulting timeout value + as a warning. In the above example, the resulting timeout value for the URL /examples will be 60 instead of 10!

    If you want to avoid worker sharing, sort your worker definitions by URL length, starting with the longest worker URLs. If you want to maximize - worker sharing use the reverse sort order. See also the related warning about + worker sharing, use the reverse sort order. See also the related warning about ordering ProxyPass directives.

    @@ -326,7 +326,7 @@ ProxyPass "/examples" "http://backend.example.com/examples" timeout=10 ProxySet.

    The set of options available for a direct worker - depends on the protocol, which is specified in the origin server URL. + depends on the protocol which is specified in the origin server URL. Available protocols include ajp, fcgi, ftp, http and scgi.

    @@ -343,7 +343,7 @@ ProxyPass "/examples" "http://backend.example.com/examples" timeout=10
    top
    -

    Controlling access to your proxy

    +

    Controlling Access to Your Proxy

    You can control who can access your proxy via the <Proxy> control block as in the following example:

    @@ -496,7 +496,7 @@ ProxyPass "/examples" "http://backend.example.com/examples" timeout=10

    This directive allows for growth potential in the number of Balancers available for a virtualhost in addition to the number pre-configured. It only takes effect if there is at - least 1 pre-configured Balancer.

    + least one pre-configured Balancer.

    top
    @@ -528,15 +528,15 @@ ProxyPass "/examples" "http://backend.example.com/examples" timeout=10 Compatibility:BalancerMember is only available in Apache HTTP Server 2.2 and later. -

    This directive adds a member to a load balancing group. It could be used +

    This directive adds a member to a load balancing group. It can be used within a <Proxy balancer://...> container - directive, and can take any of the key value pair parameters available to + directive and can take any of the key value pair parameters available to ProxyPass directives.

    One additional parameter is available only to BalancerMember directives: loadfactor. This is the member load factor - a number between 1 (default) and 100, which defines the weighted load to be applied to the member in question.

    -

    The balancerurl is only needed when not in +

    The balancerurl is only needed when not within a <Proxy balancer://...> container directive. It corresponds to the url of a balancer defined in ProxyPass directive.

    @@ -608,7 +608,7 @@ NoProxy ".example.com" "192.168.112.0/21"

    Note

    Domain name comparisons are done without regard to the case, and Domains are always assumed to be anchored in the root of the - DNS tree, therefore two domains .ExAmple.com and + DNS tree; therefore, the two domains .ExAmple.com and .example.com. (note the trailing period) are considered equal. Since a domain comparison does not involve a DNS lookup, it is much more efficient than subnet comparison.

    @@ -677,7 +677,7 @@ NoProxy ".example.com" "192.168.112.0/21" link.

    Hostname comparisons are done without regard to the case, and Hostnames are always assumed to be anchored in the root - of the DNS tree, therefore two hosts WWW.ExAmple.com + of the DNS tree; therefore, the two hosts WWW.ExAmple.com and www.example.com. (note the trailing period) are considered equal.

    @@ -767,14 +767,14 @@ response Module:mod_proxy

    The ProxyBadHeader directive determines the - behaviour of mod_proxy if it receives syntactically invalid + behavior of mod_proxy if it receives syntactically invalid response header lines (i.e. containing no colon) from the origin server. The following arguments are possible:

    IsError
    Abort the request and end up with a 502 (Bad Gateway) response. This is - the default behaviour.
    + the default behavior.
    Ignore
    Treat bad header lines as if they weren't sent.
    @@ -853,13 +853,13 @@ proxied Status:Extension Module:mod_proxy -

    This directive is useful for reverse-proxy setups, where you want to +

    This directive is useful for reverse-proxy setups where you want to have a common look and feel on the error pages seen by the end user. This also allows for included files (via mod_include's SSI) to get - the error code and act accordingly (default behavior would display - the error page of the proxied server, turning this on shows the SSI - Error message).

    + the error code and act accordingly. (Default behavior would display + the error page of the proxied server. Turning this on shows the SSI + Error message.)

    This directive does not affect the processing of informational (1xx), normal success (2xx), or redirect (3xx) responses.

    @@ -876,12 +876,12 @@ proxied Module:mod_proxy

    The ProxyIOBufferSize directive adjusts the size - of the internal buffer, which is used as a scratchpad for the data between + of the internal buffer which is used as a scratchpad for the data between input and output. The size must be at least 512.

    -

    In almost every case there's no reason to change that value.

    +

    In almost every case, there's no reason to change that value.

    -

    If used with AJP this directive sets the maximum AJP packet size in +

    If used with AJP, this directive sets the maximum AJP packet size in bytes. Values larger than 65536 are set to 65536. If you change it from the default, you must also change the packetSize attribute of your AJP connector on the Tomcat side! The attribute @@ -905,7 +905,7 @@ proxied resources Module:mod_proxy

    The <ProxyMatch> directive is - identical to the <Proxy> directive, except it matches URLs + identical to the <Proxy> directive, except that it matches URLs using regular expressions.

    From 2.4.8 onwards, named groups and backreferences are captured and @@ -938,9 +938,9 @@ through Compatibility:Default behaviour changed in 2.2.7

    The ProxyMaxForwards directive specifies the - maximum number of proxies through which a request may pass, if there's no + maximum number of proxies through which a request may pass if there's no Max-Forwards header supplied with the request. This may - be set to prevent infinite proxy loops, or a DoS attack.

    + be set to prevent infinite proxy loops or a DoS attack.

    Example

    ProxyMaxForwards 15
    @@ -950,7 +950,7 @@ through setting Max-Forwards if the Client didn't set it. Earlier Apache httpd versions would always set it. A negative ProxyMaxForwards value, including the - default -1, gives you protocol-compliant behaviour, but may + default -1, gives you protocol-compliant behavior but may leave you open to loops.

    @@ -966,8 +966,8 @@ through Compatibility:Unix Domain Socket (UDS) support added in 2.4.7

    This directive allows remote servers to be mapped into the - space of the local server; the local server does not act as a - proxy in the conventional sense, but appears to be a mirror of the + space of the local server. The local server does not act as a + proxy in the conventional sense but appears to be a mirror of the remote server. The local server is often called a reverse proxy or gateway. The path is the name of a local virtual path; url is a partial URL for the @@ -982,12 +982,18 @@ through

    In 2.4.7 and later, support for using a Unix Domain Socket is available by using a target which prepends unix:/path/lis.sock|. For example, to proxy - HTTP and target the UDS at /home/www/socket you would use + HTTP and target the UDS at /home/www/socket, you would use unix:/home/www.socket|http://localhost/whatever/.

    Note: The path associated with the unix: URL is DefaultRuntimeDir aware.
    +

    When used inside a <Location> section, the first argument is omitted and the local + directory is obtained from the <Location>. The same will occur inside a + <LocationMatch> section; + however, ProxyPass does not interpret the regexp as such, so it is necessary + to use ProxyPassMatch in this situation instead.

    +

    Suppose the local server has address http://example.com/; then

    @@ -1000,7 +1006,13 @@ through http://example.com/mirror/foo/bar to be internally converted into a proxy request to http://backend.example.com/bar.

    -

    The following alternative syntax is possible, however it can carry a +

    The ProxyPass directive is not supported in <Directory> or <Files> sections.

    + +

    If you require a more flexible reverse-proxy configuration, see the + RewriteRule directive with the + [P] flag.

    + +

    The following alternative syntax is possible; however, it can carry a performance penalty when present in very large numbers. The advantage of the below syntax is that it allows for dynamic control via the Balancer Manager interface:

    @@ -1010,8 +1022,8 @@ through

    If the first argument ends with a trailing /, the second - argument should also end with a trailing / and vice - versa. Otherwise the resulting requests to the backend may miss some + argument should also end with a trailing /, and vice + versa. Otherwise, the resulting requests to the backend may miss some needed slashes and do not deliver the expected results.

    @@ -1041,24 +1053,26 @@ ProxyPass "/mirror/foo" "http://backend.example.com" rules are checked in the order of configuration. The first rule that matches wins. So usually you should sort conflicting ProxyPass rules starting with the - longest URLs first. Otherwise later rules for longer URLS will be hidden + longest URLs first. Otherwise, later rules for longer URLS will be hidden by any earlier rule which uses a leading substring of the URL. Note that there is some relation with worker sharing. In contrast, only one ProxyPass directive can be placed in a Location block, and the most specific location will take precedence.

    -

    For the same reasons exclusions must come before the +

    For the same reasons, exclusions must come before the general ProxyPass directives.

    +

    ProxyPass key=value Parameters

    +

    In Apache HTTP Server 2.1 and later, mod_proxy supports pooled connections to a backend server. Connections created on demand can be retained in a pool for future use. Limits on the pool size and other settings can be coded on the ProxyPass directive - using key=value parameters, described in the table + using key=value parameters, described in the tables below.

    By default, mod_proxy will allow and retain the maximum number of @@ -1094,7 +1108,7 @@ ProxyPass "/mirror/foo" "http://backend.example.com" Maximum number of connections that will be allowed to the backend server. The default for this limit is the number of threads per process in the active MPM. In the Prefork MPM, this is always 1, - while with other MPMs it is controlled by the + while with other MPMs, it is controlled by the ThreadsPerChild directive. smax max @@ -1108,16 +1122,16 @@ ProxyPass "/mirror/foo" "http://backend.example.com" closed more aggressively. acquire - - If set this will be the maximum time to wait for a free + If set, this will be the maximum time to wait for a free connection in the connection pool, in milliseconds. If there are no free - connections in the pool the Apache httpd will return SERVER_BUSY + connections in the pool, the Apache httpd will return SERVER_BUSY status to the client. connectiontimeout timeout Connect timeout in seconds. The number of seconds Apache httpd waits for the creation of a connection to - the backend to complete. By adding a postfix of ms the timeout can be + the backend to complete. By adding a postfix of ms, the timeout can be also set in milliseconds. disablereuse @@ -1142,10 +1156,10 @@ ProxyPass "/mirror/foo" "http://backend.example.com" off Determines whether the proxy module will auto-flush the output brigade after each "chunk" of data. 'off' means that it will flush - only when needed, 'on' means after each chunk is sent and + only when needed; 'on' means after each chunk is sent; and 'auto' means poll/wait for a period of time and flush if no input has been received for 'flushwait' milliseconds. - Currently this is in effect only for AJP. + Currently, this is in effect only for AJP. flushwait 10 @@ -1161,10 +1175,11 @@ ProxyPass "/mirror/foo" "http://backend.example.com" keepalive Off

    This parameter should be used when you have a firewall between your - Apache httpd and the backend server, who tend to drop inactive connections. + Apache httpd and the backend server, which tends to drop inactive connections. This flag will tell the Operating System to send KEEP_ALIVE - messages on inactive connections and thus prevent the firewall to drop the connection. - To enable keepalive set this property value to On.

    + messages on inactive connections and thus prevent the firewall from dropping + the connection. + To enable keepalive, set this property value to On.

    The frequency of initial and subsequent TCP keepalive probes depends on global OS settings, and may be as high as 2 hours. To be useful, the frequency configured in the OS must be smaller than the threshold used @@ -1180,19 +1195,19 @@ ProxyPass "/mirror/foo" "http://backend.example.com" 0 Ping property tells the webserver to "test" the connection to the backend before forwarding the request. For AJP, it causes - mod_proxy_ajpto send a CPING + mod_proxy_ajp to send a CPING request on the ajp13 connection (implemented on Tomcat 3.3.2+, 4.1.28+ and 5.0.13+). For HTTP, it causes mod_proxy_http to send a 100-Continue to the backend (only valid for HTTP/1.1 - for non HTTP/1.1 backends, this property has no - effect). In both cases the parameter is the delay in seconds to wait + effect). In both cases, the parameter is the delay in seconds to wait for the reply. This feature has been added to avoid problems with hung and busy backends. This will increase the network traffic during the normal operation which could be an issue, but it will lower the traffic in case some of the cluster nodes are down or busy. - By adding a postfix of ms the delay can be also set in + By adding a postfix of ms, the delay can be also set in milliseconds. receivebuffersize @@ -1206,16 +1221,16 @@ ProxyPass "/mirror/foo" "http://backend.example.com" - Redirection Route of the worker. This value is usually set dynamically to enable safe removal of the node from - the cluster. If set all requests without session id will be + the cluster. If set, all requests without session id will be redirected to the BalancerMember that has route parameter - equal as this value. + equal to this value. retry 60 Connection pool worker retry timeout in seconds. If the connection pool worker to the backend server is in the error state, Apache httpd will not forward any requests to that server until the timeout - expires. This enables to shut down the backend server for maintenance, + expires. This enables to shut down the backend server for maintenance and bring it back online later. A value of 0 means always retry workers in an error state with no timeout. @@ -1231,11 +1246,11 @@ ProxyPass "/mirror/foo" "http://backend.example.com" - + -
    D: Worker is disabled and will not accept any requests.
    S: Worker is administratively stopped.
    I: Worker is in ignore-errors mode, and will always be considered available.
    I: Worker is in ignore-errors mode and will always be considered available.
    H: Worker is in hot-standby mode and will only be used if no other viable workers are available.
    E: Worker is in an error state.
    N: Worker is in drain mode, and will only accept existing sticky sessions +
    N: Worker is in drain mode and will only accept existing sticky sessions destined for itself and ignore all other requests.
    Status can be set (which is the default) by prepending with '+' or @@ -1260,11 +1275,12 @@ ProxyPass "/mirror/foo" "http://backend.example.com"

    If the Proxy directive scheme starts with the balancer:// (eg: balancer://cluster, - any path information is ignored) then a virtual worker that does not really - communicate with the backend server will be created. Instead it is responsible - for the management of several "real" workers. In that case the special set of - parameters can be add to this virtual worker. See mod_proxy_balancer - for more information about how the balancer works. + any path information is ignored), then a virtual worker that does not really + communicate with the backend server will be created. Instead, it is responsible + for the management of several "real" workers. In that case, the special set of + parameters can be added to this virtual worker. + See mod_proxy_balancer for more information about how + the balancer works.

    Balancer parameters
    @@ -1275,9 +1291,9 @@ ProxyPass "/mirror/foo" "http://backend.example.com" @@ -1285,7 +1301,7 @@ ProxyPass "/mirror/foo" "http://backend.example.com" - @@ -1295,32 +1311,32 @@ ProxyPass "/mirror/foo" "http://backend.example.com" like JSESSIONID or PHPSESSIONID, and it depends on the backend application server that support sessions. If the backend application server uses different name for cookies - and url encoded id (like servlet containers) use | to to separate them. + and url encoded id (like servlet containers) use | to separate them. The first part is for the cookie the second for the path.
    Available in Apache HTTP Server 2.4.4 and later. - - - @@ -1354,13 +1370,13 @@ ProxyPass "/mirror/foo" "http://backend.example.com" retry parameter of the workers if all workers of a balancer are in error state. There might be cases where an already overloaded backend can get into deeper trouble if the recovery of all workers is enforced - without considering the retry parameter of each worker. In this case + without considering the retry parameter of each worker. In this case, set to Off.
    Available in Apache HTTP Server 2.4.2 and later.
    byrequests Balancer load-balance method. Select the load-balancing scheduler method to use. Either byrequests, to perform weighted - request counting, bytraffic, to perform weighted - traffic byte count balancing, or bybusyness, to perform - pending request balancing. Default is byrequests. + request counting; bytraffic, to perform weighted + traffic byte count balancing; or bybusyness, to perform + pending request balancing. The default is byrequests.
    maxattempts One less than the number of workers, or 1 with a single worker.
    nofailover OffIf set to On the session will break if the worker is in + If set to On, the session will break if the worker is in error state or disabled. Set this value to On if backend servers do not support session replication.
    stickysessionsep "." Sets the separation symbol in the session cookie. Some backend application servers - do not use the '.' as the symbol. For example the Oracle Weblogic server uses + do not use the '.' as the symbol. For example, the Oracle Weblogic server uses '!'. The correct symbol can be set using this option. The setting of 'Off' signifies that no symbol is used.
    scolonpathdelim OffIf set to On the semi-colon character ';' will be + If set to On, the semi-colon character ';' will be used as an additional sticky session path delimiter/separator. This is mainly used to emulate mod_jk's behavior when dealing with paths such as JSESSIONID=6736bcf34;foo=aabfa
    timeout 0Balancer timeout in seconds. If set this will be the maximum time - to wait for a free worker. Default is not to wait. + Balancer timeout in seconds. If set, this will be the maximum time + to wait for a free worker. The default is to not wait.
    failonstatus -A single or comma-separated list of HTTP status codes. If set this will + A single or comma-separated list of HTTP status codes. If set, this will force the worker into error state when the backend returns any status code in the list. Worker recovery behaves the same as other worker errors.
    -

    A sample balancer setup

    +

    A sample balancer setup:

    ProxyPass "/special-area" "http://special.example.com" smax=5 max=10
 ProxyPass "/" "balancer://mycluster/" stickysession=JSESSIONID|jsessionid nofailover=On
 <Proxy "balancer://mycluster">
@@ -1371,8 +1387,8 @@ ProxyPass "/" "balancer://mycluster/" stickysession=JSESSIONID|jsessionid nofail
 </Proxy>
    -

    Setting up a hot-standby, that will only be used if no other - members are available

    +

    Setting up a hot-standby that will only be used if no other + members are available:

    ProxyPass "/" "balancer://hotcluster/"
 <Proxy "balancer://hotcluster">
     BalancerMember "ajp://1.2.3.4:8009" loadfactor=1
@@ -1383,12 +1399,14 @@ ProxyPass "/" "balancer://mycluster/" stickysession=JSESSIONID|jsessionid nofail
 </Proxy>
    +

    Additional ProxyPass Keywords

    +

    Normally, mod_proxy will canonicalise ProxyPassed URLs. But this may be incompatible with some backends, particularly those that make use of PATH_INFO. The optional nocanon - keyword suppresses this, and passes the URL path "raw" to the - backend. Note that may affect the security of your backend, as it - removes the normal limited protection against URL-based attacks + keyword suppresses this and passes the URL path "raw" to the + backend. Note that this keyword may affect the security of your backend, + as it removes the normal limited protection against URL-based attacks provided by the proxy.

    Normally, mod_proxy will include the query string when @@ -1396,20 +1414,8 @@ ProxyPass "/" "balancer://mycluster/" stickysession=JSESSIONID|jsessionid nofail The optional noquery keyword (available in httpd 2.4.1 and later) prevents this.

    -

    When used inside a <Location> section, the first argument is omitted and the local - directory is obtained from the <Location>. The same will occur inside a - <LocationMatch> section, - however ProxyPass does not interpret the regexp as such, so it is necessary - to use ProxyPassMatch in this situation instead.

    - -

    This directive is not supported in <Directory> or <Files> sections.

    - -

    If you require a more flexible reverse-proxy configuration, see the - RewriteRule directive with the - [P] flag.

    -

    The optional interpolate keyword, in combination with - ProxyPassInterpolateEnv causes the ProxyPass + ProxyPassInterpolateEnv, causes the ProxyPass to interpolate environment variables, using the syntax ${VARNAME}. Note that many of the standard CGI-derived environment variables will not exist when this interpolation happens, @@ -1442,7 +1448,7 @@ ProxyPassReverse "/mirror/foo/" "https://backend.example.com/" Status:Extension Module:mod_proxy Compatibility:ProxyPassInherit is only available in Apache HTTP Server 2.4.5 and later. - and later. +

    This directive will cause the current server/vhost to "inherit" ProxyPass @@ -1466,18 +1472,18 @@ ProxyPassReverse "/mirror/foo/" "https://backend.example.com/"

    This directive, together with the interpolate argument to ProxyPass, ProxyPassReverse, - ProxyPassReverseCookieDomain and - ProxyPassReverseCookiePath + ProxyPassReverseCookieDomain, and + ProxyPassReverseCookiePath, enables reverse proxies to be dynamically - configured using environment variables, which may be set by + configured using environment variables which may be set by another module such as mod_rewrite. It affects the ProxyPass, ProxyPassReverse, ProxyPassReverseCookieDomain, and - ProxyPassReverseCookiePath directives, + ProxyPassReverseCookiePath directives and causes them to substitute the value of an environment variable varname for the string ${varname} - in configuration directives (if the interpolate option is set).

    + in configuration directives if the interpolate option is set.

    Keep this turned off (for server performance) unless you need it!

    @@ -1491,8 +1497,8 @@ ProxyPassReverse "/mirror/foo/" "https://backend.example.com/" Status:Extension Module:mod_proxy -

    This directive is equivalent to ProxyPass, - but makes use of regular expressions, instead of simple prefix matching. The +

    This directive is equivalent to ProxyPass + but makes use of regular expressions instead of simple prefix matching. The supplied regular expression is matched against the url, and if it matches, the server will substitute any parenthesized matches into the given string and use it as a new url.

    @@ -1543,7 +1549,7 @@ ProxyPassReverse "/mirror/foo/" "https://backend.example.com/"

    Take care when constructing the target URL of the rule, considering the security impact from allowing the client influence over the set of URLs to which your server will act as a proxy. Ensure that the scheme - and hostname part of the URL is either fixed, or does not allow the + and hostname part of the URL is either fixed or does not allow the client undue influence.

    @@ -1562,7 +1568,7 @@ proxied server

    This directive lets Apache httpd adjust the URL in the Location, Content-Location and URI headers on HTTP redirect responses. This is essential when Apache httpd is used as a - reverse proxy (or gateway) to avoid by-passing the reverse proxy + reverse proxy (or gateway) to avoid bypassing the reverse proxy because of HTTP redirects on the backend servers which stay behind the reverse proxy.

    @@ -1570,12 +1576,13 @@ proxied server will be rewritten. Apache httpd will not rewrite other response headers, nor will it by default rewrite URL references inside HTML pages. This means that if the proxied content contains absolute URL - references, they will by-pass the proxy. To rewrite HTML content to + references, they will bypass the proxy. To rewrite HTML content to match the proxy, you must load and enable mod_proxy_html.

    -

    path is the name of a local virtual path. url is a - partial URL for the remote server - the same way they are used for the +

    path is the name of a local virtual path; url is a + partial URL for the remote server. + These parameters are used the same way as for the ProxyPass directive.

    For example, suppose the local server has address @@ -1590,16 +1597,16 @@ ProxyPassReverseCookiePath "/" "/mirror/foo/"

    will not only cause a local request for the http://example.com/mirror/foo/bar to be internally converted into a proxy request to http://backend.example.com/bar - (the functionality ProxyPass provides here). It also takes care - of redirects the server backend.example.com sends: when - http://backend.example.com/bar is redirected by him to - http://backend.example.com/quux Apache httpd adjusts this to + (the functionality which ProxyPass provides here). + It also takes care of redirects which the server backend.example.com + sends when redirecting http://backend.example.com/bar to + http://backend.example.com/quux . Apache httpd adjusts this to http://example.com/mirror/foo/quux before forwarding the HTTP redirect response to the client. Note that the hostname used for constructing the URL is chosen in respect to the setting of the UseCanonicalName directive.

    Note that this ProxyPassReverse directive can - also be used in conjunction with the proxy pass-through feature + also be used in conjunction with the proxy feature (RewriteRule ... [P]) from mod_rewrite because it doesn't depend on a corresponding ProxyPass directive.

    @@ -1613,7 +1620,7 @@ ProxyPassReverseCookiePath "/" "/mirror/foo/" directory is obtained from the <Location>. The same occurs inside a <LocationMatch> section, but will probably not work as intended, as ProxyPassReverse will interpret the regexp literally as a path; if needed in this situation, specify the ProxyPassReverse outside - the section, or in a separate <Location> section.

    + the section or in a separate <Location> section.

    This directive is not supported in <Directory> or <Files> sections.

    @@ -1681,7 +1688,7 @@ context in 2.3.3 and later.

    When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the hostname specified in the - ProxyPass line.

    + ProxyPass line.

    This option should normally be turned Off. It is mostly useful in special configurations like proxied mass name-based virtual @@ -1744,7 +1751,7 @@ ProxyRemote "ftp" "http://ftpproxy.mydomain:8080" as yet another HTTP proxy request, to another proxy which can handle them.

    -

    This option also supports reverse proxy configuration - a backend +

    This option also supports reverse proxy configuration; a backend webserver can be embedded within a virtualhost URL space even if that server is hidden by another forward proxy.

    @@ -1760,7 +1767,7 @@ expressions Module:mod_proxy

    The ProxyRemoteMatch is identical to the - ProxyRemote directive, except the + ProxyRemote directive, except that the first argument is a regular expression match against the requested URL.

    @@ -1841,7 +1848,7 @@ expressions

    Warning

    Keep in mind that the same parameter key can have a different meaning - depending whether it is applied to a balancer or a worker as shown by the two + depending whether it is applied to a balancer or a worker, as shown by the two examples above regarding timeout.

    diff --git a/docs/manual/mod/mod_proxy.html.fr b/docs/manual/mod/mod_proxy.html.fr index d029f813..91f022c5 100644 --- a/docs/manual/mod/mod_proxy.html.fr +++ b/docs/manual/mod/mod_proxy.html.fr @@ -30,8 +30,6 @@  fr  |  ja 

    -
    Cette traduction peut tre prime. Vrifiez la version - anglaise pour les changements rcents.
    @@ -171,7 +169,7 @@ demand. Pour obtenir un contenu hberg par le serveur demand, le client envoie une requte au mandataire en nommant le serveur demand comme - cible, puis le mandataire extrait le contenu depuis le + cible. Le mandataire extrait alors le contenu depuis le serveur demand et le renvoie enfin au client. Le client doit tre configur de manire approprie pour pouvoir utiliser le mandataire direct afin d'accder d'autres sites.

    @@ -283,7 +281,7 @@ ProxyVia On

    Cette directive va crer un worker associ l'URL du serveur - original http://backend.example.com, et utilisant les + original http://backend.example.com qui utilisera les valeurs de timeout donnes. Lorsqu'ils sont utiliss dans le cadre d'un mandataire direct, les workers sont en gnral dfinis via la directive ProxySet,

    @@ -1087,7 +1085,7 @@ l'espace d'URLs du serveur local sont supports partir de la version 2.4.7 du serveur HTTP Apache
    Description:Serveur mandataire/passerelle multi-protocole
    Statut:Extension
    IdentificateurdeModule:proxy_module

    Cette directive permet de rfrencer des serveurs distants depuis - l'espace d'URLs du serveur local ; le serveur + l'espace d'URLs du serveur local. Le serveur local n'agit pas en tant que mandataire au sens conventionnel, mais plutt comme miroir du serveur distant. Le serveur local est souvent nomm mandataire inverse ou @@ -1113,6 +1111,15 @@ sont support unix: tient compte de la directive DefaultRuntimeDir. +

    Lorsque cette directive est utilise dans une section <Location>, le premier + argument est omis et le rpertoire local est obtenu partir de + l'argument de la directive <Location>. Il en est de mme l'intrieur + d'une section <LocationMatch>, mais le rsultat ne sera + probablement pas celui attendu car ProxyPassReverse va interprter + l'expression rationnelle littralement comme un chemin ; si besoin + est dans ce cas, dfinissez la directive ProxyPassReverse en dehors + de la section, ou dans une section <Location> spare.

    +

    Supposons que le serveur local a pour adresse http://example.com/ ; alors la ligne

    @@ -1125,6 +1132,14 @@ sont support http://example.com/miroir/foo/bar en une requte mandate pour http://backend.example.com/bar.

    +

    La directive ProxyPass ne peut pas tre place dans une section + <Directory> ou + <Files>.

    + +

    Si vous avez besoin d'un configuration de mandataire inverse plus + souple, reportez-vous la documentaion de la directive RewriteRule et son drapeau + [P].

    +

    La syntaxe alternative suivante est valide, bien qu'elle puisse induire une dgradation des performances lorsqu'elle est prsente en trs grand nombre. Elle possde l'avantage de @@ -1180,14 +1195,16 @@ ProxyPass "/mirror/foo" "http://backend.example.com" +

    ProxyPass cl=valeur Paramtres

    +

    Depuis la version 2.1 du serveur HTTP Apache, mod_proxy supporte les groupements de connexions vers un serveur d'arrire-plan. Les connexions cres la demande peuvent tre enregistres dans un groupement pour une utilisation ultrieure. La taille du groupe ainsi que d'autres caractristiques peuvent tre dfinies via la directive ProxyPass au moyen de paramtres - cl=valeur dont la description fait l'objet du tableau - ci-dessous.

    + cl=valeur dont la description fait l'objet des + tableaux ci-dessous.

    Par dfaut, mod_proxy permet et met en rserve le nombre maximum de connexions pouvant tre utilises simultanment par le processus @@ -1281,8 +1298,9 @@ ProxyPass "/mirror/foo" "http://backend.example.com" off Permet de dfinir si le module mandataire doit vider automatiquement le tampon de sortie aprs chaque tronon de - donnes. 'off' signifie que le tampon sera vid si ncessaire, - 'on' que le tampon sera vid aprs chaque envoi d'un + donnes. 'off' signifie que le tampon sera vid si + ncessaire ; + 'on' signifie que le tampon sera vid aprs chaque envoi d'un tronon de donnes, et 'auto' que le tampon sera vid aprs un dlai de 'flushwait' millisecondes si aucune entre n'est reue. Actuellement, cette cl n'est supporte que par AJP. @@ -1456,7 +1474,7 @@ ProxyPass "/mirror/foo" "http://backend.example.com" Off Si ce paramtre est dfini On, la session va s'interrompre si le serveur cible est dans un tat d'erreur ou - dsactiv. Dfinissez ce paramtre On si le serveur + dsactiv. Dfinissez ce paramtre On si le serveur d'arrire-plan ne supporte pas la rplication de session. stickysession @@ -1465,7 +1483,7 @@ ProxyPass "/mirror/foo" "http://backend.example.com" gnralement du style JSESSIONID ou PHPSESSIONID, et dpend du serveur d'application d'arrire-plan qui supporte les sessions. Si le serveur - d'application d'arrire-plan utilise des noms diffrents pour + d'application d'arrire-plan utilise un nom diffrent pour les cookies et les identifiants cods d'URL (comme les conteneurs de servlet), sparez-les par le caractre '|'. La premire partie contient le cookie et la seconde le chemin.
    @@ -1569,6 +1587,8 @@ ProxyPass "/" "balancer://mycluster/" stickysession=JSESSIONID|jsessionid nofail </Proxy> +

    Mots-cls additionnels de ProxyPass

    +

    Normalement, mod_proxy va mettre sous leur forme canonique les URLs traites par ProxyPass. Mais ceci peut tre incompatible avec certains serveurs d'arrire-plan, et en particulier avec ceux qui @@ -1793,8 +1813,9 @@ par un serveur mandat

    chemin est le nom d'un chemin virtuel local. - url est une URL partielle pour le serveur distant - ils - sont utiliss de la mme faon qu'avec la directive ProxyPass.

    + url est une URL partielle pour le serveur distant. Ces + paramtres s'utilisent de la mme faon qu'avec la + directive ProxyPass.

    Supposons par exemple que le serveur local a pour adresse http://example.com/ ; alors

    @@ -1810,17 +1831,18 @@ ProxyPassReverseCookiePath "/" "/mirror/foo/" requte mandate pour http://backend.example.com/bar (la fonctionnalit fournie par ProxyPass). Il va aussi s'occuper des redirections que le serveur - backend.example.com envoie : lorsque - http://backend.example.com/bar est redirig par - celui-ci vers http://backend.example.com/quux, Apache + backend.example.com envoie lorsqu'il redirige + http://backend.example.com/bar vers + http://backend.example.com/quux. Apache httpd corrige ceci en http://example.com/miroir/foo/quux avant de faire suivre la redirection HTTP au client. Notez que le nom d'hte utilis pour construire l'URL est choisi en respectant la dfinition de la directive UseCanonicalName.

    Notez que la directive ProxyPassReverse - peut aussi tre utilise en conjonction avec la fonctionnalit - pass-through (RewriteRule ... [P]) du module + peut aussi tre utilise en conjonction avec la + fonctionnalit de mandataire + (RewriteRule ... [P]) du module mod_rewrite, car elle ne dpend pas d'une directive ProxyPass correspondante.

    @@ -1912,7 +1934,7 @@ dans un contexte de r

    Lorsqu'elle est active, cette directive va transmettre l'en-tte Host: de la requte entrante vers le serveur mandat, au lieu du nom - d'hte spcifi par la directive ProxyPass.

    + d'hte spcifi par la directive ProxyPass.

    Cette directive est habituellement dfinie Off. Elle est principalement utile dans les configurations particulires @@ -1983,7 +2005,7 @@ ProxyRemote "ftp" "http://ftpproxy.mydomain:8080" HTTP, vers un autre mandataire capable de les traiter.

    Cette directive supporte aussi les configurations de mandataire - inverse - un serveur web d'arrire-plan peut tre intgr dans + inverse ; un serveur web d'arrire-plan peut tre intgr dans l'espace d'URL d'un serveur virtuel, mme si ce serveur est cach par un autre mandataire direct.

    diff --git a/docs/manual/mod/mod_proxy.html.ja.utf8 b/docs/manual/mod/mod_proxy.html.ja.utf8 index 2519a3b2..fd6a41b7 100644 --- a/docs/manual/mod/mod_proxy.html.ja.utf8 +++ b/docs/manual/mod/mod_proxy.html.ja.utf8 @@ -925,7 +925,7 @@ ステータス:Extension モジュール:mod_proxy 互換性:ProxyPassInherit is only available in Apache HTTP Server 2.4.5 and later. - and later. +

    このディレクティブの解説文書は まだ翻訳されていません。英語版をご覧ください。

    diff --git a/docs/manual/mod/mod_rewrite.html.en b/docs/manual/mod/mod_rewrite.html.en index ecacc71c..a5a44289 100644 --- a/docs/manual/mod/mod_rewrite.html.en +++ b/docs/manual/mod/mod_rewrite.html.en @@ -361,7 +361,7 @@ AliasMatch "^/myapp" "/opt/myapp-1.2.3"
    The path component of the requested URI, such as "/index.html". This notably excludes the - query string which is available as as its own variable + query string which is available as its own variable named QUERY_STRING.
    THE_REQUEST
    @@ -422,7 +422,9 @@ AliasMatch "^/myapp" "/opt/myapp-1.2.3" mod_ssl is loaded, but will always expand to the empty string if it is not. Example: %{SSL:SSL_CIPHER_USEKEYSIZE} may expand to - 128. + 128. These variables are available even without + setting the StdEnvVars option of the + SSLOptions directive.
  • %{HTTP:header}, where header can be diff --git a/docs/manual/mod/mod_rewrite.html.fr b/docs/manual/mod/mod_rewrite.html.fr index 67a9981f..c7401c43 100644 --- a/docs/manual/mod/mod_rewrite.html.fr +++ b/docs/manual/mod/mod_rewrite.html.fr @@ -29,6 +29,8 @@

    Langues Disponibles:  en  |  fr 

    +
    Cette traduction peut tre prime. Vrifiez la version + anglaise pour les changements rcents.
    diff --git a/docs/manual/mod/mod_socache_memcache.html.en b/docs/manual/mod/mod_socache_memcache.html.en index 276157f5..0a96035a 100644 --- a/docs/manual/mod/mod_socache_memcache.html.en +++ b/docs/manual/mod/mod_socache_memcache.html.en @@ -57,10 +57,45 @@

    Directives

    -

    This module provides no - directives.

    +
    +
    top
    +

    MemcacheConnTTL Directive

    +
    Description:Ce module fournit un moteur de rcriture base de rgles permettant de rcrire les URLs des requtes la vole
    + + + + + + + +
    Description:Keepalive time for idle connections
    Syntax:MemcacheConnTTL num[units]
    Default:MemcacheConnTTL 15s
    Context:server config, virtual host
    Status:Extension
    Module:mod_socache_memcache
    Compatibility:Available in Apache 2.4.17 and later
    + +

    Set the time to keep idle connections with the memcache server(s) + alive (threaded platforms only).

    + +

    Valid values for MemcacheConnTTL are times + up to one hour. 0 means no timeout.

    + +

    This timeout defaults to units of seconds, but accepts + suffixes for milliseconds (ms), seconds (s), minutes (min), and hours (h). +

    + +

    Before Apache 2.4.17, this timeout was hardcoded and its value was 600 usec. + So, the closest configuration to match the legacy behaviour is to set + MemcacheConnTTL to 1ms.

    + + 
    # Set a timeout of 10 minutes
+MemcacheConnTTL 10min
+# Set a timeout of 60 seconds
+MemcacheConnTTL 60
    +
    + + +

    Available Languages:  en  | diff --git a/docs/manual/mod/mod_socache_memcache.html.fr b/docs/manual/mod/mod_socache_memcache.html.fr index 184c7e93..95af8778 100644 --- a/docs/manual/mod/mod_socache_memcache.html.fr +++ b/docs/manual/mod/mod_socache_memcache.html.fr @@ -58,9 +58,50 @@

    Directives

    -

    Ce module ne fournit aucune directive.

    +
    +
    top
    +

    Directive MemcacheConnTTL

    + + + + + + + + +
    Description:Dure de conservation des connexions inactives
    Syntaxe:MemcacheConnTTL num[units]
    Dfaut:MemcacheConnTTL 15s
    Contexte:configuration du serveur, serveur virtuel
    Statut:Extension
    Module:mod_socache_memcache
    Compatibilit:Disponible partir de la version 2.4.17 du serveur HTTP +Apache.
    + +

    Dfinit la dure pendant laquelle les connexions + inactives avec le(s) serveur(s) memcache seront conserves + (plateformes threades seulement).

    + +

    Les valeurs valides de la directive + MemcacheConnTTL sont des dures d'une heure + maximum. La valeur 0 signifie une absence de premption

    + +

    L'unit par dfaut pour ce dlai est la seconde, mais vous + pouvez ajouter un suffixe pour spcifier une unit diffrente ; ms + pour milliseconde, s pour seconde, min pour minute et h pour heure.. +

    + +

    Dans les versions antrieures 2.4.17, ce dlai tait cod en + dur et sa valeur tait 600 microsecondes. La valeur la plus proche + de cette ancienne valeur pour la directive + MemcacheConnTTL est donc 1ms.

    + + 
    # Dfinition d'un dlai de 10 minutes
+MemcacheConnTTL 10min
+# Dfinition d'un dlai de 60 secondes
+MemcacheConnTTL 60
    +
    + + +

    Langues Disponibles:  en  | diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en index 206537f0..6a0c4614 100644 --- a/docs/manual/mod/mod_ssl.html.en +++ b/docs/manual/mod/mod_ssl.html.en @@ -160,6 +160,7 @@ compatibility variables.

    SSL_CLIENT_S_DN_x509 string Component of client's Subject DN SSL_CLIENT_SAN_Email_n string Client certificate's subjectAltName extension entries of type rfc822Name SSL_CLIENT_SAN_DNS_n string Client certificate's subjectAltName extension entries of type dNSName +SSL_CLIENT_SAN_OTHER_msUPN_n string Client certificate's subjectAltName extension entries of type otherName, Microsoft User Principal Name form (OID 1.3.6.1.4.1.311.20.2.3) SSL_CLIENT_I_DN string Issuer DN of client's certificate SSL_CLIENT_I_DN_x509 string Component of client's Issuer DN SSL_CLIENT_V_START string Validity of client's certificate (start time) @@ -176,6 +177,7 @@ compatibility variables.

    SSL_SERVER_S_DN string Subject DN in server's certificate SSL_SERVER_SAN_Email_n string Server certificate's subjectAltName extension entries of type rfc822Name SSL_SERVER_SAN_DNS_n string Server certificate's subjectAltName extension entries of type dNSName +SSL_SERVER_SAN_OTHER_dnsSRV_n string Server certificate's subjectAltName extension entries of type otherName, SRVName form (OID 1.3.6.1.5.5.7.8.7, RFC 4985) SSL_SERVER_S_DN_x509 string Component of server's Subject DN SSL_SERVER_I_DN string Issuer DN of server's certificate SSL_SERVER_I_DN_x509 string Component of server's Issuer DN @@ -259,6 +261,9 @@ For backward compatibility there is additionally a special provided. Information about this function is provided in the Compatibility chapter.

    Example

    CustomLog "logs/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    +

    These formats even work without setting the StdEnvVars +option of the SSLOptions +directive.

    top

    Request Notes

    @@ -596,7 +601,7 @@ algorithm type.

    -Finally the the end-entity certificate's private key can also be +Finally the end-entity certificate's private key can also be added to the certificate file instead of using a separate SSLCertificateKeyFile directive. This practice is highly discouraged. If it is used, @@ -769,8 +774,8 @@ prefixes are:

    aNULL, eNULL and EXP ciphers are always disabled

    Beginning with version 2.4.7, null and export-grade -ciphers are always disabled, as mod_ssl unconditionally prepends any supplied -cipher suite string with !aNULL:!eNULL:!EXP: at initialization.

    +ciphers are always disabled, as mod_ssl unconditionally adds +!aNULL:!eNULL:!EXP to any cipher string at initialization.

    A simpler way to look at all of this is to use the ``openssl ciphers @@ -1118,7 +1123,7 @@ features are added to OpenSSL.

    depends on the OpenSSL version being used for mod_ssl (at least version 1.0.2 is required). For a list of supported command names, see the section Supported configuration file commands in the -SSL_CONF_cmd(3) manual page for OpenSSL.

    +SSL_CONF_cmd(3) manual page for OpenSSL.

    Some of the SSLOpenSSLConfCmd commands can be used as an alternative to existing directives (such as @@ -1333,7 +1338,7 @@ query can be done in two ways which can be configured by - + @@ -1348,7 +1353,8 @@ The available (case-insensitive) protocols are:

    This is the Secure Sockets Layer (SSL) protocol, version 3.0, from the Netscape Corporation. - It is the successor to SSLv2 and the predecessor to TLSv1.

    + It is the successor to SSLv2 and the predecessor to TLSv1, but is + deprecated in RFC 7568.

  • TLSv1

    @@ -1371,7 +1377,9 @@ The available (case-insensitive) protocols are:

    This is a shortcut for ``+SSLv3 +TLSv1'' or - when using OpenSSL 1.0.1 and later - - ``+SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2, respectively.

    • + ``+SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2'', respectively + (except for OpenSSL versions compiled with the ``no-ssl3'' configuration + option, where all does not include +SSLv3).

    Example

    SSLProtocol TLSv1
    @@ -1713,7 +1721,7 @@ directory contains the appropriate symbolic links.

    Description:Configure usable SSL/TLS protocol versions
    Syntax:SSLProtocol [+|-]protocol ...
    Default:SSLProtocol all
    Default:SSLProtocol all -SSLv3 (up to 2.4.16: all)
    Context:server config, virtual host
    Status:Extension
    Module:mod_ssl
    - + diff --git a/docs/manual/mod/mod_ssl.html.fr b/docs/manual/mod/mod_ssl.html.fr index a8dc92d0..75fd7dbd 100644 --- a/docs/manual/mod/mod_ssl.html.fr +++ b/docs/manual/mod/mod_ssl.html.fr @@ -29,6 +29,8 @@

    Langues Disponibles:  en  |  fr 

    +
    Cette traduction peut tre prime. Vrifiez la version + anglaise pour les changements rcents.
    Description:Configure usable SSL protocol flavors for proxy usage
    Syntax:SSLProxyProtocol [+|-]protocol ...
    Default:SSLProxyProtocol all
    Default:SSLProxyProtocol all -SSLv3 (up to 2.4.16: all)
    Context:server config, virtual host
    Override:Options
    Status:Extension
    @@ -186,6 +188,9 @@ export + + @@ -226,6 +231,9 @@ certificat de serveur de type rfc822Name + + @@ -892,9 +900,9 @@ peut plus y EXP sont toujours dsactivs

    Depuis la version 2.4.7, les algorithmes de type null ou destins l'exportation sont toujours -dsactivs car mod_ssl fait -obligatoirement prcder toute chane de suite d'algorithmes par -!aNULL:!eNULL:!EXP: l'initialisation.

    +dsactivs car mod_ssl ajoute obligatoirement +!aNULL:!eNULL:!EXP toute chane d'algorithme de +chiffrement l'initialisation.

    Pour vous simplifier la vie, vous pouvez utiliser la commande @@ -1266,8 +1274,7 @@ ce dernier beaucoup plus souple.

    utilise pour mod_ssl (la version minimale 1.0.2 est un prrequis). Pour obtenir la liste des commandes supportes, voir la section Supported configuration file commands de la page de -manuel SSL_CONF_cmd(3) -d'OpenSSL.

    +manuel d'OpenSSL SSL_CONF_cmd(3).

    Certaines commandes peuvent remplacer des directives existantes (comme SSLCipherSuite ou @@ -1514,7 +1521,7 @@ cette demande peut

    - + @@ -1530,7 +1537,9 @@ casse) :

    Il s'agit du protocole Secure Sockets Layer (SSL) version 3.0 de Netscape Corporation. C'est le successeur de SSLv2 et le - prdcesseur de TLSv1.

    + prdcesseur de TLSv1, mais est considr comme + obsolte dans la RFC + 7568

  • TLSv1

    @@ -1549,7 +1558,10 @@ casse) :

  • all

    C'est un raccourci pour ``+SSLv3 +TLSv1'' ou - partir - de la version 1.0.1 d'OpenSSL - ``+SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2.

    • + de la version 1.0.1 d'OpenSSL - ``+SSLv3 +TLSv1 +TLSv1.1 + +TLSv1.2'' (sauf si OpenSSL a t compil avec l'option + ``no-ssl3'', auquel cas all n'inclura pas + +SSLv3).

    Exemple

    SSLProtocol TLSv1
    @@ -1927,7 +1939,7 @@ assurer que ce r - + diff --git a/docs/manual/mod/mod_status.html.tr.utf8 b/docs/manual/mod/mod_status.html.tr.utf8 index d89dce5b..a70919e8 100644 --- a/docs/manual/mod/mod_status.html.tr.utf8 +++ b/docs/manual/mod/mod_status.html.tr.utf8 @@ -32,7 +32,6 @@  ko  |  tr 

    -
    Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.
    Description:Chiffrement de haut niveau bas sur les protocoles Secure Sockets Layer (SSL) et Transport Layer Security (TLS)
    Statut:Extension
    Les entres d'extension subjectAltName du certificat client de type rfc822Name
    SSL_CLIENT_SAN_DNS_n chane Les entres d'extension subjectAltName du certificat client de type dNSName
    SSL_CLIENT_SAN_OTHER_msUPN_nchane Extensions subjectAltName de type otherName du +certificat client, forme Microsoft du nom principal de l'utilisateur (OID 1.3.6.1.4.1.311.20.2.3)
    SSL_CLIENT_I_DN chane DN de l'metteur du certificat du client
    SSL_CLIENT_I_DN_x509 chane
    SSL_SERVER_SAN_DNS_n chane Les entres d'extension subjectAltName du certificat de serveur de type dNSName
    SSL_SERVER_SAN_OTHER_dnsSRV_nchane Extensions subjectAltName de type otherName du +certificat serveur, sous la forme SRVName (OID 1.3.6.1.5.5.7.8.7, RFC 4985)
    SSL_SERVER_I_DN chane DN de l'metteur du certificat du serveur
    SSL_SERVER_I_DN_x509 chane
    Description:Indique les versions du protocole SSL/TLS disponibles
    Syntaxe:SSLProtocol [+|-]protocole ...
    Dfaut:SSLProtocol all
    Dfaut:SSLProtocol all -SSLv3 (jusqu' la version 2.4.16 : all)
    Contexte:configuration du serveur, serveur virtuel
    Statut:Extension
    Module:mod_ssl
    Description:Dfinit les protocoles SSL disponibles pour la fonction de mandataire
    Syntaxe:SSLProxyProtocol [+|-]protocole ...
    Dfaut:SSLProxyProtocol all
    Dfaut:SSLProxyProtocol all -SSLv3 (jusqu' la version 2.4.16: all)
    Contexte:configuration du serveur, serveur virtuel
    AllowOverride:Options
    Statut:Extension
    @@ -93,7 +92,7 @@ etkin kılınmak istenirse httpd.conf dosyasına şu satırlar eklenebilir:

    -
    <Location /server-status>
+
    <Location "/server-status">
     SetHandler server-status
     Require host example.com
 </Location>
    
diff --git a/docs/manual/mod/mod_substitute.html.en b/docs/manual/mod/mod_substitute.html.en
index 423ce021..7de791f8 100644
--- a/docs/manual/mod/mod_substitute.html.en
+++ b/docs/manual/mod/mod_substitute.html.en
@@ -43,6 +43,7 @@
 
@@ -129,6 +130,27 @@ Substitute "s|http://internal.blog.example.com/|http://www.example.com/blog/|i"<
     fixing up the HTML response as well.
    
 
 
+
+
    top
    
+
    SubstituteInheritBefore Directive
    
+
    Açıklama:Sunucu etkinliği ve başarımı hakkında bilgi sağlar.
    Durum:Temel
    Modül Betimleyici:status_module
    + + + + + + + + +
    Description:Change the merge order of inherited patterns
    Syntax:SubstituteInheritBefore on|off
    Default:SubstituteInheritBefore off
    Context:directory, .htaccess
    Override:FileInfo
    Status:Extension
    Module:mod_substitute
    Compatibility:Available in httpd 2.4.17 and later
    +

    Whether to apply the inherited Substitute + patterns first (on), or after the ones of the current + context (off). + SubstituteInheritBefore is itself inherited, + hence contexts that inherit it (those that don't specify their own + SubstituteInheritBefore value) will apply the + closest defined merge order.

    +
    top

    SubstituteMaxLineLength Directive

    diff --git a/docs/manual/mod/mod_substitute.html.fr b/docs/manual/mod/mod_substitute.html.fr index 08510a98..f631c46a 100644 --- a/docs/manual/mod/mod_substitute.html.fr +++ b/docs/manual/mod/mod_substitute.html.fr @@ -29,6 +29,8 @@

    Langues Disponibles:  en  |  fr 

    +
    Cette traduction peut tre prime. Vrifiez la version + anglaise pour les changements rcents.
    @@ -45,6 +47,7 @@ du serveur HTTP Apache
    Description:Effectue des oprations de recherche/remplacement sur les corps de rponses
    Statut:Extension
    @@ -144,6 +147,20 @@ Substitute "s|http://internal.blog.example.com/|http://www.example.com/blog/|i"<
    top
    +

    Directive SubstituteInheritBefore

    + + + + + + + + + +
    Description:Change the merge order of inherited patterns
    Syntaxe:SubstituteInheritBefore on|off
    Dfaut:SubstituteInheritBefore off
    Contexte:rpertoire, .htaccess
    AllowOverride:FileInfo
    Statut:Extension
    Module:mod_substitute
    Compatibilit:Available in httpd 2.4.17 and later

    La documentation de cette directive + n'a pas encore t traduite. Veuillez vous reporter la version + en langue anglaise.

    +
    top

    Directive SubstituteMaxLineLength

    diff --git a/docs/manual/mod/mod_vhost_alias.html.tr.utf8 b/docs/manual/mod/mod_vhost_alias.html.tr.utf8 index 08cabf79..6db9b0b1 100644 --- a/docs/manual/mod/mod_vhost_alias.html.tr.utf8 +++ b/docs/manual/mod/mod_vhost_alias.html.tr.utf8 @@ -30,7 +30,6 @@  fr  |  tr 

    -
    Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.
    Description:Dfinit la longueur de ligne maximale
    @@ -51,8 +50,8 @@ her durumda /cgi-bin/script.pl betiğini /usr/local/apache2/cgi-bin/script.pl betiğine eşleyecektir:

    - 
    ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/
-VirtualScriptAlias /nerede/bilinmiyor/%0/cgi-bin/
    + 
    ScriptAlias "/cgi-bin/" "/usr/local/apache2/cgi-bin/"
+VirtualScriptAlias "/nerede/bilinmiyor/%0/cgi-bin/"
    @@ -144,7 +143,7 @@ Sanal Barındırma aşağıdaki yönergeler kullanılıyor olsun:

    UseCanonicalName    Off
-VirtualDocumentRoot /usr/local/apache/sankonlar/%0
    +VirtualDocumentRoot "/usr/local/apache/sankonlar/%0"

    http://example.com/dizin/dosya.html için yapılan bir istek @@ -156,7 +155,7 @@ VirtualDocumentRoot /usr/local/apache/sankonlar/%0 yapılandırma dosyanızda şöyle yapabilirsiniz:

    UseCanonicalName    Off
-VirtualDocumentRoot /usr/local/apache/sankonlar/%3+/%2.1/%2.2/%2.3/%2
    +VirtualDocumentRoot "/usr/local/apache/sankonlar/%3+/%2.1/%2.2/%2.3/%2"

    http://falan.filan.example.com/dizin/dosya.html için @@ -166,7 +165,7 @@ VirtualDocumentRoot /usr/local/apache/sankonlar/%3+/%2.1/%2.2/%2.3/%2

    Bu sefer de parçaları ismin sonundan toplayalım:

    - 
    VirtualDocumentRoot /usr/local/apache/sankonlar/%3+/%2.-1/%2.-2/%2.-3/%2
    + 
    VirtualDocumentRoot "/usr/local/apache/sankonlar/%3+/%2.-1/%2.-2/%2.-3/%2"

    Bu durumda istek @@ -175,7 +174,7 @@ VirtualDocumentRoot /usr/local/apache/sankonlar/%3+/%2.1/%2.2/%2.3/%2

    Şöyle bir şey de yapabilirsiniz:

    - 
    VirtualDocumentRoot /usr/local/apache/sankonlar/%3+/%2.1/%2.2/%2.3/%2.4+
    + 
    VirtualDocumentRoot "/usr/local/apache/sankonlar/%3+/%2.1/%2.2/%2.3/%2.4+"

    Bu örnek için istek @@ -206,8 +205,8 @@ VirtualDocumentRoot /usr/local/apache/sankonlar/%3+/%2.1/%2.2/%2.3/%2 olabilirdi:

    UseCanonicalName DNS
-VirtualDocumentRootIP /usr/local/apache/sankonlar/%1/%2/%3/%4/belgeler
-VirtualScriptAliasIP  /usr/local/apache/sankonlar/%1/%2/%3/%4/cgi-bin
    +VirtualDocumentRootIP "/usr/local/apache/sankonlar/%1/%2/%3/%4/belgeler" +VirtualScriptAliasIP "/usr/local/apache/sankonlar/%1/%2/%3/%4/cgi-bin"

    http://falan.filan.example.com/dizin/dosya.html için @@ -224,7 +223,7 @@ VirtualScriptAliasIP /usr/local/apache/sankonlar/%1/%2/%3/%4/cgi-bin karakterini içermesini isterseniz, bir biçem belirteci ile karışıklığa sebep olmaksızın bunu şöyle sağlayabilirsiniz:

    - 
    VirtualDocumentRoot /usr/local/apache/sankonlar/%2.0.%3.0
    + 
    VirtualDocumentRoot "/usr/local/apache/sankonlar/%2.0.%3.0"

    Bu durumda http://falan.filan.example.com/dizin/dosya.html diff --git a/docs/manual/mod/mpm_common.html.de b/docs/manual/mod/mpm_common.html.de index 44c15339..1198797d 100644 --- a/docs/manual/mod/mpm_common.html.de +++ b/docs/manual/mod/mpm_common.html.de @@ -46,6 +46,7 @@

  • GracefulShutdownTimeout
  • Listen
  • ListenBackLog
    • +
  • ListenCoresBucketsRatio
  • MaxConnectionsPerChild
  • MaxMemFree
  • MaxRequestWorkers
    • @@ -127,7 +128,7 @@ will exit. - +
    Açıklama:Kitlesel sanal konakların devingen olarak yapılandırılmasını sağlar
    Durum:Eklenti
    Modül Betimleyici:vhost_alias_module
    Voreinstellung:GracefulShutdownTimeout 0
    Kontext:Serverkonfiguration
    Status:MPM
    Modul:prefork, worker, event
    Modul:event, worker, prefork
    Kompatibilitt:Available in version 2.2 and later

    Die Dokumentation zu dieser Direktive wurde noch nicht bersetzt. Bitte schauen Sie in die englische @@ -224,6 +225,24 @@ will exit.

    top
    +

    ListenCoresBucketsRatio-Direktive

    + + + + + + + + +
    Beschreibung:Ratio between the number of CPU cores (online) and the number of +listeners' buckets
    Syntax:ListenCoresBucketsRatio ratio
    Voreinstellung:ListenCoresBucketsRatio 0 (disabled)
    Kontext:Serverkonfiguration
    Status:MPM
    Modul:event, worker, prefork
    Kompatibilitt:Available in Apache HTTP Server 2.4.17, with a kernel supporting +the socket option SO_REUSEPORT and distributing new connections +evenly accross listening processes' (or threads') sockets using it (eg. Linux +3.9 and later, but not the current implementations of SO_REUSEPORT +in *BSDs.

    Die Dokumentation zu dieser Direktive wurde + noch nicht bersetzt. Bitte schauen Sie in die englische + Version.

    +
    top

    MaxConnectionsPerChild-Direktive

    - +
    Beschreibung:Limit on the number of connections that an individual child server @@ -232,7 +251,7 @@ will handle during its life
    Voreinstellung:MaxConnectionsPerChild 0
    Kontext:Serverkonfiguration
    Status:MPM
    Modul:event, mpm_netware, mpm_winnt, mpmt_os2, prefork, worker
    Modul:event, worker, prefork, mpm_winnt, mpm_netware, mpmt_os2
    Kompatibilitt:Available Apache HTTP Server 2.3.9 and later. The old name MaxRequestsPerChild is still supported.

    Die Dokumentation zu dieser Direktive wurde @@ -265,7 +284,7 @@ simultaneously Voreinstellung:See usage for details Kontext:Serverkonfiguration Status:MPM -Modul:event, prefork, worker +Modul:event, worker, prefork

    Die Dokumentation zu dieser Direktive wurde noch nicht bersetzt. Bitte schauen Sie in die englische Version.

    @@ -425,7 +444,7 @@ ablegt Voreinstellung:ReceiveBufferSize 0 Kontext:Serverkonfiguration Status:MPM -Modul:event, mpm_netware, mpm_winnt, mpmt_os2, prefork, worker +Modul:event, worker, prefork, mpm_winnt, mpm_netware, mpmt_os2

    Die Dokumentation zu dieser Direktive wurde noch nicht bersetzt. Bitte schauen Sie in die englische Version.

    diff --git a/docs/manual/mod/mpm_common.html.en b/docs/manual/mod/mpm_common.html.en index 4e53e370..61ef48ec 100644 --- a/docs/manual/mod/mpm_common.html.en +++ b/docs/manual/mod/mpm_common.html.en @@ -43,6 +43,7 @@ more than one multi-processing module (MPM)
  • GracefulShutdownTimeout
  • Listen
  • ListenBackLog
    • +
  • ListenCoresBucketsRatio
  • MaxConnectionsPerChild
  • MaxMemFree
  • MaxRequestWorkers
    • @@ -70,7 +71,7 @@ switch before dumping core Default:See usage for the default setting Context:server config Status:MPM -Module:event, prefork, worker +Module:event, worker, prefork

    This controls the directory to which Apache httpd attempts to switch before dumping core. If your operating system is configured to @@ -119,7 +120,7 @@ after a crash Default:EnableExceptionHook Off Context:server config Status:MPM -Module:event, prefork, worker +Module:event, worker, prefork

    For safety reasons this directive is only available if the server was configured with the --enable-exception-hook option. It @@ -140,7 +141,7 @@ will exit. Default:GracefulShutdownTimeout 0 Context:server config Status:MPM -Module:prefork, worker, event +Module:event, worker, prefork Compatibility:Available in version 2.2 and later

    The GracefulShutdownTimeout specifies @@ -159,7 +160,7 @@ listens to Syntax:Listen [IP-address:]portnumber [protocol] Context:server config Status:MPM -Module:mpm_netware, mpm_winnt, mpmt_os2, prefork, worker, event +Module:event, worker, prefork, mpm_winnt, mpm_netware, mpmt_os2 Compatibility:The protocol argument was added in 2.1.5

    The Listen directive instructs Apache httpd to @@ -238,7 +239,7 @@ including other causes. Default:ListenBacklog 511 Context:server config Status:MPM -Module:event, mpm_netware, mpm_winnt, mpmt_os2, prefork, worker +Module:event, worker, prefork, mpm_winnt, mpm_netware, mpmt_os2

    The maximum length of the queue of pending connections. Generally no tuning is needed or desired, however on some @@ -252,6 +253,41 @@ including other causes. but use a number based on (but normally larger than) what is set.

    + +
    top
    +

    ListenCoresBucketsRatio Directive

    + + + + + + + + +
    Description:Ratio between the number of CPU cores (online) and the number of +listeners' buckets
    Syntax:ListenCoresBucketsRatio ratio
    Default:ListenCoresBucketsRatio 0 (disabled)
    Context:server config
    Status:MPM
    Module:event, worker, prefork
    Compatibility:Available in Apache HTTP Server 2.4.17, with a kernel supporting +the socket option SO_REUSEPORT and distributing new connections +evenly accross listening processes' (or threads') sockets using it (eg. Linux +3.9 and later, but not the current implementations of SO_REUSEPORT +in *BSDs.
    +

    A ratio between the number of (online) CPU cores and the + number of listeners' buckets can be used to make Apache HTTP Server create + num_cpu_cores / ratio listening buckets, each containing its + own Listen-ing socket(s) on the same port(s), and + then make each child handle a single bucket (with round-robin distribution + of the buckets at children creation time).

    + +

    ListenCoresBucketsRatio can improve the + scalability when accepting new connections is/becomes the bottleneck. + On systems with a large number of CPU cores, enabling this feature has + been tested to show significant performances improvement and shorter + responses time.

    + +

    There must be at least twice the number of CPU cores than the + configured ratio for this to be active. The recommended + ratio is 8, hence at least 16 + cores should be available at runtime when this value is used.

    +
    top

    MaxConnectionsPerChild Directive

    @@ -262,7 +298,7 @@ will handle during its life Default:MaxConnectionsPerChild 0 Context:server config Status:MPM -Module:event, mpm_netware, mpm_winnt, mpmt_os2, prefork, worker +Module:event, worker, prefork, mpm_winnt, mpm_netware, mpmt_os2 Compatibility:Available Apache HTTP Server 2.3.9 and later. The old name MaxRequestsPerChild is still supported. @@ -287,7 +323,7 @@ to hold without calling free() Default:MaxMemFree 2048 Context:server config Status:MPM -Module:event, mpm_netware, prefork, worker, mpm_winnt +Module:event, worker, prefork, mpm_winnt, mpm_netware

    The MaxMemFree directive sets the maximum number of free Kbytes that every allocator is allowed @@ -305,7 +341,7 @@ simultaneously Default:See usage for details Context:server config Status:MPM -Module:event, prefork, worker +Module:event, worker, prefork

    The MaxRequestWorkers directive sets the limit on the number of simultaneous requests that will be served. Any @@ -341,13 +377,13 @@ simultaneously Default:See usage for details Context:server config Status:MPM -Module:event, mpm_netware, mpmt_os2, worker +Module:event, worker, mpm_netware, mpmt_os2

    Maximum number of idle threads. Different MPMs deal with this directive differently.

    -

    For worker, the default is - MaxSpareThreads 250. This MPM deals with idle threads +

    For worker and event, the default is + MaxSpareThreads 250. These MPMs deal with idle threads on a server-wide basis. If there are too many idle threads in the server then child processes are killed until the number of idle threads is less than this number.

    @@ -368,9 +404,10 @@ simultaneously
  • mpm_netware wants the value to be greater than MinSpareThreads.
    • -
  • For worker, the value must be greater or equal - to the sum of MinSpareThreads - and ThreadsPerChild.
    • +
  • For worker and event, the value + must be greater or equal to the sum of + MinSpareThreads and + ThreadsPerChild.
    • @@ -390,15 +427,14 @@ spikes Default:See usage for details Context:server config Status:MPM -Module:event, mpm_netware, mpmt_os2, worker +Module:event, worker, mpm_netware, mpmt_os2

    Minimum number of idle threads to handle request spikes. - Different MPMs deal with this directive - differently.

    + Different MPMs deal with this directive differently.

    -

    worker uses a default of MinSpareThreads - 75 and deals with idle threads on a server-wide basis. If - there aren't enough idle threads in the server then child +

    worker and event use a default of + MinSpareThreads 75 and deal with idle threads on a server-wide + basis. If there aren't enough idle threads in the server then child processes are created until the number of idle threads is greater than number.

    @@ -426,7 +462,7 @@ of the daemon Default:PidFile logs/httpd.pid Context:server config Status:MPM -Module:event, mpm_winnt, mpmt_os2, prefork, worker +Module:event, worker, prefork, mpm_winnt, mpmt_os2

    The PidFile directive sets the file to which the server records the process id of the daemon. If the @@ -459,7 +495,7 @@ of the daemon Default:ReceiveBufferSize 0 Context:server config Status:MPM -Module:event, mpm_netware, mpm_winnt, mpmt_os2, prefork, worker +Module:event, worker, prefork, mpm_winnt, mpm_netware, mpmt_os2

    The server will set the TCP receive buffer size to the number of bytes specified.

    @@ -477,7 +513,7 @@ the child processes Default:ScoreBoardFile logs/apache_runtime_status Context:server config Status:MPM -Module:event, mpm_winnt, prefork, worker +Module:event, worker, prefork, mpm_winnt

    Apache HTTP Server uses a scoreboard to communicate between its parent and child processes. Some architectures require a file to facilitate @@ -512,7 +548,7 @@ Apache HTTP Server Default:SendBufferSize 0 Context:server config Status:MPM -Module:event, mpm_netware, mpm_winnt, mpmt_os2, prefork, worker +Module:event, worker, prefork, mpm_winnt, mpm_netware, mpmt_os2

    Sets the server's TCP send buffer size to the number of bytes specified. It is often useful to set this past the OS's standard @@ -540,14 +576,14 @@ Apache HTTP Server Default:See usage for details Context:server config Status:MPM -Module:event, prefork, worker +Module:event, worker, prefork

    For the prefork MPM, this directive sets the maximum configured value for MaxRequestWorkers for the lifetime of the - Apache httpd process. For the worker MPM, this directive - in combination with ThreadLimit sets + Apache httpd process. For the worker and event + MPMs, this directive in combination with ThreadLimit sets the maximum configured value for MaxRequestWorkers for the lifetime of the - Apache httpd process. Any attempts to change this directive during a + Apache httpd process. Any attempts to change this directive during a restart will be ignored, but MaxRequestWorkers can be modified during a restart.

    @@ -563,9 +599,9 @@ Apache HTTP Server Do not set the value of this directive any higher than what you might want to set MaxRequestWorkers to.

    -

    With worker, use this directive only - if your MaxRequestWorkers and - ThreadsPerChild +

    With worker and event, use this + directive only if your MaxRequestWorkers + and ThreadsPerChild settings require more than 16 server processes (default). Do not set the value of this directive any higher than the number of server processes required by what you may want for MaxRequestWorkers and ThreadsPerChild.

    @@ -591,7 +627,7 @@ Apache HTTP Server Default:See usage for details Context:server config Status:MPM -Module:event, mpmt_os2, prefork, worker +Module:event, worker, prefork, mpmt_os2

    The StartServers directive sets the number of child server processes created on startup. As the number @@ -601,10 +637,10 @@ Apache HTTP Server MinSpareServers, MaxSpareServers) there is usually little reason to adjust this parameter.

    -

    The default value differs from MPM to MPM. worker - defaults to StartServers 3; prefork - defaults to 5; mpmt_os2 defaults to - 2.

    +

    The default value differs from MPM to MPM. worker and + event default to StartServers 3; + prefork defaults to 5; mpmt_os2 + defaults to 2.

    top
    @@ -641,7 +677,7 @@ per child process Default:See usage for details Context:server config Status:MPM -Module:event, mpm_winnt, worker +Module:event, worker, mpm_winnt

    This directive sets the maximum configured value for ThreadsPerChild for the lifetime of the Apache httpd process. Any attempts to change this directive @@ -681,7 +717,7 @@ per child process Default:See usage for details Context:server config Status:MPM -Module:event, mpm_winnt, worker +Module:event, worker, mpm_winnt

    This directive sets the number of threads created by each child process. The child creates these threads at startup and @@ -706,7 +742,7 @@ client connections Default:65536 on NetWare; varies on other operating systems Context:server config Status:MPM -Module:event, mpm_netware, mpmt_os2, mpm_winnt, worker, event +Module:event, worker, mpm_winnt, mpm_netware, mpmt_os2 Compatibility:Available in Apache HTTP Server 2.1 and later

    The ThreadStackSize directive sets the diff --git a/docs/manual/mod/mpm_common.html.fr b/docs/manual/mod/mpm_common.html.fr index 7c6d6d18..921b440a 100644 --- a/docs/manual/mod/mpm_common.html.fr +++ b/docs/manual/mod/mpm_common.html.fr @@ -32,6 +32,8 @@  ja  |  tr 

    +
    Cette traduction peut tre prime. Vrifiez la version + anglaise pour les changements rcents.
    Description:Une srie de directives implmentes par plusieurs modules multi-processus (MPM)
    Statut:MPM
    @@ -43,6 +45,7 @@ modules multi-processus (MPM)
  • GracefulShutdownTimeout
  • Listen
  • ListenBackLog
    • +
  • ListenCoresBucketsRatio
  • MaxConnectionsPerChild
  • MaxMemFree
  • MaxRequestWorkers
    • @@ -277,6 +280,49 @@ connexions la valeur spcifie pour l'argument backlog, mais s'en inspirent seulement (et choisissent en gnral une valeur suprieure).

    + +
    top
    +

    Directive ListenCoresBucketsRatio

    + + + + + + + + +
    Description:Rapport entre le nombre de coeurs de processeur activs et +le nombre de segments d'coute
    Syntaxe:ListenCoresBucketsRatio ratio
    Dfaut:ListenCoresBucketsRatio 0 (disabled)
    Contexte:configuration du serveur
    Statut:MPM
    Module:event, prefork, worker
    Compatibilit:Disponible partir de la version 2.4.13 du serveur HTTP +Apache, avec un noyau supportant l'option de socket +SO_REUSEPORT, et distribuant uniformment les nouvelles +connexions aux sockets d'coute des processus (ou threads) qui +l'utilisent (par exemple Linux versions 3.9 et ultrieures, mais pas +l'implmentation courante de SO_REUSEPORT par les +plateformes de type BSD.
    +

    Vous pouvez utiliser la directive + ListenCoresBucketsRatio pour spcifier un + ratio entre le nombre de coeurs de CPU activs et le + nombre de segments d'coute (listeners' buckets) souhaits ; le + serveur HTTP Apache va alors crernum_cpu_cores / ratio + segments d'coute, chacun contenant son propre socket d'coute + Listen sur le ou les mmes ports ; chaque + processus enfant sera associ un seul segment d'coute (avec une + distribution de type round-robin des segments la cration des + processus enfants).

    + +

    La directive ListenCoresBucketsRatio peut + amliorer le support de la monte en charge lorsque l'arrive de + nouvelles connexions est/devient un goulot d'tranglement. Le test + de cette fonctionnalit avec des machines possdant un nombre de + coeurs de CPU important a permit de constater une amlioration des + performances significative et des temps de rponse plus courts.

    + +

    Pour que cette fonctionnalit soit active, le nombre de coeurs + de CPU doit tre gal au moins au double du ratio + spcifi. Si vous spcifiez la valeur recommande pour + ratio, savoir 8, le nombre minimum de + coeurs de processeurs disponibles sera alors de 16.

    +
    top

    Directive MaxConnectionsPerChild

    diff --git a/docs/manual/mod/mpm_common.html.ja.utf8 b/docs/manual/mod/mpm_common.html.ja.utf8 index 79552d3a..d2e05ebe 100644 --- a/docs/manual/mod/mpm_common.html.ja.utf8 +++ b/docs/manual/mod/mpm_common.html.ja.utf8 @@ -47,6 +47,7 @@
  • GracefulShutdownTimeout
  • Listen
  • ListenBackLog
    • +
  • ListenCoresBucketsRatio
  • MaxConnectionsPerChild
  • MaxMemFree
  • MaxRequestWorkers
    • @@ -243,6 +244,24 @@
    top
    +

    ListenCoresBucketsRatio ディレクティブ

    + + + + + + + + +
    説明:Ratio between the number of CPU cores (online) and the number of +listeners' buckets
    構文:ListenCoresBucketsRatio ratio
    デフォルト:ListenCoresBucketsRatio 0 (disabled)
    コンテキスト:サーバ設定ファイル
    ステータス:MPM
    モジュール:event, worker, prefork
    互換性:Available in Apache HTTP Server 2.4.17, with a kernel supporting +the socket option SO_REUSEPORT and distributing new connections +evenly accross listening processes' (or threads') sockets using it (eg. Linux +3.9 and later, but not the current implementations of SO_REUSEPORT +in *BSDs.

    このディレクティブの解説文書は + まだ翻訳されていません。英語版をご覧ください。 +

    +
    top

    MaxConnectionsPerChild ディレクティブ

    - +
    説明:Limit on the number of connections that an individual child server @@ -251,7 +270,7 @@ will handle during its life
    デフォルト:MaxConnectionsPerChild 0
    コンテキスト:サーバ設定ファイル
    ステータス:MPM
    モジュール:event, mpm_netware, mpm_winnt, mpmt_os2, prefork, worker
    モジュール:event, worker, prefork, mpm_winnt, mpm_netware, mpmt_os2
    互換性:Available Apache HTTP Server 2.3.9 and later. The old name MaxRequestsPerChild is still supported.

    このディレクティブの解説文書は @@ -283,7 +302,7 @@ simultaneously デフォルト:See usage for details コンテキスト:サーバ設定ファイル ステータス:MPM -モジュール:event, prefork, worker +モジュール:event, worker, prefork

    このディレクティブの解説文書は まだ翻訳されていません。英語版をご覧ください。

    diff --git a/docs/manual/mod/mpm_common.html.tr.utf8 b/docs/manual/mod/mpm_common.html.tr.utf8 index 2bbc26c9..381ace9a 100644 --- a/docs/manual/mod/mpm_common.html.tr.utf8 +++ b/docs/manual/mod/mpm_common.html.tr.utf8 @@ -32,6 +32,7 @@  ja  |  tr 

    +
    Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.
    Açıklama:Birden fazla Çok Süreçlilik Modülü (MPM) tarafından gerçeklenmiş yönergeler bütünü.
    Durum:MPM
    @@ -43,6 +44,7 @@
  • GracefulShutdownTimeout
  • Listen
  • ListenBackLog
    • +
  • ListenCoresBucketsRatio
  • MaxConnectionsPerChild
  • MaxMemFree
  • MaxRequestWorkers
    • @@ -265,6 +267,42 @@ açıklaması ile ne belirttiğinize bakmaksızın kendisi için atanmış değeri (fakat normal olarak daha büyüğünü) kullanacağına dikkat ediniz.

    + +
    top
    +

    ListenCoresBucketsRatio Yönergesi

    + + + + + + + + +
    Açıklama:İşlemci çekirdek sayısının dinleyenlerin buket sayısına oranı
    Sözdizimi:ListenCoresBucketsRatio oran
    Öntanımlı:ListenCoresBucketsRatio 0 (iptal)
    Bağlam:sunucu geneli
    Durum:MPM
    Modül:event, prefork, worker
    Uyumluluk:Apache HTTP Server 2.4.17 ve sonrasında, + SO_REUSEPORT soket seçeneğini destekleyen bir Linux çekirdeğinin + varlığında ve yeni bağlantıların bunu kullanan dinleme süreçlerinin (veya + evrelerinin) soketleri arasında eşit paylaştırılıyor olması halinde + kullanılır. Örneğin Linux 3.9 ve sonrasında kullanılabilirken *BSD'lerin şu + anki SO_REUSEPORT gerçeklenimi ile kullanılamaz.
    +

    (çevrimiçi) İşlemci çekirdek sayısının dinleyenlerin buket sayısına + oranı, Apache HTTP Sunucusunun işlemci_çekirdek_sayısı / + oran sayıda dinleme buketi oluşturması için kullanılabilir ve bu + buketlerin herbiri aynı portlar üzerinde kendi + Listen soketlerini içeriyor olurlar. Bu durumda, + her çocuk süreç tek bir buketle çalışır (çocukların oluşturulması + sırasında buketler döner dağılımla eşleştirilir).

    + +

    ListenCoresBucketsRatio yeni bağlantılar kabul + edilirken/darboğazlar oluşurken ölçeklenebilirliği arttırabilir. Çok + sayıda işlemci çekirdekli sistemlerde bu özelliğin etkinleştirilmesinin + önemli başarım artışları ve daha kısa yanıt süreleri oluşturduğu + gözlenmiştir.

    + +

    Bu oranın etkin olabilmesi için işlemci çekirdeği çift sayıda + olmalıdır. oran için önerilen değer 8 olup bu + durumda çalışma anında en azından 16 çekirdek + kullanılabiliyor olmalıdır.

    +
    top

    MaxConnectionsPerChild Yönergesi

    diff --git a/docs/manual/mod/mpmt_os2.html.en b/docs/manual/mod/mpmt_os2.html.en index 79226b0c..0617f0c5 100644 --- a/docs/manual/mod/mpmt_os2.html.en +++ b/docs/manual/mod/mpmt_os2.html.en @@ -43,7 +43,7 @@ StartServers processes accepting connections.

    -

    Each child process consists of a a pool of worker threads and a +

    Each child process consists of a pool of worker threads and a main thread that accepts connections and passes them to the workers via a work queue. The worker thread pool is dynamic, managed by a maintenance thread so that the number of idle threads is kept between diff --git a/docs/manual/mod/quickreference.html.de b/docs/manual/mod/quickreference.html.de index b0a58bb7..bf4fed3d 100644 --- a/docs/manual/mod/quickreference.html.de +++ b/docs/manual/mod/quickreference.html.de @@ -472,118 +472,129 @@ angegebenen MIME-Content-Type will exit. Group unix-group #-1 sBGroup under which the server will answer requests -Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note +H2Direct on|off on (for non TLS) svEH2 Direct Protocol Switch +H2MaxSessionStreams n 100 svEMaximum number of active streams per HTTP/2 session. +H2MaxWorkerIdleSeconds n 600 sEMaximum number of seconds h2 workers remain idle until shut down. +H2MaxWorkers nsEMaximum number of worker threads to use per child process. +H2MinWorkers nsEMinimal number of worker threads to use per child process. +H2SerializeHeaders on|off off svESerialize Request/Resoonse Processing Switch +H2SessionExtraFiles n 5 svENumber of Extra File Handles +H2StreamMaxMemSize bytes 65536 svEMaximum amount of output data buffered per stream. +H2WindowSize bytes 65536 svESize of Stream Window for upstream data. +Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] -svdhEConfigure HTTP response headers -HeaderName filenamesvdhBName of the file that will be inserted at the top +svdhEConfigure HTTP response headers +HeaderName filenamesvdhBName of the file that will be inserted at the top of the index listing -HeartbeatAddress addr:portsXMulticast address for heartbeat packets -HeartbeatListenaddr:portsXmulticast address to listen for incoming heartbeat requests -HeartbeatMaxServers number-of-servers 10 sXSpecifies the maximum number of servers that will be sending +HeartbeatAddress addr:portsXMulticast address for heartbeat packets +HeartbeatListenaddr:portsXmulticast address to listen for incoming heartbeat requests +HeartbeatMaxServers number-of-servers 10 sXSpecifies the maximum number of servers that will be sending heartbeat requests to this server -HeartbeatStorage file-path logs/hb.dat sXPath to store heartbeat data -HeartbeatStorage file-path logs/hb.dat sXPath to read heartbeat data -HostnameLookups On|Off|Double Off svdCAktiviert DNS-Lookups auf Client-IP-Adressen -IdentityCheck On|Off Off svdEEnables logging of the RFC 1413 identity of the remote +HeartbeatStorage file-path logs/hb.dat sXPath to store heartbeat data +HeartbeatStorage file-path logs/hb.dat sXPath to read heartbeat data +HostnameLookups On|Off|Double Off svdCAktiviert DNS-Lookups auf Client-IP-Adressen +IdentityCheck On|Off Off svdEEnables logging of the RFC 1413 identity of the remote user -IdentityCheckTimeout seconds 30 svdEDetermines the timeout duration for ident requests -<If expression> ... </If>svdhCContains directives that apply only if a condition is +IdentityCheckTimeout seconds 30 svdEDetermines the timeout duration for ident requests +<If expression> ... </If>svdhCContains directives that apply only if a condition is satisfied by a request at runtime -<IfDefine [!]Parametername> ... - </IfDefine>svdhCSchliet Direktiven ein, die nur ausgefhrt werden, +<IfDefine [!]Parametername> ... + </IfDefine>svdhCSchliet Direktiven ein, die nur ausgefhrt werden, wenn eine Testbedingung beim Start wahr ist -<IfModule [!]Modulname|Modulbezeichner> - ... </IfModule>svdhCSchliet Direktiven ein, die abhngig vom +<IfModule [!]Modulname|Modulbezeichner> + ... </IfModule>svdhCSchliet Direktiven ein, die abhngig vom Vorhandensein oder Fehlen eines speziellen Moduls ausgefhrt werden -<IfVersion [[!]operator] version> ... -</IfVersion>svdhEcontains version dependent configuration -ImapBase map|referer|URL http://servername/ svdhBDefault base for imagemap files -ImapDefault error|nocontent|map|referer|URL nocontent svdhBDefault action when an imagemap is called with coordinates +<IfVersion [[!]operator] version> ... +</IfVersion>svdhEcontains version dependent configuration +ImapBase map|referer|URL http://servername/ svdhBDefault base for imagemap files +ImapDefault error|nocontent|map|referer|URL nocontent svdhBDefault action when an imagemap is called with coordinates that are not explicitly mapped -ImapMenu none|formatted|semiformatted|unformatted formatted svdhBAction if no coordinates are given when calling +ImapMenu none|formatted|semiformatted|unformatted formatted svdhBAction if no coordinates are given when calling an imagemap -Include Dateiname|VerzeichnissvdCFgt andere Konfigurationsdateien innerhalb der +Include Dateiname|VerzeichnissvdCFgt andere Konfigurationsdateien innerhalb der Server-Konfigurationsdatei ein -IncludeOptional file-path|directory-path|wildcardsvdCIncludes other configuration files from within +IncludeOptional file-path|directory-path|wildcardsvdCIncludes other configuration files from within the server configuration files -IndexHeadInsert "markup ..."svdhBInserts text in the HEAD section of an index page. -IndexIgnore file [file] ... "." svdhBAdds to the list of files to hide when listing +IndexHeadInsert "markup ..."svdhBInserts text in the HEAD section of an index page. +IndexIgnore file [file] ... "." svdhBAdds to the list of files to hide when listing a directory -IndexIgnoreReset ON|OFFsvdhBEmpties the list of files to hide when listing +IndexIgnoreReset ON|OFFsvdhBEmpties the list of files to hide when listing a directory -IndexOptions [+|-]option [[+|-]option] -...svdhBVarious configuration settings for directory +IndexOptions [+|-]option [[+|-]option] +...svdhBVarious configuration settings for directory indexing -IndexOrderDefault Ascending|Descending -Name|Date|Size|Description Ascending Name svdhBSets the default ordering of the directory index -IndexStyleSheet url-pathsvdhBAdds a CSS stylesheet to the directory index -InputSed sed-commanddhXSed command to filter request data (typically POST data) -ISAPIAppendLogToErrors on|off off svdhBRecord HSE_APPEND_LOG_PARAMETER requests from +IndexOrderDefault Ascending|Descending +Name|Date|Size|Description Ascending Name svdhBSets the default ordering of the directory index +IndexStyleSheet url-pathsvdhBAdds a CSS stylesheet to the directory index +InputSed sed-commanddhXSed command to filter request data (typically POST data) +ISAPIAppendLogToErrors on|off off svdhBRecord HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the error log -ISAPIAppendLogToQuery on|off on svdhBRecord HSE_APPEND_LOG_PARAMETER requests from +ISAPIAppendLogToQuery on|off on svdhBRecord HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the query field -ISAPICacheFile file-path [file-path] -...svBISAPI .dll files to be loaded at startup -ISAPIFakeAsync on|off off svdhBFake asynchronous support for ISAPI callbacks -ISAPILogNotSupported on|off off svdhBLog unsupported feature requests from ISAPI +ISAPICacheFile file-path [file-path] +...svBISAPI .dll files to be loaded at startup +ISAPIFakeAsync on|off off svdhBFake asynchronous support for ISAPI callbacks +ISAPILogNotSupported on|off off svdhBLog unsupported feature requests from ISAPI extensions -ISAPIReadAheadBuffer size 49152 svdhBSize of the Read Ahead Buffer sent to ISAPI +ISAPIReadAheadBuffer size 49152 svdhBSize of the Read Ahead Buffer sent to ISAPI extensions -KeepAlive On|Off On svCAktiviert persistente HTTP-Verbindungen -KeepAliveTimeout Sekunden 5 svCZeitspanne, die der Server whrend persistenter Verbindungen +KeepAlive On|Off On svCAktiviert persistente HTTP-Verbindungen +KeepAliveTimeout Sekunden 5 svCZeitspanne, die der Server whrend persistenter Verbindungen auf nachfolgende Anfragen wartet -KeptBodySize maximum size in bytes 0 dBKeep the request body instead of discarding it up to +KeptBodySize maximum size in bytes 0 dBKeep the request body instead of discarding it up to the specified maximum size, for potential use by filters such as mod_include. -LanguagePriority MIME-lang [MIME-lang] -...svdhBThe precendence of language variants for cases where +LanguagePriority MIME-lang [MIME-lang] +...svdhBThe precendence of language variants for cases where the client does not express a preference -LDAPCacheEntries number 1024 sEMaximum number of entries in the primary LDAP cache -LDAPCacheTTL seconds 600 sETime that cached items remain valid -LDAPConnectionPoolTTL n -1 svEDiscard backend connections that have been sitting in the connection pool too long -LDAPConnectionTimeout secondssESpecifies the socket connection timeout in seconds -LDAPLibraryDebug 7sEEnable debugging in the LDAP SDK -LDAPOpCacheEntries number 1024 sENumber of entries used to cache LDAP compare +LDAPCacheEntries number 1024 sEMaximum number of entries in the primary LDAP cache +LDAPCacheTTL seconds 600 sETime that cached items remain valid +LDAPConnectionPoolTTL n -1 svEDiscard backend connections that have been sitting in the connection pool too long +LDAPConnectionTimeout secondssESpecifies the socket connection timeout in seconds +LDAPLibraryDebug 7sEEnable debugging in the LDAP SDK +LDAPOpCacheEntries number 1024 sENumber of entries used to cache LDAP compare operations -LDAPOpCacheTTL seconds 600 sETime that entries in the operation cache remain +LDAPOpCacheTTL seconds 600 sETime that entries in the operation cache remain valid -LDAPReferralHopLimit numberdhEThe maximum number of referral hops to chase before terminating an LDAP query. -LDAPReferrals On|Off|default On dhEEnable referral chasing during queries to the LDAP server. -LDAPRetries number-of-retries 3 sEConfigures the number of LDAP server retries. -LDAPRetryDelay seconds 0 sEConfigures the delay between LDAP server retries. -LDAPSharedCacheFile directory-path/filenamesESets the shared memory cache file -LDAPSharedCacheSize bytes 500000 sESize in bytes of the shared-memory cache -LDAPTimeout seconds 60 sESpecifies the timeout for LDAP search and bind operations, in seconds -LDAPTrustedClientCert type directory-path/filename/nickname [password]dhESets the file containing or nickname referring to a per +LDAPReferralHopLimit numberdhEThe maximum number of referral hops to chase before terminating an LDAP query. +LDAPReferrals On|Off|default On dhEEnable referral chasing during queries to the LDAP server. +LDAPRetries number-of-retries 3 sEConfigures the number of LDAP server retries. +LDAPRetryDelay seconds 0 sEConfigures the delay between LDAP server retries. +LDAPSharedCacheFile directory-path/filenamesESets the shared memory cache file +LDAPSharedCacheSize bytes 500000 sESize in bytes of the shared-memory cache +LDAPTimeout seconds 60 sESpecifies the timeout for LDAP search and bind operations, in seconds +LDAPTrustedClientCert type directory-path/filename/nickname [password]dhESets the file containing or nickname referring to a per connection client certificate. Not all LDAP toolkits support per connection client certificates. -LDAPTrustedGlobalCert type directory-path/filename [password]sESets the file or database containing global trusted +LDAPTrustedGlobalCert type directory-path/filename [password]sESets the file or database containing global trusted Certificate Authority or global client certificates -LDAPTrustedMode typesvESpecifies the SSL/TLS mode to be used when connecting to an LDAP server. -LDAPVerifyServerCert On|Off On sEForce server certificate verification -<Limit Methode [Methode] ... > ... - </Limit>svdhCBeschrnkt die eingeschlossenen Zugriffskontrollen auf +LDAPTrustedMode typesvESpecifies the SSL/TLS mode to be used when connecting to an LDAP server. +LDAPVerifyServerCert On|Off On sEForce server certificate verification +<Limit Methode [Methode] ... > ... + </Limit>svdhCBeschrnkt die eingeschlossenen Zugriffskontrollen auf bestimmte HTTP-Methoden -<LimitExcept Methode [Methode] ... > ... - </LimitExcept>svdhCBeschrnkt Zugriffskontrollen auf alle HTTP-Methoden +<LimitExcept Methode [Methode] ... > ... + </LimitExcept>svdhCBeschrnkt Zugriffskontrollen auf alle HTTP-Methoden auer den genannten -LimitInternalRecursion Zahl [Zahl] 10 svCBestimmt die maximale Anzahl interner Umleitungen und +LimitInternalRecursion Zahl [Zahl] 10 svCBestimmt die maximale Anzahl interner Umleitungen und verschachtelter Unteranfragen -LimitRequestBody Bytes 0 svdhCBegrenzt die Gesamtgre des vom Client gesendeten +LimitRequestBody Bytes 0 svdhCBegrenzt die Gesamtgre des vom Client gesendeten HTTP-Request-Body -LimitRequestFields Anzahl 100 sCBegrenzt die Anzahl der HTTP-Request-Header, die vom Client +LimitRequestFields Anzahl 100 sCBegrenzt die Anzahl der HTTP-Request-Header, die vom Client entgegengenommen werden -LimitRequestFieldsize BytessCBegrenzt die Lnge des vom Client gesendeten +LimitRequestFieldsize BytessCBegrenzt die Lnge des vom Client gesendeten HTTP-Request-Headers -LimitRequestLine Bytes 8190 sCBegrenzt die Lnge der vom Client entgegengenommenen +LimitRequestLine Bytes 8190 sCBegrenzt die Lnge der vom Client entgegengenommenen HTTP-Anfragezeile -LimitXMLRequestBody Bytes 1000000 svdhCBegrenzt die Gre eines XML-basierten +LimitXMLRequestBody Bytes 1000000 svdhCBegrenzt die Gre eines XML-basierten Request-Bodys -Listen [IP-Addresse:]PortsMIP-Adressen und Ports, an denen der Server lauscht -ListenBacklog backlogsMMaximale Lnge der Warteschlange schwebender +Listen [IP-Addresse:]PortsMIP-Adressen und Ports, an denen der Server lauscht +ListenBacklog backlogsMMaximale Lnge der Warteschlange schwebender Verbindungen +ListenCoresBucketsRatio ratio 0 (disabled) sMRatio between the number of CPU cores (online) and the number of +listeners' buckets LoadFile filename [filename] ...svELink in the named object file or library LoadModule module filenamesvELinks in the object file or library, and adds to the list of active modules @@ -646,386 +657,390 @@ simultaneously Servers MaxSpareThreads AnzahlsMMaximale Anzahl unbeschftigter Threads MaxThreads number 2048 sMSet the maximum number of worker threads -MergeTrailers [on|off] off svCDetermines whether trailers are merged into headers -MetaDir directory .web svdhEName of the directory to find CERN-style meta information +MemcacheConnTTL num[units] 15s svEKeepalive time for idle connections +MergeTrailers [on|off] off svCDetermines whether trailers are merged into headers +MetaDir directory .web svdhEName of the directory to find CERN-style meta information files -MetaFiles on|off off svdhEActivates CERN meta-file processing -MetaSuffix suffix .meta svdhEFile name suffix for the file containing CERN-style +MetaFiles on|off off svdhEActivates CERN meta-file processing +MetaSuffix suffix .meta svdhEFile name suffix for the file containing CERN-style meta information -MimeMagicFile file-pathsvEEnable MIME-type determination based on file contents +MimeMagicFile file-pathsvEEnable MIME-type determination based on file contents using the specified magic file -MinSpareServers Anzahl 5 sMMinimale Anzahl der unbeschftigten Kindprozesse des +MinSpareServers Anzahl 5 sMMinimale Anzahl der unbeschftigten Kindprozesse des Servers -MinSpareThreads AnzahlsMMinimale Anzahl unbeschftigter Threads, die zur +MinSpareThreads AnzahlsMMinimale Anzahl unbeschftigter Threads, die zur Bedienung von Anfragespitzen zur Verfgung stehen -MMapFile file-path [file-path] ...sXMap a list of files into memory at startup time -ModemStandard V.21|V.26bis|V.32|V.92dXModem standard to simulate -ModMimeUsePathInfo On|Off Off dBTells mod_mime to treat path_info +MMapFile file-path [file-path] ...sXMap a list of files into memory at startup time +ModemStandard V.21|V.26bis|V.32|V.92dXModem standard to simulate +ModMimeUsePathInfo On|Off Off dBTells mod_mime to treat path_info components as part of the filename -MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers -[Handlers|Filters] NegotiatedOnly svdhBThe types of files that will be included when searching for +MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers +[Handlers|Filters] NegotiatedOnly svdhBThe types of files that will be included when searching for a matching file with MultiViews -Mutex mechanism [default|mutex-name] ... [OmitPID] default sCConfigures mutex mechanism and lock file directory for all +Mutex mechanism [default|mutex-name] ... [OmitPID] default sCConfigures mutex mechanism and lock file directory for all or specified mutexes -NameVirtualHost Adresse[:Port]sCBestimmt eine IP-Adresse fr den Betrieb namensbasierter +NameVirtualHost Adresse[:Port]sCBestimmt eine IP-Adresse fr den Betrieb namensbasierter virtueller Hosts -NoProxy host [host] ...svEHosts, domains, or networks that will be connected to +NoProxy host [host] ...svEHosts, domains, or networks that will be connected to directly -NWSSLTrustedCerts filename [filename] ...sBList of additional client certificates -NWSSLUpgradeable [IP-address:]portnumbersBAllows a connection to be upgraded to an SSL connection upon request -Options - [+|-]Option [[+|-]Option] ... All svdhCDefiniert, welche Eigenschaften oder Funktionen in einem +NWSSLTrustedCerts filename [filename] ...sBList of additional client certificates +NWSSLUpgradeable [IP-address:]portnumbersBAllows a connection to be upgraded to an SSL connection upon request +Options + [+|-]Option [[+|-]Option] ... All svdhCDefiniert, welche Eigenschaften oder Funktionen in einem bestimmten Verzeichnis verfgbar sind - Order ordering Deny,Allow dhEControls the default access state and the order in which + Order ordering Deny,Allow dhEControls the default access state and the order in which Allow and Deny are evaluated. -OutputSed sed-commanddhXSed command for filtering response content -PassEnv env-variable [env-variable] -...svdhBPasses environment variables from the shell -PidFile Dateiname logs/httpd.pid sMDatei, in welcher der Server die Prozess-ID des Daemons +OutputSed sed-commanddhXSed command for filtering response content +PassEnv env-variable [env-variable] +...svdhBPasses environment variables from the shell +PidFile Dateiname logs/httpd.pid sMDatei, in welcher der Server die Prozess-ID des Daemons ablegt -PrivilegesMode FAST|SECURE|SELECTIVE FAST svdXTrade off processing speed and efficiency vs security against +PrivilegesMode FAST|SECURE|SELECTIVE FAST svdXTrade off processing speed and efficiency vs security against malicious privileges-aware code. -Protocol protocolsvCProtocol for a listening socket -ProtocolEcho On|Off Off svXTurn the echo server on or off -<Proxy wildcard-url> ...</Proxy>svEContainer for directives applied to proxied resources -ProxyAddHeaders Off|On On svdEAdd proxy information in X-Forwarded-* headers -ProxyBadHeader IsError|Ignore|StartBody IsError svEDetermines how to handle bad header lines in a +Protocol protocolsvCProtocol for a listening socket +ProtocolEcho On|Off Off svXTurn the echo server on or off +Protocols protocol ... http/1.1 svCProtocols available for a server/virtual host +ProtocolsHonorOrder On|Off On svCDetermines if order of Protocols determines precedence during negotiation +<Proxy wildcard-url> ...</Proxy>svEContainer for directives applied to proxied resources +ProxyAddHeaders Off|On On svdEAdd proxy information in X-Forwarded-* headers +ProxyBadHeader IsError|Ignore|StartBody IsError svEDetermines how to handle bad header lines in a response -ProxyBlock *|word|host|domain -[word|host|domain] ...svEWords, hosts, or domains that are banned from being +ProxyBlock *|word|host|domain +[word|host|domain] ...svEWords, hosts, or domains that are banned from being proxied -ProxyDomain DomainsvEDefault domain name for proxied requests -ProxyErrorOverride On|Off Off svdEOverride error pages for proxied content -ProxyExpressDBMFile <pathname>svEPathname to DBM file. -ProxyExpressDBMFile <type>svEDBM type of file. -ProxyExpressEnable [on|off]svEEnable the module functionality. -ProxyFtpDirCharset character set ISO-8859-1 svdEDefine the character set for proxied FTP listings -ProxyFtpEscapeWildcards [on|off]svdEWhether wildcards in requested filenames are escaped when sent to the FTP server -ProxyFtpListOnWildcard [on|off]svdEWhether wildcards in requested filenames trigger a file listing -ProxyHTMLBufSize bytessvdBSets the buffer size increment for buffering inline scripts and +ProxyDomain DomainsvEDefault domain name for proxied requests +ProxyErrorOverride On|Off Off svdEOverride error pages for proxied content +ProxyExpressDBMFile <pathname>svEPathname to DBM file. +ProxyExpressDBMFile <type>svEDBM type of file. +ProxyExpressEnable [on|off]svEEnable the module functionality. +ProxyFtpDirCharset character set ISO-8859-1 svdEDefine the character set for proxied FTP listings +ProxyFtpEscapeWildcards [on|off]svdEWhether wildcards in requested filenames are escaped when sent to the FTP server +ProxyFtpListOnWildcard [on|off]svdEWhether wildcards in requested filenames trigger a file listing +ProxyHTMLBufSize bytessvdBSets the buffer size increment for buffering inline scripts and stylesheets. -ProxyHTMLCharsetOut Charset | *svdBSpecify a charset for mod_proxy_html output. -ProxyHTMLDocType HTML|XHTML [Legacy]
    OR -
    ProxyHTMLDocType fpi [SGML|XML]    svdBSets an HTML or XHTML document type declaration. -ProxyHTMLEnable On|Off Off svdBTurns the proxy_html filter on or off. -ProxyHTMLEvents attribute [attribute ...]svdBSpecify attributes to treat as scripting events. -ProxyHTMLExtended On|Off Off svdBDetermines whether to fix links in inline scripts, stylesheets, +ProxyHTMLCharsetOut Charset | *svdBSpecify a charset for mod_proxy_html output. +ProxyHTMLDocType HTML|XHTML [Legacy]
    OR +
    ProxyHTMLDocType fpi [SGML|XML]    svdBSets an HTML or XHTML document type declaration. +ProxyHTMLEnable On|Off Off svdBTurns the proxy_html filter on or off. +ProxyHTMLEvents attribute [attribute ...]svdBSpecify attributes to treat as scripting events. +ProxyHTMLExtended On|Off Off svdBDetermines whether to fix links in inline scripts, stylesheets, and scripting events. -ProxyHTMLFixups [lowercase] [dospath] [reset]svdBFixes for simple HTML errors. -ProxyHTMLInterp On|Off Off svdBEnables per-request interpolation of +ProxyHTMLFixups [lowercase] [dospath] [reset]svdBFixes for simple HTML errors. +ProxyHTMLInterp On|Off Off svdBEnables per-request interpolation of ProxyHTMLURLMap rules. -ProxyHTMLLinks element attribute [attribute2 ...]svdBSpecify HTML elements that have URL attributes to be rewritten. -ProxyHTMLMeta On|Off Off svdBTurns on or off extra pre-parsing of metadata in HTML +ProxyHTMLLinks element attribute [attribute2 ...]svdBSpecify HTML elements that have URL attributes to be rewritten. +ProxyHTMLMeta On|Off Off svdBTurns on or off extra pre-parsing of metadata in HTML <head> sections. -ProxyHTMLStripComments On|Off Off svdBDetermines whether to strip HTML comments. -ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]svdBDefines a rule to rewrite HTML links -ProxyIOBufferSize bytes 8192 svEDetermine size of internal data throughput buffer -<ProxyMatch regex> ...</ProxyMatch>svEContainer for directives applied to regular-expression-matched +ProxyHTMLStripComments On|Off Off svdBDetermines whether to strip HTML comments. +ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]svdBDefines a rule to rewrite HTML links +ProxyIOBufferSize bytes 8192 svEDetermine size of internal data throughput buffer +<ProxyMatch regex> ...</ProxyMatch>svEContainer for directives applied to regular-expression-matched proxied resources -ProxyMaxForwards number -1 svEMaximium number of proxies that a request can be forwarded +ProxyMaxForwards number -1 svEMaximium number of proxies that a request can be forwarded through -ProxyPass [path] !|url [key=value - [key=value ...]] [nocanon] [interpolate] [noquery]svdEMaps remote servers into the local server URL-space -ProxyPassInherit On|Off On svEInherit ProxyPass directives defined from the main server -ProxyPassInterpolateEnv On|Off Off svdEEnable Environment Variable interpolation in Reverse Proxy configurations -ProxyPassMatch [regex] !|url [key=value - [key=value ...]]svdEMaps remote servers into the local server URL-space using regular expressions -ProxyPassReverse [path] url -[interpolate]svdEAdjusts the URL in HTTP response headers sent from a reverse +ProxyPass [path] !|url [key=value + [key=value ...]] [nocanon] [interpolate] [noquery]svdEMaps remote servers into the local server URL-space +ProxyPassInherit On|Off On svEInherit ProxyPass directives defined from the main server +ProxyPassInterpolateEnv On|Off Off svdEEnable Environment Variable interpolation in Reverse Proxy configurations +ProxyPassMatch [regex] !|url [key=value + [key=value ...]]svdEMaps remote servers into the local server URL-space using regular expressions +ProxyPassReverse [path] url +[interpolate]svdEAdjusts the URL in HTTP response headers sent from a reverse proxied server -ProxyPassReverseCookieDomain internal-domain -public-domain [interpolate]svdEAdjusts the Domain string in Set-Cookie headers from a reverse- +ProxyPassReverseCookieDomain internal-domain +public-domain [interpolate]svdEAdjusts the Domain string in Set-Cookie headers from a reverse- proxied server -ProxyPassReverseCookiePath internal-path -public-path [interpolate]svdEAdjusts the Path string in Set-Cookie headers from a reverse- +ProxyPassReverseCookiePath internal-path +public-path [interpolate]svdEAdjusts the Path string in Set-Cookie headers from a reverse- proxied server -ProxyPreserveHost On|Off Off svdEUse incoming Host HTTP request header for proxy +ProxyPreserveHost On|Off Off svdEUse incoming Host HTTP request header for proxy request -ProxyReceiveBufferSize bytes 0 svENetwork buffer size for proxied HTTP and FTP +ProxyReceiveBufferSize bytes 0 svENetwork buffer size for proxied HTTP and FTP connections -ProxyRemote match remote-serversvERemote proxy used to handle certain requests -ProxyRemoteMatch regex remote-serversvERemote proxy used to handle requests matched by regular +ProxyRemote match remote-serversvERemote proxy used to handle certain requests +ProxyRemoteMatch regex remote-serversvERemote proxy used to handle requests matched by regular expressions -ProxyRequests On|Off Off svEEnables forward (standard) proxy requests -ProxySCGIInternalRedirect On|Off|Headername On svdEEnable or disable internal redirect responses from the +ProxyRequests On|Off Off svEEnables forward (standard) proxy requests +ProxySCGIInternalRedirect On|Off|Headername On svdEEnable or disable internal redirect responses from the backend -ProxySCGISendfile On|Off|Headername Off svdEEnable evaluation of X-Sendfile pseudo response +ProxySCGISendfile On|Off|Headername Off svdEEnable evaluation of X-Sendfile pseudo response header -ProxySet url key=value [key=value ...]dESet various Proxy balancer or member parameters -ProxySourceAddress addresssvESet local IP address for outgoing proxy connections -ProxyStatus Off|On|Full Off svEShow Proxy LoadBalancer status in mod_status -ProxyTimeout secondssvENetwork timeout for proxied requests -ProxyVia On|Off|Full|Block Off svEInformation provided in the Via HTTP response +ProxySet url key=value [key=value ...]dESet various Proxy balancer or member parameters +ProxySourceAddress addresssvESet local IP address for outgoing proxy connections +ProxyStatus Off|On|Full Off svEShow Proxy LoadBalancer status in mod_status +ProxyTimeout secondssvENetwork timeout for proxied requests +ProxyVia On|Off|Full|Block Off svEInformation provided in the Via HTTP response header for proxied requests -ReadmeName filenamesvdhBName of the file that will be inserted at the end +ReadmeName filenamesvdhBName of the file that will be inserted at the end of the index listing -ReceiveBufferSize bytes 0 sMTCP receive buffer size -Redirect [status] URL-path -URLsvdhBSends an external redirect asking the client to fetch +ReceiveBufferSize bytes 0 sMTCP receive buffer size +Redirect [status] URL-path +URLsvdhBSends an external redirect asking the client to fetch a different URL -RedirectMatch [status] regex -URLsvdhBSends an external redirect based on a regular expression match +RedirectMatch [status] regex +URLsvdhBSends an external redirect based on a regular expression match of the current URL -RedirectPermanent URL-path URLsvdhBSends an external permanent redirect asking the client to fetch +RedirectPermanent URL-path URLsvdhBSends an external permanent redirect asking the client to fetch a different URL -RedirectTemp URL-path URLsvdhBSends an external temporary redirect asking the client to fetch +RedirectTemp URL-path URLsvdhBSends an external temporary redirect asking the client to fetch a different URL -ReflectorHeader inputheader [outputheader]svdhBReflect an input header to the output headers -RemoteIPHeader header-fieldsvBDeclare the header field which should be parsed for useragent IP addresses -RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...svBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value -RemoteIPInternalProxyList filenamesvBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value -RemoteIPProxiesHeader HeaderFieldNamesvBDeclare the header field which will record all intermediate IP addresses -RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...svBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value -RemoteIPTrustedProxyList filenamesvBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value -RemoveCharset extension [extension] -...vdhBRemoves any character set associations for a set of file +ReflectorHeader inputheader [outputheader]svdhBReflect an input header to the output headers +RemoteIPHeader header-fieldsvBDeclare the header field which should be parsed for useragent IP addresses +RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...svBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value +RemoteIPInternalProxyList filenamesvBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value +RemoteIPProxiesHeader HeaderFieldNamesvBDeclare the header field which will record all intermediate IP addresses +RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...svBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value +RemoteIPTrustedProxyList filenamesvBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value +RemoveCharset extension [extension] +...vdhBRemoves any character set associations for a set of file extensions -RemoveEncoding extension [extension] -...vdhBRemoves any content encoding associations for a set of file +RemoveEncoding extension [extension] +...vdhBRemoves any content encoding associations for a set of file extensions -RemoveHandler extension [extension] -...vdhBRemoves any handler associations for a set of file +RemoveHandler extension [extension] +...vdhBRemoves any handler associations for a set of file extensions -RemoveInputFilter extension [extension] -...vdhBRemoves any input filter associations for a set of file +RemoveInputFilter extension [extension] +...vdhBRemoves any input filter associations for a set of file extensions -RemoveLanguage extension [extension] -...vdhBRemoves any language associations for a set of file +RemoveLanguage extension [extension] +...vdhBRemoves any language associations for a set of file extensions -RemoveOutputFilter extension [extension] -...vdhBRemoves any output filter associations for a set of file +RemoveOutputFilter extension [extension] +...vdhBRemoves any output filter associations for a set of file extensions -RemoveType extension [extension] -...vdhBRemoves any content type associations for a set of file +RemoveType extension [extension] +...vdhBRemoves any content type associations for a set of file extensions -RequestHeader add|append|edit|edit*|merge|set|setifempty|unset +RequestHeader add|append|edit|edit*|merge|set|setifempty|unset header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] -svdhEConfigure HTTP request headers -RequestReadTimeout +svdhEConfigure HTTP request headers +RequestReadTimeout [header=timeout[-maxtimeout][,MinRate=rate] [body=timeout[-maxtimeout][,MinRate=rate] -svESet timeout values for receiving request headers and body from client. +svESet timeout values for receiving request headers and body from client. -Require [not] entity-name - [entity-name] ...dhBTests whether an authenticated user is authorized by +Require [not] entity-name + [entity-name] ...dhBTests whether an authenticated user is authorized by an authorization provider. -<RequireAll> ... </RequireAll>dhBEnclose a group of authorization directives of which none +<RequireAll> ... </RequireAll>dhBEnclose a group of authorization directives of which none must fail and at least one must succeed for the enclosing directive to succeed. -<RequireAny> ... </RequireAny>dhBEnclose a group of authorization directives of which one +<RequireAny> ... </RequireAny>dhBEnclose a group of authorization directives of which one must succeed for the enclosing directive to succeed. -<RequireNone> ... </RequireNone>dhBEnclose a group of authorization directives of which none +<RequireNone> ... </RequireNone>dhBEnclose a group of authorization directives of which none must succeed for the enclosing directive to not fail. -RewriteBase URL-pathdhESets the base URL for per-directory rewrites - RewriteCond - TestString CondPatternsvdhEDefines a condition under which rewriting will take place +RewriteBase URL-pathdhESets the base URL for per-directory rewrites + RewriteCond + TestString CondPatternsvdhEDefines a condition under which rewriting will take place -RewriteEngine on|off off svdhEEnables or disables runtime rewriting engine -RewriteMap MapName MapType:MapSource -svEDefines a mapping function for key-lookup -RewriteOptions OptionssvdhESets some special options for the rewrite engine -RewriteRule - Pattern Substitution [flags]svdhEDefines rules for the rewriting engine -RLimitCPU Sekunden|max [Sekunden|max]svdhCBegrenzt den CPU-Verbrauch von Prozessen, die von +RewriteEngine on|off off svdhEEnables or disables runtime rewriting engine +RewriteMap MapName MapType:MapSource +svEDefines a mapping function for key-lookup +RewriteOptions OptionssvdhESets some special options for the rewrite engine +RewriteRule + Pattern Substitution [flags]svdhEDefines rules for the rewriting engine +RLimitCPU Sekunden|max [Sekunden|max]svdhCBegrenzt den CPU-Verbrauch von Prozessen, die von Apache-Kindprozessen gestartet wurden -RLimitMEM Bytes|max [Bytes|max]svdhCBegrenzt den Speicherverbrauch von Prozessen, die von +RLimitMEM Bytes|max [Bytes|max]svdhCBegrenzt den Speicherverbrauch von Prozessen, die von Apache-Kindprozessen gestartet wurden -RLimitNPROC Zahl|max [Zahl|max]svdhCBegrenzt die Anzahl der Prozesse, die von Prozessen gestartet +RLimitNPROC Zahl|max [Zahl|max]svdhCBegrenzt die Anzahl der Prozesse, die von Prozessen gestartet werden knnen, der ihrerseits von Apache-Kinprozessen gestartet wurden -Satisfy Any|All All dhEInteraction between host-level access control and +Satisfy Any|All All dhEInteraction between host-level access control and user authentication -ScoreBoardFile Dateipfad logs/apache_status sMAblageort der Datei, die zur Speicherung von Daten zur +ScoreBoardFile Dateipfad logs/apache_status sMAblageort der Datei, die zur Speicherung von Daten zur Koordinierung der Kindprozesse verwendet wird -Script Methode CGI-SkriptsvdBAktiviert ein CGI-Skript fr eine bestimmte +Script Methode CGI-SkriptsvdBAktiviert ein CGI-Skript fr eine bestimmte Anfragemethode. -ScriptAlias URL-path -file-path|directory-pathsvBMaps a URL to a filesystem location and designates the +ScriptAlias URL-path +file-path|directory-pathsvBMaps a URL to a filesystem location and designates the target as a CGI script -ScriptAliasMatch regex -file-path|directory-pathsvBMaps a URL to a filesystem location using a regular expression +ScriptAliasMatch regex +file-path|directory-pathsvBMaps a URL to a filesystem location using a regular expression and designates the target as a CGI script -ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhCMethode zur Ermittlung des Interpreters von +ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhCMethode zur Ermittlung des Interpreters von CGI-Skripten -ScriptLog file-pathsvBLocation of the CGI script error logfile -ScriptLogBuffer bytes 1024 svBMaximum amount of PUT or POST requests that will be recorded +ScriptLog file-pathsvBLocation of the CGI script error logfile +ScriptLogBuffer bytes 1024 svBMaximum amount of PUT or POST requests that will be recorded in the scriptlog -ScriptLogLength bytes 10385760 svBSize limit of the CGI script logfile -ScriptSock file-path cgisock sBThe filename prefix of the socket to use for communication with +ScriptLogLength bytes 10385760 svBSize limit of the CGI script logfile +ScriptSock file-path cgisock sBThe filename prefix of the socket to use for communication with the cgi daemon -SecureListen [IP-address:]portnumber -Certificate-Name [MUTUAL]sBEnables SSL encryption for the specified port -SeeRequestTail On|Off Off sCDetermine if mod_status displays the first 63 characters +SecureListen [IP-address:]portnumber +Certificate-Name [MUTUAL]sBEnables SSL encryption for the specified port +SeeRequestTail On|Off Off sCDetermine if mod_status displays the first 63 characters of a request or the last 63, assuming the request itself is greater than 63 chars. -SendBufferSize Bytes 0 sMGre des TCP-Puffers -ServerAdmin E-Mail-Adresse|URLsvCE-Mail-Adresse, die der Server in Fehlermeldungen einfgt, +SendBufferSize Bytes 0 sMGre des TCP-Puffers +ServerAdmin E-Mail-Adresse|URLsvCE-Mail-Adresse, die der Server in Fehlermeldungen einfgt, welche an den Client gesendet werden -ServerAlias Hostname [Hostname] ...vCAlternativer Name fr einen Host, der verwendet wird, wenn +ServerAlias Hostname [Hostname] ...vCAlternativer Name fr einen Host, der verwendet wird, wenn Anfragen einem namensbasierten virtuellen Host zugeordnet werden -ServerLimit AnzahlsMObergrenze fr die konfigurierbare Anzahl von +ServerLimit AnzahlsMObergrenze fr die konfigurierbare Anzahl von Prozessen -ServerName -voll-qualifizierter-Domainname[:port]svCRechnername und Port, die der Server dazu verwendet, sich +ServerName +voll-qualifizierter-Domainname[:port]svCRechnername und Port, die der Server dazu verwendet, sich selbst zu identifizieren -ServerPath URL-PfadvCVeralteter URL-Pfad fr einen namensbasierten +ServerPath URL-PfadvCVeralteter URL-Pfad fr einen namensbasierten virtuellen Host, auf den von einem inkompatiblen Browser zugegriffen wird -ServerRoot Verzeichnis /usr/local/apache sCBasisverzeichnis der Serverinstallation -ServerSignature On|Off|EMail Off svdhCKonfiguriert die Fuzeile von servergenerierten +ServerRoot Verzeichnis /usr/local/apache sCBasisverzeichnis der Serverinstallation +ServerSignature On|Off|EMail Off svdhCKonfiguriert die Fuzeile von servergenerierten Dokumenten -ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sCKonfiguriert den HTTP-Response-Header +ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sCKonfiguriert den HTTP-Response-Header Server -Session On|Off Off svdhEEnables a session for the current directory or location -SessionCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session -SessionCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session -SessionCookieRemove On|Off Off svdhEControl for whether session cookies should be removed from incoming HTTP headers -SessionCryptoCipher namesvdhXThe crypto cipher to be used to encrypt the session -SessionCryptoDriver name [param[=value]]sXThe crypto driver to be used to encrypt the session -SessionCryptoPassphrase secret [ secret ... ] svdhXThe key used to encrypt the session -SessionCryptoPassphraseFile filenamesvdXFile containing keys used to encrypt the session -SessionDBDCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session ID -SessionDBDCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session ID -SessionDBDCookieRemove On|Off On svdhEControl for whether session ID cookies should be removed from incoming HTTP headers -SessionDBDDeleteLabel label deletesession svdhEThe SQL query to use to remove sessions from the database -SessionDBDInsertLabel label insertsession svdhEThe SQL query to use to insert sessions into the database -SessionDBDPerUser On|Off Off svdhEEnable a per user session -SessionDBDSelectLabel label selectsession svdhEThe SQL query to use to select sessions from the database -SessionDBDUpdateLabel label updatesession svdhEThe SQL query to use to update existing sessions in the database -SessionEnv On|Off Off svdhEControl whether the contents of the session are written to the +Session On|Off Off svdhEEnables a session for the current directory or location +SessionCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session +SessionCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session +SessionCookieRemove On|Off Off svdhEControl for whether session cookies should be removed from incoming HTTP headers +SessionCryptoCipher namesvdhXThe crypto cipher to be used to encrypt the session +SessionCryptoDriver name [param[=value]]sXThe crypto driver to be used to encrypt the session +SessionCryptoPassphrase secret [ secret ... ] svdhXThe key used to encrypt the session +SessionCryptoPassphraseFile filenamesvdXFile containing keys used to encrypt the session +SessionDBDCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session ID +SessionDBDCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session ID +SessionDBDCookieRemove On|Off On svdhEControl for whether session ID cookies should be removed from incoming HTTP headers +SessionDBDDeleteLabel label deletesession svdhEThe SQL query to use to remove sessions from the database +SessionDBDInsertLabel label insertsession svdhEThe SQL query to use to insert sessions into the database +SessionDBDPerUser On|Off Off svdhEEnable a per user session +SessionDBDSelectLabel label selectsession svdhEThe SQL query to use to select sessions from the database +SessionDBDUpdateLabel label updatesession svdhEThe SQL query to use to update existing sessions in the database +SessionEnv On|Off Off svdhEControl whether the contents of the session are written to the HTTP_SESSION environment variable -SessionExclude pathsvdhEDefine URL prefixes for which a session is ignored -SessionHeader headersvdhEImport session updates from a given HTTP response header -SessionInclude pathsvdhEDefine URL prefixes for which a session is valid -SessionMaxAge maxage 0 svdhEDefine a maximum age in seconds for a session -SetEnv env-variable [value]svdhBSets environment variables -SetEnvIf attribute +SessionExclude pathsvdhEDefine URL prefixes for which a session is ignored +SessionHeader headersvdhEImport session updates from a given HTTP response header +SessionInclude pathsvdhEDefine URL prefixes for which a session is valid +SessionMaxAge maxage 0 svdhEDefine a maximum age in seconds for a session +SetEnv env-variable [value]svdhBSets environment variables +SetEnvIf attribute regex [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request + [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request -SetEnvIfExpr expr +SetEnvIfExpr expr [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhBSets environment variables based on an ap_expr expression -SetEnvIfNoCase attribute regex + [[!]env-variable[=value]] ...svdhBSets environment variables based on an ap_expr expression +SetEnvIfNoCase attribute regex [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request + [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request without respect to case -SetHandler Handlername|NonesvdhCErzwingt die Verarbeitung aller passenden Dateien durch +SetHandler Handlername|NonesvdhCErzwingt die Verarbeitung aller passenden Dateien durch einen Handler -SetInputFilter Filter[;Filter...]svdhCBestimmt die Filter, die Client-Anfragen und POST-Eingaben +SetInputFilter Filter[;Filter...]svdhCBestimmt die Filter, die Client-Anfragen und POST-Eingaben verarbeiten -SetOutputFilter Filter[;Filter...]svdhCBestimmt die Filter, die Antworten des Servers verarbeiten -SSIEndTag tag "-->" svBString that ends an include element -SSIErrorMsg message "[an error occurred +svdhBError message displayed when there is an SSI +SetOutputFilter Filter[;Filter...]svdhCBestimmt die Filter, die Antworten des Servers verarbeiten +SSIEndTag tag "-->" svBString that ends an include element +SSIErrorMsg message "[an error occurred +svdhBError message displayed when there is an SSI error -SSIETag on|off off dhBControls whether ETags are generated by the server. -SSILastModified on|off off dhBControls whether Last-Modified headers are generated by the +SSIETag on|off off dhBControls whether ETags are generated by the server. +SSILastModified on|off off dhBControls whether Last-Modified headers are generated by the server. -SSILegacyExprParser on|off off dhBEnable compatibility mode for conditional expressions. -SSIStartTag tag "<!--#" svBString that starts an include element -SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhBConfigures the format in which date strings are +SSILegacyExprParser on|off off dhBEnable compatibility mode for conditional expressions. +SSIStartTag tag "<!--#" svBString that starts an include element +SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhBConfigures the format in which date strings are displayed -SSIUndefinedEcho string "(none)" svdhBString displayed when an unset variable is echoed -SSLCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates +SSIUndefinedEcho string "(none)" svdhBString displayed when an unset variable is echoed +SSLCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates for Client Auth -SSLCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for +SSLCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for Client Auth -SSLCADNRequestFile file-pathsvEFile of concatenated PEM-encoded CA Certificates +SSLCADNRequestFile file-pathsvEFile of concatenated PEM-encoded CA Certificates for defining acceptable CA names -SSLCADNRequestPath directory-pathsvEDirectory of PEM-encoded CA Certificates for +SSLCADNRequestPath directory-pathsvEDirectory of PEM-encoded CA Certificates for defining acceptable CA names -SSLCARevocationCheck chain|leaf|none none svEEnable CRL-based revocation checking -SSLCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for +SSLCARevocationCheck chain|leaf|none none svEEnable CRL-based revocation checking +SSLCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for Client Auth -SSLCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for +SSLCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for Client Auth -SSLCertificateChainFile file-pathsvEFile of PEM-encoded Server CA Certificates -SSLCertificateFile file-pathsvEServer PEM-encoded X.509 certificate data file -SSLCertificateKeyFile file-pathsvEServer PEM-encoded private key file -SSLCipherSuite cipher-spec DEFAULT (depends on +svdhECipher Suite available for negotiation in SSL +SSLCertificateChainFile file-pathsvEFile of PEM-encoded Server CA Certificates +SSLCertificateFile file-pathsvEServer PEM-encoded X.509 certificate data file +SSLCertificateKeyFile file-pathsvEServer PEM-encoded private key file +SSLCipherSuite cipher-spec DEFAULT (depends on +svdhECipher Suite available for negotiation in SSL handshake -SSLCompression on|off off svEEnable compression on the SSL level -SSLCryptoDevice engine builtin sEEnable use of a cryptographic hardware accelerator -SSLEngine on|off|optional off svESSL Engine Operation Switch -SSLFIPS on|off off sESSL FIPS mode Switch -SSLHonorCipherOrder on|off off svEOption to prefer the server's cipher preference order -SSLInsecureRenegotiation on|off off svEOption to enable support for insecure renegotiation -SSLOCSDefaultResponder urisvESet the default responder URI for OCSP validation -SSLOCSPEnable on|off off svEEnable OCSP validation of the client certificate chain -SSLOCSPOverrideResponder on|off off svEForce use of the default responder URI for OCSP validation -SSLOCSPResponderTimeout seconds 10 svETimeout for OCSP queries -SSLOCSPResponseMaxAge seconds -1 svEMaximum allowable age for OCSP responses -SSLOCSPResponseTimeSkew seconds 300 svEMaximum allowable time skew for OCSP response validation -SSLOCSPUseRequestNonce on|off on svEUse a nonce within OCSP queries -SSLOpenSSLConfCmd command-name command-valuesvEConfigure OpenSSL parameters through its SSL_CONF API -SSLOptions [+|-]option ...svdhEConfigure various SSL engine run-time options -SSLPassPhraseDialog type builtin sEType of pass phrase dialog for encrypted private +SSLCompression on|off off svEEnable compression on the SSL level +SSLCryptoDevice engine builtin sEEnable use of a cryptographic hardware accelerator +SSLEngine on|off|optional off svESSL Engine Operation Switch +SSLFIPS on|off off sESSL FIPS mode Switch +SSLHonorCipherOrder on|off off svEOption to prefer the server's cipher preference order +SSLInsecureRenegotiation on|off off svEOption to enable support for insecure renegotiation +SSLOCSDefaultResponder urisvESet the default responder URI for OCSP validation +SSLOCSPEnable on|off off svEEnable OCSP validation of the client certificate chain +SSLOCSPOverrideResponder on|off off svEForce use of the default responder URI for OCSP validation +SSLOCSPResponderTimeout seconds 10 svETimeout for OCSP queries +SSLOCSPResponseMaxAge seconds -1 svEMaximum allowable age for OCSP responses +SSLOCSPResponseTimeSkew seconds 300 svEMaximum allowable time skew for OCSP response validation +SSLOCSPUseRequestNonce on|off on svEUse a nonce within OCSP queries +SSLOpenSSLConfCmd command-name command-valuesvEConfigure OpenSSL parameters through its SSL_CONF API +SSLOptions [+|-]option ...svdhEConfigure various SSL engine run-time options +SSLPassPhraseDialog type builtin sEType of pass phrase dialog for encrypted private keys -SSLProtocol [+|-]protocol ... all svEConfigure usable SSL/TLS protocol versions -SSLProxyCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates +SSLProtocol [+|-]protocol ... all -SSLv3 (up to 2 +svEConfigure usable SSL/TLS protocol versions +SSLProxyCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates for Remote Server Auth -SSLProxyCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for +SSLProxyCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for Remote Server Auth -SSLProxyCARevocationCheck chain|leaf|none none svEEnable CRL-based revocation checking for Remote Server Auth -SSLProxyCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for +SSLProxyCARevocationCheck chain|leaf|none none svEEnable CRL-based revocation checking for Remote Server Auth +SSLProxyCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for Remote Server Auth -SSLProxyCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for +SSLProxyCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for Remote Server Auth -SSLProxyCheckPeerCN on|off on svEWhether to check the remote server certificate's CN field +SSLProxyCheckPeerCN on|off on svEWhether to check the remote server certificate's CN field -SSLProxyCheckPeerExpire on|off on svEWhether to check if remote server certificate is expired +SSLProxyCheckPeerExpire on|off on svEWhether to check if remote server certificate is expired -SSLProxyCheckPeerName on|off on svEConfigure host name checking for remote server certificates +SSLProxyCheckPeerName on|off on svEConfigure host name checking for remote server certificates -SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhECipher Suite available for negotiation in SSL +SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhECipher Suite available for negotiation in SSL proxy handshake -SSLProxyEngine on|off off svESSL Proxy Engine Operation Switch -SSLProxyMachineCertificateChainFile filenamesEFile of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate -SSLProxyMachineCertificateFile filenamesEFile of concatenated PEM-encoded client certificates and keys to be used by the proxy -SSLProxyMachineCertificatePath directorysEDirectory of PEM-encoded client certificates and keys to be used by the proxy -SSLProxyProtocol [+|-]protocol ... all svEConfigure usable SSL protocol flavors for proxy usage -SSLProxyVerify level none svEType of remote server Certificate verification -SSLProxyVerifyDepth number 1 svEMaximum depth of CA Certificates in Remote Server +SSLProxyEngine on|off off svESSL Proxy Engine Operation Switch +SSLProxyMachineCertificateChainFile filenamesEFile of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate +SSLProxyMachineCertificateFile filenamesEFile of concatenated PEM-encoded client certificates and keys to be used by the proxy +SSLProxyMachineCertificatePath directorysEDirectory of PEM-encoded client certificates and keys to be used by the proxy +SSLProxyProtocol [+|-]protocol ... all -SSLv3 (up to 2 +svEConfigure usable SSL protocol flavors for proxy usage +SSLProxyVerify level none svEType of remote server Certificate verification +SSLProxyVerifyDepth number 1 svEMaximum depth of CA Certificates in Remote Server Certificate verification -SSLRandomSeed context source -[bytes]sEPseudo Random Number Generator (PRNG) seeding +SSLRandomSeed context source +[bytes]sEPseudo Random Number Generator (PRNG) seeding source -SSLRenegBufferSize bytes 131072 dhESet the size for the SSL renegotiation buffer -SSLRequire expressiondhEAllow access only when an arbitrarily complex +SSLRenegBufferSize bytes 131072 dhESet the size for the SSL renegotiation buffer +SSLRequire expressiondhEAllow access only when an arbitrarily complex boolean expression is true -SSLRequireSSLdhEDeny access when SSL is not used for the +SSLRequireSSLdhEDeny access when SSL is not used for the HTTP request -SSLSessionCache type none sEType of the global/inter-process SSL Session +SSLSessionCache type none sEType of the global/inter-process SSL Session Cache -SSLSessionCacheTimeout seconds 300 svENumber of seconds before an SSL session expires +SSLSessionCacheTimeout seconds 300 svENumber of seconds before an SSL session expires in the Session Cache -SSLSessionTicketKeyFile file-pathsvEPersistent encryption/decryption key for TLS session tickets -SSLSessionTickets on|off on svEEnable or disable use of TLS session tickets -SSLSRPUnknownUserSeed secret-stringsvESRP unknown user seed -SSLSRPVerifierFile file-pathsvEPath to SRP verifier file -SSLStaplingCache typesEConfigures the OCSP stapling cache -SSLStaplingErrorCacheTimeout seconds 600 svENumber of seconds before expiring invalid responses in the OCSP stapling cache -SSLStaplingFakeTryLater on|off on svESynthesize "tryLater" responses for failed OCSP stapling queries -SSLStaplingForceURL urisvEOverride the OCSP responder URI specified in the certificate's AIA extension -SSLStaplingResponderTimeout seconds 10 svETimeout for OCSP stapling queries -SSLStaplingResponseMaxAge seconds -1 svEMaximum allowable age for OCSP stapling responses -SSLStaplingResponseTimeSkew seconds 300 svEMaximum allowable time skew for OCSP stapling response validation -SSLStaplingReturnResponderErrors on|off on svEPass stapling related OCSP errors on to client -SSLStaplingStandardCacheTimeout seconds 3600 svENumber of seconds before expiring responses in the OCSP stapling cache -SSLStrictSNIVHostCheck on|off off svEWhether to allow non-SNI clients to access a name-based virtual +SSLSessionTicketKeyFile file-pathsvEPersistent encryption/decryption key for TLS session tickets +SSLSessionTickets on|off on svEEnable or disable use of TLS session tickets +SSLSRPUnknownUserSeed secret-stringsvESRP unknown user seed +SSLSRPVerifierFile file-pathsvEPath to SRP verifier file +SSLStaplingCache typesEConfigures the OCSP stapling cache +SSLStaplingErrorCacheTimeout seconds 600 svENumber of seconds before expiring invalid responses in the OCSP stapling cache +SSLStaplingFakeTryLater on|off on svESynthesize "tryLater" responses for failed OCSP stapling queries +SSLStaplingForceURL urisvEOverride the OCSP responder URI specified in the certificate's AIA extension +SSLStaplingResponderTimeout seconds 10 svETimeout for OCSP stapling queries +SSLStaplingResponseMaxAge seconds -1 svEMaximum allowable age for OCSP stapling responses +SSLStaplingResponseTimeSkew seconds 300 svEMaximum allowable time skew for OCSP stapling response validation +SSLStaplingReturnResponderErrors on|off on svEPass stapling related OCSP errors on to client +SSLStaplingStandardCacheTimeout seconds 3600 svENumber of seconds before expiring responses in the OCSP stapling cache +SSLStrictSNIVHostCheck on|off off svEWhether to allow non-SNI clients to access a name-based virtual host. -SSLUserName varnamesdhEVariable name to determine user name -SSLUseStapling on|off off svEEnable stapling of OCSP responses in the TLS handshake -SSLVerifyClient level none svdhEType of Client Certificate verification -SSLVerifyDepth number 1 svdhEMaximum depth of CA Certificates in Client +SSLUserName varnamesdhEVariable name to determine user name +SSLUseStapling on|off off svEEnable stapling of OCSP responses in the TLS handshake +SSLVerifyClient level none svdhEType of Client Certificate verification +SSLVerifyDepth number 1 svdhEMaximum depth of CA Certificates in Client Certificate verification -StartServers AnzahlsMAnzahl der Kindprozesse des Servers, die beim Start erstellt +StartServers AnzahlsMAnzahl der Kindprozesse des Servers, die beim Start erstellt werden -StartThreads AnzahlsMAnzahl der Threads, die beim Start erstellt werden -Substitute s/pattern/substitution/[infq]dhEPattern to filter the response content +StartThreads AnzahlsMAnzahl der Threads, die beim Start erstellt werden +Substitute s/pattern/substitution/[infq]dhEPattern to filter the response content +SubstituteInheritBefore on|off off dhEChange the merge order of inherited patterns SubstituteMaxLineLength bytes(b|B|k|K|m|M|g|G) 1m dhESet the maximum line size Suexec On|OffsBEnable or disable the suEXEC feature SuexecUserGroup User GroupsvEUser and group for CGI programs to run as diff --git a/docs/manual/mod/quickreference.html.en b/docs/manual/mod/quickreference.html.en index ca697e87..11a38299 100644 --- a/docs/manual/mod/quickreference.html.en +++ b/docs/manual/mod/quickreference.html.en @@ -467,116 +467,127 @@ media type in the HTTP Content-Type header field will exit. Group unix-group #-1 sBGroup under which the server will answer requests -Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note +H2Direct on|off on (for non TLS) svEH2 Direct Protocol Switch +H2MaxSessionStreams n 100 svEMaximum number of active streams per HTTP/2 session. +H2MaxWorkerIdleSeconds n 600 sEMaximum number of seconds h2 workers remain idle until shut down. +H2MaxWorkers nsEMaximum number of worker threads to use per child process. +H2MinWorkers nsEMinimal number of worker threads to use per child process. +H2SerializeHeaders on|off off svESerialize Request/Resoonse Processing Switch +H2SessionExtraFiles n 5 svENumber of Extra File Handles +H2StreamMaxMemSize bytes 65536 svEMaximum amount of output data buffered per stream. +H2WindowSize bytes 65536 svESize of Stream Window for upstream data. +Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] -svdhEConfigure HTTP response headers -HeaderName filenamesvdhBName of the file that will be inserted at the top +svdhEConfigure HTTP response headers +HeaderName filenamesvdhBName of the file that will be inserted at the top of the index listing -HeartbeatAddress addr:portsXMulticast address for heartbeat packets -HeartbeatListenaddr:portsXmulticast address to listen for incoming heartbeat requests -HeartbeatMaxServers number-of-servers 10 sXSpecifies the maximum number of servers that will be sending +HeartbeatAddress addr:portsXMulticast address for heartbeat packets +HeartbeatListenaddr:portsXmulticast address to listen for incoming heartbeat requests +HeartbeatMaxServers number-of-servers 10 sXSpecifies the maximum number of servers that will be sending heartbeat requests to this server -HeartbeatStorage file-path logs/hb.dat sXPath to store heartbeat data -HeartbeatStorage file-path logs/hb.dat sXPath to read heartbeat data -HostnameLookups On|Off|Double Off svdCEnables DNS lookups on client IP addresses -IdentityCheck On|Off Off svdEEnables logging of the RFC 1413 identity of the remote +HeartbeatStorage file-path logs/hb.dat sXPath to store heartbeat data +HeartbeatStorage file-path logs/hb.dat sXPath to read heartbeat data +HostnameLookups On|Off|Double Off svdCEnables DNS lookups on client IP addresses +IdentityCheck On|Off Off svdEEnables logging of the RFC 1413 identity of the remote user -IdentityCheckTimeout seconds 30 svdEDetermines the timeout duration for ident requests -<If expression> ... </If>svdhCContains directives that apply only if a condition is +IdentityCheckTimeout seconds 30 svdEDetermines the timeout duration for ident requests +<If expression> ... </If>svdhCContains directives that apply only if a condition is satisfied by a request at runtime -<IfDefine [!]parameter-name> ... - </IfDefine>svdhCEncloses directives that will be processed only +<IfDefine [!]parameter-name> ... + </IfDefine>svdhCEncloses directives that will be processed only if a test is true at startup -<IfModule [!]module-file|module-identifier> ... - </IfModule>svdhCEncloses directives that are processed conditional on the +<IfModule [!]module-file|module-identifier> ... + </IfModule>svdhCEncloses directives that are processed conditional on the presence or absence of a specific module -<IfVersion [[!]operator] version> ... -</IfVersion>svdhEcontains version dependent configuration -ImapBase map|referer|URL http://servername/ svdhBDefault base for imagemap files -ImapDefault error|nocontent|map|referer|URL nocontent svdhBDefault action when an imagemap is called with coordinates +<IfVersion [[!]operator] version> ... +</IfVersion>svdhEcontains version dependent configuration +ImapBase map|referer|URL http://servername/ svdhBDefault base for imagemap files +ImapDefault error|nocontent|map|referer|URL nocontent svdhBDefault action when an imagemap is called with coordinates that are not explicitly mapped -ImapMenu none|formatted|semiformatted|unformatted formatted svdhBAction if no coordinates are given when calling +ImapMenu none|formatted|semiformatted|unformatted formatted svdhBAction if no coordinates are given when calling an imagemap -Include file-path|directory-path|wildcardsvdCIncludes other configuration files from within +Include file-path|directory-path|wildcardsvdCIncludes other configuration files from within the server configuration files -IncludeOptional file-path|directory-path|wildcardsvdCIncludes other configuration files from within +IncludeOptional file-path|directory-path|wildcardsvdCIncludes other configuration files from within the server configuration files -IndexHeadInsert "markup ..."svdhBInserts text in the HEAD section of an index page. -IndexIgnore file [file] ... "." svdhBAdds to the list of files to hide when listing +IndexHeadInsert "markup ..."svdhBInserts text in the HEAD section of an index page. +IndexIgnore file [file] ... "." svdhBAdds to the list of files to hide when listing a directory -IndexIgnoreReset ON|OFFsvdhBEmpties the list of files to hide when listing +IndexIgnoreReset ON|OFFsvdhBEmpties the list of files to hide when listing a directory -IndexOptions [+|-]option [[+|-]option] -...svdhBVarious configuration settings for directory +IndexOptions [+|-]option [[+|-]option] +...svdhBVarious configuration settings for directory indexing -IndexOrderDefault Ascending|Descending -Name|Date|Size|Description Ascending Name svdhBSets the default ordering of the directory index -IndexStyleSheet url-pathsvdhBAdds a CSS stylesheet to the directory index -InputSed sed-commanddhXSed command to filter request data (typically POST data) -ISAPIAppendLogToErrors on|off off svdhBRecord HSE_APPEND_LOG_PARAMETER requests from +IndexOrderDefault Ascending|Descending +Name|Date|Size|Description Ascending Name svdhBSets the default ordering of the directory index +IndexStyleSheet url-pathsvdhBAdds a CSS stylesheet to the directory index +InputSed sed-commanddhXSed command to filter request data (typically POST data) +ISAPIAppendLogToErrors on|off off svdhBRecord HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the error log -ISAPIAppendLogToQuery on|off on svdhBRecord HSE_APPEND_LOG_PARAMETER requests from +ISAPIAppendLogToQuery on|off on svdhBRecord HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the query field -ISAPICacheFile file-path [file-path] -...svBISAPI .dll files to be loaded at startup -ISAPIFakeAsync on|off off svdhBFake asynchronous support for ISAPI callbacks -ISAPILogNotSupported on|off off svdhBLog unsupported feature requests from ISAPI +ISAPICacheFile file-path [file-path] +...svBISAPI .dll files to be loaded at startup +ISAPIFakeAsync on|off off svdhBFake asynchronous support for ISAPI callbacks +ISAPILogNotSupported on|off off svdhBLog unsupported feature requests from ISAPI extensions -ISAPIReadAheadBuffer size 49152 svdhBSize of the Read Ahead Buffer sent to ISAPI +ISAPIReadAheadBuffer size 49152 svdhBSize of the Read Ahead Buffer sent to ISAPI extensions -KeepAlive On|Off On svCEnables HTTP persistent connections -KeepAliveTimeout num[ms] 5 svCAmount of time the server will wait for subsequent +KeepAlive On|Off On svCEnables HTTP persistent connections +KeepAliveTimeout num[ms] 5 svCAmount of time the server will wait for subsequent requests on a persistent connection -KeptBodySize maximum size in bytes 0 dBKeep the request body instead of discarding it up to +KeptBodySize maximum size in bytes 0 dBKeep the request body instead of discarding it up to the specified maximum size, for potential use by filters such as mod_include. -LanguagePriority MIME-lang [MIME-lang] -...svdhBThe precendence of language variants for cases where +LanguagePriority MIME-lang [MIME-lang] +...svdhBThe precendence of language variants for cases where the client does not express a preference -LDAPCacheEntries number 1024 sEMaximum number of entries in the primary LDAP cache -LDAPCacheTTL seconds 600 sETime that cached items remain valid -LDAPConnectionPoolTTL n -1 svEDiscard backend connections that have been sitting in the connection pool too long -LDAPConnectionTimeout secondssESpecifies the socket connection timeout in seconds -LDAPLibraryDebug 7sEEnable debugging in the LDAP SDK -LDAPOpCacheEntries number 1024 sENumber of entries used to cache LDAP compare +LDAPCacheEntries number 1024 sEMaximum number of entries in the primary LDAP cache +LDAPCacheTTL seconds 600 sETime that cached items remain valid +LDAPConnectionPoolTTL n -1 svEDiscard backend connections that have been sitting in the connection pool too long +LDAPConnectionTimeout secondssESpecifies the socket connection timeout in seconds +LDAPLibraryDebug 7sEEnable debugging in the LDAP SDK +LDAPOpCacheEntries number 1024 sENumber of entries used to cache LDAP compare operations -LDAPOpCacheTTL seconds 600 sETime that entries in the operation cache remain +LDAPOpCacheTTL seconds 600 sETime that entries in the operation cache remain valid -LDAPReferralHopLimit numberdhEThe maximum number of referral hops to chase before terminating an LDAP query. -LDAPReferrals On|Off|default On dhEEnable referral chasing during queries to the LDAP server. -LDAPRetries number-of-retries 3 sEConfigures the number of LDAP server retries. -LDAPRetryDelay seconds 0 sEConfigures the delay between LDAP server retries. -LDAPSharedCacheFile directory-path/filenamesESets the shared memory cache file -LDAPSharedCacheSize bytes 500000 sESize in bytes of the shared-memory cache -LDAPTimeout seconds 60 sESpecifies the timeout for LDAP search and bind operations, in seconds -LDAPTrustedClientCert type directory-path/filename/nickname [password]dhESets the file containing or nickname referring to a per +LDAPReferralHopLimit numberdhEThe maximum number of referral hops to chase before terminating an LDAP query. +LDAPReferrals On|Off|default On dhEEnable referral chasing during queries to the LDAP server. +LDAPRetries number-of-retries 3 sEConfigures the number of LDAP server retries. +LDAPRetryDelay seconds 0 sEConfigures the delay between LDAP server retries. +LDAPSharedCacheFile directory-path/filenamesESets the shared memory cache file +LDAPSharedCacheSize bytes 500000 sESize in bytes of the shared-memory cache +LDAPTimeout seconds 60 sESpecifies the timeout for LDAP search and bind operations, in seconds +LDAPTrustedClientCert type directory-path/filename/nickname [password]dhESets the file containing or nickname referring to a per connection client certificate. Not all LDAP toolkits support per connection client certificates. -LDAPTrustedGlobalCert type directory-path/filename [password]sESets the file or database containing global trusted +LDAPTrustedGlobalCert type directory-path/filename [password]sESets the file or database containing global trusted Certificate Authority or global client certificates -LDAPTrustedMode typesvESpecifies the SSL/TLS mode to be used when connecting to an LDAP server. -LDAPVerifyServerCert On|Off On sEForce server certificate verification -<Limit method [method] ... > ... - </Limit>dhCRestrict enclosed access controls to only certain HTTP +LDAPTrustedMode typesvESpecifies the SSL/TLS mode to be used when connecting to an LDAP server. +LDAPVerifyServerCert On|Off On sEForce server certificate verification +<Limit method [method] ... > ... + </Limit>dhCRestrict enclosed access controls to only certain HTTP methods -<LimitExcept method [method] ... > ... - </LimitExcept>dhCRestrict access controls to all HTTP methods +<LimitExcept method [method] ... > ... + </LimitExcept>dhCRestrict access controls to all HTTP methods except the named ones -LimitInternalRecursion number [number] 10 svCDetermine maximum number of internal redirects and nested +LimitInternalRecursion number [number] 10 svCDetermine maximum number of internal redirects and nested subrequests -LimitRequestBody bytes 0 svdhCRestricts the total size of the HTTP request body sent +LimitRequestBody bytes 0 svdhCRestricts the total size of the HTTP request body sent from the client -LimitRequestFields number 100 svCLimits the number of HTTP request header fields that +LimitRequestFields number 100 svCLimits the number of HTTP request header fields that will be accepted from the client -LimitRequestFieldSize bytes 8190 svCLimits the size of the HTTP request header allowed from the +LimitRequestFieldSize bytes 8190 svCLimits the size of the HTTP request header allowed from the client -LimitRequestLine bytes 8190 svCLimit the size of the HTTP request line that will be accepted +LimitRequestLine bytes 8190 svCLimit the size of the HTTP request line that will be accepted from the client -LimitXMLRequestBody bytes 1000000 svdhCLimits the size of an XML-based request body -Listen [IP-address:]portnumber [protocol]sMIP addresses and ports that the server +LimitXMLRequestBody bytes 1000000 svdhCLimits the size of an XML-based request body +Listen [IP-address:]portnumber [protocol]sMIP addresses and ports that the server listens to -ListenBacklog backlogsMMaximum length of the queue of pending connections +ListenBacklog backlogsMMaximum length of the queue of pending connections +ListenCoresBucketsRatio ratio 0 (disabled) sMRatio between the number of CPU cores (online) and the number of +listeners' buckets LoadFile filename [filename] ...svELink in the named object file or library LoadModule module filenamesvELinks in the object file or library, and adds to the list of active modules @@ -639,380 +650,384 @@ simultaneously MaxSpareServers number 10 sMMaximum number of idle child server processes MaxSpareThreads numbersMMaximum number of idle threads MaxThreads number 2048 sMSet the maximum number of worker threads -MergeTrailers [on|off] off svCDetermines whether trailers are merged into headers -MetaDir directory .web svdhEName of the directory to find CERN-style meta information +MemcacheConnTTL num[units] 15s svEKeepalive time for idle connections +MergeTrailers [on|off] off svCDetermines whether trailers are merged into headers +MetaDir directory .web svdhEName of the directory to find CERN-style meta information files -MetaFiles on|off off svdhEActivates CERN meta-file processing -MetaSuffix suffix .meta svdhEFile name suffix for the file containing CERN-style +MetaFiles on|off off svdhEActivates CERN meta-file processing +MetaSuffix suffix .meta svdhEFile name suffix for the file containing CERN-style meta information -MimeMagicFile file-pathsvEEnable MIME-type determination based on file contents +MimeMagicFile file-pathsvEEnable MIME-type determination based on file contents using the specified magic file -MinSpareServers number 5 sMMinimum number of idle child server processes -MinSpareThreads numbersMMinimum number of idle threads available to handle request +MinSpareServers number 5 sMMinimum number of idle child server processes +MinSpareThreads numbersMMinimum number of idle threads available to handle request spikes -MMapFile file-path [file-path] ...sXMap a list of files into memory at startup time -ModemStandard V.21|V.26bis|V.32|V.92dXModem standard to simulate -ModMimeUsePathInfo On|Off Off dBTells mod_mime to treat path_info +MMapFile file-path [file-path] ...sXMap a list of files into memory at startup time +ModemStandard V.21|V.26bis|V.32|V.92dXModem standard to simulate +ModMimeUsePathInfo On|Off Off dBTells mod_mime to treat path_info components as part of the filename -MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers -[Handlers|Filters] NegotiatedOnly svdhBThe types of files that will be included when searching for +MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers +[Handlers|Filters] NegotiatedOnly svdhBThe types of files that will be included when searching for a matching file with MultiViews -Mutex mechanism [default|mutex-name] ... [OmitPID] default sCConfigures mutex mechanism and lock file directory for all +Mutex mechanism [default|mutex-name] ... [OmitPID] default sCConfigures mutex mechanism and lock file directory for all or specified mutexes -NameVirtualHost addr[:port]sCDEPRECATED: Designates an IP address for name-virtual +NameVirtualHost addr[:port]sCDEPRECATED: Designates an IP address for name-virtual hosting -NoProxy host [host] ...svEHosts, domains, or networks that will be connected to +NoProxy host [host] ...svEHosts, domains, or networks that will be connected to directly -NWSSLTrustedCerts filename [filename] ...sBList of additional client certificates -NWSSLUpgradeable [IP-address:]portnumbersBAllows a connection to be upgraded to an SSL connection upon request -Options - [+|-]option [[+|-]option] ... FollowSymlinks svdhCConfigures what features are available in a particular +NWSSLTrustedCerts filename [filename] ...sBList of additional client certificates +NWSSLUpgradeable [IP-address:]portnumbersBAllows a connection to be upgraded to an SSL connection upon request +Options + [+|-]option [[+|-]option] ... FollowSymlinks svdhCConfigures what features are available in a particular directory - Order ordering Deny,Allow dhEControls the default access state and the order in which + Order ordering Deny,Allow dhEControls the default access state and the order in which Allow and Deny are evaluated. -OutputSed sed-commanddhXSed command for filtering response content -PassEnv env-variable [env-variable] -...svdhBPasses environment variables from the shell -PidFile filename logs/httpd.pid sMFile where the server records the process ID +OutputSed sed-commanddhXSed command for filtering response content +PassEnv env-variable [env-variable] +...svdhBPasses environment variables from the shell +PidFile filename logs/httpd.pid sMFile where the server records the process ID of the daemon -PrivilegesMode FAST|SECURE|SELECTIVE FAST svdXTrade off processing speed and efficiency vs security against +PrivilegesMode FAST|SECURE|SELECTIVE FAST svdXTrade off processing speed and efficiency vs security against malicious privileges-aware code. -Protocol protocolsvCProtocol for a listening socket -ProtocolEcho On|Off Off svXTurn the echo server on or off -<Proxy wildcard-url> ...</Proxy>svEContainer for directives applied to proxied resources -ProxyAddHeaders Off|On On svdEAdd proxy information in X-Forwarded-* headers -ProxyBadHeader IsError|Ignore|StartBody IsError svEDetermines how to handle bad header lines in a +Protocol protocolsvCProtocol for a listening socket +ProtocolEcho On|Off Off svXTurn the echo server on or off +Protocols protocol ... http/1.1 svCProtocols available for a server/virtual host +ProtocolsHonorOrder On|Off On svCDetermines if order of Protocols determines precedence during negotiation +<Proxy wildcard-url> ...</Proxy>svEContainer for directives applied to proxied resources +ProxyAddHeaders Off|On On svdEAdd proxy information in X-Forwarded-* headers +ProxyBadHeader IsError|Ignore|StartBody IsError svEDetermines how to handle bad header lines in a response -ProxyBlock *|word|host|domain -[word|host|domain] ...svEWords, hosts, or domains that are banned from being +ProxyBlock *|word|host|domain +[word|host|domain] ...svEWords, hosts, or domains that are banned from being proxied -ProxyDomain DomainsvEDefault domain name for proxied requests -ProxyErrorOverride On|Off Off svdEOverride error pages for proxied content -ProxyExpressDBMFile <pathname>svEPathname to DBM file. -ProxyExpressDBMFile <type>svEDBM type of file. -ProxyExpressEnable [on|off]svEEnable the module functionality. -ProxyFtpDirCharset character set ISO-8859-1 svdEDefine the character set for proxied FTP listings -ProxyFtpEscapeWildcards [on|off]svdEWhether wildcards in requested filenames are escaped when sent to the FTP server -ProxyFtpListOnWildcard [on|off]svdEWhether wildcards in requested filenames trigger a file listing -ProxyHTMLBufSize bytessvdBSets the buffer size increment for buffering inline scripts and +ProxyDomain DomainsvEDefault domain name for proxied requests +ProxyErrorOverride On|Off Off svdEOverride error pages for proxied content +ProxyExpressDBMFile <pathname>svEPathname to DBM file. +ProxyExpressDBMFile <type>svEDBM type of file. +ProxyExpressEnable [on|off]svEEnable the module functionality. +ProxyFtpDirCharset character set ISO-8859-1 svdEDefine the character set for proxied FTP listings +ProxyFtpEscapeWildcards [on|off]svdEWhether wildcards in requested filenames are escaped when sent to the FTP server +ProxyFtpListOnWildcard [on|off]svdEWhether wildcards in requested filenames trigger a file listing +ProxyHTMLBufSize bytessvdBSets the buffer size increment for buffering inline scripts and stylesheets. -ProxyHTMLCharsetOut Charset | *svdBSpecify a charset for mod_proxy_html output. -ProxyHTMLDocType HTML|XHTML [Legacy]
    OR -
    ProxyHTMLDocType fpi [SGML|XML]    svdBSets an HTML or XHTML document type declaration. -ProxyHTMLEnable On|Off Off svdBTurns the proxy_html filter on or off. -ProxyHTMLEvents attribute [attribute ...]svdBSpecify attributes to treat as scripting events. -ProxyHTMLExtended On|Off Off svdBDetermines whether to fix links in inline scripts, stylesheets, +ProxyHTMLCharsetOut Charset | *svdBSpecify a charset for mod_proxy_html output. +ProxyHTMLDocType HTML|XHTML [Legacy]
    OR +
    ProxyHTMLDocType fpi [SGML|XML]    svdBSets an HTML or XHTML document type declaration. +ProxyHTMLEnable On|Off Off svdBTurns the proxy_html filter on or off. +ProxyHTMLEvents attribute [attribute ...]svdBSpecify attributes to treat as scripting events. +ProxyHTMLExtended On|Off Off svdBDetermines whether to fix links in inline scripts, stylesheets, and scripting events. -ProxyHTMLFixups [lowercase] [dospath] [reset]svdBFixes for simple HTML errors. -ProxyHTMLInterp On|Off Off svdBEnables per-request interpolation of +ProxyHTMLFixups [lowercase] [dospath] [reset]svdBFixes for simple HTML errors. +ProxyHTMLInterp On|Off Off svdBEnables per-request interpolation of ProxyHTMLURLMap rules. -ProxyHTMLLinks element attribute [attribute2 ...]svdBSpecify HTML elements that have URL attributes to be rewritten. -ProxyHTMLMeta On|Off Off svdBTurns on or off extra pre-parsing of metadata in HTML +ProxyHTMLLinks element attribute [attribute2 ...]svdBSpecify HTML elements that have URL attributes to be rewritten. +ProxyHTMLMeta On|Off Off svdBTurns on or off extra pre-parsing of metadata in HTML <head> sections. -ProxyHTMLStripComments On|Off Off svdBDetermines whether to strip HTML comments. -ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]svdBDefines a rule to rewrite HTML links -ProxyIOBufferSize bytes 8192 svEDetermine size of internal data throughput buffer -<ProxyMatch regex> ...</ProxyMatch>svEContainer for directives applied to regular-expression-matched +ProxyHTMLStripComments On|Off Off svdBDetermines whether to strip HTML comments. +ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]svdBDefines a rule to rewrite HTML links +ProxyIOBufferSize bytes 8192 svEDetermine size of internal data throughput buffer +<ProxyMatch regex> ...</ProxyMatch>svEContainer for directives applied to regular-expression-matched proxied resources -ProxyMaxForwards number -1 svEMaximium number of proxies that a request can be forwarded +ProxyMaxForwards number -1 svEMaximium number of proxies that a request can be forwarded through -ProxyPass [path] !|url [key=value - [key=value ...]] [nocanon] [interpolate] [noquery]svdEMaps remote servers into the local server URL-space -ProxyPassInherit On|Off On svEInherit ProxyPass directives defined from the main server -ProxyPassInterpolateEnv On|Off Off svdEEnable Environment Variable interpolation in Reverse Proxy configurations -ProxyPassMatch [regex] !|url [key=value - [key=value ...]]svdEMaps remote servers into the local server URL-space using regular expressions -ProxyPassReverse [path] url -[interpolate]svdEAdjusts the URL in HTTP response headers sent from a reverse +ProxyPass [path] !|url [key=value + [key=value ...]] [nocanon] [interpolate] [noquery]svdEMaps remote servers into the local server URL-space +ProxyPassInherit On|Off On svEInherit ProxyPass directives defined from the main server +ProxyPassInterpolateEnv On|Off Off svdEEnable Environment Variable interpolation in Reverse Proxy configurations +ProxyPassMatch [regex] !|url [key=value + [key=value ...]]svdEMaps remote servers into the local server URL-space using regular expressions +ProxyPassReverse [path] url +[interpolate]svdEAdjusts the URL in HTTP response headers sent from a reverse proxied server -ProxyPassReverseCookieDomain internal-domain -public-domain [interpolate]svdEAdjusts the Domain string in Set-Cookie headers from a reverse- +ProxyPassReverseCookieDomain internal-domain +public-domain [interpolate]svdEAdjusts the Domain string in Set-Cookie headers from a reverse- proxied server -ProxyPassReverseCookiePath internal-path -public-path [interpolate]svdEAdjusts the Path string in Set-Cookie headers from a reverse- +ProxyPassReverseCookiePath internal-path +public-path [interpolate]svdEAdjusts the Path string in Set-Cookie headers from a reverse- proxied server -ProxyPreserveHost On|Off Off svdEUse incoming Host HTTP request header for proxy +ProxyPreserveHost On|Off Off svdEUse incoming Host HTTP request header for proxy request -ProxyReceiveBufferSize bytes 0 svENetwork buffer size for proxied HTTP and FTP +ProxyReceiveBufferSize bytes 0 svENetwork buffer size for proxied HTTP and FTP connections -ProxyRemote match remote-serversvERemote proxy used to handle certain requests -ProxyRemoteMatch regex remote-serversvERemote proxy used to handle requests matched by regular +ProxyRemote match remote-serversvERemote proxy used to handle certain requests +ProxyRemoteMatch regex remote-serversvERemote proxy used to handle requests matched by regular expressions -ProxyRequests On|Off Off svEEnables forward (standard) proxy requests -ProxySCGIInternalRedirect On|Off|Headername On svdEEnable or disable internal redirect responses from the +ProxyRequests On|Off Off svEEnables forward (standard) proxy requests +ProxySCGIInternalRedirect On|Off|Headername On svdEEnable or disable internal redirect responses from the backend -ProxySCGISendfile On|Off|Headername Off svdEEnable evaluation of X-Sendfile pseudo response +ProxySCGISendfile On|Off|Headername Off svdEEnable evaluation of X-Sendfile pseudo response header -ProxySet url key=value [key=value ...]dESet various Proxy balancer or member parameters -ProxySourceAddress addresssvESet local IP address for outgoing proxy connections -ProxyStatus Off|On|Full Off svEShow Proxy LoadBalancer status in mod_status -ProxyTimeout secondssvENetwork timeout for proxied requests -ProxyVia On|Off|Full|Block Off svEInformation provided in the Via HTTP response +ProxySet url key=value [key=value ...]dESet various Proxy balancer or member parameters +ProxySourceAddress addresssvESet local IP address for outgoing proxy connections +ProxyStatus Off|On|Full Off svEShow Proxy LoadBalancer status in mod_status +ProxyTimeout secondssvENetwork timeout for proxied requests +ProxyVia On|Off|Full|Block Off svEInformation provided in the Via HTTP response header for proxied requests -ReadmeName filenamesvdhBName of the file that will be inserted at the end +ReadmeName filenamesvdhBName of the file that will be inserted at the end of the index listing -ReceiveBufferSize bytes 0 sMTCP receive buffer size -Redirect [status] URL-path -URLsvdhBSends an external redirect asking the client to fetch +ReceiveBufferSize bytes 0 sMTCP receive buffer size +Redirect [status] URL-path +URLsvdhBSends an external redirect asking the client to fetch a different URL -RedirectMatch [status] regex -URLsvdhBSends an external redirect based on a regular expression match +RedirectMatch [status] regex +URLsvdhBSends an external redirect based on a regular expression match of the current URL -RedirectPermanent URL-path URLsvdhBSends an external permanent redirect asking the client to fetch +RedirectPermanent URL-path URLsvdhBSends an external permanent redirect asking the client to fetch a different URL -RedirectTemp URL-path URLsvdhBSends an external temporary redirect asking the client to fetch +RedirectTemp URL-path URLsvdhBSends an external temporary redirect asking the client to fetch a different URL -ReflectorHeader inputheader [outputheader]svdhBReflect an input header to the output headers -RemoteIPHeader header-fieldsvBDeclare the header field which should be parsed for useragent IP addresses -RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...svBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value -RemoteIPInternalProxyList filenamesvBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value -RemoteIPProxiesHeader HeaderFieldNamesvBDeclare the header field which will record all intermediate IP addresses -RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...svBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value -RemoteIPTrustedProxyList filenamesvBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value -RemoveCharset extension [extension] -...vdhBRemoves any character set associations for a set of file +ReflectorHeader inputheader [outputheader]svdhBReflect an input header to the output headers +RemoteIPHeader header-fieldsvBDeclare the header field which should be parsed for useragent IP addresses +RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...svBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value +RemoteIPInternalProxyList filenamesvBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value +RemoteIPProxiesHeader HeaderFieldNamesvBDeclare the header field which will record all intermediate IP addresses +RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...svBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value +RemoteIPTrustedProxyList filenamesvBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value +RemoveCharset extension [extension] +...vdhBRemoves any character set associations for a set of file extensions -RemoveEncoding extension [extension] -...vdhBRemoves any content encoding associations for a set of file +RemoveEncoding extension [extension] +...vdhBRemoves any content encoding associations for a set of file extensions -RemoveHandler extension [extension] -...vdhBRemoves any handler associations for a set of file +RemoveHandler extension [extension] +...vdhBRemoves any handler associations for a set of file extensions -RemoveInputFilter extension [extension] -...vdhBRemoves any input filter associations for a set of file +RemoveInputFilter extension [extension] +...vdhBRemoves any input filter associations for a set of file extensions -RemoveLanguage extension [extension] -...vdhBRemoves any language associations for a set of file +RemoveLanguage extension [extension] +...vdhBRemoves any language associations for a set of file extensions -RemoveOutputFilter extension [extension] -...vdhBRemoves any output filter associations for a set of file +RemoveOutputFilter extension [extension] +...vdhBRemoves any output filter associations for a set of file extensions -RemoveType extension [extension] -...vdhBRemoves any content type associations for a set of file +RemoveType extension [extension] +...vdhBRemoves any content type associations for a set of file extensions -RequestHeader add|append|edit|edit*|merge|set|setifempty|unset +RequestHeader add|append|edit|edit*|merge|set|setifempty|unset header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] -svdhEConfigure HTTP request headers -RequestReadTimeout +svdhEConfigure HTTP request headers +RequestReadTimeout [header=timeout[-maxtimeout][,MinRate=rate] [body=timeout[-maxtimeout][,MinRate=rate] -svESet timeout values for receiving request headers and body from client. +svESet timeout values for receiving request headers and body from client. -Require [not] entity-name - [entity-name] ...dhBTests whether an authenticated user is authorized by +Require [not] entity-name + [entity-name] ...dhBTests whether an authenticated user is authorized by an authorization provider. -<RequireAll> ... </RequireAll>dhBEnclose a group of authorization directives of which none +<RequireAll> ... </RequireAll>dhBEnclose a group of authorization directives of which none must fail and at least one must succeed for the enclosing directive to succeed. -<RequireAny> ... </RequireAny>dhBEnclose a group of authorization directives of which one +<RequireAny> ... </RequireAny>dhBEnclose a group of authorization directives of which one must succeed for the enclosing directive to succeed. -<RequireNone> ... </RequireNone>dhBEnclose a group of authorization directives of which none +<RequireNone> ... </RequireNone>dhBEnclose a group of authorization directives of which none must succeed for the enclosing directive to not fail. -RewriteBase URL-pathdhESets the base URL for per-directory rewrites - RewriteCond - TestString CondPatternsvdhEDefines a condition under which rewriting will take place +RewriteBase URL-pathdhESets the base URL for per-directory rewrites + RewriteCond + TestString CondPatternsvdhEDefines a condition under which rewriting will take place -RewriteEngine on|off off svdhEEnables or disables runtime rewriting engine -RewriteMap MapName MapType:MapSource -svEDefines a mapping function for key-lookup -RewriteOptions OptionssvdhESets some special options for the rewrite engine -RewriteRule - Pattern Substitution [flags]svdhEDefines rules for the rewriting engine -RLimitCPU seconds|max [seconds|max]svdhCLimits the CPU consumption of processes launched +RewriteEngine on|off off svdhEEnables or disables runtime rewriting engine +RewriteMap MapName MapType:MapSource +svEDefines a mapping function for key-lookup +RewriteOptions OptionssvdhESets some special options for the rewrite engine +RewriteRule + Pattern Substitution [flags]svdhEDefines rules for the rewriting engine +RLimitCPU seconds|max [seconds|max]svdhCLimits the CPU consumption of processes launched by Apache httpd children -RLimitMEM bytes|max [bytes|max]svdhCLimits the memory consumption of processes launched +RLimitMEM bytes|max [bytes|max]svdhCLimits the memory consumption of processes launched by Apache httpd children -RLimitNPROC number|max [number|max]svdhCLimits the number of processes that can be launched by +RLimitNPROC number|max [number|max]svdhCLimits the number of processes that can be launched by processes launched by Apache httpd children -Satisfy Any|All All dhEInteraction between host-level access control and +Satisfy Any|All All dhEInteraction between host-level access control and user authentication -ScoreBoardFile file-path logs/apache_runtime +sMLocation of the file used to store coordination data for +ScoreBoardFile file-path logs/apache_runtime +sMLocation of the file used to store coordination data for the child processes -Script method cgi-scriptsvdBActivates a CGI script for a particular request +Script method cgi-scriptsvdBActivates a CGI script for a particular request method. -ScriptAlias URL-path -file-path|directory-pathsvBMaps a URL to a filesystem location and designates the +ScriptAlias URL-path +file-path|directory-pathsvBMaps a URL to a filesystem location and designates the target as a CGI script -ScriptAliasMatch regex -file-path|directory-pathsvBMaps a URL to a filesystem location using a regular expression +ScriptAliasMatch regex +file-path|directory-pathsvBMaps a URL to a filesystem location using a regular expression and designates the target as a CGI script -ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhCTechnique for locating the interpreter for CGI +ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhCTechnique for locating the interpreter for CGI scripts -ScriptLog file-pathsvBLocation of the CGI script error logfile -ScriptLogBuffer bytes 1024 svBMaximum amount of PUT or POST requests that will be recorded +ScriptLog file-pathsvBLocation of the CGI script error logfile +ScriptLogBuffer bytes 1024 svBMaximum amount of PUT or POST requests that will be recorded in the scriptlog -ScriptLogLength bytes 10385760 svBSize limit of the CGI script logfile -ScriptSock file-path cgisock sBThe filename prefix of the socket to use for communication with +ScriptLogLength bytes 10385760 svBSize limit of the CGI script logfile +ScriptSock file-path cgisock sBThe filename prefix of the socket to use for communication with the cgi daemon -SecureListen [IP-address:]portnumber -Certificate-Name [MUTUAL]sBEnables SSL encryption for the specified port -SeeRequestTail On|Off Off sCDetermine if mod_status displays the first 63 characters +SecureListen [IP-address:]portnumber +Certificate-Name [MUTUAL]sBEnables SSL encryption for the specified port +SeeRequestTail On|Off Off sCDetermine if mod_status displays the first 63 characters of a request or the last 63, assuming the request itself is greater than 63 chars. -SendBufferSize bytes 0 sMTCP buffer size -ServerAdmin email-address|URLsvCEmail address that the server includes in error +SendBufferSize bytes 0 sMTCP buffer size +ServerAdmin email-address|URLsvCEmail address that the server includes in error messages sent to the client -ServerAlias hostname [hostname] ...vCAlternate names for a host used when matching requests +ServerAlias hostname [hostname] ...vCAlternate names for a host used when matching requests to name-virtual hosts -ServerLimit numbersMUpper limit on configurable number of processes -ServerName [scheme://]fully-qualified-domain-name[:port]svCHostname and port that the server uses to identify +ServerLimit numbersMUpper limit on configurable number of processes +ServerName [scheme://]fully-qualified-domain-name[:port]svCHostname and port that the server uses to identify itself -ServerPath URL-pathvCLegacy URL pathname for a name-based virtual host that +ServerPath URL-pathvCLegacy URL pathname for a name-based virtual host that is accessed by an incompatible browser -ServerRoot directory-path /usr/local/apache sCBase directory for the server installation -ServerSignature On|Off|EMail Off svdhCConfigures the footer on server-generated documents -ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sCConfigures the Server HTTP response +ServerRoot directory-path /usr/local/apache sCBase directory for the server installation +ServerSignature On|Off|EMail Off svdhCConfigures the footer on server-generated documents +ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sCConfigures the Server HTTP response header -Session On|Off Off svdhEEnables a session for the current directory or location -SessionCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session -SessionCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session -SessionCookieRemove On|Off Off svdhEControl for whether session cookies should be removed from incoming HTTP headers -SessionCryptoCipher namesvdhXThe crypto cipher to be used to encrypt the session -SessionCryptoDriver name [param[=value]]sXThe crypto driver to be used to encrypt the session -SessionCryptoPassphrase secret [ secret ... ] svdhXThe key used to encrypt the session -SessionCryptoPassphraseFile filenamesvdXFile containing keys used to encrypt the session -SessionDBDCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session ID -SessionDBDCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session ID -SessionDBDCookieRemove On|Off On svdhEControl for whether session ID cookies should be removed from incoming HTTP headers -SessionDBDDeleteLabel label deletesession svdhEThe SQL query to use to remove sessions from the database -SessionDBDInsertLabel label insertsession svdhEThe SQL query to use to insert sessions into the database -SessionDBDPerUser On|Off Off svdhEEnable a per user session -SessionDBDSelectLabel label selectsession svdhEThe SQL query to use to select sessions from the database -SessionDBDUpdateLabel label updatesession svdhEThe SQL query to use to update existing sessions in the database -SessionEnv On|Off Off svdhEControl whether the contents of the session are written to the +Session On|Off Off svdhEEnables a session for the current directory or location +SessionCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session +SessionCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session +SessionCookieRemove On|Off Off svdhEControl for whether session cookies should be removed from incoming HTTP headers +SessionCryptoCipher namesvdhXThe crypto cipher to be used to encrypt the session +SessionCryptoDriver name [param[=value]]sXThe crypto driver to be used to encrypt the session +SessionCryptoPassphrase secret [ secret ... ] svdhXThe key used to encrypt the session +SessionCryptoPassphraseFile filenamesvdXFile containing keys used to encrypt the session +SessionDBDCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session ID +SessionDBDCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session ID +SessionDBDCookieRemove On|Off On svdhEControl for whether session ID cookies should be removed from incoming HTTP headers +SessionDBDDeleteLabel label deletesession svdhEThe SQL query to use to remove sessions from the database +SessionDBDInsertLabel label insertsession svdhEThe SQL query to use to insert sessions into the database +SessionDBDPerUser On|Off Off svdhEEnable a per user session +SessionDBDSelectLabel label selectsession svdhEThe SQL query to use to select sessions from the database +SessionDBDUpdateLabel label updatesession svdhEThe SQL query to use to update existing sessions in the database +SessionEnv On|Off Off svdhEControl whether the contents of the session are written to the HTTP_SESSION environment variable -SessionExclude pathsvdhEDefine URL prefixes for which a session is ignored -SessionHeader headersvdhEImport session updates from a given HTTP response header -SessionInclude pathsvdhEDefine URL prefixes for which a session is valid -SessionMaxAge maxage 0 svdhEDefine a maximum age in seconds for a session -SetEnv env-variable [value]svdhBSets environment variables -SetEnvIf attribute +SessionExclude pathsvdhEDefine URL prefixes for which a session is ignored +SessionHeader headersvdhEImport session updates from a given HTTP response header +SessionInclude pathsvdhEDefine URL prefixes for which a session is valid +SessionMaxAge maxage 0 svdhEDefine a maximum age in seconds for a session +SetEnv env-variable [value]svdhBSets environment variables +SetEnvIf attribute regex [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request + [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request -SetEnvIfExpr expr +SetEnvIfExpr expr [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhBSets environment variables based on an ap_expr expression -SetEnvIfNoCase attribute regex + [[!]env-variable[=value]] ...svdhBSets environment variables based on an ap_expr expression +SetEnvIfNoCase attribute regex [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request + [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request without respect to case -SetHandler handler-name|NonesvdhCForces all matching files to be processed by a +SetHandler handler-name|NonesvdhCForces all matching files to be processed by a handler -SetInputFilter filter[;filter...]svdhCSets the filters that will process client requests and POST +SetInputFilter filter[;filter...]svdhCSets the filters that will process client requests and POST input -SetOutputFilter filter[;filter...]svdhCSets the filters that will process responses from the +SetOutputFilter filter[;filter...]svdhCSets the filters that will process responses from the server -SSIEndTag tag "-->" svBString that ends an include element -SSIErrorMsg message "[an error occurred +svdhBError message displayed when there is an SSI +SSIEndTag tag "-->" svBString that ends an include element +SSIErrorMsg message "[an error occurred +svdhBError message displayed when there is an SSI error -SSIETag on|off off dhBControls whether ETags are generated by the server. -SSILastModified on|off off dhBControls whether Last-Modified headers are generated by the +SSIETag on|off off dhBControls whether ETags are generated by the server. +SSILastModified on|off off dhBControls whether Last-Modified headers are generated by the server. -SSILegacyExprParser on|off off dhBEnable compatibility mode for conditional expressions. -SSIStartTag tag "<!--#" svBString that starts an include element -SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhBConfigures the format in which date strings are +SSILegacyExprParser on|off off dhBEnable compatibility mode for conditional expressions. +SSIStartTag tag "<!--#" svBString that starts an include element +SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhBConfigures the format in which date strings are displayed -SSIUndefinedEcho string "(none)" svdhBString displayed when an unset variable is echoed -SSLCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates +SSIUndefinedEcho string "(none)" svdhBString displayed when an unset variable is echoed +SSLCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates for Client Auth -SSLCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for +SSLCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for Client Auth -SSLCADNRequestFile file-pathsvEFile of concatenated PEM-encoded CA Certificates +SSLCADNRequestFile file-pathsvEFile of concatenated PEM-encoded CA Certificates for defining acceptable CA names -SSLCADNRequestPath directory-pathsvEDirectory of PEM-encoded CA Certificates for +SSLCADNRequestPath directory-pathsvEDirectory of PEM-encoded CA Certificates for defining acceptable CA names -SSLCARevocationCheck chain|leaf|none none svEEnable CRL-based revocation checking -SSLCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for +SSLCARevocationCheck chain|leaf|none none svEEnable CRL-based revocation checking +SSLCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for Client Auth -SSLCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for +SSLCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for Client Auth -SSLCertificateChainFile file-pathsvEFile of PEM-encoded Server CA Certificates -SSLCertificateFile file-pathsvEServer PEM-encoded X.509 certificate data file -SSLCertificateKeyFile file-pathsvEServer PEM-encoded private key file -SSLCipherSuite cipher-spec DEFAULT (depends on +svdhECipher Suite available for negotiation in SSL +SSLCertificateChainFile file-pathsvEFile of PEM-encoded Server CA Certificates +SSLCertificateFile file-pathsvEServer PEM-encoded X.509 certificate data file +SSLCertificateKeyFile file-pathsvEServer PEM-encoded private key file +SSLCipherSuite cipher-spec DEFAULT (depends on +svdhECipher Suite available for negotiation in SSL handshake -SSLCompression on|off off svEEnable compression on the SSL level -SSLCryptoDevice engine builtin sEEnable use of a cryptographic hardware accelerator -SSLEngine on|off|optional off svESSL Engine Operation Switch -SSLFIPS on|off off sESSL FIPS mode Switch -SSLHonorCipherOrder on|off off svEOption to prefer the server's cipher preference order -SSLInsecureRenegotiation on|off off svEOption to enable support for insecure renegotiation -SSLOCSDefaultResponder urisvESet the default responder URI for OCSP validation -SSLOCSPEnable on|off off svEEnable OCSP validation of the client certificate chain -SSLOCSPOverrideResponder on|off off svEForce use of the default responder URI for OCSP validation -SSLOCSPResponderTimeout seconds 10 svETimeout for OCSP queries -SSLOCSPResponseMaxAge seconds -1 svEMaximum allowable age for OCSP responses -SSLOCSPResponseTimeSkew seconds 300 svEMaximum allowable time skew for OCSP response validation -SSLOCSPUseRequestNonce on|off on svEUse a nonce within OCSP queries -SSLOpenSSLConfCmd command-name command-valuesvEConfigure OpenSSL parameters through its SSL_CONF API -SSLOptions [+|-]option ...svdhEConfigure various SSL engine run-time options -SSLPassPhraseDialog type builtin sEType of pass phrase dialog for encrypted private +SSLCompression on|off off svEEnable compression on the SSL level +SSLCryptoDevice engine builtin sEEnable use of a cryptographic hardware accelerator +SSLEngine on|off|optional off svESSL Engine Operation Switch +SSLFIPS on|off off sESSL FIPS mode Switch +SSLHonorCipherOrder on|off off svEOption to prefer the server's cipher preference order +SSLInsecureRenegotiation on|off off svEOption to enable support for insecure renegotiation +SSLOCSDefaultResponder urisvESet the default responder URI for OCSP validation +SSLOCSPEnable on|off off svEEnable OCSP validation of the client certificate chain +SSLOCSPOverrideResponder on|off off svEForce use of the default responder URI for OCSP validation +SSLOCSPResponderTimeout seconds 10 svETimeout for OCSP queries +SSLOCSPResponseMaxAge seconds -1 svEMaximum allowable age for OCSP responses +SSLOCSPResponseTimeSkew seconds 300 svEMaximum allowable time skew for OCSP response validation +SSLOCSPUseRequestNonce on|off on svEUse a nonce within OCSP queries +SSLOpenSSLConfCmd command-name command-valuesvEConfigure OpenSSL parameters through its SSL_CONF API +SSLOptions [+|-]option ...svdhEConfigure various SSL engine run-time options +SSLPassPhraseDialog type builtin sEType of pass phrase dialog for encrypted private keys -SSLProtocol [+|-]protocol ... all svEConfigure usable SSL/TLS protocol versions -SSLProxyCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates +SSLProtocol [+|-]protocol ... all -SSLv3 (up to 2 +svEConfigure usable SSL/TLS protocol versions +SSLProxyCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates for Remote Server Auth -SSLProxyCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for +SSLProxyCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for Remote Server Auth -SSLProxyCARevocationCheck chain|leaf|none none svEEnable CRL-based revocation checking for Remote Server Auth -SSLProxyCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for +SSLProxyCARevocationCheck chain|leaf|none none svEEnable CRL-based revocation checking for Remote Server Auth +SSLProxyCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for Remote Server Auth -SSLProxyCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for +SSLProxyCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for Remote Server Auth -SSLProxyCheckPeerCN on|off on svEWhether to check the remote server certificate's CN field +SSLProxyCheckPeerCN on|off on svEWhether to check the remote server certificate's CN field -SSLProxyCheckPeerExpire on|off on svEWhether to check if remote server certificate is expired +SSLProxyCheckPeerExpire on|off on svEWhether to check if remote server certificate is expired -SSLProxyCheckPeerName on|off on svEConfigure host name checking for remote server certificates +SSLProxyCheckPeerName on|off on svEConfigure host name checking for remote server certificates -SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhECipher Suite available for negotiation in SSL +SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhECipher Suite available for negotiation in SSL proxy handshake -SSLProxyEngine on|off off svESSL Proxy Engine Operation Switch -SSLProxyMachineCertificateChainFile filenamesEFile of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate -SSLProxyMachineCertificateFile filenamesEFile of concatenated PEM-encoded client certificates and keys to be used by the proxy -SSLProxyMachineCertificatePath directorysEDirectory of PEM-encoded client certificates and keys to be used by the proxy -SSLProxyProtocol [+|-]protocol ... all svEConfigure usable SSL protocol flavors for proxy usage -SSLProxyVerify level none svEType of remote server Certificate verification -SSLProxyVerifyDepth number 1 svEMaximum depth of CA Certificates in Remote Server +SSLProxyEngine on|off off svESSL Proxy Engine Operation Switch +SSLProxyMachineCertificateChainFile filenamesEFile of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate +SSLProxyMachineCertificateFile filenamesEFile of concatenated PEM-encoded client certificates and keys to be used by the proxy +SSLProxyMachineCertificatePath directorysEDirectory of PEM-encoded client certificates and keys to be used by the proxy +SSLProxyProtocol [+|-]protocol ... all -SSLv3 (up to 2 +svEConfigure usable SSL protocol flavors for proxy usage +SSLProxyVerify level none svEType of remote server Certificate verification +SSLProxyVerifyDepth number 1 svEMaximum depth of CA Certificates in Remote Server Certificate verification -SSLRandomSeed context source -[bytes]sEPseudo Random Number Generator (PRNG) seeding +SSLRandomSeed context source +[bytes]sEPseudo Random Number Generator (PRNG) seeding source -SSLRenegBufferSize bytes 131072 dhESet the size for the SSL renegotiation buffer -SSLRequire expressiondhEAllow access only when an arbitrarily complex +SSLRenegBufferSize bytes 131072 dhESet the size for the SSL renegotiation buffer +SSLRequire expressiondhEAllow access only when an arbitrarily complex boolean expression is true -SSLRequireSSLdhEDeny access when SSL is not used for the +SSLRequireSSLdhEDeny access when SSL is not used for the HTTP request -SSLSessionCache type none sEType of the global/inter-process SSL Session +SSLSessionCache type none sEType of the global/inter-process SSL Session Cache -SSLSessionCacheTimeout seconds 300 svENumber of seconds before an SSL session expires +SSLSessionCacheTimeout seconds 300 svENumber of seconds before an SSL session expires in the Session Cache -SSLSessionTicketKeyFile file-pathsvEPersistent encryption/decryption key for TLS session tickets -SSLSessionTickets on|off on svEEnable or disable use of TLS session tickets -SSLSRPUnknownUserSeed secret-stringsvESRP unknown user seed -SSLSRPVerifierFile file-pathsvEPath to SRP verifier file -SSLStaplingCache typesEConfigures the OCSP stapling cache -SSLStaplingErrorCacheTimeout seconds 600 svENumber of seconds before expiring invalid responses in the OCSP stapling cache -SSLStaplingFakeTryLater on|off on svESynthesize "tryLater" responses for failed OCSP stapling queries -SSLStaplingForceURL urisvEOverride the OCSP responder URI specified in the certificate's AIA extension -SSLStaplingResponderTimeout seconds 10 svETimeout for OCSP stapling queries -SSLStaplingResponseMaxAge seconds -1 svEMaximum allowable age for OCSP stapling responses -SSLStaplingResponseTimeSkew seconds 300 svEMaximum allowable time skew for OCSP stapling response validation -SSLStaplingReturnResponderErrors on|off on svEPass stapling related OCSP errors on to client -SSLStaplingStandardCacheTimeout seconds 3600 svENumber of seconds before expiring responses in the OCSP stapling cache -SSLStrictSNIVHostCheck on|off off svEWhether to allow non-SNI clients to access a name-based virtual +SSLSessionTicketKeyFile file-pathsvEPersistent encryption/decryption key for TLS session tickets +SSLSessionTickets on|off on svEEnable or disable use of TLS session tickets +SSLSRPUnknownUserSeed secret-stringsvESRP unknown user seed +SSLSRPVerifierFile file-pathsvEPath to SRP verifier file +SSLStaplingCache typesEConfigures the OCSP stapling cache +SSLStaplingErrorCacheTimeout seconds 600 svENumber of seconds before expiring invalid responses in the OCSP stapling cache +SSLStaplingFakeTryLater on|off on svESynthesize "tryLater" responses for failed OCSP stapling queries +SSLStaplingForceURL urisvEOverride the OCSP responder URI specified in the certificate's AIA extension +SSLStaplingResponderTimeout seconds 10 svETimeout for OCSP stapling queries +SSLStaplingResponseMaxAge seconds -1 svEMaximum allowable age for OCSP stapling responses +SSLStaplingResponseTimeSkew seconds 300 svEMaximum allowable time skew for OCSP stapling response validation +SSLStaplingReturnResponderErrors on|off on svEPass stapling related OCSP errors on to client +SSLStaplingStandardCacheTimeout seconds 3600 svENumber of seconds before expiring responses in the OCSP stapling cache +SSLStrictSNIVHostCheck on|off off svEWhether to allow non-SNI clients to access a name-based virtual host. -SSLUserName varnamesdhEVariable name to determine user name -SSLUseStapling on|off off svEEnable stapling of OCSP responses in the TLS handshake -SSLVerifyClient level none svdhEType of Client Certificate verification -SSLVerifyDepth number 1 svdhEMaximum depth of CA Certificates in Client +SSLUserName varnamesdhEVariable name to determine user name +SSLUseStapling on|off off svEEnable stapling of OCSP responses in the TLS handshake +SSLVerifyClient level none svdhEType of Client Certificate verification +SSLVerifyDepth number 1 svdhEMaximum depth of CA Certificates in Client Certificate verification -StartServers numbersMNumber of child server processes created at startup -StartThreads numbersMNumber of threads created on startup -Substitute s/pattern/substitution/[infq]dhEPattern to filter the response content +StartServers numbersMNumber of child server processes created at startup +StartThreads numbersMNumber of threads created on startup +Substitute s/pattern/substitution/[infq]dhEPattern to filter the response content +SubstituteInheritBefore on|off off dhEChange the merge order of inherited patterns SubstituteMaxLineLength bytes(b|B|k|K|m|M|g|G) 1m dhESet the maximum line size Suexec On|OffsBEnable or disable the suEXEC feature SuexecUserGroup User GroupsvEUser and group for CGI programs to run as diff --git a/docs/manual/mod/quickreference.html.es b/docs/manual/mod/quickreference.html.es index 83b12b1a..e2b41e56 100644 --- a/docs/manual/mod/quickreference.html.es +++ b/docs/manual/mod/quickreference.html.es @@ -474,116 +474,127 @@ media type in the HTTP Content-Type header field will exit. Group unix-group #-1 sBGroup under which the server will answer requests -Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note +H2Direct on|off on (for non TLS) svEH2 Direct Protocol Switch +H2MaxSessionStreams n 100 svEMaximum number of active streams per HTTP/2 session. +H2MaxWorkerIdleSeconds n 600 sEMaximum number of seconds h2 workers remain idle until shut down. +H2MaxWorkers nsEMaximum number of worker threads to use per child process. +H2MinWorkers nsEMinimal number of worker threads to use per child process. +H2SerializeHeaders on|off off svESerialize Request/Resoonse Processing Switch +H2SessionExtraFiles n 5 svENumber of Extra File Handles +H2StreamMaxMemSize bytes 65536 svEMaximum amount of output data buffered per stream. +H2WindowSize bytes 65536 svESize of Stream Window for upstream data. +Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] -svdhEConfigure HTTP response headers -HeaderName filenamesvdhBName of the file that will be inserted at the top +svdhEConfigure HTTP response headers +HeaderName filenamesvdhBName of the file that will be inserted at the top of the index listing -HeartbeatAddress addr:portsXMulticast address for heartbeat packets -HeartbeatListenaddr:portsXmulticast address to listen for incoming heartbeat requests -HeartbeatMaxServers number-of-servers 10 sXSpecifies the maximum number of servers that will be sending +HeartbeatAddress addr:portsXMulticast address for heartbeat packets +HeartbeatListenaddr:portsXmulticast address to listen for incoming heartbeat requests +HeartbeatMaxServers number-of-servers 10 sXSpecifies the maximum number of servers that will be sending heartbeat requests to this server -HeartbeatStorage file-path logs/hb.dat sXPath to store heartbeat data -HeartbeatStorage file-path logs/hb.dat sXPath to read heartbeat data -HostnameLookups On|Off|Double Off svdCEnables DNS lookups on client IP addresses -IdentityCheck On|Off Off svdEEnables logging of the RFC 1413 identity of the remote +HeartbeatStorage file-path logs/hb.dat sXPath to store heartbeat data +HeartbeatStorage file-path logs/hb.dat sXPath to read heartbeat data +HostnameLookups On|Off|Double Off svdCEnables DNS lookups on client IP addresses +IdentityCheck On|Off Off svdEEnables logging of the RFC 1413 identity of the remote user -IdentityCheckTimeout seconds 30 svdEDetermines the timeout duration for ident requests -<If expression> ... </If>svdhCContains directives that apply only if a condition is +IdentityCheckTimeout seconds 30 svdEDetermines the timeout duration for ident requests +<If expression> ... </If>svdhCContains directives that apply only if a condition is satisfied by a request at runtime -<IfDefine [!]parameter-name> ... - </IfDefine>svdhCEncloses directives that will be processed only +<IfDefine [!]parameter-name> ... + </IfDefine>svdhCEncloses directives that will be processed only if a test is true at startup -<IfModule [!]module-file|module-identifier> ... - </IfModule>svdhCEncloses directives that are processed conditional on the +<IfModule [!]module-file|module-identifier> ... + </IfModule>svdhCEncloses directives that are processed conditional on the presence or absence of a specific module -<IfVersion [[!]operator] version> ... -</IfVersion>svdhEcontains version dependent configuration -ImapBase map|referer|URL http://servername/ svdhBDefault base for imagemap files -ImapDefault error|nocontent|map|referer|URL nocontent svdhBDefault action when an imagemap is called with coordinates +<IfVersion [[!]operator] version> ... +</IfVersion>svdhEcontains version dependent configuration +ImapBase map|referer|URL http://servername/ svdhBDefault base for imagemap files +ImapDefault error|nocontent|map|referer|URL nocontent svdhBDefault action when an imagemap is called with coordinates that are not explicitly mapped -ImapMenu none|formatted|semiformatted|unformatted formatted svdhBAction if no coordinates are given when calling +ImapMenu none|formatted|semiformatted|unformatted formatted svdhBAction if no coordinates are given when calling an imagemap -Include [optional|strict] file-path|directory-path|wildcardsvdCIncludes other configuration files from within +Include [optional|strict] file-path|directory-path|wildcardsvdCIncludes other configuration files from within the server configuration files -IncludeOptional file-path|directory-path|wildcardsvdCIncludes other configuration files from within +IncludeOptional file-path|directory-path|wildcardsvdCIncludes other configuration files from within the server configuration files -IndexHeadInsert "markup ..."svdhBInserts text in the HEAD section of an index page. -IndexIgnore file [file] ... "." svdhBAdds to the list of files to hide when listing +IndexHeadInsert "markup ..."svdhBInserts text in the HEAD section of an index page. +IndexIgnore file [file] ... "." svdhBAdds to the list of files to hide when listing a directory -IndexIgnoreReset ON|OFFsvdhBEmpties the list of files to hide when listing +IndexIgnoreReset ON|OFFsvdhBEmpties the list of files to hide when listing a directory -IndexOptions [+|-]option [[+|-]option] -...svdhBVarious configuration settings for directory +IndexOptions [+|-]option [[+|-]option] +...svdhBVarious configuration settings for directory indexing -IndexOrderDefault Ascending|Descending -Name|Date|Size|Description Ascending Name svdhBSets the default ordering of the directory index -IndexStyleSheet url-pathsvdhBAdds a CSS stylesheet to the directory index -InputSed sed-commanddhXSed command to filter request data (typically POST data) -ISAPIAppendLogToErrors on|off off svdhBRecord HSE_APPEND_LOG_PARAMETER requests from +IndexOrderDefault Ascending|Descending +Name|Date|Size|Description Ascending Name svdhBSets the default ordering of the directory index +IndexStyleSheet url-pathsvdhBAdds a CSS stylesheet to the directory index +InputSed sed-commanddhXSed command to filter request data (typically POST data) +ISAPIAppendLogToErrors on|off off svdhBRecord HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the error log -ISAPIAppendLogToQuery on|off on svdhBRecord HSE_APPEND_LOG_PARAMETER requests from +ISAPIAppendLogToQuery on|off on svdhBRecord HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the query field -ISAPICacheFile file-path [file-path] -...svBISAPI .dll files to be loaded at startup -ISAPIFakeAsync on|off off svdhBFake asynchronous support for ISAPI callbacks -ISAPILogNotSupported on|off off svdhBLog unsupported feature requests from ISAPI +ISAPICacheFile file-path [file-path] +...svBISAPI .dll files to be loaded at startup +ISAPIFakeAsync on|off off svdhBFake asynchronous support for ISAPI callbacks +ISAPILogNotSupported on|off off svdhBLog unsupported feature requests from ISAPI extensions -ISAPIReadAheadBuffer size 49152 svdhBSize of the Read Ahead Buffer sent to ISAPI +ISAPIReadAheadBuffer size 49152 svdhBSize of the Read Ahead Buffer sent to ISAPI extensions -KeepAlive On|Off On svCEnables HTTP persistent connections -KeepAliveTimeout num[ms] 5 svCAmount of time the server will wait for subsequent +KeepAlive On|Off On svCEnables HTTP persistent connections +KeepAliveTimeout num[ms] 5 svCAmount of time the server will wait for subsequent requests on a persistent connection -KeptBodySize maximum size in bytes 0 dBKeep the request body instead of discarding it up to +KeptBodySize maximum size in bytes 0 dBKeep the request body instead of discarding it up to the specified maximum size, for potential use by filters such as mod_include. -LanguagePriority MIME-lang [MIME-lang] -...svdhBThe precendence of language variants for cases where +LanguagePriority MIME-lang [MIME-lang] +...svdhBThe precendence of language variants for cases where the client does not express a preference -LDAPCacheEntries number 1024 sEMaximum number of entries in the primary LDAP cache -LDAPCacheTTL seconds 600 sETime that cached items remain valid -LDAPConnectionPoolTTL n -1 svEDiscard backend connections that have been sitting in the connection pool too long -LDAPConnectionTimeout secondssESpecifies the socket connection timeout in seconds -LDAPLibraryDebug 7sEEnable debugging in the LDAP SDK -LDAPOpCacheEntries number 1024 sENumber of entries used to cache LDAP compare +LDAPCacheEntries number 1024 sEMaximum number of entries in the primary LDAP cache +LDAPCacheTTL seconds 600 sETime that cached items remain valid +LDAPConnectionPoolTTL n -1 svEDiscard backend connections that have been sitting in the connection pool too long +LDAPConnectionTimeout secondssESpecifies the socket connection timeout in seconds +LDAPLibraryDebug 7sEEnable debugging in the LDAP SDK +LDAPOpCacheEntries number 1024 sENumber of entries used to cache LDAP compare operations -LDAPOpCacheTTL seconds 600 sETime that entries in the operation cache remain +LDAPOpCacheTTL seconds 600 sETime that entries in the operation cache remain valid -LDAPReferralHopLimit numberdhEThe maximum number of referral hops to chase before terminating an LDAP query. -LDAPReferrals On|Off|default On dhEEnable referral chasing during queries to the LDAP server. -LDAPRetries number-of-retries 3 sEConfigures the number of LDAP server retries. -LDAPRetryDelay seconds 0 sEConfigures the delay between LDAP server retries. -LDAPSharedCacheFile directory-path/filenamesESets the shared memory cache file -LDAPSharedCacheSize bytes 500000 sESize in bytes of the shared-memory cache -LDAPTimeout seconds 60 sESpecifies the timeout for LDAP search and bind operations, in seconds -LDAPTrustedClientCert type directory-path/filename/nickname [password]dhESets the file containing or nickname referring to a per +LDAPReferralHopLimit numberdhEThe maximum number of referral hops to chase before terminating an LDAP query. +LDAPReferrals On|Off|default On dhEEnable referral chasing during queries to the LDAP server. +LDAPRetries number-of-retries 3 sEConfigures the number of LDAP server retries. +LDAPRetryDelay seconds 0 sEConfigures the delay between LDAP server retries. +LDAPSharedCacheFile directory-path/filenamesESets the shared memory cache file +LDAPSharedCacheSize bytes 500000 sESize in bytes of the shared-memory cache +LDAPTimeout seconds 60 sESpecifies the timeout for LDAP search and bind operations, in seconds +LDAPTrustedClientCert type directory-path/filename/nickname [password]dhESets the file containing or nickname referring to a per connection client certificate. Not all LDAP toolkits support per connection client certificates. -LDAPTrustedGlobalCert type directory-path/filename [password]sESets the file or database containing global trusted +LDAPTrustedGlobalCert type directory-path/filename [password]sESets the file or database containing global trusted Certificate Authority or global client certificates -LDAPTrustedMode typesvESpecifies the SSL/TLS mode to be used when connecting to an LDAP server. -LDAPVerifyServerCert On|Off On sEForce server certificate verification -<Limit method [method] ... > ... - </Limit>dhCRestrict enclosed access controls to only certain HTTP +LDAPTrustedMode typesvESpecifies the SSL/TLS mode to be used when connecting to an LDAP server. +LDAPVerifyServerCert On|Off On sEForce server certificate verification +<Limit method [method] ... > ... + </Limit>dhCRestrict enclosed access controls to only certain HTTP methods -<LimitExcept method [method] ... > ... - </LimitExcept>dhCRestrict access controls to all HTTP methods +<LimitExcept method [method] ... > ... + </LimitExcept>dhCRestrict access controls to all HTTP methods except the named ones -LimitInternalRecursion number [number] 10 svCDetermine maximum number of internal redirects and nested +LimitInternalRecursion number [number] 10 svCDetermine maximum number of internal redirects and nested subrequests -LimitRequestBody bytes 0 svdhCRestricts the total size of the HTTP request body sent +LimitRequestBody bytes 0 svdhCRestricts the total size of the HTTP request body sent from the client -LimitRequestFields number 100 svCLimits the number of HTTP request header fields that +LimitRequestFields number 100 svCLimits the number of HTTP request header fields that will be accepted from the client -LimitRequestFieldSize bytes 8190 svCLimits the size of the HTTP request header allowed from the +LimitRequestFieldSize bytes 8190 svCLimits the size of the HTTP request header allowed from the client -LimitRequestLine bytes 8190 svCLimit the size of the HTTP request line that will be accepted +LimitRequestLine bytes 8190 svCLimit the size of the HTTP request line that will be accepted from the client -LimitXMLRequestBody bytes 1000000 svdhCLimits the size of an XML-based request body -Listen [IP-address:]portnumber [protocol]sMIP addresses and ports that the server +LimitXMLRequestBody bytes 1000000 svdhCLimits the size of an XML-based request body +Listen [IP-address:]portnumber [protocol]sMIP addresses and ports that the server listens to -ListenBacklog backlogsMMaximum length of the queue of pending connections +ListenBacklog backlogsMMaximum length of the queue of pending connections +ListenCoresBucketsRatio ratio 0 (disabled) sMRatio between the number of CPU cores (online) and the number of +listeners' buckets LoadFile filename [filename] ...svELink in the named object file or library LoadModule module filenamesvELinks in the object file or library, and adds to the list of active modules @@ -646,380 +657,384 @@ simultaneously MaxSpareServers number 10 sMMaximum number of idle child server processes MaxSpareThreads numbersMMaximum number of idle threads MaxThreads number 2048 sMSet the maximum number of worker threads -MergeTrailers [on|off] off svCDetermines whether trailers are merged into headers -MetaDir directory .web svdhEName of the directory to find CERN-style meta information +MemcacheConnTTL num[units] 15s svEKeepalive time for idle connections +MergeTrailers [on|off] off svCDetermines whether trailers are merged into headers +MetaDir directory .web svdhEName of the directory to find CERN-style meta information files -MetaFiles on|off off svdhEActivates CERN meta-file processing -MetaSuffix suffix .meta svdhEFile name suffix for the file containing CERN-style +MetaFiles on|off off svdhEActivates CERN meta-file processing +MetaSuffix suffix .meta svdhEFile name suffix for the file containing CERN-style meta information -MimeMagicFile file-pathsvEEnable MIME-type determination based on file contents +MimeMagicFile file-pathsvEEnable MIME-type determination based on file contents using the specified magic file -MinSpareServers number 5 sMMinimum number of idle child server processes -MinSpareThreads numbersMMinimum number of idle threads available to handle request +MinSpareServers number 5 sMMinimum number of idle child server processes +MinSpareThreads numbersMMinimum number of idle threads available to handle request spikes -MMapFile file-path [file-path] ...sXMap a list of files into memory at startup time -ModemStandard V.21|V.26bis|V.32|V.92dXModem standard to simulate -ModMimeUsePathInfo On|Off Off dBTells mod_mime to treat path_info +MMapFile file-path [file-path] ...sXMap a list of files into memory at startup time +ModemStandard V.21|V.26bis|V.32|V.92dXModem standard to simulate +ModMimeUsePathInfo On|Off Off dBTells mod_mime to treat path_info components as part of the filename -MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers -[Handlers|Filters] NegotiatedOnly svdhBThe types of files that will be included when searching for +MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers +[Handlers|Filters] NegotiatedOnly svdhBThe types of files that will be included when searching for a matching file with MultiViews -Mutex mechanism [default|mutex-name] ... [OmitPID] default sCConfigures mutex mechanism and lock file directory for all +Mutex mechanism [default|mutex-name] ... [OmitPID] default sCConfigures mutex mechanism and lock file directory for all or specified mutexes -NameVirtualHost addr[:port]sCDesignates an IP address for name-virtual +NameVirtualHost addr[:port]sCDesignates an IP address for name-virtual hosting -NoProxy host [host] ...svEHosts, domains, or networks that will be connected to +NoProxy host [host] ...svEHosts, domains, or networks that will be connected to directly -NWSSLTrustedCerts filename [filename] ...sBList of additional client certificates -NWSSLUpgradeable [IP-address:]portnumbersBAllows a connection to be upgraded to an SSL connection upon request -Options - [+|-]option [[+|-]option] ... All svdhCConfigures what features are available in a particular +NWSSLTrustedCerts filename [filename] ...sBList of additional client certificates +NWSSLUpgradeable [IP-address:]portnumbersBAllows a connection to be upgraded to an SSL connection upon request +Options + [+|-]option [[+|-]option] ... All svdhCConfigures what features are available in a particular directory - Order ordering Deny,Allow dhEControls the default access state and the order in which + Order ordering Deny,Allow dhEControls the default access state and the order in which Allow and Deny are evaluated. -OutputSed sed-commanddhXSed command for filtering response content -PassEnv env-variable [env-variable] -...svdhBPasses environment variables from the shell -PidFile filename logs/httpd.pid sMFile where the server records the process ID +OutputSed sed-commanddhXSed command for filtering response content +PassEnv env-variable [env-variable] +...svdhBPasses environment variables from the shell +PidFile filename logs/httpd.pid sMFile where the server records the process ID of the daemon -PrivilegesMode FAST|SECURE|SELECTIVE FAST svdXTrade off processing speed and efficiency vs security against +PrivilegesMode FAST|SECURE|SELECTIVE FAST svdXTrade off processing speed and efficiency vs security against malicious privileges-aware code. -Protocol protocolsvCProtocol for a listening socket -ProtocolEcho On|Off Off svXTurn the echo server on or off -<Proxy wildcard-url> ...</Proxy>svEContainer for directives applied to proxied resources -ProxyAddHeaders Off|On On svdEAdd proxy information in X-Forwarded-* headers -ProxyBadHeader IsError|Ignore|StartBody IsError svEDetermines how to handle bad header lines in a +Protocol protocolsvCProtocol for a listening socket +ProtocolEcho On|Off Off svXTurn the echo server on or off +Protocols protocol ... http/1.1 svCProtocols available for a server/virtual host +ProtocolsHonorOrder On|Off On svCDetermines if order of Protocols determines precedence during negotiation +<Proxy wildcard-url> ...</Proxy>svEContainer for directives applied to proxied resources +ProxyAddHeaders Off|On On svdEAdd proxy information in X-Forwarded-* headers +ProxyBadHeader IsError|Ignore|StartBody IsError svEDetermines how to handle bad header lines in a response -ProxyBlock *|word|host|domain -[word|host|domain] ...svEWords, hosts, or domains that are banned from being +ProxyBlock *|word|host|domain +[word|host|domain] ...svEWords, hosts, or domains that are banned from being proxied -ProxyDomain DomainsvEDefault domain name for proxied requests -ProxyErrorOverride On|Off Off svdEOverride error pages for proxied content -ProxyExpressDBMFile <pathname>svEPathname to DBM file. -ProxyExpressDBMFile <type>svEDBM type of file. -ProxyExpressEnable [on|off]svEEnable the module functionality. -ProxyFtpDirCharset character set ISO-8859-1 svdEDefine the character set for proxied FTP listings -ProxyFtpEscapeWildcards [on|off]svdEWhether wildcards in requested filenames are escaped when sent to the FTP server -ProxyFtpListOnWildcard [on|off]svdEWhether wildcards in requested filenames trigger a file listing -ProxyHTMLBufSize bytessvdBSets the buffer size increment for buffering inline scripts and +ProxyDomain DomainsvEDefault domain name for proxied requests +ProxyErrorOverride On|Off Off svdEOverride error pages for proxied content +ProxyExpressDBMFile <pathname>svEPathname to DBM file. +ProxyExpressDBMFile <type>svEDBM type of file. +ProxyExpressEnable [on|off]svEEnable the module functionality. +ProxyFtpDirCharset character set ISO-8859-1 svdEDefine the character set for proxied FTP listings +ProxyFtpEscapeWildcards [on|off]svdEWhether wildcards in requested filenames are escaped when sent to the FTP server +ProxyFtpListOnWildcard [on|off]svdEWhether wildcards in requested filenames trigger a file listing +ProxyHTMLBufSize bytessvdBSets the buffer size increment for buffering inline scripts and stylesheets. -ProxyHTMLCharsetOut Charset | *svdBSpecify a charset for mod_proxy_html output. -ProxyHTMLDocType HTML|XHTML [Legacy]
    OR -
    ProxyHTMLDocType fpi [SGML|XML]    svdBSets an HTML or XHTML document type declaration. -ProxyHTMLEnable On|Off Off svdBTurns the proxy_html filter on or off. -ProxyHTMLEvents attribute [attribute ...]svdBSpecify attributes to treat as scripting events. -ProxyHTMLExtended On|Off Off svdBDetermines whether to fix links in inline scripts, stylesheets, +ProxyHTMLCharsetOut Charset | *svdBSpecify a charset for mod_proxy_html output. +ProxyHTMLDocType HTML|XHTML [Legacy]
    OR +
    ProxyHTMLDocType fpi [SGML|XML]    svdBSets an HTML or XHTML document type declaration. +ProxyHTMLEnable On|Off Off svdBTurns the proxy_html filter on or off. +ProxyHTMLEvents attribute [attribute ...]svdBSpecify attributes to treat as scripting events. +ProxyHTMLExtended On|Off Off svdBDetermines whether to fix links in inline scripts, stylesheets, and scripting events. -ProxyHTMLFixups [lowercase] [dospath] [reset]svdBFixes for simple HTML errors. -ProxyHTMLInterp On|Off Off svdBEnables per-request interpolation of +ProxyHTMLFixups [lowercase] [dospath] [reset]svdBFixes for simple HTML errors. +ProxyHTMLInterp On|Off Off svdBEnables per-request interpolation of ProxyHTMLURLMap rules. -ProxyHTMLLinks element attribute [attribute2 ...]svdBSpecify HTML elements that have URL attributes to be rewritten. -ProxyHTMLMeta On|Off Off svdBTurns on or off extra pre-parsing of metadata in HTML +ProxyHTMLLinks element attribute [attribute2 ...]svdBSpecify HTML elements that have URL attributes to be rewritten. +ProxyHTMLMeta On|Off Off svdBTurns on or off extra pre-parsing of metadata in HTML <head> sections. -ProxyHTMLStripComments On|Off Off svdBDetermines whether to strip HTML comments. -ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]svdBDefines a rule to rewrite HTML links -ProxyIOBufferSize bytes 8192 svEDetermine size of internal data throughput buffer -<ProxyMatch regex> ...</ProxyMatch>svEContainer for directives applied to regular-expression-matched +ProxyHTMLStripComments On|Off Off svdBDetermines whether to strip HTML comments. +ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]svdBDefines a rule to rewrite HTML links +ProxyIOBufferSize bytes 8192 svEDetermine size of internal data throughput buffer +<ProxyMatch regex> ...</ProxyMatch>svEContainer for directives applied to regular-expression-matched proxied resources -ProxyMaxForwards number -1 svEMaximium number of proxies that a request can be forwarded +ProxyMaxForwards number -1 svEMaximium number of proxies that a request can be forwarded through -ProxyPass [path] !|url [key=value - [key=value ...]] [nocanon] [interpolate] [noquery]svdEMaps remote servers into the local server URL-space -ProxyPassInherit On|Off On svEInherit ProxyPass directives defined from the main server -ProxyPassInterpolateEnv On|Off Off svdEEnable Environment Variable interpolation in Reverse Proxy configurations -ProxyPassMatch [regex] !|url [key=value - [key=value ...]]svdEMaps remote servers into the local server URL-space using regular expressions -ProxyPassReverse [path] url -[interpolate]svdEAdjusts the URL in HTTP response headers sent from a reverse +ProxyPass [path] !|url [key=value + [key=value ...]] [nocanon] [interpolate] [noquery]svdEMaps remote servers into the local server URL-space +ProxyPassInherit On|Off On svEInherit ProxyPass directives defined from the main server +ProxyPassInterpolateEnv On|Off Off svdEEnable Environment Variable interpolation in Reverse Proxy configurations +ProxyPassMatch [regex] !|url [key=value + [key=value ...]]svdEMaps remote servers into the local server URL-space using regular expressions +ProxyPassReverse [path] url +[interpolate]svdEAdjusts the URL in HTTP response headers sent from a reverse proxied server -ProxyPassReverseCookieDomain internal-domain -public-domain [interpolate]svdEAdjusts the Domain string in Set-Cookie headers from a reverse- +ProxyPassReverseCookieDomain internal-domain +public-domain [interpolate]svdEAdjusts the Domain string in Set-Cookie headers from a reverse- proxied server -ProxyPassReverseCookiePath internal-path -public-path [interpolate]svdEAdjusts the Path string in Set-Cookie headers from a reverse- +ProxyPassReverseCookiePath internal-path +public-path [interpolate]svdEAdjusts the Path string in Set-Cookie headers from a reverse- proxied server -ProxyPreserveHost On|Off Off svdEUse incoming Host HTTP request header for proxy +ProxyPreserveHost On|Off Off svdEUse incoming Host HTTP request header for proxy request -ProxyReceiveBufferSize bytes 0 svENetwork buffer size for proxied HTTP and FTP +ProxyReceiveBufferSize bytes 0 svENetwork buffer size for proxied HTTP and FTP connections -ProxyRemote match remote-serversvERemote proxy used to handle certain requests -ProxyRemoteMatch regex remote-serversvERemote proxy used to handle requests matched by regular +ProxyRemote match remote-serversvERemote proxy used to handle certain requests +ProxyRemoteMatch regex remote-serversvERemote proxy used to handle requests matched by regular expressions -ProxyRequests On|Off Off svEEnables forward (standard) proxy requests -ProxySCGIInternalRedirect On|Off|Headername On svdEEnable or disable internal redirect responses from the +ProxyRequests On|Off Off svEEnables forward (standard) proxy requests +ProxySCGIInternalRedirect On|Off|Headername On svdEEnable or disable internal redirect responses from the backend -ProxySCGISendfile On|Off|Headername Off svdEEnable evaluation of X-Sendfile pseudo response +ProxySCGISendfile On|Off|Headername Off svdEEnable evaluation of X-Sendfile pseudo response header -ProxySet url key=value [key=value ...]dESet various Proxy balancer or member parameters -ProxySourceAddress addresssvESet local IP address for outgoing proxy connections -ProxyStatus Off|On|Full Off svEShow Proxy LoadBalancer status in mod_status -ProxyTimeout secondssvENetwork timeout for proxied requests -ProxyVia On|Off|Full|Block Off svEInformation provided in the Via HTTP response +ProxySet url key=value [key=value ...]dESet various Proxy balancer or member parameters +ProxySourceAddress addresssvESet local IP address for outgoing proxy connections +ProxyStatus Off|On|Full Off svEShow Proxy LoadBalancer status in mod_status +ProxyTimeout secondssvENetwork timeout for proxied requests +ProxyVia On|Off|Full|Block Off svEInformation provided in the Via HTTP response header for proxied requests -ReadmeName filenamesvdhBName of the file that will be inserted at the end +ReadmeName filenamesvdhBName of the file that will be inserted at the end of the index listing -ReceiveBufferSize bytes 0 sMTCP receive buffer size -Redirect [status] URL-path -URLsvdhBSends an external redirect asking the client to fetch +ReceiveBufferSize bytes 0 sMTCP receive buffer size +Redirect [status] URL-path +URLsvdhBSends an external redirect asking the client to fetch a different URL -RedirectMatch [status] regex -URLsvdhBSends an external redirect based on a regular expression match +RedirectMatch [status] regex +URLsvdhBSends an external redirect based on a regular expression match of the current URL -RedirectPermanent URL-path URLsvdhBSends an external permanent redirect asking the client to fetch +RedirectPermanent URL-path URLsvdhBSends an external permanent redirect asking the client to fetch a different URL -RedirectTemp URL-path URLsvdhBSends an external temporary redirect asking the client to fetch +RedirectTemp URL-path URLsvdhBSends an external temporary redirect asking the client to fetch a different URL -ReflectorHeader inputheader [outputheader]svdhBReflect an input header to the output headers -RemoteIPHeader header-fieldsvBDeclare the header field which should be parsed for useragent IP addresses -RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...svBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value -RemoteIPInternalProxyList filenamesvBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value -RemoteIPProxiesHeader HeaderFieldNamesvBDeclare the header field which will record all intermediate IP addresses -RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...svBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value -RemoteIPTrustedProxyList filenamesvBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value -RemoveCharset extension [extension] -...vdhBRemoves any character set associations for a set of file +ReflectorHeader inputheader [outputheader]svdhBReflect an input header to the output headers +RemoteIPHeader header-fieldsvBDeclare the header field which should be parsed for useragent IP addresses +RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...svBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value +RemoteIPInternalProxyList filenamesvBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value +RemoteIPProxiesHeader HeaderFieldNamesvBDeclare the header field which will record all intermediate IP addresses +RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...svBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value +RemoteIPTrustedProxyList filenamesvBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value +RemoveCharset extension [extension] +...vdhBRemoves any character set associations for a set of file extensions -RemoveEncoding extension [extension] -...vdhBRemoves any content encoding associations for a set of file +RemoveEncoding extension [extension] +...vdhBRemoves any content encoding associations for a set of file extensions -RemoveHandler extension [extension] -...vdhBRemoves any handler associations for a set of file +RemoveHandler extension [extension] +...vdhBRemoves any handler associations for a set of file extensions -RemoveInputFilter extension [extension] -...vdhBRemoves any input filter associations for a set of file +RemoveInputFilter extension [extension] +...vdhBRemoves any input filter associations for a set of file extensions -RemoveLanguage extension [extension] -...vdhBRemoves any language associations for a set of file +RemoveLanguage extension [extension] +...vdhBRemoves any language associations for a set of file extensions -RemoveOutputFilter extension [extension] -...vdhBRemoves any output filter associations for a set of file +RemoveOutputFilter extension [extension] +...vdhBRemoves any output filter associations for a set of file extensions -RemoveType extension [extension] -...vdhBRemoves any content type associations for a set of file +RemoveType extension [extension] +...vdhBRemoves any content type associations for a set of file extensions -RequestHeader add|append|edit|edit*|merge|set|setifempty|unset +RequestHeader add|append|edit|edit*|merge|set|setifempty|unset header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] -svdhEConfigure HTTP request headers -RequestReadTimeout +svdhEConfigure HTTP request headers +RequestReadTimeout [header=timeout[-maxtimeout][,MinRate=rate] [body=timeout[-maxtimeout][,MinRate=rate] -svESet timeout values for receiving request headers and body from client. +svESet timeout values for receiving request headers and body from client. -Require [not] entity-name - [entity-name] ...dhBTests whether an authenticated user is authorized by +Require [not] entity-name + [entity-name] ...dhBTests whether an authenticated user is authorized by an authorization provider. -<RequireAll> ... </RequireAll>dhBEnclose a group of authorization directives of which none +<RequireAll> ... </RequireAll>dhBEnclose a group of authorization directives of which none must fail and at least one must succeed for the enclosing directive to succeed. -<RequireAny> ... </RequireAny>dhBEnclose a group of authorization directives of which one +<RequireAny> ... </RequireAny>dhBEnclose a group of authorization directives of which one must succeed for the enclosing directive to succeed. -<RequireNone> ... </RequireNone>dhBEnclose a group of authorization directives of which none +<RequireNone> ... </RequireNone>dhBEnclose a group of authorization directives of which none must succeed for the enclosing directive to not fail. -RewriteBase URL-pathdhESets the base URL for per-directory rewrites - RewriteCond - TestString CondPatternsvdhEDefines a condition under which rewriting will take place +RewriteBase URL-pathdhESets the base URL for per-directory rewrites + RewriteCond + TestString CondPatternsvdhEDefines a condition under which rewriting will take place -RewriteEngine on|off off svdhEEnables or disables runtime rewriting engine -RewriteMap MapName MapType:MapSource -svEDefines a mapping function for key-lookup -RewriteOptions OptionssvdhESets some special options for the rewrite engine -RewriteRule - Pattern Substitution [flags]svdhEDefines rules for the rewriting engine -RLimitCPU seconds|max [seconds|max]svdhCLimits the CPU consumption of processes launched +RewriteEngine on|off off svdhEEnables or disables runtime rewriting engine +RewriteMap MapName MapType:MapSource +svEDefines a mapping function for key-lookup +RewriteOptions OptionssvdhESets some special options for the rewrite engine +RewriteRule + Pattern Substitution [flags]svdhEDefines rules for the rewriting engine +RLimitCPU seconds|max [seconds|max]svdhCLimits the CPU consumption of processes launched by Apache httpd children -RLimitMEM bytes|max [bytes|max]svdhCLimits the memory consumption of processes launched +RLimitMEM bytes|max [bytes|max]svdhCLimits the memory consumption of processes launched by Apache httpd children -RLimitNPROC number|max [number|max]svdhCLimits the number of processes that can be launched by +RLimitNPROC number|max [number|max]svdhCLimits the number of processes that can be launched by processes launched by Apache httpd children -Satisfy Any|All All dhEInteraction between host-level access control and +Satisfy Any|All All dhEInteraction between host-level access control and user authentication -ScoreBoardFile file-path logs/apache_runtime +sMLocation of the file used to store coordination data for +ScoreBoardFile file-path logs/apache_runtime +sMLocation of the file used to store coordination data for the child processes -Script method cgi-scriptsvdBActivates a CGI script for a particular request +Script method cgi-scriptsvdBActivates a CGI script for a particular request method. -ScriptAlias URL-path -file-path|directory-pathsvBMaps a URL to a filesystem location and designates the +ScriptAlias URL-path +file-path|directory-pathsvBMaps a URL to a filesystem location and designates the target as a CGI script -ScriptAliasMatch regex -file-path|directory-pathsvBMaps a URL to a filesystem location using a regular expression +ScriptAliasMatch regex +file-path|directory-pathsvBMaps a URL to a filesystem location using a regular expression and designates the target as a CGI script -ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhCTechnique for locating the interpreter for CGI +ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhCTechnique for locating the interpreter for CGI scripts -ScriptLog file-pathsvBLocation of the CGI script error logfile -ScriptLogBuffer bytes 1024 svBMaximum amount of PUT or POST requests that will be recorded +ScriptLog file-pathsvBLocation of the CGI script error logfile +ScriptLogBuffer bytes 1024 svBMaximum amount of PUT or POST requests that will be recorded in the scriptlog -ScriptLogLength bytes 10385760 svBSize limit of the CGI script logfile -ScriptSock file-path cgisock sBThe filename prefix of the socket to use for communication with +ScriptLogLength bytes 10385760 svBSize limit of the CGI script logfile +ScriptSock file-path cgisock sBThe filename prefix of the socket to use for communication with the cgi daemon -SecureListen [IP-address:]portnumber -Certificate-Name [MUTUAL]sBEnables SSL encryption for the specified port -SeeRequestTail On|Off Off sCDetermine if mod_status displays the first 63 characters +SecureListen [IP-address:]portnumber +Certificate-Name [MUTUAL]sBEnables SSL encryption for the specified port +SeeRequestTail On|Off Off sCDetermine if mod_status displays the first 63 characters of a request or the last 63, assuming the request itself is greater than 63 chars. -SendBufferSize bytes 0 sMTCP buffer size -ServerAdmin email-address|URLsvCEmail address that the server includes in error +SendBufferSize bytes 0 sMTCP buffer size +ServerAdmin email-address|URLsvCEmail address that the server includes in error messages sent to the client -ServerAlias hostname [hostname] ...vCAlternate names for a host used when matching requests +ServerAlias hostname [hostname] ...vCAlternate names for a host used when matching requests to name-virtual hosts -ServerLimit numbersMUpper limit on configurable number of processes -ServerName [scheme://]fully-qualified-domain-name[:port]svCHostname and port that the server uses to identify +ServerLimit numbersMUpper limit on configurable number of processes +ServerName [scheme://]fully-qualified-domain-name[:port]svCHostname and port that the server uses to identify itself -ServerPath URL-pathvCLegacy URL pathname for a name-based virtual host that +ServerPath URL-pathvCLegacy URL pathname for a name-based virtual host that is accessed by an incompatible browser -ServerRoot directory-path /usr/local/apache sCBase directory for the server installation -ServerSignature On|Off|EMail Off svdhCConfigures the footer on server-generated documents -ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sCConfigures the Server HTTP response +ServerRoot directory-path /usr/local/apache sCBase directory for the server installation +ServerSignature On|Off|EMail Off svdhCConfigures the footer on server-generated documents +ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sCConfigures the Server HTTP response header -Session On|Off Off svdhEEnables a session for the current directory or location -SessionCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session -SessionCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session -SessionCookieRemove On|Off Off svdhEControl for whether session cookies should be removed from incoming HTTP headers -SessionCryptoCipher namesvdhXThe crypto cipher to be used to encrypt the session -SessionCryptoDriver name [param[=value]]sXThe crypto driver to be used to encrypt the session -SessionCryptoPassphrase secret [ secret ... ] svdhXThe key used to encrypt the session -SessionCryptoPassphraseFile filenamesvdXFile containing keys used to encrypt the session -SessionDBDCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session ID -SessionDBDCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session ID -SessionDBDCookieRemove On|Off On svdhEControl for whether session ID cookies should be removed from incoming HTTP headers -SessionDBDDeleteLabel label deletesession svdhEThe SQL query to use to remove sessions from the database -SessionDBDInsertLabel label insertsession svdhEThe SQL query to use to insert sessions into the database -SessionDBDPerUser On|Off Off svdhEEnable a per user session -SessionDBDSelectLabel label selectsession svdhEThe SQL query to use to select sessions from the database -SessionDBDUpdateLabel label updatesession svdhEThe SQL query to use to update existing sessions in the database -SessionEnv On|Off Off svdhEControl whether the contents of the session are written to the +Session On|Off Off svdhEEnables a session for the current directory or location +SessionCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session +SessionCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session +SessionCookieRemove On|Off Off svdhEControl for whether session cookies should be removed from incoming HTTP headers +SessionCryptoCipher namesvdhXThe crypto cipher to be used to encrypt the session +SessionCryptoDriver name [param[=value]]sXThe crypto driver to be used to encrypt the session +SessionCryptoPassphrase secret [ secret ... ] svdhXThe key used to encrypt the session +SessionCryptoPassphraseFile filenamesvdXFile containing keys used to encrypt the session +SessionDBDCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session ID +SessionDBDCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session ID +SessionDBDCookieRemove On|Off On svdhEControl for whether session ID cookies should be removed from incoming HTTP headers +SessionDBDDeleteLabel label deletesession svdhEThe SQL query to use to remove sessions from the database +SessionDBDInsertLabel label insertsession svdhEThe SQL query to use to insert sessions into the database +SessionDBDPerUser On|Off Off svdhEEnable a per user session +SessionDBDSelectLabel label selectsession svdhEThe SQL query to use to select sessions from the database +SessionDBDUpdateLabel label updatesession svdhEThe SQL query to use to update existing sessions in the database +SessionEnv On|Off Off svdhEControl whether the contents of the session are written to the HTTP_SESSION environment variable -SessionExclude pathsvdhEDefine URL prefixes for which a session is ignored -SessionHeader headersvdhEImport session updates from a given HTTP response header -SessionInclude pathsvdhEDefine URL prefixes for which a session is valid -SessionMaxAge maxage 0 svdhEDefine a maximum age in seconds for a session -SetEnv env-variable [value]svdhBSets environment variables -SetEnvIf attribute +SessionExclude pathsvdhEDefine URL prefixes for which a session is ignored +SessionHeader headersvdhEImport session updates from a given HTTP response header +SessionInclude pathsvdhEDefine URL prefixes for which a session is valid +SessionMaxAge maxage 0 svdhEDefine a maximum age in seconds for a session +SetEnv env-variable [value]svdhBSets environment variables +SetEnvIf attribute regex [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request + [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request -SetEnvIfExpr expr +SetEnvIfExpr expr [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhBSets environment variables based on an ap_expr expression -SetEnvIfNoCase attribute regex + [[!]env-variable[=value]] ...svdhBSets environment variables based on an ap_expr expression +SetEnvIfNoCase attribute regex [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request + [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request without respect to case -SetHandler handler-name|NonesvdhCForces all matching files to be processed by a +SetHandler handler-name|NonesvdhCForces all matching files to be processed by a handler -SetInputFilter filter[;filter...]svdhCSets the filters that will process client requests and POST +SetInputFilter filter[;filter...]svdhCSets the filters that will process client requests and POST input -SetOutputFilter filter[;filter...]svdhCSets the filters that will process responses from the +SetOutputFilter filter[;filter...]svdhCSets the filters that will process responses from the server -SSIEndTag tag "-->" svBString that ends an include element -SSIErrorMsg message "[an error occurred +svdhBError message displayed when there is an SSI +SSIEndTag tag "-->" svBString that ends an include element +SSIErrorMsg message "[an error occurred +svdhBError message displayed when there is an SSI error -SSIETag on|off off dhBControls whether ETags are generated by the server. -SSILastModified on|off off dhBControls whether Last-Modified headers are generated by the +SSIETag on|off off dhBControls whether ETags are generated by the server. +SSILastModified on|off off dhBControls whether Last-Modified headers are generated by the server. -SSILegacyExprParser on|off off dhBEnable compatibility mode for conditional expressions. -SSIStartTag tag "<!--#" svBString that starts an include element -SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhBConfigures the format in which date strings are +SSILegacyExprParser on|off off dhBEnable compatibility mode for conditional expressions. +SSIStartTag tag "<!--#" svBString that starts an include element +SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhBConfigures the format in which date strings are displayed -SSIUndefinedEcho string "(none)" svdhBString displayed when an unset variable is echoed -SSLCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates +SSIUndefinedEcho string "(none)" svdhBString displayed when an unset variable is echoed +SSLCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates for Client Auth -SSLCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for +SSLCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for Client Auth -SSLCADNRequestFile file-pathsvEFile of concatenated PEM-encoded CA Certificates +SSLCADNRequestFile file-pathsvEFile of concatenated PEM-encoded CA Certificates for defining acceptable CA names -SSLCADNRequestPath directory-pathsvEDirectory of PEM-encoded CA Certificates for +SSLCADNRequestPath directory-pathsvEDirectory of PEM-encoded CA Certificates for defining acceptable CA names -SSLCARevocationCheck chain|leaf|none none svEEnable CRL-based revocation checking -SSLCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for +SSLCARevocationCheck chain|leaf|none none svEEnable CRL-based revocation checking +SSLCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for Client Auth -SSLCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for +SSLCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for Client Auth -SSLCertificateChainFile file-pathsvEFile of PEM-encoded Server CA Certificates -SSLCertificateFile file-pathsvEServer PEM-encoded X.509 certificate data file -SSLCertificateKeyFile file-pathsvEServer PEM-encoded private key file -SSLCipherSuite cipher-spec DEFAULT (depends on +svdhECipher Suite available for negotiation in SSL +SSLCertificateChainFile file-pathsvEFile of PEM-encoded Server CA Certificates +SSLCertificateFile file-pathsvEServer PEM-encoded X.509 certificate data file +SSLCertificateKeyFile file-pathsvEServer PEM-encoded private key file +SSLCipherSuite cipher-spec DEFAULT (depends on +svdhECipher Suite available for negotiation in SSL handshake -SSLCompression on|off off svEEnable compression on the SSL level -SSLCryptoDevice engine builtin sEEnable use of a cryptographic hardware accelerator -SSLEngine on|off|optional off svESSL Engine Operation Switch -SSLFIPS on|off off sESSL FIPS mode Switch -SSLHonorCipherOrder on|off off svEOption to prefer the server's cipher preference order -SSLInsecureRenegotiation on|off off svEOption to enable support for insecure renegotiation -SSLOCSDefaultResponder urisvESet the default responder URI for OCSP validation -SSLOCSPEnable on|off off svEEnable OCSP validation of the client certificate chain -SSLOCSPOverrideResponder on|off off svEForce use of the default responder URI for OCSP validation -SSLOCSPResponderTimeout seconds 10 svETimeout for OCSP queries -SSLOCSPResponseMaxAge seconds -1 svEMaximum allowable age for OCSP responses -SSLOCSPResponseTimeSkew seconds 300 svEMaximum allowable time skew for OCSP response validation -SSLOCSPUseRequestNonce on|off on svEUse a nonce within OCSP queries -SSLOpenSSLConfCmd command-name command-valuesvEConfigure OpenSSL parameters through its SSL_CONF API -SSLOptions [+|-]option ...svdhEConfigure various SSL engine run-time options -SSLPassPhraseDialog type builtin sEType of pass phrase dialog for encrypted private +SSLCompression on|off off svEEnable compression on the SSL level +SSLCryptoDevice engine builtin sEEnable use of a cryptographic hardware accelerator +SSLEngine on|off|optional off svESSL Engine Operation Switch +SSLFIPS on|off off sESSL FIPS mode Switch +SSLHonorCipherOrder on|off off svEOption to prefer the server's cipher preference order +SSLInsecureRenegotiation on|off off svEOption to enable support for insecure renegotiation +SSLOCSDefaultResponder urisvESet the default responder URI for OCSP validation +SSLOCSPEnable on|off off svEEnable OCSP validation of the client certificate chain +SSLOCSPOverrideResponder on|off off svEForce use of the default responder URI for OCSP validation +SSLOCSPResponderTimeout seconds 10 svETimeout for OCSP queries +SSLOCSPResponseMaxAge seconds -1 svEMaximum allowable age for OCSP responses +SSLOCSPResponseTimeSkew seconds 300 svEMaximum allowable time skew for OCSP response validation +SSLOCSPUseRequestNonce on|off on svEUse a nonce within OCSP queries +SSLOpenSSLConfCmd command-name command-valuesvEConfigure OpenSSL parameters through its SSL_CONF API +SSLOptions [+|-]option ...svdhEConfigure various SSL engine run-time options +SSLPassPhraseDialog type builtin sEType of pass phrase dialog for encrypted private keys -SSLProtocol [+|-]protocol ... all svEConfigure usable SSL/TLS protocol versions -SSLProxyCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates +SSLProtocol [+|-]protocol ... all -SSLv3 (up to 2 +svEConfigure usable SSL/TLS protocol versions +SSLProxyCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates for Remote Server Auth -SSLProxyCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for +SSLProxyCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for Remote Server Auth -SSLProxyCARevocationCheck chain|leaf|none none svEEnable CRL-based revocation checking for Remote Server Auth -SSLProxyCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for +SSLProxyCARevocationCheck chain|leaf|none none svEEnable CRL-based revocation checking for Remote Server Auth +SSLProxyCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for Remote Server Auth -SSLProxyCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for +SSLProxyCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for Remote Server Auth -SSLProxyCheckPeerCN on|off on svEWhether to check the remote server certificate's CN field +SSLProxyCheckPeerCN on|off on svEWhether to check the remote server certificate's CN field -SSLProxyCheckPeerExpire on|off on svEWhether to check if remote server certificate is expired +SSLProxyCheckPeerExpire on|off on svEWhether to check if remote server certificate is expired -SSLProxyCheckPeerName on|off on svEConfigure host name checking for remote server certificates +SSLProxyCheckPeerName on|off on svEConfigure host name checking for remote server certificates -SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhECipher Suite available for negotiation in SSL +SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhECipher Suite available for negotiation in SSL proxy handshake -SSLProxyEngine on|off off svESSL Proxy Engine Operation Switch -SSLProxyMachineCertificateChainFile filenamesEFile of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate -SSLProxyMachineCertificateFile filenamesEFile of concatenated PEM-encoded client certificates and keys to be used by the proxy -SSLProxyMachineCertificatePath directorysEDirectory of PEM-encoded client certificates and keys to be used by the proxy -SSLProxyProtocol [+|-]protocol ... all svEConfigure usable SSL protocol flavors for proxy usage -SSLProxyVerify level none svEType of remote server Certificate verification -SSLProxyVerifyDepth number 1 svEMaximum depth of CA Certificates in Remote Server +SSLProxyEngine on|off off svESSL Proxy Engine Operation Switch +SSLProxyMachineCertificateChainFile filenamesEFile of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate +SSLProxyMachineCertificateFile filenamesEFile of concatenated PEM-encoded client certificates and keys to be used by the proxy +SSLProxyMachineCertificatePath directorysEDirectory of PEM-encoded client certificates and keys to be used by the proxy +SSLProxyProtocol [+|-]protocol ... all -SSLv3 (up to 2 +svEConfigure usable SSL protocol flavors for proxy usage +SSLProxyVerify level none svEType of remote server Certificate verification +SSLProxyVerifyDepth number 1 svEMaximum depth of CA Certificates in Remote Server Certificate verification -SSLRandomSeed context source -[bytes]sEPseudo Random Number Generator (PRNG) seeding +SSLRandomSeed context source +[bytes]sEPseudo Random Number Generator (PRNG) seeding source -SSLRenegBufferSize bytes 131072 dhESet the size for the SSL renegotiation buffer -SSLRequire expressiondhEAllow access only when an arbitrarily complex +SSLRenegBufferSize bytes 131072 dhESet the size for the SSL renegotiation buffer +SSLRequire expressiondhEAllow access only when an arbitrarily complex boolean expression is true -SSLRequireSSLdhEDeny access when SSL is not used for the +SSLRequireSSLdhEDeny access when SSL is not used for the HTTP request -SSLSessionCache type none sEType of the global/inter-process SSL Session +SSLSessionCache type none sEType of the global/inter-process SSL Session Cache -SSLSessionCacheTimeout seconds 300 svENumber of seconds before an SSL session expires +SSLSessionCacheTimeout seconds 300 svENumber of seconds before an SSL session expires in the Session Cache -SSLSessionTicketKeyFile file-pathsvEPersistent encryption/decryption key for TLS session tickets -SSLSessionTickets on|off on svEEnable or disable use of TLS session tickets -SSLSRPUnknownUserSeed secret-stringsvESRP unknown user seed -SSLSRPVerifierFile file-pathsvEPath to SRP verifier file -SSLStaplingCache typesEConfigures the OCSP stapling cache -SSLStaplingErrorCacheTimeout seconds 600 svENumber of seconds before expiring invalid responses in the OCSP stapling cache -SSLStaplingFakeTryLater on|off on svESynthesize "tryLater" responses for failed OCSP stapling queries -SSLStaplingForceURL urisvEOverride the OCSP responder URI specified in the certificate's AIA extension -SSLStaplingResponderTimeout seconds 10 svETimeout for OCSP stapling queries -SSLStaplingResponseMaxAge seconds -1 svEMaximum allowable age for OCSP stapling responses -SSLStaplingResponseTimeSkew seconds 300 svEMaximum allowable time skew for OCSP stapling response validation -SSLStaplingReturnResponderErrors on|off on svEPass stapling related OCSP errors on to client -SSLStaplingStandardCacheTimeout seconds 3600 svENumber of seconds before expiring responses in the OCSP stapling cache -SSLStrictSNIVHostCheck on|off off svEWhether to allow non-SNI clients to access a name-based virtual +SSLSessionTicketKeyFile file-pathsvEPersistent encryption/decryption key for TLS session tickets +SSLSessionTickets on|off on svEEnable or disable use of TLS session tickets +SSLSRPUnknownUserSeed secret-stringsvESRP unknown user seed +SSLSRPVerifierFile file-pathsvEPath to SRP verifier file +SSLStaplingCache typesEConfigures the OCSP stapling cache +SSLStaplingErrorCacheTimeout seconds 600 svENumber of seconds before expiring invalid responses in the OCSP stapling cache +SSLStaplingFakeTryLater on|off on svESynthesize "tryLater" responses for failed OCSP stapling queries +SSLStaplingForceURL urisvEOverride the OCSP responder URI specified in the certificate's AIA extension +SSLStaplingResponderTimeout seconds 10 svETimeout for OCSP stapling queries +SSLStaplingResponseMaxAge seconds -1 svEMaximum allowable age for OCSP stapling responses +SSLStaplingResponseTimeSkew seconds 300 svEMaximum allowable time skew for OCSP stapling response validation +SSLStaplingReturnResponderErrors on|off on svEPass stapling related OCSP errors on to client +SSLStaplingStandardCacheTimeout seconds 3600 svENumber of seconds before expiring responses in the OCSP stapling cache +SSLStrictSNIVHostCheck on|off off svEWhether to allow non-SNI clients to access a name-based virtual host. -SSLUserName varnamesdhEVariable name to determine user name -SSLUseStapling on|off off svEEnable stapling of OCSP responses in the TLS handshake -SSLVerifyClient level none svdhEType of Client Certificate verification -SSLVerifyDepth number 1 svdhEMaximum depth of CA Certificates in Client +SSLUserName varnamesdhEVariable name to determine user name +SSLUseStapling on|off off svEEnable stapling of OCSP responses in the TLS handshake +SSLVerifyClient level none svdhEType of Client Certificate verification +SSLVerifyDepth number 1 svdhEMaximum depth of CA Certificates in Client Certificate verification -StartServers numbersMNumber of child server processes created at startup -StartThreads numbersMNumber of threads created on startup -Substitute s/pattern/substitution/[infq]dhEPattern to filter the response content +StartServers numbersMNumber of child server processes created at startup +StartThreads numbersMNumber of threads created on startup +Substitute s/pattern/substitution/[infq]dhEPattern to filter the response content +SubstituteInheritBefore on|off off dhEChange the merge order of inherited patterns SubstituteMaxLineLength bytes(b|B|k|K|m|M|g|G) 1m dhESet the maximum line size Suexec On|OffsBEnable or disable the suEXEC feature SuexecUserGroup User GroupsvEUser and group for CGI programs to run as diff --git a/docs/manual/mod/quickreference.html.fr b/docs/manual/mod/quickreference.html.fr index ff4550d3..cc823ef9 100644 --- a/docs/manual/mod/quickreference.html.fr +++ b/docs/manual/mod/quickreference.html.fr @@ -46,8 +46,8 @@ Si la valeur par dfaut est trop grande pour pouvoir tre affiche, elle sera tronque et suivie d'un "+".

    -

    Les troisime et quatrime colonnes numrent les contextes dans - lesquels la directive est applicable ainsi que son statut en accord avec le +

    La troisime colonne numre les contextes dans + lesquels la directive est applicable, et la quatrime indique son statut en accord avec le tableau des lgendes ci-dessous.

    @@ -124,7 +124,7 @@ particulier - s'arrter dans le cas d'un arrt "en douceur" - + + + + + + + + + - + - - - + - - + - - - - - - - - + - - - - - + - - - - - - - - - - - - - - + - - - - - - - - + - - - - - - - - + - - - - - - - - - - - - - - + + - + - - - + - - - - - - + + - - - - - - + - - - - - - - - - + + + + - - - - - - - - - + + + - - - - - - - + + - - - + - - - - - + + - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - + - - - - - - - - - - - - - - + - - - - - - - - - - - + - - - - - - - + - - - - - - - - - + - - - - - - - - - + - - - - + - - + - - - - - - - + - - - - - - - - + - - + - - - - - + - - + - - - - + - - - - - - + - - - - - - - + - - - + + - - - - - - - + + - - - - + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + - - + - - - - - - + - - - - + + - - - + + - - + + + + + + + + + + - - - + + - - - + + - - - + - - - - - + + - - - + - - + - - - - - - + + - - - - + + - - - - + + - - - - - - - + + + + + - - - - - - - - - + + + + + + + - - - - + + - - - + - - - - - - + + + + + @@ -605,344 +616,348 @@ simultaneously - - + + - - + - - - + - - - + + - - - - - - - - + + + + + - - - + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + - - - - - + + + + - - + - - + - - - - - - - - - - + + + + + + + + + - - - - - - - - + + + + + - - - - - - + + + + - - - + + - - - - - - - - - - - + + + + + + + - - - - - - + + + - - + - - - - - - + - - - - - + + + + - - - - + - - - - - - - - - - + + + + + + - - + - - - - + + - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + - - + - - - - - - - + + + + + + + - - - - - + + + + - - - - - + - - - - - + + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + - - + - - - + - - - - - - - - - - - - + + + + + + - - - + - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + - - - - + + + - - - + + + + diff --git a/docs/manual/mod/quickreference.html.ko.euc-kr b/docs/manual/mod/quickreference.html.ko.euc-kr index 6761fd26..7ee2dc23 100644 --- a/docs/manual/mod/quickreference.html.ko.euc-kr +++ b/docs/manual/mod/quickreference.html.ko.euc-kr @@ -443,109 +443,120 @@ media type in the HTTP Content-Type header field will exit. - - - - - + + + + + + + + + + + + + - - - - - - + + + + + - - - - - + + - - + - - - - + + - - - - - + + + + - - - - + + - - - + - - - - - - - - + + + + + - - - - - - - - - + + + + + + + - - - - + + - - - - - - - - + - + + @@ -608,370 +619,374 @@ simultaneously - - - - - + + + + + - - + - - - + + - - - - - - - + + - - - - + + - - - - - - + + + + + + - - - - - - - - - - + + + + + + + + - - - - - + + + + - - + - - + - - - - + + + - - - - - - + + + + - - - - - - + - - + - - - - - - + + + + - - - + + - - - - - - - - - - - + + + + + + + - - - - - - - - + - - - - - - + - - - - - + + + + - - - - - - - - - - - - - - + + + + + - - + - - - + - - - - + + - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + - - - - - - + + + + + - - + + - - - - - + - - + - - - + + - - + - - - - - + - - - - - + + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + - - + - - - + - - - - - - - - - - - - + + + + + + - - - + - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + - - - - + + + - - - + + + + diff --git a/docs/manual/mod/quickreference.html.tr.utf8 b/docs/manual/mod/quickreference.html.tr.utf8 index 636ecfc9..9855dea6 100644 --- a/docs/manual/mod/quickreference.html.tr.utf8 +++ b/docs/manual/mod/quickreference.html.tr.utf8 @@ -117,8 +117,8 @@ responses from the server - + @@ -465,118 +465,128 @@ found - + + + + + + + + + - + - - - + + - - - + + - - - + - - - - - + + - - - - - + + - - - - - - + + - - - - + + - - - + - - - - - - - - + + + + + - - - - - - - - - + + + + + + + - - - - + + - - - - - - - - - + + + - + @@ -641,378 +651,382 @@ processing - - + + - - + - - - + - - - + + - - - - + + - - - + + - - - - - + + + - - - - - + + + + + + - - - - - - - - - - + + + + + + + + - - - - - + + + + - - + - - + - - - - + + + - - - - - - + + + + - - - - - - + - - + - - - - - - + + + + - - - + - - - - - - - - - - - + + + + + + + - - - - - - - - + - - - - - - + - - - - - + + + + - - - - - - - + - - - + + - - + - - + - - + - - - - - - + + + + - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + - - - - - - + + + + + - - + - - - - - + + - - + - - - + + - - + - - - - - + - - - - - + + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + - - + - - - + - - - - - - - - - - - - + + + + + + - - - + - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + - - - - + + + - - - + + will exit. - + + + + + + + + + - + - - - + + - - - - + + + - - + - - - - - + + - - - - - + - - - - - - + + + - - - - + + - - - + - - - - - - - - + + + + + - - - - - - - - - + + + + + + + - - - - + + - - - - - - - - + - + + @@ -634,380 +645,384 @@ simultaneously - - + + - - + - - - + - - - + + - - - - - - - + + - - - - + + - - - - - - + + + + + + - - - - - - - - - - + + + + + + + + - - - - - + + + + - - + - - + - - - - + + + - - - - - - + + + + - - - - - - + - - + - - - - - - + + + + - - - + - - - - - - - - - - - + + + + + + + - - - - - - - - + - - - - - - + - - - - - + + + + - - - - - - - - - - + - - + - - + - - + - - - + - - - - + + - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + - - - - - - + + + + + - - + - - - - - + - - + - - - + + - - + - - - - - + - - - - - + + + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + - - + - - - + - - - - - - - - - - - - + + + + + + - - - + - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + - - - - + + + - - - + + + + diff --git a/docs/manual/new_features_2_4.html.tr.utf8 b/docs/manual/new_features_2_4.html.tr.utf8 index e719cebc..3796c425 100644 --- a/docs/manual/new_features_2_4.html.tr.utf8 +++ b/docs/manual/new_features_2_4.html.tr.utf8 @@ -27,7 +27,6 @@  fr  |  tr 

    -
    Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.

    Bu belgede Apache HTTP Sunucusunun 2.2 ve 2.4 sürümleri arasındaki başlıca farklara değinilmiştir. 2.0 sürümüne göre yeni özellikler için Apache 2.2’de Yeni olan Özellikler @@ -47,8 +46,9 @@

    Çalışma anında yüklenebilen MPM'ler
    Çok sayıda MPM artık yüklenebilir - modül olarak derlenebilmektedir. - Kullanılacak MPM'in seçimi çalışma anında yapılabilmektedir.
    + modül olarak derlenebilmektedir. Kullanılacak MPM'in seçimi + çalışma anında LoadModule + yönergesi üzerinden yapılabilmektedir.
    Event MPM
    Event MPM artık deneysel değil, ancak diff --git a/docs/manual/programs/ab.html.tr.utf8 b/docs/manual/programs/ab.html.tr.utf8 index 6d5d17cb..8da3aad3 100644 --- a/docs/manual/programs/ab.html.tr.utf8 +++ b/docs/manual/programs/ab.html.tr.utf8 @@ -28,7 +28,6 @@  ko  |  tr 

    -
    Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.

    ab Apache Hiper Metin Aktarım Protokolü (HTTP) sunucunuzun başarımını ölçmek amacıyla kullanabileceğiniz bir diff --git a/docs/manual/rewrite/flags.html.en b/docs/manual/rewrite/flags.html.en index bffe1d90..cfd8f7e0 100644 --- a/docs/manual/rewrite/flags.html.en +++ b/docs/manual/rewrite/flags.html.en @@ -134,6 +134,15 @@ follows:

    [CO=NAME:VALUE:DOMAIN:lifetime:path:secure:httponly]

    +

    If a literal ':' character is needed in any of the cookie fields, an +alternate syntax is available. To opt-in to the alternate syntax, the cookie +"Name" should be preceded with a ';' character, and field separators should be +specified as ';'.

    + +

    +[CO=;NAME;VALUE:MOREVALUE;DOMAIN;lifetime;path;secure;httponly] +

    +

    You must declare a name, a value, and a domain for the cookie to be set.

    diff --git a/docs/manual/rewrite/flags.html.fr b/docs/manual/rewrite/flags.html.fr index 7050bd9a..82779aeb 100644 --- a/docs/manual/rewrite/flags.html.fr +++ b/docs/manual/rewrite/flags.html.fr @@ -145,6 +145,15 @@ suivante :

    [CO=NAME:VALUE:DOMAIN:lifetime:path:secure:httponly]

    +

    Si un caractre littral ':' doit tre insrer dans un des champs du +cookie, une autre syntaxe est disponible. Pour utiliser cette syntaxe +alternative, le contenu du champ "Name" doit tre prcd du caractre +';', et les spateurs de champs deviendront des ';'.

    + +

    +[CO=;NAME;VALUE:MOREVALUE;DOMAIN;lifetime;path;secure;httponly] +

    +

    Vous devez dclarer un nom, une valeur et un domaine pour que le cookie puisse tre dfini.

    diff --git a/docs/manual/sitemap.html.de b/docs/manual/sitemap.html.de index dc901081..1f3f0d85 100644 --- a/docs/manual/sitemap.html.de +++ b/docs/manual/sitemap.html.de @@ -240,6 +240,7 @@ HPUX betreiben
  • Apache-Modul mod_headers
  • Apache-Modul mod_heartbeat
  • Apache-Modul mod_heartmonitor
    • +
  • Apache-Modul mod_http2
  • Apache-Modul mod_ident
  • Apache-Modul mod_imagemap
  • Apache-Modul mod_include
    • diff --git a/docs/manual/sitemap.html.en b/docs/manual/sitemap.html.en index a741c1de..5a0a1634 100644 --- a/docs/manual/sitemap.html.en +++ b/docs/manual/sitemap.html.en @@ -240,6 +240,7 @@ log_server_status
  • Apache Module mod_headers
  • Apache Module mod_heartbeat
  • Apache Module mod_heartmonitor
    • +
  • Apache Module mod_http2
  • Apache Module mod_ident
  • Apache Module mod_imagemap
  • Apache Module mod_include
    • diff --git a/docs/manual/sitemap.html.es b/docs/manual/sitemap.html.es index 13a2dece..aeff96cf 100644 --- a/docs/manual/sitemap.html.es +++ b/docs/manual/sitemap.html.es @@ -222,6 +222,7 @@ usados para describir las directivas de Apache
  • Mdulo Apache mod_headers
  • Mdulo Apache mod_heartbeat
  • Mdulo Apache mod_heartmonitor
    • +
  • Mdulo Apache mod_http2
  • Mdulo Apache mod_ident
  • Mdulo Apache mod_imagemap
  • Mdulo Apache mod_include
    • diff --git a/docs/manual/sitemap.html.fr b/docs/manual/sitemap.html.fr index dda7548a..fc41619a 100644 --- a/docs/manual/sitemap.html.fr +++ b/docs/manual/sitemap.html.fr @@ -255,6 +255,7 @@ pour d
  • Module Apache mod_headers
  • Module Apache mod_heartbeat
  • Module Apache mod_heartmonitor
    • +
  • Module Apache mod_http2
  • Module Apache mod_ident
  • Module Apache mod_imagemap
  • Module Apache mod_include
    • diff --git a/docs/manual/sitemap.html.ja.utf8 b/docs/manual/sitemap.html.ja.utf8 index 39c39388..3a5b99b4 100644 --- a/docs/manual/sitemap.html.ja.utf8 +++ b/docs/manual/sitemap.html.ja.utf8 @@ -221,6 +221,7 @@
  • Apache モジュール mod_headers
  • Apache モジュール mod_heartbeat
  • Apache モジュール mod_heartmonitor
    • +
  • Apache モジュール mod_http2
  • Apache モジュール mod_ident
  • Apache モジュール mod_imagemap
  • Apache モジュール mod_include
    • diff --git a/docs/manual/sitemap.html.ko.euc-kr b/docs/manual/sitemap.html.ko.euc-kr index 80872653..d8111df5 100644 --- a/docs/manual/sitemap.html.ko.euc-kr +++ b/docs/manual/sitemap.html.ko.euc-kr @@ -220,6 +220,7 @@
  • ġ mod_headers
  • ġ mod_heartbeat
  • ġ mod_heartmonitor
    • +
  • ġ mod_http2
  • ġ mod_ident
  • ġ mod_imagemap
  • ġ mod_include
    • diff --git a/docs/manual/sitemap.html.tr.utf8 b/docs/manual/sitemap.html.tr.utf8 index 532bae34..c5d8b4fe 100644 --- a/docs/manual/sitemap.html.tr.utf8 +++ b/docs/manual/sitemap.html.tr.utf8 @@ -235,6 +235,7 @@ Windows ile Apache Kullanımı
  • Apache Modülü mod_headers
  • Apache Modülü mod_heartbeat
  • Apache Modülü mod_heartmonitor
    • +
  • Apache Modülü mod_http2
  • Apache Modülü mod_ident
  • Apache Modülü mod_imagemap
  • Apache Modülü mod_include
    • diff --git a/docs/manual/sitemap.html.zh-cn.utf8 b/docs/manual/sitemap.html.zh-cn.utf8 index a7b31604..d54e1d83 100644 --- a/docs/manual/sitemap.html.zh-cn.utf8 +++ b/docs/manual/sitemap.html.zh-cn.utf8 @@ -221,6 +221,7 @@
  • Apache 模块 mod_headers
  • Apache 模块 mod_heartbeat
  • Apache 模块 mod_heartmonitor
    • +
  • Apache 模块 mod_http2
  • Apache 模块 mod_ident
  • Apache 模块 mod_imagemap
  • Apache 模块 mod_include
    • diff --git a/docs/manual/ssl/ssl_howto.html.fr b/docs/manual/ssl/ssl_howto.html.fr index 868aab84..693fb43b 100644 --- a/docs/manual/ssl/ssl_howto.html.fr +++ b/docs/manual/ssl/ssl_howto.html.fr @@ -26,8 +26,6 @@

    Langues Disponibles:  en  |  fr 

    -
    Cette traduction peut tre prime. Vrifiez la version - anglaise pour les changements rcents.

    Ce document doit vous permettre de dmarrer et de faire fonctionner diff --git a/docs/manual/stopping.html.fr b/docs/manual/stopping.html.fr index efbc82d3..4878c0e4 100644 --- a/docs/manual/stopping.html.fr +++ b/docs/manual/stopping.html.fr @@ -54,7 +54,8 @@

    Afin d'arrter ou redmarrer le serveur HTTP Apache, vous devez envoyer un signal aux processus httpd en cours d'excution. Les signaux - peuvent tre envoys de deux manires. Tout d'abord, vous pouvez + peuvent tre envoys de deux manires. La + premire mthode consiste utiliser la commande unix kill pour envoyer directement des signaux aux processus. Vous pouvez remarquer que plusieurs processus httpd s'excutent sur votre @@ -62,13 +63,13 @@ dont le PID est enregistr dans le fichier prcis par la directive PidFile. Autrement dit, vous n'aurez jamais besoin d'envoyer des signaux aucun des - processus enfants, mais seulement au processus parent. Trois types + processus enfants, mais seulement au processus parent. Quatre types de signaux peuvent tre envoys au processus parent : TERM, USR1, HUP, et WINCH, qui - sera dcrit plus loin.

    + seront dcrit plus loin.

    Pour envoyer un signal au processus parent, vous devez entrer une commande du style :

    @@ -77,10 +78,10 @@

    La seconde mthode permettant d'envoyer des signaux aux processus httpd - consiste utiliser les options de ligne de commande -k : - stop, - restart, graceful et graceful-stop, - comme dcrit ci-dessous. Ce sont des arguments du binaire + consiste utiliser les options stop, + restart, graceful et + graceful-stop du commutateur -k de la ligne + de commande comme dcrit ci-dessous. Ce sont des arguments du binaire httpd, mais il est recommand de les utiliser avec le script de contrle apachectl, qui se chargera de les passer httpd.

    @@ -137,7 +138,7 @@ enfants n'ont pas t crs, un nombre suffisant de processus supplmentaires est cr pour combler le manque. Ainsi le code tente de maintenir la fois le nombre appropri de processus enfants - en fonction de la charge du serveur, et vos souhaits dfinis par la + en fonction de la charge du serveur, et le nombre de processus dfini par la directive StartServers.

    Les utilisateurs du module mod_status @@ -152,7 +153,7 @@ enfants au cours des diffrentes gnrations.

    Dans son tat des processus, - le module status utilise aussi un G afin d'indiquer + le module status utilise aussi un caractre G afin d'indiquer quels processus enfants ont encore des traitements de requtes en cours dbuts avant que l'ordre graceful restart ne soit donn.

    @@ -182,7 +183,7 @@ correctement. Pour vrifier la smantique des fichiers de configuration en plus de leur syntaxe, vous pouvez essayer de dmarrer httpd sous un utilisateur non root. - S'il n'y a pas d'erreurs, il tentera d'ouvrir ses sockets et ses fichiers + S'il n'y a pas d'erreur, il tentera d'ouvrir ses sockets et ses fichiers de log et chouera car il n'a pas les privilges root (ou parce que l'instance actuelle de httpd est dj associe ces ports). S'il choue @@ -224,7 +225,7 @@ vous recevrez un message concernant ces erreurs.

    A la rception du signal WINCH ou graceful-stop, le - processus parent avise ses processus enfants + processus parent ordonne ses processus enfants de s'arrter aprs le traitement de leur requte en cours (ou de s'arrter immdiatement s'ils n'ont plus de requte traiter). Le processus parent va alors supprimer son fichier diff --git a/docs/manual/style/version.ent b/docs/manual/style/version.ent index 084db614..bf0e2316 100644 --- a/docs/manual/style/version.ent +++ b/docs/manual/style/version.ent @@ -19,6 +19,6 @@ - + diff --git a/docs/manual/vhosts/examples.html.tr.utf8 b/docs/manual/vhosts/examples.html.tr.utf8 index 674234fa..3368065e 100644 --- a/docs/manual/vhosts/examples.html.tr.utf8 +++ b/docs/manual/vhosts/examples.html.tr.utf8 @@ -29,7 +29,6 @@  ko  |  tr 

    -
    Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.

    Bu belgede sanal konaklarla ile ilgili olarak @@ -79,14 +78,14 @@ 

    # Apache’nin 80. portu dinlediğinden emin olalım
 Listen 80
 <VirtualHost *:80>
-  DocumentRoot /siteler/ecom
+  DocumentRoot "/siteler/ecom"
   ServerName example.com
 
   # Diğer yönergeler, burada ...
 </VirtualHost>
 
 <VirtualHost *:80>
-  DocumentRoot /siteler/eorg
+  DocumentRoot "/siteler/eorg"
   ServerName example.org
 
   # Diğer yönergeler, burada ...
@@ -147,17 +146,17 @@ Listen 80
 
 # Bu, 192.168.1.2 adresindeki "ana sunucu" olsun
 ServerName sunucu.example.com
-DocumentRoot /siteler/anasunucu
+DocumentRoot "/siteler/anasunucu"
 
 <VirtualHost 192.168.1.20>
-    DocumentRoot /siteler/ecom
+    DocumentRoot "/siteler/ecom"
     ServerName example.com
 
     # Diğer yönergeler, burada ...
 </VirtualHost>
 
 <VirtualHost 192.168.1.20>
-    DocumentRoot /siteler/eorg
+    DocumentRoot "/siteler/eorg"
     ServerName example.org
 
     # Diğer yönergeler, burada ...
@@ -184,7 +183,7 @@ DocumentRoot /siteler/anasunucu
       verebilir.
    
 
     
    <VirtualHost 192.168.1.1 172.20.30.40>
-    DocumentRoot /siteler/sunucu
+    DocumentRoot "/siteler/sunucu"
     ServerName sunucu.example.com
     ServerAlias sunucu
 </VirtualHost>
    
@@ -218,22 +217,22 @@ Listen 8080
 
 <VirtualHost 172.20.30.40:80>
     ServerName example.com
-    DocumentRoot /siteler/ecom-80
+    DocumentRoot "/siteler/ecom-80"
 </VirtualHost>
 
 <VirtualHost 172.20.30.40:8080>
     ServerName example.com
-    DocumentRoot /siteler/ecom-8080
+    DocumentRoot "/siteler/ecom-8080"
 </VirtualHost>
 
 <VirtualHost 172.20.30.40:80>
     ServerName example.org
-    DocumentRoot /siteler/eorg-80
+    DocumentRoot "/siteler/eorg-80"
 </VirtualHost>
 
 <VirtualHost 172.20.30.40:8080>
     ServerName example.org
-    DocumentRoot /siteler/eorg-8080
+    DocumentRoot "/siteler/eorg-8080"
 </VirtualHost>
    @@ -248,12 +247,12 @@ Listen 8080 
    Listen 80
 
 <VirtualHost 172.20.30.40>
-    DocumentRoot /siteler/ecom
+    DocumentRoot "/siteler/ecom"
     ServerName example.com
 </VirtualHost>
 
 <VirtualHost 172.20.30.50>
-    DocumentRoot /siteler/eorg
+    DocumentRoot "/siteler/eorg"
     ServerName example.org
 </VirtualHost>
    @@ -277,22 +276,22 @@ Listen 172.20.30.50:80 Listen 172.20.30.50:8080 <VirtualHost 172.20.30.40:80> - DocumentRoot /siteler/ecom-80 + DocumentRoot "/siteler/ecom-80" ServerName example.com </VirtualHost> <VirtualHost 172.20.30.40:8080> - DocumentRoot /siteler/ecom-8080 + DocumentRoot "/siteler/ecom-8080" ServerName example.com </VirtualHost> <VirtualHost 172.20.30.50:80> - DocumentRoot /siteler/eorg-80 + DocumentRoot "/siteler/eorg-80" ServerName example.org </VirtualHost> <VirtualHost 172.20.30.50:8080> - DocumentRoot /siteler/eorg-8080 + DocumentRoot "/siteler/eorg-8080" ServerName example.org </VirtualHost> @@ -309,28 +308,28 @@ Listen 172.20.30.50:8080 
    Listen 80
 
 <VirtualHost 172.20.30.40>
-    DocumentRoot /siteler/ecom
+    DocumentRoot "/siteler/ecom"
     ServerName example.com
 </VirtualHost>
 
 <VirtualHost 172.20.30.40>
-    DocumentRoot /siteler/eorg
+    DocumentRoot "/siteler/eorg"
     ServerName example.org
 </VirtualHost>
 
 <VirtualHost 172.20.30.40>
-    DocumentRoot /siteler/enet
+    DocumentRoot "/siteler/enet"
     ServerName example.net
 </VirtualHost>
 
 # IP'ye dayalı
 <VirtualHost 172.20.30.50>
-    DocumentRoot /siteler/eedu
+    DocumentRoot "/siteler/eedu"
     ServerName example.edu
 </VirtualHost>
 
 <VirtualHost 172.20.30.60>
-    DocumentRoot /siteler/egov
+    DocumentRoot "/siteler/egov"
     ServerName example.gov
 </VirtualHost>
    @@ -350,8 +349,8 @@ Listen 172.20.30.50:8080 
    <VirtualHost *:*>
     ProxyPreserveHost On
-    ProxyPass / http://192.168.111.2/
-    ProxyPassReverse / http://192.168.111.2/
+    ProxyPass "/" "http://192.168.111.2/"
+    ProxyPassReverse "/" "http://192.168.111.2/"
     ServerName konak.example.com
 </VirtualHost>
    @@ -367,7 +366,7 @@ Listen 172.20.30.50:8080 adresi/portu ile eşleşmeyen istekleri yakalamak istersek...

    <VirtualHost _default_:*>
-    DocumentRoot /siteler/default
+    DocumentRoot "/siteler/default"
 </VirtualHost>
    @@ -393,12 +392,12 @@ Listen 172.20.30.50:8080 _default_ sanal konağı kullanmak istersek...

    <VirtualHost _default_:80>
-    DocumentRoot /siteler/default80
+    DocumentRoot "/siteler/default80"
     # ...
 </VirtualHost>
 
 <VirtualHost _default_:*>
-    DocumentRoot /siteler/default
+    DocumentRoot "/siteler/default"
     # ...
 </VirtualHost>
    @@ -416,7 +415,7 @@ Listen 172.20.30.50:8080 sunmasını istersek...

    <VirtualHost _default_:80>
-    DocumentRoot /siteler/default
+    DocumentRoot "/siteler/default"
     ...
 </VirtualHost>
    @@ -447,16 +446,16 @@ Listen 172.20.30.50:8080 
    Listen 80
 ServerName example.com
-DocumentRoot /siteler/ecom
+DocumentRoot "/siteler/ecom"
 
 <VirtualHost 192.168.1.20 192.168.1.2>
-    DocumentRoot /siteler/eorg
+    DocumentRoot "/siteler/eorg"
     ServerName example.org
     # ...
 </VirtualHost>
 
 <VirtualHost 192.168.1.20>
-    DocumentRoot /siteler/enet
+    DocumentRoot "/siteler/enet"
     ServerName example.enet
     ServerAlias *.example.enet
     # ...
@@ -483,27 +482,27 @@ DocumentRoot /siteler/ecom
 
     
    <VirtualHost 172.20.30.40>
     # ilk sanal konak
-    DocumentRoot /siteler/baska
+    DocumentRoot "/siteler/baska"
     RewriteEngine On
-    RewriteRule . /siteler/baska/index.html
+    RewriteRule "." "/siteler/baska/index.html"
     # ...
 </VirtualHost>
 
 <VirtualHost 172.20.30.40>
 DocumentRoot /siteler/baska/bir
-    ServerName bir.baska.tld
-    ServerPath /bir/
+    ServerName "bir.baska.tld"
+    ServerPath "/bir/"
     RewriteEngine On
-    RewriteRule ^(/bir/.*) /siteler/baska$1
+    RewriteRule "^(/bir/.*) /siteler/baska$1"
     # ...
 </VirtualHost>
 
 <VirtualHost 172.20.30.40>
-    DocumentRoot /siteler/baska/iki
+    DocumentRoot "/siteler/baska/iki"
     ServerName iki.baska.tld
-    ServerPath /iki/
+    ServerPath "/iki/"
     RewriteEngine On
-    RewriteRule ^(/iki/.*) /siteler/baska$1
+    RewriteRule "^(/iki/.*)" "/siteler/baska$1"
     # ...
 </VirtualHost>
    
 
diff --git a/docs/manual/vhosts/ip-based.html.tr.utf8 b/docs/manual/vhosts/ip-based.html.tr.utf8
index 16b2a8ee..fe8d43b2 100644
--- a/docs/manual/vhosts/ip-based.html.tr.utf8
+++ b/docs/manual/vhosts/ip-based.html.tr.utf8
@@ -29,7 +29,6 @@
  ko  |
  tr 
    
 
-
    Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.
    
 
 
    •  IP'ye dayalı sanal konak desteği nedir
      • 
 
    •  Sistem gereksinimleri
      • 
@@ -138,18 +137,18 @@
 
     
      <VirtualHost 192.168.1.10:80>
     ServerAdmin bilgi@example.com
-    DocumentRoot /siteler/belgeler/ecom
+    DocumentRoot "/siteler/belgeler/ecom"
     ServerName example.com
-    ErrorLog /siteler/gunlukler/ecom/hatalar.log
-    CustomLog /siteler/gunlukler/ecom/erisim.log combined
+    ErrorLog "/siteler/gunlukler/ecom/hatalar.log"
+    CustomLog "/siteler/gunlukler/ecom/erisim.log" combined
 </VirtualHost>
 
 <VirtualHost 192.168.1.20:80>
     ServerAdmin bilgi@example.org
-    DocumentRoot /siteler/belgeler/eorg
+    DocumentRoot "/siteler/belgeler/eorg"
     ServerName example.org
-    ErrorLog /siteler/gunlukler/eorg/hatalar.log
-    CustomLog /siteler/gunlukler/eorg/erisim.log combined
+    ErrorLog "/siteler/gunlukler/eorg/hatalar.log"
+    CustomLog "/siteler/gunlukler/eorg/erisim.log" combined
 </VirtualHost>
      
 
 
diff --git a/docs/manual/vhosts/mass.html.tr.utf8 b/docs/manual/vhosts/mass.html.tr.utf8
index e5f87d59..6a5e90fb 100644
--- a/docs/manual/vhosts/mass.html.tr.utf8
+++ b/docs/manual/vhosts/mass.html.tr.utf8
@@ -28,7 +28,6 @@
  ko  |
  tr 
      
 
    
-
    Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.
    
 
 
     
    Bu belgede sanal konakların sonu belirsiz bir şekilde artışı karşısında
@@ -58,20 +57,20 @@
 
 
    <VirtualHost 111.22.33.44>
     ServerName                 musteri-1.example.com
-    DocumentRoot        /siteler/musteri-1/belgeler
-    ScriptAlias  /cgi-bin/  /siteler/musteri-1/cgi-bin
+    DocumentRoot        "/siteler/musteri-1/belgeler"
+    ScriptAlias  "/cgi-bin/"  "/siteler/musteri-1/cgi-bin"
 </VirtualHost>
 
 <VirtualHost 111.22.33.44>
     ServerName                 musteri-2.example.com
-    DocumentRoot        /siteler/musteri-2/belgeler
-    ScriptAlias  /cgi-bin/  /siteler/musteri-2/cgi-bin
+    DocumentRoot        "/siteler/musteri-2/belgeler"
+    ScriptAlias   "/cgi-bin/"   "/siteler/musteri-2/cgi-bin"
 </VirtualHost>
 
 <VirtualHost 111.22.33.44>
     ServerName                 musteri-N.example.com
-    DocumentRoot        /siteler/musteri-N/belgeler
-    ScriptAlias  /cgi-bin/  /siteler/musteri-N/cgi-bin
+    DocumentRoot          "/siteler/musteri-N/belgeler"
+    ScriptAlias   "/cgi-bin/"  "/siteler/musteri-N/cgi-bin"
 </VirtualHost>
    
 
 
@@ -157,12 +156,12 @@ UseCanonicalName Off
 # Bu günlükleme biçiminde split-logfile aracı kullanılarak
 # sanal konak günlükleri ilk alana göre ayrıştırılabilir
 LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
-CustomLog logs/access_log vcommon
+CustomLog "logs/access_log vcommon"
 
 # istekleri yerine getirmek için kullanılacak
 # dosya isimlerine sunucu ismini ekleyelim
-VirtualDocumentRoot /siteler/%0/belgeler
-VirtualScriptAlias  /siteler/%0/cgi-bin
    +VirtualDocumentRoot "/siteler/%0/belgeler" +VirtualScriptAlias "/siteler/%0/cgi-bin"

    Bu yapılandırmayı IP’ye dayalı sanal konaklar için kullanmak isterseniz @@ -193,10 +192,10 @@ LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon CustomLog logs/access_log vcommon # sunucu ismini içerecek dosya isimlerini oluşturalım -VirtualDocumentRoot /home/%2/www +VirtualDocumentRoot "/home/%2/www" # ortak cgi-bin dizini -ScriptAlias /cgi-bin/ /siteler/std-cgi/ +ScriptAlias "/cgi-bin/" "/siteler/std-cgi/"

    mod_vhost_alias belgesinde daha karmaşık @@ -217,12 +216,12 @@ ScriptAlias /cgi-bin/ /siteler/std-cgi/ LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon -<Directory /siteler/kurumsal> +<Directory "/siteler/kurumsal"> Options FollowSymLinks AllowOverride All </Directory> -<Directory /siteler/bireysel> +<Directory "/siteler/bireysel"> Options FollowSymLinks AllowOverride None </Directory> @@ -230,19 +229,19 @@ LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon <VirtualHost 111.22.33.44> ServerName kurumsal.example.com - CustomLog logs/access_log.kurumsal vcommon + CustomLog "logs/access_log.kurumsal" vcommon - VirtualDocumentRoot /siteler/kurumsal/%0/belgeler - VirtualScriptAlias /siteler/kurumsal/%0/cgi-bin + VirtualDocumentRoot "/siteler/kurumsal/%0/belgeler" + VirtualScriptAlias "/siteler/kurumsal/%0/cgi-bin" </VirtualHost> <VirtualHost 111.22.33.45> ServerName bireysel.example.com - CustomLog logs/access_log.bireysel vcommon + CustomLog "logs/access_log.bireysel" vcommon - VirtualDocumentRoot /siteler/bireysel/%0/belgeler - ScriptAlias /cgi-bin/ /siteler/std-cgi/ + VirtualDocumentRoot "/siteler/bireysel/%0/belgeler" + ScriptAlias "/cgi-bin/" "/siteler/std-cgi/" </VirtualHost> @@ -272,11 +271,11 @@ UseCanonicalName DNS # Günlük kayıtları IP adreslerine göre ayrıştırılabilsin LogFormat "%A %h %l %u %t \"%r\" %s %b" vcommon -CustomLog logs/access_log vcommon +CustomLog "logs/access_log" vcommon # dosya isimleri IP adreslerini içersin -VirtualDocumentRootIP /siteler/%0/belgeler -VirtualScriptAliasIP /siteler/%0/cgi-bin +VirtualDocumentRootIP "/siteler/%0/belgeler" +VirtualScriptAliasIP "/siteler/%0/cgi-bin"

    top
    diff --git a/docs/manual/vhosts/name-based.html.tr.utf8 b/docs/manual/vhosts/name-based.html.tr.utf8 index 84dd4c98..17c2b2fd 100644 --- a/docs/manual/vhosts/name-based.html.tr.utf8 +++ b/docs/manual/vhosts/name-based.html.tr.utf8 @@ -30,7 +30,6 @@  ko  |  tr 

    -
    Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.

    Bu belgede isme dayalı sanal konakların ne zaman, nasıl kullanılacakları açıklanmıştır.

    @@ -151,12 +150,12 @@ Barındırma
  • Çok kullanılan sanal konak ya #İlk sanal konak aynı zamanda *:80 için de öntanımlıdır. ServerName site1.example.com ServerAlias example.com - DocumentRoot /siteler/site1 + DocumentRoot "/siteler/site1" </VirtualHost> <VirtualHost *:80> ServerName site2.example.com - DocumentRoot /siteler/site2 + DocumentRoot "/siteler/site2" </VirtualHost> diff --git a/httpd.spec b/httpd.spec index 09560653..911f4dcc 100644 --- a/httpd.spec +++ b/httpd.spec @@ -4,7 +4,7 @@ Summary: Apache HTTP Server Name: httpd -Version: 2.4.16 +Version: 2.4.17 Release: 1 URL: http://httpd.apache.org/ Vendor: Apache Software Foundation diff --git a/include/ap_config_auto.h.in b/include/ap_config_auto.h.in index dc3481c5..eecd4aad 100644 --- a/include/ap_config_auto.h.in +++ b/include/ap_config_auto.h.in @@ -109,6 +109,15 @@ /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H +/* Define if nghttp2 is available */ +#undef HAVE_NGHTTP2 + +/* Define to 1 if you have the header file. */ +#undef HAVE_NGHTTP2_NGHTTP2_H + +/* Define to 1 if you have the `nghttp2_session_server_new2' function. */ +#undef HAVE_NGHTTP2_SESSION_SERVER_NEW2 + /* Define if OpenSSL is available */ #undef HAVE_OPENSSL diff --git a/include/ap_listen.h b/include/ap_listen.h index 21101cd8..9e3098f2 100644 --- a/include/ap_listen.h +++ b/include/ap_listen.h @@ -77,6 +77,8 @@ struct ap_listen_rec { * The global list of ap_listen_rec structures */ AP_DECLARE_DATA extern ap_listen_rec *ap_listeners; +AP_DECLARE_DATA extern int ap_num_listen_buckets; +AP_DECLARE_DATA extern int ap_have_so_reuseport; /** * Setup all of the defaults for the listener list @@ -91,11 +93,34 @@ AP_DECLARE(void) ap_listen_pre_config(void); */ AP_DECLARE(int) ap_setup_listeners(server_rec *s); +/** + * This function duplicates ap_listeners into multiple buckets when configured + * to (see ListenCoresBucketsRatio) and the platform supports it (eg. number of + * online CPU cores and SO_REUSEPORT available). + * @param p The config pool + * @param s The global server_rec + * @param buckets The array of listeners buckets. + * @param num_buckets The total number of listeners buckets (array size). + * @remark If the given *num_buckets is 0 (input), it will be computed + * according to the platform capacities, otherwise (positive) it + * will be preserved. The number of listeners duplicated will + * always match *num_buckets, be it computed or given. + */ +AP_DECLARE(apr_status_t) ap_duplicate_listeners(apr_pool_t *p, server_rec *s, + ap_listen_rec ***buckets, + int *num_buckets); + /** * Loop through the global ap_listen_rec list and close each of the sockets. */ AP_DECLARE_NONSTD(void) ap_close_listeners(void); +/** + * Loop through the given ap_listen_rec list and close each of the sockets. + * @param listener The listener to close. + */ +AP_DECLARE_NONSTD(void) ap_close_listeners_ex(ap_listen_rec *listeners); + /** * FIXMEDOC */ @@ -109,6 +134,7 @@ AP_DECLARE_NONSTD(int) ap_close_selected_listeners(ap_slave_t *); * called. */ AP_DECLARE_NONSTD(const char *) ap_set_listenbacklog(cmd_parms *cmd, void *dummy, const char *arg); +AP_DECLARE_NONSTD(const char *) ap_set_listencbratio(cmd_parms *cmd, void *dummy, const char *arg); AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy, int argc, char *const argv[]); AP_DECLARE_NONSTD(const char *) ap_set_send_buffer_size(cmd_parms *cmd, void *dummy, @@ -120,6 +146,8 @@ AP_DECLARE_NONSTD(const char *) ap_set_receive_buffer_size(cmd_parms *cmd, #define LISTEN_COMMANDS \ AP_INIT_TAKE1("ListenBacklog", ap_set_listenbacklog, NULL, RSRC_CONF, \ "Maximum length of the queue of pending connections, as used by listen(2)"), \ +AP_INIT_TAKE1("ListenCoresBucketsRatio", ap_set_listencbratio, NULL, RSRC_CONF, \ + "Ratio between the number of CPU cores (online) and the number of listeners buckets"), \ AP_INIT_TAKE_ARGV("Listen", ap_set_listener, NULL, RSRC_CONF, \ "A port number or a numeric IP address and a port number, and an optional protocol"), \ AP_INIT_TAKE1("SendBufferSize", ap_set_send_buffer_size, NULL, RSRC_CONF, \ diff --git a/include/ap_mmn.h b/include/ap_mmn.h index 7e609e3e..015ff6d3 100644 --- a/include/ap_mmn.h +++ b/include/ap_mmn.h @@ -445,6 +445,17 @@ * 20120211.46 (2.4.13-dev) Add ap_map_http_request_error() * 20120211.47 (2.4.13-dev) Add ap_some_authn_required, ap_force_authn hook. * Deprecate broken ap_some_auth_required. + * 20120211.48 (2.4.17-dev) Added ap_log_mpm_common(). + * 20120211.49 (2.4.17-dev) Add listener bucket in scoreboard.h's process_score. + * 20120211.50 (2.4.17-dev) Add ap_set_listencbratio(), ap_close_listeners_ex(), + * ap_duplicate_listeners(), ap_num_listen_buckets and + * ap_have_so_reuseport to ap_listen.h. + * 20120211.51 (2.4.17-dev) Add protocols and protocols_honor_order to + * core_server_config. Add hooks protocol_propose + * protocol_switch and protocol_get. Add + * ap_select_protocol(), ap_switch_protocol(), + * ap_get_protocol(). Add HTTP_MISDIRECTED_REQUEST. + * Added ap_parse_token_list_strict() to httpd.h */ #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */ @@ -452,7 +463,7 @@ #ifndef MODULE_MAGIC_NUMBER_MAJOR #define MODULE_MAGIC_NUMBER_MAJOR 20120211 #endif -#define MODULE_MAGIC_NUMBER_MINOR 47 /* 0...n */ +#define MODULE_MAGIC_NUMBER_MINOR 51 /* 0...n */ /** * Determine if the server's current MODULE_MAGIC_NUMBER is at least a diff --git a/include/ap_release.h b/include/ap_release.h index f7542cf8..0b49ada5 100644 --- a/include/ap_release.h +++ b/include/ap_release.h @@ -43,7 +43,7 @@ #define AP_SERVER_MAJORVERSION_NUMBER 2 #define AP_SERVER_MINORVERSION_NUMBER 4 -#define AP_SERVER_PATCHLEVEL_NUMBER 16 +#define AP_SERVER_PATCHLEVEL_NUMBER 17 #define AP_SERVER_DEVBUILD_BOOLEAN 0 /* Synchronize the above with docs/manual/style/version.ent */ diff --git a/include/http_core.h b/include/http_core.h index 8171823a..6ca53f76 100644 --- a/include/http_core.h +++ b/include/http_core.h @@ -681,6 +681,10 @@ typedef struct { #define AP_MERGE_TRAILERS_DISABLE 2 int merge_trailers; + + + apr_array_header_t *protocols; + int protocols_honor_order; } core_server_config; /* for AddOutputFiltersByType in core.c */ diff --git a/include/http_log.h b/include/http_log.h index bd0faf7f..801dcceb 100644 --- a/include/http_log.h +++ b/include/http_log.h @@ -634,7 +634,7 @@ AP_DECLARE(void) ap_log_rdata(const char *file, int line, int module_index, #ifdef AP_HAVE_C99 /* need additional step to expand APLOG_MARK first */ #define ap_log_rdata(...) ap_log_rdata__(__VA_ARGS__) -#define ap_log_rdata__(file, line, mi, level, s, ...) \ +#define ap_log_rdata__(file, line, mi, level, r, ...) \ do { if (APLOG_R_MODULE_IS_LEVEL(r, mi, level)) \ ap_log_rdata_(file, line, mi, level, r, __VA_ARGS__); \ } while(0) @@ -740,6 +740,13 @@ AP_DECLARE(void) ap_error_log2stderr(server_rec *s); */ AP_DECLARE(void) ap_log_command_line(apr_pool_t *p, server_rec *s); +/** + * Log common (various) MPM shared data at startup. + * @param s The server_rec of the error log we want to log to. + * Misc commonly logged data is logged to that server's error log. + */ +AP_DECLARE(void) ap_log_mpm_common(server_rec *s); + /** * Log the current pid of the parent process * @param p The pool to use for processing diff --git a/include/http_protocol.h b/include/http_protocol.h index ee61b687..64ed0136 100644 --- a/include/http_protocol.h +++ b/include/http_protocol.h @@ -700,6 +700,139 @@ AP_DECLARE_HOOK(const char *,http_scheme,(const request_rec *r)) */ AP_DECLARE_HOOK(apr_port_t,default_port,(const request_rec *r)) + +#define AP_PROTOCOL_HTTP1 "http/1.1" + +/** + * Determine the list of protocols available for a connection/request. This may + * be collected with or without any request sent, in which case the request is + * NULL. Or it may be triggered by the request received, e.g. through the + * "Upgrade" header. + * + * This hook will be run whenever protocols are being negotiated (ALPN as + * one example). It may also be invoked at other times, e.g. when the server + * wants to advertise protocols it is capable of switching to. + * + * The identifiers for protocols are taken from the TLS extension type ALPN: + * https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml + * + * If no protocols are added to the proposals, the server not perform any + * switch. If the protocol selected from the proposals is the protocol + * already in place, also no protocol switch will be invoked. + * + * The client may already have announced the protocols it is willing to + * accept. These will then be listed as offers. This parameter may also + * be NULL, indicating that offers from the client are not known and + * the hooks should propose all protocols that are valid for the + * current connection/request. + * + * All hooks are run, unless one returns an error. Proposals may contain + * duplicates. The order in which proposals are added is usually ignored. + * + * @param c The current connection + * @param r The current request or NULL + * @param s The server/virtual host selected + * @param offers A list of protocol identifiers offered by the client or + * NULL to indicated that the hooks are free to propose + * @param proposals The list of protocol identifiers proposed by the hooks + * @return OK or DECLINED + */ +AP_DECLARE_HOOK(int,protocol_propose,(conn_rec *c, request_rec *r, + server_rec *s, + const apr_array_header_t *offers, + apr_array_header_t *proposals)) + +/** + * Perform a protocol switch on the connection. The exact requirements for + * that depend on the protocol in place and the one switched to. The first + * protocol module to handle the switch is the last module run. + * + * For a connection level switch (r == NULL), the handler must on return + * leave the conn_rec in a state suitable for processing the switched + * protocol, e.g. correct filters in place. + * + * For a request triggered switch (r != NULL), the protocol switch is done + * before the response is sent out. When switching from "http/1.1" via Upgrade + * header, the 101 intermediate response will have been sent. The + * hook needs then to process the connection until it can be closed. Which + * the server will enforce on hook return. + * Any error the hook might encounter must already be sent by the hook itself + * to the client in whatever form the new protocol requires. + * + * @param c The current connection + * @param r The current request or NULL + * @param s The server/virtual host selected + * @param choices A list of protocol identifiers, normally the clients whishes + * @param proposals the list of protocol identifiers proposed by the hooks + * @return OK or DECLINED + */ +AP_DECLARE_HOOK(int,protocol_switch,(conn_rec *c, request_rec *r, + server_rec *s, + const char *protocol)) + +/** + * Return the protocol used on the connection. Modules implementing + * protocol switching must register here and return the correct protocol + * identifier for connections they switched. + * + * To find out the protocol for the current connection, better call + * @see ap_get_protocol which internally uses this hook. + * + * @param c The current connection + * @return The identifier of the protocol in place or NULL + */ +AP_DECLARE_HOOK(const char *,protocol_get,(const conn_rec *c)) + +/** + * Select a protocol for the given connection and optional request. Will return + * the protocol identifier selected which may be the protocol already in place + * on the connection. The selected protocol will be NULL if non of the given + * choices could be agreed upon (e.g. no proposal as made). + * + * A special case is where the choices itself is NULL (instead of empty). In + * this case there are no restrictions imposed on protocol selection. + * + * @param c The current connection + * @param r The current request or NULL + * @param s The server/virtual host selected + * @param choices A list of protocol identifiers, normally the clients whishes + * @return The selected protocol or NULL if no protocol could be agreed upon + */ +AP_DECLARE(const char *) ap_select_protocol(conn_rec *c, request_rec *r, + server_rec *s, + const apr_array_header_t *choices); + +/** + * Perform the actual protocol switch. The protocol given must have been + * selected before on the very same connection and request pair. + * + * @param c The current connection + * @param r The current request or NULL + * @param s The server/virtual host selected + * @param protocol the protocol to switch to + * @return APR_SUCCESS, if caller may continue processing as usual + * APR_EOF, if caller needs to stop processing the connection + * APR_EINVAL, if the protocol is already in place + * APR_NOTIMPL, if no module performed the switch + * Other errors where appropriate + */ +AP_DECLARE(apr_status_t) ap_switch_protocol(conn_rec *c, request_rec *r, + server_rec *s, + const char *protocol); + +/** + * Call the protocol_get hook to determine the protocol currently in use + * for the given connection. + * + * Unless another protocol has been switch to, will default to + * @see AP_PROTOCOL_HTTP1 and modules implementing a new protocol must + * report a switched connection via the protocol_get hook. + * + * @param c The connection to determine the protocol for + * @return the protocol in use, never NULL + */ +AP_DECLARE(const char *) ap_get_protocol(conn_rec *c); + /** @see ap_bucket_type_error */ typedef struct ap_bucket_error ap_bucket_error; diff --git a/include/http_request.h b/include/http_request.h index fabb4c84..3d0b143e 100644 --- a/include/http_request.h +++ b/include/http_request.h @@ -315,7 +315,7 @@ AP_DECLARE(void) ap_allow_standard_methods(request_rec *r, int reset, ...); * the response to the client * @param r The current request */ -void ap_process_request(request_rec *r); +AP_DECLARE(void) ap_process_request(request_rec *r); /* For post-processing after a handler has finished with a request. * (Commonly used after it was suspended) diff --git a/include/httpd.h b/include/httpd.h index 64ab325d..4204cd04 100644 --- a/include/httpd.h +++ b/include/httpd.h @@ -518,6 +518,7 @@ AP_DECLARE(const char *) ap_get_server_built(void); #define HTTP_UNSUPPORTED_MEDIA_TYPE 415 #define HTTP_RANGE_NOT_SATISFIABLE 416 #define HTTP_EXPECTATION_FAILED 417 +#define HTTP_MISDIRECTED_REQUEST 421 #define HTTP_UNPROCESSABLE_ENTITY 422 #define HTTP_LOCKED 423 #define HTTP_FAILED_DEPENDENCY 424 @@ -1548,6 +1549,23 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t *p, const char *line, const char *t */ AP_DECLARE(int) ap_find_etag_strong(apr_pool_t *p, const char *line, const char *tok); +/** + * Retrieve an array of tokens in the format "1#token" defined in RFC2616. Only + * accepts ',' as a delimiter, does not accept quoted strings, and errors on + * any separator. + * @param p The pool to allocate from + * @param tok The line to read tokens from + * @param tokens Pointer to an array of tokens. If not NULL, must be an array + * of char*, otherwise it will be allocated on @a p when a token is found + * @param skip_invalid If true, when an invalid separator is encountered, it + * will be ignored. + * @return NULL on success, an error string otherwise. + * @remark *tokens may be NULL on output if NULL in input and no token is found + */ +AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, const char *tok, + apr_array_header_t **tokens, + int skip_invalid); + /** * Retrieve a token, spacing over it and adjusting the pointer to * the first non-white byte afterwards. Note that these tokens @@ -1644,7 +1662,7 @@ AP_DECLARE(char *) ap_escape_path_segment(apr_pool_t *p, const char *s); AP_DECLARE(char *) ap_escape_path_segment_buffer(char *c, const char *s); /** - * convert an OS path to a URL in an OS dependant way. + * convert an OS path to a URL in an OS dependent way. * @param p The pool to allocate from * @param path The path to convert * @param partial if set, assume that the path will be appended to something @@ -1769,7 +1787,7 @@ AP_DECLARE(char *) ap_make_dirstr_parent(apr_pool_t *p, const char *s); AP_DECLARE(char *) ap_make_full_path(apr_pool_t *a, const char *dir, const char *f); /** - * Test if the given path has an an absolute path. + * Test if the given path has an absolute path. * @param p The pool to allocate from * @param dir The directory name * @note The converse is not necessarily true, some OS's (Win32/OS2/Netware) have @@ -2265,6 +2283,28 @@ AP_DECLARE(char *) ap_get_exec_line(apr_pool_t *p, #define AP_NORESTART APR_OS_START_USEERR + 1 +/** + * Get the first index of the string in the array or -1 if not found. Start + * searching a start. + * @param array The array the check + * @param s The string to find + * @param start Start index for search. If start is out of bounds (negative or + equal to array length or greater), -1 will be returned. + * @return index of string in array or -1 + */ +AP_DECLARE(int) ap_array_str_index(const apr_array_header_t *array, + const char *s, + int start); + +/** + * Check if the string is member of the given array by strcmp. + * @param array The array the check + * @param s The string to find + * @return !=0 iff string is member of array (via strcmp) + */ +AP_DECLARE(int) ap_array_str_contains(const apr_array_header_t *array, + const char *s); + #ifdef __cplusplus } #endif diff --git a/include/scoreboard.h b/include/scoreboard.h index d218545a..99d6ba74 100644 --- a/include/scoreboard.h +++ b/include/scoreboard.h @@ -142,6 +142,7 @@ struct process_score { apr_uint32_t lingering_close; /* async connections in lingering close */ apr_uint32_t keep_alive; /* async connections in keep alive */ apr_uint32_t suspended; /* connections suspended by some module */ + int bucket; /* Listener bucket used by this child */ }; /* Scoreboard is now in 'local' memory, since it isn't updated once created, diff --git a/modules/NWGNUmakefile b/modules/NWGNUmakefile index 6e8113d4..337d6f6d 100644 --- a/modules/NWGNUmakefile +++ b/modules/NWGNUmakefile @@ -5,7 +5,8 @@ # variable WITH_SSL=1 # To build with the mod_lua module set the environment # variable WITH_LUA=1 - +# To build with the mod_http2 module set the environment +# variable WITH_HTTP2=1 # # Check if LDAP is enabled in APR-UTIL # @@ -72,6 +73,13 @@ SUBDIRS += lua endif endif +# Allow the mod_http2 module to be built if WITH_HTTP2 is defined +ifeq "$(WITH_HTTP2)" "1" +ifneq "$(NGH2SRC)" "" +SUBDIRS += http2 +endif +endif + # Allow the experimental modules to be built if WITH_EXPERIMENTAL is defined ifeq "$(WITH_EXPERIMENTAL)" "1" SUBDIRS += experimental diff --git a/modules/README b/modules/README index f11ad42f..2dee0795 100644 --- a/modules/README +++ b/modules/README @@ -41,6 +41,9 @@ generators/ http/ This directory houses modules that basic HTTP protocol implementation. +http2/ + This directory houses modules that provide HTTP/2 protocol implementation. + loggers/ This directory houses modules that handle logging functions. diff --git a/modules/aaa/mod_authn_core.c b/modules/aaa/mod_authn_core.c index 1f1163ec..7af12655 100644 --- a/modules/aaa/mod_authn_core.c +++ b/modules/aaa/mod_authn_core.c @@ -108,7 +108,7 @@ static authn_status authn_alias_check_password(request_rec *r, const char *user, const char *password) { /* Look up the provider alias in the alias list */ - /* Get the the dir_config and call ap_Merge_per_dir_configs() */ + /* Get the dir_config and call ap_Merge_per_dir_configs() */ /* Call the real provider->check_password() function */ /* return the result of the above function call */ @@ -140,7 +140,7 @@ static authn_status authn_alias_get_realm_hash(request_rec *r, const char *user, const char *realm, char **rethash) { /* Look up the provider alias in the alias list */ - /* Get the the dir_config and call ap_Merge_per_dir_configs() */ + /* Get the dir_config and call ap_Merge_per_dir_configs() */ /* Call the real provider->get_realm_hash() function */ /* return the result of the above function call */ diff --git a/modules/aaa/mod_authz_core.c b/modules/aaa/mod_authz_core.c index d70e6965..b669c8c8 100644 --- a/modules/aaa/mod_authz_core.c +++ b/modules/aaa/mod_authz_core.c @@ -196,7 +196,7 @@ static authz_status authz_alias_check_authorization(request_rec *r, authz_status ret = AUTHZ_DENIED; /* Look up the provider alias in the alias list. - * Get the the dir_config and call ap_Merge_per_dir_configs() + * Get the dir_config and call ap_Merge_per_dir_configs() * Call the real provider->check_authorization() function * return the result of the above function call */ diff --git a/modules/aaa/mod_authz_dbd.c b/modules/aaa/mod_authz_dbd.c index a165eb0e..628a165d 100644 --- a/modules/aaa/mod_authz_dbd.c +++ b/modules/aaa/mod_authz_dbd.c @@ -126,6 +126,13 @@ static int authz_dbd_login(request_rec *r, authz_dbd_cfg *cfg, "No query configured for %s!", action); return HTTP_INTERNAL_SERVER_ERROR; } + if (dbd == NULL) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02902) + "No db handle available for %s! " + "Check your database access", + action); + return HTTP_INTERNAL_SERVER_ERROR; + } query = apr_hash_get(dbd->prepared, cfg->query, APR_HASH_KEY_STRING); if (query == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01643) @@ -212,6 +219,12 @@ static int authz_dbd_group_query(request_rec *r, authz_dbd_cfg *cfg, "No query configured for dbd-group!"); return HTTP_INTERNAL_SERVER_ERROR; } + if (dbd == NULL) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02903) + "No db handle available for dbd-query! " + "Check your database access"); + return HTTP_INTERNAL_SERVER_ERROR; + } query = apr_hash_get(dbd->prepared, cfg->query, APR_HASH_KEY_STRING); if (query == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01650) diff --git a/modules/arch/netware/mod_netware.c b/modules/arch/netware/mod_netware.c index b34a5222..f873827e 100644 --- a/modules/arch/netware/mod_netware.c +++ b/modules/arch/netware/mod_netware.c @@ -137,8 +137,9 @@ static apr_status_t ap_cgi_build_command(const char **cmd, const char ***argv, } /* eliminate the '.' if there is one */ - if (*ext == '.') + if (*ext == '.') { ++ext; + } /* check if we have a registered command for the extension*/ new_cmd = apr_table_get(d->file_type_handlers, ext); @@ -154,8 +155,9 @@ static apr_status_t ap_cgi_build_command(const char **cmd, const char ***argv, *cmd = apr_pstrcat (p, new_cmd, " ", cmd_only, NULL); /* Run in its own address space if specified */ - if(apr_table_get(d->file_handler_mode, ext)) + if (apr_table_get(d->file_handler_mode, ext)) { e_info->addrspace = 1; + } } /* Tokenize the full command string into its arguments */ diff --git a/modules/arch/win32/mod_isapi.c b/modules/arch/win32/mod_isapi.c index ce0875a5..ec0d35e7 100644 --- a/modules/arch/win32/mod_isapi.c +++ b/modules/arch/win32/mod_isapi.c @@ -1415,7 +1415,7 @@ static apr_status_t isapi_handler (request_rec *r) apr_uint32_t read; int res; - if(strcmp(r->handler, "isapi-isa") + if (strcmp(r->handler, "isapi-isa") && strcmp(r->handler, "isapi-handler")) { /* Hang on to the isapi-isa for compatibility with older docs * (wtf did '-isa' mean in the first place?) but introduce diff --git a/modules/cache/NWGNUcach_socache b/modules/cache/NWGNUcach_socache index f7ed0e43..68b3cd9f 100644 --- a/modules/cache/NWGNUcach_socache +++ b/modules/cache/NWGNUcach_socache @@ -26,6 +26,7 @@ XINCDIRS += \ $(APR)/include \ $(APRUTIL)/include \ $(SRC)/include \ + $(STDMOD)/generators \ $(SERVER)/mpm/netware \ $(NWOS) \ $(EOLIST) diff --git a/modules/cache/NWGNUsocachdbm b/modules/cache/NWGNUsocachdbm index dc06af7d..f6739242 100644 --- a/modules/cache/NWGNUsocachdbm +++ b/modules/cache/NWGNUsocachdbm @@ -28,6 +28,7 @@ XINCDIRS += \ $(AP_WORK)/include \ $(AP_WORK)/server/mpm/netware \ $(NWOS) \ + $(STDMOD)/generators \ $(EOLIST) # diff --git a/modules/cache/NWGNUsocachshmcb b/modules/cache/NWGNUsocachshmcb index 8f11c4b6..bc1850ed 100644 --- a/modules/cache/NWGNUsocachshmcb +++ b/modules/cache/NWGNUsocachshmcb @@ -28,6 +28,7 @@ XINCDIRS += \ $(AP_WORK)/include \ $(AP_WORK)/server/mpm/netware \ $(NWOS) \ + $(STDMOD)/generators \ $(EOLIST) # diff --git a/modules/cache/cache_storage.c b/modules/cache/cache_storage.c index 234eb9bb..59d12aca 100644 --- a/modules/cache/cache_storage.c +++ b/modules/cache/cache_storage.c @@ -50,7 +50,7 @@ int cache_remove_url(cache_request_rec *cache, request_rec *r) "cache: Removing url %s from the cache", h->cache_obj->key); /* for each specified cache type, delete the URL */ - while(list) { + while (list) { list->provider->remove_url(h, r); list = list->next; } diff --git a/modules/cache/cache_util.c b/modules/cache/cache_util.c index b7454ad6..070a5f0d 100644 --- a/modules/cache/cache_util.c +++ b/modules/cache/cache_util.c @@ -1254,7 +1254,6 @@ apr_table_t *cache_merge_headers_out(request_rec *r) headers_out = apr_table_overlay(r->pool, r->headers_out, r->err_headers_out); - apr_table_clear(r->err_headers_out); if (r->content_type && !apr_table_get(headers_out, "Content-Type")) { diff --git a/modules/cache/cache_util.h b/modules/cache/cache_util.h index 5f296bc7..59436c42 100644 --- a/modules/cache/cache_util.h +++ b/modules/cache/cache_util.h @@ -264,7 +264,7 @@ int cache_check_freshness(cache_handle_t *h, cache_request_rec *cache, * Try obtain a cache wide lock on the given cache key. * * If we return APR_SUCCESS, we obtained the lock, and we are clear to - * proceed to the backend. If we return APR_EEXISTS, the the lock is + * proceed to the backend. If we return APR_EEXISTS, then the lock is * already locked, someone else has gone to refresh the backend data * already, so we must return stale data with a warning in the mean * time. If we return anything else, then something has gone pear diff --git a/modules/cache/config.m4 b/modules/cache/config.m4 index b9799b76..8115094d 100644 --- a/modules/cache/config.m4 +++ b/modules/cache/config.m4 @@ -34,7 +34,7 @@ dnl dnl Configure for the detected distcache installation, giving dnl preference to "--with-distcache=" if it was specified. dnl -AC_DEFUN(APACHE_CHECK_DISTCACHE,[ +AC_DEFUN([APACHE_CHECK_DISTCACHE],[ if test "x$ap_distcache_configured" = "x"; then dnl initialise the variables we use ap_distcache_found="" diff --git a/modules/cache/mod_cache.c b/modules/cache/mod_cache.c index b95f0a8a..091d5270 100644 --- a/modules/cache/mod_cache.c +++ b/modules/cache/mod_cache.c @@ -1452,6 +1452,7 @@ static apr_status_t cache_save_filter(ap_filter_t *f, apr_bucket_brigade *in) * forward all of them to the client, including non-cacheable ones). */ r->headers_out = cache_merge_headers_out(r); + apr_table_clear(r->err_headers_out); /* Merge in our cached headers. However, keep any updated values. */ /* take output, overlay on top of cached */ diff --git a/modules/cache/mod_cache_disk.c b/modules/cache/mod_cache_disk.c index ddf64314..14dee81f 100644 --- a/modules/cache/mod_cache_disk.c +++ b/modules/cache/mod_cache_disk.c @@ -185,7 +185,8 @@ static apr_status_t file_cache_el_final(disk_cache_conf *conf, disk_cache_file_t return rv; } -static apr_status_t file_cache_temp_cleanup(void *dummy) { +static apr_status_t file_cache_temp_cleanup(void *dummy) +{ disk_cache_file_t *file = (disk_cache_file_t *)dummy; /* clean up the temporary file */ @@ -293,7 +294,7 @@ static const char* regen_key(apr_pool_t *p, apr_table_t *headers, * quoted-string expectation-extensions. */ - for(i=0, k=0; i < varray->nelts; i++) { + for (i=0, k=0; i < varray->nelts; i++) { header = apr_table_get(headers, elts[i]); if (!header) { header = ""; @@ -738,7 +739,7 @@ static apr_status_t read_array(request_rec *r, apr_array_header_t* arr, break; } - *((const char **) apr_array_push(arr)) = apr_pstrdup(r->pool, w); + *((const char **) apr_array_push(arr)) = apr_pstrdup(r->pool, w); } return APR_SUCCESS; @@ -1045,7 +1046,7 @@ static apr_status_t write_headers(cache_handle_t *h, request_rec *r) APR_BUFFERED | APR_EXCL, dobj->hdrs.pool); if (rv != APR_SUCCESS) { - ap_log_rerror(APLOG_MARK, APLOG_WARNING, rv, r, APLOGNO(00725) + ap_log_rerror(APLOG_MARK, APLOG_WARNING, rv, r, APLOGNO(00725) "could not create header file %s", dobj->hdrs.tempfile); return rv; @@ -1332,7 +1333,7 @@ static apr_status_t commit_entity(cache_handle_t *h, request_rec *r) if (!dobj->disk_info.header_only) { rv = file_cache_el_final(conf, &dobj->data, r); } - else if (dobj->data.file){ + else if (dobj->data.file) { rv = apr_file_remove(dobj->data.file, dobj->data.pool); } } @@ -1382,7 +1383,8 @@ static void *create_dir_config(apr_pool_t *p, char *dummy) return dconf; } -static void *merge_dir_config(apr_pool_t *p, void *basev, void *addv) { +static void *merge_dir_config(apr_pool_t *p, void *basev, void *addv) +{ disk_cache_dir_conf *new = (disk_cache_dir_conf *) apr_pcalloc(p, sizeof(disk_cache_dir_conf)); disk_cache_dir_conf *add = (disk_cache_dir_conf *) addv; disk_cache_dir_conf *base = (disk_cache_dir_conf *) basev; diff --git a/modules/cache/mod_cache_socache.c b/modules/cache/mod_cache_socache.c index c5b49ab9..6761bf7e 100644 --- a/modules/cache/mod_cache_socache.c +++ b/modules/cache/mod_cache_socache.c @@ -191,7 +191,6 @@ static apr_status_t read_table(cache_handle_t *handle, request_rec *r, apr_size_t *slider) { apr_size_t key = *slider, colon = 0, len = 0; - ; while (*slider < buffer_len) { if (buffer[*slider] == ':') { diff --git a/modules/cache/mod_socache_memcache.c b/modules/cache/mod_socache_memcache.c index 8cabd8a5..e1fb2357 100644 --- a/modules/cache/mod_socache_memcache.c +++ b/modules/cache/mod_socache_memcache.c @@ -51,9 +51,15 @@ #endif #ifndef MC_DEFAULT_SERVER_TTL -#define MC_DEFAULT_SERVER_TTL 600 +#define MC_DEFAULT_SERVER_TTL apr_time_from_sec(15) #endif +module AP_MODULE_DECLARE_DATA socache_memcache_module; + +typedef struct { + apr_uint32_t ttl; +} socache_mc_svr_cfg; + struct ap_socache_instance_t { const char *servers; apr_memcache_t *mc; @@ -90,6 +96,9 @@ static apr_status_t socache_mc_init(ap_socache_instance_t *ctx, char *split; char *tok; + socache_mc_svr_cfg *sconf = ap_get_module_config(s->module_config, + &socache_memcache_module); + ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit); /* Find all the servers in the first run to get a total count */ @@ -140,7 +149,7 @@ static apr_status_t socache_mc_init(ap_socache_instance_t *ctx, MC_DEFAULT_SERVER_MIN, MC_DEFAULT_SERVER_SMAX, thread_limit, - MC_DEFAULT_SERVER_TTL, + sconf->ttl, &st); if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s, APLOGNO(00788) @@ -304,6 +313,38 @@ static const ap_socache_provider_t socache_mc = { #endif /* HAVE_APU_MEMCACHE */ +static void *create_server_config(apr_pool_t *p, server_rec *s) +{ + socache_mc_svr_cfg *sconf = apr_pcalloc(p, sizeof(socache_mc_svr_cfg)); + + sconf->ttl = MC_DEFAULT_SERVER_TTL; + + return sconf; +} + +static const char *socache_mc_set_ttl(cmd_parms *cmd, void *dummy, + const char *arg) +{ + apr_interval_time_t ttl; + socache_mc_svr_cfg *sconf = ap_get_module_config(cmd->server->module_config, + &socache_memcache_module); + + if (ap_timeout_parameter_parse(arg, &ttl, "s") != APR_SUCCESS) { + return apr_pstrcat(cmd->pool, cmd->cmd->name, + " has wrong format", NULL); + } + + if ((ttl < apr_time_from_sec(0)) || (ttl > apr_time_from_sec(3600))) { + return apr_pstrcat(cmd->pool, cmd->cmd->name, + " can only be 0 or up to one hour.", NULL); + } + + /* apr_memcache_server_create needs a ttl in usec. */ + sconf->ttl = ttl; + + return NULL; +} + static void register_hooks(apr_pool_t *p) { #ifdef HAVE_APU_MEMCACHE @@ -313,8 +354,18 @@ static void register_hooks(apr_pool_t *p) #endif } +static const command_rec socache_memcache_cmds[] = { + AP_INIT_TAKE1("MemcacheConnTTL", socache_mc_set_ttl, NULL, RSRC_CONF, + "TTL used for the connection with the memcache server(s)"), + { NULL } +}; + AP_DECLARE_MODULE(socache_memcache) = { STANDARD20_MODULE_STUFF, - NULL, NULL, NULL, NULL, NULL, - register_hooks + NULL, /* create per-dir config structures */ + NULL, /* merge per-dir config structures */ + create_server_config, /* create per-server config structures */ + NULL, /* merge per-server config structures */ + socache_memcache_cmds, /* table of config file commands */ + register_hooks /* register hooks */ }; diff --git a/modules/core/mod_macro.c b/modules/core/mod_macro.c index 6b724eb2..ec484ac9 100644 --- a/modules/core/mod_macro.c +++ b/modules/core/mod_macro.c @@ -14,10 +14,6 @@ * limitations under the License. */ -/* - $Id: mod_macro.c 1663260 2015-03-02 11:12:18Z jim $ -*/ - #include "httpd.h" #include "http_config.h" #include "http_log.h" diff --git a/modules/core/test/Makefile b/modules/core/test/Makefile old mode 100755 new mode 100644 index 8ebb1a9e..bd2a6cb0 --- a/modules/core/test/Makefile +++ b/modules/core/test/Makefile @@ -1,6 +1,4 @@ # -# $Id: Makefile 1435811 2013-01-20 10:07:44Z fabien $ -# # mod_macro non regression tests # where is apache diff --git a/modules/core/test/conf/test01.conf b/modules/core/test/conf/test01.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test02.conf b/modules/core/test/conf/test02.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test03.conf b/modules/core/test/conf/test03.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test04.conf b/modules/core/test/conf/test04.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test05.conf b/modules/core/test/conf/test05.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test06.conf b/modules/core/test/conf/test06.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test07.conf b/modules/core/test/conf/test07.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test08.conf b/modules/core/test/conf/test08.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test09.conf b/modules/core/test/conf/test09.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test10.conf b/modules/core/test/conf/test10.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test11.conf b/modules/core/test/conf/test11.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test12.conf b/modules/core/test/conf/test12.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test13.conf b/modules/core/test/conf/test13.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test14.conf b/modules/core/test/conf/test14.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test15.conf b/modules/core/test/conf/test15.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test16.conf b/modules/core/test/conf/test16.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test17.conf b/modules/core/test/conf/test17.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test18.conf b/modules/core/test/conf/test18.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test19.conf b/modules/core/test/conf/test19.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test20.conf b/modules/core/test/conf/test20.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test21.conf b/modules/core/test/conf/test21.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test22.conf b/modules/core/test/conf/test22.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test23.conf b/modules/core/test/conf/test23.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test24.conf b/modules/core/test/conf/test24.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test25.conf b/modules/core/test/conf/test25.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test26.conf b/modules/core/test/conf/test26.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test27.conf b/modules/core/test/conf/test27.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test28.conf b/modules/core/test/conf/test28.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test29.conf b/modules/core/test/conf/test29.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test30.conf b/modules/core/test/conf/test30.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test31.conf b/modules/core/test/conf/test31.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test32.conf b/modules/core/test/conf/test32.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test33.conf b/modules/core/test/conf/test33.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test34.conf b/modules/core/test/conf/test34.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test35.conf b/modules/core/test/conf/test35.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test36.conf b/modules/core/test/conf/test36.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test37.conf b/modules/core/test/conf/test37.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test38.conf b/modules/core/test/conf/test38.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test39.conf b/modules/core/test/conf/test39.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test40.conf b/modules/core/test/conf/test40.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test41.conf b/modules/core/test/conf/test41.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test42.conf b/modules/core/test/conf/test42.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test43.conf b/modules/core/test/conf/test43.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test44.conf b/modules/core/test/conf/test44.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test45.conf b/modules/core/test/conf/test45.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test46.conf b/modules/core/test/conf/test46.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test47.conf b/modules/core/test/conf/test47.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test48.conf b/modules/core/test/conf/test48.conf old mode 100755 new mode 100644 diff --git a/modules/core/test/conf/test53.conf b/modules/core/test/conf/test53.conf old mode 100755 new mode 100644 diff --git a/modules/dav/lock/locks.c b/modules/dav/lock/locks.c index ccf972d3..17b9ee69 100644 --- a/modules/dav/lock/locks.c +++ b/modules/dav/lock/locks.c @@ -465,11 +465,11 @@ static dav_error * dav_generic_save_lock_record(dav_lockdb *lockdb, return NULL; } - while(dp) { + while (dp) { val.dsize += dav_size_direct(dp); dp = dp->next; } - while(ip) { + while (ip) { val.dsize += dav_size_indirect(ip); ip = ip->next; } @@ -480,7 +480,7 @@ static dav_error * dav_generic_save_lock_record(dav_lockdb *lockdb, dp = direct; ip = indirect; - while(dp) { + while (dp) { /* Direct lock - lock_discovery struct follows */ *ptr++ = DAV_LOCK_DIRECT; memcpy(ptr, dp, sizeof(dp->f)); /* Fixed portion of struct */ @@ -505,7 +505,7 @@ static dav_error * dav_generic_save_lock_record(dav_lockdb *lockdb, dp = dp->next; } - while(ip) { + while (ip) { /* Indirect lock prefix */ *ptr++ = DAV_LOCK_INDIRECT; diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c index 2319549a..cd45ef94 100644 --- a/modules/dav/main/mod_dav.c +++ b/modules/dav/main/mod_dav.c @@ -254,7 +254,7 @@ static const char *dav_cmd_dav(cmd_parms *cmd, void *config, const char *arg1) conf->provider = NULL; } else { - conf->provider_name = apr_pstrdup(cmd->pool, arg1); + conf->provider_name = arg1; } if (conf->provider_name != NULL) { diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c index 3d4b1ec3..8d4f64a2 100644 --- a/modules/dav/main/util.c +++ b/modules/dav/main/util.c @@ -1823,10 +1823,11 @@ DAV_DECLARE(void) dav_add_vary_header(request_rec *in_req, * so only do this check if there is a versioning provider */ if (vsn_hooks != NULL) { const char *target = apr_table_get(in_req->headers_in, DAV_LABEL_HDR); - const char *vary = apr_table_get(out_req->headers_out, "Vary"); /* If Target-Selector specified, add it to the Vary header */ if (target != NULL) { + const char *vary = apr_table_get(out_req->headers_out, "Vary"); + if (vary == NULL) vary = DAV_LABEL_HDR; else diff --git a/modules/examples/mod_case_filter_in.c b/modules/examples/mod_case_filter_in.c index 7200765b..5116e3b9 100644 --- a/modules/examples/mod_case_filter_in.c +++ b/modules/examples/mod_case_filter_in.c @@ -99,7 +99,7 @@ static apr_status_t CaseFilterInFilter(ap_filter_t *f, * for a file or socket buffer, for example... */ - if(APR_BUCKET_IS_EOS(pbktIn)) { + if (APR_BUCKET_IS_EOS(pbktIn)) { APR_BUCKET_REMOVE(pbktIn); APR_BRIGADE_INSERT_TAIL(pbbOut, pbktIn); break; diff --git a/modules/filters/config.m4 b/modules/filters/config.m4 index abcec1bd..60917eda 100644 --- a/modules/filters/config.m4 +++ b/modules/filters/config.m4 @@ -96,7 +96,7 @@ APACHE_MODULE(deflate, Deflate transfer encoding support, , , most, [ fi ]) -AC_DEFUN(FIND_LIBXML2, [ +AC_DEFUN([FIND_LIBXML2], [ AC_CACHE_CHECK([for libxml2], [ac_cv_libxml2], [ AC_ARG_WITH(libxml2, [APACHE_HELP_STRING(--with-libxml2=PATH,location for libxml2)], diff --git a/modules/filters/mod_buffer.c b/modules/filters/mod_buffer.c index 8140af5d..203e6724 100644 --- a/modules/filters/mod_buffer.c +++ b/modules/filters/mod_buffer.c @@ -52,7 +52,8 @@ typedef struct buffer_ctx { /** * Buffer buckets being written to the output filter stack. */ -static apr_status_t buffer_out_filter(ap_filter_t *f, apr_bucket_brigade *bb) { +static apr_status_t buffer_out_filter(ap_filter_t *f, apr_bucket_brigade *bb) +{ apr_bucket *e; request_rec *r = f->r; buffer_ctx *ctx = f->ctx; @@ -74,7 +75,6 @@ static apr_status_t buffer_out_filter(ap_filter_t *f, apr_bucket_brigade *bb) { ctx = f->ctx = apr_pcalloc(r->pool, sizeof(*ctx)); ctx->bb = apr_brigade_create(r->pool, f->c->bucket_alloc); ctx->conf = ap_get_module_config(f->r->per_dir_config, &buffer_module); - } /* Do nothing if asked to filter nothing. */ @@ -187,7 +187,8 @@ static apr_status_t buffer_out_filter(ap_filter_t *f, apr_bucket_brigade *bb) { * Buffer buckets being read from the input filter stack. */ static apr_status_t buffer_in_filter(ap_filter_t *f, apr_bucket_brigade *bb, - ap_input_mode_t mode, apr_read_type_e block, apr_off_t readbytes) { + ap_input_mode_t mode, apr_read_type_e block, apr_off_t readbytes) +{ apr_bucket *e, *after; apr_status_t rv; buffer_ctx *ctx = f->ctx; @@ -294,7 +295,8 @@ static apr_status_t buffer_in_filter(ap_filter_t *f, apr_bucket_brigade *bb, return APR_SUCCESS; } -static void *create_buffer_config(apr_pool_t *p, char *dummy) { +static void *create_buffer_config(apr_pool_t *p, char *dummy) +{ buffer_conf *new = (buffer_conf *) apr_pcalloc(p, sizeof(buffer_conf)); new->size_set = 0; /* unset */ @@ -303,7 +305,8 @@ static void *create_buffer_config(apr_pool_t *p, char *dummy) { return (void *) new; } -static void *merge_buffer_config(apr_pool_t *p, void *basev, void *addv) { +static void *merge_buffer_config(apr_pool_t *p, void *basev, void *addv) +{ buffer_conf *new = (buffer_conf *) apr_pcalloc(p, sizeof(buffer_conf)); buffer_conf *add = (buffer_conf *) addv; buffer_conf *base = (buffer_conf *) basev; @@ -314,7 +317,8 @@ static void *merge_buffer_config(apr_pool_t *p, void *basev, void *addv) { return new; } -static const char *set_buffer_size(cmd_parms *cmd, void *dconf, const char *arg) { +static const char *set_buffer_size(cmd_parms *cmd, void *dconf, const char *arg) +{ buffer_conf *conf = dconf; if (APR_SUCCESS != apr_strtoff(&(conf->size), arg, NULL, 10) || conf->size @@ -330,7 +334,8 @@ static const command_rec buffer_cmds[] = { AP_INIT_TAKE1("BufferSize", set_buffer_size, NULL, ACCESS_CONF, "Maximum size of the buffer used by the buffer filter"), { NULL } }; -static void register_hooks(apr_pool_t *p) { +static void register_hooks(apr_pool_t *p) +{ ap_register_output_filter(bufferFilterName, buffer_out_filter, NULL, AP_FTYPE_CONTENT_SET); ap_register_input_filter(bufferFilterName, buffer_in_filter, NULL, diff --git a/modules/filters/mod_charset_lite.c b/modules/filters/mod_charset_lite.c index e05517b8..d991c12b 100644 --- a/modules/filters/mod_charset_lite.c +++ b/modules/filters/mod_charset_lite.c @@ -1026,7 +1026,7 @@ static apr_status_t xlate_in_filter(ap_filter_t *f, apr_bucket_brigade *bb, * Content-Length can't be unset here because that would break * being able to read the request body. * Processing of chunked request bodies is not impacted by this - * filter since the the length was not declared anyway. + * filter since the length was not declared anyway. */ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, f->r, "Request body length may change, resulting in " diff --git a/modules/filters/mod_deflate.c b/modules/filters/mod_deflate.c index 0b38e9a3..60a136c0 100644 --- a/modules/filters/mod_deflate.c +++ b/modules/filters/mod_deflate.c @@ -62,9 +62,9 @@ typedef struct deflate_filter_config_t int memlevel; int compressionlevel; apr_size_t bufferSize; - char *note_ratio_name; - char *note_input_name; - char *note_output_name; + const char *note_ratio_name; + const char *note_input_name; + const char *note_output_name; } deflate_filter_config; typedef struct deflate_dirconf_t { @@ -261,16 +261,16 @@ static const char *deflate_set_note(cmd_parms *cmd, void *dummy, &deflate_module); if (arg2 == NULL) { - c->note_ratio_name = apr_pstrdup(cmd->pool, arg1); + c->note_ratio_name = arg1; } else if (!strcasecmp(arg1, "ratio")) { - c->note_ratio_name = apr_pstrdup(cmd->pool, arg2); + c->note_ratio_name = arg2; } else if (!strcasecmp(arg1, "input")) { - c->note_input_name = apr_pstrdup(cmd->pool, arg2); + c->note_input_name = arg2; } else if (!strcasecmp(arg1, "output")) { - c->note_output_name = apr_pstrdup(cmd->pool, arg2); + c->note_output_name = arg2; } else { return apr_psprintf(cmd->pool, "Unknown note type %s", arg1); diff --git a/modules/filters/mod_ext_filter.c b/modules/filters/mod_ext_filter.c index 4f97acae..9f183f69 100644 --- a/modules/filters/mod_ext_filter.c +++ b/modules/filters/mod_ext_filter.c @@ -635,7 +635,7 @@ static apr_status_t init_filter_instance(ap_filter_t *f) /* drain_available_output(): * * if any data is available from the filter, read it and append it - * to the the bucket brigade + * to the bucket brigade */ static apr_status_t drain_available_output(ap_filter_t *f, apr_bucket_brigade *bb) diff --git a/modules/filters/mod_filter.c b/modules/filters/mod_filter.c index bd2cf7ac..d3a8b2be 100644 --- a/modules/filters/mod_filter.c +++ b/modules/filters/mod_filter.c @@ -351,7 +351,7 @@ static const char *filter_protocol(cmd_parms *cmd, void *CFG, const char *fname, } else { /* Find provider */ - for (provider = filter->providers; provider; provider = provider->next){ + for (provider = filter->providers; provider; provider = provider->next) { if (!strcasecmp(provider->frec->name, pname)) { break; } diff --git a/modules/filters/mod_include.c b/modules/filters/mod_include.c index e8d8ea78..843da952 100644 --- a/modules/filters/mod_include.c +++ b/modules/filters/mod_include.c @@ -1949,7 +1949,7 @@ static apr_status_t handle_echo(include_ctx_t *ctx, ap_filter_t *f, d = apr_pstrdup(ctx->pool, decoding); token = apr_strtok(d, ", \t", &last); - while(token) { + while (token) { if (!strcasecmp(token, "none")) { /* do nothing */ } @@ -1985,7 +1985,7 @@ static apr_status_t handle_echo(include_ctx_t *ctx, ap_filter_t *f, e = apr_pstrdup(ctx->pool, encoding); token = apr_strtok(e, ", \t", &last); - while(token) { + while (token) { if (!strcasecmp(token, "none")) { /* do nothing */ } @@ -2587,7 +2587,7 @@ static apr_status_t handle_set(include_ctx_t *ctx, ap_filter_t *f, d = apr_pstrdup(ctx->pool, decoding); token = apr_strtok(d, ", \t", &last); - while(token) { + while (token) { if (!strcasecmp(token, "none")) { /* do nothing */ } @@ -2623,7 +2623,7 @@ static apr_status_t handle_set(include_ctx_t *ctx, ap_filter_t *f, e = apr_pstrdup(ctx->pool, encoding); token = apr_strtok(e, ", \t", &last); - while(token) { + while (token) { if (!strcasecmp(token, "none")) { /* do nothing */ } @@ -3725,7 +3725,7 @@ static apr_status_t send_parsed_content(ap_filter_t *f, apr_bucket_brigade *bb) } /* switch(ctx->state) */ - } /* while(brigade) */ + } /* while (brigade) */ /* End of stream. Final cleanup */ if (intern->seen_eos) { @@ -4138,13 +4138,13 @@ static const char *set_default_time_fmt(cmd_parms *cmd, void *mconfig, */ static int include_post_config(apr_pool_t *p, apr_pool_t *plog, - apr_pool_t *ptemp, server_rec *s) + apr_pool_t *ptemp, server_rec *s) { include_handlers = apr_hash_make(p); ssi_pfn_register = APR_RETRIEVE_OPTIONAL_FN(ap_register_include_handler); - if(ssi_pfn_register) { + if (ssi_pfn_register) { ssi_pfn_register("if", handle_if); ssi_pfn_register("set", handle_set); ssi_pfn_register("else", handle_else); diff --git a/modules/filters/mod_reqtimeout.c b/modules/filters/mod_reqtimeout.c index bc778996..206e6217 100644 --- a/modules/filters/mod_reqtimeout.c +++ b/modules/filters/mod_reqtimeout.c @@ -479,7 +479,8 @@ static void *reqtimeout_merge_srv_config(apr_pool_t *p, void *base_, void *add_) return cfg; } -static const char *parse_int(apr_pool_t *p, const char *arg, int *val) { +static const char *parse_int(apr_pool_t *p, const char *arg, int *val) +{ char *endptr; *val = strtol(arg, &endptr, 10); diff --git a/modules/filters/mod_request.c b/modules/filters/mod_request.c index 9cbde0a9..21db7de3 100644 --- a/modules/filters/mod_request.c +++ b/modules/filters/mod_request.c @@ -178,7 +178,8 @@ typedef struct kept_body_filter_ctx { * been removed from the body during storage. We need to change the request * from Transfer-Encoding: chunked to an explicit Content-Length. */ -static int kept_body_filter_init(ap_filter_t *f) { +static int kept_body_filter_init(ap_filter_t *f) +{ apr_off_t length = 0; request_rec *r = f->r; apr_bucket_brigade *kept_body = r->kept_body; diff --git a/modules/filters/mod_sed.c b/modules/filters/mod_sed.c index dd776c48..c49bad28 100644 --- a/modules/filters/mod_sed.c +++ b/modules/filters/mod_sed.c @@ -312,7 +312,7 @@ static apr_status_t sed_response_filter(ap_filter_t *f, * evaluation is allocated on request's pool so it will be cleared once * request is over. * - * If flush bucket is found then append the the flush bucket to ctx->bb + * If flush bucket is found then append the flush bucket to ctx->bb * and pass it to next filter. There may be some data which will still be * in sed's internal buffer which can't be flushed until new line * character is arrived. @@ -424,7 +424,7 @@ static apr_status_t sed_request_filter(ap_filter_t *f, * the buckets in bbinp and read the data from buckets and invoke * sed_eval_buffer on the data. libsed will generate its output using * sed_write_output which will add data in ctx->bb. Do it until it have - * atleast one bucket bucket in ctx->bb. At the end of data eos bucket + * atleast one bucket in ctx->bb. At the end of data eos bucket * should be there. * * Once eos bucket is seen, then invoke sed_finalize_eval to clear the diff --git a/modules/filters/mod_substitute.c b/modules/filters/mod_substitute.c index 9326348c..59f5bf3e 100644 --- a/modules/filters/mod_substitute.c +++ b/modules/filters/mod_substitute.c @@ -57,6 +57,7 @@ typedef struct { apr_array_header_t *patterns; apr_size_t max_line_length; int max_line_length_set; + int inherit_before; } subst_dir_conf; typedef struct { @@ -70,26 +71,43 @@ typedef struct { static void *create_substitute_dcfg(apr_pool_t *p, char *d) { subst_dir_conf *dcfg = - (subst_dir_conf *) apr_pcalloc(p, sizeof(subst_dir_conf)); + (subst_dir_conf *) apr_palloc(p, sizeof(subst_dir_conf)); dcfg->patterns = apr_array_make(p, 10, sizeof(subst_pattern_t)); dcfg->max_line_length = AP_SUBST_MAX_LINE_LENGTH; + dcfg->max_line_length_set = 0; + dcfg->inherit_before = -1; return dcfg; } static void *merge_substitute_dcfg(apr_pool_t *p, void *basev, void *overv) { subst_dir_conf *a = - (subst_dir_conf *) apr_pcalloc(p, sizeof(subst_dir_conf)); + (subst_dir_conf *) apr_palloc(p, sizeof(subst_dir_conf)); subst_dir_conf *base = (subst_dir_conf *) basev; subst_dir_conf *over = (subst_dir_conf *) overv; - a->patterns = apr_array_append(p, over->patterns, - base->patterns); + a->inherit_before = (over->inherit_before != -1) + ? over->inherit_before + : base->inherit_before; + /* SubstituteInheritBefore wasn't the default behavior until 2.5.x, + * and may be re-disabled as desired; the original default behavior + * was to apply inherited subst patterns after locally scoped patterns. + * In later 2.2 and 2.4 versions, SubstituteInheritBefore may be toggled + * 'on' to follow the corrected/expected behavior, without violating POLS. + */ + if (a->inherit_before == 1) { + a->patterns = apr_array_append(p, base->patterns, + over->patterns); + } + else { + a->patterns = apr_array_append(p, over->patterns, + base->patterns); + } a->max_line_length = over->max_line_length_set ? - over->max_line_length : base->max_line_length; - a->max_line_length_set = over->max_line_length_set ? - over->max_line_length_set : base->max_line_length_set; + over->max_line_length : base->max_line_length; + a->max_line_length_set = over->max_line_length_set + | base->max_line_length_set; return a; } @@ -695,6 +713,9 @@ static const command_rec substitute_cmds[] = { "Pattern to filter the response content (s/foo/bar/[inf])"), AP_INIT_TAKE1("SubstituteMaxLineLength", set_max_line_length, NULL, OR_FILEINFO, "Maximum line length"), + AP_INIT_FLAG("SubstituteInheritBefore", ap_set_flag_slot, + (void *)APR_OFFSETOF(subst_dir_conf, inherit_before), OR_FILEINFO, + "Apply inherited patterns before those of the current context"), {NULL} }; diff --git a/modules/filters/mod_xml2enc.c b/modules/filters/mod_xml2enc.c index d28c97d1..7b34c717 100644 --- a/modules/filters/mod_xml2enc.c +++ b/modules/filters/mod_xml2enc.c @@ -127,7 +127,7 @@ static void fix_skipto(request_rec* r, xml2ctx* ctx) { apr_status_t rv; xml2cfg* cfg = ap_get_module_config(r->per_dir_config, &xml2enc_module); - if ((cfg->skipto != NULL) && (ctx->flags | ENC_SKIPTO)) { + if ((cfg->skipto != NULL) && (ctx->flags & ENC_SKIPTO)) { int found = 0; char* p = ap_strchr(ctx->buf, '<'); tattr* starts = (tattr*) cfg->skipto->elts; diff --git a/modules/generators/mod_autoindex.c b/modules/generators/mod_autoindex.c index 5e86e407..a9e96231 100644 --- a/modules/generators/mod_autoindex.c +++ b/modules/generators/mod_autoindex.c @@ -1336,7 +1336,7 @@ static struct ent *make_autoindex_entry(const apr_finfo_t *dirent, return (NULL); } - if((autoindex_opts & SHOW_FORBIDDEN) + if ((autoindex_opts & SHOW_FORBIDDEN) && (rr->status == HTTP_UNAUTHORIZED || rr->status == HTTP_FORBIDDEN)) { show_forbidden = 1; } @@ -1981,7 +1981,7 @@ static int dsortf(struct ent **e1, struct ent **e2) } } - /* The names may be identical in respects other other than + /* The names may be identical in respects other than * filename case when strnatcmp is used above, so fall back * to strcmp on conflicts so that fn1.01.zzz and fn1.1.zzz * are also sorted in a deterministic order. @@ -2274,7 +2274,10 @@ static int handle_autoindex(request_rec *r) autoindex_config_rec *d; int allow_opts; - if(strcmp(r->handler,DIR_MAGIC_TYPE)) { + if (strcmp(r->handler,DIR_MAGIC_TYPE) && !AP_IS_DEFAULT_HANDLER_NAME(r->handler)) { + return DECLINED; + } + if (r->finfo.filetype != APR_DIR) { return DECLINED; } diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c index fc7ec6cc..589611b5 100644 --- a/modules/http/http_protocol.c +++ b/modules/http/http_protocol.c @@ -135,7 +135,7 @@ static const char * const status_lines[RESPONSE_CODES] = NULL, /* 418 */ NULL, /* 419 */ NULL, /* 420 */ - NULL, /* 421 */ + "421 Misdirected Request", "422 Unprocessable Entity", "423 Locked", "424 Failed Dependency", @@ -1293,6 +1293,11 @@ static const char *get_canned_error_string(int status, case HTTP_NETWORK_AUTHENTICATION_REQUIRED: return("

    The client needs to authenticate to gain\n" "network access.

    \n"); + case HTTP_MISDIRECTED_REQUEST: + return("

    The client needs a new connection for this\n" + "request as the requested host name does not match\n" + "the Server Name Indication (SNI) in use for this\n" + "connection.

    \n"); default: /* HTTP_INTERNAL_SERVER_ERROR */ /* * This comparison to expose error-notes could be modified to diff --git a/modules/http/http_request.c b/modules/http/http_request.c index 7b06def9..70bf2937 100644 --- a/modules/http/http_request.c +++ b/modules/http/http_request.c @@ -363,7 +363,7 @@ void ap_process_async_request(request_rec *r) ap_process_request_after_handler(r); } -void ap_process_request(request_rec *r) +AP_DECLARE(void) ap_process_request(request_rec *r) { apr_bucket_brigade *bb; apr_bucket *b; diff --git a/modules/http2/.gitignore b/modules/http2/.gitignore new file mode 100644 index 00000000..ca49620f --- /dev/null +++ b/modules/http2/.gitignore @@ -0,0 +1,35 @@ +*.xcuserstate +sandbox/httpd/packages/httpd-2.4.x.tar.gz +sandbox/test/conf/sites/mod-h2.greenbytes.de.conf +*.o +*.slo +*.lo +*.la +*.pcap +.libs +.configured +.deps +compile +aclocal.m4 +autom4te.cache +autoscan.log +config.guess +config.log +config.status +config.sub +config.h +config.h.in +config.h.in~ +configure +configure.scan +depcomp +install-sh +libtool +ltmain.sh +missing +stamp-h1 +Makefile.in +Makefile +mod_h2-*.tar.gz +mod_h2/h2_version.h +m4 diff --git a/modules/http2/NWGNUmakefile b/modules/http2/NWGNUmakefile new file mode 100644 index 00000000..1ab6282d --- /dev/null +++ b/modules/http2/NWGNUmakefile @@ -0,0 +1,331 @@ +# +# This Makefile requires the environment var NGH2SRC +# pointing to the base directory of nghttp2 source tree. +# + +# +# Declare the sub-directories to be built here +# + +SUBDIRS = \ + $(EOLIST) + +# +# Get the 'head' of the build environment. This includes default targets and +# paths to tools +# + +include $(AP_WORK)/build/NWGNUhead.inc + +# +# build this level's files +# +# Make sure all needed macro's are defined +# + +# +# These directories will be at the beginning of the include list, followed by +# INCDIRS +# +XINCDIRS += \ + $(APR)/include \ + $(APRUTIL)/include \ + $(SRC)/include \ + $(NGH2SRC)/lib/ \ + $(NGH2SRC)/lib/includes \ + $(SERVER)/mpm/NetWare \ + $(NWOS) \ + $(EOLIST) + +# +# These flags will come after CFLAGS +# +XCFLAGS += \ + $(EOLIST) + +# +# These defines will come after DEFINES +# +XDEFINES += \ + -DHAVE_CONFIG_H \ + $(EOLIST) + +# +# These flags will be added to the link.opt file +# +XLFLAGS += \ + -L$(OBJDIR) \ + $(EOLIST) + +# +# These values will be appended to the correct variables based on the value of +# RELEASE +# +ifeq "$(RELEASE)" "debug" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +ifeq "$(RELEASE)" "noopt" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +ifeq "$(RELEASE)" "release" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +# +# These are used by the link target if an NLM is being generated +# This is used by the link 'name' directive to name the nlm. If left blank +# TARGET_nlm (see below) will be used. +# +NLM_NAME = mod_http2 + +# +# This is used by the link '-desc ' directive. +# If left blank, NLM_NAME will be used. +# +NLM_DESCRIPTION = Apache $(VERSION_STR) HTTP2 Support module (w/ NGHTTP2 Lib) + +# +# This is used by the '-threadname' directive. If left blank, +# NLM_NAME Thread will be used. +# +NLM_THREAD_NAME = $(NLM_NAME) + +# +# If this is specified, it will override VERSION value in +# $(AP_WORK)/build/NWGNUenvironment.inc +# +NLM_VERSION = + +# +# If this is specified, it will override the default of 64K +# +NLM_STACK_SIZE = 65536 + +# +# If this is specified it will be used by the link '-entry' directive +# +NLM_ENTRY_SYM = + +# +# If this is specified it will be used by the link '-exit' directive +# +NLM_EXIT_SYM = + +# +# If this is specified it will be used by the link '-check' directive +# +NLM_CHECK_SYM = + +# +# If this is specified it will be used by the link '-flags' directive +# +NLM_FLAGS = + +# +# If this is specified it will be linked in with the XDCData option in the def +# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled +# by setting APACHE_UNIPROC in the environment +# +XDCDATA = + +# +# Declare all target files (you must add your files here) +# + +# +# If there is an NLM target, put it here +# +TARGET_nlm = \ + $(OBJDIR)/$(NLM_NAME).nlm \ + $(EOLIST) + +# +# If there is an LIB target, put it here +# +TARGET_lib = \ + $(OBJDIR)/nghttp2.lib \ + $(EOLIST) + +# +# These are the OBJ files needed to create the NLM target above. +# Paths must all use the '/' character +# +FILES_nlm_objs := $(sort $(patsubst %.c,$(OBJDIR)/%.o,$(wildcard *.c))) + +# +# These are the LIB files needed to create the NLM target above. +# These will be added as a library command in the link.opt file. +# +FILES_nlm_libs = \ + $(PRELUDE) \ + $(OBJDIR)/nghttp2.lib \ + $(EOLIST) + +# +# These are the modules that the above NLM target depends on to load. +# These will be added as a module command in the link.opt file. +# +FILES_nlm_modules = \ + Libc \ + Apache2 \ + $(EOLIST) + +# +# If the nlm has a msg file, put it's path here +# +FILE_nlm_msg = + +# +# If the nlm has a hlp file put it's path here +# +FILE_nlm_hlp = + +# +# If this is specified, it will override $(NWOS)\copyright.txt. +# +FILE_nlm_copyright = + +# +# Any additional imports go here +# +FILES_nlm_Ximports = \ + @libc.imp \ + @aprlib.imp \ + @httpd.imp \ + $(EOLIST) + +# +# Any symbols exported to here +# +FILES_nlm_exports = \ + http2_module \ + $(EOLIST) + +# +# These are the OBJ files needed to create the LIB target above. +# Paths must all use the '/' character +# +FILES_lib_objs := $(sort $(patsubst $(NGH2SRC)/lib/%.c,$(OBJDIR)/%.o,$(wildcard $(NGH2SRC)/lib/*.c))) +# +# implement targets and dependancies (leave this section alone) +# + +libs :: $(OBJDIR) $(NGH2SRC)/lib/config.h $(TARGET_lib) + +nlms :: libs $(TARGET_nlm) + +# +# Updated this target to create necessary directories and copy files to the +# correct place. (See $(AP_WORK)/build/NWGNUhead.inc for examples) +# +install :: nlms FORCE + $(call COPY,$(OBJDIR)/*.nlm, $(INSTALLBASE)/modules/) + +clean :: + $(call DEL,$(NGH2SRC)/lib/config.h) +# +# Any specialized rules here +# +vpath %.c $(NGH2SRC)/lib + +$(NGH2SRC)/lib/config.h : NWGNUmakefile + @echo $(DL)GEN $@$(DL) + @echo $(DL)/* For NetWare target.$(DL) > $@ + @echo $(DL)** Do not edit - created by Make!$(DL) >> $@ + @echo $(DL)*/$(DL) >> $@ + @echo $(DL)#ifndef NGH2_CONFIG_H$(DL) >> $@ + @echo $(DL)#define NGH2_CONFIG_H$(DL) >> $@ + @echo #define HAVE_ARPA_INET_H 1 >> $@ + @echo #define HAVE_CHOWN 1 >> $@ + @echo #define HAVE_DECL_STRERROR_R 1 >> $@ + @echo #define HAVE_DLFCN_H 1 >> $@ + @echo #define HAVE_DUP2 1 >> $@ + @echo #define HAVE_FCNTL_H 1 >> $@ + @echo #define HAVE_GETCWD 1 >> $@ + @echo #define HAVE_INTTYPES_H 1 >> $@ + @echo #define HAVE_LIMITS_H 1 >> $@ + @echo #define HAVE_LOCALTIME_R 1 >> $@ + @echo #define HAVE_MALLOC 1 >> $@ + @echo #define HAVE_MEMCHR 1 >> $@ + @echo #define HAVE_MEMMOVE 1 >> $@ + @echo #define HAVE_MEMORY_H 1 >> $@ + @echo #define HAVE_MEMSET 1 >> $@ + @echo #define HAVE_NETDB_H 1 >> $@ + @echo #define HAVE_NETINET_IN_H 1 >> $@ + @echo #define HAVE_PTRDIFF_T 1 >> $@ + @echo #define HAVE_PWD_H 1 >> $@ + @echo #define HAVE_SOCKET 1 >> $@ + @echo #define HAVE_SQRT 1 >> $@ + @echo #define HAVE_STDDEF_H 1 >> $@ + @echo #define HAVE_STDINT_H 1 >> $@ + @echo #define HAVE_STDLIB_H 1 >> $@ + @echo #define HAVE_STRCHR 1 >> $@ + @echo #define HAVE_STRDUP 1 >> $@ + @echo #define HAVE_STRERROR 1 >> $@ + @echo #define HAVE_STRERROR_R 1 >> $@ + @echo #define HAVE_STRINGS_H 1 >> $@ + @echo #define HAVE_STRING_H 1 >> $@ + @echo #define HAVE_STRSTR 1 >> $@ + @echo #define HAVE_STRTOL 1 >> $@ + @echo #define HAVE_STRTOUL 1 >> $@ + @echo #define HAVE_SYSLOG_H 1 >> $@ + @echo #define HAVE_SYS_SOCKET_H 1 >> $@ + @echo #define HAVE_SYS_STAT_H 1 >> $@ + @echo #define HAVE_SYS_TIME_H 1 >> $@ + @echo #define HAVE_SYS_TYPES_H 1 >> $@ + @echo #define HAVE_TIME_H 1 >> $@ + @echo #define HAVE_UNISTD_H 1 >> $@ + + @echo #define SIZEOF_INT_P 4 >> $@ + @echo #define STDC_HEADERS 1 >> $@ + @echo #define STRERROR_R_CHAR_P 4 >> $@ + +# Hint to compiler a function parameter is not used + @echo #define _U_ >> $@ + + @echo #ifndef __cplusplus >> $@ + @echo #define inline __inline >> $@ + @echo #endif >> $@ + + @echo $(DL)#endif /* NGH2_CONFIG_H */$(DL) >> $@ + +# +# Include the 'tail' makefile that has targets that depend on variables defined +# in this makefile +# + +include $(APBUILD)/NWGNUtail.inc + + diff --git a/modules/http2/README.h2 b/modules/http2/README.h2 new file mode 100644 index 00000000..399086b7 --- /dev/null +++ b/modules/http2/README.h2 @@ -0,0 +1,70 @@ +The http2 module adds support for the HTTP/2 protocol to the server. + +Specifically, it supports the protocols "h2" (HTTP2 over TLS) and "h2c" +(HTTP2 over plain HTTP connections via Upgrade). Additionally it offers +the "direct" mode for both encrypted and unencrypted connections. + +You may enable it for the whole server or specific virtual hosts only. + + +BUILD + +If you have libnghttp2 (https://nghttp2.org) installed on your system, simply +add + + --enable-http2 + +to your httpd ./configure invocation. Should libnghttp2 reside in a unusual +location, add + + --with-nghttp2= + +to ./configure. is expected to be the installation prefix, so there +should be a /lib/libnghttp2.*. If your system support pkg-config, +/lib/pkgconfig/libnghttp2.pc will be inspected. + +If you want to link nghttp2 statically into the mod_http2 module, you may +similarly to mod_ssl add + + --enable-nghttp2-staticlib-deps + +For this, the lib directory should only contain the libnghttp2.a, not its +shared cousins. + + +CONFIGURATION + +If mod_http2 is enabled for a site or not depends on the new "Protocols" +directive. This directive list all protocols enabled for a server or +virtual host. + +If you do not specify "Protocols" all available protocols are enabled. For +sites using TLS, the protocol supported by mod_http2 is "h2". For cleartext +http:, the offered protocol is "h2c". + +The following is an example of a server that only supports http/1.1 in +general and offers h2 for a specific virtual host. + + ... + Protocols http/1.1 + + Protocols h2 http/1.1 + ... + + +Please see the documentation of mod_http2 for a complete list and explanation +of all options. + + +TLS CONFIGURATION + +If you want to use HTTP/2 with a browser, most modern browsers will support +it without further configuration. However, browsers so far only support +HTTP/2 over TLS and are expecially picky about the certificate and +encryption ciphers used. + +Server admins may look for up-to-date information about "modern" TLS +compatibility under: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + diff --git a/modules/http2/config.m4 b/modules/http2/config.m4 new file mode 100644 index 00000000..9c5eb867 --- /dev/null +++ b/modules/http2/config.m4 @@ -0,0 +1,189 @@ +dnl Licensed to the Apache Software Foundation (ASF) under one or more +dnl contributor license agreements. See the NOTICE file distributed with +dnl this work for additional information regarding copyright ownership. +dnl The ASF licenses this file to You under the Apache License, Version 2.0 +dnl (the "License"); you may not use this file except in compliance with +dnl the License. You may obtain a copy of the License at +dnl +dnl http://www.apache.org/licenses/LICENSE-2.0 +dnl +dnl Unless required by applicable law or agreed to in writing, software +dnl distributed under the License is distributed on an "AS IS" BASIS, +dnl WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +dnl See the License for the specific language governing permissions and +dnl limitations under the License. + +dnl # start of module specific part +APACHE_MODPATH_INIT(http2) + +dnl # list of module object files +http2_objs="dnl +mod_http2.lo dnl +h2_alt_svc.lo dnl +h2_config.lo dnl +h2_conn.lo dnl +h2_conn_io.lo dnl +h2_ctx.lo dnl +h2_from_h1.lo dnl +h2_h2.lo dnl +h2_io.lo dnl +h2_io_set.lo dnl +h2_mplx.lo dnl +h2_request.lo dnl +h2_response.lo dnl +h2_session.lo dnl +h2_stream.lo dnl +h2_stream_set.lo dnl +h2_switch.lo dnl +h2_task.lo dnl +h2_task_input.lo dnl +h2_task_output.lo dnl +h2_task_queue.lo dnl +h2_to_h1.lo dnl +h2_util.lo dnl +h2_worker.lo dnl +h2_workers.lo dnl +" + +dnl +dnl APACHE_CHECK_NGHTTP2 +dnl +dnl Configure for nghttp2, giving preference to +dnl "--with-nghttp2=" if it was specified. +dnl +AC_DEFUN([APACHE_CHECK_NGHTTP2],[ + AC_CACHE_CHECK([for nghttp2], [ac_cv_nghttp2], [ + dnl initialise the variables we use + ac_cv_nghttp2=no + ap_nghttp2_found="" + ap_nghttp2_base="" + ap_nghttp2_libs="" + + dnl Determine the nghttp2 base directory, if any + AC_MSG_CHECKING([for user-provided nghttp2 base directory]) + AC_ARG_WITH(nghttp2, APACHE_HELP_STRING(--with-nghttp2=PATH, nghttp2 installation directory), [ + dnl If --with-nghttp2 specifies a directory, we use that directory + if test "x$withval" != "xyes" -a "x$withval" != "x"; then + dnl This ensures $withval is actually a directory and that it is absolute + ap_nghttp2_base="`cd $withval ; pwd`" + fi + ]) + if test "x$ap_nghttp2_base" = "x"; then + AC_MSG_RESULT(none) + else + AC_MSG_RESULT($ap_nghttp2_base) + fi + + dnl Run header and version checks + saved_CPPFLAGS="$CPPFLAGS" + saved_LIBS="$LIBS" + saved_LDFLAGS="$LDFLAGS" + + dnl Before doing anything else, load in pkg-config variables + if test -n "$PKGCONFIG"; then + saved_PKG_CONFIG_PATH="$PKG_CONFIG_PATH" + AC_MSG_CHECKING([for pkg-config along $PKG_CONFIG_PATH]) + if test "x$ap_nghttp2_base" != "x" -a \ + -f "${ap_nghttp2_base}/lib/pkgconfig/libnghttp2.pc"; then + dnl Ensure that the given path is used by pkg-config too, otherwise + dnl the system libnghttp2.pc might be picked up instead. + PKG_CONFIG_PATH="${ap_nghttp2_base}/lib/pkgconfig${PKG_CONFIG_PATH+:}${PKG_CONFIG_PATH}" + export PKG_CONFIG_PATH + fi + AC_ARG_ENABLE(nghttp2-staticlib-deps,APACHE_HELP_STRING(--enable-nghttp2-staticlib-deps,[link mod_http2 with dependencies of libnghttp2's static libraries (as indicated by "pkg-config --static"). Must be specified in addition to --enable-http2.]), [ + if test "$enableval" = "yes"; then + PKGCONFIG_LIBOPTS="--static" + fi + ]) + ap_nghttp2_libs="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-l --silence-errors libnghttp2`" + if test $? -eq 0; then + ap_nghttp2_found="yes" + pkglookup="`$PKGCONFIG --cflags-only-I libnghttp2`" + APR_ADDTO(CPPFLAGS, [$pkglookup]) + APR_ADDTO(MOD_CFLAGS, [$pkglookup]) + APR_ADDTO(ab_CFLAGS, [$pkglookup]) + pkglookup="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-L libnghttp2`" + APR_ADDTO(LDFLAGS, [$pkglookup]) + APR_ADDTO(MOD_LDFLAGS, [$pkglookup]) + pkglookup="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-other libnghttp2`" + APR_ADDTO(LDFLAGS, [$pkglookup]) + APR_ADDTO(MOD_LDFLAGS, [$pkglookup]) + fi + PKG_CONFIG_PATH="$saved_PKG_CONFIG_PATH" + fi + + dnl fall back to the user-supplied directory if not found via pkg-config + if test "x$ap_nghttp2_base" != "x" -a "x$ap_nghttp2_found" = "x"; then + APR_ADDTO(CPPFLAGS, [-I$ap_nghttp2_base/include]) + APR_ADDTO(MOD_CFLAGS, [-I$ap_nghttp2_base/include]) + APR_ADDTO(ab_CFLAGS, [-I$ap_nghttp2_base/include]) + APR_ADDTO(LDFLAGS, [-L$ap_nghttp2_base/lib]) + APR_ADDTO(MOD_LDFLAGS, [-L$ap_nghttp2_base/lib]) + if test "x$ap_platform_runtime_link_flag" != "x"; then + APR_ADDTO(LDFLAGS, [$ap_platform_runtime_link_flag$ap_nghttp2_base/lib]) + APR_ADDTO(MOD_LDFLAGS, [$ap_platform_runtime_link_flag$ap_nghttp2_base/lib]) + fi + fi + + AC_MSG_CHECKING([for nghttp2 version >= 1.0.0]) + AC_TRY_COMPILE([#include ],[ +#if !defined(NGHTTP2_VERSION_NUM) +#error "Missing nghttp2 version" +#endif +#if NGHTTP2_VERSION_NUM < 0x010000 +#error "Unsupported nghttp2 version " NGHTTP2_VERSION_TEXT +#endif], + [AC_MSG_RESULT(OK) + ac_cv_nghttp2=yes], + [AC_MSG_RESULT(FAILED)]) + + if test "x$ac_cv_nghttp2" = "xyes"; then + ap_nghttp2_libs="${ap_nghttp2_libs:--lnghttp2} `$apr_config --libs`" + APR_ADDTO(MOD_LDFLAGS, [$ap_nghttp2_libs]) + APR_ADDTO(LIBS, [$ap_nghttp2_libs]) + APR_SETVAR(ab_LDFLAGS, [$MOD_LDFLAGS]) + APACHE_SUBST(ab_CFLAGS) + APACHE_SUBST(ab_LDFLAGS) + + dnl Run library and function checks + liberrors="" + AC_CHECK_HEADERS([nghttp2/nghttp2.h]) + AC_CHECK_FUNCS([nghttp2_session_server_new2], [], [liberrors="yes"]) + if test "x$liberrors" != "x"; then + AC_MSG_WARN([nghttp2 library is unusable]) + fi + else + AC_MSG_WARN([nghttp2 version is too old]) + fi + + dnl restore + CPPFLAGS="$saved_CPPFLAGS" + LIBS="$saved_LIBS" + LDFLAGS="$saved_LDFLAGS" + ]) + if test "x$ac_cv_nghttp2" = "xyes"; then + AC_DEFINE(HAVE_NGHTTP2, 1, [Define if nghttp2 is available]) + fi +]) + + +dnl # hook module into the Autoconf mechanism (--enable-http2) +APACHE_MODULE(http2, [HTTP/2 protocol handling in addition to HTTP protocol +handling. Implemented by mod_http2. This module requires a libnghttp2 installation. +See --with-nghttp2 on how to manage non-standard locations. This module +is usually linked shared and requires loading. ], $http2_objs, , most, [ + APACHE_CHECK_NGHTTP2 + if test "$ac_cv_nghttp2" = "yes" ; then + if test "x$enable_http2" = "xshared"; then + # The only symbol which needs to be exported is the module + # structure, so ask libtool to hide everything else: + APR_ADDTO(MOD_HTTP2_LDADD, [-export-symbols-regex http2_module]) + fi + else + enable_http2=no + fi +]) + +dnl # end of module specific part +APACHE_MODPATH_FINISH + diff --git a/modules/http2/h2_alt_svc.c b/modules/http2/h2_alt_svc.c new file mode 100644 index 00000000..d18ae5f2 --- /dev/null +++ b/modules/http2/h2_alt_svc.c @@ -0,0 +1,132 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_alt_svc.h" +#include "h2_ctx.h" +#include "h2_config.h" +#include "h2_h2.h" +#include "h2_util.h" + +static int h2_alt_svc_handler(request_rec *r); + +void h2_alt_svc_register_hooks(void) +{ + ap_hook_post_read_request(h2_alt_svc_handler, NULL, NULL, APR_HOOK_MIDDLE); +} + +/** + * Parse an Alt-Svc specifier as described in "HTTP Alternative Services" + * (https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-04) + * with the following changes: + * - do not percent encode token values + * - do not use quotation marks + */ +h2_alt_svc *h2_alt_svc_parse(const char *s, apr_pool_t *pool) { + const char *sep = ap_strchr_c(s, '='); + if (sep) { + const char *alpn = apr_pstrndup(pool, s, sep - s); + const char *host = NULL; + int port = 0; + s = sep + 1; + sep = ap_strchr_c(s, ':'); /* mandatory : */ + if (sep) { + if (sep != s) { /* optional host */ + host = apr_pstrndup(pool, s, sep - s); + } + s = sep + 1; + if (*s) { /* must be a port number */ + port = (int)apr_atoi64(s); + if (port > 0 && port < (0x1 << 16)) { + h2_alt_svc *as = apr_pcalloc(pool, sizeof(*as)); + as->alpn = alpn; + as->host = host; + as->port = port; + return as; + } + } + } + } + return NULL; +} + +#define h2_alt_svc_IDX(list, i) ((h2_alt_svc**)(list)->elts)[i] + +static int h2_alt_svc_handler(request_rec *r) +{ + h2_ctx *ctx; + h2_config *cfg; + int i; + + if (r->connection->keepalives > 0) { + /* Only announce Alt-Svc on the first response */ + return DECLINED; + } + + ctx = h2_ctx_rget(r); + if (h2_ctx_is_active(ctx) || h2_ctx_is_task(ctx)) { + return DECLINED; + } + + cfg = h2_config_rget(r); + if (r->hostname && cfg && cfg->alt_svcs && cfg->alt_svcs->nelts > 0) { + const char *alt_svc_used = apr_table_get(r->headers_in, "Alt-Svc-Used"); + if (!alt_svc_used) { + /* We have alt-svcs defined and client is not already using + * one, announce the services that were configured and match. + * The security of this connection determines if we allow + * other host names or ports only. + */ + const char *alt_svc = ""; + const char *svc_ma = ""; + int secure = h2_h2_is_tls(r->connection); + int ma = h2_config_geti(cfg, H2_CONF_ALT_SVC_MAX_AGE); + if (ma >= 0) { + svc_ma = apr_psprintf(r->pool, "; ma=%d", ma); + } + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "h2_alt_svc: announce %s for %s:%d", + (secure? "secure" : "insecure"), + r->hostname, (int)r->server->port); + for (i = 0; i < cfg->alt_svcs->nelts; ++i) { + h2_alt_svc *as = h2_alt_svc_IDX(cfg->alt_svcs, i); + const char *ahost = as->host; + if (ahost && !apr_strnatcasecmp(ahost, r->hostname)) { + ahost = NULL; + } + if (secure || !ahost) { + alt_svc = apr_psprintf(r->pool, "%s%s%s=\"%s:%d\"%s", + alt_svc, + (*alt_svc? ", " : ""), as->alpn, + ahost? ahost : "", as->port, + svc_ma); + } + } + if (*alt_svc) { + apr_table_set(r->headers_out, "Alt-Svc", alt_svc); + } + } + } + + return DECLINED; +} + diff --git a/modules/http2/h2_alt_svc.h b/modules/http2/h2_alt_svc.h new file mode 100644 index 00000000..51f89d00 --- /dev/null +++ b/modules/http2/h2_alt_svc.h @@ -0,0 +1,39 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_alt_svc__ +#define __mod_h2__h2_alt_svc__ + +typedef struct h2_alt_svc h2_alt_svc; + +struct h2_alt_svc { + const char *alpn; + const char *host; + int port; +}; + +void h2_alt_svc_register_hooks(void); + +/** + * Parse an Alt-Svc specifier as described in "HTTP Alternative Services" + * (https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-04) + * with the following changes: + * - do not percent encode token values + * - do not use quotation marks + */ +h2_alt_svc *h2_alt_svc_parse(const char *s, apr_pool_t *pool); + + +#endif /* defined(__mod_h2__h2_alt_svc__) */ diff --git a/modules/http2/h2_config.c b/modules/http2/h2_config.c new file mode 100644 index 00000000..6db702ec --- /dev/null +++ b/modules/http2/h2_config.c @@ -0,0 +1,386 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include +#include +#include +#include + +#include + +#include + +#include "h2_alt_svc.h" +#include "h2_ctx.h" +#include "h2_conn.h" +#include "h2_config.h" +#include "h2_private.h" + +#define DEF_VAL (-1) + +#define H2_CONFIG_GET(a, b, n) \ + (((a)->n == DEF_VAL)? (b) : (a))->n + +static h2_config defconf = { + "default", + 100, /* max_streams */ + 64 * 1024, /* window_size */ + -1, /* min workers */ + -1, /* max workers */ + 10 * 60, /* max workers idle secs */ + 64 * 1024, /* stream max mem size */ + NULL, /* no alt-svcs */ + -1, /* alt-svc max age */ + 0, /* serialize headers */ + -1, /* h2 direct mode */ + -1, /* # session extra files */ +}; + +static int files_per_session = 0; + +void h2_config_init(apr_pool_t *pool) { + /* Determine a good default for this platform and mpm? + * TODO: not sure how APR wants to hand out this piece of + * information. + */ + int max_files = 256; + int conn_threads = 1; + int tx_files = max_files / 4; + + (void)pool; + ap_mpm_query(AP_MPMQ_MAX_THREADS, &conn_threads); + switch (h2_conn_mpm_type()) { + case H2_MPM_PREFORK: + case H2_MPM_WORKER: + case H2_MPM_EVENT: + /* allow that many transfer open files per mplx */ + files_per_session = (tx_files / conn_threads); + break; + default: + /* don't know anything about it, stay safe */ + break; + } +} + +static void *h2_config_create(apr_pool_t *pool, + const char *prefix, const char *x) +{ + h2_config *conf = (h2_config *)apr_pcalloc(pool, sizeof(h2_config)); + + const char *s = x? x : "unknown"; + char *name = apr_pcalloc(pool, strlen(prefix) + strlen(s) + 20); + strcpy(name, prefix); + strcat(name, "["); + strcat(name, s); + strcat(name, "]"); + + conf->name = name; + conf->h2_max_streams = DEF_VAL; + conf->h2_window_size = DEF_VAL; + conf->min_workers = DEF_VAL; + conf->max_workers = DEF_VAL; + conf->max_worker_idle_secs = DEF_VAL; + conf->stream_max_mem_size = DEF_VAL; + conf->alt_svc_max_age = DEF_VAL; + conf->serialize_headers = DEF_VAL; + conf->h2_direct = DEF_VAL; + conf->session_extra_files = DEF_VAL; + return conf; +} + +void *h2_config_create_svr(apr_pool_t *pool, server_rec *s) +{ + return h2_config_create(pool, "srv", s->defn_name); +} + +void *h2_config_create_dir(apr_pool_t *pool, char *x) +{ + return h2_config_create(pool, "dir", x); +} + +void *h2_config_merge(apr_pool_t *pool, void *basev, void *addv) +{ + h2_config *base = (h2_config *)basev; + h2_config *add = (h2_config *)addv; + h2_config *n = (h2_config *)apr_pcalloc(pool, sizeof(h2_config)); + + char *name = apr_pcalloc(pool, 20 + strlen(add->name) + strlen(base->name)); + strcpy(name, "merged["); + strcat(name, add->name); + strcat(name, ", "); + strcat(name, base->name); + strcat(name, "]"); + n->name = name; + + n->h2_max_streams = H2_CONFIG_GET(add, base, h2_max_streams); + n->h2_window_size = H2_CONFIG_GET(add, base, h2_window_size); + n->min_workers = H2_CONFIG_GET(add, base, min_workers); + n->max_workers = H2_CONFIG_GET(add, base, max_workers); + n->max_worker_idle_secs = H2_CONFIG_GET(add, base, max_worker_idle_secs); + n->stream_max_mem_size = H2_CONFIG_GET(add, base, stream_max_mem_size); + n->alt_svcs = add->alt_svcs? add->alt_svcs : base->alt_svcs; + n->alt_svc_max_age = H2_CONFIG_GET(add, base, alt_svc_max_age); + n->serialize_headers = H2_CONFIG_GET(add, base, serialize_headers); + n->h2_direct = H2_CONFIG_GET(add, base, h2_direct); + n->session_extra_files = H2_CONFIG_GET(add, base, session_extra_files); + + return n; +} + +int h2_config_geti(h2_config *conf, h2_config_var_t var) +{ + int n; + switch(var) { + case H2_CONF_MAX_STREAMS: + return H2_CONFIG_GET(conf, &defconf, h2_max_streams); + case H2_CONF_WIN_SIZE: + return H2_CONFIG_GET(conf, &defconf, h2_window_size); + case H2_CONF_MIN_WORKERS: + return H2_CONFIG_GET(conf, &defconf, min_workers); + case H2_CONF_MAX_WORKERS: + return H2_CONFIG_GET(conf, &defconf, max_workers); + case H2_CONF_MAX_WORKER_IDLE_SECS: + return H2_CONFIG_GET(conf, &defconf, max_worker_idle_secs); + case H2_CONF_STREAM_MAX_MEM: + return H2_CONFIG_GET(conf, &defconf, stream_max_mem_size); + case H2_CONF_ALT_SVC_MAX_AGE: + return H2_CONFIG_GET(conf, &defconf, alt_svc_max_age); + case H2_CONF_SER_HEADERS: + return H2_CONFIG_GET(conf, &defconf, serialize_headers); + case H2_CONF_DIRECT: + return H2_CONFIG_GET(conf, &defconf, h2_direct); + case H2_CONF_SESSION_FILES: + n = H2_CONFIG_GET(conf, &defconf, session_extra_files); + if (n < 0) { + n = files_per_session; + } + return n; + default: + return DEF_VAL; + } +} + +h2_config *h2_config_sget(server_rec *s) +{ + h2_config *cfg = (h2_config *)ap_get_module_config(s->module_config, + &http2_module); + AP_DEBUG_ASSERT(cfg); + return cfg; +} + + +static const char *h2_conf_set_max_streams(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + cfg->h2_max_streams = (int)apr_atoi64(value); + (void)arg; + if (cfg->h2_max_streams < 1) { + return "value must be > 0"; + } + return NULL; +} + +static const char *h2_conf_set_window_size(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + cfg->h2_window_size = (int)apr_atoi64(value); + (void)arg; + if (cfg->h2_window_size < 1024) { + return "value must be > 1k"; + } + return NULL; +} + +static const char *h2_conf_set_min_workers(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + cfg->min_workers = (int)apr_atoi64(value); + (void)arg; + if (cfg->min_workers < 1) { + return "value must be > 1"; + } + return NULL; +} + +static const char *h2_conf_set_max_workers(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + cfg->max_workers = (int)apr_atoi64(value); + (void)arg; + if (cfg->max_workers < 1) { + return "value must be > 1"; + } + return NULL; +} + +static const char *h2_conf_set_max_worker_idle_secs(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + cfg->max_worker_idle_secs = (int)apr_atoi64(value); + (void)arg; + if (cfg->max_worker_idle_secs < 1) { + return "value must be > 1"; + } + return NULL; +} + +static const char *h2_conf_set_stream_max_mem_size(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + + + cfg->stream_max_mem_size = (int)apr_atoi64(value); + (void)arg; + if (cfg->stream_max_mem_size < 1024) { + return "value must be > 1k"; + } + return NULL; +} + +static const char *h2_add_alt_svc(cmd_parms *parms, + void *arg, const char *value) +{ + if (value && strlen(value)) { + h2_config *cfg = h2_config_sget(parms->server); + h2_alt_svc *as = h2_alt_svc_parse(value, parms->pool); + if (!as) { + return "unable to parse alt-svc specifier"; + } + if (!cfg->alt_svcs) { + cfg->alt_svcs = apr_array_make(parms->pool, 5, sizeof(h2_alt_svc*)); + } + APR_ARRAY_PUSH(cfg->alt_svcs, h2_alt_svc*) = as; + } + (void)arg; + return NULL; +} + +static const char *h2_conf_set_alt_svc_max_age(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + cfg->alt_svc_max_age = (int)apr_atoi64(value); + (void)arg; + return NULL; +} + +static const char *h2_conf_set_session_extra_files(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + apr_int64_t max = (int)apr_atoi64(value); + if (max <= 0) { + return "value must be a positive number"; + } + cfg->session_extra_files = (int)max; + (void)arg; + return NULL; +} + +static const char *h2_conf_set_serialize_headers(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + if (!strcasecmp(value, "On")) { + cfg->serialize_headers = 1; + return NULL; + } + else if (!strcasecmp(value, "Off")) { + cfg->serialize_headers = 0; + return NULL; + } + + (void)arg; + return "value must be On or Off"; +} + +static const char *h2_conf_set_direct(cmd_parms *parms, + void *arg, const char *value) +{ + h2_config *cfg = h2_config_sget(parms->server); + if (!strcasecmp(value, "On")) { + cfg->h2_direct = 1; + return NULL; + } + else if (!strcasecmp(value, "Off")) { + cfg->h2_direct = 0; + return NULL; + } + + (void)arg; + return "value must be On or Off"; +} + +#define AP_END_CMD AP_INIT_TAKE1(NULL, NULL, NULL, RSRC_CONF, NULL) + + +const command_rec h2_cmds[] = { + AP_INIT_TAKE1("H2MaxSessionStreams", h2_conf_set_max_streams, NULL, + RSRC_CONF, "maximum number of open streams per session"), + AP_INIT_TAKE1("H2WindowSize", h2_conf_set_window_size, NULL, + RSRC_CONF, "window size on client DATA"), + AP_INIT_TAKE1("H2MinWorkers", h2_conf_set_min_workers, NULL, + RSRC_CONF, "minimum number of worker threads per child"), + AP_INIT_TAKE1("H2MaxWorkers", h2_conf_set_max_workers, NULL, + RSRC_CONF, "maximum number of worker threads per child"), + AP_INIT_TAKE1("H2MaxWorkerIdleSeconds", h2_conf_set_max_worker_idle_secs, NULL, + RSRC_CONF, "maximum number of idle seconds before a worker shuts down"), + AP_INIT_TAKE1("H2StreamMaxMemSize", h2_conf_set_stream_max_mem_size, NULL, + RSRC_CONF, "maximum number of bytes buffered in memory for a stream"), + AP_INIT_TAKE1("H2AltSvc", h2_add_alt_svc, NULL, + RSRC_CONF, "adds an Alt-Svc for this server"), + AP_INIT_TAKE1("H2AltSvcMaxAge", h2_conf_set_alt_svc_max_age, NULL, + RSRC_CONF, "set the maximum age (in seconds) that client can rely on alt-svc information"), + AP_INIT_TAKE1("H2SerializeHeaders", h2_conf_set_serialize_headers, NULL, + RSRC_CONF, "on to enable header serialization for compatibility"), + AP_INIT_TAKE1("H2Direct", h2_conf_set_direct, NULL, + RSRC_CONF, "on to enable direct HTTP/2 mode"), + AP_INIT_TAKE1("H2SessionExtraFiles", h2_conf_set_session_extra_files, NULL, + RSRC_CONF, "number of extra file a session might keep open"), + AP_END_CMD +}; + + +h2_config *h2_config_rget(request_rec *r) +{ + h2_config *cfg = (h2_config *)ap_get_module_config(r->per_dir_config, + &http2_module); + return cfg? cfg : h2_config_sget(r->server); +} + +h2_config *h2_config_get(conn_rec *c) +{ + h2_ctx *ctx = h2_ctx_get(c); + + if (ctx->config) { + return ctx->config; + } + else if (ctx->server) { + ctx->config = h2_config_sget(ctx->server); + return ctx->config; + } + + return h2_config_sget(c->base_server); +} + diff --git a/modules/http2/h2_config.h b/modules/http2/h2_config.h new file mode 100644 index 00000000..931af59d --- /dev/null +++ b/modules/http2/h2_config.h @@ -0,0 +1,74 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_config_h__ +#define __mod_h2__h2_config_h__ + +#undef PACKAGE_VERSION +#undef PACKAGE_TARNAME +#undef PACKAGE_STRING +#undef PACKAGE_NAME +#undef PACKAGE_BUGREPORT + +typedef enum { + H2_CONF_MAX_STREAMS, + H2_CONF_WIN_SIZE, + H2_CONF_MIN_WORKERS, + H2_CONF_MAX_WORKERS, + H2_CONF_MAX_WORKER_IDLE_SECS, + H2_CONF_STREAM_MAX_MEM, + H2_CONF_ALT_SVCS, + H2_CONF_ALT_SVC_MAX_AGE, + H2_CONF_SER_HEADERS, + H2_CONF_DIRECT, + H2_CONF_SESSION_FILES, +} h2_config_var_t; + +/* Apache httpd module configuration for h2. */ +typedef struct h2_config { + const char *name; + int h2_max_streams; /* max concurrent # streams (http2) */ + int h2_window_size; /* stream window size (http2) */ + int min_workers; /* min # of worker threads/child */ + int max_workers; /* max # of worker threads/child */ + int max_worker_idle_secs; /* max # of idle seconds for worker */ + int stream_max_mem_size; /* max # bytes held in memory/stream */ + apr_array_header_t *alt_svcs; /* h2_alt_svc specs for this server */ + int alt_svc_max_age; /* seconds clients can rely on alt-svc info*/ + int serialize_headers; /* Use serialized HTTP/1.1 headers for + processing, better compatibility */ + int h2_direct; /* if mod_h2 is active directly */ + int session_extra_files; /* # of extra files a session may keep open */ +} h2_config; + + +void *h2_config_create_dir(apr_pool_t *pool, char *x); +void *h2_config_create_svr(apr_pool_t *pool, server_rec *s); +void *h2_config_merge(apr_pool_t *pool, void *basev, void *addv); + +apr_status_t h2_config_apply_header(h2_config *config, request_rec *r); + +extern const command_rec h2_cmds[]; + +h2_config *h2_config_get(conn_rec *c); +h2_config *h2_config_sget(server_rec *s); +h2_config *h2_config_rget(request_rec *r); + +int h2_config_geti(h2_config *conf, h2_config_var_t var); + +void h2_config_init(apr_pool_t *pool); + +#endif /* __mod_h2__h2_config_h__ */ + diff --git a/modules/http2/h2_conn.c b/modules/http2/h2_conn.c new file mode 100644 index 00000000..8bffbc42 --- /dev/null +++ b/modules/http2/h2_conn.c @@ -0,0 +1,532 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_config.h" +#include "h2_ctx.h" +#include "h2_mplx.h" +#include "h2_session.h" +#include "h2_stream.h" +#include "h2_stream_set.h" +#include "h2_task.h" +#include "h2_worker.h" +#include "h2_workers.h" +#include "h2_conn.h" + +static struct h2_workers *workers; + +static apr_status_t h2_session_process(h2_session *session); + +static h2_mpm_type_t mpm_type = H2_MPM_UNKNOWN; +static module *mpm_module; +static module *ssl_module; +static int checked; + +static void check_modules(void) +{ + int i; + if (!checked) { + for (i = 0; ap_loaded_modules[i]; ++i) { + module *m = ap_loaded_modules[i]; + if (!strcmp("event.c", m->name)) { + mpm_type = H2_MPM_EVENT; + mpm_module = m; + } + else if (!strcmp("worker.c", m->name)) { + mpm_type = H2_MPM_WORKER; + mpm_module = m; + } + else if (!strcmp("prefork.c", m->name)) { + mpm_type = H2_MPM_PREFORK; + mpm_module = m; + } + else if (!strcmp("mod_ssl.c", m->name)) { + ssl_module = m; + } + } + checked = 1; + } +} + +apr_status_t h2_conn_child_init(apr_pool_t *pool, server_rec *s) +{ + h2_config *config = h2_config_sget(s); + apr_status_t status = APR_SUCCESS; + int minw = h2_config_geti(config, H2_CONF_MIN_WORKERS); + int maxw = h2_config_geti(config, H2_CONF_MAX_WORKERS); + + int max_threads_per_child = 0; + int threads_limit = 0; + int idle_secs = 0; + int i; + + h2_config_init(pool); + + ap_mpm_query(AP_MPMQ_MAX_THREADS, &max_threads_per_child); + ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &threads_limit); + + for (i = 0; ap_loaded_modules[i]; ++i) { + module *m = ap_loaded_modules[i]; + if (!strcmp("event.c", m->name)) { + mpm_type = H2_MPM_EVENT; + mpm_module = m; + } + else if (!strcmp("worker.c", m->name)) { + mpm_type = H2_MPM_WORKER; + mpm_module = m; + } + else if (!strcmp("prefork.c", m->name)) { + mpm_type = H2_MPM_PREFORK; + mpm_module = m; + } + else if (!strcmp("mod_ssl.c", m->name)) { + ssl_module = m; + } + } + + if (minw <= 0) { + minw = max_threads_per_child; + } + if (maxw <= 0) { + maxw = threads_limit; + if (maxw < minw) { + maxw = minw; + } + } + + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + "h2_workers: min=%d max=%d, mthrpchild=%d, thr_limit=%d", + minw, maxw, max_threads_per_child, threads_limit); + + workers = h2_workers_create(s, pool, minw, maxw); + idle_secs = h2_config_geti(config, H2_CONF_MAX_WORKER_IDLE_SECS); + h2_workers_set_max_idle_secs(workers, idle_secs); + + return status; +} + +h2_mpm_type_t h2_conn_mpm_type(void) { + check_modules(); + return mpm_type; +} + +static module *h2_conn_mpm_module(void) { + check_modules(); + return mpm_module; +} + +apr_status_t h2_conn_rprocess(request_rec *r) +{ + h2_config *config = h2_config_rget(r); + h2_session *session; + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "h2_conn_process start"); + if (!workers) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02911) + "workers not initialized"); + return APR_EGENERAL; + } + + session = h2_session_rcreate(r, config, workers); + if (!session) { + return APR_EGENERAL; + } + + return h2_session_process(session); +} + +apr_status_t h2_conn_main(conn_rec *c) +{ + h2_config *config = h2_config_get(c); + h2_session *session; + apr_status_t status; + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "h2_conn_main start"); + if (!workers) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02912) + "workers not initialized"); + return APR_EGENERAL; + } + + session = h2_session_create(c, config, workers); + if (!session) { + return APR_EGENERAL; + } + + status = h2_session_process(session); + + /* Make sure this connection gets closed properly. */ + c->keepalive = AP_CONN_CLOSE; + if (c->cs) { + c->cs->state = CONN_STATE_WRITE_COMPLETION; + } + + return status; +} + +apr_status_t h2_session_process(h2_session *session) +{ + apr_status_t status = APR_SUCCESS; + int rv = 0; + apr_interval_time_t wait_micros = 0; + static const int MAX_WAIT_MICROS = 200 * 1000; + + /* Start talking to the client. Apart from protocol meta data, + * we mainly will see new http/2 streams opened by the client, which + * basically are http requests we need to dispatch. + * + * There will be bursts of new streams, to be served concurrently, + * followed by long pauses of no activity. + * + * Since the purpose of http/2 is to allow siumultaneous streams, we + * need to dispatch the handling of each stream into a separate worker + * thread, keeping this thread open for sending responses back as + * soon as they arrive. + * At the same time, we need to continue reading new frames from + * our client, which may be meta (WINDOWS_UPDATEs, PING, SETTINGS) or + * new streams. + * + * As long as we have streams open in this session, we cannot really rest + * since there are two conditions to wait on: 1. new data from the client, + * 2. new data from the open streams to send back. + * + * Only when we have no more streams open, can we do a blocking read + * on our connection. + * + * TODO: implement graceful GO_AWAY after configurable idle time + */ + + ap_update_child_status_from_conn(session->c->sbh, SERVER_BUSY_READ, + session->c); + + if (APLOGctrace2(session->c)) { + ap_filter_t *filter = session->c->input_filters; + while (filter) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, session->c, + "h2_conn(%ld), has connection filter %s", + session->id, filter->frec->name); + filter = filter->next; + } + } + + status = h2_session_start(session, &rv); + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, session->c, + "h2_session(%ld): starting on %s:%d", session->id, + session->c->base_server->defn_name, + session->c->local_addr->port); + if (status != APR_SUCCESS) { + h2_session_abort(session, status, rv); + h2_session_destroy(session); + return status; + } + + while (!h2_session_is_done(session)) { + int have_written = 0; + int have_read = 0; + int got_streams; + + status = h2_session_write(session, wait_micros); + if (status == APR_SUCCESS) { + have_written = 1; + wait_micros = 0; + } + else if (status == APR_EAGAIN) { + /* nop */ + } + else if (status == APR_TIMEUP) { + wait_micros *= 2; + if (wait_micros > MAX_WAIT_MICROS) { + wait_micros = MAX_WAIT_MICROS; + } + } + else { + ap_log_cerror( APLOG_MARK, APLOG_DEBUG, status, session->c, + "h2_session(%ld): writing, terminating", + session->id); + h2_session_abort(session, status, 0); + break; + } + + /* We would like to do blocking reads as often as possible as they + * are more efficient in regard to server resources. + * We can do them under the following circumstances: + * - we have no open streams and therefore have nothing to write + * - we have just started the session and are waiting for the first + * two frames to come in. There will always be at least 2 frames as + * * h2 will send SETTINGS and SETTINGS-ACK + * * h2c will count the header settings as one frame and we + * submit our settings and need the ACK. + */ + got_streams = !h2_stream_set_is_empty(session->streams); + status = h2_session_read(session, + (!got_streams + || session->frames_received <= 1)? + APR_BLOCK_READ : APR_NONBLOCK_READ); + switch (status) { + case APR_SUCCESS: /* successful read, reset our idle timers */ + have_read = 1; + wait_micros = 0; + break; + case APR_EAGAIN: /* non-blocking read, nothing there */ + break; + case APR_EBADF: /* connection is not there any more */ + case APR_EOF: + case APR_ECONNABORTED: + case APR_ECONNRESET: + case APR_TIMEUP: /* blocked read, timed out */ + ap_log_cerror( APLOG_MARK, APLOG_DEBUG, status, session->c, + "h2_session(%ld): reading", + session->id); + h2_session_abort(session, status, 0); + break; + default: + ap_log_cerror( APLOG_MARK, APLOG_INFO, status, session->c, + APLOGNO(02950) + "h2_session(%ld): error reading, terminating", + session->id); + h2_session_abort(session, status, 0); + break; + } + + if (!have_read && !have_written + && !h2_stream_set_is_empty(session->streams)) { + /* Nothing to read or write, we have streams, but + * the have no data yet ready to be delivered. Slowly + * back off to give others a chance to do their work. + */ + if (wait_micros == 0) { + wait_micros = 10; + } + } + } + + ap_log_cerror( APLOG_MARK, APLOG_DEBUG, status, session->c, + "h2_session(%ld): done", session->id); + + ap_update_child_status_from_conn(session->c->sbh, SERVER_CLOSING, + session->c); + + h2_session_close(session); + h2_session_destroy(session); + + return DONE; +} + + +static void fix_event_conn(conn_rec *c, conn_rec *master); + +/* + * We would like to create the connection more lightweight like + * slave connections in 2.5-DEV. But we get 500 responses on long + * cgi tests in modules/h2.t as the script parsing seems to see an + * EOF from the cgi before anything is sent. + * +conn_rec *h2_conn_create(conn_rec *master, apr_pool_t *pool) +{ + conn_rec *c = (conn_rec *) apr_palloc(pool, sizeof(conn_rec)); + + memcpy(c, master, sizeof(conn_rec)); + c->id = (master->id & (long)pool); + c->slaves = NULL; + c->master = master; + c->input_filters = NULL; + c->output_filters = NULL; + c->pool = pool; + + return c; +} +*/ + +conn_rec *h2_conn_create(conn_rec *master, apr_pool_t *pool) +{ + apr_socket_t *socket; + conn_rec *c; + + AP_DEBUG_ASSERT(master); + + /* CAVEAT: it seems necessary to setup the conn_rec in the master + * connection thread. Other attempts crashed. + * HOWEVER: we setup the connection using the pools and other items + * from the master connection, since we do not want to allocate + * lots of resources here. + * Lets allocated pools and everything else when we actually start + * working on this new connection. + */ + /* Not sure about the scoreboard handle. Reusing the one from the main + * connection could make sense, is not really correct, but we cannot + * easily create new handles for our worker threads either. + * TODO + */ + socket = ap_get_module_config(master->conn_config, &core_module); + c = ap_run_create_connection(pool, master->base_server, + socket, + master->id^((long)pool), + master->sbh, + master->bucket_alloc); + if (c == NULL) { + ap_log_perror(APLOG_MARK, APLOG_ERR, APR_ENOMEM, pool, + APLOGNO(02913) "h2_task: creating conn"); + return NULL; + } + return c; +} + +apr_status_t h2_conn_setup(h2_task_env *env, struct h2_worker *worker) +{ + conn_rec *master = env->mplx->c; + + ap_log_perror(APLOG_MARK, APLOG_TRACE3, 0, env->pool, + "h2_conn(%ld): created from master", master->id); + + /* Ok, we are just about to start processing the connection and + * the worker is calling us to setup all necessary resources. + * We can borrow some from the worker itself and some we do as + * sub-resources from it, so that we get a nice reuse of + * pools. + */ + env->c.pool = env->pool; + env->c.bucket_alloc = h2_worker_get_bucket_alloc(worker); + env->c.current_thread = h2_worker_get_thread(worker); + + env->c.conn_config = ap_create_conn_config(env->pool); + env->c.notes = apr_table_make(env->pool, 5); + + ap_set_module_config(env->c.conn_config, &core_module, + h2_worker_get_socket(worker)); + + /* If we serve http:// requests over a TLS connection, we do + * not want any mod_ssl vars to be visible. + */ + if (ssl_module && (!env->scheme || strcmp("http", env->scheme))) { + /* See #19, there is a range of SSL variables to be gotten from + * the main connection that should be available in request handlers + */ + void *sslcfg = ap_get_module_config(master->conn_config, ssl_module); + if (sslcfg) { + ap_set_module_config(env->c.conn_config, ssl_module, sslcfg); + } + } + + /* This works for mpm_worker so far. Other mpm modules have + * different needs, unfortunately. The most interesting one + * being mpm_event... + */ + switch (h2_conn_mpm_type()) { + case H2_MPM_WORKER: + /* all fine */ + break; + case H2_MPM_EVENT: + fix_event_conn(&env->c, master); + break; + default: + /* fingers crossed */ + break; + } + + /* TODO: we simulate that we had already a request on this connection. + * This keeps the mod_ssl SNI vs. Host name matcher from answering + * 400 Bad Request + * when names do not match. We prefer a predictable 421 status. + */ + env->c.keepalives = 1; + + return APR_SUCCESS; +} + +apr_status_t h2_conn_post(conn_rec *c, h2_worker *worker) +{ + (void)worker; + + /* be sure no one messes with this any more */ + memset(c, 0, sizeof(*c)); + return APR_SUCCESS; +} + +apr_status_t h2_conn_process(conn_rec *c, apr_socket_t *socket) +{ + AP_DEBUG_ASSERT(c); + + c->clogging_input_filters = 1; + ap_process_connection(c, socket); + + return APR_SUCCESS; +} + +/* This is an internal mpm event.c struct which is disguised + * as a conn_state_t so that mpm_event can have special connection + * state information without changing the struct seen on the outside. + * + * For our task connections we need to create a new beast of this type + * and fill it with enough meaningful things that mpm_event reads and + * starts processing out task request. + */ +typedef struct event_conn_state_t event_conn_state_t; +struct event_conn_state_t { + /** APR_RING of expiration timeouts */ + APR_RING_ENTRY(event_conn_state_t) timeout_list; + /** the expiration time of the next keepalive timeout */ + apr_time_t expiration_time; + /** connection record this struct refers to */ + conn_rec *c; + /** request record (if any) this struct refers to */ + request_rec *r; + /** is the current conn_rec suspended? (disassociated with + * a particular MPM thread; for suspend_/resume_connection + * hooks) + */ + int suspended; + /** memory pool to allocate from */ + apr_pool_t *p; + /** bucket allocator */ + apr_bucket_alloc_t *bucket_alloc; + /** poll file descriptor information */ + apr_pollfd_t pfd; + /** public parts of the connection state */ + conn_state_t pub; +}; +APR_RING_HEAD(timeout_head_t, event_conn_state_t); + +static void fix_event_conn(conn_rec *c, conn_rec *master) +{ + event_conn_state_t *master_cs = ap_get_module_config(master->conn_config, + h2_conn_mpm_module()); + event_conn_state_t *cs = apr_pcalloc(c->pool, sizeof(event_conn_state_t)); + cs->bucket_alloc = apr_bucket_alloc_create(c->pool); + + ap_set_module_config(c->conn_config, h2_conn_mpm_module(), cs); + + cs->c = c; + cs->r = NULL; + cs->p = master_cs->p; + cs->pfd = master_cs->pfd; + cs->pub = master_cs->pub; + cs->pub.state = CONN_STATE_READ_REQUEST_LINE; + + c->cs = &(cs->pub); +} + diff --git a/modules/http2/h2_conn.h b/modules/http2/h2_conn.h new file mode 100644 index 00000000..49a70db8 --- /dev/null +++ b/modules/http2/h2_conn.h @@ -0,0 +1,60 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_conn__ +#define __mod_h2__h2_conn__ + +struct h2_task; +struct h2_task_env; +struct h2_worker; + +/* Process the connection that is now starting the HTTP/2 + * conversation. Return when the HTTP/2 session is done + * and the connection will close. + */ +apr_status_t h2_conn_main(conn_rec *c); + +/* Process the request that has been upgraded to a HTTP/2 + * conversation. Return when the HTTP/2 session is done + * and the connection will close. + */ +apr_status_t h2_conn_rprocess(request_rec *r); + +/* Initialize this child process for h2 connection work, + * to be called once during child init before multi processing + * starts. + */ +apr_status_t h2_conn_child_init(apr_pool_t *pool, server_rec *s); + + +typedef enum { + H2_MPM_UNKNOWN, + H2_MPM_WORKER, + H2_MPM_EVENT, + H2_MPM_PREFORK, +} h2_mpm_type_t; + +/* Returns the type of MPM module detected */ +h2_mpm_type_t h2_conn_mpm_type(void); + + +conn_rec *h2_conn_create(conn_rec *master, apr_pool_t *stream_pool); + +apr_status_t h2_conn_setup(struct h2_task_env *env, struct h2_worker *worker); +apr_status_t h2_conn_post(conn_rec *c, struct h2_worker *worker); + +apr_status_t h2_conn_process(conn_rec *c, apr_socket_t *socket); + +#endif /* defined(__mod_h2__h2_conn__) */ diff --git a/modules/http2/h2_conn_io.c b/modules/http2/h2_conn_io.c new file mode 100644 index 00000000..08d00a4f --- /dev/null +++ b/modules/http2/h2_conn_io.c @@ -0,0 +1,312 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include + +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_config.h" +#include "h2_conn_io.h" +#include "h2_h2.h" +#include "h2_util.h" + +#define WRITE_BUFFER_SIZE (64*1024) +#define WRITE_SIZE_INITIAL 1300 +#define WRITE_SIZE_MAX (16*1024) +#define WRITE_SIZE_IDLE_USEC (1*APR_USEC_PER_SEC) +#define WRITE_SIZE_THRESHOLD (1*1024*1024) + +apr_status_t h2_conn_io_init(h2_conn_io *io, conn_rec *c) +{ + io->connection = c; + io->input = apr_brigade_create(c->pool, c->bucket_alloc); + io->output = apr_brigade_create(c->pool, c->bucket_alloc); + io->buflen = 0; + /* That is where we start with, + * see https://issues.apache.org/jira/browse/TS-2503 */ + io->write_size = WRITE_SIZE_INITIAL; + io->last_write = 0; + io->buffer_output = h2_h2_is_tls(c); + + /* Currently we buffer only for TLS output. The reason this gives + * improved performance is that buckets send to the mod_ssl network + * filter will be encrypted in chunks. There is a special filter + * that tries to aggregate data, but that does not work well when + * bucket sizes alternate between tiny frame headers and large data + * chunks. + */ + if (io->buffer_output) { + io->bufsize = WRITE_BUFFER_SIZE; + io->buffer = apr_pcalloc(c->pool, io->bufsize); + } + else { + io->bufsize = 0; + } + + return APR_SUCCESS; +} + +void h2_conn_io_destroy(h2_conn_io *io) +{ + io->input = NULL; + io->output = NULL; +} + +static apr_status_t h2_conn_io_bucket_read(h2_conn_io *io, + apr_read_type_e block, + h2_conn_io_on_read_cb on_read_cb, + void *puser, int *pdone) +{ + apr_status_t status = APR_SUCCESS; + apr_size_t readlen = 0; + *pdone = 0; + + while (status == APR_SUCCESS && !*pdone + && !APR_BRIGADE_EMPTY(io->input)) { + + apr_bucket* bucket = APR_BRIGADE_FIRST(io->input); + if (APR_BUCKET_IS_METADATA(bucket)) { + /* we do nothing regarding any meta here */ + } + else { + const char *bucket_data = NULL; + apr_size_t bucket_length = 0; + status = apr_bucket_read(bucket, &bucket_data, + &bucket_length, block); + + if (status == APR_SUCCESS && bucket_length > 0) { + if (APLOGctrace2(io->connection)) { + char buffer[32]; + h2_util_hex_dump(buffer, sizeof(buffer)/sizeof(buffer[0]), + bucket_data, bucket_length); + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, io->connection, + "h2_conn_io(%ld): read %d bytes: %s", + io->connection->id, (int)bucket_length, buffer); + } + + if (bucket_length > 0) { + apr_size_t consumed = 0; + status = on_read_cb(bucket_data, bucket_length, + &consumed, pdone, puser); + if (status == APR_SUCCESS && bucket_length > consumed) { + /* We have data left in the bucket. Split it. */ + status = apr_bucket_split(bucket, consumed); + } + readlen += consumed; + } + } + } + apr_bucket_delete(bucket); + } + if (readlen == 0 && status == APR_SUCCESS && block == APR_NONBLOCK_READ) { + return APR_EAGAIN; + } + return status; +} + +apr_status_t h2_conn_io_read(h2_conn_io *io, + apr_read_type_e block, + h2_conn_io_on_read_cb on_read_cb, + void *puser) +{ + apr_status_t status; + int done = 0; + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, io->connection, + "h2_conn_io: try read, block=%d", block); + + if (!APR_BRIGADE_EMPTY(io->input)) { + /* Seems something is left from a previous read, lets + * satisfy our caller with the data we already have. */ + status = h2_conn_io_bucket_read(io, block, on_read_cb, puser, &done); + if (status != APR_SUCCESS || done) { + return status; + } + apr_brigade_cleanup(io->input); + } + + /* We only do a blocking read when we have no streams to process. So, + * in httpd scoreboard lingo, we are in a KEEPALIVE connection state. + * When reading non-blocking, we do have streams to process and update + * child with NULL request. That way, any current request information + * in the scoreboard is preserved. + */ + if (block == APR_BLOCK_READ) { + ap_update_child_status_from_conn(io->connection->sbh, + SERVER_BUSY_KEEPALIVE, + io->connection); + } + else { + ap_update_child_status(io->connection->sbh, SERVER_BUSY_READ, NULL); + } + + status = ap_get_brigade(io->connection->input_filters, + io->input, AP_MODE_READBYTES, + block, 16 * 4096); + switch (status) { + case APR_SUCCESS: + return h2_conn_io_bucket_read(io, block, on_read_cb, puser, &done); + case APR_EOF: + case APR_EAGAIN: + break; + default: + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, io->connection, + "h2_conn_io: error reading"); + break; + } + return status; +} + +static apr_status_t flush_out(apr_bucket_brigade *bb, void *ctx) +{ + h2_conn_io *io = (h2_conn_io*)ctx; + apr_status_t status; + apr_off_t bblen; + + ap_update_child_status(io->connection->sbh, SERVER_BUSY_WRITE, NULL); + status = apr_brigade_length(bb, 1, &bblen); + if (status == APR_SUCCESS) { + status = ap_pass_brigade(io->connection->output_filters, bb); + if (status == APR_SUCCESS) { + io->bytes_written += (apr_size_t)bblen; + io->last_write = apr_time_now(); + } + apr_brigade_cleanup(bb); + } + return status; +} + +static apr_status_t bucketeer_buffer(h2_conn_io *io) { + const char *data = io->buffer; + apr_size_t remaining = io->buflen; + apr_bucket *b; + int bcount, i; + + if (io->write_size > WRITE_SIZE_INITIAL + && (apr_time_now() - io->last_write) >= WRITE_SIZE_IDLE_USEC) { + /* long time not written, reset write size */ + io->write_size = WRITE_SIZE_INITIAL; + io->bytes_written = 0; + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, io->connection, + "h2_conn_io(%ld): timeout write size reset to %ld", + (long)io->connection->id, (long)io->write_size); + } + else if (io->write_size < WRITE_SIZE_MAX + && io->bytes_written >= WRITE_SIZE_THRESHOLD) { + /* connection is hot, use max size */ + io->write_size = WRITE_SIZE_MAX; + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, io->connection, + "h2_conn_io(%ld): threshold reached, write size now %ld", + (long)io->connection->id, (long)io->write_size); + } + + bcount = (int)(remaining / io->write_size); + for (i = 0; i < bcount; ++i) { + b = apr_bucket_transient_create(data, io->write_size, + io->output->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(io->output, b); + data += io->write_size; + remaining -= io->write_size; + } + + if (remaining > 0) { + b = apr_bucket_transient_create(data, remaining, + io->output->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(io->output, b); + } + return APR_SUCCESS; +} + +apr_status_t h2_conn_io_write(h2_conn_io *io, + const char *buf, size_t length) +{ + apr_status_t status = APR_SUCCESS; + io->unflushed = 1; + + if (io->buffer_output) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, io->connection, + "h2_conn_io: buffering %ld bytes", (long)length); + while (length > 0 && (status == APR_SUCCESS)) { + apr_size_t avail = io->bufsize - io->buflen; + if (avail <= 0) { + bucketeer_buffer(io); + status = flush_out(io->output, io); + io->buflen = 0; + } + else if (length > avail) { + memcpy(io->buffer + io->buflen, buf, avail); + io->buflen += avail; + length -= avail; + buf += avail; + } + else { + memcpy(io->buffer + io->buflen, buf, length); + io->buflen += length; + length = 0; + break; + } + } + + } + else { + status = apr_brigade_write(io->output, flush_out, io, buf, length); + if (status != APR_SUCCESS) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, io->connection, + "h2_conn_io: write error"); + } + } + + return status; +} + + +apr_status_t h2_conn_io_flush(h2_conn_io *io) +{ + if (io->unflushed) { + apr_status_t status; + if (io->buflen > 0) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, io->connection, + "h2_conn_io: flush, flushing %ld bytes", (long)io->buflen); + bucketeer_buffer(io); + io->buflen = 0; + } + /* Append flush. + */ + APR_BRIGADE_INSERT_TAIL(io->output, + apr_bucket_flush_create(io->output->bucket_alloc)); + + /* Send it out through installed filters (TLS) to the client */ + status = flush_out(io->output, io); + + if (status == APR_SUCCESS) { + /* These are all fine and no reason for concern. Everything else + * is interesting. */ + io->unflushed = 0; + } + else { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, io->connection, + "h2_conn_io: flush error"); + } + + return status; + } + return APR_SUCCESS; +} + diff --git a/modules/http2/h2_conn_io.h b/modules/http2/h2_conn_io.h new file mode 100644 index 00000000..084445ef --- /dev/null +++ b/modules/http2/h2_conn_io.h @@ -0,0 +1,58 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_conn_io__ +#define __mod_h2__h2_conn_io__ + +/* h2_io is the basic handler of a httpd connection. It keeps two brigades, + * one for input, one for output and works with the installed connection + * filters. + * The read is done via a callback function, so that input can be processed + * directly without copying. + */ +typedef struct { + conn_rec *connection; + apr_bucket_brigade *input; + apr_bucket_brigade *output; + int buffer_output; + int write_size; + apr_time_t last_write; + apr_size_t bytes_written; + + char *buffer; + apr_size_t buflen; + apr_size_t bufsize; + int unflushed; +} h2_conn_io; + +apr_status_t h2_conn_io_init(h2_conn_io *io, conn_rec *c); +void h2_conn_io_destroy(h2_conn_io *io); + +typedef apr_status_t (*h2_conn_io_on_read_cb)(const char *data, apr_size_t len, + apr_size_t *readlen, int *done, + void *puser); + +apr_status_t h2_conn_io_read(h2_conn_io *io, + apr_read_type_e block, + h2_conn_io_on_read_cb on_read_cb, + void *puser); + +apr_status_t h2_conn_io_write(h2_conn_io *io, + const char *buf, + size_t length); + +apr_status_t h2_conn_io_flush(h2_conn_io *io); + +#endif /* defined(__mod_h2__h2_conn_io__) */ diff --git a/modules/http2/h2_ctx.c b/modules/http2/h2_ctx.c new file mode 100644 index 00000000..422835c2 --- /dev/null +++ b/modules/http2/h2_ctx.c @@ -0,0 +1,90 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include +#include + +#include "h2_private.h" +#include "h2_task.h" +#include "h2_ctx.h" +#include "h2_private.h" + +static h2_ctx *h2_ctx_create(const conn_rec *c) +{ + h2_ctx *ctx = apr_pcalloc(c->pool, sizeof(h2_ctx)); + AP_DEBUG_ASSERT(ctx); + ap_set_module_config(c->conn_config, &http2_module, ctx); + return ctx; +} + +h2_ctx *h2_ctx_create_for(const conn_rec *c, h2_task_env *env) +{ + h2_ctx *ctx = h2_ctx_create(c); + if (ctx) { + ctx->task_env = env; + } + return ctx; +} + +h2_ctx *h2_ctx_get(const conn_rec *c) +{ + h2_ctx *ctx = (h2_ctx*)ap_get_module_config(c->conn_config, &http2_module); + if (ctx == NULL) { + ctx = h2_ctx_create(c); + } + return ctx; +} + +h2_ctx *h2_ctx_rget(const request_rec *r) +{ + return h2_ctx_get(r->connection); +} + +const char *h2_ctx_protocol_get(const conn_rec *c) +{ + h2_ctx *ctx = (h2_ctx*)ap_get_module_config(c->conn_config, &http2_module); + return ctx? ctx->protocol : NULL; +} + +h2_ctx *h2_ctx_protocol_set(h2_ctx *ctx, const char *proto) +{ + ctx->protocol = proto; + ctx->is_h2 = (proto != NULL); + return ctx; +} + +h2_ctx *h2_ctx_server_set(h2_ctx *ctx, server_rec *s) +{ + ctx->server = s; + return ctx; +} + +int h2_ctx_is_task(h2_ctx *ctx) +{ + return ctx && !!ctx->task_env; +} + +int h2_ctx_is_active(h2_ctx *ctx) +{ + return ctx && ctx->is_h2; +} + +struct h2_task_env *h2_ctx_get_task(h2_ctx *ctx) +{ + return ctx->task_env; +} diff --git a/modules/http2/h2_ctx.h b/modules/http2/h2_ctx.h new file mode 100644 index 00000000..86c59206 --- /dev/null +++ b/modules/http2/h2_ctx.h @@ -0,0 +1,63 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_ctx__ +#define __mod_h2__h2_ctx__ + +struct h2_task_env; +struct h2_config; + +/** + * The h2 module context associated with a connection. + * + * It keeps track of the different types of connections: + * - those from clients that use HTTP/2 protocol + * - those from clients that do not use HTTP/2 + * - those created by ourself to perform work on HTTP/2 streams + */ +typedef struct h2_ctx { + int is_h2; /* h2 engine is used */ + const char *protocol; /* the protocol negotiated */ + struct h2_task_env *task_env; /* the h2_task environment or NULL */ + const char *hostname; /* hostname negotiated via SNI, optional */ + server_rec *server; /* httpd server config selected. */ + struct h2_config *config; /* effective config in this context */ +} h2_ctx; + +h2_ctx *h2_ctx_get(const conn_rec *c); +h2_ctx *h2_ctx_rget(const request_rec *r); +h2_ctx *h2_ctx_create_for(const conn_rec *c, struct h2_task_env *env); + + +/* Set the h2 protocol established on this connection context or + * NULL when other protocols are in place. + */ +h2_ctx *h2_ctx_protocol_set(h2_ctx *ctx, const char *proto); + +/* Set the server_rec relevant for this context. + */ +h2_ctx *h2_ctx_server_set(h2_ctx *ctx, server_rec *s); + +/** + * Get the h2 protocol negotiated for this connection, or NULL. + */ +const char *h2_ctx_protocol_get(const conn_rec *c); + +int h2_ctx_is_task(h2_ctx *ctx); +int h2_ctx_is_active(h2_ctx *ctx); + +struct h2_task_env *h2_ctx_get_task(h2_ctx *ctx); + +#endif /* defined(__mod_h2__h2_ctx__) */ diff --git a/modules/http2/h2_from_h1.c b/modules/http2/h2_from_h1.c new file mode 100644 index 00000000..be11f5c3 --- /dev/null +++ b/modules/http2/h2_from_h1.c @@ -0,0 +1,570 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_response.h" +#include "h2_from_h1.h" +#include "h2_task.h" +#include "h2_task_output.h" +#include "h2_util.h" + + +static void set_state(h2_from_h1 *from_h1, h2_from_h1_state_t state); + +h2_from_h1 *h2_from_h1_create(int stream_id, apr_pool_t *pool) +{ + h2_from_h1 *from_h1 = apr_pcalloc(pool, sizeof(h2_from_h1)); + if (from_h1) { + from_h1->stream_id = stream_id; + from_h1->pool = pool; + from_h1->state = H2_RESP_ST_STATUS_LINE; + from_h1->hlines = apr_array_make(pool, 10, sizeof(char *)); + } + return from_h1; +} + +apr_status_t h2_from_h1_destroy(h2_from_h1 *from_h1) +{ + if (from_h1->response) { + h2_response_destroy(from_h1->response); + from_h1->response = NULL; + } + from_h1->bb = NULL; + return APR_SUCCESS; +} + +h2_from_h1_state_t h2_from_h1_get_state(h2_from_h1 *from_h1) +{ + return from_h1->state; +} + +static void set_state(h2_from_h1 *from_h1, h2_from_h1_state_t state) +{ + if (from_h1->state != state) { + from_h1->state = state; + } +} + +h2_response *h2_from_h1_get_response(h2_from_h1 *from_h1) +{ + return from_h1->response; +} + +static apr_status_t make_h2_headers(h2_from_h1 *from_h1, request_rec *r) +{ + from_h1->response = h2_response_create(from_h1->stream_id, + from_h1->status, from_h1->hlines, + from_h1->pool); + if (from_h1->response == NULL) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_EINVAL, r->connection, + APLOGNO(02915) + "h2_from_h1(%d): unable to create resp_head", + from_h1->stream_id); + return APR_EINVAL; + } + from_h1->content_length = from_h1->response->content_length; + from_h1->chunked = r->chunked; + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, r->connection, + "h2_from_h1(%d): converted headers, content-length: %d" + ", chunked=%d", + from_h1->stream_id, (int)from_h1->content_length, + (int)from_h1->chunked); + + set_state(from_h1, ((from_h1->chunked || from_h1->content_length > 0)? + H2_RESP_ST_BODY : H2_RESP_ST_DONE)); + /* We are ready to be sent to the client */ + return APR_SUCCESS; +} + +static apr_status_t parse_header(h2_from_h1 *from_h1, ap_filter_t* f, + char *line) { + (void)f; + + if (line[0] == ' ' || line[0] == '\t') { + char **plast; + /* continuation line from the header before this */ + while (line[0] == ' ' || line[0] == '\t') { + ++line; + } + + plast = apr_array_pop(from_h1->hlines); + if (plast == NULL) { + /* not well formed */ + return APR_EINVAL; + } + APR_ARRAY_PUSH(from_h1->hlines, const char*) = apr_psprintf(from_h1->pool, "%s %s", *plast, line); + } + else { + /* new header line */ + APR_ARRAY_PUSH(from_h1->hlines, const char*) = apr_pstrdup(from_h1->pool, line); + } + return APR_SUCCESS; +} + +static apr_status_t get_line(h2_from_h1 *from_h1, apr_bucket_brigade *bb, + ap_filter_t* f, char *line, apr_size_t len) +{ + apr_status_t status; + if (!from_h1->bb) { + from_h1->bb = apr_brigade_create(from_h1->pool, f->c->bucket_alloc); + } + else { + apr_brigade_cleanup(from_h1->bb); + } + status = apr_brigade_split_line(from_h1->bb, bb, + APR_BLOCK_READ, + HUGE_STRING_LEN); + if (status == APR_SUCCESS) { + --len; + status = apr_brigade_flatten(from_h1->bb, line, &len); + if (status == APR_SUCCESS) { + /* we assume a non-0 containing line and remove + * trailing crlf. */ + line[len] = '\0'; + if (len >= 2 && !strcmp(H2_CRLF, line + len - 2)) { + len -= 2; + line[len] = '\0'; + } + + apr_brigade_cleanup(from_h1->bb); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, + "h2_from_h1(%d): read line: %s", + from_h1->stream_id, line); + } + } + return status; +} + +apr_status_t h2_from_h1_read_response(h2_from_h1 *from_h1, ap_filter_t* f, + apr_bucket_brigade* bb) +{ + apr_status_t status = APR_SUCCESS; + char line[HUGE_STRING_LEN]; + + if ((from_h1->state == H2_RESP_ST_BODY) + || (from_h1->state == H2_RESP_ST_DONE)) { + if (from_h1->chunked) { + /* The httpd core HTTP_HEADER filter has or will install the + * "CHUNK" output transcode filter, which appears further down + * the filter chain. We do not want it for HTTP/2. + * Once we successfully deinstalled it, this filter has no + * further function and we remove it. + */ + status = ap_remove_output_filter_byhandle(f->r->output_filters, + "CHUNK"); + if (status == APR_SUCCESS) { + ap_remove_output_filter(f); + } + } + + return ap_pass_brigade(f->next, bb); + } + + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, + "h2_from_h1(%d): read_response", from_h1->stream_id); + + while (!APR_BRIGADE_EMPTY(bb) && status == APR_SUCCESS) { + + switch (from_h1->state) { + + case H2_RESP_ST_STATUS_LINE: + case H2_RESP_ST_HEADERS: + status = get_line(from_h1, bb, f, line, sizeof(line)); + if (status != APR_SUCCESS) { + return status; + } + if (from_h1->state == H2_RESP_ST_STATUS_LINE) { + /* instead of parsing, just take it directly */ + from_h1->status = apr_psprintf(from_h1->pool, + "%d", f->r->status); + from_h1->state = H2_RESP_ST_HEADERS; + } + else if (line[0] == '\0') { + /* end of headers, create the h2_response and + * pass the rest of the brigade down the filter + * chain. + */ + status = make_h2_headers(from_h1, f->r); + if (from_h1->bb) { + apr_brigade_destroy(from_h1->bb); + from_h1->bb = NULL; + } + if (!APR_BRIGADE_EMPTY(bb)) { + return ap_pass_brigade(f->next, bb); + } + } + else { + status = parse_header(from_h1, f, line); + } + break; + + default: + return ap_pass_brigade(f->next, bb); + } + + } + + return status; +} + +/* This routine is called by apr_table_do and merges all instances of + * the passed field values into a single array that will be further + * processed by some later routine. Originally intended to help split + * and recombine multiple Vary fields, though it is generic to any field + * consisting of comma/space-separated tokens. + */ +static int uniq_field_values(void *d, const char *key, const char *val) +{ + apr_array_header_t *values; + char *start; + char *e; + char **strpp; + int i; + + (void)key; + values = (apr_array_header_t *)d; + + e = apr_pstrdup(values->pool, val); + + do { + /* Find a non-empty fieldname */ + + while (*e == ',' || apr_isspace(*e)) { + ++e; + } + if (*e == '\0') { + break; + } + start = e; + while (*e != '\0' && *e != ',' && !apr_isspace(*e)) { + ++e; + } + if (*e != '\0') { + *e++ = '\0'; + } + + /* Now add it to values if it isn't already represented. + * Could be replaced by a ap_array_strcasecmp() if we had one. + */ + for (i = 0, strpp = (char **) values->elts; i < values->nelts; + ++i, ++strpp) { + if (*strpp && strcasecmp(*strpp, start) == 0) { + break; + } + } + if (i == values->nelts) { /* if not found */ + *(char **)apr_array_push(values) = start; + } + } while (*e != '\0'); + + return 1; +} + +/* + * Since some clients choke violently on multiple Vary fields, or + * Vary fields with duplicate tokens, combine any multiples and remove + * any duplicates. + */ +static void fix_vary(request_rec *r) +{ + apr_array_header_t *varies; + + varies = apr_array_make(r->pool, 5, sizeof(char *)); + + /* Extract all Vary fields from the headers_out, separate each into + * its comma-separated fieldname values, and then add them to varies + * if not already present in the array. + */ + apr_table_do((int (*)(void *, const char *, const char *))uniq_field_values, + (void *) varies, r->headers_out, "Vary", NULL); + + /* If we found any, replace old Vary fields with unique-ified value */ + + if (varies->nelts > 0) { + apr_table_setn(r->headers_out, "Vary", + apr_array_pstrcat(r->pool, varies, ',')); + } +} + +static void set_basic_http_header(request_rec *r, apr_table_t *headers) +{ + char *date = NULL; + const char *proxy_date = NULL; + const char *server = NULL; + const char *us = ap_get_server_banner(); + + /* + * keep the set-by-proxy server and date headers, otherwise + * generate a new server header / date header + */ + if (r->proxyreq != PROXYREQ_NONE) { + proxy_date = apr_table_get(r->headers_out, "Date"); + if (!proxy_date) { + /* + * proxy_date needs to be const. So use date for the creation of + * our own Date header and pass it over to proxy_date later to + * avoid a compiler warning. + */ + date = apr_palloc(r->pool, APR_RFC822_DATE_LEN); + ap_recent_rfc822_date(date, r->request_time); + } + server = apr_table_get(r->headers_out, "Server"); + } + else { + date = apr_palloc(r->pool, APR_RFC822_DATE_LEN); + ap_recent_rfc822_date(date, r->request_time); + } + + apr_table_setn(headers, "Date", proxy_date ? proxy_date : date ); + apr_table_unset(r->headers_out, "Date"); + + if (!server && *us) { + server = us; + } + if (server) { + apr_table_setn(headers, "Server", server); + apr_table_unset(r->headers_out, "Server"); + } +} + +static int copy_header(void *ctx, const char *name, const char *value) +{ + apr_table_t *headers = ctx; + + apr_table_addn(headers, name, value); + return 1; +} + +static h2_response *create_response(h2_from_h1 *from_h1, request_rec *r) +{ + const char *clheader; + const char *ctype; + apr_table_t *headers; + /* + * Now that we are ready to send a response, we need to combine the two + * header field tables into a single table. If we don't do this, our + * later attempts to set or unset a given fieldname might be bypassed. + */ + if (!apr_is_empty_table(r->err_headers_out)) { + r->headers_out = apr_table_overlay(r->pool, r->err_headers_out, + r->headers_out); + } + + /* + * Remove the 'Vary' header field if the client can't handle it. + * Since this will have nasty effects on HTTP/1.1 caches, force + * the response into HTTP/1.0 mode. + */ + if (apr_table_get(r->subprocess_env, "force-no-vary") != NULL) { + apr_table_unset(r->headers_out, "Vary"); + r->proto_num = HTTP_VERSION(1,0); + apr_table_setn(r->subprocess_env, "force-response-1.0", "1"); + } + else { + fix_vary(r); + } + + /* + * Now remove any ETag response header field if earlier processing + * says so (such as a 'FileETag None' directive). + */ + if (apr_table_get(r->notes, "no-etag") != NULL) { + apr_table_unset(r->headers_out, "ETag"); + } + + /* determine the protocol and whether we should use keepalives. */ + ap_set_keepalive(r); + + if (r->chunked) { + apr_table_unset(r->headers_out, "Content-Length"); + } + + ctype = ap_make_content_type(r, r->content_type); + if (ctype) { + apr_table_setn(r->headers_out, "Content-Type", ctype); + } + + if (r->content_encoding) { + apr_table_setn(r->headers_out, "Content-Encoding", + r->content_encoding); + } + + if (!apr_is_empty_array(r->content_languages)) { + int i; + char *token; + char **languages = (char **)(r->content_languages->elts); + const char *field = apr_table_get(r->headers_out, "Content-Language"); + + while (field && (token = ap_get_list_item(r->pool, &field)) != NULL) { + for (i = 0; i < r->content_languages->nelts; ++i) { + if (!strcasecmp(token, languages[i])) + break; + } + if (i == r->content_languages->nelts) { + *((char **) apr_array_push(r->content_languages)) = token; + } + } + + field = apr_array_pstrcat(r->pool, r->content_languages, ','); + apr_table_setn(r->headers_out, "Content-Language", field); + } + + /* + * Control cachability for non-cachable responses if not already set by + * some other part of the server configuration. + */ + if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) { + char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN); + ap_recent_rfc822_date(date, r->request_time); + apr_table_addn(r->headers_out, "Expires", date); + } + + /* This is a hack, but I can't find anyway around it. The idea is that + * we don't want to send out 0 Content-Lengths if it is a head request. + * This happens when modules try to outsmart the server, and return + * if they see a HEAD request. Apache 1.3 handlers were supposed to + * just return in that situation, and the core handled the HEAD. In + * 2.0, if a handler returns, then the core sends an EOS bucket down + * the filter stack, and the content-length filter computes a C-L of + * zero and that gets put in the headers, and we end up sending a + * zero C-L to the client. We can't just remove the C-L filter, + * because well behaved 2.0 handlers will send their data down the stack, + * and we will compute a real C-L for the head request. RBB + */ + if (r->header_only + && (clheader = apr_table_get(r->headers_out, "Content-Length")) + && !strcmp(clheader, "0")) { + apr_table_unset(r->headers_out, "Content-Length"); + } + + headers = apr_table_make(r->pool, 10); + + set_basic_http_header(r, headers); + if (r->status == HTTP_NOT_MODIFIED) { + apr_table_do((int (*)(void *, const char *, const char *)) copy_header, + (void *) headers, r->headers_out, + "ETag", + "Content-Location", + "Expires", + "Cache-Control", + "Vary", + "Warning", + "WWW-Authenticate", + "Proxy-Authenticate", + "Set-Cookie", + "Set-Cookie2", + NULL); + } + else { + apr_table_do((int (*)(void *, const char *, const char *)) copy_header, + (void *) headers, r->headers_out, NULL); + } + + return h2_response_rcreate(from_h1->stream_id, r, headers, r->pool); +} + +apr_status_t h2_response_output_filter(ap_filter_t *f, apr_bucket_brigade *bb) +{ + h2_task_env *env = f->ctx; + h2_from_h1 *from_h1 = env->output? env->output->from_h1 : NULL; + request_rec *r = f->r; + apr_bucket *b; + ap_bucket_error *eb = NULL; + + AP_DEBUG_ASSERT(from_h1 != NULL); + + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, + "h2_from_h1(%d): output_filter called", from_h1->stream_id); + + if (r->header_only && env->output && from_h1->response) { + /* throw away any data after we have compiled the response */ + apr_brigade_cleanup(bb); + return OK; + } + + for (b = APR_BRIGADE_FIRST(bb); + b != APR_BRIGADE_SENTINEL(bb); + b = APR_BUCKET_NEXT(b)) + { + if (AP_BUCKET_IS_ERROR(b) && !eb) { + eb = b->data; + continue; + } + /* + * If we see an EOC bucket it is a signal that we should get out + * of the way doing nothing. + */ + if (AP_BUCKET_IS_EOC(b)) { + ap_remove_output_filter(f); + ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c, + "h2_from_h1(%d): eoc bucket passed", + from_h1->stream_id); + return ap_pass_brigade(f->next, bb); + } + } + + if (eb) { + int st = eb->status; + apr_brigade_cleanup(bb); + ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c, + "h2_from_h1(%d): err bucket status=%d", + from_h1->stream_id, st); + ap_die(st, r); + return AP_FILTER_ERROR; + } + + from_h1->response = create_response(from_h1, r); + if (from_h1->response == NULL) { + ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c, + "h2_from_h1(%d): unable to create response", + from_h1->stream_id); + return APR_ENOMEM; + } + + if (r->header_only) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, + "h2_from_h1(%d): header_only, cleanup output brigade", + from_h1->stream_id); + apr_brigade_cleanup(bb); + return OK; + } + + r->sent_bodyct = 1; /* Whatever follows is real body stuff... */ + + ap_remove_output_filter(f); + if (APLOGctrace1(f->c)) { + apr_off_t len = 0; + apr_brigade_length(bb, 0, &len); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, + "h2_from_h1(%d): removed header filter, passing brigade " + "len=%ld", from_h1->stream_id, (long)len); + } + return ap_pass_brigade(f->next, bb); +} diff --git a/modules/http2/h2_from_h1.h b/modules/http2/h2_from_h1.h new file mode 100644 index 00000000..115a3142 --- /dev/null +++ b/modules/http2/h2_from_h1.h @@ -0,0 +1,82 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_from_h1__ +#define __mod_h2__h2_from_h1__ + +/** + * h2_from_h1 parses a HTTP/1.1 response into + * - response status + * - a list of header values + * - a series of bytes that represent the response body alone, without + * any meta data, such as inserted by chunked transfer encoding. + * + * All data is allocated from the stream memory pool. + * + * Again, see comments in h2_request: ideally we would take the headers + * and status from the httpd structures instead of parsing them here, but + * we need to have all handlers and filters involved in request/response + * processing, so this seems to be the way for now. + */ + +typedef enum { + H2_RESP_ST_STATUS_LINE, /* parsing http/1 status line */ + H2_RESP_ST_HEADERS, /* parsing http/1 response headers */ + H2_RESP_ST_BODY, /* transferring response body */ + H2_RESP_ST_DONE /* complete response converted */ +} h2_from_h1_state_t; + +struct h2_response; + +typedef struct h2_from_h1 h2_from_h1; + +struct h2_from_h1 { + int stream_id; + h2_from_h1_state_t state; + apr_pool_t *pool; + apr_bucket_brigade *bb; + + apr_size_t content_length; + int chunked; + + const char *status; + apr_array_header_t *hlines; + + struct h2_response *response; +}; + + +typedef void h2_from_h1_state_change_cb(struct h2_from_h1 *resp, + h2_from_h1_state_t prevstate, + void *cb_ctx); + +h2_from_h1 *h2_from_h1_create(int stream_id, apr_pool_t *pool); + +apr_status_t h2_from_h1_destroy(h2_from_h1 *response); + +void h2_from_h1_set_state_change_cb(h2_from_h1 *from_h1, + h2_from_h1_state_change_cb *callback, + void *cb_ctx); + +apr_status_t h2_from_h1_read_response(h2_from_h1 *from_h1, + ap_filter_t* f, apr_bucket_brigade* bb); + +struct h2_response *h2_from_h1_get_response(h2_from_h1 *from_h1); + +h2_from_h1_state_t h2_from_h1_get_state(h2_from_h1 *from_h1); + +apr_status_t h2_response_output_filter(ap_filter_t *f, apr_bucket_brigade *bb); + +#endif /* defined(__mod_h2__h2_from_h1__) */ diff --git a/modules/http2/h2_h2.c b/modules/http2/h2_h2.c new file mode 100644 index 00000000..221f5118 --- /dev/null +++ b/modules/http2/h2_h2.c @@ -0,0 +1,232 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "h2_private.h" + +#include "h2_stream.h" +#include "h2_task.h" +#include "h2_config.h" +#include "h2_ctx.h" +#include "h2_conn.h" +#include "h2_h2.h" + +const char *h2_tls_protos[] = { + "h2", NULL +}; + +const char *h2_clear_protos[] = { + "h2c", NULL +}; + +const char *H2_MAGIC_TOKEN = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"; + +/******************************************************************************* + * The optional mod_ssl functions we need. + */ +APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec*)); +APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec*)); + +static int (*opt_ssl_engine_disable)(conn_rec*); +static int (*opt_ssl_is_https)(conn_rec*); +/******************************************************************************* + * Hooks for processing incoming connections: + * - pre_conn_before_tls switches SSL off for stream connections + * - process_conn take over connection in case of h2 + */ +static int h2_h2_process_conn(conn_rec* c); +static int h2_h2_remove_timeout(conn_rec* c); +static int h2_h2_post_read_req(request_rec *r); + + +/******************************************************************************* + * Once per lifetime init, retrieve optional functions + */ +apr_status_t h2_h2_init(apr_pool_t *pool, server_rec *s) +{ + (void)pool; + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "h2_h2, child_init"); + opt_ssl_engine_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable); + opt_ssl_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https); + + if (!opt_ssl_is_https) { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, + APLOGNO(02951) "mod_ssl does not seem to be enabled"); + } + + return APR_SUCCESS; +} + +int h2_h2_is_tls(conn_rec *c) +{ + return opt_ssl_is_https && opt_ssl_is_https(c); +} + +int h2_tls_disable(conn_rec *c) +{ + if (opt_ssl_engine_disable) { + return opt_ssl_engine_disable(c); + } + return 0; +} + +/******************************************************************************* + * Register various hooks + */ +static const char *const mod_reqtimeout[] = { "reqtimeout.c", NULL}; + +void h2_h2_register_hooks(void) +{ + /* When the connection processing actually starts, we might to + * take over, if h2* was selected as protocol. + */ + ap_hook_process_connection(h2_h2_process_conn, + NULL, NULL, APR_HOOK_FIRST); + /* Perform connection cleanup before the actual processing happens. + */ + ap_hook_process_connection(h2_h2_remove_timeout, + mod_reqtimeout, NULL, APR_HOOK_LAST); + + /* With "H2SerializeHeaders On", we install the filter in this hook + * that parses the response. This needs to happen before any other post + * read function terminates the request with an error. Otherwise we will + * never see the response. + */ + ap_hook_post_read_request(h2_h2_post_read_req, NULL, NULL, APR_HOOK_REALLY_FIRST); +} + +int h2_h2_remove_timeout(conn_rec* c) +{ + h2_ctx *ctx = h2_ctx_get(c); + + if (h2_ctx_is_active(ctx) && !h2_ctx_is_task(ctx)) { + /* cleanup on master h2 connections */ + ap_remove_input_filter_byhandle(c->input_filters, "reqtimeout"); + } + + return DECLINED; +} + +int h2_h2_process_conn(conn_rec* c) +{ + h2_ctx *ctx = h2_ctx_get(c); + h2_config *cfg = h2_config_get(c); + apr_bucket_brigade* temp; + int is_tls = h2_h2_is_tls(c); + + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, "h2_h2, process_conn"); + if (h2_ctx_is_task(ctx)) { + /* our stream pseudo connection */ + return DECLINED; + } + + /* If we have not already switched to a h2* protocol and the connection + * is on "http/1.1" + * -> sniff for the magic PRIamble. On TLS, this might trigger the ALPN. + */ + if (!h2_ctx_protocol_get(c) + && !strcmp(AP_PROTOCOL_HTTP1, ap_get_protocol(c))) { + apr_status_t status; + + temp = apr_brigade_create(c->pool, c->bucket_alloc); + status = ap_get_brigade(c->input_filters, temp, + AP_MODE_SPECULATIVE, APR_BLOCK_READ, 24); + + if (status == APR_SUCCESS) { + if (h2_ctx_protocol_get(c) + || strcmp(AP_PROTOCOL_HTTP1, ap_get_protocol(c))) { + /* h2 or another protocol has been selected. */ + } + else { + /* ALPN might have been triggered, but we're still on + * http/1.1. Check the actual bytes read for the H2 Magic + * Token, *if* H2Direct mode is enabled here. + */ + int direct_mode = h2_config_geti(cfg, H2_CONF_DIRECT); + if (direct_mode > 0 || (direct_mode < 0 && !is_tls)) { + char *s = NULL; + apr_size_t slen; + + apr_brigade_pflatten(temp, &s, &slen, c->pool); + if ((slen >= 24) && !memcmp(H2_MAGIC_TOKEN, s, 24)) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, + "h2_h2, direct mode detected"); + h2_ctx_protocol_set(ctx, is_tls? "h2" : "h2c"); + } + else { + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, + "h2_h2, not detected in %d bytes: %s", + (int)slen, s); + } + } + } + } + else { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, c, + "h2_h2, error reading 24 bytes speculative"); + } + apr_brigade_destroy(temp); + } + + /* If "h2" was selected as protocol (by whatever mechanism), take over + * the connection. + */ + if (h2_ctx_is_active(ctx)) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, + "h2_h2, connection, h2 active"); + + return h2_conn_main(c); + } + + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, "h2_h2, declined"); + return DECLINED; +} + +static int h2_h2_post_read_req(request_rec *r) +{ + h2_ctx *ctx = h2_ctx_rget(r); + struct h2_task_env *env = h2_ctx_get_task(ctx); + if (env) { + /* h2_task connection for a stream, not for h2c */ + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "adding h1_to_h2_resp output filter"); + if (env->serialize_headers) { + ap_remove_output_filter_byhandle(r->output_filters, "H1_TO_H2_RESP"); + ap_add_output_filter("H1_TO_H2_RESP", env, r, r->connection); + } + else { + /* replace the core http filter that formats response headers + * in HTTP/1 with our own that collects status and headers */ + ap_remove_output_filter_byhandle(r->output_filters, "HTTP_HEADER"); + ap_remove_output_filter_byhandle(r->output_filters, "H2_RESPONSE"); + ap_add_output_filter("H2_RESPONSE", env, r, r->connection); + } + } + return DECLINED; +} + + diff --git a/modules/http2/h2_h2.h b/modules/http2/h2_h2.h new file mode 100644 index 00000000..9a1184d8 --- /dev/null +++ b/modules/http2/h2_h2.h @@ -0,0 +1,57 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_h2__ +#define __mod_h2__h2_h2__ + +/** + * List of ALPN protocol identifiers that we suport in cleartext + * negotiations. NULL terminated. + */ +extern const char *h2_clear_protos[]; + +/** + * List of ALPN protocol identifiers that we support in TLS encrypted + * negotiations. NULL terminated. + */ +extern const char *h2_tls_protos[]; + +/** + * The magic PRIamble of RFC 7540 that is always sent when starting + * a h2 communication. + */ +extern const char *H2_MAGIC_TOKEN; + +/* + * One time, post config intialization. + */ +apr_status_t h2_h2_init(apr_pool_t *pool, server_rec *s); + +/* Is the connection a TLS connection? + */ +int h2_h2_is_tls(conn_rec *c); + +/* Disable SSL for this connection, can only be invoked in a pre- + * connection hook before mod_ssl. + * @return != 0 iff disable worked + */ +int h2_tls_disable(conn_rec *c); + +/* Register apache hooks for h2 protocol + */ +void h2_h2_register_hooks(void); + + +#endif /* defined(__mod_h2__h2_h2__) */ diff --git a/modules/http2/h2_io.c b/modules/http2/h2_io.c new file mode 100644 index 00000000..42734430 --- /dev/null +++ b/modules/http2/h2_io.c @@ -0,0 +1,164 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_io.h" +#include "h2_response.h" +#include "h2_util.h" + +h2_io *h2_io_create(int id, apr_pool_t *pool, apr_bucket_alloc_t *bucket_alloc) +{ + h2_io *io = apr_pcalloc(pool, sizeof(*io)); + if (io) { + io->id = id; + io->pool = pool; + io->bbin = NULL; + io->bbout = apr_brigade_create(pool, bucket_alloc); + } + return io; +} + +static void h2_io_cleanup(h2_io *io) +{ + (void)io; +} + +void h2_io_destroy(h2_io *io) +{ + h2_io_cleanup(io); +} + +int h2_io_in_has_eos_for(h2_io *io) +{ + return io->eos_in || (io->bbin && h2_util_has_eos(io->bbin, 0)); +} + +int h2_io_out_has_data(h2_io *io) +{ + return h2_util_bb_has_data_or_eos(io->bbout); +} + +apr_size_t h2_io_out_length(h2_io *io) +{ + if (io->bbout) { + apr_off_t len = 0; + apr_brigade_length(io->bbout, 0, &len); + return (len > 0)? len : 0; + } + return 0; +} + +apr_status_t h2_io_in_read(h2_io *io, apr_bucket_brigade *bb, + apr_size_t maxlen) +{ + apr_off_t start_len = 0; + apr_bucket *last; + apr_status_t status; + + if (!io->bbin || APR_BRIGADE_EMPTY(io->bbin)) { + return io->eos_in? APR_EOF : APR_EAGAIN; + } + + apr_brigade_length(bb, 1, &start_len); + last = APR_BRIGADE_LAST(bb); + status = h2_util_move(bb, io->bbin, maxlen, 0, + "h2_io_in_read"); + if (status == APR_SUCCESS) { + apr_bucket *nlast = APR_BRIGADE_LAST(bb); + apr_off_t end_len = 0; + apr_brigade_length(bb, 1, &end_len); + if (last == nlast) { + return APR_EAGAIN; + } + io->input_consumed += (end_len - start_len); + } + return status; +} + +apr_status_t h2_io_in_write(h2_io *io, apr_bucket_brigade *bb) +{ + if (io->eos_in) { + return APR_EOF; + } + io->eos_in = h2_util_has_eos(bb, 0); + if (!APR_BRIGADE_EMPTY(bb)) { + if (!io->bbin) { + io->bbin = apr_brigade_create(io->bbout->p, + io->bbout->bucket_alloc); + } + return h2_util_move(io->bbin, bb, 0, 0, "h2_io_in_write"); + } + return APR_SUCCESS; +} + +apr_status_t h2_io_in_close(h2_io *io) +{ + if (io->bbin) { + APR_BRIGADE_INSERT_TAIL(io->bbin, + apr_bucket_eos_create(io->bbin->bucket_alloc)); + } + io->eos_in = 1; + return APR_SUCCESS; +} + +apr_status_t h2_io_out_readx(h2_io *io, + h2_io_data_cb *cb, void *ctx, + apr_size_t *plen, int *peos) +{ + if (cb == NULL) { + /* just checking length available */ + return h2_util_bb_avail(io->bbout, plen, peos); + } + return h2_util_bb_readx(io->bbout, cb, ctx, plen, peos); +} + +apr_status_t h2_io_out_write(h2_io *io, apr_bucket_brigade *bb, + apr_size_t maxlen, int *pfile_handles_allowed) +{ + /* Let's move the buckets from the request processing in here, so + * that the main thread can read them when it has time/capacity. + * + * Move at most "maxlen" memory bytes. If buckets remain, it is + * the caller's responsibility to take care of this. + * + * We allow passing of file buckets as long as we do not have too + * many open files already buffered. Otherwise we will run out of + * file handles. + */ + int start_allowed = *pfile_handles_allowed; + apr_status_t status; + status = h2_util_move(io->bbout, bb, maxlen, pfile_handles_allowed, + "h2_io_out_write"); + /* track # file buckets moved into our pool */ + if (start_allowed != *pfile_handles_allowed) { + io->files_handles_owned += (start_allowed - *pfile_handles_allowed); + } + return status; +} + + +apr_status_t h2_io_out_close(h2_io *io) +{ + APR_BRIGADE_INSERT_TAIL(io->bbout, + apr_bucket_eos_create(io->bbout->bucket_alloc)); + return APR_SUCCESS; +} diff --git a/modules/http2/h2_io.h b/modules/http2/h2_io.h new file mode 100644 index 00000000..946ee443 --- /dev/null +++ b/modules/http2/h2_io.h @@ -0,0 +1,126 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_io__ +#define __mod_h2__h2_io__ + +struct h2_response; +struct apr_thread_cond_t; +struct h2_task; + + +typedef apr_status_t h2_io_data_cb(void *ctx, + const char *data, apr_size_t len); + + +typedef struct h2_io h2_io; + +struct h2_io { + int id; /* stream identifier */ + apr_pool_t *pool; /* stream pool */ + apr_bucket_brigade *bbin; /* input data for stream */ + int eos_in; + int task_done; + + apr_size_t input_consumed; /* how many bytes have been read */ + struct apr_thread_cond_t *input_arrived; /* block on reading */ + + apr_bucket_brigade *bbout; /* output data from stream */ + struct apr_thread_cond_t *output_drained; /* block on writing */ + + struct h2_response *response;/* submittable response created */ + int files_handles_owned; +}; + +/******************************************************************************* + * Object lifecycle and information. + ******************************************************************************/ + +/** + * Creates a new h2_io for the given stream id. + */ +h2_io *h2_io_create(int id, apr_pool_t *pool, apr_bucket_alloc_t *bucket_alloc); + +/** + * Frees any resources hold by the h2_io instance. + */ +void h2_io_destroy(h2_io *io); + +/** + * The input data is completely queued. Blocked reads will return immediately + * and give either data or EOF. + */ +int h2_io_in_has_eos_for(h2_io *io); +/** + * Output data is available. + */ +int h2_io_out_has_data(h2_io *io); + +/******************************************************************************* + * Input handling of streams. + ******************************************************************************/ +/** + * Reads the next bucket from the input. Returns APR_EAGAIN if none + * is currently available, APR_EOF if end of input has been reached. + */ +apr_status_t h2_io_in_read(h2_io *io, apr_bucket_brigade *bb, + apr_size_t maxlen); + +/** + * Appends given bucket to the input. + */ +apr_status_t h2_io_in_write(h2_io *io, apr_bucket_brigade *bb); + +/** + * Closes the input. After existing data has been read, APR_EOF will + * be returned. + */ +apr_status_t h2_io_in_close(h2_io *io); + +/******************************************************************************* + * Output handling of streams. + ******************************************************************************/ + +/** + * Read a bucket from the output head. Return APR_EAGAIN if non is available, + * APR_EOF if none available and output has been closed. + * May be called with buffer == NULL in order to find out how much data + * is available. + * @param io the h2_io to read output from + * @param buffer the buffer to copy the data to, may be NULL + * @param plen the requested max len, set to amount of data on return + * @param peos != 0 iff the end of stream has been reached + */ +apr_status_t h2_io_out_readx(h2_io *io, + h2_io_data_cb *cb, void *ctx, + apr_size_t *plen, int *peos); + +apr_status_t h2_io_out_write(h2_io *io, apr_bucket_brigade *bb, + apr_size_t maxlen, int *pfile_buckets_allowed); + +/** + * Closes the input. After existing data has been read, APR_EOF will + * be returned. + */ +apr_status_t h2_io_out_close(h2_io *io); + +/** + * Gives the overall length of the data that is currently queued for + * output. + */ +apr_size_t h2_io_out_length(h2_io *io); + + +#endif /* defined(__mod_h2__h2_io__) */ diff --git a/modules/http2/h2_io_set.c b/modules/http2/h2_io_set.c new file mode 100644 index 00000000..91afde8f --- /dev/null +++ b/modules/http2/h2_io_set.c @@ -0,0 +1,180 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include + +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_io.h" +#include "h2_io_set.h" + +#define h2_io_IDX(list, i) ((h2_io**)(list)->elts)[i] + +struct h2_io_set { + apr_array_header_t *list; +}; + +h2_io_set *h2_io_set_create(apr_pool_t *pool) +{ + h2_io_set *sp = apr_pcalloc(pool, sizeof(h2_io_set)); + if (sp) { + sp->list = apr_array_make(pool, 100, sizeof(h2_io*)); + if (!sp->list) { + return NULL; + } + } + return sp; +} + +void h2_io_set_destroy(h2_io_set *sp) +{ + int i; + for (i = 0; i < sp->list->nelts; ++i) { + h2_io *io = h2_io_IDX(sp->list, i); + h2_io_destroy(io); + } + sp->list->nelts = 0; +} + +static int h2_stream_id_cmp(const void *s1, const void *s2) +{ + h2_io **pio1 = (h2_io **)s1; + h2_io **pio2 = (h2_io **)s2; + return (*pio1)->id - (*pio2)->id; +} + +h2_io *h2_io_set_get(h2_io_set *sp, int stream_id) +{ + /* we keep the array sorted by id, so lookup can be done + * by bsearch. + */ + h2_io **ps; + h2_io key; + h2_io *pkey = &key; + + memset(&key, 0, sizeof(key)); + key.id = stream_id; + ps = bsearch(&pkey, sp->list->elts, sp->list->nelts, + sp->list->elt_size, h2_stream_id_cmp); + return ps? *ps : NULL; +} + +h2_io *h2_io_set_get_highest_prio(h2_io_set *set) +{ + h2_io *highest = NULL; + int i; + for (i = 0; i < set->list->nelts; ++i) { + h2_io *io = h2_io_IDX(set->list, i); + if (!highest /*|| io-prio even higher */ ) { + highest = io; + } + } + return highest; +} + +static void h2_io_set_sort(h2_io_set *sp) +{ + qsort(sp->list->elts, sp->list->nelts, sp->list->elt_size, + h2_stream_id_cmp); +} + +apr_status_t h2_io_set_add(h2_io_set *sp, h2_io *io) +{ + h2_io *existing = h2_io_set_get(sp, io->id); + if (!existing) { + int last; + APR_ARRAY_PUSH(sp->list, h2_io*) = io; + /* Normally, streams get added in ascending order if id. We + * keep the array sorted, so we just need to check of the newly + * appended stream has a lower id than the last one. if not, + * sorting is not necessary. + */ + last = sp->list->nelts - 1; + if (last > 0 + && (h2_io_IDX(sp->list, last)->id + < h2_io_IDX(sp->list, last-1)->id)) { + h2_io_set_sort(sp); + } + } + return APR_SUCCESS; +} + +h2_io *h2_io_set_remove(h2_io_set *sp, h2_io *io) +{ + int i; + for (i = 0; i < sp->list->nelts; ++i) { + h2_io *e = h2_io_IDX(sp->list, i); + if (e == io) { + int n; + --sp->list->nelts; + n = sp->list->nelts - i; + if (n > 0) { + /* Close the hole in the array by moving the upper + * parts down one step. + */ + h2_io **selts = (h2_io**)sp->list->elts; + memmove(selts+i, selts+i+1, n * sizeof(h2_io*)); + } + return e; + } + } + return NULL; +} + +void h2_io_set_destroy_all(h2_io_set *sp) +{ + int i; + for (i = 0; i < sp->list->nelts; ++i) { + h2_io *io = h2_io_IDX(sp->list, i); + h2_io_destroy(io); + } + sp->list->nelts = 0; +} + +void h2_io_set_remove_all(h2_io_set *sp) +{ + sp->list->nelts = 0; +} + +int h2_io_set_is_empty(h2_io_set *sp) +{ + AP_DEBUG_ASSERT(sp); + return sp->list->nelts == 0; +} + +void h2_io_set_iter(h2_io_set *sp, + h2_io_set_iter_fn *iter, void *ctx) +{ + int i; + for (i = 0; i < sp->list->nelts; ++i) { + h2_io *s = h2_io_IDX(sp->list, i); + if (!iter(ctx, s)) { + break; + } + } +} + +apr_size_t h2_io_set_size(h2_io_set *sp) +{ + return sp->list->nelts; +} + diff --git a/modules/http2/h2_io_set.h b/modules/http2/h2_io_set.h new file mode 100644 index 00000000..a9c6546c --- /dev/null +++ b/modules/http2/h2_io_set.h @@ -0,0 +1,47 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_io_set__ +#define __mod_h2__h2_io_set__ + +struct h2_io; + +/** + * A set of h2_io instances. Allows lookup by stream id + * and other criteria. + */ +typedef struct h2_io_set h2_io_set; + +h2_io_set *h2_io_set_create(apr_pool_t *pool); + +void h2_io_set_destroy(h2_io_set *set); + +apr_status_t h2_io_set_add(h2_io_set *set, struct h2_io *io); +h2_io *h2_io_set_get(h2_io_set *set, int stream_id); +h2_io *h2_io_set_get_highest_prio(h2_io_set *set); +h2_io *h2_io_set_remove(h2_io_set *set, struct h2_io *io); + +void h2_io_set_remove_all(h2_io_set *set); +void h2_io_set_destroy_all(h2_io_set *set); +int h2_io_set_is_empty(h2_io_set *set); +apr_size_t h2_io_set_size(h2_io_set *set); + + +typedef int h2_io_set_iter_fn(void *ctx, struct h2_io *io); + +void h2_io_set_iter(h2_io_set *set, + h2_io_set_iter_fn *iter, void *ctx); + +#endif /* defined(__mod_h2__h2_io_set__) */ diff --git a/modules/http2/h2_mplx.c b/modules/http2/h2_mplx.c new file mode 100644 index 00000000..2d07b1eb --- /dev/null +++ b/modules/http2/h2_mplx.c @@ -0,0 +1,802 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "h2_private.h" +#include "h2_config.h" +#include "h2_conn.h" +#include "h2_io.h" +#include "h2_io_set.h" +#include "h2_response.h" +#include "h2_mplx.h" +#include "h2_request.h" +#include "h2_stream.h" +#include "h2_stream_set.h" +#include "h2_task.h" +#include "h2_task_input.h" +#include "h2_task_output.h" +#include "h2_task_queue.h" +#include "h2_workers.h" + + +static int is_aborted(h2_mplx *m, apr_status_t *pstatus) { + AP_DEBUG_ASSERT(m); + if (m->aborted) { + *pstatus = APR_ECONNABORTED; + return 1; + } + return 0; +} + +static void have_out_data_for(h2_mplx *m, int stream_id); + +static void h2_mplx_destroy(h2_mplx *m) +{ + AP_DEBUG_ASSERT(m); + m->aborted = 1; + if (m->q) { + h2_tq_destroy(m->q); + m->q = NULL; + } + if (m->ready_ios) { + h2_io_set_destroy(m->ready_ios); + m->ready_ios = NULL; + } + if (m->stream_ios) { + h2_io_set_destroy(m->stream_ios); + m->stream_ios = NULL; + } + + if (m->lock) { + apr_thread_mutex_destroy(m->lock); + m->lock = NULL; + } + + if (m->pool) { + apr_pool_destroy(m->pool); + } +} + +/** + * A h2_mplx needs to be thread-safe *and* if will be called by + * the h2_session thread *and* the h2_worker threads. Therefore: + * - calls are protected by a mutex lock, m->lock + * - the pool needs its own allocator, since apr_allocator_t are + * not re-entrant. The separate allocator works without a + * separate lock since we already protect h2_mplx itself. + * Since HTTP/2 connections can be expected to live longer than + * their HTTP/1 cousins, the separate allocator seems to work better + * than protecting a shared h2_session one with an own lock. + */ +h2_mplx *h2_mplx_create(conn_rec *c, apr_pool_t *parent, h2_workers *workers) +{ + apr_status_t status = APR_SUCCESS; + h2_config *conf = h2_config_get(c); + apr_allocator_t *allocator = NULL; + h2_mplx *m; + AP_DEBUG_ASSERT(conf); + + status = apr_allocator_create(&allocator); + if (status != APR_SUCCESS) { + return NULL; + } + + m = apr_pcalloc(parent, sizeof(h2_mplx)); + if (m) { + m->id = c->id; + APR_RING_ELEM_INIT(m, link); + apr_atomic_set32(&m->refs, 1); + m->c = c; + apr_pool_create_ex(&m->pool, parent, NULL, allocator); + if (!m->pool) { + return NULL; + } + apr_allocator_owner_set(allocator, m->pool); + + status = apr_thread_mutex_create(&m->lock, APR_THREAD_MUTEX_DEFAULT, + m->pool); + if (status != APR_SUCCESS) { + h2_mplx_destroy(m); + return NULL; + } + + m->bucket_alloc = apr_bucket_alloc_create(m->pool); + + m->q = h2_tq_create(m->id, m->pool); + m->stream_ios = h2_io_set_create(m->pool); + m->ready_ios = h2_io_set_create(m->pool); + m->closed = h2_stream_set_create(m->pool); + m->stream_max_mem = h2_config_geti(conf, H2_CONF_STREAM_MAX_MEM); + m->workers = workers; + + m->file_handles_allowed = h2_config_geti(conf, H2_CONF_SESSION_FILES); + } + return m; +} + +static void reference(h2_mplx *m) +{ + apr_atomic_inc32(&m->refs); +} + +static void release(h2_mplx *m) +{ + if (!apr_atomic_dec32(&m->refs)) { + if (m->join_wait) { + apr_thread_cond_signal(m->join_wait); + } + } +} + +void h2_mplx_reference(h2_mplx *m) +{ + reference(m); +} +void h2_mplx_release(h2_mplx *m) +{ + release(m); +} + +static void workers_register(h2_mplx *m) { + /* Initially, there was ref count increase for this as well, but + * this is not needed, even harmful. + * h2_workers is only a hub for all the h2_worker instances. + * At the end-of-life of this h2_mplx, we always unregister at + * the workers. The thing to manage are all the h2_worker instances + * out there. Those may hold a reference to this h2_mplx and we cannot + * call them to unregister. + * + * Therefore: ref counting for h2_workers in not needed, ref counting + * for h2_worker using this is critical. + */ + h2_workers_register(m->workers, m); +} + +static void workers_unregister(h2_mplx *m) { + h2_workers_unregister(m->workers, m); +} + +apr_status_t h2_mplx_release_and_join(h2_mplx *m, apr_thread_cond_t *wait) +{ + apr_status_t status; + workers_unregister(m); + + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + int attempts = 0; + + release(m); + while (apr_atomic_read32(&m->refs) > 0) { + m->join_wait = wait; + ap_log_cerror(APLOG_MARK, (attempts? APLOG_INFO : APLOG_DEBUG), + 0, m->c, + "h2_mplx(%ld): release_join, refs=%d, waiting...", + m->id, m->refs); + apr_thread_cond_timedwait(wait, m->lock, apr_time_from_sec(10)); + if (++attempts >= 6) { + ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, m->c, + APLOGNO(02952) + "h2_mplx(%ld): join attempts exhausted, refs=%d", + m->id, m->refs); + break; + } + } + if (m->join_wait) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, m->c, + "h2_mplx(%ld): release_join -> destroy", m->id); + } + m->join_wait = NULL; + apr_thread_mutex_unlock(m->lock); + h2_mplx_destroy(m); + } + return status; +} + +void h2_mplx_abort(h2_mplx *m) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + m->aborted = 1; + h2_io_set_destroy_all(m->stream_ios); + apr_thread_mutex_unlock(m->lock); + } + workers_unregister(m); +} + + +h2_stream *h2_mplx_open_io(h2_mplx *m, int stream_id) +{ + h2_stream *stream = NULL; + apr_status_t status; + h2_io *io; + + if (m->aborted) { + return NULL; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + apr_pool_t *stream_pool = m->spare_pool; + + if (!stream_pool) { + apr_pool_create(&stream_pool, m->pool); + } + else { + m->spare_pool = NULL; + } + + stream = h2_stream_create(stream_id, stream_pool, m); + stream->state = H2_STREAM_ST_OPEN; + + io = h2_io_set_get(m->stream_ios, stream_id); + if (!io) { + io = h2_io_create(stream_id, stream_pool, m->bucket_alloc); + h2_io_set_add(m->stream_ios, io); + } + status = io? APR_SUCCESS : APR_ENOMEM; + apr_thread_mutex_unlock(m->lock); + } + return stream; +} + +static void stream_destroy(h2_mplx *m, h2_stream *stream, h2_io *io) +{ + apr_pool_t *pool = h2_stream_detach_pool(stream); + if (pool) { + apr_pool_clear(pool); + if (m->spare_pool) { + apr_pool_destroy(m->spare_pool); + } + m->spare_pool = pool; + } + h2_stream_destroy(stream); + if (io) { + /* The pool is cleared/destroyed which also closes all + * allocated file handles. Give this count back to our + * file handle pool. */ + m->file_handles_allowed += io->files_handles_owned; + h2_io_set_remove(m->stream_ios, io); + h2_io_set_remove(m->ready_ios, io); + h2_io_destroy(io); + } +} + +apr_status_t h2_mplx_cleanup_stream(h2_mplx *m, h2_stream *stream) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + h2_io *io = h2_io_set_get(m->stream_ios, stream->id); + if (!io || io->task_done) { + /* No more io or task already done -> cleanup immediately */ + stream_destroy(m, stream, io); + } + else { + /* Add stream to closed set for cleanup when task is done */ + h2_stream_set_add(m->closed, stream); + } + apr_thread_mutex_unlock(m->lock); + } + return status; +} + +void h2_mplx_task_done(h2_mplx *m, int stream_id) +{ + apr_status_t status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + h2_stream *stream = h2_stream_set_get(m->closed, stream_id); + h2_io *io = h2_io_set_get(m->stream_ios, stream_id); + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c, + "h2_mplx(%ld): task(%d) done", m->id, stream_id); + if (stream) { + /* stream was already closed by main connection and is in + * zombie state. Now that the task is done with it, we + * can free its resources. */ + h2_stream_set_remove(m->closed, stream); + stream_destroy(m, stream, io); + } + else if (io) { + /* main connection has not finished stream. Mark task as done + * so that eventual cleanup can start immediately. */ + io->task_done = 1; + } + apr_thread_mutex_unlock(m->lock); + } +} + +apr_status_t h2_mplx_in_read(h2_mplx *m, apr_read_type_e block, + int stream_id, apr_bucket_brigade *bb, + struct apr_thread_cond_t *iowait) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return APR_ECONNABORTED; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + h2_io *io = h2_io_set_get(m->stream_ios, stream_id); + if (io) { + io->input_arrived = iowait; + status = h2_io_in_read(io, bb, 0); + while (status == APR_EAGAIN + && !is_aborted(m, &status) + && block == APR_BLOCK_READ) { + apr_thread_cond_wait(io->input_arrived, m->lock); + status = h2_io_in_read(io, bb, 0); + } + io->input_arrived = NULL; + } + else { + status = APR_EOF; + } + apr_thread_mutex_unlock(m->lock); + } + return status; +} + +apr_status_t h2_mplx_in_write(h2_mplx *m, int stream_id, + apr_bucket_brigade *bb) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return APR_ECONNABORTED; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + h2_io *io = h2_io_set_get(m->stream_ios, stream_id); + if (io) { + status = h2_io_in_write(io, bb); + if (io->input_arrived) { + apr_thread_cond_signal(io->input_arrived); + } + } + else { + status = APR_EOF; + } + apr_thread_mutex_unlock(m->lock); + } + return status; +} + +apr_status_t h2_mplx_in_close(h2_mplx *m, int stream_id) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return APR_ECONNABORTED; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + h2_io *io = h2_io_set_get(m->stream_ios, stream_id); + if (io) { + status = h2_io_in_close(io); + if (io->input_arrived) { + apr_thread_cond_signal(io->input_arrived); + } + } + else { + status = APR_ECONNABORTED; + } + apr_thread_mutex_unlock(m->lock); + } + return status; +} + +typedef struct { + h2_mplx_consumed_cb *cb; + void *cb_ctx; + int streams_updated; +} update_ctx; + +static int update_window(void *ctx, h2_io *io) +{ + if (io->input_consumed) { + update_ctx *uctx = (update_ctx*)ctx; + uctx->cb(uctx->cb_ctx, io->id, io->input_consumed); + io->input_consumed = 0; + ++uctx->streams_updated; + } + return 1; +} + +apr_status_t h2_mplx_in_update_windows(h2_mplx *m, + h2_mplx_consumed_cb *cb, void *cb_ctx) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return APR_ECONNABORTED; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + update_ctx ctx; + + ctx.cb = cb; + ctx.cb_ctx = cb_ctx; + ctx.streams_updated = 0; + + status = APR_EAGAIN; + h2_io_set_iter(m->stream_ios, update_window, &ctx); + + if (ctx.streams_updated) { + status = APR_SUCCESS; + } + apr_thread_mutex_unlock(m->lock); + } + return status; +} + +apr_status_t h2_mplx_out_readx(h2_mplx *m, int stream_id, + h2_io_data_cb *cb, void *ctx, + apr_size_t *plen, int *peos) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return APR_ECONNABORTED; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + h2_io *io = h2_io_set_get(m->stream_ios, stream_id); + if (io) { + status = h2_io_out_readx(io, cb, ctx, plen, peos); + if (status == APR_SUCCESS && io->output_drained) { + apr_thread_cond_signal(io->output_drained); + } + } + else { + status = APR_ECONNABORTED; + } + apr_thread_mutex_unlock(m->lock); + } + return status; +} + +h2_stream *h2_mplx_next_submit(h2_mplx *m, h2_stream_set *streams) +{ + apr_status_t status; + h2_stream *stream = NULL; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return NULL; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + h2_io *io = h2_io_set_get_highest_prio(m->ready_ios); + if (io) { + h2_response *response = io->response; + + AP_DEBUG_ASSERT(response); + h2_io_set_remove(m->ready_ios, io); + + stream = h2_stream_set_get(streams, response->stream_id); + if (stream) { + h2_stream_set_response(stream, response, io->bbout); + if (io->output_drained) { + apr_thread_cond_signal(io->output_drained); + } + } + else { + ap_log_cerror(APLOG_MARK, APLOG_WARNING, APR_NOTFOUND, m->c, + APLOGNO(02953) "h2_mplx(%ld): stream for response %d", + m->id, response->stream_id); + } + } + apr_thread_mutex_unlock(m->lock); + } + return stream; +} + +static apr_status_t out_write(h2_mplx *m, h2_io *io, + ap_filter_t* f, apr_bucket_brigade *bb, + struct apr_thread_cond_t *iowait) +{ + apr_status_t status = APR_SUCCESS; + /* We check the memory footprint queued for this stream_id + * and block if it exceeds our configured limit. + * We will not split buckets to enforce the limit to the last + * byte. After all, the bucket is already in memory. + */ + while (!APR_BRIGADE_EMPTY(bb) + && (status == APR_SUCCESS) + && !is_aborted(m, &status)) { + + status = h2_io_out_write(io, bb, m->stream_max_mem, + &m->file_handles_allowed); + + /* Wait for data to drain until there is room again */ + while (!APR_BRIGADE_EMPTY(bb) + && iowait + && status == APR_SUCCESS + && (m->stream_max_mem <= h2_io_out_length(io)) + && !is_aborted(m, &status)) { + io->output_drained = iowait; + if (f) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c, + "h2_mplx(%ld-%d): waiting for out drain", + m->id, io->id); + } + apr_thread_cond_wait(io->output_drained, m->lock); + io->output_drained = NULL; + } + } + apr_brigade_cleanup(bb); + return status; +} + +static apr_status_t out_open(h2_mplx *m, int stream_id, h2_response *response, + ap_filter_t* f, apr_bucket_brigade *bb, + struct apr_thread_cond_t *iowait) +{ + apr_status_t status = APR_SUCCESS; + + h2_io *io = h2_io_set_get(m->stream_ios, stream_id); + if (io) { + if (f) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, f->c, + "h2_mplx(%ld-%d): open response: %s", + m->id, stream_id, response->status); + } + + io->response = h2_response_copy(io->pool, response); + AP_DEBUG_ASSERT(io->response); + h2_io_set_add(m->ready_ios, io); + if (bb) { + status = out_write(m, io, f, bb, iowait); + } + have_out_data_for(m, stream_id); + } + else { + status = APR_ECONNABORTED; + } + return status; +} + +apr_status_t h2_mplx_out_open(h2_mplx *m, int stream_id, h2_response *response, + ap_filter_t* f, apr_bucket_brigade *bb, + struct apr_thread_cond_t *iowait) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return APR_ECONNABORTED; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + status = out_open(m, stream_id, response, f, bb, iowait); + if (m->aborted) { + return APR_ECONNABORTED; + } + apr_thread_mutex_unlock(m->lock); + } + return status; +} + + +apr_status_t h2_mplx_out_write(h2_mplx *m, int stream_id, + ap_filter_t* f, apr_bucket_brigade *bb, + struct apr_thread_cond_t *iowait) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return APR_ECONNABORTED; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + if (!m->aborted) { + h2_io *io = h2_io_set_get(m->stream_ios, stream_id); + if (io) { + status = out_write(m, io, f, bb, iowait); + have_out_data_for(m, stream_id); + if (m->aborted) { + return APR_ECONNABORTED; + } + } + else { + status = APR_ECONNABORTED; + } + } + + if (m->lock) { + apr_thread_mutex_unlock(m->lock); + } + } + return status; +} + +apr_status_t h2_mplx_out_close(h2_mplx *m, int stream_id) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return APR_ECONNABORTED; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + if (!m->aborted) { + h2_io *io = h2_io_set_get(m->stream_ios, stream_id); + if (io) { + if (!io->response || !io->response->ngheader) { + /* In case a close comes before a response was created, + * insert an error one so that our streams can properly + * reset. + */ + h2_response *r = h2_response_create(stream_id, + "500", NULL, m->pool); + status = out_open(m, stream_id, r, NULL, NULL, NULL); + } + status = h2_io_out_close(io); + have_out_data_for(m, stream_id); + if (m->aborted) { + /* if we were the last output, the whole session might + * have gone down in the meantime. + */ + return APR_SUCCESS; + } + } + else { + status = APR_ECONNABORTED; + } + } + apr_thread_mutex_unlock(m->lock); + } + return status; +} + +int h2_mplx_in_has_eos_for(h2_mplx *m, int stream_id) +{ + int has_eos = 0; + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return 0; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + h2_io *io = h2_io_set_get(m->stream_ios, stream_id); + if (io) { + has_eos = h2_io_in_has_eos_for(io); + } + apr_thread_mutex_unlock(m->lock); + } + return has_eos; +} + +int h2_mplx_out_has_data_for(h2_mplx *m, int stream_id) +{ + apr_status_t status; + int has_data = 0; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return 0; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + h2_io *io = h2_io_set_get(m->stream_ios, stream_id); + if (io) { + has_data = h2_io_out_has_data(io); + } + apr_thread_mutex_unlock(m->lock); + } + return has_data; +} + +apr_status_t h2_mplx_out_trywait(h2_mplx *m, apr_interval_time_t timeout, + apr_thread_cond_t *iowait) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return APR_ECONNABORTED; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + m->added_output = iowait; + status = apr_thread_cond_timedwait(m->added_output, m->lock, timeout); + if (APLOGctrace2(m->c)) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c, + "h2_mplx(%ld): trywait on data for %f ms)", + m->id, timeout/1000.0); + } + m->added_output = NULL; + apr_thread_mutex_unlock(m->lock); + } + return status; +} + +static void have_out_data_for(h2_mplx *m, int stream_id) +{ + (void)stream_id; + AP_DEBUG_ASSERT(m); + if (m->added_output) { + apr_thread_cond_signal(m->added_output); + } +} + +apr_status_t h2_mplx_do_task(h2_mplx *m, struct h2_task *task) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return APR_ECONNABORTED; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + /* TODO: needs to sort queue by priority */ + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, m->c, + "h2_mplx: do task(%s)", task->id); + h2_tq_append(m->q, task); + apr_thread_mutex_unlock(m->lock); + } + workers_register(m); + return status; +} + +h2_task *h2_mplx_pop_task(h2_mplx *m, int *has_more) +{ + h2_task *task = NULL; + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + *has_more = 0; + return NULL; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + task = h2_tq_pop_first(m->q); + if (task) { + h2_task_set_started(task); + } + *has_more = !h2_tq_empty(m->q); + apr_thread_mutex_unlock(m->lock); + } + return task; +} + +apr_status_t h2_mplx_create_task(h2_mplx *m, struct h2_stream *stream) +{ + apr_status_t status; + AP_DEBUG_ASSERT(m); + if (m->aborted) { + return APR_ECONNABORTED; + } + status = apr_thread_mutex_lock(m->lock); + if (APR_SUCCESS == status) { + conn_rec *c = h2_conn_create(m->c, stream->pool); + stream->task = h2_task_create(m->id, stream->id, + stream->pool, m, c); + + apr_thread_mutex_unlock(m->lock); + } + return status; +} + diff --git a/modules/http2/h2_mplx.h b/modules/http2/h2_mplx.h new file mode 100644 index 00000000..62977d61 --- /dev/null +++ b/modules/http2/h2_mplx.h @@ -0,0 +1,322 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_mplx__ +#define __mod_h2__h2_mplx__ + +/** + * The stream multiplexer. It pushes buckets from the connection + * thread to the stream task threads and vice versa. It's thread-safe + * to use. + * + * There is one h2_mplx instance for each h2_session, which sits on top + * of a particular httpd conn_rec. Input goes from the connection to + * the stream tasks. Output goes from the stream tasks to the connection, + * e.g. the client. + * + * For each stream, there can be at most "H2StreamMaxMemSize" output bytes + * queued in the multiplexer. If a task thread tries to write more + * data, it is blocked until space becomes available. + * + * Writing input is never blocked. In order to use flow control on the input, + * the mplx can be polled for input data consumption. + */ + +struct apr_pool_t; +struct apr_thread_mutex_t; +struct apr_thread_cond_t; +struct h2_config; +struct h2_response; +struct h2_task; +struct h2_stream; +struct h2_io_set; +struct apr_thread_cond_t; +struct h2_workers; +struct h2_stream_set; +struct h2_task_queue; + +#include "h2_io.h" + +typedef struct h2_mplx h2_mplx; + +struct h2_mplx { + long id; + APR_RING_ENTRY(h2_mplx) link; + volatile apr_uint32_t refs; + conn_rec *c; + apr_pool_t *pool; + apr_bucket_alloc_t *bucket_alloc; + + struct h2_task_queue *q; + struct h2_io_set *stream_ios; + struct h2_io_set *ready_ios; + + apr_thread_mutex_t *lock; + struct apr_thread_cond_t *added_output; + struct apr_thread_cond_t *join_wait; + + int aborted; + apr_size_t stream_max_mem; + + apr_pool_t *spare_pool; /* spare pool, ready for next stream */ + struct h2_stream_set *closed; /* streams closed, but task ongoing */ + struct h2_workers *workers; + int file_handles_allowed; +}; + +/******************************************************************************* + * Object lifecycle and information. + ******************************************************************************/ + +/** + * Create the multiplexer for the given HTTP2 session. + * Implicitly has reference count 1. + */ +h2_mplx *h2_mplx_create(conn_rec *c, apr_pool_t *master, + struct h2_workers *workers); + +/** + * Increase the reference counter of this mplx. + */ +void h2_mplx_reference(h2_mplx *m); + +/** + * Decreases the reference counter of this mplx. + */ +void h2_mplx_release(h2_mplx *m); +/** + * Decreases the reference counter of this mplx and waits for it + * to reached 0, destroy the mplx afterwards. + * This is to be called from the thread that created the mplx in + * the first place. + * @param m the mplx to be released and destroyed + * @param wait condition var to wait on for ref counter == 0 + */ +apr_status_t h2_mplx_release_and_join(h2_mplx *m, struct apr_thread_cond_t *wait); + +/** + * Aborts the multiplexer. It will answer all future invocation with + * APR_ECONNABORTED, leading to early termination of ongoing tasks. + */ +void h2_mplx_abort(h2_mplx *mplx); + +void h2_mplx_task_done(h2_mplx *m, int stream_id); + +/******************************************************************************* + * IO lifetime of streams. + ******************************************************************************/ +/** + * Prepares the multiplexer to handle in-/output on the given stream id. + */ +struct h2_stream *h2_mplx_open_io(h2_mplx *mplx, int stream_id); + +/** + * Ends cleanup of a stream in sync with execution thread. + */ +apr_status_t h2_mplx_cleanup_stream(h2_mplx *m, struct h2_stream *stream); + +/* Return != 0 iff the multiplexer has data for the given stream. + */ +int h2_mplx_out_has_data_for(h2_mplx *m, int stream_id); + +/** + * Waits on output data from any stream in this session to become available. + * Returns APR_TIMEUP if no data arrived in the given time. + */ +apr_status_t h2_mplx_out_trywait(h2_mplx *m, apr_interval_time_t timeout, + struct apr_thread_cond_t *iowait); + +/******************************************************************************* + * Stream processing. + ******************************************************************************/ + +/** + * Perform the task on the given stream. + */ +apr_status_t h2_mplx_do_task(h2_mplx *mplx, struct h2_task *task); + +struct h2_task *h2_mplx_pop_task(h2_mplx *mplx, int *has_more); + +apr_status_t h2_mplx_create_task(h2_mplx *mplx, struct h2_stream *stream); + +/******************************************************************************* + * Input handling of streams. + ******************************************************************************/ + +/** + * Reads a buckets for the given stream_id. Will return ARP_EAGAIN when + * called with APR_NONBLOCK_READ and no data present. Will return APR_EOF + * when the end of the stream input has been reached. + * The condition passed in will be used for blocking/signalling and will + * be protected by the mplx's own mutex. + */ +apr_status_t h2_mplx_in_read(h2_mplx *m, apr_read_type_e block, + int stream_id, apr_bucket_brigade *bb, + struct apr_thread_cond_t *iowait); + +/** + * Appends data to the input of the given stream. Storage of input data is + * not subject to flow control. + */ +apr_status_t h2_mplx_in_write(h2_mplx *mplx, int stream_id, + apr_bucket_brigade *bb); + +/** + * Closes the input for the given stream_id. + */ +apr_status_t h2_mplx_in_close(h2_mplx *m, int stream_id); + +/** + * Returns != 0 iff the input for the given stream has been closed. There + * could still be data queued, but it can be read without blocking. + */ +int h2_mplx_in_has_eos_for(h2_mplx *m, int stream_id); + +/** + * Callback invoked for every stream that had input data read since + * the last invocation. + */ +typedef void h2_mplx_consumed_cb(void *ctx, int stream_id, apr_size_t consumed); + +/** + * Invoke the callback for all streams that had bytes read since the last + * call to this function. If no stream had input data consumed, the callback + * is not invoked. + * Returns APR_SUCCESS when an update happened, APR_EAGAIN if no update + * happened. + */ +apr_status_t h2_mplx_in_update_windows(h2_mplx *m, + h2_mplx_consumed_cb *cb, void *ctx); + +/******************************************************************************* + * Output handling of streams. + ******************************************************************************/ + +/** + * Get a stream whose response is ready for submit. Will set response and + * any out data available in stream. + * @param m the mplxer to get a response from + * @param bb the brigade to place any existing repsonse body data into + */ +struct h2_stream *h2_mplx_next_submit(h2_mplx *m, + struct h2_stream_set *streams); + +/** + * Reads output data from the given stream. Will never block, but + * return APR_EAGAIN until data arrives or the stream is closed. + */ +apr_status_t h2_mplx_out_readx(h2_mplx *mplx, int stream_id, + h2_io_data_cb *cb, void *ctx, + apr_size_t *plen, int *peos); + +/** + * Opens the output for the given stream with the specified response. + */ +apr_status_t h2_mplx_out_open(h2_mplx *mplx, int stream_id, + struct h2_response *response, + ap_filter_t* filter, apr_bucket_brigade *bb, + struct apr_thread_cond_t *iowait); + +/** + * Append the brigade to the stream output. Might block if amount + * of bytes buffered reaches configured max. + * @param stream_id the stream identifier + * @param filter the apache filter context of the data + * @param bb the bucket brigade to append + * @param iowait a conditional used for block/signalling in h2_mplx + */ +apr_status_t h2_mplx_out_write(h2_mplx *mplx, int stream_id, + ap_filter_t* filter, apr_bucket_brigade *bb, + struct apr_thread_cond_t *iowait); + +/** + * Closes the output stream. Readers of this stream will get all pending + * data and then only APR_EOF as result. + */ +apr_status_t h2_mplx_out_close(h2_mplx *m, int stream_id); + +/******************************************************************************* + * h2_mplx list Manipulation. + ******************************************************************************/ + +/** + * The magic pointer value that indicates the head of a h2_mplx list + * @param b The mplx list + * @return The magic pointer value + */ +#define H2_MPLX_LIST_SENTINEL(b) APR_RING_SENTINEL((b), h2_mplx, link) + +/** + * Determine if the mplx list is empty + * @param b The list to check + * @return true or false + */ +#define H2_MPLX_LIST_EMPTY(b) APR_RING_EMPTY((b), h2_mplx, link) + +/** + * Return the first mplx in a list + * @param b The list to query + * @return The first mplx in the list + */ +#define H2_MPLX_LIST_FIRST(b) APR_RING_FIRST(b) + +/** + * Return the last mplx in a list + * @param b The list to query + * @return The last mplx int he list + */ +#define H2_MPLX_LIST_LAST(b) APR_RING_LAST(b) + +/** + * Insert a single mplx at the front of a list + * @param b The list to add to + * @param e The mplx to insert + */ +#define H2_MPLX_LIST_INSERT_HEAD(b, e) do { \ +h2_mplx *ap__b = (e); \ +APR_RING_INSERT_HEAD((b), ap__b, h2_mplx, link); \ +} while (0) + +/** + * Insert a single mplx at the end of a list + * @param b The list to add to + * @param e The mplx to insert + */ +#define H2_MPLX_LIST_INSERT_TAIL(b, e) do { \ +h2_mplx *ap__b = (e); \ +APR_RING_INSERT_TAIL((b), ap__b, h2_mplx, link); \ +} while (0) + +/** + * Get the next mplx in the list + * @param e The current mplx + * @return The next mplx + */ +#define H2_MPLX_NEXT(e) APR_RING_NEXT((e), link) +/** + * Get the previous mplx in the list + * @param e The current mplx + * @return The previous mplx + */ +#define H2_MPLX_PREV(e) APR_RING_PREV((e), link) + +/** + * Remove a mplx from its list + * @param e The mplx to remove + */ +#define H2_MPLX_REMOVE(e) APR_RING_REMOVE((e), link) + + +#endif /* defined(__mod_h2__h2_mplx__) */ diff --git a/modules/http2/h2_private.h b/modules/http2/h2_private.h new file mode 100644 index 00000000..a6081fc6 --- /dev/null +++ b/modules/http2/h2_private.h @@ -0,0 +1,36 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef mod_h2_h2_private_h +#define mod_h2_h2_private_h + +#include + +extern module AP_MODULE_DECLARE_DATA http2_module; + +APLOG_USE_MODULE(http2); + + +#define H2_HEADER_METHOD ":method" +#define H2_HEADER_METHOD_LEN 7 +#define H2_HEADER_SCHEME ":scheme" +#define H2_HEADER_SCHEME_LEN 7 +#define H2_HEADER_AUTH ":authority" +#define H2_HEADER_AUTH_LEN 10 +#define H2_HEADER_PATH ":path" +#define H2_HEADER_PATH_LEN 5 +#define H2_CRLF "\r\n" + +#endif diff --git a/modules/http2/h2_request.c b/modules/http2/h2_request.c new file mode 100644 index 00000000..ca9a362c --- /dev/null +++ b/modules/http2/h2_request.c @@ -0,0 +1,182 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include + +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_mplx.h" +#include "h2_to_h1.h" +#include "h2_request.h" +#include "h2_task.h" +#include "h2_util.h" + + +h2_request *h2_request_create(int id, apr_pool_t *pool, + apr_bucket_alloc_t *bucket_alloc) +{ + h2_request *req = apr_pcalloc(pool, sizeof(h2_request)); + if (req) { + req->id = id; + req->pool = pool; + req->bucket_alloc = bucket_alloc; + } + return req; +} + +void h2_request_destroy(h2_request *req) +{ + if (req->to_h1) { + h2_to_h1_destroy(req->to_h1); + req->to_h1 = NULL; + } +} + +static apr_status_t insert_request_line(h2_request *req, h2_mplx *m); + +apr_status_t h2_request_rwrite(h2_request *req, request_rec *r, h2_mplx *m) +{ + apr_status_t status; + req->method = r->method; + req->authority = r->hostname; + req->path = r->uri; + if (!ap_strchr_c(req->authority, ':') && r->parsed_uri.port_str) { + req->authority = apr_psprintf(req->pool, "%s:%s", req->authority, + r->parsed_uri.port_str); + } + req->scheme = NULL; + + + status = insert_request_line(req, m); + if (status == APR_SUCCESS) { + status = h2_to_h1_add_headers(req->to_h1, r->headers_in); + } + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, status, r, + "h2_request(%d): written request %s %s, host=%s", + req->id, req->method, req->path, req->authority); + + return status; +} + +apr_status_t h2_request_write_header(h2_request *req, + const char *name, size_t nlen, + const char *value, size_t vlen, + h2_mplx *m) +{ + apr_status_t status = APR_SUCCESS; + + if (nlen <= 0) { + return status; + } + + if (name[0] == ':') { + /* pseudo header, see ch. 8.1.2.3, always should come first */ + if (req->to_h1) { + ap_log_perror(APLOG_MARK, APLOG_ERR, 0, req->pool, + APLOGNO(02917) + "h2_request(%d): pseudo header after request start", + req->id); + return APR_EGENERAL; + } + + if (H2_HEADER_METHOD_LEN == nlen + && !strncmp(H2_HEADER_METHOD, name, nlen)) { + req->method = apr_pstrndup(req->pool, value, vlen); + } + else if (H2_HEADER_SCHEME_LEN == nlen + && !strncmp(H2_HEADER_SCHEME, name, nlen)) { + req->scheme = apr_pstrndup(req->pool, value, vlen); + } + else if (H2_HEADER_PATH_LEN == nlen + && !strncmp(H2_HEADER_PATH, name, nlen)) { + req->path = apr_pstrndup(req->pool, value, vlen); + } + else if (H2_HEADER_AUTH_LEN == nlen + && !strncmp(H2_HEADER_AUTH, name, nlen)) { + req->authority = apr_pstrndup(req->pool, value, vlen); + } + else { + char buffer[32]; + memset(buffer, 0, 32); + strncpy(buffer, name, (nlen > 31)? 31 : nlen); + ap_log_perror(APLOG_MARK, APLOG_WARNING, 0, req->pool, + APLOGNO(02954) + "h2_request(%d): ignoring unknown pseudo header %s", + req->id, buffer); + } + } + else { + /* non-pseudo header, append to work bucket of stream */ + if (!req->to_h1) { + status = insert_request_line(req, m); + if (status != APR_SUCCESS) { + return status; + } + } + + if (status == APR_SUCCESS) { + status = h2_to_h1_add_header(req->to_h1, + name, nlen, value, vlen); + } + } + + return status; +} + +apr_status_t h2_request_write_data(h2_request *req, + const char *data, size_t len) +{ + return h2_to_h1_add_data(req->to_h1, data, len); +} + +apr_status_t h2_request_end_headers(h2_request *req, struct h2_mplx *m, + h2_task *task, int eos) +{ + if (!req->to_h1) { + apr_status_t status = insert_request_line(req, m); + if (status != APR_SUCCESS) { + return status; + } + } + return h2_to_h1_end_headers(req->to_h1, task, eos); +} + +apr_status_t h2_request_close(h2_request *req) +{ + return h2_to_h1_close(req->to_h1); +} + +static apr_status_t insert_request_line(h2_request *req, h2_mplx *m) +{ + req->to_h1 = h2_to_h1_create(req->id, req->pool, req->bucket_alloc, + req->method, + req->scheme, + req->authority, + req->path, m); + return req->to_h1? APR_SUCCESS : APR_ENOMEM; +} + +apr_status_t h2_request_flush(h2_request *req) +{ + return h2_to_h1_flush(req->to_h1); +} + diff --git a/modules/http2/h2_request.h b/modules/http2/h2_request.h new file mode 100644 index 00000000..aa5e0bc3 --- /dev/null +++ b/modules/http2/h2_request.h @@ -0,0 +1,67 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_request__ +#define __mod_h2__h2_request__ + +/* h2_request is the transformer of HTTP2 streams into HTTP/1.1 internal + * format that will be fed to various httpd input filters to finally + * become a request_rec to be handled by soemone. + * + * Ideally, we would make a request_rec without serializing the headers + * we have only to make someone else parse them back. + */ +struct h2_to_h1; +struct h2_mplx; +struct h2_task; + +typedef struct h2_request h2_request; + +struct h2_request { + int id; /* http2 stream id */ + apr_pool_t *pool; + apr_bucket_alloc_t *bucket_alloc; + struct h2_to_h1 *to_h1; /* Converter to HTTP/1.1 format*/ + + /* pseudo header values, see ch. 8.1.2.3 */ + const char *method; + const char *scheme; + const char *authority; + const char *path; +}; + +h2_request *h2_request_create(int id, apr_pool_t *pool, + apr_bucket_alloc_t *bucket_alloc); +void h2_request_destroy(h2_request *req); + +apr_status_t h2_request_flush(h2_request *req); + +apr_status_t h2_request_write_header(h2_request *req, + const char *name, size_t nlen, + const char *value, size_t vlen, + struct h2_mplx *m); + +apr_status_t h2_request_write_data(h2_request *request, + const char *data, size_t len); + +apr_status_t h2_request_end_headers(h2_request *req, struct h2_mplx *m, + struct h2_task *task, int eos); + +apr_status_t h2_request_close(h2_request *req); + +apr_status_t h2_request_rwrite(h2_request *req, request_rec *r, + struct h2_mplx *m); + +#endif /* defined(__mod_h2__h2_request__) */ diff --git a/modules/http2/h2_response.c b/modules/http2/h2_response.c new file mode 100644 index 00000000..9cedd855 --- /dev/null +++ b/modules/http2/h2_response.c @@ -0,0 +1,232 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include + +#include +#include +#include + +#include + +#include "h2_private.h" +#include "h2_util.h" +#include "h2_response.h" + +static h2_ngheader *make_ngheader(apr_pool_t *pool, const char *status, + apr_table_t *header); + +static int ignore_header(const char *name) +{ + return (H2_HD_MATCH_LIT_CS("connection", name) + || H2_HD_MATCH_LIT_CS("proxy-connection", name) + || H2_HD_MATCH_LIT_CS("upgrade", name) + || H2_HD_MATCH_LIT_CS("keep-alive", name) + || H2_HD_MATCH_LIT_CS("transfer-encoding", name)); +} + +h2_response *h2_response_create(int stream_id, + const char *http_status, + apr_array_header_t *hlines, + apr_pool_t *pool) +{ + apr_table_t *header; + h2_response *response = apr_pcalloc(pool, sizeof(h2_response)); + int i; + if (response == NULL) { + return NULL; + } + + response->stream_id = stream_id; + response->status = http_status; + response->content_length = -1; + + if (hlines) { + header = apr_table_make(pool, hlines->nelts); + for (i = 0; i < hlines->nelts; ++i) { + char *hline = ((char **)hlines->elts)[i]; + char *sep = ap_strchr(hline, ':'); + if (!sep) { + ap_log_perror(APLOG_MARK, APLOG_WARNING, APR_EINVAL, pool, + APLOGNO(02955) "h2_response(%d): invalid header[%d] '%s'", + response->stream_id, i, (char*)hline); + /* not valid format, abort */ + return NULL; + } + (*sep++) = '\0'; + while (*sep == ' ' || *sep == '\t') { + ++sep; + } + if (ignore_header(hline)) { + /* never forward, ch. 8.1.2.2 */ + } + else { + apr_table_merge(header, hline, sep); + if (*sep && H2_HD_MATCH_LIT_CS("content-length", hline)) { + char *end; + response->content_length = apr_strtoi64(sep, &end, 10); + if (sep == end) { + ap_log_perror(APLOG_MARK, APLOG_WARNING, APR_EINVAL, + pool, APLOGNO(02956) + "h2_response(%d): content-length" + " value not parsed: %s", + response->stream_id, sep); + response->content_length = -1; + } + } + } + } + } + else { + header = apr_table_make(pool, 0); + } + + response->rheader = header; + return response; +} + +h2_response *h2_response_rcreate(int stream_id, request_rec *r, + apr_table_t *header, apr_pool_t *pool) +{ + h2_response *response = apr_pcalloc(pool, sizeof(h2_response)); + if (response == NULL) { + return NULL; + } + + response->stream_id = stream_id; + response->status = apr_psprintf(pool, "%d", r->status); + response->content_length = -1; + response->rheader = header; + + return response; +} + +void h2_response_destroy(h2_response *response) +{ + (void)response; +} + +h2_response *h2_response_copy(apr_pool_t *pool, h2_response *from) +{ + h2_response *to = apr_pcalloc(pool, sizeof(h2_response)); + to->stream_id = from->stream_id; + to->status = apr_pstrdup(pool, from->status); + to->content_length = from->content_length; + if (from->rheader) { + to->ngheader = make_ngheader(pool, to->status, from->rheader); + } + return to; +} + +typedef struct { + nghttp2_nv *nv; + size_t nvlen; + size_t nvstrlen; + size_t offset; + char *strbuf; + apr_pool_t *pool; +} nvctx_t; + +static int count_header(void *ctx, const char *key, const char *value) +{ + if (!ignore_header(key)) { + nvctx_t *nvctx = (nvctx_t*)ctx; + nvctx->nvlen++; + nvctx->nvstrlen += strlen(key) + strlen(value) + 2; + } + return 1; +} + +#define NV_ADD_LIT_CS(nv, k, v) addnv_lit_cs(nv, k, sizeof(k) - 1, v, strlen(v)) +#define NV_ADD_CS_CS(nv, k, v) addnv_cs_cs(nv, k, strlen(k), v, strlen(v)) +#define NV_BUF_ADD(nv, s, len) memcpy(nv->strbuf, s, len); \ +s = nv->strbuf; \ +nv->strbuf += len + 1 + +static void addnv_cs_cs(nvctx_t *ctx, const char *key, size_t key_len, + const char *value, size_t val_len) +{ + nghttp2_nv *nv = &ctx->nv[ctx->offset]; + + NV_BUF_ADD(ctx, key, key_len); + NV_BUF_ADD(ctx, value, val_len); + + nv->name = (uint8_t*)key; + nv->namelen = key_len; + nv->value = (uint8_t*)value; + nv->valuelen = val_len; + + ctx->offset++; +} + +static void addnv_lit_cs(nvctx_t *ctx, const char *key, size_t key_len, + const char *value, size_t val_len) +{ + nghttp2_nv *nv = &ctx->nv[ctx->offset]; + + NV_BUF_ADD(ctx, value, val_len); + + nv->name = (uint8_t*)key; + nv->namelen = key_len; + nv->value = (uint8_t*)value; + nv->valuelen = val_len; + + ctx->offset++; +} + +static int add_header(void *ctx, const char *key, const char *value) +{ + if (!ignore_header(key)) { + nvctx_t *nvctx = (nvctx_t*)ctx; + NV_ADD_CS_CS(nvctx, key, value); + } + return 1; +} + +static h2_ngheader *make_ngheader(apr_pool_t *pool, const char *status, + apr_table_t *header) +{ + size_t n; + h2_ngheader *h; + nvctx_t ctx; + + ctx.nv = NULL; + ctx.nvlen = 1; + ctx.nvstrlen = strlen(status) + 1; + ctx.offset = 0; + ctx.strbuf = NULL; + ctx.pool = pool; + + apr_table_do(count_header, &ctx, header, NULL); + + n = (sizeof(h2_ngheader) + + (ctx.nvlen * sizeof(nghttp2_nv)) + ctx.nvstrlen); + h = apr_pcalloc(pool, n); + if (h) { + ctx.nv = (nghttp2_nv*)(h + 1); + ctx.strbuf = (char*)&ctx.nv[ctx.nvlen]; + + NV_ADD_LIT_CS(&ctx, ":status", status); + apr_table_do(add_header, &ctx, header, NULL); + + h->nv = ctx.nv; + h->nvlen = ctx.nvlen; + } + return h; +} + diff --git a/modules/http2/h2_response.h b/modules/http2/h2_response.h new file mode 100644 index 00000000..456d2226 --- /dev/null +++ b/modules/http2/h2_response.h @@ -0,0 +1,47 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_response__ +#define __mod_h2__h2_response__ + +/* h2_response is just the data belonging the the head of a HTTP response, + * suitable prepared to be fed to nghttp2 for response submit. + */ +typedef struct h2_ngheader { + nghttp2_nv *nv; + apr_size_t nvlen; +} h2_ngheader; + +typedef struct h2_response { + int stream_id; + const char *status; + apr_off_t content_length; + apr_table_t *rheader; + h2_ngheader *ngheader; +} h2_response; + +h2_response *h2_response_create(int stream_id, + const char *http_status, + apr_array_header_t *hlines, + apr_pool_t *pool); + +h2_response *h2_response_rcreate(int stream_id, request_rec *r, + apr_table_t *header, apr_pool_t *pool); + +void h2_response_destroy(h2_response *response); + +h2_response *h2_response_copy(apr_pool_t *pool, h2_response *from); + +#endif /* defined(__mod_h2__h2_response__) */ diff --git a/modules/http2/h2_session.c b/modules/http2/h2_session.c new file mode 100644 index 00000000..c3456a06 --- /dev/null +++ b/modules/http2/h2_session.c @@ -0,0 +1,1270 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_config.h" +#include "h2_h2.h" +#include "h2_mplx.h" +#include "h2_response.h" +#include "h2_stream.h" +#include "h2_stream_set.h" +#include "h2_from_h1.h" +#include "h2_task.h" +#include "h2_session.h" +#include "h2_util.h" +#include "h2_version.h" +#include "h2_workers.h" + +static int frame_print(const nghttp2_frame *frame, char *buffer, size_t maxlen); + +static int h2_session_status_from_apr_status(apr_status_t rv) +{ + switch (rv) { + case APR_SUCCESS: + return NGHTTP2_NO_ERROR; + case APR_EAGAIN: + case APR_TIMEUP: + return NGHTTP2_ERR_WOULDBLOCK; + case APR_EOF: + return NGHTTP2_ERR_EOF; + default: + return NGHTTP2_ERR_PROTO; + } +} + +static int stream_open(h2_session *session, int stream_id) +{ + h2_stream * stream; + if (session->aborted) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + + stream = h2_mplx_open_io(session->mplx, stream_id); + if (stream) { + h2_stream_set_add(session->streams, stream); + if (stream->id > session->max_stream_received) { + session->max_stream_received = stream->id; + } + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_session: stream(%ld-%d): opened", + session->id, stream_id); + + return 0; + } + + ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_ENOMEM, session->c, + APLOGNO(02918) + "h2_session: stream(%ld-%d): unable to create", + session->id, stream_id); + return NGHTTP2_ERR_INVALID_STREAM_ID; +} + +static apr_status_t stream_end_headers(h2_session *session, + h2_stream *stream, int eos) +{ + (void)session; + return h2_stream_write_eoh(stream, eos); +} + +static apr_status_t send_data(h2_session *session, const char *data, + apr_size_t length); + +/* + * Callback when nghttp2 wants to send bytes back to the client. + */ +static ssize_t send_cb(nghttp2_session *ngh2, + const uint8_t *data, size_t length, + int flags, void *userp) +{ + h2_session *session = (h2_session *)userp; + apr_status_t status = send_data(session, (const char *)data, length); + + (void)ngh2; + (void)flags; + if (status == APR_SUCCESS) { + return length; + } + if (status == APR_EAGAIN || status == APR_TIMEUP) { + return NGHTTP2_ERR_WOULDBLOCK; + } + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, session->c, + "h2_session: send error"); + return h2_session_status_from_apr_status(status); +} + +static int on_invalid_frame_recv_cb(nghttp2_session *ngh2, + const nghttp2_frame *frame, + int error, void *userp) +{ + h2_session *session = (h2_session *)userp; + (void)ngh2; + + if (session->aborted) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + if (APLOGctrace2(session->c)) { + char buffer[256]; + + frame_print(frame, buffer, sizeof(buffer)/sizeof(buffer[0])); + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, session->c, + "h2_session: callback on_invalid_frame_recv error=%d %s", + error, buffer); + } + return 0; +} + +static int on_data_chunk_recv_cb(nghttp2_session *ngh2, uint8_t flags, + int32_t stream_id, + const uint8_t *data, size_t len, void *userp) +{ + int rv; + h2_session *session = (h2_session *)userp; + h2_stream * stream; + apr_status_t status; + + (void)flags; + if (session->aborted) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + stream = h2_stream_set_get(session->streams, stream_id); + if (!stream) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, session->c, + APLOGNO(02919) + "h2_session: stream(%ld-%d): on_data_chunk for unknown stream", + session->id, (int)stream_id); + rv = nghttp2_submit_rst_stream(ngh2, NGHTTP2_FLAG_NONE, stream_id, + NGHTTP2_INTERNAL_ERROR); + if (nghttp2_is_fatal(rv)) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return 0; + } + + status = h2_stream_write_data(stream, (const char *)data, len); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, session->c, + "h2_stream(%ld-%d): written DATA, length %d", + session->id, stream_id, (int)len); + if (status != APR_SUCCESS) { + rv = nghttp2_submit_rst_stream(ngh2, NGHTTP2_FLAG_NONE, stream_id, + NGHTTP2_INTERNAL_ERROR); + if (nghttp2_is_fatal(rv)) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + } + return 0; +} + +static int before_frame_send_cb(nghttp2_session *ngh2, + const nghttp2_frame *frame, + void *userp) +{ + h2_session *session = (h2_session *)userp; + (void)ngh2; + + if (session->aborted) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + if (APLOGctrace2(session->c)) { + char buffer[256]; + frame_print(frame, buffer, sizeof(buffer)/sizeof(buffer[0])); + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_session(%ld): before_frame_send %s", + session->id, buffer); + } + return 0; +} + +static int on_frame_send_cb(nghttp2_session *ngh2, + const nghttp2_frame *frame, + void *userp) +{ + h2_session *session = (h2_session *)userp; + (void)ngh2; (void)frame; + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, session->c, + "h2_session(%ld): on_frame_send", session->id); + return 0; +} + +static int on_frame_not_send_cb(nghttp2_session *ngh2, + const nghttp2_frame *frame, + int lib_error_code, void *userp) +{ + h2_session *session = (h2_session *)userp; + (void)ngh2; + + if (APLOGctrace2(session->c)) { + char buffer[256]; + + frame_print(frame, buffer, sizeof(buffer)/sizeof(buffer[0])); + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_session: callback on_frame_not_send error=%d %s", + lib_error_code, buffer); + } + return 0; +} + +static apr_status_t stream_destroy(h2_session *session, + h2_stream *stream, + uint32_t error_code) +{ + if (!error_code) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_stream(%ld-%d): handled, closing", + session->id, (int)stream->id); + if (stream->id > session->max_stream_handled) { + session->max_stream_handled = stream->id; + } + } + else { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_stream(%ld-%d): closing with err=%d %s", + session->id, (int)stream->id, (int)error_code, + nghttp2_strerror(error_code)); + } + + h2_stream_set_remove(session->streams, stream); + return h2_mplx_cleanup_stream(session->mplx, stream); +} + +static int on_stream_close_cb(nghttp2_session *ngh2, int32_t stream_id, + uint32_t error_code, void *userp) +{ + h2_session *session = (h2_session *)userp; + h2_stream *stream; + + (void)ngh2; + if (session->aborted) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + stream = h2_stream_set_get(session->streams, stream_id); + if (stream) { + stream_destroy(session, stream, error_code); + } + + if (error_code) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_stream(%ld-%d): close error %d", + session->id, (int)stream_id, error_code); + } + + return 0; +} + +static int on_begin_headers_cb(nghttp2_session *ngh2, + const nghttp2_frame *frame, void *userp) +{ + /* This starts a new stream. */ + int rv; + (void)ngh2; + rv = stream_open((h2_session *)userp, frame->hd.stream_id); + if (rv != NGHTTP2_ERR_CALLBACK_FAILURE) { + /* on_header_cb or on_frame_recv_cb will dectect that stream + does not exist and submit RST_STREAM. */ + return 0; + } + return NGHTTP2_ERR_CALLBACK_FAILURE; +} + +static int on_header_cb(nghttp2_session *ngh2, const nghttp2_frame *frame, + const uint8_t *name, size_t namelen, + const uint8_t *value, size_t valuelen, + uint8_t flags, + void *userp) +{ + h2_session *session = (h2_session *)userp; + h2_stream * stream; + apr_status_t status; + + (void)ngh2; + (void)flags; + if (session->aborted) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + stream = h2_stream_set_get(session->streams, + frame->hd.stream_id); + if (!stream) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, session->c, + APLOGNO(02920) + "h2_session: stream(%ld-%d): on_header for unknown stream", + session->id, (int)frame->hd.stream_id); + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + } + + status = h2_stream_write_header(stream, + (const char *)name, namelen, + (const char *)value, valuelen); + if (status != APR_SUCCESS) { + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + } + return 0; +} + +/** + * nghttp2 session has received a complete frame. Most, it uses + * for processing of internal state. HEADER and DATA frames however + * we need to handle ourself. + */ +static int on_frame_recv_cb(nghttp2_session *ng2s, + const nghttp2_frame *frame, + void *userp) +{ + int rv; + h2_session *session = (h2_session *)userp; + apr_status_t status = APR_SUCCESS; + if (session->aborted) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + + ++session->frames_received; + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, + "h2_session(%ld): on_frame_rcv #%ld, type=%d", session->id, + (long)session->frames_received, frame->hd.type); + switch (frame->hd.type) { + case NGHTTP2_HEADERS: { + int eos; + h2_stream * stream = h2_stream_set_get(session->streams, + frame->hd.stream_id); + if (stream == NULL) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, session->c, + APLOGNO(02921) + "h2_session: stream(%ld-%d): HEADERS frame " + "for unknown stream", session->id, + (int)frame->hd.stream_id); + rv = nghttp2_submit_rst_stream(ng2s, NGHTTP2_FLAG_NONE, + frame->hd.stream_id, + NGHTTP2_INTERNAL_ERROR); + if (nghttp2_is_fatal(rv)) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return 0; + } + + eos = (frame->hd.flags & NGHTTP2_FLAG_END_STREAM); + status = stream_end_headers(session, stream, eos); + + break; + } + case NGHTTP2_DATA: { + h2_stream * stream = h2_stream_set_get(session->streams, + frame->hd.stream_id); + if (stream == NULL) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, session->c, + APLOGNO(02922) + "h2_session: stream(%ld-%d): DATA frame " + "for unknown stream", session->id, + (int)frame->hd.stream_id); + rv = nghttp2_submit_rst_stream(ng2s, NGHTTP2_FLAG_NONE, + frame->hd.stream_id, + NGHTTP2_INTERNAL_ERROR); + if (nghttp2_is_fatal(rv)) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return 0; + } + break; + } + case NGHTTP2_PRIORITY: { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, + "h2_session: stream(%ld-%d): PRIORITY frame " + " weight=%d, dependsOn=%d, exclusive=%d", + session->id, (int)frame->hd.stream_id, + frame->priority.pri_spec.weight, + frame->priority.pri_spec.stream_id, + frame->priority.pri_spec.exclusive); + break; + } + default: + if (APLOGctrace2(session->c)) { + char buffer[256]; + + frame_print(frame, buffer, + sizeof(buffer)/sizeof(buffer[0])); + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, session->c, + "h2_session: on_frame_rcv %s", buffer); + } + break; + } + + /* only DATA and HEADERS frame can bear END_STREAM flag. Other + frame types may have other flag which has the same value, so we + have to check the frame type first. */ + if ((frame->hd.type == NGHTTP2_DATA || frame->hd.type == NGHTTP2_HEADERS) && + frame->hd.flags & NGHTTP2_FLAG_END_STREAM) { + h2_stream * stream = h2_stream_set_get(session->streams, + frame->hd.stream_id); + if (stream != NULL) { + status = h2_stream_write_eos(stream); + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, session->c, + "h2_stream(%ld-%d): input closed", + session->id, (int)frame->hd.stream_id); + } + } + + if (status != APR_SUCCESS) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, status, session->c, + APLOGNO(02923) + "h2_session: stream(%ld-%d): error handling frame", + session->id, (int)frame->hd.stream_id); + rv = nghttp2_submit_rst_stream(ng2s, NGHTTP2_FLAG_NONE, + frame->hd.stream_id, + NGHTTP2_INTERNAL_ERROR); + if (nghttp2_is_fatal(rv)) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return 0; + } + + return 0; +} + +static apr_status_t send_data(h2_session *session, const char *data, + apr_size_t length) +{ + return h2_conn_io_write(&session->io, data, length); +} + +static apr_status_t pass_data(void *ctx, + const char *data, apr_size_t length) +{ + return send_data((h2_session*)ctx, data, length); +} + +static int on_send_data_cb(nghttp2_session *ngh2, + nghttp2_frame *frame, + const uint8_t *framehd, + size_t length, + nghttp2_data_source *source, + void *userp) +{ + apr_status_t status = APR_SUCCESS; + h2_session *session = (h2_session *)userp; + int stream_id = (int)frame->hd.stream_id; + const unsigned char padlen = frame->data.padlen; + int eos; + h2_stream *stream; + + (void)ngh2; + (void)source; + if (session->aborted) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + + stream = h2_stream_set_get(session->streams, stream_id); + if (!stream) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_NOTFOUND, session->c, + APLOGNO(02924) + "h2_stream(%ld-%d): send_data", + session->id, (int)stream_id); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + + status = send_data(session, (const char *)framehd, 9); + if (status == APR_SUCCESS) { + if (padlen) { + status = send_data(session, (const char *)&padlen, 1); + } + + if (status == APR_SUCCESS) { + apr_size_t len = length; + status = h2_stream_readx(stream, pass_data, session, + &len, &eos); + if (status == APR_SUCCESS && len != length) { + status = APR_EINVAL; + } + } + + if (status == APR_SUCCESS && padlen) { + if (padlen) { + char pad[256]; + memset(pad, 0, padlen); + status = send_data(session, pad, padlen); + } + } + } + + if (status == APR_SUCCESS) { + return 0; + } + else if (status != APR_EOF) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, status, session->c, + APLOGNO(02925) + "h2_stream(%ld-%d): failed send_data_cb", + session->id, (int)stream_id); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + + return h2_session_status_from_apr_status(status); +} + + +#define NGH2_SET_CALLBACK(callbacks, name, fn)\ +nghttp2_session_callbacks_set_##name##_callback(callbacks, fn) + +static apr_status_t init_callbacks(conn_rec *c, nghttp2_session_callbacks **pcb) +{ + int rv = nghttp2_session_callbacks_new(pcb); + if (rv != 0) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, + APLOGNO(02926) "nghttp2_session_callbacks_new: %s", + nghttp2_strerror(rv)); + return APR_EGENERAL; + } + + NGH2_SET_CALLBACK(*pcb, send, send_cb); + NGH2_SET_CALLBACK(*pcb, on_frame_recv, on_frame_recv_cb); + NGH2_SET_CALLBACK(*pcb, on_invalid_frame_recv, on_invalid_frame_recv_cb); + NGH2_SET_CALLBACK(*pcb, on_data_chunk_recv, on_data_chunk_recv_cb); + NGH2_SET_CALLBACK(*pcb, before_frame_send, before_frame_send_cb); + NGH2_SET_CALLBACK(*pcb, on_frame_send, on_frame_send_cb); + NGH2_SET_CALLBACK(*pcb, on_frame_not_send, on_frame_not_send_cb); + NGH2_SET_CALLBACK(*pcb, on_stream_close, on_stream_close_cb); + NGH2_SET_CALLBACK(*pcb, on_begin_headers, on_begin_headers_cb); + NGH2_SET_CALLBACK(*pcb, on_header, on_header_cb); + NGH2_SET_CALLBACK(*pcb, send_data, on_send_data_cb); + + return APR_SUCCESS; +} + +static h2_session *h2_session_create_int(conn_rec *c, + request_rec *r, + h2_config *config, + h2_workers *workers) +{ + nghttp2_session_callbacks *callbacks = NULL; + nghttp2_option *options = NULL; + + apr_pool_t *pool = NULL; + apr_status_t status = apr_pool_create(&pool, r? r->pool : c->pool); + h2_session *session; + if (status != APR_SUCCESS) { + return NULL; + } + + session = apr_pcalloc(pool, sizeof(h2_session)); + if (session) { + int rv; + session->id = c->id; + session->c = c; + session->r = r; + + session->max_stream_count = h2_config_geti(config, H2_CONF_MAX_STREAMS); + session->max_stream_mem = h2_config_geti(config, H2_CONF_STREAM_MAX_MEM); + + session->pool = pool; + + status = apr_thread_cond_create(&session->iowait, session->pool); + if (status != APR_SUCCESS) { + return NULL; + } + + session->streams = h2_stream_set_create(session->pool); + + session->workers = workers; + session->mplx = h2_mplx_create(c, session->pool, workers); + + h2_conn_io_init(&session->io, c); + session->bbtmp = apr_brigade_create(session->pool, c->bucket_alloc); + + status = init_callbacks(c, &callbacks); + if (status != APR_SUCCESS) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, status, c, APLOGNO(02927) + "nghttp2: error in init_callbacks"); + h2_session_destroy(session); + return NULL; + } + + rv = nghttp2_option_new(&options); + if (rv != 0) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_EGENERAL, c, + APLOGNO(02928) "nghttp2_option_new: %s", + nghttp2_strerror(rv)); + h2_session_destroy(session); + return NULL; + } + + nghttp2_option_set_peer_max_concurrent_streams(options, + (uint32_t)session->max_stream_count); + + /* We need to handle window updates ourself, otherwise we + * get flooded by nghttp2. */ + nghttp2_option_set_no_auto_window_update(options, 1); + + rv = nghttp2_session_server_new2(&session->ngh2, callbacks, + session, options); + nghttp2_session_callbacks_del(callbacks); + nghttp2_option_del(options); + + if (rv != 0) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_EGENERAL, c, + APLOGNO(02929) "nghttp2_session_server_new: %s", + nghttp2_strerror(rv)); + h2_session_destroy(session); + return NULL; + } + + } + return session; +} + +h2_session *h2_session_create(conn_rec *c, h2_config *config, + h2_workers *workers) +{ + return h2_session_create_int(c, NULL, config, workers); +} + +h2_session *h2_session_rcreate(request_rec *r, h2_config *config, + h2_workers *workers) +{ + return h2_session_create_int(r->connection, r, config, workers); +} + +void h2_session_destroy(h2_session *session) +{ + AP_DEBUG_ASSERT(session); + if (session->mplx) { + h2_mplx_release_and_join(session->mplx, session->iowait); + session->mplx = NULL; + } + if (session->streams) { + if (h2_stream_set_size(session->streams)) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, session->c, + "h2_session(%ld): destroy, %d streams open", + session->id, (int)h2_stream_set_size(session->streams)); + } + h2_stream_set_destroy(session->streams); + session->streams = NULL; + } + if (session->ngh2) { + nghttp2_session_del(session->ngh2); + session->ngh2 = NULL; + } + h2_conn_io_destroy(&session->io); + + if (session->iowait) { + apr_thread_cond_destroy(session->iowait); + session->iowait = NULL; + } + + if (session->pool) { + apr_pool_destroy(session->pool); + } +} + +static apr_status_t h2_session_abort_int(h2_session *session, int reason) +{ + AP_DEBUG_ASSERT(session); + if (!session->aborted) { + session->aborted = 1; + if (session->ngh2) { + + if (!reason) { + nghttp2_submit_goaway(session->ngh2, NGHTTP2_FLAG_NONE, + session->max_stream_received, + reason, NULL, 0); + nghttp2_session_send(session->ngh2); + h2_conn_io_flush(&session->io); + } + else { + const char *err = nghttp2_strerror(reason); + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "session(%ld): aborting session, reason=%d %s", + session->id, reason, err); + + if (NGHTTP2_ERR_EOF == reason) { + /* This is our way of indication that the connection is + * gone. No use to send any GOAWAY frames. */ + nghttp2_session_terminate_session(session->ngh2, reason); + } + else { + /* The connection might still be there and we shut down + * with GOAWAY and reason information. */ + nghttp2_submit_goaway(session->ngh2, NGHTTP2_FLAG_NONE, + session->max_stream_received, + reason, (const uint8_t *)err, + strlen(err)); + nghttp2_session_send(session->ngh2); + h2_conn_io_flush(&session->io); + } + } + } + h2_mplx_abort(session->mplx); + } + return APR_SUCCESS; +} + +apr_status_t h2_session_abort(h2_session *session, apr_status_t reason, int rv) +{ + AP_DEBUG_ASSERT(session); + if (rv == 0) { + rv = NGHTTP2_ERR_PROTO; + switch (reason) { + case APR_ENOMEM: + rv = NGHTTP2_ERR_NOMEM; + break; + case APR_SUCCESS: /* all fine, just... */ + case APR_EOF: /* client closed its end... */ + case APR_TIMEUP: /* got bored waiting... */ + rv = 0; /* ...gracefully shut down */ + break; + case APR_EBADF: /* connection unusable, terminate silently */ + case APR_ECONNABORTED: + rv = NGHTTP2_ERR_EOF; + break; + default: + break; + } + } + return h2_session_abort_int(session, rv); +} + +apr_status_t h2_session_start(h2_session *session, int *rv) +{ + apr_status_t status = APR_SUCCESS; + h2_config *config; + nghttp2_settings_entry settings[3]; + + AP_DEBUG_ASSERT(session); + /* Start the conversation by submitting our SETTINGS frame */ + *rv = 0; + config = h2_config_get(session->c); + if (session->r) { + const char *s, *cs; + apr_size_t dlen; + h2_stream * stream; + + /* better for vhost matching */ + config = h2_config_rget(session->r); + + /* 'h2c' mode: we should have a 'HTTP2-Settings' header with + * base64 encoded client settings. */ + s = apr_table_get(session->r->headers_in, "HTTP2-Settings"); + if (!s) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, APR_EINVAL, session->r, + APLOGNO(02931) + "HTTP2-Settings header missing in request"); + return APR_EINVAL; + } + cs = NULL; + dlen = h2_util_base64url_decode(&cs, s, session->pool); + + if (APLOGrdebug(session->r)) { + char buffer[128]; + h2_util_hex_dump(buffer, 128, (char*)cs, dlen); + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, session->r, + "upgrading h2c session with HTTP2-Settings: %s -> %s (%d)", + s, buffer, (int)dlen); + } + + *rv = nghttp2_session_upgrade(session->ngh2, (uint8_t*)cs, dlen, NULL); + if (*rv != 0) { + status = APR_EINVAL; + ap_log_rerror(APLOG_MARK, APLOG_ERR, status, session->r, + APLOGNO(02932) "nghttp2_session_upgrade: %s", + nghttp2_strerror(*rv)); + return status; + } + + /* Now we need to auto-open stream 1 for the request we got. */ + *rv = stream_open(session, 1); + if (*rv != 0) { + status = APR_EGENERAL; + ap_log_rerror(APLOG_MARK, APLOG_ERR, status, session->r, + APLOGNO(02933) "open stream 1: %s", + nghttp2_strerror(*rv)); + return status; + } + + stream = h2_stream_set_get(session->streams, 1); + if (stream == NULL) { + status = APR_EGENERAL; + ap_log_rerror(APLOG_MARK, APLOG_ERR, status, session->r, + APLOGNO(02934) "lookup of stream 1"); + return status; + } + + status = h2_stream_rwrite(stream, session->r); + if (status != APR_SUCCESS) { + return status; + } + status = stream_end_headers(session, stream, 1); + if (status != APR_SUCCESS) { + return status; + } + } + + settings[0].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS; + settings[0].value = (uint32_t)session->max_stream_count; + settings[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE; + settings[1].value = h2_config_geti(config, H2_CONF_WIN_SIZE); + settings[2].settings_id = NGHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE; + settings[2].value = 64*1024; + + *rv = nghttp2_submit_settings(session->ngh2, NGHTTP2_FLAG_NONE, + settings, + sizeof(settings)/sizeof(settings[0])); + if (*rv != 0) { + status = APR_EGENERAL; + ap_log_cerror(APLOG_MARK, APLOG_ERR, status, session->c, + APLOGNO(02935) "nghttp2_submit_settings: %s", + nghttp2_strerror(*rv)); + } + + return status; +} + +static int h2_session_want_write(h2_session *session) +{ + return nghttp2_session_want_write(session->ngh2); +} + +typedef struct { + h2_session *session; + int resume_count; +} resume_ctx; + +static int resume_on_data(void *ctx, h2_stream *stream) { + resume_ctx *rctx = (resume_ctx*)ctx; + h2_session *session = rctx->session; + AP_DEBUG_ASSERT(session); + AP_DEBUG_ASSERT(stream); + + if (h2_stream_is_suspended(stream)) { + if (h2_mplx_out_has_data_for(stream->m, stream->id)) { + int rv; + h2_stream_set_suspended(stream, 0); + ++rctx->resume_count; + + rv = nghttp2_session_resume_data(session->ngh2, stream->id); + ap_log_cerror(APLOG_MARK, nghttp2_is_fatal(rv)? + APLOG_ERR : APLOG_DEBUG, 0, session->c, + APLOGNO(02936) + "h2_stream(%ld-%d): resuming stream %s", + session->id, stream->id, nghttp2_strerror(rv)); + } + } + return 1; +} + +static int h2_session_resume_streams_with_data(h2_session *session) { + AP_DEBUG_ASSERT(session); + if (!h2_stream_set_is_empty(session->streams) + && session->mplx && !session->aborted) { + resume_ctx ctx; + + ctx.session = session; + ctx.resume_count = 0; + + /* Resume all streams where we have data in the out queue and + * which had been suspended before. */ + h2_stream_set_iter(session->streams, resume_on_data, &ctx); + return ctx.resume_count; + } + return 0; +} + +static void update_window(void *ctx, int stream_id, apr_size_t bytes_read) +{ + h2_session *session = (h2_session*)ctx; + nghttp2_session_consume(session->ngh2, stream_id, bytes_read); +} + +static apr_status_t h2_session_update_windows(h2_session *session) +{ + return h2_mplx_in_update_windows(session->mplx, update_window, session); +} + +apr_status_t h2_session_write(h2_session *session, apr_interval_time_t timeout) +{ + apr_status_t status = APR_EAGAIN; + h2_stream *stream = NULL; + int flush_output = 0; + + AP_DEBUG_ASSERT(session); + + /* Check that any pending window updates are sent. */ + status = h2_session_update_windows(session); + if (status == APR_SUCCESS) { + flush_output = 1; + } + else if (status != APR_EAGAIN) { + return status; + } + + if (h2_session_want_write(session)) { + int rv; + status = APR_SUCCESS; + rv = nghttp2_session_send(session->ngh2); + if (rv != 0) { + ap_log_cerror( APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_session: send: %s", nghttp2_strerror(rv)); + if (nghttp2_is_fatal(rv)) { + h2_session_abort_int(session, rv); + status = APR_ECONNABORTED; + } + } + flush_output = 1; + } + + /* If we have responses ready, submit them now. */ + while ((stream = h2_mplx_next_submit(session->mplx, + session->streams)) != NULL) { + status = h2_session_handle_response(session, stream); + flush_output = 1; + } + + if (h2_session_resume_streams_with_data(session) > 0) { + flush_output = 1; + } + + if (!flush_output && timeout > 0 && !h2_session_want_write(session)) { + status = h2_mplx_out_trywait(session->mplx, timeout, session->iowait); + + if (status != APR_TIMEUP + && h2_session_resume_streams_with_data(session) > 0) { + flush_output = 1; + } + else { + /* nothing happened to ongoing streams, do some house-keeping */ + } + } + + if (h2_session_want_write(session)) { + int rv; + status = APR_SUCCESS; + rv = nghttp2_session_send(session->ngh2); + if (rv != 0) { + ap_log_cerror( APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_session: send2: %s", nghttp2_strerror(rv)); + if (nghttp2_is_fatal(rv)) { + h2_session_abort_int(session, rv); + status = APR_ECONNABORTED; + } + } + flush_output = 1; + } + + if (flush_output) { + h2_conn_io_flush(&session->io); + } + + return status; +} + +h2_stream *h2_session_get_stream(h2_session *session, int stream_id) +{ + AP_DEBUG_ASSERT(session); + return h2_stream_set_get(session->streams, stream_id); +} + +/* h2_io_on_read_cb implementation that offers the data read + * directly to the session for consumption. + */ +static apr_status_t session_receive(const char *data, apr_size_t len, + apr_size_t *readlen, int *done, + void *puser) +{ + h2_session *session = (h2_session *)puser; + AP_DEBUG_ASSERT(session); + if (len > 0) { + ssize_t n = nghttp2_session_mem_recv(session->ngh2, + (const uint8_t *)data, len); + if (n < 0) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_EGENERAL, + session->c, + "h2_session: nghttp2_session_mem_recv error %d", + (int)n); + if (nghttp2_is_fatal((int)n)) { + *done = 1; + h2_session_abort_int(session, (int)n); + return APR_EGENERAL; + } + } + else { + *readlen = n; + } + } + return APR_SUCCESS; +} + +apr_status_t h2_session_read(h2_session *session, apr_read_type_e block) +{ + AP_DEBUG_ASSERT(session); + return h2_conn_io_read(&session->io, block, session_receive, session); +} + +apr_status_t h2_session_close(h2_session *session) +{ + AP_DEBUG_ASSERT(session); + return session->aborted? APR_SUCCESS : h2_conn_io_flush(&session->io); +} + +/* The session wants to send more DATA for the given stream. + */ +static ssize_t stream_data_cb(nghttp2_session *ng2s, + int32_t stream_id, + uint8_t *buf, + size_t length, + uint32_t *data_flags, + nghttp2_data_source *source, + void *puser) +{ + h2_session *session = (h2_session *)puser; + apr_size_t nread = length; + int eos = 0; + apr_status_t status; + h2_stream *stream; + AP_DEBUG_ASSERT(session); + + (void)ng2s; + (void)buf; + (void)source; + stream = h2_stream_set_get(session->streams, stream_id); + if (!stream) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_NOTFOUND, session->c, + APLOGNO(02937) + "h2_stream(%ld-%d): data requested but stream not found", + session->id, (int)stream_id); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + + AP_DEBUG_ASSERT(!h2_stream_is_suspended(stream)); + + status = h2_stream_prep_read(stream, &nread, &eos); + if (nread) { + *data_flags |= NGHTTP2_DATA_FLAG_NO_COPY; + } + + switch (status) { + case APR_SUCCESS: + break; + + case APR_EAGAIN: + /* If there is no data available, our session will automatically + * suspend this stream and not ask for more data until we resume + * it. Remember at our h2_stream that we need to do this. + */ + nread = 0; + h2_stream_set_suspended(stream, 1); + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_stream(%ld-%d): suspending stream", + session->id, (int)stream_id); + return NGHTTP2_ERR_DEFERRED; + + case APR_EOF: + nread = 0; + eos = 1; + break; + + default: + nread = 0; + ap_log_cerror(APLOG_MARK, APLOG_ERR, status, session->c, + APLOGNO(02938) "h2_stream(%ld-%d): reading data", + session->id, (int)stream_id); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + + if (eos) { + *data_flags |= NGHTTP2_DATA_FLAG_EOF; + } + + return (ssize_t)nread; +} + +typedef struct { + nghttp2_nv *nv; + size_t nvlen; + size_t offset; +} nvctx_t; + +static int submit_response(h2_session *session, h2_response *response) +{ + nghttp2_data_provider provider; + int rv; + + memset(&provider, 0, sizeof(provider)); + provider.source.fd = response->stream_id; + provider.read_callback = stream_data_cb; + + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, + "h2_stream(%ld-%d): submitting response %s", + session->id, response->stream_id, response->status); + + rv = nghttp2_submit_response(session->ngh2, response->stream_id, + response->ngheader->nv, + response->ngheader->nvlen, &provider); + + if (rv != 0) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, session->c, + APLOGNO(02939) "h2_stream(%ld-%d): submit_response: %s", + session->id, response->stream_id, nghttp2_strerror(rv)); + } + else { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, + "h2_stream(%ld-%d): submitted response %s, rv=%d", + session->id, response->stream_id, + response->status, rv); + } + return rv; +} + +/* Start submitting the response to a stream request. This is possible + * once we have all the response headers. The response body will be + * read by the session using the callback we supply. + */ +apr_status_t h2_session_handle_response(h2_session *session, h2_stream *stream) +{ + apr_status_t status = APR_SUCCESS; + int rv = 0; + AP_DEBUG_ASSERT(session); + AP_DEBUG_ASSERT(stream); + AP_DEBUG_ASSERT(stream->response); + + if (stream->response->ngheader) { + rv = submit_response(session, stream->response); + } + else { + rv = nghttp2_submit_rst_stream(session->ngh2, NGHTTP2_FLAG_NONE, + stream->id, NGHTTP2_PROTOCOL_ERROR); + } + + if (nghttp2_is_fatal(rv)) { + status = APR_EGENERAL; + h2_session_abort_int(session, rv); + ap_log_cerror(APLOG_MARK, APLOG_ERR, status, session->c, + APLOGNO(02940) "submit_response: %s", + nghttp2_strerror(rv)); + } + return status; +} + +int h2_session_is_done(h2_session *session) +{ + AP_DEBUG_ASSERT(session); + return (session->aborted + || !session->ngh2 + || (!nghttp2_session_want_read(session->ngh2) + && !nghttp2_session_want_write(session->ngh2))); +} + +static int log_stream(void *ctx, h2_stream *stream) +{ + h2_session *session = (h2_session *)ctx; + AP_DEBUG_ASSERT(session); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, + "h2_stream(%ld-%d): in set, suspended=%d, aborted=%d, " + "has_data=%d", + session->id, stream->id, stream->suspended, stream->aborted, + h2_mplx_out_has_data_for(session->mplx, stream->id)); + return 1; +} + +void h2_session_log_stats(h2_session *session) +{ + AP_DEBUG_ASSERT(session); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, session->c, + "h2_session(%ld): %d open streams", + session->id, (int)h2_stream_set_size(session->streams)); + h2_stream_set_iter(session->streams, log_stream, session); +} + +static int frame_print(const nghttp2_frame *frame, char *buffer, size_t maxlen) +{ + char scratch[128]; + size_t s_len = sizeof(scratch)/sizeof(scratch[0]); + + switch (frame->hd.type) { + case NGHTTP2_DATA: { + return apr_snprintf(buffer, maxlen, + "DATA[length=%d, flags=%d, stream=%d, padlen=%d]", + (int)frame->hd.length, frame->hd.flags, + frame->hd.stream_id, (int)frame->data.padlen); + } + case NGHTTP2_HEADERS: { + return apr_snprintf(buffer, maxlen, + "HEADERS[length=%d, hend=%d, stream=%d, eos=%d]", + (int)frame->hd.length, + !!(frame->hd.flags & NGHTTP2_FLAG_END_HEADERS), + frame->hd.stream_id, + !!(frame->hd.flags & NGHTTP2_FLAG_END_STREAM)); + } + case NGHTTP2_PRIORITY: { + return apr_snprintf(buffer, maxlen, + "PRIORITY[length=%d, flags=%d, stream=%d]", + (int)frame->hd.length, + frame->hd.flags, frame->hd.stream_id); + } + case NGHTTP2_RST_STREAM: { + return apr_snprintf(buffer, maxlen, + "RST_STREAM[length=%d, flags=%d, stream=%d]", + (int)frame->hd.length, + frame->hd.flags, frame->hd.stream_id); + } + case NGHTTP2_SETTINGS: { + if (frame->hd.flags & NGHTTP2_FLAG_ACK) { + return apr_snprintf(buffer, maxlen, + "SETTINGS[ack=1, stream=%d]", + frame->hd.stream_id); + } + return apr_snprintf(buffer, maxlen, + "SETTINGS[length=%d, stream=%d]", + (int)frame->hd.length, frame->hd.stream_id); + } + case NGHTTP2_PUSH_PROMISE: { + return apr_snprintf(buffer, maxlen, + "PUSH_PROMISE[length=%d, hend=%d, stream=%d]", + (int)frame->hd.length, + !!(frame->hd.flags & NGHTTP2_FLAG_END_HEADERS), + frame->hd.stream_id); + } + case NGHTTP2_PING: { + return apr_snprintf(buffer, maxlen, + "PING[length=%d, ack=%d, stream=%d]", + (int)frame->hd.length, + frame->hd.flags&NGHTTP2_FLAG_ACK, + frame->hd.stream_id); + } + case NGHTTP2_GOAWAY: { + size_t len = (frame->goaway.opaque_data_len < s_len)? + frame->goaway.opaque_data_len : s_len-1; + memcpy(scratch, frame->goaway.opaque_data, len); + scratch[len+1] = '\0'; + return apr_snprintf(buffer, maxlen, "GOAWAY[error=%d, reason='%s']", + frame->goaway.error_code, scratch); + } + case NGHTTP2_WINDOW_UPDATE: { + return apr_snprintf(buffer, maxlen, + "WINDOW_UPDATE[length=%d, stream=%d]", + (int)frame->hd.length, frame->hd.stream_id); + } + default: + return apr_snprintf(buffer, maxlen, + "FRAME[type=%d, length=%d, flags=%d, stream=%d]", + frame->hd.type, (int)frame->hd.length, + frame->hd.flags, frame->hd.stream_id); + } +} + diff --git a/modules/http2/h2_session.h b/modules/http2/h2_session.h new file mode 100644 index 00000000..12768a90 --- /dev/null +++ b/modules/http2/h2_session.h @@ -0,0 +1,163 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_session__ +#define __mod_h2__h2_session__ + +#include "h2_conn_io.h" + +/** + * A HTTP/2 connection, a session with a specific client. + * + * h2_session sits on top of a httpd conn_rec* instance and takes complete + * control of the connection data. It receives protocol frames from the + * client. For new HTTP/2 streams it creates h2_task(s) that are sent + * via callback to a dispatcher (see h2_conn.c). + * h2_session keeps h2_io's for each ongoing stream which buffer the + * payload for that stream. + * + * New incoming HEADER frames are converted into a h2_stream+h2_task instance + * that both represent a HTTP/2 stream, but may have separate lifetimes. This + * allows h2_task to be scheduled in other threads without semaphores + * all over the place. It allows task memory to be freed independant of + * session lifetime and sessions may close down while tasks are still running. + * + * + */ + +struct apr_thread_mutext_t; +struct apr_thread_cond_t; +struct h2_config; +struct h2_mplx; +struct h2_response; +struct h2_session; +struct h2_stream; +struct h2_task; +struct h2_workers; + +struct nghttp2_session; + +typedef struct h2_session h2_session; + +struct h2_session { + long id; /* identifier of this session, unique + * inside a httpd process */ + conn_rec *c; /* the connection this session serves */ + request_rec *r; /* the request that started this in case + * of 'h2c', NULL otherwise */ + int aborted; /* this session is being aborted */ + apr_size_t frames_received; /* number of http/2 frames received */ + apr_size_t max_stream_count; /* max number of open streams */ + apr_size_t max_stream_mem; /* max buffer memory for a single stream */ + + apr_pool_t *pool; /* pool to use in session handling */ + apr_bucket_brigade *bbtmp; /* brigade for keeping temporary data */ + struct apr_thread_cond_t *iowait; /* our cond when trywaiting for data */ + + h2_conn_io io; /* io on httpd conn filters */ + struct h2_mplx *mplx; /* multiplexer for stream data */ + + struct h2_stream_set *streams; /* streams handled by this session */ + + int max_stream_received; /* highest stream id created */ + int max_stream_handled; /* highest stream id handled successfully */ + + struct nghttp2_session *ngh2; /* the nghttp2 session (internal use) */ + struct h2_workers *workers; /* for executing stream tasks */ +}; + + +/** + * Create a new h2_session for the given connection. + * The session will apply the configured parameter. + * @param c the connection to work on + * @param cfg the module config to apply + * @param workers the worker pool to use + * @return the created session + */ +h2_session *h2_session_create(conn_rec *c, struct h2_config *cfg, + struct h2_workers *workers); + +/** + * Create a new h2_session for the given request. + * The session will apply the configured parameter. + * @param r the request that was upgraded + * @param cfg the module config to apply + * @param workers the worker pool to use + * @return the created session + */ +h2_session *h2_session_rcreate(request_rec *r, struct h2_config *cfg, + struct h2_workers *workers); + +/** + * Destroy the session and all objects it still contains. This will not + * destroy h2_task instances that have not finished yet. + * @param session the session to destroy + */ +void h2_session_destroy(h2_session *session); + +/** + * Called once at start of session. + * Sets up the session and sends the initial SETTINGS frame. + * @param session the session to start + * @param rv error codes in libnghttp2 lingo are returned here + * @return APR_SUCCESS if all went well + */ +apr_status_t h2_session_start(h2_session *session, int *rv); + +/** + * Determine if session is finished. + * @return != 0 iff session is finished and connection can be closed. + */ +int h2_session_is_done(h2_session *session); + +/** + * Called when an error occured and the session needs to shut down. + * @param session the session to shut down + * @param reason the apache status that caused the shutdown + * @param rv the nghttp2 reason for shutdown, set to 0 if you have none. + * + */ +apr_status_t h2_session_abort(h2_session *session, apr_status_t reason, int rv); + +/** + * Called before a session gets destroyed, might flush output etc. + */ +apr_status_t h2_session_close(h2_session *session); + +/* Read more data from the client connection. Used normally with blocking + * APR_NONBLOCK_READ, which will return APR_EAGAIN when no data is available. + * Use with APR_BLOCK_READ only when certain that no data needs to be written + * while waiting. */ +apr_status_t h2_session_read(h2_session *session, apr_read_type_e block); + +/* Write data out to the client, if there is any. Otherwise, wait for + * a maximum of timeout micro-seconds and return to the caller. If timeout + * occurred, APR_TIMEUP will be returned. + */ +apr_status_t h2_session_write(h2_session *session, + apr_interval_time_t timeout); + +/* Start submitting the response to a stream request. This is possible + * once we have all the response headers. */ +apr_status_t h2_session_handle_response(h2_session *session, + struct h2_stream *stream); + +/* Get the h2_stream for the given stream idenrtifier. */ +struct h2_stream *h2_session_get_stream(h2_session *session, int stream_id); + +void h2_session_log_stats(h2_session *session); + +#endif /* defined(__mod_h2__h2_session__) */ diff --git a/modules/http2/h2_stream.c b/modules/http2/h2_stream.c new file mode 100644 index 00000000..52781d84 --- /dev/null +++ b/modules/http2/h2_stream.c @@ -0,0 +1,273 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#define APR_POOL_DEBUG 7 + +#include +#include +#include +#include + +#include + +#include "h2_private.h" +#include "h2_conn.h" +#include "h2_mplx.h" +#include "h2_request.h" +#include "h2_response.h" +#include "h2_stream.h" +#include "h2_task.h" +#include "h2_ctx.h" +#include "h2_task_input.h" +#include "h2_task.h" +#include "h2_util.h" + + +static void set_state(h2_stream *stream, h2_stream_state_t state) +{ + AP_DEBUG_ASSERT(stream); + if (stream->state != state) { + stream->state = state; + } +} + +h2_stream *h2_stream_create(int id, apr_pool_t *pool, struct h2_mplx *m) +{ + h2_stream *stream = apr_pcalloc(pool, sizeof(h2_stream)); + if (stream != NULL) { + stream->id = id; + stream->state = H2_STREAM_ST_IDLE; + stream->pool = pool; + stream->m = m; + stream->request = h2_request_create(id, pool, m->c->bucket_alloc); + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, m->c, + "h2_stream(%ld-%d): created", m->id, stream->id); + } + return stream; +} + +static void h2_stream_cleanup(h2_stream *stream) +{ + if (stream->request) { + h2_request_destroy(stream->request); + stream->request = NULL; + } +} + +apr_status_t h2_stream_destroy(h2_stream *stream) +{ + AP_DEBUG_ASSERT(stream); + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, stream->m->c, + "h2_stream(%ld-%d): destroy", stream->m->id, stream->id); + h2_stream_cleanup(stream); + + if (stream->task) { + h2_task_destroy(stream->task); + stream->task = NULL; + } + if (stream->pool) { + apr_pool_destroy(stream->pool); + } + return APR_SUCCESS; +} + +void h2_stream_attach_pool(h2_stream *stream, apr_pool_t *pool) +{ + stream->pool = pool; +} + +apr_pool_t *h2_stream_detach_pool(h2_stream *stream) +{ + apr_pool_t *pool = stream->pool; + stream->pool = NULL; + return pool; +} + +void h2_stream_abort(h2_stream *stream) +{ + AP_DEBUG_ASSERT(stream); + stream->aborted = 1; +} + +apr_status_t h2_stream_set_response(h2_stream *stream, h2_response *response, + apr_bucket_brigade *bb) +{ + stream->response = response; + if (bb && !APR_BRIGADE_EMPTY(bb)) { + if (!stream->bbout) { + stream->bbout = apr_brigade_create(stream->pool, + stream->m->c->bucket_alloc); + } + return h2_util_move(stream->bbout, bb, 16 * 1024, NULL, + "h2_stream_set_response"); + } + return APR_SUCCESS; +} + +static int set_closed(h2_stream *stream) +{ + switch (stream->state) { + case H2_STREAM_ST_CLOSED_INPUT: + case H2_STREAM_ST_CLOSED: + return 0; /* ignore, idempotent */ + case H2_STREAM_ST_CLOSED_OUTPUT: + /* both closed now */ + set_state(stream, H2_STREAM_ST_CLOSED); + break; + default: + /* everything else we jump to here */ + set_state(stream, H2_STREAM_ST_CLOSED_INPUT); + break; + } + return 1; +} + +apr_status_t h2_stream_rwrite(h2_stream *stream, request_rec *r) +{ + apr_status_t status; + AP_DEBUG_ASSERT(stream); + set_state(stream, H2_STREAM_ST_OPEN); + status = h2_request_rwrite(stream->request, r, stream->m); + return status; +} + +apr_status_t h2_stream_write_eoh(h2_stream *stream, int eos) +{ + apr_status_t status; + AP_DEBUG_ASSERT(stream); + + /* Seeing the end-of-headers, we have everything we need to + * start processing it. + */ + status = h2_mplx_create_task(stream->m, stream); + if (status == APR_SUCCESS) { + status = h2_request_end_headers(stream->request, + stream->m, stream->task, eos); + if (status == APR_SUCCESS) { + status = h2_mplx_do_task(stream->m, stream->task); + } + if (eos) { + status = h2_stream_write_eos(stream); + } + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, status, stream->m->c, + "h2_mplx(%ld-%d): start stream, task %s %s (%s)", + stream->m->id, stream->id, + stream->request->method, stream->request->path, + stream->request->authority); + + } + return status; +} + +apr_status_t h2_stream_write_eos(h2_stream *stream) +{ + AP_DEBUG_ASSERT(stream); + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, stream->m->c, + "h2_stream(%ld-%d): closing input", + stream->m->id, stream->id); + if (set_closed(stream)) { + return h2_request_close(stream->request); + } + return APR_SUCCESS; +} + +apr_status_t h2_stream_write_header(h2_stream *stream, + const char *name, size_t nlen, + const char *value, size_t vlen) +{ + AP_DEBUG_ASSERT(stream); + switch (stream->state) { + case H2_STREAM_ST_IDLE: + set_state(stream, H2_STREAM_ST_OPEN); + break; + case H2_STREAM_ST_OPEN: + break; + default: + return APR_EINVAL; + } + return h2_request_write_header(stream->request, name, nlen, + value, vlen, stream->m); +} + +apr_status_t h2_stream_write_data(h2_stream *stream, + const char *data, size_t len) +{ + AP_DEBUG_ASSERT(stream); + AP_DEBUG_ASSERT(stream); + switch (stream->state) { + case H2_STREAM_ST_OPEN: + break; + default: + return APR_EINVAL; + } + return h2_request_write_data(stream->request, data, len); +} + +apr_status_t h2_stream_prep_read(h2_stream *stream, + apr_size_t *plen, int *peos) +{ + apr_status_t status = APR_SUCCESS; + const char *src; + + if (stream->bbout && !APR_BRIGADE_EMPTY(stream->bbout)) { + src = "stream"; + status = h2_util_bb_avail(stream->bbout, plen, peos); + if (status == APR_SUCCESS && !*peos && !*plen) { + apr_brigade_cleanup(stream->bbout); + return h2_stream_prep_read(stream, plen, peos); + } + } + else { + src = "mplx"; + status = h2_mplx_out_readx(stream->m, stream->id, + NULL, NULL, plen, peos); + } + if (status == APR_SUCCESS && !*peos && !*plen) { + status = APR_EAGAIN; + } + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, stream->m->c, + "h2_stream(%ld-%d): prep_read %s, len=%ld eos=%d", + stream->m->id, stream->id, + src, (long)*plen, *peos); + return status; +} + +apr_status_t h2_stream_readx(h2_stream *stream, + h2_io_data_cb *cb, void *ctx, + apr_size_t *plen, int *peos) +{ + if (stream->bbout && !APR_BRIGADE_EMPTY(stream->bbout)) { + return h2_util_bb_readx(stream->bbout, cb, ctx, plen, peos); + } + return h2_mplx_out_readx(stream->m, stream->id, + cb, ctx, plen, peos); +} + + +void h2_stream_set_suspended(h2_stream *stream, int suspended) +{ + AP_DEBUG_ASSERT(stream); + stream->suspended = !!suspended; +} + +int h2_stream_is_suspended(h2_stream *stream) +{ + AP_DEBUG_ASSERT(stream); + return stream->suspended; +} + diff --git a/modules/http2/h2_stream.h b/modules/http2/h2_stream.h new file mode 100644 index 00000000..0608f2f3 --- /dev/null +++ b/modules/http2/h2_stream.h @@ -0,0 +1,107 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_stream__ +#define __mod_h2__h2_stream__ + +/** + * A HTTP/2 stream, e.g. a client request+response in HTTP/1.1 terms. + * + * Ok, not quite, but close enough, since we do not implement server + * pushes yet. + * + * A stream always belongs to a h2_session, the one managing the + * connection to the client. The h2_session writes to the h2_stream, + * adding HEADERS and DATA and finally an EOS. When headers are done, + * h2_stream can create a h2_task that can be scheduled to fullfill the + * request. + * + * This response headers are added directly to the h2_mplx of the session, + * but the response DATA can be read via h2_stream. Reading data will + * never block but return APR_EAGAIN when there currently is no data (and + * no eos) in the multiplexer for this stream. + */ +#include "h2_io.h" + +typedef enum { + H2_STREAM_ST_IDLE, + H2_STREAM_ST_OPEN, + H2_STREAM_ST_RESV_LOCAL, + H2_STREAM_ST_RESV_REMOTE, + H2_STREAM_ST_CLOSED_INPUT, + H2_STREAM_ST_CLOSED_OUTPUT, + H2_STREAM_ST_CLOSED, +} h2_stream_state_t; + +struct h2_mplx; +struct h2_request; +struct h2_response; +struct h2_task; + +typedef struct h2_stream h2_stream; + +struct h2_stream { + int id; /* http2 stream id */ + h2_stream_state_t state; /* http/2 state of this stream */ + struct h2_mplx *m; /* the multiplexer to work with */ + + int aborted; /* was aborted */ + int suspended; /* DATA sending has been suspended */ + + apr_pool_t *pool; /* the memory pool for this stream */ + struct h2_request *request; /* the request made in this stream */ + + struct h2_task *task; /* task created for this stream */ + struct h2_response *response; /* the response, once ready */ + apr_bucket_brigade *bbout; /* output DATA */ +}; + + +h2_stream *h2_stream_create(int id, apr_pool_t *pool, struct h2_mplx *m); + +apr_status_t h2_stream_destroy(h2_stream *stream); + +apr_pool_t *h2_stream_detach_pool(h2_stream *stream); +void h2_stream_attach_pool(h2_stream *stream, apr_pool_t *pool); + +void h2_stream_abort(h2_stream *stream); + +apr_status_t h2_stream_rwrite(h2_stream *stream, request_rec *r); + +apr_status_t h2_stream_write_eos(h2_stream *stream); + +apr_status_t h2_stream_write_header(h2_stream *stream, + const char *name, size_t nlen, + const char *value, size_t vlen); + +apr_status_t h2_stream_write_eoh(h2_stream *stream, int eos); + +apr_status_t h2_stream_write_data(h2_stream *stream, + const char *data, size_t len); + +apr_status_t h2_stream_set_response(h2_stream *stream, + struct h2_response *response, + apr_bucket_brigade *bb); + +apr_status_t h2_stream_prep_read(h2_stream *stream, + apr_size_t *plen, int *peos); + +apr_status_t h2_stream_readx(h2_stream *stream, h2_io_data_cb *cb, + void *ctx, apr_size_t *plen, int *peos); + +void h2_stream_set_suspended(h2_stream *stream, int suspended); +int h2_stream_is_suspended(h2_stream *stream); + +#endif /* defined(__mod_h2__h2_stream__) */ diff --git a/modules/http2/h2_stream_set.c b/modules/http2/h2_stream_set.c new file mode 100644 index 00000000..dddd2e39 --- /dev/null +++ b/modules/http2/h2_stream_set.c @@ -0,0 +1,164 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include + +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_session.h" +#include "h2_stream.h" +#include "h2_task.h" +#include "h2_stream_set.h" + +#define H2_STREAM_IDX(list, i) ((h2_stream**)(list)->elts)[i] + +struct h2_stream_set { + apr_array_header_t *list; +}; + +h2_stream_set *h2_stream_set_create(apr_pool_t *pool) +{ + h2_stream_set *sp = apr_pcalloc(pool, sizeof(h2_stream_set)); + if (sp) { + sp->list = apr_array_make(pool, 100, sizeof(h2_stream*)); + if (!sp->list) { + return NULL; + } + } + return sp; +} + +void h2_stream_set_destroy(h2_stream_set *sp) +{ + (void)sp; +} + +static int h2_stream_id_cmp(const void *s1, const void *s2) +{ + h2_stream **pstream1 = (h2_stream **)s1; + h2_stream **pstream2 = (h2_stream **)s2; + return (*pstream1)->id - (*pstream2)->id; +} + +h2_stream *h2_stream_set_get(h2_stream_set *sp, int stream_id) +{ + /* we keep the array sorted by id, so lookup can be done + * by bsearch. + */ + h2_stream key; + h2_stream *pkey, **ps; + memset(&key, 0, sizeof(key)); + key.id = stream_id; + pkey = &key; + ps = bsearch(&pkey, sp->list->elts, sp->list->nelts, + sp->list->elt_size, h2_stream_id_cmp); + return ps? *ps : NULL; +} + +static void h2_stream_set_sort(h2_stream_set *sp) +{ + qsort(sp->list->elts, sp->list->nelts, sp->list->elt_size, + h2_stream_id_cmp); +} + +apr_status_t h2_stream_set_add(h2_stream_set *sp, h2_stream *stream) +{ + h2_stream *existing = h2_stream_set_get(sp, stream->id); + if (!existing) { + int last; + APR_ARRAY_PUSH(sp->list, h2_stream*) = stream; + /* Normally, streams get added in ascending order if id. We + * keep the array sorted, so we just need to check of the newly + * appended stream has a lower id than the last one. if not, + * sorting is not necessary. + */ + last = sp->list->nelts - 1; + if (last > 0 + && (H2_STREAM_IDX(sp->list, last)->id + < H2_STREAM_IDX(sp->list, last-1)->id)) { + h2_stream_set_sort(sp); + } + } + return APR_SUCCESS; +} + +h2_stream *h2_stream_set_remove(h2_stream_set *sp, h2_stream *stream) +{ + int i; + for (i = 0; i < sp->list->nelts; ++i) { + h2_stream *s = H2_STREAM_IDX(sp->list, i); + if (s == stream) { + int n; + --sp->list->nelts; + n = sp->list->nelts - i; + if (n > 0) { + /* Close the hole in the array by moving the upper + * parts down one step. + */ + h2_stream **selts = (h2_stream**)sp->list->elts; + memmove(selts+i, selts+i+1, n * sizeof(h2_stream*)); + } + return s; + } + } + return NULL; +} + +void h2_stream_set_remove_all(h2_stream_set *sp) +{ + sp->list->nelts = 0; +} + +int h2_stream_set_is_empty(h2_stream_set *sp) +{ + AP_DEBUG_ASSERT(sp); + return sp->list->nelts == 0; +} + +h2_stream *h2_stream_set_find(h2_stream_set *sp, + h2_stream_set_match_fn *match, void *ctx) +{ + h2_stream *s = NULL; + int i; + for (i = 0; !s && i < sp->list->nelts; ++i) { + s = match(ctx, H2_STREAM_IDX(sp->list, i)); + } + return s; +} + +void h2_stream_set_iter(h2_stream_set *sp, + h2_stream_set_iter_fn *iter, void *ctx) +{ + int i; + for (i = 0; i < sp->list->nelts; ++i) { + h2_stream *s = H2_STREAM_IDX(sp->list, i); + if (!iter(ctx, s)) { + break; + } + } +} + +apr_size_t h2_stream_set_size(h2_stream_set *sp) +{ + return sp->list->nelts; +} + diff --git a/modules/http2/h2_stream_set.h b/modules/http2/h2_stream_set.h new file mode 100644 index 00000000..56075834 --- /dev/null +++ b/modules/http2/h2_stream_set.h @@ -0,0 +1,52 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_stream_set__ +#define __mod_h2__h2_stream_set__ + +/** + * A set of h2_stream instances. Allows lookup by stream id + * and other criteria. + */ + +typedef h2_stream *h2_stream_set_match_fn(void *ctx, h2_stream *stream); +typedef int h2_stream_set_iter_fn(void *ctx, h2_stream *stream); + +typedef struct h2_stream_set h2_stream_set; + + +h2_stream_set *h2_stream_set_create(apr_pool_t *pool); + +void h2_stream_set_destroy(h2_stream_set *sp); + +apr_status_t h2_stream_set_add(h2_stream_set *sp, h2_stream *stream); + +h2_stream *h2_stream_set_get(h2_stream_set *sp, int stream_id); + +h2_stream *h2_stream_set_remove(h2_stream_set *sp,h2_stream *stream); + +void h2_stream_set_remove_all(h2_stream_set *sp); + +int h2_stream_set_is_empty(h2_stream_set *sp); + +apr_size_t h2_stream_set_size(h2_stream_set *sp); + +h2_stream *h2_stream_set_find(h2_stream_set *sp, + h2_stream_set_match_fn *match, void *ctx); + +void h2_stream_set_iter(h2_stream_set *sp, + h2_stream_set_iter_fn *iter, void *ctx); + +#endif /* defined(__mod_h2__h2_stream_set__) */ diff --git a/modules/http2/h2_switch.c b/modules/http2/h2_switch.c new file mode 100644 index 00000000..23c34490 --- /dev/null +++ b/modules/http2/h2_switch.c @@ -0,0 +1,181 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "h2_private.h" + +#include "h2_config.h" +#include "h2_ctx.h" +#include "h2_conn.h" +#include "h2_h2.h" +#include "h2_switch.h" + +/******************************************************************************* + * SSL var lookup + */ +APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup, + (apr_pool_t *, server_rec *, + conn_rec *, request_rec *, + char *)); +static char *(*opt_ssl_var_lookup)(apr_pool_t *, server_rec *, + conn_rec *, request_rec *, + char *); + +/******************************************************************************* + * Once per lifetime init, retrieve optional functions + */ +apr_status_t h2_switch_init(apr_pool_t *pool, server_rec *s) +{ + (void)pool; + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "h2_switch init"); + opt_ssl_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); + + return APR_SUCCESS; +} + +static int h2_protocol_propose(conn_rec *c, request_rec *r, + server_rec *s, + const apr_array_header_t *offers, + apr_array_header_t *proposals) +{ + int proposed = 0; + const char **protos = h2_h2_is_tls(c)? h2_tls_protos : h2_clear_protos; + + (void)s; + if (strcmp(AP_PROTOCOL_HTTP1, ap_get_protocol(c))) { + /* We do not know how to switch from anything else but http/1.1. + */ + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, + "protocol switch: current proto != http/1.1, declined"); + return DECLINED; + } + + if (r) { + const char *p; + /* So far, this indicates an HTTP/1 Upgrade header initiated + * protocol switch. For that, the HTTP2-Settings header needs + * to be present and valid for the connection. + */ + p = apr_table_get(r->headers_in, "HTTP2-Settings"); + if (!p) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "upgrade without HTTP2-Settings declined"); + return DECLINED; + } + + p = apr_table_get(r->headers_in, "Connection"); + if (!ap_find_token(r->pool, p, "http2-settings")) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "upgrade without HTTP2-Settings declined"); + return DECLINED; + } + + /* We also allow switching only for requests that have no body. + */ + p = apr_table_get(r->headers_in, "Content-Length"); + if (p && strcmp(p, "0")) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "upgrade with content-length: %s, declined", p); + return DECLINED; + } + } + + while (*protos) { + /* Add all protocols we know (tls or clear) and that + * are part of the offerings (if there have been any). + */ + if (!offers || ap_array_str_contains(offers, *protos)) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, + "proposing protocol '%s'", *protos); + APR_ARRAY_PUSH(proposals, const char*) = *protos; + proposed = 1; + } + ++protos; + } + return proposed? DECLINED : OK; +} + +static int h2_protocol_switch(conn_rec *c, request_rec *r, server_rec *s, + const char *protocol) +{ + int found = 0; + const char **protos = h2_h2_is_tls(c)? h2_tls_protos : h2_clear_protos; + const char **p = protos; + + (void)s; + while (*p) { + if (!strcmp(*p, protocol)) { + found = 1; + break; + } + p++; + } + + if (found) { + h2_ctx *ctx = h2_ctx_get(c); + + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, + "switching protocol to '%s'", protocol); + h2_ctx_protocol_set(ctx, protocol); + h2_ctx_server_set(ctx, s); + + if (r != NULL) { + apr_status_t status; + /* Switching in the middle of a request means that + * we have to send out the response to this one in h2 + * format. So we need to take over the connection + * right away. + */ + ap_remove_input_filter_byhandle(r->input_filters, "http_in"); + ap_remove_input_filter_byhandle(r->input_filters, "reqtimeout"); + + /* Ok, start an h2_conn on this one. */ + status = h2_conn_rprocess(r); + if (status != DONE) { + /* Nothing really to do about this. */ + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, status, r, + "session proessed, unexpected status"); + } + } + return DONE; + } + + return DECLINED; +} + +static const char *h2_protocol_get(const conn_rec *c) +{ + return h2_ctx_protocol_get(c); +} + +void h2_switch_register_hooks(void) +{ + ap_hook_protocol_propose(h2_protocol_propose, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_protocol_switch(h2_protocol_switch, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_protocol_get(h2_protocol_get, NULL, NULL, APR_HOOK_MIDDLE); +} + diff --git a/modules/http2/h2_switch.h b/modules/http2/h2_switch.h new file mode 100644 index 00000000..3d9c628c --- /dev/null +++ b/modules/http2/h2_switch.h @@ -0,0 +1,29 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_switch__ +#define __mod_h2__h2_switch__ + +/* + * One time, post config intialization. + */ +apr_status_t h2_switch_init(apr_pool_t *pool, server_rec *s); + +/* Register apache hooks for protocol switching + */ +void h2_switch_register_hooks(void); + + +#endif /* defined(__mod_h2__h2_switch__) */ diff --git a/modules/http2/h2_task.c b/modules/http2/h2_task.c new file mode 100644 index 00000000..bbea7b20 --- /dev/null +++ b/modules/http2/h2_task.c @@ -0,0 +1,467 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_conn.h" +#include "h2_config.h" +#include "h2_from_h1.h" +#include "h2_h2.h" +#include "h2_mplx.h" +#include "h2_session.h" +#include "h2_stream.h" +#include "h2_task_input.h" +#include "h2_task_output.h" +#include "h2_task.h" +#include "h2_ctx.h" +#include "h2_worker.h" + + +static apr_status_t h2_filter_stream_input(ap_filter_t* filter, + apr_bucket_brigade* brigade, + ap_input_mode_t mode, + apr_read_type_e block, + apr_off_t readbytes) { + h2_task_env *env = filter->ctx; + AP_DEBUG_ASSERT(env); + if (!env->input) { + return APR_ECONNABORTED; + } + return h2_task_input_read(env->input, filter, brigade, + mode, block, readbytes); +} + +static apr_status_t h2_filter_stream_output(ap_filter_t* filter, + apr_bucket_brigade* brigade) { + h2_task_env *env = filter->ctx; + AP_DEBUG_ASSERT(env); + if (!env->output) { + return APR_ECONNABORTED; + } + return h2_task_output_write(env->output, filter, brigade); +} + +static apr_status_t h2_filter_read_response(ap_filter_t* f, + apr_bucket_brigade* bb) { + h2_task_env *env = f->ctx; + AP_DEBUG_ASSERT(env); + if (!env->output || !env->output->from_h1) { + return APR_ECONNABORTED; + } + return h2_from_h1_read_response(env->output->from_h1, f, bb); +} + +/******************************************************************************* + * Register various hooks + */ +static const char *const mod_ssl[] = { "mod_ssl.c", NULL}; +static int h2_task_pre_conn(conn_rec* c, void *arg); +static int h2_task_process_conn(conn_rec* c); + +void h2_task_register_hooks(void) +{ + /* This hook runs on new connections before mod_ssl has a say. + * Its purpose is to prevent mod_ssl from touching our pseudo-connections + * for streams. + */ + ap_hook_pre_connection(h2_task_pre_conn, + NULL, mod_ssl, APR_HOOK_FIRST); + /* When the connection processing actually starts, we might to + * take over, if the connection is for a task. + */ + ap_hook_process_connection(h2_task_process_conn, + NULL, NULL, APR_HOOK_FIRST); + + ap_register_output_filter("H2_RESPONSE", h2_response_output_filter, + NULL, AP_FTYPE_PROTOCOL); + ap_register_input_filter("H2_TO_H1", h2_filter_stream_input, + NULL, AP_FTYPE_NETWORK); + ap_register_output_filter("H1_TO_H2", h2_filter_stream_output, + NULL, AP_FTYPE_NETWORK); + ap_register_output_filter("H1_TO_H2_RESP", h2_filter_read_response, + NULL, AP_FTYPE_PROTOCOL); +} + +static int h2_task_pre_conn(conn_rec* c, void *arg) +{ + + h2_ctx *ctx = h2_ctx_get(c); + + (void)arg; + if (h2_ctx_is_task(ctx)) { + h2_task_env *env = h2_ctx_get_task(ctx); + + /* This connection is a pseudo-connection used for a h2_task. + * Since we read/write directly from it ourselves, we need + * to disable a possible ssl connection filter. + */ + h2_tls_disable(c); + + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, + "h2_h2, pre_connection, found stream task"); + + /* Add our own, network level in- and output filters. + */ + ap_add_input_filter("H2_TO_H1", env, NULL, c); + ap_add_output_filter("H1_TO_H2", env, NULL, c); + } + return OK; +} + +static int h2_task_process_conn(conn_rec* c) +{ + h2_ctx *ctx = h2_ctx_get(c); + + if (h2_ctx_is_task(ctx)) { + if (!ctx->task_env->serialize_headers) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, + "h2_h2, processing request directly"); + h2_task_process_request(ctx->task_env); + return DONE; + } + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, + "h2_task(%s), serialized handling", ctx->task_env->id); + } + return DECLINED; +} + + +h2_task *h2_task_create(long session_id, + int stream_id, + apr_pool_t *stream_pool, + h2_mplx *mplx, conn_rec *c) +{ + h2_task *task = apr_pcalloc(stream_pool, sizeof(h2_task)); + if (task == NULL) { + ap_log_perror(APLOG_MARK, APLOG_ERR, APR_ENOMEM, stream_pool, + APLOGNO(02941) "h2_task(%ld-%d): create stream task", + session_id, stream_id); + h2_mplx_out_close(mplx, stream_id); + return NULL; + } + + APR_RING_ELEM_INIT(task, link); + + task->id = apr_psprintf(stream_pool, "%ld-%d", session_id, stream_id); + task->stream_id = stream_id; + task->mplx = mplx; + + task->c = c; + + ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, stream_pool, + "h2_task(%s): created", task->id); + return task; +} + +void h2_task_set_request(h2_task *task, + const char *method, + const char *scheme, + const char *authority, + const char *path, + apr_table_t *headers, int eos) +{ + task->method = method; + task->scheme = scheme; + task->authority = authority; + task->path = path; + task->headers = headers; + task->input_eos = eos; +} + +apr_status_t h2_task_destroy(h2_task *task) +{ + (void)task; + return APR_SUCCESS; +} + +apr_status_t h2_task_do(h2_task *task, h2_worker *worker) +{ + apr_status_t status = APR_SUCCESS; + h2_config *cfg = h2_config_get(task->mplx->c); + h2_task_env env; + + AP_DEBUG_ASSERT(task); + + memset(&env, 0, sizeof(env)); + + env.id = task->id; + env.stream_id = task->stream_id; + env.mplx = task->mplx; + task->mplx = NULL; + + env.input_eos = task->input_eos; + env.serialize_headers = h2_config_geti(cfg, H2_CONF_SER_HEADERS); + + /* Create a subpool from the worker one to be used for all things + * with life-time of this task_env execution. + */ + apr_pool_create(&env.pool, h2_worker_get_pool(worker)); + + /* Link the env to the worker which provides useful things such + * as mutex, a socket etc. */ + env.io = h2_worker_get_cond(worker); + + /* Clone fields, so that lifetimes become (more) independent. */ + env.method = apr_pstrdup(env.pool, task->method); + env.scheme = apr_pstrdup(env.pool, task->scheme); + env.authority = apr_pstrdup(env.pool, task->authority); + env.path = apr_pstrdup(env.pool, task->path); + env.headers = apr_table_clone(env.pool, task->headers); + + /* Setup the pseudo connection to use our own pool and bucket_alloc */ + env.c = *task->c; + task->c = NULL; + status = h2_conn_setup(&env, worker); + + /* save in connection that this one is a pseudo connection, prevents + * other hooks from messing with it. */ + h2_ctx_create_for(&env.c, &env); + + if (status == APR_SUCCESS) { + env.input = h2_task_input_create(&env, env.pool, + env.c.bucket_alloc); + env.output = h2_task_output_create(&env, env.pool, + env.c.bucket_alloc); + status = h2_conn_process(&env.c, h2_worker_get_socket(worker)); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, &env.c, + "h2_task(%s): processing done", env.id); + } + else { + ap_log_cerror(APLOG_MARK, APLOG_WARNING, status, &env.c, + APLOGNO(02957) "h2_task(%s): error setting up h2_task_env", + env.id); + } + + if (env.input) { + h2_task_input_destroy(env.input); + env.input = NULL; + } + + if (env.output) { + h2_task_output_close(env.output); + h2_task_output_destroy(env.output); + env.output = NULL; + } + + h2_task_set_finished(task); + if (env.io) { + apr_thread_cond_signal(env.io); + } + + if (env.pool) { + apr_pool_destroy(env.pool); + env.pool = NULL; + } + + if (env.c.id) { + h2_conn_post(&env.c, worker); + } + + h2_mplx_task_done(env.mplx, env.stream_id); + + return status; +} + +int h2_task_has_started(h2_task *task) +{ + AP_DEBUG_ASSERT(task); + return apr_atomic_read32(&task->has_started); +} + +void h2_task_set_started(h2_task *task) +{ + AP_DEBUG_ASSERT(task); + apr_atomic_set32(&task->has_started, 1); +} + +int h2_task_has_finished(h2_task *task) +{ + return apr_atomic_read32(&task->has_finished); +} + +void h2_task_set_finished(h2_task *task) +{ + apr_atomic_set32(&task->has_finished, 1); +} + +void h2_task_die(h2_task_env *env, int status, request_rec *r) +{ + (void)env; + ap_die(status, r); +} + +static request_rec *h2_task_create_request(h2_task_env *env) +{ + conn_rec *conn = &env->c; + request_rec *r; + apr_pool_t *p; + int access_status = HTTP_OK; + + apr_pool_create(&p, conn->pool); + apr_pool_tag(p, "request"); + r = apr_pcalloc(p, sizeof(request_rec)); + AP_READ_REQUEST_ENTRY((intptr_t)r, (uintptr_t)conn); + r->pool = p; + r->connection = conn; + r->server = conn->base_server; + + r->user = NULL; + r->ap_auth_type = NULL; + + r->allowed_methods = ap_make_method_list(p, 2); + + r->headers_in = apr_table_copy(r->pool, env->headers); + r->trailers_in = apr_table_make(r->pool, 5); + r->subprocess_env = apr_table_make(r->pool, 25); + r->headers_out = apr_table_make(r->pool, 12); + r->err_headers_out = apr_table_make(r->pool, 5); + r->trailers_out = apr_table_make(r->pool, 5); + r->notes = apr_table_make(r->pool, 5); + + r->request_config = ap_create_request_config(r->pool); + /* Must be set before we run create request hook */ + + r->proto_output_filters = conn->output_filters; + r->output_filters = r->proto_output_filters; + r->proto_input_filters = conn->input_filters; + r->input_filters = r->proto_input_filters; + ap_run_create_request(r); + r->per_dir_config = r->server->lookup_defaults; + + r->sent_bodyct = 0; /* bytect isn't for body */ + + r->read_length = 0; + r->read_body = REQUEST_NO_BODY; + + r->status = HTTP_OK; /* Until further notice */ + r->header_only = 0; + r->the_request = NULL; + + /* Begin by presuming any module can make its own path_info assumptions, + * until some module interjects and changes the value. + */ + r->used_path_info = AP_REQ_DEFAULT_PATH_INFO; + + r->useragent_addr = conn->client_addr; + r->useragent_ip = conn->client_ip; + + ap_run_pre_read_request(r, conn); + + /* Time to populate r with the data we have. */ + r->request_time = apr_time_now(); + r->the_request = apr_psprintf(r->pool, "%s %s HTTP/1.1", + env->method, env->path); + r->method = env->method; + /* Provide quick information about the request method as soon as known */ + r->method_number = ap_method_number_of(r->method); + if (r->method_number == M_GET && r->method[0] == 'H') { + r->header_only = 1; + } + + ap_parse_uri(r, env->path); + r->protocol = (char*)"HTTP/2"; + r->proto_num = HTTP_VERSION(2, 0); + + /* update what we think the virtual host is based on the headers we've + * now read. may update status. + * Leave r->hostname empty, vhost will parse if form our Host: header, + * otherwise we get complains about port numbers. + */ + r->hostname = NULL; + ap_update_vhost_from_headers(r); + + /* we may have switched to another server */ + r->per_dir_config = r->server->lookup_defaults; + + /* + * Add the HTTP_IN filter here to ensure that ap_discard_request_body + * called by ap_die and by ap_send_error_response works correctly on + * status codes that do not cause the connection to be dropped and + * in situations where the connection should be kept alive. + */ + ap_add_input_filter_handle(ap_http_input_filter_handle, + NULL, r, r->connection); + + if (access_status != HTTP_OK + || (access_status = ap_run_post_read_request(r))) { + /* Request check post hooks failed. An example of this would be a + * request for a vhost where h2 is disabled --> 421. + */ + h2_task_die(env, access_status, r); + ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); + ap_run_log_transaction(r); + r = NULL; + goto traceout; + } + + AP_READ_REQUEST_SUCCESS((uintptr_t)r, (char *)r->method, + (char *)r->uri, (char *)r->server->defn_name, + r->status); + return r; +traceout: + AP_READ_REQUEST_FAILURE((uintptr_t)r); + return r; +} + + +apr_status_t h2_task_process_request(h2_task_env *env) +{ + conn_rec *c = &env->c; + request_rec *r; + conn_state_t *cs = c->cs; + + r = h2_task_create_request(env); + if (r && (r->status == HTTP_OK)) { + ap_update_child_status(c->sbh, SERVER_BUSY_READ, r); + + if (cs) + cs->state = CONN_STATE_HANDLER; + ap_process_request(r); + /* After the call to ap_process_request, the + * request pool will have been deleted. We set + * r=NULL here to ensure that any dereference + * of r that might be added later in this function + * will result in a segfault immediately instead + * of nondeterministic failures later. + */ + r = NULL; + } + ap_update_child_status(c->sbh, SERVER_BUSY_WRITE, NULL); + c->sbh = NULL; + + return APR_SUCCESS; +} + + + + diff --git a/modules/http2/h2_task.h b/modules/http2/h2_task.h new file mode 100644 index 00000000..b66ce38c --- /dev/null +++ b/modules/http2/h2_task.h @@ -0,0 +1,187 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_task__ +#define __mod_h2__h2_task__ + +/** + * A h2_task fakes a HTTP/1.1 request from the data in a HTTP/2 stream + * (HEADER+CONT.+DATA) the module recieves. + * + * In order to answer a HTTP/2 stream, we want all Apache httpd infrastructure + * to be involved as usual, as if this stream can as a separate HTTP/1.1 + * request. The basic trickery to do so was derived from google's mod_spdy + * source. Basically, we fake a new conn_rec object, even with its own + * socket and give it to ap_process_connection(). + * + * Since h2_task instances are executed in separate threads, we may have + * different lifetimes than our h2_stream or h2_session instances. Basically, + * we would like to be as standalone as possible. + * + * Finally, to keep certain connection level filters, such as ourselves and + * especially mod_ssl ones, from messing with our data, we need a filter + * of our own to disble those. + */ + +struct apr_thread_cond_t; +struct h2_conn; +struct h2_mplx; +struct h2_task; +struct h2_resp_head; +struct h2_worker; + +typedef struct h2_task h2_task; + +struct h2_task { + /** Links to the rest of the tasks */ + APR_RING_ENTRY(h2_task) link; + + const char *id; + int stream_id; + struct h2_mplx *mplx; + + volatile apr_uint32_t has_started; + volatile apr_uint32_t has_finished; + + const char *method; + const char *scheme; + const char *authority; + const char *path; + apr_table_t *headers; + int input_eos; + + struct conn_rec *c; +}; + +typedef struct h2_task_env h2_task_env; + +struct h2_task_env { + const char *id; + int stream_id; + struct h2_mplx *mplx; + + apr_pool_t *pool; /* pool for task lifetime things */ + apr_bucket_alloc_t *bucket_alloc; + + const char *method; + const char *scheme; + const char *authority; + const char *path; + apr_table_t *headers; + int input_eos; + + int serialize_headers; + + struct conn_rec c; + struct h2_task_input *input; + struct h2_task_output *output; + + struct apr_thread_cond_t *io; /* used to wait for events on */ +}; + +/** + * The magic pointer value that indicates the head of a h2_task list + * @param b The task list + * @return The magic pointer value + */ +#define H2_TASK_LIST_SENTINEL(b) APR_RING_SENTINEL((b), h2_task, link) + +/** + * Determine if the task list is empty + * @param b The list to check + * @return true or false + */ +#define H2_TASK_LIST_EMPTY(b) APR_RING_EMPTY((b), h2_task, link) + +/** + * Return the first task in a list + * @param b The list to query + * @return The first task in the list + */ +#define H2_TASK_LIST_FIRST(b) APR_RING_FIRST(b) + +/** + * Return the last task in a list + * @param b The list to query + * @return The last task int he list + */ +#define H2_TASK_LIST_LAST(b) APR_RING_LAST(b) + +/** + * Insert a single task at the front of a list + * @param b The list to add to + * @param e The task to insert + */ +#define H2_TASK_LIST_INSERT_HEAD(b, e) do { \ + h2_task *ap__b = (e); \ + APR_RING_INSERT_HEAD((b), ap__b, h2_task, link); \ +} while (0) + +/** + * Insert a single task at the end of a list + * @param b The list to add to + * @param e The task to insert + */ +#define H2_TASK_LIST_INSERT_TAIL(b, e) do { \ + h2_task *ap__b = (e); \ + APR_RING_INSERT_TAIL((b), ap__b, h2_task, link); \ +} while (0) + +/** + * Get the next task in the list + * @param e The current task + * @return The next task + */ +#define H2_TASK_NEXT(e) APR_RING_NEXT((e), link) +/** + * Get the previous task in the list + * @param e The current task + * @return The previous task + */ +#define H2_TASK_PREV(e) APR_RING_PREV((e), link) + +/** + * Remove a task from its list + * @param e The task to remove + */ +#define H2_TASK_REMOVE(e) APR_RING_REMOVE((e), link) + + +h2_task *h2_task_create(long session_id, int stream_id, + apr_pool_t *pool, struct h2_mplx *mplx, + conn_rec *c); + +apr_status_t h2_task_destroy(h2_task *task); + +void h2_task_set_request(h2_task *task, + const char *method, + const char *scheme, + const char *authority, + const char *path, + apr_table_t *headers, int eos); + + +apr_status_t h2_task_do(h2_task *task, struct h2_worker *worker); +apr_status_t h2_task_process_request(h2_task_env *env); + +int h2_task_has_started(h2_task *task); +void h2_task_set_started(h2_task *task); +int h2_task_has_finished(h2_task *task); +void h2_task_set_finished(h2_task *task); + +void h2_task_register_hooks(void); +void h2_task_die(h2_task_env *env, int status, request_rec *r); + +#endif /* defined(__mod_h2__h2_task__) */ diff --git a/modules/http2/h2_task_input.c b/modules/http2/h2_task_input.c new file mode 100644 index 00000000..487f7e60 --- /dev/null +++ b/modules/http2/h2_task_input.c @@ -0,0 +1,222 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_conn.h" +#include "h2_mplx.h" +#include "h2_session.h" +#include "h2_stream.h" +#include "h2_task_input.h" +#include "h2_task.h" +#include "h2_util.h" + + +static int is_aborted(ap_filter_t *f) +{ + return (f->c->aborted); +} + +static int ser_header(void *ctx, const char *name, const char *value) +{ + h2_task_input *input = (h2_task_input*)ctx; + apr_brigade_printf(input->bb, NULL, NULL, "%s: %s\r\n", name, value); + return 1; +} + +h2_task_input *h2_task_input_create(h2_task_env *env, apr_pool_t *pool, + apr_bucket_alloc_t *bucket_alloc) +{ + h2_task_input *input = apr_pcalloc(pool, sizeof(h2_task_input)); + if (input) { + input->env = env; + input->bb = NULL; + + if (env->serialize_headers) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, &env->c, + "h2_task_input(%s): serialize request %s %s", + env->id, env->method, env->path); + input->bb = apr_brigade_create(pool, bucket_alloc); + apr_brigade_printf(input->bb, NULL, NULL, "%s %s HTTP/1.1\r\n", + env->method, env->path); + apr_table_do(ser_header, input, env->headers, NULL); + apr_brigade_puts(input->bb, NULL, NULL, "\r\n"); + if (input->env->input_eos) { + APR_BRIGADE_INSERT_TAIL(input->bb, apr_bucket_eos_create(bucket_alloc)); + } + } + else if (!input->env->input_eos) { + input->bb = apr_brigade_create(pool, bucket_alloc); + } + else { + /* We do not serialize and have eos already, no need to + * create a bucket brigade. */ + } + + if (APLOGcdebug(&env->c)) { + char buffer[1024]; + apr_size_t len = sizeof(buffer)-1; + if (input->bb) { + apr_brigade_flatten(input->bb, buffer, &len); + } + else { + len = 0; + } + buffer[len] = 0; + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, &env->c, + "h2_task_input(%s): request is: %s", + env->id, buffer); + } + } + return input; +} + +void h2_task_input_destroy(h2_task_input *input) +{ + input->bb = NULL; +} + +apr_status_t h2_task_input_read(h2_task_input *input, + ap_filter_t* f, + apr_bucket_brigade* bb, + ap_input_mode_t mode, + apr_read_type_e block, + apr_off_t readbytes) +{ + apr_status_t status = APR_SUCCESS; + apr_off_t bblen = 0; + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, f->c, + "h2_task_input(%s): read, block=%d, mode=%d, readbytes=%ld", + input->env->id, block, mode, (long)readbytes); + + if (is_aborted(f)) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, + "h2_task_input(%s): is aborted", + input->env->id); + return APR_ECONNABORTED; + } + + if (mode == AP_MODE_INIT) { + return APR_SUCCESS; + } + + if (input->bb) { + status = apr_brigade_length(input->bb, 1, &bblen); + if (status != APR_SUCCESS) { + ap_log_cerror(APLOG_MARK, APLOG_WARNING, status, f->c, + APLOGNO(02958) "h2_task_input(%s): brigade length fail", + input->env->id); + return status; + } + } + + if ((bblen == 0) && input->env->input_eos) { + return APR_EOF; + } + + while ((bblen == 0) || (mode == AP_MODE_READBYTES && bblen < readbytes)) { + /* Get more data for our stream from mplx. + */ + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c, + "h2_task_input(%s): get more data from mplx, block=%d, " + "readbytes=%ld, queued=%ld", + input->env->id, block, + (long)readbytes, (long)bblen); + + /* Although we sometimes get called with APR_NONBLOCK_READs, + we seem to fill our buffer blocking. Otherwise we get EAGAIN, + return that to our caller and everyone throws up their hands, + never calling us again. */ + status = h2_mplx_in_read(input->env->mplx, APR_BLOCK_READ, + input->env->stream_id, input->bb, + input->env->io); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c, + "h2_task_input(%s): mplx in read returned", + input->env->id); + if (status != APR_SUCCESS) { + return status; + } + status = apr_brigade_length(input->bb, 1, &bblen); + if (status != APR_SUCCESS) { + return status; + } + if ((bblen == 0) && (block == APR_NONBLOCK_READ)) { + return h2_util_has_eos(input->bb, 0)? APR_EOF : APR_EAGAIN; + } + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c, + "h2_task_input(%s): mplx in read, %ld bytes in brigade", + input->env->id, (long)bblen); + } + + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c, + "h2_task_input(%s): read, mode=%d, block=%d, " + "readbytes=%ld, queued=%ld", + input->env->id, mode, block, + (long)readbytes, (long)bblen); + + if (!APR_BRIGADE_EMPTY(input->bb)) { + if (mode == AP_MODE_EXHAUSTIVE) { + /* return all we have */ + return h2_util_move(bb, input->bb, readbytes, 0, + "task_input_read(exhaustive)"); + } + else if (mode == AP_MODE_READBYTES) { + return h2_util_move(bb, input->bb, readbytes, 0, + "task_input_read(readbytes)"); + } + else if (mode == AP_MODE_SPECULATIVE) { + /* return not more than was asked for */ + return h2_util_copy(bb, input->bb, readbytes, + "task_input_read(speculative)"); + } + else if (mode == AP_MODE_GETLINE) { + /* we are reading a single LF line, e.g. the HTTP headers */ + status = apr_brigade_split_line(bb, input->bb, block, + HUGE_STRING_LEN); + if (APLOGctrace1(f->c)) { + char buffer[1024]; + apr_size_t len = sizeof(buffer)-1; + apr_brigade_flatten(bb, buffer, &len); + buffer[len] = 0; + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c, + "h2_task_input(%s): getline: %s", + input->env->id, buffer); + } + return status; + } + else { + /* Hmm, well. There is mode AP_MODE_EATCRLF, but we chose not + * to support it. Seems to work. */ + ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_ENOTIMPL, f->c, + APLOGNO(02942) + "h2_task_input, unsupported READ mode %d", mode); + return APR_ENOTIMPL; + } + } + + if (is_aborted(f)) { + return APR_ECONNABORTED; + } + + return (block == APR_NONBLOCK_READ)? APR_EAGAIN : APR_EOF; +} + diff --git a/modules/http2/h2_task_input.h b/modules/http2/h2_task_input.h new file mode 100644 index 00000000..32adc177 --- /dev/null +++ b/modules/http2/h2_task_input.h @@ -0,0 +1,46 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_task_input__ +#define __mod_h2__h2_task_input__ + +/* h2_task_input places the HEADER+DATA, formatted in HTTP/1.1, into + * a bucket brigade. The brigade is setup as the input brigade for our + * pseudo httpd conn_rec that is handling a specific h2_task. + */ +struct apr_thread_cond_t; +struct h2_mplx; +struct h2_task_env; + +typedef struct h2_task_input h2_task_input; +struct h2_task_input { + struct h2_task_env *env; + apr_bucket_brigade *bb; +}; + + +h2_task_input *h2_task_input_create(struct h2_task_env *env, apr_pool_t *pool, + apr_bucket_alloc_t *bucket_alloc); + +void h2_task_input_destroy(h2_task_input *input); + +apr_status_t h2_task_input_read(h2_task_input *input, + ap_filter_t* filter, + apr_bucket_brigade* brigade, + ap_input_mode_t mode, + apr_read_type_e block, + apr_off_t readbytes); + +#endif /* defined(__mod_h2__h2_task_input__) */ diff --git a/modules/http2/h2_task_output.c b/modules/http2/h2_task_output.c new file mode 100644 index 00000000..879cb5fa --- /dev/null +++ b/modules/http2/h2_task_output.c @@ -0,0 +1,132 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_conn.h" +#include "h2_mplx.h" +#include "h2_session.h" +#include "h2_stream.h" +#include "h2_from_h1.h" +#include "h2_response.h" +#include "h2_task_output.h" +#include "h2_task.h" +#include "h2_util.h" + + +h2_task_output *h2_task_output_create(h2_task_env *env, apr_pool_t *pool, + apr_bucket_alloc_t *bucket_alloc) +{ + h2_task_output *output = apr_pcalloc(pool, sizeof(h2_task_output)); + + (void)bucket_alloc; + if (output) { + output->env = env; + output->state = H2_TASK_OUT_INIT; + output->from_h1 = h2_from_h1_create(env->stream_id, pool); + if (!output->from_h1) { + return NULL; + } + } + return output; +} + +void h2_task_output_destroy(h2_task_output *output) +{ + if (output->from_h1) { + h2_from_h1_destroy(output->from_h1); + output->from_h1 = NULL; + } +} + +static apr_status_t open_if_needed(h2_task_output *output, ap_filter_t *f, + apr_bucket_brigade *bb) +{ + if (output->state == H2_TASK_OUT_INIT) { + h2_response *response; + output->state = H2_TASK_OUT_STARTED; + response = h2_from_h1_get_response(output->from_h1); + if (!response) { + if (f) { + /* This happens currently when ap_die(status, r) is invoked + * by a read request filter. + */ + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, f->c, + "h2_task_output(%s): write without response " + "for %s %s %s", + output->env->id, output->env->method, + output->env->authority, output->env->path); + f->c->aborted = 1; + } + if (output->env->io) { + apr_thread_cond_broadcast(output->env->io); + } + return APR_ECONNABORTED; + } + + return h2_mplx_out_open(output->env->mplx, output->env->stream_id, + response, f, bb, output->env->io); + } + return APR_EOF; +} + +void h2_task_output_close(h2_task_output *output) +{ + open_if_needed(output, NULL, NULL); + if (output->state != H2_TASK_OUT_DONE) { + h2_mplx_out_close(output->env->mplx, output->env->stream_id); + output->state = H2_TASK_OUT_DONE; + } +} + +int h2_task_output_has_started(h2_task_output *output) +{ + return output->state >= H2_TASK_OUT_STARTED; +} + +/* Bring the data from the brigade (which represents the result of the + * request_rec out filter chain) into the h2_mplx for further sending + * on the master connection. + */ +apr_status_t h2_task_output_write(h2_task_output *output, + ap_filter_t* f, apr_bucket_brigade* bb) +{ + apr_status_t status; + if (APR_BRIGADE_EMPTY(bb)) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, + "h2_task_output(%s): empty write", output->env->id); + return APR_SUCCESS; + } + + status = open_if_needed(output, f, bb); + if (status != APR_EOF) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, f->c, + "h2_task_output(%s): opened and passed brigade", + output->env->id); + return status; + } + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, + "h2_task_output(%s): write brigade", output->env->id); + return h2_mplx_out_write(output->env->mplx, output->env->stream_id, + f, bb, output->env->io); +} + diff --git a/modules/http2/h2_task_output.h b/modules/http2/h2_task_output.h new file mode 100644 index 00000000..86571a1e --- /dev/null +++ b/modules/http2/h2_task_output.h @@ -0,0 +1,56 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_task_output__ +#define __mod_h2__h2_task_output__ + +/* h2_task_output reads a HTTP/1 response from the brigade and applies + * them to a h2_output_converter. The brigade is setup as the output brigade + * for our pseudo httpd conn_rec that is handling a specific h2_task. + * + */ +struct apr_thread_cond_t; +struct h2_mplx; +struct h2_task_env; +struct h2_from_h1; + +typedef enum { + H2_TASK_OUT_INIT, + H2_TASK_OUT_STARTED, + H2_TASK_OUT_DONE, +} h2_task_output_state_t; + +typedef struct h2_task_output h2_task_output; + +struct h2_task_output { + struct h2_task_env *env; + h2_task_output_state_t state; + struct h2_from_h1 *from_h1; +}; + +h2_task_output *h2_task_output_create(struct h2_task_env *env, apr_pool_t *pool, + apr_bucket_alloc_t *bucket_alloc); + +void h2_task_output_destroy(h2_task_output *output); + +apr_status_t h2_task_output_write(h2_task_output *output, + ap_filter_t* filter, + apr_bucket_brigade* brigade); + +void h2_task_output_close(h2_task_output *output); + +int h2_task_output_has_started(h2_task_output *output); + +#endif /* defined(__mod_h2__h2_task_output__) */ diff --git a/modules/http2/h2_task_queue.c b/modules/http2/h2_task_queue.c new file mode 100644 index 00000000..a81cc100 --- /dev/null +++ b/modules/http2/h2_task_queue.c @@ -0,0 +1,88 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include +#include + +#include "h2_task.h" +#include "h2_task_queue.h" + + +h2_task_queue *h2_tq_create(long id, apr_pool_t *pool) +{ + h2_task_queue *q = apr_pcalloc(pool, sizeof(h2_task_queue)); + if (q) { + q->id = id; + APR_RING_ELEM_INIT(q, link); + APR_RING_INIT(&q->tasks, h2_task, link); + } + return q; +} + +void h2_tq_destroy(h2_task_queue *q) +{ + while (!H2_TASK_LIST_EMPTY(&q->tasks)) { + h2_task *task = H2_TASK_LIST_FIRST(&q->tasks); + H2_TASK_REMOVE(task); + } +} + +static int in_list(h2_task_queue *q, h2_task *task) +{ + h2_task *e; + for (e = H2_TASK_LIST_FIRST(&q->tasks); + e != H2_TASK_LIST_SENTINEL(&q->tasks); + e = H2_TASK_NEXT(e)) { + if (e == task) { + return 1; + } + } + return 0; +} + +int h2_tq_empty(h2_task_queue *q) +{ + return H2_TASK_LIST_EMPTY(&q->tasks); +} + +void h2_tq_append(h2_task_queue *q, struct h2_task *task) +{ + H2_TASK_LIST_INSERT_TAIL(&q->tasks, task); +} + +apr_status_t h2_tq_remove(h2_task_queue *q, struct h2_task *task) +{ + if (in_list(q, task)) { + H2_TASK_REMOVE(task); + return APR_SUCCESS; + } + return APR_NOTFOUND; +} + +h2_task *h2_tq_pop_first(h2_task_queue *q) +{ + if (!H2_TASK_LIST_EMPTY(&q->tasks)) { + h2_task *task = H2_TASK_LIST_FIRST(&q->tasks); + H2_TASK_REMOVE(task); + return task; + } + return NULL; +} + + + diff --git a/modules/http2/h2_task_queue.h b/modules/http2/h2_task_queue.h new file mode 100644 index 00000000..d93d74ac --- /dev/null +++ b/modules/http2/h2_task_queue.h @@ -0,0 +1,148 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_task_queue__ +#define __mod_h2__h2_task_queue__ + +struct h2_task; + +/** + * A simple ring of rings that keeps a list of h2_tasks and can + * be ringed itself, using the APR RING macros. + */ +typedef struct h2_task_queue h2_task_queue; + +struct h2_task_queue { + APR_RING_ENTRY(h2_task_queue) link; + APR_RING_HEAD(h2_tasks, h2_task) tasks; + long id; +}; + +/** + * Allocate a new queue from the pool and initialize. + * @param id the identifier of the queue + * @param pool the memory pool + */ +h2_task_queue *h2_tq_create(long id, apr_pool_t *pool); + +/** + * Release all queue tasks. + * @param q the queue to destroy + */ +void h2_tq_destroy(h2_task_queue *q); + +/** + * Return != 0 iff there are no tasks in the queue. + * @param q the queue to check + */ +int h2_tq_empty(h2_task_queue *q); + +/** + * Append the task to the end of the queue. + * @param q the queue to append the task to + * @param task the task to append + */ +void h2_tq_append(h2_task_queue *q, struct h2_task *task); + +/** + * Remove a task from the queue. Return APR_SUCCESS if the task + * was indeed queued, APR_NOTFOUND otherwise. + * @param q the queue to remove from + * @param task the task to remove + */ +apr_status_t h2_tq_remove(h2_task_queue *q, struct h2_task *task); + +/** + * Get the first task from the queue or NULL if the queue is empty. The + * task will be removed. + * @param q the queue to pop the first task from + */ +h2_task *h2_tq_pop_first(h2_task_queue *q); + +/******************************************************************************* + * Queue Manipulation. + ******************************************************************************/ + +/** + * The magic pointer value that indicates the head of a h2_task_queue list + * @param b The queue list + * @return The magic pointer value + */ +#define H2_TQ_LIST_SENTINEL(b) APR_RING_SENTINEL((b), h2_task_queue, link) + +/** + * Determine if the queue list is empty + * @param b The list to check + * @return true or false + */ +#define H2_TQ_LIST_EMPTY(b) APR_RING_EMPTY((b), h2_task_queue, link) + +/** + * Return the first queue in a list + * @param b The list to query + * @return The first queue in the list + */ +#define H2_TQ_LIST_FIRST(b) APR_RING_FIRST(b) + +/** + * Return the last queue in a list + * @param b The list to query + * @return The last queue int he list + */ +#define H2_TQ_LIST_LAST(b) APR_RING_LAST(b) + +/** + * Insert a single queue at the front of a list + * @param b The list to add to + * @param e The queue to insert + */ +#define H2_TQ_LIST_INSERT_HEAD(b, e) do { \ +h2_task_queue *ap__b = (e); \ +APR_RING_INSERT_HEAD((b), ap__b, h2_task_queue, link); \ +} while (0) + +/** + * Insert a single queue at the end of a list + * @param b The list to add to + * @param e The queue to insert + */ +#define H2_TQ_LIST_INSERT_TAIL(b, e) do { \ +h2_task_queue *ap__b = (e); \ +APR_RING_INSERT_TAIL((b), ap__b, h2_task_queue, link); \ +} while (0) + +/** + * Get the next queue in the list + * @param e The current queue + * @return The next queue + */ +#define H2_TQ_NEXT(e) APR_RING_NEXT((e), link) +/** + * Get the previous queue in the list + * @param e The current queue + * @return The previous queue + */ +#define H2_TQ_PREV(e) APR_RING_PREV((e), link) + +/** + * Remove a queue from its list + * @param e The queue to remove + */ +#define H2_TQ_REMOVE(e) APR_RING_REMOVE((e), link) + + +#define H2_TQ_EMPTY(e) H2_TASK_LIST_EMPTY(&(e)->tasks) + +#endif /* defined(__mod_h2__h2_task_queue__) */ diff --git a/modules/http2/h2_to_h1.c b/modules/http2/h2_to_h1.c new file mode 100644 index 00000000..8dacfe80 --- /dev/null +++ b/modules/http2/h2_to_h1.c @@ -0,0 +1,305 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include + +#include +#include +#include +#include + +#include "h2_private.h" +#include "h2_mplx.h" +#include "h2_response.h" +#include "h2_task.h" +#include "h2_to_h1.h" +#include "h2_util.h" + + +h2_to_h1 *h2_to_h1_create(int stream_id, apr_pool_t *pool, + apr_bucket_alloc_t *bucket_alloc, + const char *method, + const char *scheme, + const char *authority, + const char *path, + struct h2_mplx *m) +{ + h2_to_h1 *to_h1; + if (!method) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, m->c, + APLOGNO(02943) + "h2_to_h1: header start but :method missing"); + return NULL; + } + if (!path) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, m->c, + APLOGNO(02944) + "h2_to_h1: header start but :path missing"); + return NULL; + } + + to_h1 = apr_pcalloc(pool, sizeof(h2_to_h1)); + if (to_h1) { + to_h1->stream_id = stream_id; + to_h1->pool = pool; + to_h1->method = method; + to_h1->scheme = scheme; + to_h1->authority = authority; + to_h1->path = path; + to_h1->m = m; + to_h1->headers = apr_table_make(to_h1->pool, 10); + to_h1->bb = apr_brigade_create(pool, bucket_alloc); + to_h1->chunked = 0; /* until we see a content-type and no length */ + to_h1->content_len = -1; + } + return to_h1; +} + +void h2_to_h1_destroy(h2_to_h1 *to_h1) +{ + to_h1->bb = NULL; +} + +apr_status_t h2_to_h1_add_header(h2_to_h1 *to_h1, + const char *name, size_t nlen, + const char *value, size_t vlen) +{ + char *hname, *hvalue; + if (H2_HD_MATCH_LIT("transfer-encoding", name, nlen)) { + if (!apr_strnatcasecmp("chunked", value)) { + /* This should never arrive here in a HTTP/2 request */ + ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_BADARG, to_h1->m->c, + APLOGNO(02945) + "h2_to_h1: 'transfer-encoding: chunked' received"); + return APR_BADARG; + } + } + else if (H2_HD_MATCH_LIT("content-length", name, nlen)) { + char *end; + to_h1->content_len = apr_strtoi64(value, &end, 10); + if (value == end) { + ap_log_cerror(APLOG_MARK, APLOG_WARNING, APR_EINVAL, to_h1->m->c, + APLOGNO(02959) + "h2_request(%d): content-length value not parsed: %s", + to_h1->stream_id, value); + return APR_EINVAL; + } + to_h1->remain_len = to_h1->content_len; + to_h1->chunked = 0; + } + else if (H2_HD_MATCH_LIT("content-type", name, nlen)) { + /* If we see a content-type and have no length (yet), + * we need to chunk. */ + to_h1->chunked = (to_h1->content_len == -1); + } + else if ((to_h1->seen_host && H2_HD_MATCH_LIT("host", name, nlen)) + || H2_HD_MATCH_LIT("expect", name, nlen) + || H2_HD_MATCH_LIT("upgrade", name, nlen) + || H2_HD_MATCH_LIT("connection", name, nlen) + || H2_HD_MATCH_LIT("proxy-connection", name, nlen) + || H2_HD_MATCH_LIT("keep-alive", name, nlen) + || H2_HD_MATCH_LIT("http2-settings", name, nlen)) { + /* ignore these. */ + return APR_SUCCESS; + } + else if (H2_HD_MATCH_LIT("cookie", name, nlen)) { + const char *existing = apr_table_get(to_h1->headers, "cookie"); + if (existing) { + char *nval; + + /* Cookie headers come separately in HTTP/2, but need + * to be merged by "; " (instead of default ", ") + */ + hvalue = apr_pstrndup(to_h1->pool, value, vlen); + nval = apr_psprintf(to_h1->pool, "%s; %s", existing, hvalue); + apr_table_setn(to_h1->headers, "Cookie", nval); + return APR_SUCCESS; + } + } + else if (H2_HD_MATCH_LIT("host", name, nlen)) { + to_h1->seen_host = 1; + } + + hname = apr_pstrndup(to_h1->pool, name, nlen); + hvalue = apr_pstrndup(to_h1->pool, value, vlen); + h2_util_camel_case_header(hname, nlen); + apr_table_mergen(to_h1->headers, hname, hvalue); + + return APR_SUCCESS; +} + +static int set_header(void *ctx, const char *key, const char *value) +{ + h2_to_h1 *to_h1 = (h2_to_h1*)ctx; + h2_to_h1_add_header(to_h1, key, strlen(key), value, strlen(value)); + return 1; +} + +apr_status_t h2_to_h1_add_headers(h2_to_h1 *to_h1, apr_table_t *headers) +{ + apr_table_do(set_header, to_h1, headers, NULL); + return APR_SUCCESS; +} + +apr_status_t h2_to_h1_end_headers(h2_to_h1 *to_h1, h2_task *task, int eos) +{ + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, to_h1->m->c, + "h2_to_h1(%ld-%d): end headers", + to_h1->m->id, to_h1->stream_id); + + if (to_h1->eoh) { + return APR_EINVAL; + } + + if (!to_h1->seen_host) { + /* Need to add a "Host" header if not already there to + * make virtual hosts work correctly. */ + if (!to_h1->authority) { + return APR_BADARG; + } + apr_table_set(to_h1->headers, "Host", to_h1->authority); + } + + if (eos && to_h1->chunked) { + /* We had chunking figured out, but the EOS is already there. + * unmark chunking and set a definitive content-length. + */ + to_h1->chunked = 0; + apr_table_setn(to_h1->headers, "Content-Length", "0"); + } + else if (to_h1->chunked) { + /* We have not seen a content-length. We therefore must + * pass any request content in chunked form. + */ + apr_table_mergen(to_h1->headers, "Transfer-Encoding", "chunked"); + } + + h2_task_set_request(task, to_h1->method, + to_h1->scheme, + to_h1->authority, + to_h1->path, + to_h1->headers, eos); + to_h1->eoh = 1; + + if (eos) { + apr_status_t status = h2_to_h1_close(to_h1); + if (status != APR_SUCCESS) { + ap_log_cerror(APLOG_MARK, APLOG_WARNING, status, to_h1->m->c, + APLOGNO(02960) + "h2_to_h1(%ld-%d): end headers, eos=%d", + to_h1->m->id, to_h1->stream_id, eos); + } + return status; + } + return APR_SUCCESS; +} + +static apr_status_t flush(apr_bucket_brigade *bb, void *ctx) +{ + (void)bb; + return h2_to_h1_flush((h2_to_h1*)ctx); +} + +static apr_status_t h2_to_h1_add_data_raw(h2_to_h1 *to_h1, + const char *data, size_t len) +{ + apr_status_t status = APR_SUCCESS; + + if (to_h1->eos || !to_h1->eoh) { + return APR_EINVAL; + } + + status = apr_brigade_write(to_h1->bb, flush, to_h1, data, len); + if (status == APR_SUCCESS) { + status = h2_to_h1_flush(to_h1); + } + return status; +} + + +apr_status_t h2_to_h1_add_data(h2_to_h1 *to_h1, + const char *data, size_t len) +{ + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, to_h1->m->c, + "h2_to_h1(%ld-%d): add %ld data bytes", + to_h1->m->id, to_h1->stream_id, (long)len); + + if (to_h1->chunked) { + /* if input may have a body and we have not seen any + * content-length header, we need to chunk the input data. + */ + apr_status_t status = apr_brigade_printf(to_h1->bb, NULL, NULL, + "%lx\r\n", (unsigned long)len); + if (status == APR_SUCCESS) { + status = h2_to_h1_add_data_raw(to_h1, data, len); + if (status == APR_SUCCESS) { + status = apr_brigade_puts(to_h1->bb, NULL, NULL, "\r\n"); + } + } + return status; + } + else { + to_h1->remain_len -= len; + if (to_h1->remain_len < 0) { + ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, to_h1->m->c, + APLOGNO(02961) + "h2_to_h1(%ld-%d): got %ld more content bytes than announced " + "in content-length header: %ld", + to_h1->m->id, to_h1->stream_id, + (long)to_h1->content_len, -(long)to_h1->remain_len); + } + return h2_to_h1_add_data_raw(to_h1, data, len); + } +} + +apr_status_t h2_to_h1_flush(h2_to_h1 *to_h1) +{ + apr_status_t status = APR_SUCCESS; + if (!APR_BRIGADE_EMPTY(to_h1->bb)) { + ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, to_h1->m->c, + "h2_to_h1(%ld-%d): flush request bytes", + to_h1->m->id, to_h1->stream_id); + + status = h2_mplx_in_write(to_h1->m, to_h1->stream_id, to_h1->bb); + if (status != APR_SUCCESS) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, status, to_h1->m->c, + APLOGNO(02946) "h2_request(%d): pushing request data", + to_h1->stream_id); + } + } + return status; +} + +apr_status_t h2_to_h1_close(h2_to_h1 *to_h1) +{ + apr_status_t status = APR_SUCCESS; + if (!to_h1->eos) { + if (to_h1->chunked) { + status = h2_to_h1_add_data_raw(to_h1, "0\r\n\r\n", 5); + } + to_h1->eos = 1; + status = h2_to_h1_flush(to_h1); + ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, to_h1->m->c, + "h2_to_h1(%d): close", to_h1->stream_id); + + status = h2_mplx_in_close(to_h1->m, to_h1->stream_id); + } + return status; +} + + diff --git a/modules/http2/h2_to_h1.h b/modules/http2/h2_to_h1.h new file mode 100644 index 00000000..74586e2b --- /dev/null +++ b/modules/http2/h2_to_h1.h @@ -0,0 +1,87 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_to_h1__ +#define __mod_h2__h2_to_h1__ + +struct h2_mplx; +struct h2_task; +typedef struct h2_to_h1 h2_to_h1; + +struct h2_to_h1 { + int stream_id; + apr_pool_t *pool; + h2_mplx *m; + + const char *method; + const char *scheme; + const char *authority; + const char *path; + + int chunked; + int eoh; + int eos; + int flushed; + int seen_host; + + apr_off_t content_len; + apr_off_t remain_len; + apr_table_t *headers; + apr_bucket_brigade *bb; +}; + +/* Create a converter from a HTTP/2 request to a serialzation in + * HTTP/1.1 format. The serialized data will be written onto the + * given h2_mplx instance. + */ +h2_to_h1 *h2_to_h1_create(int stream_id, apr_pool_t *pool, + apr_bucket_alloc_t *bucket_alloc, + const char *method, + const char *scheme, + const char *authority, + const char *path, + struct h2_mplx *m); + +/* Destroy the converter and free resources. */ +void h2_to_h1_destroy(h2_to_h1 *to_h1); + +/* Add a header to the serialization. Only valid to call after start + * and before end_headers. + */ +apr_status_t h2_to_h1_add_header(h2_to_h1 *to_h1, + const char *name, size_t nlen, + const char *value, size_t vlen); + +apr_status_t h2_to_h1_add_headers(h2_to_h1 *to_h1, apr_table_t *headers); + +/** End the request headers. + */ +apr_status_t h2_to_h1_end_headers(h2_to_h1 *to_h1, + struct h2_task *task, int eos); + +/* Add request body data. + */ +apr_status_t h2_to_h1_add_data(h2_to_h1 *to_h1, + const char *data, size_t len); + +/* Flush the converted data onto the h2_mplx instance. + */ +apr_status_t h2_to_h1_flush(h2_to_h1 *to_h1); + +/* Close the request, flushed automatically. + */ +apr_status_t h2_to_h1_close(h2_to_h1 *to_h1); + +#endif /* defined(__mod_h2__h2_to_h1__) */ diff --git a/modules/http2/h2_util.c b/modules/http2/h2_util.c new file mode 100644 index 00000000..9d141be9 --- /dev/null +++ b/modules/http2/h2_util.c @@ -0,0 +1,649 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include + +#include +#include +#include + +#include + +#include "h2_private.h" +#include "h2_util.h" + +size_t h2_util_hex_dump(char *buffer, size_t maxlen, + const char *data, size_t datalen) +{ + size_t offset = 0; + size_t maxoffset = (maxlen-4); + size_t i; + for (i = 0; i < datalen && offset < maxoffset; ++i) { + const char *sep = (i && i % 16 == 0)? "\n" : " "; + int n = apr_snprintf(buffer+offset, maxoffset-offset, + "%2x%s", ((unsigned int)data[i]&0xff), sep); + offset += n; + } + strcpy(buffer+offset, (i= 'A' && *p <= 'Z') { + *p += 'a' - 'A'; + } + } + return s; +} + +void h2_util_camel_case_header(char *s, size_t len) +{ + size_t start = 1; + size_t i; + for (i = 0; i < len; ++i) { + if (start) { + if (s[i] >= 'a' && s[i] <= 'z') { + s[i] -= 'a' - 'A'; + } + + start = 0; + } + else if (s[i] == '-') { + start = 1; + } + } +} + +static const int BASE64URL_TABLE[] = { + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, + 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, + 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, + 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, + 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1 +}; + +apr_size_t h2_util_base64url_decode(const char **decoded, const char *encoded, + apr_pool_t *pool) +{ + const unsigned char *e = (const unsigned char *)encoded; + const unsigned char *p = e; + unsigned char *d; + int n; + apr_size_t len, mlen, remain, i; + + while (*p && BASE64URL_TABLE[ *p ] == -1) { + ++p; + } + len = p - e; + mlen = (len/4)*4; + *decoded = apr_pcalloc(pool, len+1); + + i = 0; + d = (unsigned char*)*decoded; + for (; i < mlen; i += 4) { + n = ((BASE64URL_TABLE[ e[i+0] ] << 18) + + (BASE64URL_TABLE[ e[i+1] ] << 12) + + (BASE64URL_TABLE[ e[i+2] ] << 6) + + BASE64URL_TABLE[ e[i+3] ]); + *d++ = n >> 16; + *d++ = n >> 8 & 0xffu; + *d++ = n & 0xffu; + } + remain = len - mlen; + switch (remain) { + case 2: + n = ((BASE64URL_TABLE[ e[mlen+0] ] << 18) + + (BASE64URL_TABLE[ e[mlen+1] ] << 12)); + *d++ = n >> 16; + break; + case 3: + n = ((BASE64URL_TABLE[ e[mlen+0] ] << 18) + + (BASE64URL_TABLE[ e[mlen+1] ] << 12) + + (BASE64URL_TABLE[ e[mlen+2] ] << 6)); + *d++ = n >> 16; + *d++ = n >> 8 & 0xffu; + break; + default: /* do nothing */ + break; + } + return len; +} + +int h2_util_contains_token(apr_pool_t *pool, const char *s, const char *token) +{ + char *c; + if (s) { + if (!apr_strnatcasecmp(s, token)) { /* the simple life */ + return 1; + } + + for (c = ap_get_token(pool, &s, 0); c && *c; + c = *s? ap_get_token(pool, &s, 0) : NULL) { + if (!apr_strnatcasecmp(c, token)) { /* seeing the token? */ + return 1; + } + while (*s++ == ';') { /* skip parameters */ + ap_get_token(pool, &s, 0); + } + if (*s++ != ',') { /* need comma separation */ + return 0; + } + } + } + return 0; +} + +const char *h2_util_first_token_match(apr_pool_t *pool, const char *s, + const char *tokens[], apr_size_t len) +{ + char *c; + apr_size_t i; + if (s && *s) { + for (c = ap_get_token(pool, &s, 0); c && *c; + c = *s? ap_get_token(pool, &s, 0) : NULL) { + for (i = 0; i < len; ++i) { + if (!apr_strnatcasecmp(c, tokens[i])) { + return tokens[i]; + } + } + while (*s++ == ';') { /* skip parameters */ + ap_get_token(pool, &s, 0); + } + if (*s++ != ',') { /* need comma separation */ + return 0; + } + } + } + return NULL; +} + +/* DEEP_COPY==0 crashes under load. I think the setaside is fine, + * however buckets moved to another thread will still be + * free'd against the old bucket_alloc. *And* if the old + * pool gets destroyed too early, the bucket disappears while + * still needed. + */ +static const int DEEP_COPY = 1; +static const int FILE_MOVE = 1; + +static apr_status_t last_not_included(apr_bucket_brigade *bb, + apr_size_t maxlen, + int same_alloc, + int *pfile_buckets_allowed, + apr_bucket **pend) +{ + apr_bucket *b; + apr_status_t status = APR_SUCCESS; + int files_allowed = pfile_buckets_allowed? *pfile_buckets_allowed : 0; + + if (maxlen > 0) { + /* Find the bucket, up to which we reach maxlen/mem bytes */ + for (b = APR_BRIGADE_FIRST(bb); + (b != APR_BRIGADE_SENTINEL(bb)); + b = APR_BUCKET_NEXT(b)) { + + if (APR_BUCKET_IS_METADATA(b)) { + /* included */ + } + else { + if (maxlen == 0) { + *pend = b; + return status; + } + + if (b->length == ((apr_size_t)-1)) { + const char *ign; + apr_size_t ilen; + status = apr_bucket_read(b, &ign, &ilen, APR_BLOCK_READ); + if (status != APR_SUCCESS) { + return status; + } + } + + if (same_alloc && APR_BUCKET_IS_FILE(b)) { + /* we like it move it, always */ + } + else if (files_allowed > 0 && APR_BUCKET_IS_FILE(b)) { + /* this has no memory footprint really unless + * it is read, disregard it in length count, + * unless we do not move the file buckets */ + --files_allowed; + } + else if (maxlen < b->length) { + apr_bucket_split(b, maxlen); + maxlen = 0; + } + else { + maxlen -= b->length; + } + } + } + } + *pend = APR_BRIGADE_SENTINEL(bb); + return status; +} + +#define LOG_BUCKETS 0 +#define LOG_LEVEL APLOG_INFO + +apr_status_t h2_util_move(apr_bucket_brigade *to, apr_bucket_brigade *from, + apr_size_t maxlen, int *pfile_handles_allowed, + const char *msg) +{ + apr_status_t status = APR_SUCCESS; + int same_alloc; + + AP_DEBUG_ASSERT(to); + AP_DEBUG_ASSERT(from); + same_alloc = (to->bucket_alloc == from->bucket_alloc); + + if (!FILE_MOVE) { + pfile_handles_allowed = NULL; + } + + if (!APR_BRIGADE_EMPTY(from)) { + apr_bucket *b, *end; + + status = last_not_included(from, maxlen, same_alloc, + pfile_handles_allowed, &end); + if (status != APR_SUCCESS) { + return status; + } + + while (!APR_BRIGADE_EMPTY(from) && status == APR_SUCCESS) { + b = APR_BRIGADE_FIRST(from); + if (b == end) { + break; + } + + if (same_alloc || (b->list == to->bucket_alloc)) { + /* both brigades use the same bucket_alloc and auto-cleanups + * have the same life time. It's therefore safe to just move + * directly. */ + APR_BUCKET_REMOVE(b); + APR_BRIGADE_INSERT_TAIL(to, b); +#if LOG_BUCKETS + ap_log_perror(APLOG_MARK, LOG_LEVEL, 0, to->p, + "h2_util_move: %s, passed bucket(same bucket_alloc) " + "%ld-%ld, type=%s", + msg, (long)b->start, (long)b->length, + APR_BUCKET_IS_METADATA(b)? + (APR_BUCKET_IS_EOS(b)? "EOS": + (APR_BUCKET_IS_FLUSH(b)? "FLUSH" : "META")) : + (APR_BUCKET_IS_FILE(b)? "FILE" : "DATA")); +#endif + } + else if (DEEP_COPY) { + /* we have not managed the magic of passing buckets from + * one thread to another. Any attempts result in + * cleanup of pools scrambling memory. + */ + if (APR_BUCKET_IS_METADATA(b)) { + if (APR_BUCKET_IS_EOS(b)) { + APR_BRIGADE_INSERT_TAIL(to, apr_bucket_eos_create(to->bucket_alloc)); + } + else if (APR_BUCKET_IS_FLUSH(b)) { + APR_BRIGADE_INSERT_TAIL(to, apr_bucket_flush_create(to->bucket_alloc)); + } + else { + /* ignore */ + } + } + else if (pfile_handles_allowed + && *pfile_handles_allowed > 0 + && APR_BUCKET_IS_FILE(b)) { + /* We do not want to read files when passing buckets, if + * we can avoid it. However, what we've come up so far + * is not working corrently, resulting either in crashes or + * too many open file descriptors. + */ + apr_bucket_file *f = (apr_bucket_file *)b->data; + apr_file_t *fd = f->fd; + int setaside = (f->readpool != to->p); +#if LOG_BUCKETS + ap_log_perror(APLOG_MARK, LOG_LEVEL, 0, to->p, + "h2_util_move: %s, moving FILE bucket %ld-%ld " + "from=%lx(p=%lx) to=%lx(p=%lx), setaside=%d", + msg, (long)b->start, (long)b->length, + (long)from, (long)from->p, + (long)to, (long)to->p, setaside); +#endif + if (setaside) { + status = apr_file_setaside(&fd, fd, to->p); + if (status != APR_SUCCESS) { + ap_log_perror(APLOG_MARK, APLOG_ERR, status, to->p, + APLOGNO(02947) "h2_util: %s, setaside FILE", + msg); + return status; + } + } + apr_brigade_insert_file(to, fd, b->start, b->length, + to->p); + --(*pfile_handles_allowed); + } + else { + const char *data; + apr_size_t len; + status = apr_bucket_read(b, &data, &len, APR_BLOCK_READ); + if (status == APR_SUCCESS && len > 0) { + status = apr_brigade_write(to, NULL, NULL, data, len); +#if LOG_BUCKETS + ap_log_perror(APLOG_MARK, LOG_LEVEL, 0, to->p, + "h2_util_move: %s, copied bucket %ld-%ld " + "from=%lx(p=%lx) to=%lx(p=%lx)", + msg, (long)b->start, (long)b->length, + (long)from, (long)from->p, + (long)to, (long)to->p); +#endif + } + } + apr_bucket_delete(b); + } + else { + apr_bucket_setaside(b, to->p); + APR_BUCKET_REMOVE(b); + APR_BRIGADE_INSERT_TAIL(to, b); +#if LOG_BUCKETS + ap_log_perror(APLOG_MARK, LOG_LEVEL, 0, to->p, + "h2_util_move: %s, passed setaside bucket %ld-%ld " + "from=%lx(p=%lx) to=%lx(p=%lx)", + msg, (long)b->start, (long)b->length, + (long)from, (long)from->p, + (long)to, (long)to->p); +#endif + } + } + } + + return status; +} + +apr_status_t h2_util_copy(apr_bucket_brigade *to, apr_bucket_brigade *from, + apr_size_t maxlen, const char *msg) +{ + apr_status_t status = APR_SUCCESS; + int same_alloc; + + (void)msg; + AP_DEBUG_ASSERT(to); + AP_DEBUG_ASSERT(from); + same_alloc = (to->bucket_alloc == from->bucket_alloc); + + if (!APR_BRIGADE_EMPTY(from)) { + apr_bucket *b, *end, *cpy; + + status = last_not_included(from, maxlen, 0, 0, &end); + if (status != APR_SUCCESS) { + return status; + } + + for (b = APR_BRIGADE_FIRST(from); + b != APR_BRIGADE_SENTINEL(from) && b != end; + b = APR_BUCKET_NEXT(b)) + { + if (same_alloc) { + status = apr_bucket_copy(b, &cpy); + if (status != APR_SUCCESS) { + break; + } + APR_BRIGADE_INSERT_TAIL(to, cpy); + } + else { + if (APR_BUCKET_IS_METADATA(b)) { + if (APR_BUCKET_IS_EOS(b)) { + APR_BRIGADE_INSERT_TAIL(to, apr_bucket_eos_create(to->bucket_alloc)); + } + else if (APR_BUCKET_IS_FLUSH(b)) { + APR_BRIGADE_INSERT_TAIL(to, apr_bucket_flush_create(to->bucket_alloc)); + } + else { + /* ignore */ + } + } + else { + const char *data; + apr_size_t len; + status = apr_bucket_read(b, &data, &len, APR_BLOCK_READ); + if (status == APR_SUCCESS && len > 0) { + status = apr_brigade_write(to, NULL, NULL, data, len); +#if LOG_BUCKETS + ap_log_perror(APLOG_MARK, LOG_LEVEL, 0, to->p, + "h2_util_copy: %s, copied bucket %ld-%ld " + "from=%lx(p=%lx) to=%lx(p=%lx)", + msg, (long)b->start, (long)b->length, + (long)from, (long)from->p, + (long)to, (long)to->p); +#endif + } + } + } + } + } + return status; +} + +int h2_util_has_flush_or_eos(apr_bucket_brigade *bb) { + apr_bucket *b; + for (b = APR_BRIGADE_FIRST(bb); + b != APR_BRIGADE_SENTINEL(bb); + b = APR_BUCKET_NEXT(b)) + { + if (APR_BUCKET_IS_EOS(b) || APR_BUCKET_IS_FLUSH(b)) { + return 1; + } + } + return 0; +} + +int h2_util_has_eos(apr_bucket_brigade *bb, apr_size_t len) +{ + apr_bucket *b, *end; + + apr_status_t status = last_not_included(bb, len, 0, 0, &end); + if (status != APR_SUCCESS) { + return status; + } + + for (b = APR_BRIGADE_FIRST(bb); + b != APR_BRIGADE_SENTINEL(bb) && b != end; + b = APR_BUCKET_NEXT(b)) + { + if (APR_BUCKET_IS_EOS(b)) { + return 1; + } + } + return 0; +} + +int h2_util_bb_has_data(apr_bucket_brigade *bb) +{ + apr_bucket *b; + for (b = APR_BRIGADE_FIRST(bb); + b != APR_BRIGADE_SENTINEL(bb); + b = APR_BUCKET_NEXT(b)) + { + if (!APR_BUCKET_IS_METADATA(b)) { + return 1; + } + } + return 0; +} + +int h2_util_bb_has_data_or_eos(apr_bucket_brigade *bb) +{ + apr_bucket *b; + for (b = APR_BRIGADE_FIRST(bb); + b != APR_BRIGADE_SENTINEL(bb); + b = APR_BUCKET_NEXT(b)) + { + if (APR_BUCKET_IS_METADATA(b)) { + if (APR_BUCKET_IS_EOS(b)) { + return 1; + } + } + else { + return 1; + } + } + return 0; +} + +apr_status_t h2_util_bb_avail(apr_bucket_brigade *bb, + apr_size_t *plen, int *peos) +{ + apr_status_t status; + apr_off_t blen = 0; + + /* test read to determine available length */ + status = apr_brigade_length(bb, 1, &blen); + if (status != APR_SUCCESS) { + return status; + } + else if (blen == 0) { + /* empty brigade, does it have an EOS bucket somwhere? */ + *plen = 0; + *peos = h2_util_has_eos(bb, 0); + } + else if (blen > 0) { + /* data in the brigade, limit the length returned. Check for EOS + * bucket only if we indicate data. This is required since plen == 0 + * means "the whole brigade" for h2_util_hash_eos() + */ + if (blen < (apr_off_t)*plen) { + *plen = blen; + } + *peos = (*plen > 0)? h2_util_has_eos(bb, *plen) : 0; + } + else if (blen < 0) { + /* famous SHOULD NOT HAPPEN, sinc we told apr_brigade_length to readall + */ + *plen = 0; + *peos = h2_util_has_eos(bb, 0); + return APR_EINVAL; + } + return APR_SUCCESS; +} + +apr_status_t h2_util_bb_readx(apr_bucket_brigade *bb, + h2_util_pass_cb *cb, void *ctx, + apr_size_t *plen, int *peos) +{ + apr_status_t status = APR_SUCCESS; + int consume = (cb != NULL); + apr_size_t written = 0; + apr_size_t avail = *plen; + apr_bucket *next, *b; + + /* Pass data in our brigade through the callback until the length + * is satisfied or we encounter an EOS. + */ + *peos = 0; + for (b = APR_BRIGADE_FIRST(bb); + (status == APR_SUCCESS) && (b != APR_BRIGADE_SENTINEL(bb)); + b = next) { + + if (APR_BUCKET_IS_METADATA(b)) { + if (APR_BUCKET_IS_EOS(b)) { + *peos = 1; + } + else { + /* ignore */ + } + } + else if (avail <= 0) { + break; + } + else { + const char *data = NULL; + apr_size_t data_len; + + if (b->length == ((apr_size_t)-1)) { + /* read to determine length */ + status = apr_bucket_read(b, &data, &data_len, + APR_NONBLOCK_READ); + } + else { + data_len = b->length; + } + + if (data_len > avail) { + apr_bucket_split(b, avail); + data_len = avail; + } + + if (consume) { + if (!data) { + status = apr_bucket_read(b, &data, &data_len, + APR_NONBLOCK_READ); + } + if (status == APR_SUCCESS) { + status = cb(ctx, data, data_len); + } + } + else { + data_len = b->length; + } + avail -= data_len; + written += data_len; + } + + next = APR_BUCKET_NEXT(b); + if (consume) { + apr_bucket_delete(b); + } + } + + *plen = written; + if (status == APR_SUCCESS && !*peos && !*plen) { + return APR_EAGAIN; + } + return status; +} + diff --git a/modules/http2/h2_util.h b/modules/http2/h2_util.h new file mode 100644 index 00000000..9a1b5c6d --- /dev/null +++ b/modules/http2/h2_util.h @@ -0,0 +1,124 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_util__ +#define __mod_h2__h2_util__ + +struct nghttp2_frame; + +size_t h2_util_hex_dump(char *buffer, size_t maxlen, + const char *data, size_t datalen); + +size_t h2_util_header_print(char *buffer, size_t maxlen, + const char *name, size_t namelen, + const char *value, size_t valuelen); + +char *h2_strlwr(char *s); + +void h2_util_camel_case_header(char *s, size_t len); + +/** + * Return != 0 iff the string s contains the token, as specified in + * HTTP header syntax, rfc7230. + */ +int h2_util_contains_token(apr_pool_t *pool, const char *s, const char *token); + +const char *h2_util_first_token_match(apr_pool_t *pool, const char *s, + const char *tokens[], apr_size_t len); + +/** + * I always wanted to write my own base64url decoder...not. See + * https://tools.ietf.org/html/rfc4648#section-5 for description. + */ +apr_size_t h2_util_base64url_decode(const char **decoded, + const char *encoded, + apr_pool_t *pool); + +#define H2_HD_MATCH_LIT(l, name, nlen) \ + ((nlen == sizeof(l) - 1) && !apr_strnatcasecmp(l, name)) + +#define H2_HD_MATCH_LIT_CS(l, name) \ + ((strlen(name) == sizeof(l) - 1) && !apr_strnatcasecmp(l, name)) + +#define H2_CREATE_NV_LIT_CS(nv, NAME, VALUE) nv->name = (uint8_t *)NAME; \ + nv->namelen = sizeof(NAME) - 1; \ + nv->value = (uint8_t *)VALUE; \ + nv->valuelen = strlen(VALUE) + +#define H2_CREATE_NV_CS_LIT(nv, NAME, VALUE) nv->name = (uint8_t *)NAME; \ + nv->namelen = strlen(NAME); \ + nv->value = (uint8_t *)VALUE; \ + nv->valuelen = sizeof(VALUE) - 1 + +#define H2_CREATE_NV_CS_CS(nv, NAME, VALUE) nv->name = (uint8_t *)NAME; \ + nv->namelen = strlen(NAME); \ + nv->value = (uint8_t *)VALUE; \ + nv->valuelen = strlen(VALUE) + +/** + * Moves data from one brigade into another. If maxlen > 0, it only + * moves up to maxlen bytes into the target brigade, making bucket splits + * if needed. + * @param to the brigade to move the data to + * @param from the brigade to get the data from + * @param maxlen of bytes to move, 0 for all + * @param pfile_buckets_allowed how many file buckets may be moved, + * may be 0 or NULL + * @param msg message for use in logging + */ +apr_status_t h2_util_move(apr_bucket_brigade *to, apr_bucket_brigade *from, + apr_size_t maxlen, int *pfile_buckets_allowed, + const char *msg); + +/** + * Copies buckets from one brigade into another. If maxlen > 0, it only + * copies up to maxlen bytes into the target brigade, making bucket splits + * if needed. + * @param to the brigade to copy the data to + * @param from the brigade to get the data from + * @param maxlen of bytes to copy, 0 for all + * @param msg message for use in logging + */ +apr_status_t h2_util_copy(apr_bucket_brigade *to, apr_bucket_brigade *from, + apr_size_t maxlen, const char *msg); + +/** + * Return != 0 iff there is a FLUSH or EOS bucket in the brigade. + * @param bb the brigade to check on + * @return != 0 iff brigade holds FLUSH or EOS bucket (or both) + */ +int h2_util_has_flush_or_eos(apr_bucket_brigade *bb); +int h2_util_has_eos(apr_bucket_brigade *bb, apr_size_t len); +int h2_util_bb_has_data(apr_bucket_brigade *bb); +int h2_util_bb_has_data_or_eos(apr_bucket_brigade *bb); + +/** + * Check how many bytes of the desired amount are available and if the + * end of stream is reached by that amount. + * @param bb the brigade to check + * @param plen the desired length and, on return, the available length + * @param on return, if eos has been reached + */ +apr_status_t h2_util_bb_avail(apr_bucket_brigade *bb, + apr_size_t *plen, int *peos); + +typedef apr_status_t h2_util_pass_cb(void *ctx, + const char *data, apr_size_t len); + +apr_status_t h2_util_bb_readx(apr_bucket_brigade *bb, + h2_util_pass_cb *cb, void *ctx, + apr_size_t *plen, int *peos); + +#endif /* defined(__mod_h2__h2_util__) */ diff --git a/modules/http2/h2_version.h b/modules/http2/h2_version.h new file mode 100644 index 00000000..7a03865c --- /dev/null +++ b/modules/http2/h2_version.h @@ -0,0 +1,34 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 + +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +#ifndef mod_h2_h2_version_h +#define mod_h2_h2_version_h + +/** + * @macro + * Version number of the h2 module as c string + */ +#define MOD_HTTP2_VERSION "1.0.0" + +/** + * @macro + * Numerical representation of the version number of the h2 module + * release. This is a 24 bit number with 8 bits for major number, 8 bits + * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. + */ +#define MOD_HTTP2_VERSION_NUM 0x010000 + + +#endif /* mod_h2_h2_version_h */ diff --git a/modules/http2/h2_worker.c b/modules/http2/h2_worker.c new file mode 100644 index 00000000..8145b7aa --- /dev/null +++ b/modules/http2/h2_worker.c @@ -0,0 +1,170 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include + +#include +#include +#include + +#include "h2_private.h" +#include "h2_mplx.h" +#include "h2_task.h" +#include "h2_worker.h" + +static void* APR_THREAD_FUNC execute(apr_thread_t *thread, void *wctx) +{ + h2_worker *worker = (h2_worker *)wctx; + apr_status_t status = APR_SUCCESS; + h2_mplx *m; + (void)thread; + + /* Furthermore, other code might want to see the socket for + * this connection. Allocate one without further function... + */ + status = apr_socket_create(&worker->socket, + APR_INET, SOCK_STREAM, + APR_PROTO_TCP, worker->pool); + if (status != APR_SUCCESS) { + ap_log_perror(APLOG_MARK, APLOG_ERR, status, worker->pool, + APLOGNO(02948) "h2_worker(%d): alloc socket", + worker->id); + worker->worker_done(worker, worker->ctx); + return NULL; + } + + worker->task = NULL; + m = NULL; + while (!worker->aborted) { + status = worker->get_next(worker, &m, &worker->task, worker->ctx); + + if (worker->task) { + h2_task_do(worker->task, worker); + worker->task = NULL; + apr_thread_cond_signal(h2_worker_get_cond(worker)); + } + } + + status = worker->get_next(worker, &m, NULL, worker->ctx); + m = NULL; + + if (worker->socket) { + apr_socket_close(worker->socket); + worker->socket = NULL; + } + + worker->worker_done(worker, worker->ctx); + return NULL; +} + +h2_worker *h2_worker_create(int id, + apr_pool_t *parent_pool, + apr_threadattr_t *attr, + h2_worker_mplx_next_fn *get_next, + h2_worker_done_fn *worker_done, + void *ctx) +{ + apr_allocator_t *allocator = NULL; + apr_pool_t *pool = NULL; + h2_worker *w; + + apr_status_t status = apr_allocator_create(&allocator); + if (status != APR_SUCCESS) { + return NULL; + } + + status = apr_pool_create_ex(&pool, parent_pool, NULL, allocator); + if (status != APR_SUCCESS) { + return NULL; + } + apr_allocator_owner_set(allocator, pool); + + w = apr_pcalloc(pool, sizeof(h2_worker)); + if (w) { + APR_RING_ELEM_INIT(w, link); + + w->id = id; + w->pool = pool; + w->bucket_alloc = apr_bucket_alloc_create(pool); + + w->get_next = get_next; + w->worker_done = worker_done; + w->ctx = ctx; + + status = apr_thread_cond_create(&w->io, w->pool); + if (status != APR_SUCCESS) { + return NULL; + } + + apr_thread_create(&w->thread, attr, execute, w, pool); + } + return w; +} + +apr_status_t h2_worker_destroy(h2_worker *worker) +{ + if (worker->io) { + apr_thread_cond_destroy(worker->io); + worker->io = NULL; + } + if (worker->pool) { + apr_pool_destroy(worker->pool); + /* worker is gone */ + } + return APR_SUCCESS; +} + +int h2_worker_get_id(h2_worker *worker) +{ + return worker->id; +} + +void h2_worker_abort(h2_worker *worker) +{ + worker->aborted = 1; +} + +int h2_worker_is_aborted(h2_worker *worker) +{ + return worker->aborted; +} + +apr_thread_t *h2_worker_get_thread(h2_worker *worker) +{ + return worker->thread; +} + +apr_thread_cond_t *h2_worker_get_cond(h2_worker *worker) +{ + return worker->io; +} + +apr_socket_t *h2_worker_get_socket(h2_worker *worker) +{ + return worker->socket; +} + +apr_pool_t *h2_worker_get_pool(h2_worker *worker) +{ + return worker->pool; +} + +apr_bucket_alloc_t *h2_worker_get_bucket_alloc(h2_worker *worker) +{ + return worker->bucket_alloc; +} + diff --git a/modules/http2/h2_worker.h b/modules/http2/h2_worker.h new file mode 100644 index 00000000..9c69e6b5 --- /dev/null +++ b/modules/http2/h2_worker.h @@ -0,0 +1,155 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_worker__ +#define __mod_h2__h2_worker__ + +struct apr_thread_cond_t; +struct h2_mplx; +struct h2_task; + +/* h2_worker is a basically a apr_thread_t that reads fromt he h2_workers + * task queue and runs h2_tasks it is given. + */ +typedef struct h2_worker h2_worker; + +/* Invoked when the worker wants a new task to process. Will block + * until a h2_mplx becomes available or the worker itself + * gets aborted (idle timeout, for example). */ +typedef apr_status_t h2_worker_mplx_next_fn(h2_worker *worker, + struct h2_mplx **pm, + struct h2_task **ptask, + void *ctx); + +/* Invoked just before the worker thread exits. */ +typedef void h2_worker_done_fn(h2_worker *worker, void *ctx); + + +struct h2_worker { + /** Links to the rest of the workers */ + APR_RING_ENTRY(h2_worker) link; + + int id; + apr_thread_t *thread; + apr_pool_t *pool; + apr_bucket_alloc_t *bucket_alloc; + struct apr_thread_cond_t *io; + apr_socket_t *socket; + + h2_worker_mplx_next_fn *get_next; + h2_worker_done_fn *worker_done; + void *ctx; + + int aborted; + struct h2_task *task; +}; + +/** + * The magic pointer value that indicates the head of a h2_worker list + * @param b The worker list + * @return The magic pointer value + */ +#define H2_WORKER_LIST_SENTINEL(b) APR_RING_SENTINEL((b), h2_worker, link) + +/** + * Determine if the worker list is empty + * @param b The list to check + * @return true or false + */ +#define H2_WORKER_LIST_EMPTY(b) APR_RING_EMPTY((b), h2_worker, link) + +/** + * Return the first worker in a list + * @param b The list to query + * @return The first worker in the list + */ +#define H2_WORKER_LIST_FIRST(b) APR_RING_FIRST(b) + +/** + * Return the last worker in a list + * @param b The list to query + * @return The last worker int he list + */ +#define H2_WORKER_LIST_LAST(b) APR_RING_LAST(b) + +/** + * Insert a single worker at the front of a list + * @param b The list to add to + * @param e The worker to insert + */ +#define H2_WORKER_LIST_INSERT_HEAD(b, e) do { \ + h2_worker *ap__b = (e); \ + APR_RING_INSERT_HEAD((b), ap__b, h2_worker, link); \ + } while (0) + +/** + * Insert a single worker at the end of a list + * @param b The list to add to + * @param e The worker to insert + */ +#define H2_WORKER_LIST_INSERT_TAIL(b, e) do { \ + h2_worker *ap__b = (e); \ + APR_RING_INSERT_TAIL((b), ap__b, h2_worker, link); \ + } while (0) + +/** + * Get the next worker in the list + * @param e The current worker + * @return The next worker + */ +#define H2_WORKER_NEXT(e) APR_RING_NEXT((e), link) +/** + * Get the previous worker in the list + * @param e The current worker + * @return The previous worker + */ +#define H2_WORKER_PREV(e) APR_RING_PREV((e), link) + +/** + * Remove a worker from its list + * @param e The worker to remove + */ +#define H2_WORKER_REMOVE(e) APR_RING_REMOVE((e), link) + + +/* Create a new worker with given id, pool and attributes, callbacks + * callback parameter. + */ +h2_worker *h2_worker_create(int id, + apr_pool_t *pool, + apr_threadattr_t *attr, + h2_worker_mplx_next_fn *get_next, + h2_worker_done_fn *worker_done, + void *ctx); + +apr_status_t h2_worker_destroy(h2_worker *worker); + +void h2_worker_abort(h2_worker *worker); + +int h2_worker_get_id(h2_worker *worker); + +int h2_worker_is_aborted(h2_worker *worker); + +apr_pool_t *h2_worker_get_pool(h2_worker *worker); + +apr_bucket_alloc_t *h2_worker_get_bucket_alloc(h2_worker *worker); + +apr_socket_t *h2_worker_get_socket(h2_worker *worker); + +apr_thread_t *h2_worker_get_thread(h2_worker *worker); + +struct apr_thread_cond_t *h2_worker_get_cond(h2_worker *worker); + +#endif /* defined(__mod_h2__h2_worker__) */ diff --git a/modules/http2/h2_workers.c b/modules/http2/h2_workers.c new file mode 100644 index 00000000..cf300958 --- /dev/null +++ b/modules/http2/h2_workers.c @@ -0,0 +1,352 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include + +#include +#include +#include + +#include "h2_private.h" +#include "h2_mplx.h" +#include "h2_task.h" +#include "h2_task_queue.h" +#include "h2_worker.h" +#include "h2_workers.h" + +static int in_list(h2_workers *workers, h2_mplx *m) +{ + h2_mplx *e; + for (e = H2_MPLX_LIST_FIRST(&workers->mplxs); + e != H2_MPLX_LIST_SENTINEL(&workers->mplxs); + e = H2_MPLX_NEXT(e)) { + if (e == m) { + return 1; + } + } + return 0; +} + + +/** + * Get the next task for the given worker. Will block until a task arrives + * or the max_wait timer expires and more than min workers exist. + * The previous h2_mplx instance might be passed in and will be served + * with preference, since we can ask it for the next task without aquiring + * the h2_workers lock. + */ +static apr_status_t get_mplx_next(h2_worker *worker, h2_mplx **pm, + h2_task **ptask, void *ctx) +{ + apr_status_t status; + h2_mplx *m = NULL; + h2_task *task = NULL; + apr_time_t max_wait, start_wait; + int has_more = 0; + h2_workers *workers = (h2_workers *)ctx; + + if (*pm && ptask != NULL) { + /* We have a h2_mplx instance and the worker wants the next task. + * Try to get one from the given mplx. */ + *ptask = h2_mplx_pop_task(*pm, &has_more); + if (*ptask) { + return APR_SUCCESS; + } + } + + if (*pm) { + /* Got a mplx handed in, but did not get or want a task from it. + * Release it, as the workers reference will be wiped. + */ + h2_mplx_release(*pm); + *pm = NULL; + } + + if (!ptask) { + /* the worker does not want a next task, we're done. + */ + return APR_SUCCESS; + } + + max_wait = apr_time_from_sec(apr_atomic_read32(&workers->max_idle_secs)); + start_wait = apr_time_now(); + + status = apr_thread_mutex_lock(workers->lock); + if (status == APR_SUCCESS) { + ++workers->idle_worker_count; + ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, workers->s, + "h2_worker(%d): looking for work", h2_worker_get_id(worker)); + + while (!task && !h2_worker_is_aborted(worker) && !workers->aborted) { + + /* Get the next h2_mplx to process that has a task to hand out. + * If it does, place it at the end of the queu and return the + * task to the worker. + * If it (currently) has no tasks, remove it so that it needs + * to register again for scheduling. + * If we run out of h2_mplx in the queue, we need to wait for + * new mplx to arrive. Depending on how many workers do exist, + * we do a timed wait or block indefinitely. + */ + m = NULL; + while (!task && !H2_MPLX_LIST_EMPTY(&workers->mplxs)) { + m = H2_MPLX_LIST_FIRST(&workers->mplxs); + H2_MPLX_REMOVE(m); + + task = h2_mplx_pop_task(m, &has_more); + if (task) { + if (has_more) { + H2_MPLX_LIST_INSERT_TAIL(&workers->mplxs, m); + } + else { + has_more = !H2_MPLX_LIST_EMPTY(&workers->mplxs); + } + break; + } + } + + if (!task) { + /* Need to wait for either a new mplx to arrive. + */ + if (workers->worker_count > workers->min_size) { + apr_time_t now = apr_time_now(); + if (now >= (start_wait + max_wait)) { + /* waited long enough without getting a task. */ + status = APR_TIMEUP; + } + else { + ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, workers->s, + "h2_worker(%d): waiting signal, " + "worker_count=%d", worker->id, + (int)workers->worker_count); + status = apr_thread_cond_timedwait(workers->mplx_added, + workers->lock, max_wait); + } + + if (status == APR_TIMEUP) { + /* waited long enough */ + if (workers->worker_count > workers->min_size) { + ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, + workers->s, + "h2_workers: aborting idle worker"); + h2_worker_abort(worker); + break; + } + } + } + else { + ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, workers->s, + "h2_worker(%d): waiting signal (eternal), " + "worker_count=%d", worker->id, + (int)workers->worker_count); + apr_thread_cond_wait(workers->mplx_added, workers->lock); + } + } + } + + /* Here, we either have gotten task and mplx for the worker or + * needed to give up with more than enough workers. + */ + if (task) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, workers->s, + "h2_worker(%d): start task(%s)", + h2_worker_get_id(worker), task->id); + /* Since we hand out a reference to the worker, we increase + * its ref count. + */ + h2_mplx_reference(m); + *pm = m; + *ptask = task; + + if (has_more && workers->idle_worker_count > 1) { + apr_thread_cond_signal(workers->mplx_added); + } + status = APR_SUCCESS; + } + else { + status = APR_EOF; + } + + --workers->idle_worker_count; + apr_thread_mutex_unlock(workers->lock); + } + + return status; +} + +static void worker_done(h2_worker *worker, void *ctx) +{ + h2_workers *workers = (h2_workers *)ctx; + apr_status_t status = apr_thread_mutex_lock(workers->lock); + if (status == APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, workers->s, + "h2_worker(%d): done", h2_worker_get_id(worker)); + H2_WORKER_REMOVE(worker); + --workers->worker_count; + h2_worker_destroy(worker); + + apr_thread_mutex_unlock(workers->lock); + } +} + + +static apr_status_t add_worker(h2_workers *workers) +{ + h2_worker *w = h2_worker_create(workers->next_worker_id++, + workers->pool, workers->thread_attr, + get_mplx_next, worker_done, workers); + if (!w) { + return APR_ENOMEM; + } + ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, workers->s, + "h2_workers: adding worker(%d)", h2_worker_get_id(w)); + ++workers->worker_count; + H2_WORKER_LIST_INSERT_TAIL(&workers->workers, w); + return APR_SUCCESS; +} + +static apr_status_t h2_workers_start(h2_workers *workers) { + apr_status_t status = apr_thread_mutex_lock(workers->lock); + if (status == APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, workers->s, + "h2_workers: starting"); + + while (workers->worker_count < workers->min_size + && status == APR_SUCCESS) { + status = add_worker(workers); + } + apr_thread_mutex_unlock(workers->lock); + } + return status; +} + +h2_workers *h2_workers_create(server_rec *s, apr_pool_t *pool, + int min_size, int max_size) +{ + apr_status_t status; + h2_workers *workers; + AP_DEBUG_ASSERT(s); + AP_DEBUG_ASSERT(pool); + status = APR_SUCCESS; + + workers = apr_pcalloc(pool, sizeof(h2_workers)); + if (workers) { + workers->s = s; + workers->pool = pool; + workers->min_size = min_size; + workers->max_size = max_size; + apr_atomic_set32(&workers->max_idle_secs, 10); + + apr_threadattr_create(&workers->thread_attr, workers->pool); + + APR_RING_INIT(&workers->workers, h2_worker, link); + APR_RING_INIT(&workers->mplxs, h2_mplx, link); + + status = apr_thread_mutex_create(&workers->lock, + APR_THREAD_MUTEX_DEFAULT, + workers->pool); + if (status == APR_SUCCESS) { + status = apr_thread_cond_create(&workers->mplx_added, workers->pool); + } + + if (status == APR_SUCCESS) { + status = h2_workers_start(workers); + } + + if (status != APR_SUCCESS) { + h2_workers_destroy(workers); + workers = NULL; + } + } + return workers; +} + +void h2_workers_destroy(h2_workers *workers) +{ + if (workers->mplx_added) { + apr_thread_cond_destroy(workers->mplx_added); + workers->mplx_added = NULL; + } + if (workers->lock) { + apr_thread_mutex_destroy(workers->lock); + workers->lock = NULL; + } + while (!H2_MPLX_LIST_EMPTY(&workers->mplxs)) { + h2_mplx *m = H2_MPLX_LIST_FIRST(&workers->mplxs); + H2_MPLX_REMOVE(m); + } + while (!H2_WORKER_LIST_EMPTY(&workers->workers)) { + h2_worker *w = H2_WORKER_LIST_FIRST(&workers->workers); + H2_WORKER_REMOVE(w); + } +} + +apr_status_t h2_workers_register(h2_workers *workers, struct h2_mplx *m) +{ + apr_status_t status = apr_thread_mutex_lock(workers->lock); + if (status == APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, status, workers->s, + "h2_workers: register mplx(%ld)", m->id); + if (in_list(workers, m)) { + status = APR_EAGAIN; + } + else { + H2_MPLX_LIST_INSERT_TAIL(&workers->mplxs, m); + status = APR_SUCCESS; + } + + if (workers->idle_worker_count > 0) { + apr_thread_cond_signal(workers->mplx_added); + } + else if (workers->worker_count < workers->max_size) { + ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, workers->s, + "h2_workers: got %d worker, adding 1", + workers->worker_count); + add_worker(workers); + } + + apr_thread_mutex_unlock(workers->lock); + } + return status; +} + +apr_status_t h2_workers_unregister(h2_workers *workers, struct h2_mplx *m) +{ + apr_status_t status = apr_thread_mutex_lock(workers->lock); + if (status == APR_SUCCESS) { + status = APR_EAGAIN; + if (in_list(workers, m)) { + H2_MPLX_REMOVE(m); + status = APR_SUCCESS; + } + apr_thread_mutex_unlock(workers->lock); + } + return status; +} + +void h2_workers_set_max_idle_secs(h2_workers *workers, int idle_secs) +{ + if (idle_secs <= 0) { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, workers->s, + APLOGNO(02962) "h2_workers: max_worker_idle_sec value of %d" + " is not valid, ignored.", idle_secs); + return; + } + apr_atomic_set32(&workers->max_idle_secs, idle_secs); +} + diff --git a/modules/http2/h2_workers.h b/modules/http2/h2_workers.h new file mode 100644 index 00000000..50fd6b8a --- /dev/null +++ b/modules/http2/h2_workers.h @@ -0,0 +1,87 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __mod_h2__h2_workers__ +#define __mod_h2__h2_workers__ + +/* Thread pool specific to executing h2_tasks. Has a minimum and maximum + * number of workers it creates. Starts with minimum workers and adds + * some on load, reduces the number again when idle. + * + */ +struct apr_thread_mutex_t; +struct apr_thread_cond_t; +struct h2_mplx; +struct h2_task; +struct h2_task_queue; + +typedef struct h2_workers h2_workers; + +struct h2_workers { + server_rec *s; + apr_pool_t *pool; + int aborted; + + int next_worker_id; + int min_size; + int max_size; + + apr_threadattr_t *thread_attr; + + APR_RING_HEAD(h2_worker_list, h2_worker) workers; + APR_RING_HEAD(h2_mplx_list, h2_mplx) mplxs; + + int worker_count; + volatile apr_uint32_t max_idle_secs; + volatile apr_uint32_t idle_worker_count; + + struct apr_thread_mutex_t *lock; + struct apr_thread_cond_t *mplx_added; +}; + + +/* Create a worker pool with the given minimum and maximum number of + * threads. + */ +h2_workers *h2_workers_create(server_rec *s, apr_pool_t *pool, + int min_size, int max_size); + +/* Destroy the worker pool and all its threads. + */ +void h2_workers_destroy(h2_workers *workers); + +/** + * Registers a h2_mplx for task scheduling. If this h2_mplx runs + * out of tasks, it will be automatically be unregistered. Should + * new tasks arrive, it needs to be registered again. + */ +apr_status_t h2_workers_register(h2_workers *workers, + struct h2_mplx *m); + +/** + * Remove a h2_mplx from the worker registry. + */ +apr_status_t h2_workers_unregister(h2_workers *workers, + struct h2_mplx *m); + +/** + * Set the amount of seconds a h2_worker should wait for new tasks + * before shutting down (if there are more than the minimum number of + * workers). + */ +void h2_workers_set_max_idle_secs(h2_workers *workers, int idle_secs); + +#endif /* defined(__mod_h2__h2_workers__) */ diff --git a/modules/http2/mod_h2.h b/modules/http2/mod_h2.h new file mode 100644 index 00000000..bb895dd2 --- /dev/null +++ b/modules/http2/mod_h2.h @@ -0,0 +1,19 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef mod_h2_mod_h2_h +#define mod_h2_mod_h2_h + +#endif diff --git a/modules/http2/mod_http2.c b/modules/http2/mod_http2.c new file mode 100644 index 00000000..b1e79f16 --- /dev/null +++ b/modules/http2/mod_http2.c @@ -0,0 +1,146 @@ +/* Copyright 2015 greenbytes GmbH (https://www.greenbytes.de) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#include +#include + +#include "mod_h2.h" + +#include +#include "h2_stream.h" +#include "h2_alt_svc.h" +#include "h2_conn.h" +#include "h2_task.h" +#include "h2_session.h" +#include "h2_config.h" +#include "h2_ctx.h" +#include "h2_h2.h" +#include "h2_switch.h" +#include "h2_version.h" + + +static void h2_hooks(apr_pool_t *pool); + +AP_DECLARE_MODULE(http2) = { + STANDARD20_MODULE_STUFF, + NULL, + NULL, + h2_config_create_svr, /* func to create per server config */ + h2_config_merge, /* func to merge per server config */ + h2_cmds, /* command handlers */ + h2_hooks +}; + +/* The module initialization. Called once as apache hook, before any multi + * processing (threaded or not) happens. It is typically at least called twice, + * see + * http://wiki.apache.org/httpd/ModuleLife + * Since the first run is just a "practise" run, we want to initialize for real + * only on the second try. This defeats the purpose of the first dry run a bit, + * since apache wants to verify that a new configuration actually will work. + * So if we have trouble with the configuration, this will only be detected + * when the server has already switched. + * On the other hand, when we initialize lib nghttp2, all possible crazy things + * might happen and this might even eat threads. So, better init on the real + * invocation, for now at least. + */ +static int h2_post_config(apr_pool_t *p, apr_pool_t *plog, + apr_pool_t *ptemp, server_rec *s) +{ + void *data = NULL; + const char *mod_h2_init_key = "mod_h2_init_counter"; + nghttp2_info *ngh2; + apr_status_t status; + (void)plog;(void)ptemp; + + apr_pool_userdata_get(&data, mod_h2_init_key, s->process->pool); + if ( data == NULL ) { + ap_log_error( APLOG_MARK, APLOG_DEBUG, 0, s, + "initializing post config dry run"); + apr_pool_userdata_set((const void *)1, mod_h2_init_key, + apr_pool_cleanup_null, s->process->pool); + return APR_SUCCESS; + } + + ngh2 = nghttp2_version(0); + ap_log_error( APLOG_MARK, APLOG_INFO, 0, s, + "mod_http2 (v%s, nghttp2 %s), initializing...", + MOD_HTTP2_VERSION, ngh2? ngh2->version_str : "unknown"); + + switch (h2_conn_mpm_type()) { + case H2_MPM_EVENT: + case H2_MPM_WORKER: + /* all fine, we know these ones */ + break; + case H2_MPM_PREFORK: + /* ok, we now know how to handle that one */ + break; + case H2_MPM_UNKNOWN: + /* ??? */ + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + "post_config: mpm type unknown"); + break; + } + + status = h2_h2_init(p, s); + if (status == APR_SUCCESS) { + status = h2_switch_init(p, s); + } + + return status; +} + +/* Runs once per created child process. Perform any process + * related initionalization here. + */ +static void h2_child_init(apr_pool_t *pool, server_rec *s) +{ + /* Set up our connection processing */ + apr_status_t status = h2_conn_child_init(pool, s); + if (status != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, status, s, + APLOGNO(02949) "initializing connection handling"); + } +} + +/* Install this module into the apache2 infrastructure. + */ +static void h2_hooks(apr_pool_t *pool) +{ + static const char *const mod_ssl[] = { "mod_ssl.c", NULL}; + + ap_log_perror(APLOG_MARK, APLOG_INFO, 0, pool, "installing hooks"); + + /* Run once after configuration is set, but before mpm children initialize. + */ + ap_hook_post_config(h2_post_config, mod_ssl, NULL, APR_HOOK_MIDDLE); + + /* Run once after a child process has been created. + */ + ap_hook_child_init(h2_child_init, NULL, NULL, APR_HOOK_MIDDLE); + + h2_h2_register_hooks(); + h2_switch_register_hooks(); + h2_task_register_hooks(); + + h2_alt_svc_register_hooks(); + +} + + diff --git a/modules/http2/mod_http2.dsp b/modules/http2/mod_http2.dsp new file mode 100644 index 00000000..c3e139e9 --- /dev/null +++ b/modules/http2/mod_http2.dsp @@ -0,0 +1,207 @@ +# Microsoft Developer Studio Project File - Name="mod_http2" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +CFG=mod_http2 - Win32 Release +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "mod_http2.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "mod_http2.mak" CFG="mod_http2 - Win32 Release" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "mod_http2 - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "mod_http2 - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +MTL=midl.exe +RSC=rc.exe + +!IF "$(CFG)" == "mod_http2 - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "ssize_t=long" /FD /c +# ADD CPP /nologo /MD /W3 /O2 /Oy- /Zi /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /I "../../srclib/nghttp2/lib/includes" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "ssize_t=long" /Fd"Release\mod_http2_src" /FD /c +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /fo"Release/mod_http2.res" /i "../../include" /i "../../srclib/apr/include" /d "NDEBUG" /d BIN_NAME="mod_http2.so" /d LONG_NAME="http2_module for Apache" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib nghttp2.lib /nologo /subsystem:windows /dll /libpath:"..\..\srclib\nghttp2\lib\MSVC_obj" /out:".\Release\mod_http2.so" /base:@..\..\os\win32\BaseAddr.ref,mod_http2.so +# ADD LINK32 kernel32.lib nghttp2.lib /nologo /subsystem:windows /dll /libpath:"..\..\srclib\nghttp2\lib\MSVC_obj" /incremental:no /debug /out:".\Release\mod_http2.so" /base:@..\..\os\win32\BaseAddr.ref,mod_http2.so /opt:ref +# Begin Special Build Tool +TargetPath=.\Release\mod_http2.so +SOURCE="$(InputPath)" +PostBuild_Desc=Embed .manifest +PostBuild_Cmds=if exist $(TargetPath).manifest mt.exe -manifest $(TargetPath).manifest -outputresource:$(TargetPath);2 +# End Special Build Tool + +!ELSEIF "$(CFG)" == "mod_http2 - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "ssize_t=long" /FD /c +# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /I "../../srclib/nghttp2/lib/includes" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "ssize_t=long" /Fd"Debug\mod_http2_src" /FD /c +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /fo"Debug/mod_http2.res" /i "../../include" /i "../../srclib/apr/include" /d "_DEBUG" /d BIN_NAME="mod_http2.so" /d LONG_NAME="http2_module for Apache" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib nghttp2d.lib /nologo /subsystem:windows /dll /libpath:"..\..\srclib\nghttp2\lib\MSVC_obj" /incremental:no /debug /out:".\Debug\mod_http2.so" /base:@..\..\os\win32\BaseAddr.ref,mod_http2.so +# ADD LINK32 kernel32.lib nghttp2d.lib /nologo /subsystem:windows /dll /libpath:"..\..\srclib\nghttp2\lib\MSVC_obj" /incremental:no /debug /out:".\Debug\mod_http2.so" /base:@..\..\os\win32\BaseAddr.ref,mod_http2.so +# Begin Special Build Tool +TargetPath=.\Debug\mod_http2.so +SOURCE="$(InputPath)" +PostBuild_Desc=Embed .manifest +PostBuild_Cmds=if exist $(TargetPath).manifest mt.exe -manifest $(TargetPath).manifest -outputresource:$(TargetPath);2 +# End Special Build Tool + +!ENDIF + +# Begin Target + +# Name "mod_http2 - Win32 Release" +# Name "mod_http2 - Win32 Debug" +# Begin Source File + +SOURCE=./h2_alt_svc.c +# End Source File +# Begin Source File + +SOURCE=./h2_config.c +# End Source File +# Begin Source File + +SOURCE=./h2_conn.c +# End Source File +# Begin Source File + +SOURCE=./h2_conn_io.c +# End Source File +# Begin Source File + +SOURCE=./h2_ctx.c +# End Source File +# Begin Source File + +SOURCE=./h2_from_h1.c +# End Source File +# Begin Source File + +SOURCE=./h2_h2.c +# End Source File +# Begin Source File + +SOURCE=./h2_io.c +# End Source File +# Begin Source File + +SOURCE=./h2_io_set.c +# End Source File +# Begin Source File + +SOURCE=./h2_mplx.c +# End Source File +# Begin Source File + +SOURCE=./h2_request.c +# End Source File +# Begin Source File + +SOURCE=./h2_response.c +# End Source File +# Begin Source File + +SOURCE=./h2_session.c +# End Source File +# Begin Source File + +SOURCE=./h2_stream.c +# End Source File +# Begin Source File + +SOURCE=./h2_stream_set.c +# End Source File +# Begin Source File + +SOURCE=./h2_switch.c +# End Source File +# Begin Source File + +SOURCE=./h2_task.c +# End Source File +# Begin Source File + +SOURCE=./h2_task_input.c +# End Source File +# Begin Source File + +SOURCE=./h2_task_output.c +# End Source File +# Begin Source File + +SOURCE=./h2_task_queue.c +# End Source File +# Begin Source File + +SOURCE=./h2_to_h1.c +# End Source File +# Begin Source File + +SOURCE=./h2_util.c +# End Source File +# Begin Source File + +SOURCE=./h2_worker.c +# End Source File +# Begin Source File + +SOURCE=./h2_workers.c +# End Source File +# Begin Source File + +SOURCE=./mod_http2.c +# End Source File +# Begin Source File + +SOURCE=..\..\build\win32\httpd.rc +# End Source File +# End Target +# End Project diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c index 156e131d..52acafb0 100644 --- a/modules/ldap/util_ldap.c +++ b/modules/ldap/util_ldap.c @@ -209,8 +209,9 @@ static apr_status_t uldap_connection_unbind(void *param) * * The caller should hold the lock for this connection */ -static apr_status_t util_ldap_connection_remove (void *param) { - util_ldap_connection_t *ldc = param, *l = NULL, *prev = NULL; +static apr_status_t util_ldap_connection_remove (void *param) +{ + util_ldap_connection_t *ldc = param, *l = NULL, *prev = NULL; util_ldap_state_t *st; if (!ldc) return APR_SUCCESS; @@ -2670,16 +2671,17 @@ static const char *util_ldap_set_referral_hop_limit(cmd_parms *cmd, return NULL; } -static void *util_ldap_create_dir_config(apr_pool_t *p, char *d) { - util_ldap_config_t *dc = - (util_ldap_config_t *) apr_pcalloc(p,sizeof(util_ldap_config_t)); +static void *util_ldap_create_dir_config(apr_pool_t *p, char *d) +{ + util_ldap_config_t *dc = + (util_ldap_config_t *) apr_pcalloc(p,sizeof(util_ldap_config_t)); - /* defaults are AP_LDAP_CHASEREFERRALS_ON and AP_LDAP_DEFAULT_HOPLIMIT */ - dc->client_certs = apr_array_make(p, 10, sizeof(apr_ldap_opt_tls_cert_t)); - dc->ChaseReferrals = AP_LDAP_CHASEREFERRALS_ON; - dc->ReferralHopLimit = AP_LDAP_HOPLIMIT_UNSET; + /* defaults are AP_LDAP_CHASEREFERRALS_ON and AP_LDAP_DEFAULT_HOPLIMIT */ + dc->client_certs = apr_array_make(p, 10, sizeof(apr_ldap_opt_tls_cert_t)); + dc->ChaseReferrals = AP_LDAP_CHASEREFERRALS_ON; + dc->ReferralHopLimit = AP_LDAP_HOPLIMIT_UNSET; - return dc; + return dc; } static const char *util_ldap_set_op_timeout(cmd_parms *cmd, @@ -2891,7 +2893,6 @@ static void *util_ldap_merge_config(apr_pool_t *p, void *basev, static apr_status_t util_ldap_cleanup_module(void *data) { - server_rec *s = data; util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config( s->module_config, &ldap_module); @@ -2901,7 +2902,6 @@ static apr_status_t util_ldap_cleanup_module(void *data) } return APR_SUCCESS; - } static int util_ldap_pre_config(apr_pool_t *pconf, apr_pool_t *plog, diff --git a/modules/ldap/util_ldap_cache.c b/modules/ldap/util_ldap_cache.c index b1346f05..d8c1ed9b 100644 --- a/modules/ldap/util_ldap_cache.c +++ b/modules/ldap/util_ldap_cache.c @@ -181,8 +181,8 @@ void *util_ldap_search_node_copy(util_ald_cache_t *cache, void *c) util_ldap_search_node_free(cache, newnode); return NULL; } - if(node->bindpw) { - if(!(newnode->bindpw = util_ald_strdup(cache, node->bindpw))) { + if (node->bindpw) { + if (!(newnode->bindpw = util_ald_strdup(cache, node->bindpw))) { util_ldap_search_node_free(cache, newnode); return NULL; } @@ -305,14 +305,14 @@ void util_ldap_compare_node_display(request_rec *r, util_ald_cache_t *cache, voi cmp_result = apr_itoa(r->pool, node->result); } - if(node->subgroupList) { + if (node->subgroupList) { sub_groups_val = "Yes"; } else { sub_groups_val = "No"; } - if(node->sgl_processed) { + if (node->sgl_processed) { sub_groups_checked = "Yes"; } else { diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c index d5687c24..4dd140f6 100644 --- a/modules/loggers/mod_log_config.c +++ b/modules/loggers/mod_log_config.c @@ -1172,12 +1172,13 @@ static int config_log_transaction(request_rec *r, config_log_state *cls, if (!log_writer) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00645) "log writer isn't correctly setup"); - return HTTP_INTERNAL_SERVER_ERROR; + return HTTP_INTERNAL_SERVER_ERROR; } rv = log_writer(r, cls->log_writer, strs, strl, format->nelts, len); - if (rv != APR_SUCCESS) - ap_log_rerror(APLOG_MARK, APLOG_WARNING, rv, r, APLOGNO(00646) "Error writing to %s", - cls->fname); + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING, rv, r, APLOGNO(00646) + "Error writing to %s", cls->fname); + } return OK; } diff --git a/modules/loggers/mod_logio.c b/modules/loggers/mod_logio.c index ab922e30..58aa92cf 100644 --- a/modules/loggers/mod_logio.c +++ b/modules/loggers/mod_logio.c @@ -38,6 +38,7 @@ module AP_MODULE_DECLARE_DATA logio_module; static const char logio_filter_name[] = "LOG_INPUT_OUTPUT"; +static const char logio_ttfb_filter_name[] = "LOGIO_TTFB_OUT"; /* * Logging of input and output config... @@ -47,15 +48,18 @@ typedef struct logio_config_t { apr_off_t bytes_in; apr_off_t bytes_out; apr_off_t bytes_last_request; - apr_time_t ttfb; - request_rec *r; /* Use for TTFB only */ - unsigned int first_byte_seen:1; } logio_config_t; typedef struct logio_dirconf_t { unsigned int track_ttfb:1; } logio_dirconf_t; +typedef struct logio_req_t { + apr_time_t ttfb; +} logio_req_t; + + + /* * Optional function for the core to add to bytes_out */ @@ -64,19 +68,6 @@ static void ap_logio_add_bytes_out(conn_rec *c, apr_off_t bytes) { logio_config_t *cf = ap_get_module_config(c->conn_config, &logio_module); cf->bytes_out += bytes; - - if (!cf->first_byte_seen) { - /* cleared during log_transaction, after mod_log_config */ - cf->first_byte_seen = 1; - - if (cf->r) { - logio_dirconf_t *conf = (logio_dirconf_t*) - ap_get_module_config(cf->r->per_dir_config, &logio_module); - if (conf && conf->track_ttfb) { - cf->ttfb = apr_time_now() - cf->r->request_time; - } - } - } } /* @@ -132,14 +123,14 @@ static const char *log_bytes_combined(request_rec *r, char *a) static const char *log_ttfb(request_rec *r, char *a) { - logio_config_t *cf = ap_get_module_config(r->connection->conn_config, - &logio_module); + logio_req_t *rconf = ap_get_module_config(r->request_config, + &logio_module); - if (!cf->first_byte_seen || !cf->ttfb) { + if (!rconf || !rconf->ttfb) { return "-"; } - return apr_psprintf(r->pool, "%" APR_TIME_T_FMT, cf->ttfb); + return apr_psprintf(r->pool, "%" APR_TIME_T_FMT, rconf->ttfb); } /* * Reset counters after logging... @@ -154,20 +145,6 @@ static int logio_transaction(request_rec *r) cf->bytes_last_request = cf->bytes_in + cf->bytes_out; cf->bytes_in = cf->bytes_out = 0; - cf->r = NULL; - cf->ttfb = 0; - cf->first_byte_seen = 0; - - return OK; -} - -static int logio_post_read_request(request_rec *r) -{ - logio_config_t *cf = ap_get_module_config(r->connection->conn_config, - &logio_module); - if (cf) { - cf->r = r; - } return OK; } @@ -226,6 +203,34 @@ static int logio_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp) return OK; } +static apr_status_t logio_ttfb_filter(ap_filter_t *f, apr_bucket_brigade *b) +{ + request_rec *r = f->r; + logio_dirconf_t *conf = ap_get_module_config(r->per_dir_config, + &logio_module); + if (conf && conf->track_ttfb) { + logio_req_t *rconf = ap_get_module_config(r->request_config, + &logio_module); + if (rconf == NULL) { + rconf = apr_pcalloc(r->pool, sizeof(logio_req_t)); + rconf->ttfb = apr_time_now() - r->request_time; + ap_set_module_config(r->request_config, &logio_module, rconf); + } + } + ap_remove_output_filter(f); + return ap_pass_brigade(f->next, b); +} + +static void logio_insert_filter(request_rec * r) +{ + logio_dirconf_t *conf = ap_get_module_config(r->per_dir_config, + &logio_module); + if (conf->track_ttfb) { + ap_add_output_filter(logio_ttfb_filter_name, NULL, r, r->connection); + } + return; +} + static const char *logio_track_ttfb(cmd_parms *cmd, void *in_dir_config, int arg) { logio_dirconf_t *dir_config = in_dir_config; @@ -254,12 +259,15 @@ static void register_hooks(apr_pool_t *p) ap_hook_pre_connection(logio_pre_conn, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_pre_config(logio_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST); - ap_hook_post_read_request(logio_post_read_request, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_log_transaction(logio_transaction, pre, NULL, APR_HOOK_MIDDLE); ap_register_input_filter(logio_filter_name, logio_in_filter, NULL, AP_FTYPE_NETWORK - 1); + ap_hook_insert_filter(logio_insert_filter, NULL, NULL, APR_HOOK_LAST); + ap_register_output_filter(logio_ttfb_filter_name, logio_ttfb_filter, NULL, + AP_FTYPE_RESOURCE); + APR_REGISTER_OPTIONAL_FN(ap_logio_add_bytes_out); APR_REGISTER_OPTIONAL_FN(ap_logio_add_bytes_in); APR_REGISTER_OPTIONAL_FN(ap_logio_get_last_bytes); diff --git a/modules/lua/config.m4 b/modules/lua/config.m4 index c9567ef0..18e9fe56 100644 --- a/modules/lua/config.m4 +++ b/modules/lua/config.m4 @@ -1,7 +1,7 @@ APACHE_MODPATH_INIT(lua) -dnl Check for Lua 5.1 Libraries +dnl Check for Lua 5.2/5.1 Libraries dnl CHECK_LUA(ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]) dnl Sets: dnl LUA_CFLAGS @@ -11,7 +11,7 @@ AC_DEFUN([CHECK_LUA], AC_ARG_WITH( lua, - [AC_HELP_STRING([--with-lua=PATH],[Path to the Lua 5.1/5.2 prefix])], + [AC_HELP_STRING([--with-lua=PATH],[Path to the Lua 5.2/5.1 prefix])], lua_path="$withval", :) @@ -25,42 +25,39 @@ fi AC_CHECK_LIB(m, pow, lib_m="-lm") AC_CHECK_LIB(m, sqrt, lib_m="-lm") for x in $test_paths ; do - if test "x$x" = "x."; then - AC_CHECK_HEADER(lua.h,[ + AC_MSG_CHECKING([for lua.h in ${x}/include/lua-5.2]) + if test -f ${x}/include/lua-5.2/lua.h; then + AC_MSG_RESULT([yes]) save_CFLAGS=$CFLAGS save_LDFLAGS=$LDFLAGS CFLAGS="$CFLAGS" - LDFLAGS="$LDFLAGS $lib_m" - AC_CHECK_LIB(lua5.1, luaL_newstate, [ - LUA_LIBS="-llua5.1 $lib_m" - ],[ - AC_CHECK_LIB(lua-5.1, luaL_newstate, [ - LUA_LIBS="-llua-5.1 $lib_m" - ],[ - AC_CHECK_LIB(lua, luaL_newstate, [ - LUA_LIBS="-llua $lib_m" - ]) + LDFLAGS="-L$x/lib/lua-5.2 $LDFLAGS $lib_m" + AC_CHECK_LIB(lua-5.2, luaL_newstate, [ + LUA_LIBS="-L$x/lib/lua-5.2 -llua-5.2 $lib_m" + if test "x$ap_platform_runtime_link_flag" != "x"; then + APR_ADDTO(LUA_LIBS, [$ap_platform_runtime_link_flag$x/lib/lua-5.2]) + fi + LUA_CFLAGS="-I$x/include/lua-5.2" ]) - ]) - LUA_CFLAGS= CFLAGS=$save_CFLAGS LDFLAGS=$save_LDFLAGS break - ]) - else - AC_MSG_CHECKING([for lua.h in ${x}/include/lua5.1]) - if test -f ${x}/include/lua5.1/lua.h; then + else + AC_MSG_RESULT([no]) + fi + AC_MSG_CHECKING([for lua.h in ${x}/include/lua5.2]) + if test -f ${x}/include/lua5.2/lua.h; then AC_MSG_RESULT([yes]) save_CFLAGS=$CFLAGS save_LDFLAGS=$LDFLAGS CFLAGS="$CFLAGS" LDFLAGS="-L$x/lib $LDFLAGS $lib_m" - AC_CHECK_LIB(lua5.1, luaL_newstate, [ - LUA_LIBS="-L$x/lib -llua5.1 $lib_m" + AC_CHECK_LIB(lua5.2, luaL_newstate, [ + LUA_LIBS="-L$x/lib -llua5.2 $lib_m" if test "x$ap_platform_runtime_link_flag" != "x"; then APR_ADDTO(LUA_LIBS, [$ap_platform_runtime_link_flag$x/lib]) fi - LUA_CFLAGS="-I$x/include/lua5.1" + LUA_CFLAGS="-I$x/include/lua5.2" ]) CFLAGS=$save_CFLAGS LDFLAGS=$save_LDFLAGS @@ -68,19 +65,19 @@ for x in $test_paths ; do else AC_MSG_RESULT([no]) fi - AC_MSG_CHECKING([for lua.h in ${x}/include/lua51]) - if test -f ${x}/include/lua51/lua.h; then + AC_MSG_CHECKING([for lua.h in ${x}/include/lua52]) + if test -f ${x}/include/lua52/lua.h; then AC_MSG_RESULT([yes]) save_CFLAGS=$CFLAGS save_LDFLAGS=$LDFLAGS CFLAGS="$CFLAGS" - LDFLAGS="-L$x/lib/lua51 $LDFLAGS $lib_m" + LDFLAGS="-L$x/lib/lua52 $LDFLAGS $lib_m" AC_CHECK_LIB(lua, luaL_newstate, [ - LUA_LIBS="-L$x/lib/lua51 -llua $lib_m" + LUA_LIBS="-L$x/lib/lua52 -llua $lib_m" if test "x$ap_platform_runtime_link_flag" != "x"; then - APR_ADDTO(LUA_LIBS, [$ap_platform_runtime_link_flag$x/lib/lua51]) + APR_ADDTO(LUA_LIBS, [$ap_platform_runtime_link_flag$x/lib/lua52]) fi - LUA_CFLAGS="-I$x/include/lua51" + LUA_CFLAGS="-I$x/include/lua52" ]) CFLAGS=$save_CFLAGS LDFLAGS=$save_LDFLAGS @@ -88,19 +85,19 @@ for x in $test_paths ; do else AC_MSG_RESULT([no]) fi - AC_MSG_CHECKING([for lua.h in ${x}/include/lua5.2]) - if test -f ${x}/include/lua5.2/lua.h; then + AC_MSG_CHECKING([for lua.h in ${x}/include]) + if test -f ${x}/include/lua.h; then AC_MSG_RESULT([yes]) save_CFLAGS=$CFLAGS save_LDFLAGS=$LDFLAGS CFLAGS="$CFLAGS" LDFLAGS="-L$x/lib $LDFLAGS $lib_m" - AC_CHECK_LIB(lua5.2, luaL_newstate, [ - LUA_LIBS="-L$x/lib -llua5.2 $lib_m" + AC_CHECK_LIB(lua, luaL_newstate, [ + LUA_LIBS="-L$x/lib -llua $lib_m" if test "x$ap_platform_runtime_link_flag" != "x"; then APR_ADDTO(LUA_LIBS, [$ap_platform_runtime_link_flag$x/lib]) fi - LUA_CFLAGS="-I$x/include/lua5.2" + LUA_CFLAGS="-I$x/include" ]) CFLAGS=$save_CFLAGS LDFLAGS=$save_LDFLAGS @@ -108,19 +105,20 @@ for x in $test_paths ; do else AC_MSG_RESULT([no]) fi - AC_MSG_CHECKING([for lua.h in ${x}/include/lua52]) - if test -f ${x}/include/lua52/lua.h; then + + AC_MSG_CHECKING([for lua.h in ${x}/include/lua-5.1]) + if test -f ${x}/include/lua-5.1/lua.h; then AC_MSG_RESULT([yes]) save_CFLAGS=$CFLAGS save_LDFLAGS=$LDFLAGS CFLAGS="$CFLAGS" - LDFLAGS="-L$x/lib/lua52 $LDFLAGS $lib_m" - AC_CHECK_LIB(lua, luaL_newstate, [ - LUA_LIBS="-L$x/lib/lua52 -llua $lib_m" + LDFLAGS="-L$x/lib/lua-5.1 $LDFLAGS $lib_m" + AC_CHECK_LIB(lua-5.1, luaL_newstate, [ + LUA_LIBS="-L$x/lib/lua-5.1 -llua-5.1 $lib_m" if test "x$ap_platform_runtime_link_flag" != "x"; then - APR_ADDTO(LUA_LIBS, [$ap_platform_runtime_link_flag$x/lib/lua52]) + APR_ADDTO(LUA_LIBS, [$ap_platform_runtime_link_flag$x/lib/lua-5.1]) fi - LUA_CFLAGS="-I$x/include/lua52" + LUA_CFLAGS="-I$x/include/lua-5.1" ]) CFLAGS=$save_CFLAGS LDFLAGS=$save_LDFLAGS @@ -128,19 +126,39 @@ for x in $test_paths ; do else AC_MSG_RESULT([no]) fi - AC_MSG_CHECKING([for lua.h in ${x}/include]) - if test -f ${x}/include/lua.h; then + AC_MSG_CHECKING([for lua.h in ${x}/include/lua5.1]) + if test -f ${x}/include/lua5.1/lua.h; then AC_MSG_RESULT([yes]) save_CFLAGS=$CFLAGS save_LDFLAGS=$LDFLAGS CFLAGS="$CFLAGS" LDFLAGS="-L$x/lib $LDFLAGS $lib_m" - AC_CHECK_LIB(lua, luaL_newstate, [ - LUA_LIBS="-L$x/lib -llua $lib_m" + AC_CHECK_LIB(lua5.1, luaL_newstate, [ + LUA_LIBS="-L$x/lib -llua5.1 $lib_m" if test "x$ap_platform_runtime_link_flag" != "x"; then APR_ADDTO(LUA_LIBS, [$ap_platform_runtime_link_flag$x/lib]) fi - LUA_CFLAGS="-I$x/include" + LUA_CFLAGS="-I$x/include/lua5.1" + ]) + CFLAGS=$save_CFLAGS + LDFLAGS=$save_LDFLAGS + break + else + AC_MSG_RESULT([no]) + fi + AC_MSG_CHECKING([for lua.h in ${x}/include/lua51]) + if test -f ${x}/include/lua51/lua.h; then + AC_MSG_RESULT([yes]) + save_CFLAGS=$CFLAGS + save_LDFLAGS=$LDFLAGS + CFLAGS="$CFLAGS" + LDFLAGS="-L$x/lib/lua51 $LDFLAGS $lib_m" + AC_CHECK_LIB(lua, luaL_newstate, [ + LUA_LIBS="-L$x/lib/lua51 -llua $lib_m" + if test "x$ap_platform_runtime_link_flag" != "x"; then + APR_ADDTO(LUA_LIBS, [$ap_platform_runtime_link_flag$x/lib/lua51]) + fi + LUA_CFLAGS="-I$x/include/lua51" ]) CFLAGS=$save_CFLAGS LDFLAGS=$save_LDFLAGS @@ -148,20 +166,19 @@ for x in $test_paths ; do else AC_MSG_RESULT([no]) fi - fi done AC_SUBST(LUA_LIBS) AC_SUBST(LUA_CFLAGS) if test -z "${LUA_LIBS}"; then - AC_MSG_WARN([*** Lua 5.1 library not found.]) + AC_MSG_WARN([*** Lua 5.2 or 5.1 library not found.]) ifelse([$2], , enable_lua="no" if test -z "${lua_path}"; then - AC_MSG_WARN([Lua 5.1 library is required]) + AC_MSG_WARN([Lua 5.2 or 5.1 library is required]) else - AC_MSG_ERROR([Lua 5.1 library is required]) + AC_MSG_ERROR([Lua 5.2 or 5.1 library is required]) fi, $2) else diff --git a/modules/lua/lua_config.c b/modules/lua/lua_config.c index bb082380..3b307ebc 100644 --- a/modules/lua/lua_config.c +++ b/modules/lua/lua_config.c @@ -141,7 +141,8 @@ static int cfg_directory(lua_State *L) return 1; } -/*static int cfg_root(lua_State *L) { +/*static int cfg_root(lua_State *L) +{ ap_lua_dir_cfg *cfg = check_dir_config(L, 1); lua_pushstring(L, cfg->root_path); return 1; diff --git a/modules/mappers/mod_dir.c b/modules/mappers/mod_dir.c index 542236b5..50cef26e 100644 --- a/modules/mappers/mod_dir.c +++ b/modules/mappers/mod_dir.c @@ -276,10 +276,18 @@ static int fixup_dir(request_rec *r) /* we're running between mod_rewrites fixup and its internal redirect handler, step aside */ if (!strcmp(r->handler, REWRITE_REDIRECT_HANDLER_NAME)) { + /* Prevent DIR_MAGIC_TYPE from leaking out when someone has taken over */ + if (!strcmp(r->content_type, DIR_MAGIC_TYPE)) { + r->content_type = NULL; + } return DECLINED; } if (d->checkhandler == MODDIR_ON && strcmp(r->handler, DIR_MAGIC_TYPE)) { + /* Prevent DIR_MAGIC_TYPE from leaking out when someone has taken over */ + if (!strcmp(r->content_type, DIR_MAGIC_TYPE)) { + r->content_type = NULL; + } return DECLINED; } diff --git a/modules/mappers/mod_negotiation.c b/modules/mappers/mod_negotiation.c index 0089a6c9..77f27cc6 100644 --- a/modules/mappers/mod_negotiation.c +++ b/modules/mappers/mod_negotiation.c @@ -828,33 +828,27 @@ static apr_off_t get_body(char *buffer, apr_size_t *len, const char *tag, apr_file_t *map) { char *endbody; - int bodylen; - int taglen; + apr_size_t bodylen; apr_off_t pos; - taglen = strlen(tag); - *len -= taglen; /* We are at the first character following a body:tag\n entry * Suck in the body, then backspace to the first char after the * closing tag entry. If we fail to read, find the tag or back * up then we have a hosed file, so give up already */ + --*len; /* Reserve space for '\0' */ if (apr_file_read(map, buffer, len) != APR_SUCCESS) { return -1; } + buffer[*len] = '\0'; - /* put a copy of the tag *after* the data read from the file - * so that strstr() will find something with no reliance on - * terminating '\0' - */ - memcpy(buffer + *len, tag, taglen); - endbody = strstr(buffer, tag); - if (endbody == buffer + *len) { + endbody = ap_strstr(buffer, tag); + if (!endbody) { return -1; } bodylen = endbody - buffer; - endbody += taglen; + endbody += strlen(tag); /* Skip all the trailing cruft after the end tag to the next line */ while (*endbody) { if (*endbody == '\n') { @@ -2890,7 +2884,7 @@ static int do_negotiation(request_rec *r, negotiation_state *neg, /* Some HTTP/1.0 clients are known to choke when they get * a 300 (multiple choices) response without a Location - * header. However the 300 code response we are are about + * header. However the 300 code response we are about * to generate will only reach 1.0 clients which support * transparent negotiation, and they should be OK. The * response should never reach older 1.0 clients, even if diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index f1ed708b..8156a7d7 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -142,60 +142,60 @@ static const char* really_last_key = "rewrite_really_last"; #define REDIRECT_ENVVAR_SCRIPT_URL "REDIRECT_" ENVVAR_SCRIPT_URL #define ENVVAR_SCRIPT_URI "SCRIPT_URI" -#define CONDFLAG_NONE 1<<0 -#define CONDFLAG_NOCASE 1<<1 -#define CONDFLAG_NOTMATCH 1<<2 -#define CONDFLAG_ORNEXT 1<<3 -#define CONDFLAG_NOVARY 1<<4 - -#define RULEFLAG_NONE 1<<0 -#define RULEFLAG_FORCEREDIRECT 1<<1 -#define RULEFLAG_LASTRULE 1<<2 -#define RULEFLAG_NEWROUND 1<<3 -#define RULEFLAG_CHAIN 1<<4 -#define RULEFLAG_IGNOREONSUBREQ 1<<5 -#define RULEFLAG_NOTMATCH 1<<6 -#define RULEFLAG_PROXY 1<<7 -#define RULEFLAG_PASSTHROUGH 1<<8 -#define RULEFLAG_QSAPPEND 1<<9 -#define RULEFLAG_NOCASE 1<<10 -#define RULEFLAG_NOESCAPE 1<<11 -#define RULEFLAG_NOSUB 1<<12 -#define RULEFLAG_STATUS 1<<13 -#define RULEFLAG_ESCAPEBACKREF 1<<14 -#define RULEFLAG_DISCARDPATHINFO 1<<15 -#define RULEFLAG_QSDISCARD 1<<16 -#define RULEFLAG_END 1<<17 +#define CONDFLAG_NONE (1<<0) +#define CONDFLAG_NOCASE (1<<1) +#define CONDFLAG_NOTMATCH (1<<2) +#define CONDFLAG_ORNEXT (1<<3) +#define CONDFLAG_NOVARY (1<<4) + +#define RULEFLAG_NONE (1<<0) +#define RULEFLAG_FORCEREDIRECT (1<<1) +#define RULEFLAG_LASTRULE (1<<2) +#define RULEFLAG_NEWROUND (1<<3) +#define RULEFLAG_CHAIN (1<<4) +#define RULEFLAG_IGNOREONSUBREQ (1<<5) +#define RULEFLAG_NOTMATCH (1<<6) +#define RULEFLAG_PROXY (1<<7) +#define RULEFLAG_PASSTHROUGH (1<<8) +#define RULEFLAG_QSAPPEND (1<<9) +#define RULEFLAG_NOCASE (1<<10) +#define RULEFLAG_NOESCAPE (1<<11) +#define RULEFLAG_NOSUB (1<<12) +#define RULEFLAG_STATUS (1<<13) +#define RULEFLAG_ESCAPEBACKREF (1<<14) +#define RULEFLAG_DISCARDPATHINFO (1<<15) +#define RULEFLAG_QSDISCARD (1<<16) +#define RULEFLAG_END (1<<17) /* return code of the rewrite rule * the result may be escaped - or not */ -#define ACTION_NORMAL 1<<0 -#define ACTION_NOESCAPE 1<<1 -#define ACTION_STATUS 1<<2 - - -#define MAPTYPE_TXT 1<<0 -#define MAPTYPE_DBM 1<<1 -#define MAPTYPE_PRG 1<<2 -#define MAPTYPE_INT 1<<3 -#define MAPTYPE_RND 1<<4 -#define MAPTYPE_DBD 1<<5 -#define MAPTYPE_DBD_CACHE 1<<6 - -#define ENGINE_DISABLED 1<<0 -#define ENGINE_ENABLED 1<<1 - -#define OPTION_NONE 1<<0 -#define OPTION_INHERIT 1<<1 -#define OPTION_INHERIT_BEFORE 1<<2 -#define OPTION_NOSLASH 1<<3 -#define OPTION_ANYURI 1<<4 -#define OPTION_MERGEBASE 1<<5 -#define OPTION_INHERIT_DOWN 1<<6 -#define OPTION_INHERIT_DOWN_BEFORE 1<<7 -#define OPTION_IGNORE_INHERIT 1<<8 -#define OPTION_IGNORE_CONTEXT_INFO 1<<9 +#define ACTION_NORMAL (1<<0) +#define ACTION_NOESCAPE (1<<1) +#define ACTION_STATUS (1<<2) + + +#define MAPTYPE_TXT (1<<0) +#define MAPTYPE_DBM (1<<1) +#define MAPTYPE_PRG (1<<2) +#define MAPTYPE_INT (1<<3) +#define MAPTYPE_RND (1<<4) +#define MAPTYPE_DBD (1<<5) +#define MAPTYPE_DBD_CACHE (1<<6) + +#define ENGINE_DISABLED (1<<0) +#define ENGINE_ENABLED (1<<1) + +#define OPTION_NONE (1<<0) +#define OPTION_INHERIT (1<<1) +#define OPTION_INHERIT_BEFORE (1<<2) +#define OPTION_NOSLASH (1<<3) +#define OPTION_ANYURI (1<<4) +#define OPTION_MERGEBASE (1<<5) +#define OPTION_INHERIT_DOWN (1<<6) +#define OPTION_INHERIT_DOWN_BEFORE (1<<7) +#define OPTION_IGNORE_INHERIT (1<<8) +#define OPTION_IGNORE_CONTEXT_INFO (1<<9) #ifndef RAND_MAX #define RAND_MAX 32767 @@ -1338,6 +1338,13 @@ static char *lookup_map_dbd(request_rec *r, char *key, const char *label) char *ret = NULL; int n = 0; ap_dbd_t *db = dbd_acquire(r); + + if (db == NULL) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02963) + "rewritemap: No db handle available! " + "Check your database access"); + return NULL; + } stmt = apr_hash_get(db->prepared, label, APR_HASH_KEY_STRING); @@ -2478,10 +2485,18 @@ static void add_cookie(request_rec *r, char *s) char *tok_cntx; char *cookie; + /* long-standing default, but can't use ':' in a cookie */ + const char *sep = ":"; + + /* opt-in to ; separator if first character is a ; */ + if (s && *s == ';') { + sep = ";"; + s++; + } - var = apr_strtok(s, ":", &tok_cntx); - val = apr_strtok(NULL, ":", &tok_cntx); - domain = apr_strtok(NULL, ":", &tok_cntx); + var = apr_strtok(s, sep, &tok_cntx); + val = apr_strtok(NULL, sep, &tok_cntx); + domain = apr_strtok(NULL, sep, &tok_cntx); if (var && val && domain) { request_rec *rmain = r; @@ -2497,10 +2512,10 @@ static void add_cookie(request_rec *r, char *s) if (!data) { char *exp_time = NULL; - expires = apr_strtok(NULL, ":", &tok_cntx); - path = expires ? apr_strtok(NULL, ":", &tok_cntx) : NULL; - secure = path ? apr_strtok(NULL, ":", &tok_cntx) : NULL; - httponly = secure ? apr_strtok(NULL, ":", &tok_cntx) : NULL; + expires = apr_strtok(NULL, sep, &tok_cntx); + path = expires ? apr_strtok(NULL, sep, &tok_cntx) : NULL; + secure = path ? apr_strtok(NULL, sep, &tok_cntx) : NULL; + httponly = secure ? apr_strtok(NULL, sep, &tok_cntx) : NULL; if (expires) { apr_time_exp_t tms; diff --git a/modules/mappers/mod_vhost_alias.c b/modules/mappers/mod_vhost_alias.c index 70c857d4..0b616947 100644 --- a/modules/mappers/mod_vhost_alias.c +++ b/modules/mappers/mod_vhost_alias.c @@ -269,7 +269,7 @@ static void vhost_alias_interpolate(request_rec *r, const char *name, ndots = 0; dots[ndots++] = name-1; /* slightly naughty */ - for (p = name; *p; ++p){ + for (p = name; *p; ++p) { if (*p == '.' && ndots < MAXDOTS) { dots[ndots++] = p; } diff --git a/modules/metadata/mod_cern_meta.c b/modules/metadata/mod_cern_meta.c index f06c464c..09a41e1c 100644 --- a/modules/metadata/mod_cern_meta.c +++ b/modules/metadata/mod_cern_meta.c @@ -246,7 +246,7 @@ static int scan_meta_file(request_rec *r, apr_file_t *f) char *endp = l + strlen(l) - 1; while (endp > l && apr_isspace(*endp)) - *endp-- = '\0'; + *endp-- = '\0'; tmp = apr_pstrdup(r->pool, l); ap_content_type_tolower(tmp); @@ -332,7 +332,7 @@ static int add_cern_meta_data(request_rec *r) */ rr = ap_sub_req_lookup_file(metafilename, r, NULL); if (rr->status != HTTP_OK) { - ap_destroy_sub_req(rr); + ap_destroy_sub_req(rr); return DECLINED; } ap_destroy_sub_req(rr); diff --git a/modules/metadata/mod_ident.c b/modules/metadata/mod_ident.c index 06295ef3..5520a802 100644 --- a/modules/metadata/mod_ident.c +++ b/modules/metadata/mod_ident.c @@ -202,7 +202,7 @@ static apr_status_t rfc1413_query(apr_socket_t *sock, conn_rec *conn, * Note that the strchr function below checks for \012 instead of '\n' * this allows it to work on both ASCII and EBCDIC machines. */ - while((cp = strchr(buffer, '\012')) == NULL && i < sizeof(buffer) - 1) { + while ((cp = strchr(buffer, '\012')) == NULL && i < sizeof(buffer) - 1) { apr_size_t j = sizeof(buffer) - 1 - i; apr_status_t status; status = apr_socket_recv(sock, buffer+i, &j); @@ -298,7 +298,7 @@ static const command_rec ident_cmds[] = module AP_MODULE_DECLARE_DATA ident_module; /* - * Optional function for the core to to the actual ident request + * Optional function for the core to the actual ident request */ static const char *ap_ident_lookup(request_rec *r) { diff --git a/modules/metadata/mod_setenvif.c b/modules/metadata/mod_setenvif.c index a62670e0..db58b601 100644 --- a/modules/metadata/mod_setenvif.c +++ b/modules/metadata/mod_setenvif.c @@ -41,7 +41,7 @@ * done. If the value matches the string or regular expression, the * environment variables listed as var ... are set. Each var can * be in one of three formats: var, which sets the named variable - * (the value value "1"); var=value, which sets the variable to + * (the value "1"); var=value, which sets the variable to * the given value; or !var, which unsets the variable is it has * been previously set. * diff --git a/modules/proxy/NWGNUproxy b/modules/proxy/NWGNUproxy index b66cccfa..327ba5e6 100644 --- a/modules/proxy/NWGNUproxy +++ b/modules/proxy/NWGNUproxy @@ -282,6 +282,7 @@ $(OBJDIR)/mod_proxy.imp: NWGNUproxy @echo $(DL) ap_proxy_connect_backend,$(DL)>> $@ @echo $(DL) ap_proxy_connect_to_backend,$(DL)>> $@ @echo $(DL) ap_proxy_connection_create,$(DL)>> $@ + @echo $(DL) ap_proxy_connection_reusable,$(DL)>> $@ @echo $(DL) ap_proxy_cookie_reverse_map,$(DL)>> $@ @echo $(DL) ap_proxy_create_hdrbrgd,$(DL)>> $@ @echo $(DL) ap_proxy_define_balancer,$(DL)>> $@ diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c index edb9d23c..0ec94ad7 100644 --- a/modules/proxy/ajp_header.c +++ b/modules/proxy/ajp_header.c @@ -37,7 +37,7 @@ static const char *long_res_header_for_sc(int sc) { const char *rc = NULL; sc = sc & 0X00FF; - if(sc <= SC_RES_HEADERS_NUM && sc > 0) { + if (sc <= SC_RES_HEADERS_NUM && sc > 0) { rc = response_trans_headers[sc - 1]; } @@ -89,39 +89,39 @@ static int sc_for_req_header(const char *header_name) return UNKNOWN_METHOD; break; case 'C': - if(strcmp(p, "OOKIE2") == 0) + if (strcmp(p, "OOKIE2") == 0) return SC_COOKIE2; else if (strcmp(p, "OOKIE") == 0) return SC_COOKIE; - else if(strcmp(p, "ONNECTION") == 0) + else if (strcmp(p, "ONNECTION") == 0) return SC_CONNECTION; - else if(strcmp(p, "ONTENT-TYPE") == 0) + else if (strcmp(p, "ONTENT-TYPE") == 0) return SC_CONTENT_TYPE; - else if(strcmp(p, "ONTENT-LENGTH") == 0) + else if (strcmp(p, "ONTENT-LENGTH") == 0) return SC_CONTENT_LENGTH; else return UNKNOWN_METHOD; break; case 'H': - if(strcmp(p, "OST") == 0) + if (strcmp(p, "OST") == 0) return SC_HOST; else return UNKNOWN_METHOD; break; case 'P': - if(strcmp(p, "RAGMA") == 0) + if (strcmp(p, "RAGMA") == 0) return SC_PRAGMA; else return UNKNOWN_METHOD; break; case 'R': - if(strcmp(p, "EFERER") == 0) + if (strcmp(p, "EFERER") == 0) return SC_REFERER; else return UNKNOWN_METHOD; break; case 'U': - if(strcmp(p, "SER-AGENT") == 0) + if (strcmp(p, "SER-AGENT") == 0) return SC_USER_AGENT; else return UNKNOWN_METHOD; @@ -548,7 +548,7 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg, rc = ajp_msg_get_uint16(msg, &status); if (rc != APR_SUCCESS) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00983) + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00983) "ajp_unmarshal_response: Null status"); return rc; } @@ -561,7 +561,8 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg, ap_xlate_proto_from_ascii(ptr, strlen(ptr)); #endif r->status_line = apr_psprintf(r->pool, "%d %s", status, ptr); - } else { + } + else { r->status_line = NULL; } @@ -581,7 +582,8 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg, apr_table_do(addit_dammit, save_table, r->headers_out, "Set-Cookie", NULL); r->headers_out = save_table; - } else { + } + else { r->headers_out = NULL; num_headers = 0; } @@ -590,7 +592,7 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg, "ajp_unmarshal_response: Number of headers is = %d", num_headers); - for(i = 0 ; i < (int) num_headers ; i++) { + for (i = 0; i < (int)num_headers; i++) { apr_uint16_t name; const char *stringname; const char *value; @@ -609,7 +611,8 @@ static apr_status_t ajp_unmarshal_response(ajp_msg_t *msg, name); return AJP_EBAD_HEADER; } - } else { + } + else { name = 0; rc = ajp_msg_get_string(msg, &stringname); if (rc != APR_SUCCESS) { diff --git a/modules/proxy/ajp_msg.c b/modules/proxy/ajp_msg.c index 71bc1dd9..06bee9be 100644 --- a/modules/proxy/ajp_msg.c +++ b/modules/proxy/ajp_msg.c @@ -78,7 +78,7 @@ apr_status_t ajp_msg_dump(apr_pool_t *pool, ajp_msg_t *msg, char *err, line_len = AJP_MSG_DUMP_BYTES_PER_LINE; } for (j = 0; j < line_len; j++) { - x = msg->buf[i + j]; + x = msg->buf[i + j]; *current++ = hex_table[x >> 4]; *current++ = hex_table[x & 0x0f]; diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index 6a1c3cf5..0f896bdf 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -934,6 +934,7 @@ static int proxy_handler(request_rec *r) proxy_worker *worker = NULL; int attempts = 0, max_attempts = 0; struct dirconn_entry *list = (struct dirconn_entry *)conf->dirconn->elts; + int saved_status; /* is this for us? */ if (!r->filename) { @@ -1206,7 +1207,23 @@ static int proxy_handler(request_rec *r) goto cleanup; } cleanup: + /* + * Save current r->status and set it to the value of access_status which + * might be different (e.g. r->status could be HTTP_OK if e.g. we override + * the error page on the proxy or if the error was not generated by the + * backend itself but by the proxy e.g. a bad gateway) in order to give + * ap_proxy_post_request a chance to act correctly on the status code. + */ + saved_status = r->status; + r->status = access_status; ap_proxy_post_request(worker, balancer, r, conf); + /* + * Only restore r->status if it has not been changed by + * ap_proxy_post_request as we assume that this change was intentional. + */ + if (r->status == access_status) { + r->status = saved_status; + } proxy_run_request_status(&access_status, r); AP_PROXY_RUN_FINISHED(r, attempts, access_status); diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c index 72ffb1c0..702650a9 100644 --- a/modules/proxy/mod_proxy_balancer.c +++ b/modules/proxy/mod_proxy_balancer.c @@ -1255,7 +1255,7 @@ static int balancer_handler(request_rec *r) ap_rputs(" \n", r); /* Start proxy_balancer */ ap_rvputs(r, " ", balancer->s->name, "\n", NULL); - if (balancer->s->sticky) { + if (*balancer->s->sticky) { ap_rvputs(r, " ", balancer->s->sticky, "\n", NULL); ap_rprintf(r, @@ -1272,7 +1272,7 @@ static int balancer_handler(request_rec *r) } ap_rvputs(r, " ", balancer->lbmethod->name, "\n", NULL); - if (balancer->s->sticky) { + if (*balancer->s->sticky) { ap_rprintf(r, " %s\n", (balancer->s->scolonsep ? "On" : "Off")); @@ -1509,7 +1509,7 @@ static int balancer_handler(request_rec *r) ap_rprintf(r, "
    • \n", balancer->s->lbpname); ap_rputs("\n", NULL); diff --git a/modules/proxy/mod_proxy_ftp.c b/modules/proxy/mod_proxy_ftp.c index 5c689aa1..a62a2828 100644 --- a/modules/proxy/mod_proxy_ftp.c +++ b/modules/proxy/mod_proxy_ftp.c @@ -172,7 +172,7 @@ static int ftp_check_globbingchars(const char *path) { for ( ; *path; ++path) { if (*path == '\\') - ++path; + ++path; if (*path != '\0' && strchr(FTP_GLOBBING_CHARS, *path) != NULL) return TRUE; } diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index 319721f3..5e95ea2f 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -759,7 +759,7 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r, /* WE only understand chunked. Other modules might inject * (and therefore, decode) other flavors but we don't know - * that the can and have done so unless they they remove + * that the can and have done so unless they remove * their decoding from the headers_in T-E list. * XXX: Make this extensible, but in doing so, presume the * encoding has been done by the extensions' handler, and @@ -951,7 +951,7 @@ skip_body: break; default: /* shouldn't be possible */ - rv = HTTP_INTERNAL_SERVER_ERROR ; + rv = HTTP_INTERNAL_SERVER_ERROR; break; } @@ -1117,7 +1117,7 @@ static void ap_proxy_read_headers(request_rec *r, request_rec *rr, if (psc->badopt == bad_error) { /* Nope, it wasn't even an extra HTTP header. Give up. */ r->headers_out = NULL; - return ; + return; } else if (psc->badopt == bad_body) { /* if we've already started loading headers_out, then @@ -1131,12 +1131,12 @@ static void ap_proxy_read_headers(request_rec *r, request_rec *rr, "in headers returned by %s (%s)", r->uri, r->method); *pread_len = len; - return ; + return; } else { ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01099) "No HTTP headers returned by %s (%s)", r->uri, r->method); - return ; + return; } } } @@ -1156,15 +1156,14 @@ static void ap_proxy_read_headers(request_rec *r, request_rec *rr, ++value; /* Skip to start of value */ /* should strip trailing whitespace as well */ - for (end = &value[strlen(value)-1]; end > value && apr_isspace(*end); -- -end) + for (end = &value[strlen(value)-1]; end > value && apr_isspace(*end); --end) *end = '\0'; /* make sure we add so as not to destroy duplicated headers * Modify headers requiring canonicalisation and/or affected * by ProxyPassReverse and family with process_proxy_header */ - process_proxy_header(r, dconf, buffer, value) ; + process_proxy_header(r, dconf, buffer, value); saw_headers = 1; /* the header was too long; at the least we should skip extra data */ diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index b35278a7..92e1f3eb 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -1320,6 +1320,14 @@ PROXY_DECLARE(apr_status_t) ap_proxy_initialize_balancer(proxy_balancer *balance * CONNECTION related... */ +static void socket_cleanup(proxy_conn_rec *conn) +{ + conn->sock = NULL; + conn->connection = NULL; + conn->ssl_hostname = NULL; + apr_pool_clear(conn->scpool); +} + static apr_status_t conn_pool_cleanup(void *theworker) { proxy_worker *worker = (proxy_worker *)theworker; @@ -1386,7 +1394,7 @@ static apr_status_t connection_cleanup(void *theconn) } /* determine if the connection need to be closed */ - if (!ap_proxy_connection_reusable(conn)) { + if (!worker->s->is_address_reusable || worker->s->disablereuse) { apr_pool_t *p = conn->pool; apr_pool_clear(p); conn = apr_pcalloc(p, sizeof(proxy_conn_rec)); @@ -1395,6 +1403,12 @@ static apr_status_t connection_cleanup(void *theconn) apr_pool_create(&(conn->scpool), p); apr_pool_tag(conn->scpool, "proxy_conn_scpool"); } + else if (conn->close + || (conn->connection + && conn->connection->keepalive == AP_CONN_CLOSE)) { + socket_cleanup(conn); + conn->close = 0; + } if (worker->s->hmax && worker->cp->res) { conn->inreslist = 1; @@ -1409,14 +1423,6 @@ static apr_status_t connection_cleanup(void *theconn) return APR_SUCCESS; } -static void socket_cleanup(proxy_conn_rec *conn) -{ - conn->sock = NULL; - conn->connection = NULL; - conn->ssl_hostname = NULL; - apr_pool_clear(conn->scpool); -} - PROXY_DECLARE(apr_status_t) ap_proxy_ssl_connection_cleanup(proxy_conn_rec *conn, request_rec *r) { @@ -2076,7 +2082,14 @@ PROXY_DECLARE(int) ap_proxy_connect_to_backend(apr_socket_t **newsock, proxy_function, backend_addr->family, backend_name); if (conf->source_address) { - rv = apr_socket_bind(*newsock, conf->source_address); + apr_sockaddr_t *local_addr; + /* Make a copy since apr_socket_bind() could change + * conf->source_address, which we don't want. + */ + local_addr = apr_pmemdup(r->pool, conf->source_address, + sizeof(apr_sockaddr_t)); + local_addr->pool = r->pool; + rv = apr_socket_bind(*newsock, local_addr); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(00938) "%s: failed to bind socket to local address", @@ -2752,9 +2765,9 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, proxy_function, backend_addr->family, worker->s->hostname); if (conf->source_address_set) { - local_addr = apr_pmemdup(conn->pool, conf->source_address, + local_addr = apr_pmemdup(conn->scpool, conf->source_address, sizeof(apr_sockaddr_t)); - local_addr->pool = conn->pool; + local_addr->pool = conn->scpool; rv = apr_socket_bind(newsock, local_addr); if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(00956) @@ -2826,33 +2839,47 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, connected = 1; } - /* - * Put the entire worker to error state if - * the PROXY_WORKER_IGNORE_ERRORS flag is not set. - * Altrough some connections may be alive - * no further connections to the worker could be made - */ - if (!connected && PROXY_WORKER_IS_USABLE(worker) && - !(worker->s->status & PROXY_WORKER_IGNORE_ERRORS)) { - worker->s->error_time = apr_time_now(); - worker->s->status |= PROXY_WORKER_IN_ERROR; - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00959) - "ap_proxy_connect_backend disabling worker for (%s) for %" - APR_TIME_T_FMT "s", - worker->s->hostname, apr_time_sec(worker->s->retry)); + if (PROXY_WORKER_IS_USABLE(worker)) { + /* + * Put the entire worker to error state if + * the PROXY_WORKER_IGNORE_ERRORS flag is not set. + * Although some connections may be alive + * no further connections to the worker could be made + */ + if (!connected) { + if (!(worker->s->status & PROXY_WORKER_IGNORE_ERRORS)) { + worker->s->error_time = apr_time_now(); + worker->s->status |= PROXY_WORKER_IN_ERROR; + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00959) + "ap_proxy_connect_backend disabling worker for (%s) for %" + APR_TIME_T_FMT "s", + worker->s->hostname, apr_time_sec(worker->s->retry)); + } + } + else { + if (worker->s->retries) { + /* + * A worker came back. So here is where we need to + * either reset all params to initial conditions or + * apply some sort of aging + */ + } + worker->s->error_time = 0; + worker->s->retries = 0; + } + return connected ? OK : DECLINED; } else { - if (worker->s->retries) { - /* - * A worker came back. So here is where we need to - * either reset all params to initial conditions or - * apply some sort of aging - */ + /* + * The worker is in error likely done by a different thread / process + * e.g. for a timeout or bad status. We should respect this and should + * not continue with a connection via this worker even if we got one. + */ + if (connected) { + socket_cleanup(conn); } - worker->s->error_time = 0; - worker->s->retries = 0; + return DECLINED; } - return connected ? OK : DECLINED; } static apr_status_t connection_shutdown(void *theconn) diff --git a/modules/session/mod_session_dbd.c b/modules/session/mod_session_dbd.c index cf65e5af..0be7306f 100644 --- a/modules/session/mod_session_dbd.c +++ b/modules/session/mod_session_dbd.c @@ -94,8 +94,11 @@ static apr_status_t dbd_init(request_rec *r, const char *query, ap_dbd_t **dbdp, /** * Load the session by the key specified. + * + * The session value is allocated using the passed apr_pool_t. */ -static apr_status_t dbd_load(request_rec * r, const char *key, const char **val) +static apr_status_t dbd_load(apr_pool_t *p, request_rec * r, + const char *key, const char **val) { apr_status_t rv; @@ -138,8 +141,7 @@ static apr_status_t dbd_load(request_rec * r, const char *key, const char **val) return APR_EGENERAL; } if (*val == NULL) { - *val = apr_pstrdup(r->pool, - apr_dbd_get_entry(dbd->driver, row, 0)); + *val = apr_pstrdup(p, apr_dbd_get_entry(dbd->driver, row, 0)); } /* we can't break out here or row won't get cleaned up */ } @@ -191,7 +193,7 @@ static apr_status_t session_dbd_load(request_rec * r, session_rec ** z) } /* first look in the notes */ - note = apr_pstrcat(r->pool, MOD_SESSION_DBD, name, NULL); + note = apr_pstrcat(m->pool, MOD_SESSION_DBD, name, NULL); zz = (session_rec *)apr_table_get(m->notes, note); if (zz) { *z = zz; @@ -204,7 +206,7 @@ static apr_status_t session_dbd_load(request_rec * r, session_rec ** z) /* load an RFC2109 or RFC2965 compliant cookie */ ap_cookie_read(r, name, &key, conf->remove); if (key) { - ret = dbd_load(r, key, &val); + ret = dbd_load(m->pool, r, key, &val); if (ret != APR_SUCCESS) { return ret; } @@ -215,7 +217,7 @@ static apr_status_t session_dbd_load(request_rec * r, session_rec ** z) /* load named session */ else if (conf->peruser) { if (r->user) { - ret = dbd_load(r, r->user, &val); + ret = dbd_load(m->pool, r, r->user, &val); if (ret != APR_SUCCESS) { return ret; } @@ -228,8 +230,8 @@ static apr_status_t session_dbd_load(request_rec * r, session_rec ** z) } /* create a new session and return it */ - zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec)); - zz->pool = r->pool; + zz = (session_rec *) apr_pcalloc(m->pool, sizeof(session_rec)); + zz->pool = m->pool; zz->entries = apr_table_make(zz->pool, 10); if (key && val) { apr_uuid_t *uuid = apr_pcalloc(zz->pool, sizeof(apr_uuid_t)); diff --git a/modules/slotmem/mod_slotmem_shm.c b/modules/slotmem/mod_slotmem_shm.c index d0106992..4f0eeeae 100644 --- a/modules/slotmem/mod_slotmem_shm.c +++ b/modules/slotmem/mod_slotmem_shm.c @@ -25,23 +25,7 @@ #include "httpd.h" #include "http_main.h" -#ifdef AP_NEED_SET_MUTEX_PERMS -#include "unixd.h" -#endif - -#if APR_HAVE_UNISTD_H -#include /* for getpid() */ -#endif - -#if HAVE_SYS_SEM_H -#include -#if !defined(SHM_R) -#define SHM_R 0400 -#endif -#if !defined(SHM_W) -#define SHM_W 0200 -#endif -#endif +#include "ap_mpm.h" /* for ap_mpm_query() */ #define AP_SLOTMEM_IS_PREGRAB(t) (t->desc.type & AP_SLOTMEM_TYPE_PREGRAB) #define AP_SLOTMEM_IS_PERSIST(t) (t->desc.type & AP_SLOTMEM_TYPE_PERSIST) @@ -58,7 +42,8 @@ typedef struct { #define AP_UNSIGNEDINT_OFFSET (APR_ALIGN_DEFAULT(sizeof(unsigned int))) struct ap_slotmem_instance_t { - char *name; /* per segment name */ + char *name; /* file based SHM path/name */ + char *pname; /* persisted file path/name */ int fbased; /* filebased? */ void *shm; /* ptr to memory segment (apr_shm_t *) */ void *base; /* data set start */ @@ -86,6 +71,31 @@ static apr_pool_t *gpool = NULL; #define DEFAULT_SLOTMEM_SUFFIX ".shm" #define DEFAULT_SLOTMEM_PERSIST_SUFFIX ".persist" +/* Unixes (and Netware) have the unlink() semantic, which allows to + * apr_file_remove() a file still in use (opened elsewhere), the inode + * remains until the last fd is closed, whereas any file created with + * the same name/path will use a new inode. + * + * On windows and OS/2 ("\SHAREMEM\..." tree), apr_file_remove() marks + * the files for deletion until the last HANDLE is closed, meanwhile the + * same file/path can't be opened/recreated. + * Thus on graceful restart (the only restart mode with mpm_winnt), the + * old file may still exist until all the children stop, while we ought + * to create a new one for our new clear SHM. Therefore, we would only + * be able to reuse (attach) the old SHM, preventing some changes to + * the config file, like the number of balancers/members, since the + * size checks (to fit the new config) would fail. Let's avoid this by + * including the generation number in the SHM filename (obviously not + * the persisted name!) + */ +#ifndef SLOTMEM_UNLINK_SEMANTIC +#if defined(WIN32) || defined(OS2) +#define SLOTMEM_UNLINK_SEMANTIC 0 +#else +#define SLOTMEM_UNLINK_SEMANTIC 1 +#endif +#endif + /* * Persist the slotmem in a file * slotmem name and file name. @@ -94,29 +104,59 @@ static apr_pool_t *gpool = NULL; * /abs_name : $abs_name * */ - -static const char *slotmem_filename(apr_pool_t *pool, const char *slotmemname, - int persist) +static int slotmem_filenames(apr_pool_t *pool, + const char *slotname, + const char **filename, + const char **persistname) { - const char *fname; - if (!slotmemname || strcasecmp(slotmemname, "none") == 0) { - return NULL; - } - else if (slotmemname[0] != '/') { - const char *filenm = apr_pstrcat(pool, DEFAULT_SLOTMEM_PREFIX, - slotmemname, DEFAULT_SLOTMEM_SUFFIX, - NULL); - fname = ap_runtime_dir_relative(pool, filenm); - } - else { - fname = slotmemname; + const char *fname = NULL, *pname = NULL; + + if (slotname && *slotname && strcasecmp(slotname, "none") != 0) { + if (slotname[0] != '/') { +#if !SLOTMEM_UNLINK_SEMANTIC + /* Each generation needs its own file name. */ + int generation = 0; + ap_mpm_query(AP_MPMQ_GENERATION, &generation); + fname = apr_psprintf(pool, "%s%s_%x%s", DEFAULT_SLOTMEM_PREFIX, + slotname, generation, DEFAULT_SLOTMEM_SUFFIX); +#else + /* Reuse the same file name for each generation. */ + fname = apr_pstrcat(pool, DEFAULT_SLOTMEM_PREFIX, + slotname, DEFAULT_SLOTMEM_SUFFIX, + NULL); +#endif + fname = ap_runtime_dir_relative(pool, fname); + } + else { + /* Don't mangle the file name if given an absolute path, it's + * up to the caller to provide a unique name when necessary. + */ + fname = slotname; + } + + if (persistname) { + /* Persisted file names are immutable... */ +#if !SLOTMEM_UNLINK_SEMANTIC + if (slotname[0] != '/') { + pname = apr_pstrcat(pool, DEFAULT_SLOTMEM_PREFIX, + slotname, DEFAULT_SLOTMEM_SUFFIX, + DEFAULT_SLOTMEM_PERSIST_SUFFIX, + NULL); + pname = ap_runtime_dir_relative(pool, pname); + } + else +#endif + pname = apr_pstrcat(pool, fname, + DEFAULT_SLOTMEM_PERSIST_SUFFIX, + NULL); + } } - if (persist) { - return apr_pstrcat(pool, fname, DEFAULT_SLOTMEM_PERSIST_SUFFIX, - NULL); + *filename = fname; + if (persistname) { + *persistname = pname; } - return fname; + return (fname != NULL); } static void slotmem_clearinuse(ap_slotmem_instance_t *slot) @@ -143,10 +183,8 @@ static void store_slotmem(ap_slotmem_instance_t *slotmem) apr_file_t *fp; apr_status_t rv; apr_size_t nbytes; - const char *storename; unsigned char digest[APR_MD5_DIGESTSIZE]; - - storename = slotmem_filename(slotmem->gpool, slotmem->name, 1); + const char *storename = slotmem->pname; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, APLOGNO(02334) "storing %s", storename); @@ -179,18 +217,15 @@ static void store_slotmem(ap_slotmem_instance_t *slotmem) } } -static apr_status_t restore_slotmem(void *ptr, const char *name, apr_size_t size, - apr_pool_t *pool) +static apr_status_t restore_slotmem(void *ptr, const char *storename, + apr_size_t size, apr_pool_t *pool) { - const char *storename; apr_file_t *fp; apr_size_t nbytes = size; apr_status_t rv = APR_SUCCESS; unsigned char digest[APR_MD5_DIGESTSIZE]; unsigned char digest2[APR_MD5_DIGESTSIZE]; - storename = slotmem_filename(pool, name, 1); - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, APLOGNO(02335) "restoring %s", storename); @@ -246,15 +281,11 @@ static apr_status_t cleanup_slotmem(void *param) if (AP_SLOTMEM_IS_PERSIST(next)) { store_slotmem(next); } + apr_shm_destroy((apr_shm_t *)next->shm); if (next->fbased) { - const char *name; apr_shm_remove(next->name, next->gpool); - name = slotmem_filename(next->gpool, next->name, 0); - if (name) { - apr_file_remove(name, next->gpool); - } + apr_file_remove(next->name, next->gpool); } - apr_shm_destroy((apr_shm_t *)next->shm); next = next->next; } } @@ -295,25 +326,24 @@ static apr_status_t slotmem_create(ap_slotmem_instance_t **new, unsigned int item_num, ap_slotmem_type_t type, apr_pool_t *pool) { -/* void *slotmem = NULL; */ int fbased = 1; int restored = 0; char *ptr; sharedslotdesc_t desc; ap_slotmem_instance_t *res; ap_slotmem_instance_t *next = globallistmem; - const char *fname; + const char *fname, *pname = NULL; apr_shm_t *shm; apr_size_t basesize = (item_size * item_num); apr_size_t size = AP_SLOTMEM_OFFSET + AP_UNSIGNEDINT_OFFSET + (item_num * sizeof(char)) + basesize; + int persist = (type & AP_SLOTMEM_TYPE_PERSIST) != 0; apr_status_t rv; if (gpool == NULL) { return APR_ENOSHMAVAIL; } - fname = slotmem_filename(pool, name, 0); - if (fname) { + if (slotmem_filenames(pool, name, &fname, persist ? &pname : NULL)) { /* first try to attach to existing slotmem */ if (next) { for (;;) { @@ -399,8 +429,8 @@ static apr_status_t slotmem_create(ap_slotmem_instance_t **new, * TODO: Error check the below... What error makes * sense if the restore fails? Any? */ - if (type & AP_SLOTMEM_TYPE_PERSIST) { - rv = restore_slotmem(ptr, fname, dsize, pool); + if (persist) { + rv = restore_slotmem(ptr, pname, dsize, pool); if (rv == APR_SUCCESS) { restored = 1; } @@ -417,6 +447,7 @@ static apr_status_t slotmem_create(ap_slotmem_instance_t **new, res = (ap_slotmem_instance_t *) apr_pcalloc(gpool, sizeof(ap_slotmem_instance_t)); res->name = apr_pstrdup(gpool, fname); + res->pname = apr_pstrdup(gpool, pname); res->fbased = fbased; res->shm = shm; res->num_free = (unsigned int *)ptr; @@ -457,8 +488,7 @@ static apr_status_t slotmem_attach(ap_slotmem_instance_t **new, if (gpool == NULL) { return APR_ENOSHMAVAIL; } - fname = slotmem_filename(pool, name, 0); - if (!fname) { + if (!slotmem_filenames(pool, name, &fname, NULL)) { return APR_ENOSHMAVAIL; } diff --git a/modules/ssl/README.dsov.fig b/modules/ssl/README.dsov.fig index d8d03db2..77cd2ca2 100644 --- a/modules/ssl/README.dsov.fig +++ b/modules/ssl/README.dsov.fig @@ -339,7 +339,7 @@ Single 4 0 0 200 0 20 8 0.0000 4 90 465 11745 4770 ->method\001 4 0 0 200 0 20 8 0.0000 4 120 1665 9945 6480 X509_STORE_CTX_get_app_data()\001 4 0 0 200 0 20 8 0.0000 4 120 1215 10980 6705 SSL_CTX_get_cert_store()\001 -4 0 0 200 0 20 8 0.0000 4 120 1020 8280 5130 SSL_get_app_data2()\001 +4 0 0 200 0 20 8 0.0000 4 120 1020 8280 5130 modssl_get_app_data2()\001 4 0 0 100 0 18 20 0.0000 4 270 1290 10710 7605 OpenSSL\001 4 0 0 100 0 18 12 0.0000 4 180 720 10710 7785 [Crypto]\001 4 0 0 100 0 18 20 0.0000 4 270 1290 10935 3645 OpenSSL\001 diff --git a/modules/ssl/README.dsov.ps b/modules/ssl/README.dsov.ps index def19dbe..bcbf2687 100644 --- a/modules/ssl/README.dsov.ps +++ b/modules/ssl/README.dsov.ps @@ -1002,7 +1002,7 @@ gs 1 -1 sc (X509_STORE_CTX_get_app_data\(\)) col0 sh gr gs 1 -1 sc (SSL_CTX_get_cert_store\(\)) col0 sh gr /Helvetica-Narrow-iso ff 120.00 scf sf 8280 5130 m -gs 1 -1 sc (SSL_get_app_data2\(\)) col0 sh gr +gs 1 -1 sc (modssl_get_app_data2\(\)) col0 sh gr /Helvetica-Bold-iso ff 180.00 scf sf 3645 1620 m gs 1 -1 sc (SSLDirConfig) col0 sh gr diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 7e1c431d..41d7f9f7 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -125,10 +125,15 @@ static const command_rec ssl_config_cmds[] = { SSL_CMD_SRV(SessionCacheTimeout, TAKE1, "SSL Session Cache object lifetime " "('N' - number of seconds)") +#ifdef OPENSSL_NO_SSL3 +#define SSLv3_PROTO_PREFIX "" +#else +#define SSLv3_PROTO_PREFIX "SSLv3|" +#endif #ifdef HAVE_TLSV1_X -#define SSL_PROTOCOLS "SSLv3|TLSv1|TLSv1.1|TLSv1.2" +#define SSL_PROTOCOLS SSLv3_PROTO_PREFIX "TLSv1|TLSv1.1|TLSv1.2" #else -#define SSL_PROTOCOLS "SSLv3|TLSv1" +#define SSL_PROTOCOLS SSLv3_PROTO_PREFIX "TLSv1" #endif SSL_CMD_SRV(Protocol, RAW_ARGS, "Enable or disable various SSL protocols " @@ -340,6 +345,11 @@ static int ssl_hook_pre_config(apr_pool_t *pconf, OpenSSL_add_all_algorithms(); OPENSSL_load_builtin_modules(); + if (OBJ_txt2nid("id-on-dnsSRV") == NID_undef) { + (void)OBJ_create("1.3.6.1.5.5.7.8.7", "id-on-dnsSRV", + "SRVName otherName form"); + } + /* * Let us cleanup the ssl library when the module is unloaded */ @@ -480,7 +490,7 @@ int ssl_init_ssl_connection(conn_rec *c, request_rec *r) } SSL_set_app_data(ssl, c); - SSL_set_app_data2(ssl, NULL); /* will be request_rec */ + modssl_set_app_data2(ssl, NULL); /* will be request_rec */ sslconn->ssl = ssl; diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index 8e8e7618..e5c70f39 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -111,7 +111,7 @@ static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p) mctx->ticket_key = NULL; #endif - mctx->protocol = SSL_PROTOCOL_ALL; + mctx->protocol = SSL_PROTOCOL_DEFAULT; mctx->protocol_set = 0; mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET; @@ -612,7 +612,7 @@ const char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd, seed->cpPath = ap_server_root_relative(mc->pPool, arg2+4); #else return apr_pstrcat(cmd->pool, "Invalid SSLRandomSeed entropy source `", - arg2, "': This version of " SSL_LIBRARY_NAME + arg2, "': This version of " MODSSL_LIBRARY_NAME " does not support the Entropy Gathering Daemon " "(EGD).", NULL); #endif @@ -709,7 +709,7 @@ const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd, SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; /* always disable null and export ciphers */ - arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL); + arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL); if (cmd->path) { dc->szCipherSuite = arg; @@ -1343,7 +1343,15 @@ static const char *ssl_cmd_protocol_parse(cmd_parms *parms, } } else if (strcEQ(w, "SSLv3")) { +#ifdef OPENSSL_NO_SSL3 + if (action != '-') { + return "SSLv3 not supported by this version of OpenSSL"; + } + /* Nothing to do, the flag is not present to be toggled */ + continue; +#else thisopt = SSL_PROTOCOL_SSLV3; +#endif } else if (strcEQ(w, "TLSv1")) { thisopt = SSL_PROTOCOL_TLSV1; @@ -1421,7 +1429,7 @@ const char *ssl_cmd_SSLProxyCipherSuite(cmd_parms *cmd, SSLSrvConfigRec *sc = mySrvConfig(cmd->server); /* always disable null and export ciphers */ - arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL); + arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL); sc->proxy->auth.cipher_suite = arg; @@ -1877,6 +1885,11 @@ const char *ssl_cmd_SSLOpenSSLConfCmd(cmd_parms *cmd, void *dcfg, return err; } + if (strcEQ(arg1, "CipherString")) { + /* always disable null and export ciphers */ + arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL); + } + param = apr_array_push(sc->server->ssl_ctx_param); param->name = arg1; param->value = arg2; diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 6baf2f51..8b26c353 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -142,12 +142,12 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, apr_status_t rv; apr_array_header_t *pphrases; - if (SSLeay() < SSL_LIBRARY_VERSION) { + if (SSLeay() < MODSSL_LIBRARY_VERSION) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01882) "Init: this version of mod_ssl was compiled against " "a newer library (%s, version currently loaded is %s)" " - may result in undefined or erroneous behavior", - SSL_LIBRARY_TEXT, SSLeay_version(SSLEAY_VERSION)); + MODSSL_LIBRARY_TEXT, SSLeay_version(SSLEAY_VERSION)); } /* We initialize mc->pid per-process in the child init, @@ -236,7 +236,7 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, #endif ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01883) - "Init: Initialized %s library", SSL_LIBRARY_NAME); + "Init: Initialized %s library", MODSSL_LIBRARY_NAME); /* * Seed the Pseudo Random Number Generator (PRNG) @@ -327,7 +327,7 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, */ ssl_add_version_components(p, base_server); - SSL_init_app_data2_idx(); /* for SSL_get_app_data2() at request time */ + modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */ init_dh_params(); @@ -471,7 +471,9 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, } cp = apr_pstrcat(p, +#ifndef OPENSSL_NO_SSL3 (protocol & SSL_PROTOCOL_SSLV3 ? "SSLv3, " : ""), +#endif (protocol & SSL_PROTOCOL_TLSV1 ? "TLSv1, " : ""), #ifdef HAVE_TLSV1_X (protocol & SSL_PROTOCOL_TLSV1_1 ? "TLSv1.1, " : ""), @@ -483,12 +485,15 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s, "Creating new SSL context (protocols: %s)", cp); +#ifndef OPENSSL_NO_SSL3 if (protocol == SSL_PROTOCOL_SSLV3) { method = mctx->pkp ? SSLv3_client_method() : /* proxy */ SSLv3_server_method(); /* server */ } - else if (protocol == SSL_PROTOCOL_TLSV1) { + else +#endif + if (protocol == SSL_PROTOCOL_TLSV1) { method = mctx->pkp ? TLSv1_client_method() : /* proxy */ TLSv1_server_method(); /* server */ @@ -519,9 +524,11 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, /* always disable SSLv2, as per RFC 6176 */ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); +#ifndef OPENSSL_NO_SSL3 if (!(protocol & SSL_PROTOCOL_SSLV3)) { SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); } +#endif if (!(protocol & SSL_PROTOCOL_TLSV1)) { SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1); @@ -625,6 +632,10 @@ static void ssl_init_ctx_callbacks(server_rec *s, SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); SSL_CTX_set_info_callback(ctx, ssl_callback_Info); + +#ifdef HAVE_TLS_ALPN + SSL_CTX_set_alpn_select_cb(ctx, ssl_callback_alpn_select, NULL); +#endif } static apr_status_t ssl_init_ctx_verify(server_rec *s, @@ -726,11 +737,11 @@ static apr_status_t ssl_init_ctx_cipher_suite(server_rec *s, * Configure SSL Cipher Suite. Always disable NULL and export ciphers, * see also ssl_engine_config.c:ssl_cmd_SSLCipherSuite(). * OpenSSL's SSL_DEFAULT_CIPHER_LIST includes !aNULL:!eNULL from 0.9.8f, - * and !EXP from 0.9.8zf/1.0.1m/1.0.2a, so prepend them while we support + * and !EXP from 0.9.8zf/1.0.1m/1.0.2a, so append them while we support * earlier versions. */ suite = mctx->auth.cipher_suite ? mctx->auth.cipher_suite : - apr_pstrcat(ptemp, "!aNULL:!eNULL:!EXP:", SSL_DEFAULT_CIPHER_LIST, + apr_pstrcat(ptemp, SSL_DEFAULT_CIPHER_LIST, ":!aNULL:!eNULL:!EXP", NULL); ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s, @@ -807,6 +818,65 @@ static apr_status_t ssl_init_ctx_crl(server_rec *s, return APR_SUCCESS; } +/* + * Read a file that optionally contains the server certificate in PEM + * format, possibly followed by a sequence of CA certificates that + * should be sent to the peer in the SSL Certificate message. + */ +static int use_certificate_chain( + SSL_CTX *ctx, char *file, int skipfirst, pem_password_cb *cb) +{ + BIO *bio; + X509 *x509; + unsigned long err; + int n; + + if ((bio = BIO_new(BIO_s_file_internal())) == NULL) + return -1; + if (BIO_read_filename(bio, file) <= 0) { + BIO_free(bio); + return -1; + } + /* optionally skip a leading server certificate */ + if (skipfirst) { + if ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) == NULL) { + BIO_free(bio); + return -1; + } + X509_free(x509); + } + /* free a perhaps already configured extra chain */ +#ifdef OPENSSL_NO_SSL_INTERN + SSL_CTX_clear_extra_chain_certs(ctx); +#else + if (ctx->extra_certs != NULL) { + sk_X509_pop_free((STACK_OF(X509) *)ctx->extra_certs, X509_free); + ctx->extra_certs = NULL; + } +#endif + /* create new extra chain by loading the certs */ + n = 0; + while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) { + if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) { + X509_free(x509); + BIO_free(bio); + return -1; + } + n++; + } + /* Make sure that only the error is just an EOF */ + if ((err = ERR_peek_error()) > 0) { + if (!( ERR_GET_LIB(err) == ERR_LIB_PEM + && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) { + BIO_free(bio); + return -1; + } + while (ERR_get_error() > 0) ; + } + BIO_free(bio); + return n; +} + static apr_status_t ssl_init_ctx_cert_chain(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, @@ -842,9 +912,7 @@ static apr_status_t ssl_init_ctx_cert_chain(server_rec *s, } } - n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx, - (char *)chain, - skip_first, NULL); + n = use_certificate_chain(mctx->ssl_ctx, (char *)chain, skip_first, NULL); if (n < 0) { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01903) "Failed to configure CA certificate chain!"); @@ -917,7 +985,7 @@ static void ssl_check_public_cert(server_rec *s, * Some information about the certificate(s) */ - if (SSL_X509_getBC(cert, &is_ca, &pathlen)) { + if (modssl_X509_getBC(cert, &is_ca, &pathlen)) { if (is_ca) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(01906) "%s server certificate is a CA certificate " @@ -932,8 +1000,8 @@ static void ssl_check_public_cert(server_rec *s, } } - if (SSL_X509_match_name(ptemp, cert, (const char *)s->server_hostname, - TRUE, s) == FALSE) { + if (modssl_X509_match_name(ptemp, cert, (const char *)s->server_hostname, + TRUE, s) == FALSE) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(01909) "%s server certificate does NOT include an ID " "which matches the server name", key_id); @@ -1198,6 +1266,30 @@ static apr_status_t ssl_init_ticket_key(server_rec *s, } #endif +static BOOL load_x509_info(apr_pool_t *ptemp, + STACK_OF(X509_INFO) *sk, + const char *filename) +{ + BIO *in; + + if (!(in = BIO_new(BIO_s_file()))) { + return FALSE; + } + + if (BIO_read_filename(in, filename) <= 0) { + BIO_free(in); + return FALSE; + } + + ERR_clear_error(); + + PEM_X509_INFO_read_bio(in, sk, NULL, NULL); + + BIO_free(in); + + return TRUE; +} + static apr_status_t ssl_init_proxy_certs(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, @@ -1220,11 +1312,30 @@ static apr_status_t ssl_init_proxy_certs(server_rec *s, sk = sk_X509_INFO_new_null(); if (pkp->cert_file) { - SSL_X509_INFO_load_file(ptemp, sk, pkp->cert_file); + load_x509_info(ptemp, sk, pkp->cert_file); } if (pkp->cert_path) { - SSL_X509_INFO_load_path(ptemp, sk, pkp->cert_path); + apr_dir_t *dir; + apr_finfo_t dirent; + apr_int32_t finfo_flags = APR_FINFO_TYPE|APR_FINFO_NAME; + + if (apr_dir_open(&dir, pkp->cert_path, ptemp) == APR_SUCCESS) { + while ((apr_dir_read(&dirent, finfo_flags, dir)) == APR_SUCCESS) { + const char *fullname; + + if (dirent.filetype == APR_DIR) { + continue; /* don't try to load directories */ + } + + fullname = apr_pstrcat(ptemp, + pkp->cert_path, "/", dirent.name, + NULL); + load_x509_info(ptemp, sk, fullname); + } + + apr_dir_close(dir); + } } if ((ncerts = sk_X509_INFO_num(sk)) <= 0) { @@ -1612,7 +1723,7 @@ static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02209) "CA certificate: %s", - SSL_X509_NAME_to_string(ptemp, name, 0)); + modssl_X509_NAME_to_string(ptemp, name, 0)); /* * note that SSL_load_client_CA_file() checks for duplicates, diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index 1971400d..1e6c6184 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -28,6 +28,7 @@ core keeps dumping.'' -- Unknown */ #include "ssl_private.h" +#include "mod_ssl.h" #include "apr_date.h" /* _________________________________________________________________ @@ -297,6 +298,9 @@ typedef struct { apr_pool_t *pool; char buffer[AP_IOBUFSIZE]; ssl_filter_ctx_t *filter_ctx; +#ifdef HAVE_TLS_ALPN + int alpn_finished; /* 1 if ALPN has finished, 0 otherwise */ +#endif } bio_filter_in_ctx_t; /* @@ -317,7 +321,7 @@ static int char_buffer_read(char_buffer_t *buffer, char *in, int inl) } if (buffer->length > inl) { - /* we have have enough to fill the caller's buffer */ + /* we have enough to fill the caller's buffer */ memmove(in, buffer->value, inl); buffer->value += inl; buffer->length -= inl; @@ -992,7 +996,7 @@ static void ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx, } SSL_set_shutdown(ssl, shutdown_type); - SSL_smart_shutdown(ssl); + modssl_smart_shutdown(ssl); /* and finally log the fact that we've closed the connection */ if (APLOG_CS_IS_LEVEL(c, mySrvFromConn(c), loglevel)) { @@ -1077,7 +1081,9 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx) * IPv4 and IPv6 addresses are not permitted".) */ if (hostname_note && +#ifndef OPENSSL_NO_SSL3 sc->proxy->protocol != SSL_PROTOCOL_SSLV3 && +#endif apr_ipsubnet_create(&ip, hostname_note, NULL, c->pool) != APR_SUCCESS) { if (SSL_set_tlsext_host_name(filter_ctx->pssl, hostname_note)) { @@ -1120,8 +1126,8 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx) hostname_note) { apr_table_unset(c->notes, "proxy-request-hostname"); if (!cert - || SSL_X509_match_name(c->pool, cert, hostname_note, - TRUE, server) == FALSE) { + || modssl_X509_match_name(c->pool, cert, hostname_note, + TRUE, server) == FALSE) { proxy_ssl_check_peer_ok = FALSE; ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c, APLOGNO(02411) "SSL Proxy: Peer certificate does not match " @@ -1412,6 +1418,41 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f, APR_BRIGADE_INSERT_TAIL(bb, bucket); } +#ifdef HAVE_TLS_ALPN + /* By this point, Application-Layer Protocol Negotiation (ALPN) should be + * completed (if our version of OpenSSL supports it). If we haven't already, + * find out which protocol was decided upon and inform other modules + * by calling alpn_proto_negotiated_hook. + */ + if (!inctx->alpn_finished) { + SSLConnRec *sslconn = myConnConfig(f->c); + const unsigned char *next_proto = NULL; + unsigned next_proto_len = 0; + const char *protocol; + + SSL_get0_alpn_selected(inctx->ssl, &next_proto, &next_proto_len); + if (next_proto && next_proto_len) { + protocol = apr_pstrmemdup(f->c->pool, (const char *)next_proto, + next_proto_len); + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, + APLOGNO(02836) "ALPN selected protocol: '%s'", + protocol); + + if (strcmp(protocol, ap_get_protocol(f->c))) { + status = ap_switch_protocol(f->c, NULL, sslconn->server, + protocol); + if (status != APR_SUCCESS) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, status, f->c, + APLOGNO(02908) "protocol switch to '%s' failed", + protocol); + return status; + } + } + } + inctx->alpn_finished = 1; + } +#endif + return APR_SUCCESS; } @@ -1893,6 +1934,9 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c, inctx->block = APR_BLOCK_READ; inctx->pool = c->pool; inctx->filter_ctx = filter_ctx; +#ifdef HAVE_TLS_ALPN + inctx->alpn_finished = 0; +#endif } /* The request_rec pointer is passed in here only to ensure that the @@ -2043,7 +2087,7 @@ long ssl_io_data_cb(BIO *bio, int cmd, if (rc >= 0) { ap_log_cserror(APLOG_MARK, APLOG_TRACE4, 0, c, s, "%s: %s %ld/%d bytes %s BIO#%pp [mem: %pp] %s", - SSL_LIBRARY_NAME, + MODSSL_LIBRARY_NAME, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"), rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"), bio, argp, @@ -2054,7 +2098,7 @@ long ssl_io_data_cb(BIO *bio, int cmd, else { ap_log_cserror(APLOG_MARK, APLOG_TRACE4, 0, c, s, "%s: I/O error, %d bytes expected to %s on BIO#%pp [mem: %pp]", - SSL_LIBRARY_NAME, argi, + MODSSL_LIBRARY_NAME, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"), bio, argp); } diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 5642009c..cd07b1bc 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -29,6 +29,7 @@ time I was too famous.'' -- Unknown */ #include "ssl_private.h" +#include "mod_ssl.h" #include "util_md5.h" static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); @@ -171,19 +172,18 @@ int ssl_hook_ReadReq(request_rec *r) * original problem. */ if (r->proxyreq != PROXYREQ_PROXY && ap_is_initial_req(r)) { - if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) { - char *host, *scope_id; - apr_port_t port; - apr_status_t rv; + server_rec *handshakeserver = sslconn->server; + SSLSrvConfigRec *hssc = mySrvConfig(handshakeserver); + if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) { /* * The SNI extension supplied a hostname. So don't accept requests - * with either no hostname or a different hostname as this could - * cause us to end up in a different virtual host as the one that - * was used for the handshake causing different SSL parameters to - * be applied as SSLProtocol, SSLCACertificateFile/Path and - * SSLCADNRequestFile/Path cannot be renegotiated (SSLCA* due - * to current limitations in OpenSSL, see + * with either no hostname or a hostname that selected a different + * virtual host than the one used for the handshake, causing + * different SSL parameters to be applied, such as SSLProtocol, + * SSLCACertificateFile/Path and SSLCADNRequestFile/Path which + * cannot be renegotiated (SSLCA* due to current limitations in + * OpenSSL, see: * http://mail-archives.apache.org/mod_mbox/httpd-dev/200806.mbox/%3C48592955.2090303@velox.ch%3E * and * http://mail-archives.apache.org/mod_mbox/httpd-dev/201312.mbox/%3CCAKQ1sVNpOrdiBm-UPw1hEdSN7YQXRRjeaT-MCWbW_7mN%3DuFiOw%40mail.gmail.com%3E @@ -195,20 +195,21 @@ int ssl_hook_ReadReq(request_rec *r) " provided in HTTP request", servername); return HTTP_BAD_REQUEST; } - rv = apr_parse_addr_port(&host, &scope_id, &port, r->hostname, r->pool); - if (rv != APR_SUCCESS || scope_id) { - return HTTP_BAD_REQUEST; - } - if (strcasecmp(host, servername)) { + if (r->server != handshakeserver) { + /* + * We are really not in Kansas anymore... + * The request does not select the virtual host that was + * selected by the SNI. + */ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02032) - "Hostname %s provided via SNI and hostname %s provided" - " via HTTP are different", servername, host); - return HTTP_BAD_REQUEST; + "Hostname %s provided via SNI and hostname %s provided" + " via HTTP select a different server", + servername, r->hostname); + return HTTP_MISDIRECTED_REQUEST; } } else if (((sc->strict_sni_vhost_check == SSL_ENABLED_TRUE) - || (mySrvConfig(sslconn->server))->strict_sni_vhost_check - == SSL_ENABLED_TRUE) + || hssc->strict_sni_vhost_check == SSL_ENABLED_TRUE) && r->connection->vhost_lookup_data) { /* * We are using a name based configuration here, but no hostname was @@ -228,7 +229,7 @@ int ssl_hook_ReadReq(request_rec *r) } } #endif - SSL_set_app_data2(ssl, r); + modssl_set_app_data2(ssl, r); /* * Log information about incoming HTTPS requests @@ -845,6 +846,11 @@ int ssl_hook_Access(request_rec *r) r->connection->keepalive = AP_CONN_CLOSE; return HTTP_FORBIDDEN; } + + /* Full renegotiation successfull, we now have handshaken with + * this server's parameters. + */ + sslconn->server = r->server; } /* @@ -1372,7 +1378,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) SSL *ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl); - request_rec *r = (request_rec *)SSL_get_app_data2(ssl); + request_rec *r = (request_rec *)modssl_get_app_data2(ssl); server_rec *s = r ? r->server : mySrvFromConn(conn); SSLSrvConfigRec *sc = mySrvConfig(s); @@ -1641,7 +1647,7 @@ static void ssl_session_log(server_rec *s, const char *result, long timeout) { - char buf[SSL_SESSION_ID_STRING_LEN]; + char buf[MODSSL_SESSION_ID_STRING_LEN]; char timeout_str[56] = {'\0'}; if (!APLOGdebug(s)) { @@ -1657,7 +1663,7 @@ static void ssl_session_log(server_rec *s, "Inter-Process Session Cache: " "request=%s status=%s id=%s %s(session %s)", request, status, - SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)), + modssl_SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)), timeout_str, result); } @@ -1749,7 +1755,7 @@ SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl, /* * This callback function is executed by OpenSSL whenever a - * SSL_SESSION is removed from the the internal OpenSSL cache. + * SSL_SESSION is removed from the internal OpenSSL cache. * We use this to remove the SSL_SESSION in the inter-process * disk-cache, too. */ @@ -1798,32 +1804,32 @@ static void log_tracing_state(const SSL *ssl, conn_rec *c, */ if (where & SSL_CB_HANDSHAKE_START) { ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c, - "%s: Handshake: start", SSL_LIBRARY_NAME); + "%s: Handshake: start", MODSSL_LIBRARY_NAME); } else if (where & SSL_CB_HANDSHAKE_DONE) { ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c, - "%s: Handshake: done", SSL_LIBRARY_NAME); + "%s: Handshake: done", MODSSL_LIBRARY_NAME); } else if (where & SSL_CB_LOOP) { ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c, "%s: Loop: %s", - SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); + MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl)); } else if (where & SSL_CB_READ) { ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c, "%s: Read: %s", - SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); + MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl)); } else if (where & SSL_CB_WRITE) { ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c, "%s: Write: %s", - SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); + MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl)); } else if (where & SSL_CB_ALERT) { char *str = (where & SSL_CB_READ) ? "read" : "write"; ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c, "%s: Alert: %s:%s:%s", - SSL_LIBRARY_NAME, str, + MODSSL_LIBRARY_NAME, str, SSL_alert_type_string_long(rc), SSL_alert_desc_string_long(rc)); } @@ -1831,12 +1837,12 @@ static void log_tracing_state(const SSL *ssl, conn_rec *c, if (rc == 0) { ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c, "%s: Exit: failed in %s", - SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); + MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl)); } else if (rc < 0) { ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c, "%s: Exit: error in %s", - SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); + MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl)); } } @@ -1903,23 +1909,29 @@ void ssl_callback_Info(const SSL *ssl, int where, int rc) #ifdef HAVE_TLSEXT /* - * This callback function is executed when OpenSSL encounters an extended + * This function sets the virtual host from an extended * client hello with a server name indication extension ("SNI", cf. RFC 6066). */ -int ssl_callback_ServerNameIndication(SSL *ssl, int *al, modssl_ctx_t *mctx) +static apr_status_t init_vhost(conn_rec *c, SSL *ssl) { - const char *servername = - SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); - conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); - + const char *servername; + if (c) { + SSLConnRec *sslcon = myConnConfig(c); + + if (sslcon->server != c->base_server) { + /* already found the vhost */ + return APR_SUCCESS; + } + + servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); if (servername) { if (ap_vhost_iterate_given_conn(c, ssl_find_vhost, (void *)servername)) { ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02043) "SSL virtual host for servername %s found", servername); - return SSL_TLSEXT_ERR_OK; + return APR_SUCCESS; } else { ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02044) @@ -1949,8 +1961,20 @@ int ssl_callback_ServerNameIndication(SSL *ssl, int *al, modssl_ctx_t *mctx) "(using default/first virtual host)"); } } + + return APR_NOTFOUND; +} - return SSL_TLSEXT_ERR_NOACK; +/* + * This callback function is executed when OpenSSL encounters an extended + * client hello with a server name indication extension ("SNI", cf. RFC 6066). + */ +int ssl_callback_ServerNameIndication(SSL *ssl, int *al, modssl_ctx_t *mctx) +{ + conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); + apr_status_t status = init_vhost(c, ssl); + + return (status == APR_SUCCESS)? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK; } /* @@ -1962,50 +1986,10 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s) { SSLSrvConfigRec *sc; SSL *ssl; - BOOL found = FALSE; - apr_array_header_t *names; - int i; + BOOL found; SSLConnRec *sslcon; - /* check ServerName */ - if (!strcasecmp(servername, s->server_hostname)) { - found = TRUE; - } - - /* - * if not matched yet, check ServerAlias entries - * (adapted from vhost.c:matches_aliases()) - */ - if (!found) { - names = s->names; - if (names) { - char **name = (char **)names->elts; - for (i = 0; i < names->nelts; ++i) { - if (!name[i]) - continue; - if (!strcasecmp(servername, name[i])) { - found = TRUE; - break; - } - } - } - } - - /* if still no match, check ServerAlias entries with wildcards */ - if (!found) { - names = s->wild_names; - if (names) { - char **name = (char **)names->elts; - for (i = 0; i < names->nelts; ++i) { - if (!name[i]) - continue; - if (!ap_strcasecmp_match(servername, name[i])) { - found = TRUE; - break; - } - } - } - } + found = ssl_util_vhost_matches(servername, s); /* set SSL_CTX (if matched) */ sslcon = myConnConfig(c); @@ -2149,6 +2133,80 @@ int ssl_callback_SessionTicket(SSL *ssl, } #endif /* HAVE_TLS_SESSION_TICKETS */ +#ifdef HAVE_TLS_ALPN + +/* + * This callback function is executed when the TLS Application-Layer + * Protocol Negotiation Extension (ALPN, RFC 7301) is triggered by the Client + * Hello, giving a list of desired protocol names (in descending preference) + * to the server. + * The callback has to select a protocol name or return an error if none of + * the clients preferences is supported. + * The selected protocol does not have to be on the client list, according + * to RFC 7301, so no checks are performed. + * The client protocol list is serialized as length byte followed by ASCII + * characters (not null-terminated), followed by the next protocol name. + */ +int ssl_callback_alpn_select(SSL *ssl, + const unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + void *arg) +{ + conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); + SSLConnRec *sslconn = myConnConfig(c); + apr_array_header_t *client_protos; + const char *proposed; + size_t len; + int i; + + /* If the connection object is not available, + * then there's nothing for us to do. */ + if (c == NULL) { + return SSL_TLSEXT_ERR_OK; + } + + if (inlen == 0) { + /* someone tries to trick us? */ + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02837) + "ALPN client protocol list empty"); + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + + client_protos = apr_array_make(c->pool, 0, sizeof(char *)); + for (i = 0; i < inlen; /**/) { + unsigned int plen = in[i++]; + if (plen + i > inlen) { + /* someone tries to trick us? */ + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02838) + "ALPN protocol identifier too long"); + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + APR_ARRAY_PUSH(client_protos, char *) = + apr_pstrndup(c->pool, (const char *)in+i, plen); + i += plen; + } + + /* The order the callbacks are invoked from TLS extensions is, unfortunately + * not defined and older openssl versions do call ALPN selection before + * they callback the SNI. We need to make sure that we know which vhost + * we are dealing with so we respect the correct protocols. + */ + init_vhost(c, ssl); + + proposed = ap_select_protocol(c, NULL, sslconn->server, client_protos); + *out = (const unsigned char *)(proposed? proposed : ap_get_protocol(c)); + len = strlen((const char*)*out); + if (len > 255) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02840) + "ALPN negotiated protocol name too long"); + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + *outlen = (unsigned char)len; + + return SSL_TLSEXT_ERR_OK; +} +#endif /* HAVE_TLS_ALPN */ + #ifdef HAVE_SRP int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg) diff --git a/modules/ssl/ssl_engine_log.c b/modules/ssl/ssl_engine_log.c index 2c87638f..d2f9ed0a 100644 --- a/modules/ssl/ssl_engine_log.c +++ b/modules/ssl/ssl_engine_log.c @@ -141,8 +141,8 @@ static void ssl_log_cert_error(const char *file, int line, int level, int maxdnlen = (HUGE_STRING_LEN - msglen - 300) / 2; BIO_puts(bio, " [subject: "); - name = SSL_X509_NAME_to_string(p, X509_get_subject_name(cert), - maxdnlen); + name = modssl_X509_NAME_to_string(p, X509_get_subject_name(cert), + maxdnlen); if (!strIsEmpty(name)) { BIO_puts(bio, name); } else { @@ -150,8 +150,8 @@ static void ssl_log_cert_error(const char *file, int line, int level, } BIO_puts(bio, " / issuer: "); - name = SSL_X509_NAME_to_string(p, X509_get_issuer_name(cert), - maxdnlen); + name = modssl_X509_NAME_to_string(p, X509_get_issuer_name(cert), + maxdnlen); if (!strIsEmpty(name)) { BIO_puts(bio, name); } else { diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c index e158a476..4099864f 100644 --- a/modules/ssl/ssl_engine_pphrase.c +++ b/modules/ssl/ssl_engine_pphrase.c @@ -222,7 +222,7 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx, * is not empty. */ ERR_clear_error(); - bReadable = ((pPrivateKey = SSL_read_PrivateKey(ppcb_arg.pkey_file, + bReadable = ((pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file, NULL, ssl_pphrase_Handle_CB, &ppcb_arg)) != NULL ? TRUE : FALSE); diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c index 413f7fe1..0530eea4 100644 --- a/modules/ssl/ssl_engine_vars.c +++ b/modules/ssl/ssl_engine_vars.c @@ -62,7 +62,7 @@ static int ssl_is_https(conn_rec *c) } static const char var_interface[] = "mod_ssl/" AP_SERVER_BASEREVISION; -static char var_library_interface[] = SSL_LIBRARY_TEXT; +static char var_library_interface[] = MODSSL_LIBRARY_TEXT; static char *var_library = NULL; static apr_array_header_t *expr_peer_ext_list_fn(ap_expr_eval_ctx_t *ctx, @@ -115,7 +115,7 @@ void ssl_var_register(apr_pool_t *p) APR_REGISTER_OPTIONAL_FN(ssl_ext_list); /* Perform once-per-process library version determination: */ - var_library = apr_pstrdup(p, SSL_LIBRARY_DYNTEXT); + var_library = apr_pstrdup(p, MODSSL_LIBRARY_DYNTEXT); if ((cp = strchr(var_library, ' ')) != NULL) { *cp = '/'; @@ -336,7 +336,7 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, request_rec *r, result = (char *)SSL_get_version(ssl); } else if (ssl != NULL && strcEQ(var, "SESSION_ID")) { - char buf[SSL_SESSION_ID_STRING_LEN]; + char buf[MODSSL_SESSION_ID_STRING_LEN]; SSL_SESSION *pSession = SSL_get_session(ssl); if (pSession) { unsigned char *id; @@ -349,8 +349,8 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, request_rec *r, idlen = pSession->session_id_length; #endif - result = apr_pstrdup(p, SSL_SESSION_id2sz(id, idlen, - buf, sizeof(buf))); + result = apr_pstrdup(p, modssl_SSL_SESSION_id2sz(id, idlen, + buf, sizeof(buf))); } } else if(ssl != NULL && strcEQ(var, "SESSION_RESUMED")) { @@ -581,7 +581,7 @@ static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname, char * n =OBJ_obj2nid((ASN1_OBJECT *)X509_NAME_ENTRY_get_object(xsne)); if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid && idx-- == 0) { - result = SSL_X509_NAME_ENTRY_to_string(p, xsne); + result = modssl_X509_NAME_ENTRY_to_string(p, xsne); break; } } @@ -594,6 +594,7 @@ static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname, char * static char *ssl_var_lookup_ssl_cert_san(apr_pool_t *p, X509 *xs, char *var) { int type, numlen; + const char *onf = NULL; apr_array_header_t *entries; if (strcEQn(var, "Email_", 6)) { @@ -604,6 +605,20 @@ static char *ssl_var_lookup_ssl_cert_san(apr_pool_t *p, X509 *xs, char *var) type = GEN_DNS; var += 4; } + else if (strcEQn(var, "OTHER_", 6)) { + type = GEN_OTHERNAME; + var += 6; + if (strEQn(var, "msUPN_", 6)) { + var += 6; + onf = "msUPN"; + } + else if (strEQn(var, "dnsSRV_", 7)) { + var += 7; + onf = "id-on-dnsSRV"; + } + else + return NULL; + } else return NULL; @@ -612,11 +627,11 @@ static char *ssl_var_lookup_ssl_cert_san(apr_pool_t *p, X509 *xs, char *var) if ((numlen < 1) || (numlen > 4) || (numlen != strlen(var))) return NULL; - if (SSL_X509_getSAN(p, xs, type, atoi(var), &entries)) - /* return the first entry from this 1-element array */ - return APR_ARRAY_IDX(entries, 0, char *); + if (modssl_X509_getSAN(p, xs, type, onf, atoi(var), &entries)) + /* return the first entry from this 1-element array */ + return APR_ARRAY_IDX(entries, 0, char *); else - return NULL; + return NULL; } static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, ASN1_TIME *tm) @@ -737,7 +752,7 @@ static char *ssl_var_lookup_ssl_cert_rfc4523_cea(apr_pool_t *p, SSL *ssl) char *decimal = BN_bn2dec(bn); result = apr_pstrcat(p, "{ serialNumber ", decimal, ", issuer rdnSequence:\"", - SSL_X509_NAME_to_string(p, issuer, 0), "\" }", NULL); + modssl_X509_NAME_to_string(p, issuer, 0), "\" }", NULL); OPENSSL_free(decimal); BN_free(bn); } @@ -902,7 +917,7 @@ static void extract_dn(apr_table_t *t, apr_hash_t *nids, const char *pfx, apr_hash_set(count, &nid, sizeof nid, dup); key = apr_pstrcat(p, pfx, tag, NULL); } - value = SSL_X509_NAME_ENTRY_to_string(p, xsne); + value = modssl_X509_NAME_ENTRY_to_string(p, xsne); apr_table_setn(t, key, value); } } @@ -962,24 +977,31 @@ void modssl_var_extract_san_entries(apr_table_t *t, SSL *ssl, apr_pool_t *p) /* subjectAltName entries of the server certificate */ xs = SSL_get_certificate(ssl); if (xs) { - if (SSL_X509_getSAN(p, xs, GEN_EMAIL, -1, &entries)) { + if (modssl_X509_getSAN(p, xs, GEN_EMAIL, NULL, -1, &entries)) { extract_san_array(t, "SSL_SERVER_SAN_Email", entries, p); } - if (SSL_X509_getSAN(p, xs, GEN_DNS, -1, &entries)) { + if (modssl_X509_getSAN(p, xs, GEN_DNS, NULL, -1, &entries)) { extract_san_array(t, "SSL_SERVER_SAN_DNS", entries, p); } + if (modssl_X509_getSAN(p, xs, GEN_OTHERNAME, "id-on-dnsSRV", -1, + &entries)) { + extract_san_array(t, "SSL_SERVER_SAN_OTHER_dnsSRV", entries, p); + } /* no need to free xs (refcount does not increase) */ } /* subjectAltName entries of the client certificate */ xs = SSL_get_peer_certificate(ssl); if (xs) { - if (SSL_X509_getSAN(p, xs, GEN_EMAIL, -1, &entries)) { + if (modssl_X509_getSAN(p, xs, GEN_EMAIL, NULL, -1, &entries)) { extract_san_array(t, "SSL_CLIENT_SAN_Email", entries, p); } - if (SSL_X509_getSAN(p, xs, GEN_DNS, -1, &entries)) { + if (modssl_X509_getSAN(p, xs, GEN_DNS, NULL, -1, &entries)) { extract_san_array(t, "SSL_CLIENT_SAN_DNS", entries, p); } + if (modssl_X509_getSAN(p, xs, GEN_OTHERNAME, "msUPN", -1, &entries)) { + extract_san_array(t, "SSL_CLIENT_SAN_OTHER_msUPN", entries, p); + } X509_free(xs); } } diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index 8f889971..dc4e61a6 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -182,6 +182,11 @@ #include #endif +/* ALPN Protocol Negotiation */ +#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) +#define HAVE_TLS_ALPN +#endif + #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */ /* mod_ssl headers */ @@ -292,16 +297,27 @@ typedef int ssl_opt_t; * Define the SSL Protocol options */ #define SSL_PROTOCOL_NONE (0) -#define SSL_PROTOCOL_SSLV2 (1<<0) +#ifndef OPENSSL_NO_SSL3 #define SSL_PROTOCOL_SSLV3 (1<<1) +#endif #define SSL_PROTOCOL_TLSV1 (1<<2) +#ifndef OPENSSL_NO_SSL3 +#define SSL_PROTOCOL_BASIC (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1) +#else +#define SSL_PROTOCOL_BASIC (SSL_PROTOCOL_TLSV1) +#endif #ifdef HAVE_TLSV1_X #define SSL_PROTOCOL_TLSV1_1 (1<<3) #define SSL_PROTOCOL_TLSV1_2 (1<<4) -#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1| \ +#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_BASIC| \ SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2) #else -#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1) +#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_BASIC) +#endif +#ifndef OPENSSL_NO_SSL3 +#define SSL_PROTOCOL_DEFAULT (SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_SSLV3) +#else +#define SSL_PROTOCOL_DEFAULT (SSL_PROTOCOL_ALL) #endif typedef int ssl_proto_t; @@ -798,6 +814,12 @@ int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int); #endif +#ifdef HAVE_TLS_ALPN +int ssl_callback_alpn_select(SSL *ssl, const unsigned char **out, + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg); +#endif + /** Session Cache Support */ apr_status_t ssl_scache_init(server_rec *, apr_pool_t *); void ssl_scache_status_register(apr_pool_t *p); @@ -856,6 +878,8 @@ BOOL ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *); void ssl_util_thread_setup(apr_pool_t *); int ssl_init_ssl_connection(conn_rec *c, request_rec *r); +BOOL ssl_util_vhost_matches(const char *servername, server_rec *s); + /** Pass Phrase Support */ apr_status_t ssl_load_encrypted_pkey(server_rec *, apr_pool_t *, int, const char *, apr_array_header_t **); diff --git a/modules/ssl/ssl_scache.c b/modules/ssl/ssl_scache.c index 2d365b22..70d18772 100644 --- a/modules/ssl/ssl_scache.c +++ b/modules/ssl/ssl_scache.c @@ -115,7 +115,7 @@ BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); - unsigned char encoded[SSL_SESSION_MAX_DER], *ptr; + unsigned char encoded[MODSSL_SESSION_MAX_DER], *ptr; unsigned int len; apr_status_t rv; @@ -148,8 +148,8 @@ SSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); - unsigned char dest[SSL_SESSION_MAX_DER]; - unsigned int destlen = SSL_SESSION_MAX_DER; + unsigned char dest[MODSSL_SESSION_MAX_DER]; + unsigned int destlen = MODSSL_SESSION_MAX_DER; const unsigned char *ptr; apr_status_t rv; diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c index 476aa0b6..ddde3c74 100644 --- a/modules/ssl/ssl_util.c +++ b/modules/ssl/ssl_util.c @@ -60,6 +60,52 @@ char *ssl_util_vhostid(apr_pool_t *p, server_rec *s) return id; } +/* + * Return TRUE iff the given servername matches the server record when + * selecting virtual hosts. + */ +BOOL ssl_util_vhost_matches(const char *servername, server_rec *s) +{ + apr_array_header_t *names; + int i; + + /* check ServerName */ + if (!strcasecmp(servername, s->server_hostname)) { + return TRUE; + } + + /* + * if not matched yet, check ServerAlias entries + * (adapted from vhost.c:matches_aliases()) + */ + names = s->names; + if (names) { + char **name = (char **)names->elts; + for (i = 0; i < names->nelts; ++i) { + if (!name[i]) + continue; + if (!strcasecmp(servername, name[i])) { + return TRUE; + } + } + } + + /* if still no match, check ServerAlias entries with wildcards */ + names = s->wild_names; + if (names) { + char **name = (char **)names->elts; + for (i = 0; i < names->nelts; ++i) { + if (!name[i]) + continue; + if (!ap_strcasecmp_match(servername, name[i])) { + return TRUE; + } + } + } + + return FALSE; +} + apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd, const char * const *argv) { diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c index a1fca362..a7607c73 100644 --- a/modules/ssl/ssl_util_ssl.c +++ b/modules/ssl/ssl_util_ssl.c @@ -38,33 +38,33 @@ * also note that OpenSSL increments at static variable when * SSL_get_ex_new_index() is called, so we _must_ do this at startup. */ -static int SSL_app_data2_idx = -1; +static int app_data2_idx = -1; -void SSL_init_app_data2_idx(void) +void modssl_init_app_data2_idx(void) { int i; - if (SSL_app_data2_idx > -1) { + if (app_data2_idx > -1) { return; } /* we _do_ need to call this twice */ - for (i=0; i<=1; i++) { - SSL_app_data2_idx = + for (i = 0; i <= 1; i++) { + app_data2_idx = SSL_get_ex_new_index(0, "Second Application Data for SSL", NULL, NULL, NULL); } } -void *SSL_get_app_data2(SSL *ssl) +void *modssl_get_app_data2(SSL *ssl) { - return (void *)SSL_get_ex_data(ssl, SSL_app_data2_idx); + return (void *)SSL_get_ex_data(ssl, app_data2_idx); } -void SSL_set_app_data2(SSL *ssl, void *arg) +void modssl_set_app_data2(SSL *ssl, void *arg) { - SSL_set_ex_data(ssl, SSL_app_data2_idx, (char *)arg); + SSL_set_ex_data(ssl, app_data2_idx, (char *)arg); return; } @@ -74,7 +74,7 @@ void SSL_set_app_data2(SSL *ssl, void *arg) ** _________________________________________________________________ */ -EVP_PKEY *SSL_read_PrivateKey(const char* filename, EVP_PKEY **key, pem_password_cb *cb, void *s) +EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_password_cb *cb, void *s) { EVP_PKEY *rc; BIO *bioS; @@ -121,7 +121,7 @@ EVP_PKEY *SSL_read_PrivateKey(const char* filename, EVP_PKEY **key, pem_password ** _________________________________________________________________ */ -int SSL_smart_shutdown(SSL *ssl) +int modssl_smart_shutdown(SSL *ssl) { int i; int rc; @@ -161,7 +161,7 @@ int SSL_smart_shutdown(SSL *ssl) */ /* retrieve basic constraints ingredients */ -BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen) +BOOL modssl_X509_getBC(X509 *cert, int *ca, int *pathlen) { BASIC_CONSTRAINTS *bc; BIGNUM *bn = NULL; @@ -191,7 +191,7 @@ BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen) } /* convert an ASN.1 string to a UTF-8 string (escaping control characters) */ -char *SSL_ASN1_STRING_to_utf8(apr_pool_t *p, ASN1_STRING *asn1str) +static char *asn1_string_to_utf8(apr_pool_t *p, ASN1_STRING *asn1str) { char *result = NULL; BIO *bio; @@ -213,9 +213,9 @@ char *SSL_ASN1_STRING_to_utf8(apr_pool_t *p, ASN1_STRING *asn1str) } /* convert a NAME_ENTRY to UTF8 string */ -char *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne) +char *modssl_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne) { - char *result = SSL_ASN1_STRING_to_utf8(p, X509_NAME_ENTRY_get_data(xsne)); + char *result = asn1_string_to_utf8(p, X509_NAME_ENTRY_get_data(xsne)); ap_xlate_proto_from_ascii(result, len); return result; } @@ -224,7 +224,7 @@ char *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne) * convert an X509_NAME to an RFC 2253 formatted string, optionally truncated * to maxlen characters (specify a maxlen of 0 for no length limit) */ -char *SSL_X509_NAME_to_string(apr_pool_t *p, X509_NAME *dn, int maxlen) +char *modssl_X509_NAME_to_string(apr_pool_t *p, X509_NAME *dn, int maxlen) { char *result = NULL; BIO *bio; @@ -252,19 +252,48 @@ char *SSL_X509_NAME_to_string(apr_pool_t *p, X509_NAME *dn, int maxlen) return result; } +static void parse_otherName_value(apr_pool_t *p, ASN1_TYPE *value, + const char *onf, apr_array_header_t **entries) +{ + const char *str; + int nid = onf ? OBJ_txt2nid(onf) : NID_undef; + + if (!value || (nid == NID_undef) || !*entries) + return; + + /* + * Currently supported otherName forms (values for "onf"): + * "msUPN" (1.3.6.1.4.1.311.20.2.3): Microsoft User Principal Name + * "id-on-dnsSRV" (1.3.6.1.5.5.7.8.7): SRVName, as specified in RFC 4985 + */ + if ((nid == NID_ms_upn) && (value->type == V_ASN1_UTF8STRING) && + (str = asn1_string_to_utf8(p, value->value.utf8string))) { + APR_ARRAY_PUSH(*entries, const char *) = str; + } else if (strEQ(onf, "id-on-dnsSRV") && + (value->type == V_ASN1_IA5STRING) && + (str = asn1_string_to_utf8(p, value->value.ia5string))) { + APR_ARRAY_PUSH(*entries, const char *) = str; + } +} + /* * Return an array of subjectAltName entries of type "type". If idx is -1, * return all entries of the given type, otherwise return an array consisting * of the n-th occurrence of that type only. Currently supported types: * GEN_EMAIL (rfc822Name) * GEN_DNS (dNSName) + * GEN_OTHERNAME (requires the otherName form ["onf"] argument to be supplied, + * see parse_otherName_value for the currently supported forms) */ -BOOL SSL_X509_getSAN(apr_pool_t *p, X509 *x509, int type, int idx, - apr_array_header_t **entries) +BOOL modssl_X509_getSAN(apr_pool_t *p, X509 *x509, int type, const char *onf, + int idx, apr_array_header_t **entries) { STACK_OF(GENERAL_NAME) *names; + int nid = onf ? OBJ_txt2nid(onf) : NID_undef; - if (!x509 || (type < GEN_OTHERNAME) || (type > GEN_RID) || (idx < -1) || + if (!x509 || (type < GEN_OTHERNAME) || + ((type == GEN_OTHERNAME) && (nid == NID_undef)) || + (type > GEN_RID) || (idx < -1) || !(*entries = apr_array_make(p, 0, sizeof(char *)))) { *entries = NULL; return FALSE; @@ -277,33 +306,43 @@ BOOL SSL_X509_getSAN(apr_pool_t *p, X509 *x509, int type, int idx, for (i = 0; i < sk_GENERAL_NAME_num(names); i++) { name = sk_GENERAL_NAME_value(names, i); - if (name->type == type) { - if ((idx == -1) || (n == idx)) { - switch (type) { - case GEN_EMAIL: - case GEN_DNS: - utf8str = SSL_ASN1_STRING_to_utf8(p, name->d.ia5); - if (utf8str) { - APR_ARRAY_PUSH(*entries, const char *) = utf8str; - } - break; - default: - /* - * Not implemented right now: - * GEN_OTHERNAME (otherName) - * GEN_X400 (x400Address) - * GEN_DIRNAME (directoryName) - * GEN_EDIPARTY (ediPartyName) - * GEN_URI (uniformResourceIdentifier) - * GEN_IPADD (iPAddress) - * GEN_RID (registeredID) - */ - break; + + if (name->type != type) + continue; + + switch (type) { + case GEN_EMAIL: + case GEN_DNS: + if (((idx == -1) || (n == idx)) && + (utf8str = asn1_string_to_utf8(p, name->d.ia5))) { + APR_ARRAY_PUSH(*entries, const char *) = utf8str; + } + n++; + break; + case GEN_OTHERNAME: + if (OBJ_obj2nid(name->d.otherName->type_id) == nid) { + if (((idx == -1) || (n == idx))) { + parse_otherName_value(p, name->d.otherName->value, + onf, entries); } + n++; } - if ((idx != -1) && (n++ > idx)) - break; + break; + default: + /* + * Not implemented right now: + * GEN_X400 (x400Address) + * GEN_DIRNAME (directoryName) + * GEN_EDIPARTY (ediPartyName) + * GEN_URI (uniformResourceIdentifier) + * GEN_IPADD (iPAddress) + * GEN_RID (registeredID) + */ + break; } + + if ((idx != -1) && (n > idx)) + break; } sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); @@ -313,14 +352,14 @@ BOOL SSL_X509_getSAN(apr_pool_t *p, X509 *x509, int type, int idx, } /* return an array of (RFC 6125 coined) DNS-IDs and CN-IDs in a certificate */ -BOOL SSL_X509_getIDs(apr_pool_t *p, X509 *x509, apr_array_header_t **ids) +static BOOL getIDs(apr_pool_t *p, X509 *x509, apr_array_header_t **ids) { X509_NAME *subj; int i = -1; /* First, the DNS-IDs (dNSName entries in the subjectAltName extension) */ if (!x509 || - (SSL_X509_getSAN(p, x509, GEN_DNS, -1, ids) == FALSE && !*ids)) { + (modssl_X509_getSAN(p, x509, GEN_DNS, NULL, -1, ids) == FALSE && !*ids)) { *ids = NULL; return FALSE; } @@ -329,7 +368,7 @@ BOOL SSL_X509_getIDs(apr_pool_t *p, X509 *x509, apr_array_header_t **ids) subj = X509_get_subject_name(x509); while ((i = X509_NAME_get_index_by_NID(subj, NID_commonName, i)) != -1) { APR_ARRAY_PUSH(*ids, const char *) = - SSL_X509_NAME_ENTRY_to_string(p, X509_NAME_get_entry(subj, i)); + modssl_X509_NAME_ENTRY_to_string(p, X509_NAME_get_entry(subj, i)); } return apr_is_empty_array(*ids) ? FALSE : TRUE; @@ -340,8 +379,8 @@ BOOL SSL_X509_getIDs(apr_pool_t *p, X509 *x509, apr_array_header_t **ids) * DNS-IDs and CN-IDs (RFC 6125), optionally with basic wildcard matching. * If server_rec is non-NULL, some (debug/trace) logging is enabled. */ -BOOL SSL_X509_match_name(apr_pool_t *p, X509 *x509, const char *name, - BOOL allow_wildcard, server_rec *s) +BOOL modssl_X509_match_name(apr_pool_t *p, X509 *x509, const char *name, + BOOL allow_wildcard, server_rec *s) { BOOL matched = FALSE; apr_array_header_t *ids; @@ -356,7 +395,7 @@ BOOL SSL_X509_match_name(apr_pool_t *p, X509 *x509, const char *name, * is found). */ - if (SSL_X509_getIDs(p, x509, &ids)) { + if (getIDs(p, x509, &ids)) { const char *cp; int i; char **id = (char **)ids->elts; @@ -387,7 +426,7 @@ BOOL SSL_X509_match_name(apr_pool_t *p, X509 *x509, const char *name, if (s) { ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s, - "[%s] SSL_X509_match_name: expecting name '%s', " + "[%s] modssl_X509_match_name: expecting name '%s', " "%smatched by ID '%s'", (mySrvConfig(s))->vhost_id, name, matched == TRUE ? "" : "NOT ", id[i]); @@ -411,73 +450,6 @@ BOOL SSL_X509_match_name(apr_pool_t *p, X509 *x509, const char *name, return matched; } -/* _________________________________________________________________ -** -** Low-Level CA Certificate Loading -** _________________________________________________________________ -*/ - -BOOL SSL_X509_INFO_load_file(apr_pool_t *ptemp, - STACK_OF(X509_INFO) *sk, - const char *filename) -{ - BIO *in; - - if (!(in = BIO_new(BIO_s_file()))) { - return FALSE; - } - - if (BIO_read_filename(in, filename) <= 0) { - BIO_free(in); - return FALSE; - } - - ERR_clear_error(); - - PEM_X509_INFO_read_bio(in, sk, NULL, NULL); - - BIO_free(in); - - return TRUE; -} - -BOOL SSL_X509_INFO_load_path(apr_pool_t *ptemp, - STACK_OF(X509_INFO) *sk, - const char *pathname) -{ - /* XXX: this dir read code is exactly the same as that in - * ssl_engine_init.c, only the call to handle the fullname is different, - * should fold the duplication. - */ - apr_dir_t *dir; - apr_finfo_t dirent; - apr_int32_t finfo_flags = APR_FINFO_TYPE|APR_FINFO_NAME; - const char *fullname; - BOOL ok = FALSE; - - if (apr_dir_open(&dir, pathname, ptemp) != APR_SUCCESS) { - return FALSE; - } - - while ((apr_dir_read(&dirent, finfo_flags, dir)) == APR_SUCCESS) { - if (dirent.filetype == APR_DIR) { - continue; /* don't try to load directories */ - } - - fullname = apr_pstrcat(ptemp, - pathname, "/", dirent.name, - NULL); - - if (SSL_X509_INFO_load_file(ptemp, sk, fullname)) { - ok = TRUE; - } - } - - apr_dir_close(dir); - - return ok; -} - /* _________________________________________________________________ ** ** Custom (EC)DH parameter support @@ -510,79 +482,14 @@ EC_GROUP *ssl_ec_GetParamFromFile(const char *file) } #endif -/* _________________________________________________________________ -** -** Extra Server Certificate Chain Support -** _________________________________________________________________ -*/ - -/* - * Read a file that optionally contains the server certificate in PEM - * format, possibly followed by a sequence of CA certificates that - * should be sent to the peer in the SSL Certificate message. - */ -int SSL_CTX_use_certificate_chain( - SSL_CTX *ctx, char *file, int skipfirst, pem_password_cb *cb) -{ - BIO *bio; - X509 *x509; - unsigned long err; - int n; - - if ((bio = BIO_new(BIO_s_file_internal())) == NULL) - return -1; - if (BIO_read_filename(bio, file) <= 0) { - BIO_free(bio); - return -1; - } - /* optionally skip a leading server certificate */ - if (skipfirst) { - if ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) == NULL) { - BIO_free(bio); - return -1; - } - X509_free(x509); - } - /* free a perhaps already configured extra chain */ -#ifdef OPENSSL_NO_SSL_INTERN - SSL_CTX_clear_extra_chain_certs(ctx); -#else - if (ctx->extra_certs != NULL) { - sk_X509_pop_free((STACK_OF(X509) *)ctx->extra_certs, X509_free); - ctx->extra_certs = NULL; - } -#endif - /* create new extra chain by loading the certs */ - n = 0; - while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) { - if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) { - X509_free(x509); - BIO_free(bio); - return -1; - } - n++; - } - /* Make sure that only the error is just an EOF */ - if ((err = ERR_peek_error()) > 0) { - if (!( ERR_GET_LIB(err) == ERR_LIB_PEM - && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) { - BIO_free(bio); - return -1; - } - while (ERR_get_error() > 0) ; - } - BIO_free(bio); - return n; -} - /* _________________________________________________________________ ** ** Session Stuff ** _________________________________________________________________ */ -char *SSL_SESSION_id2sz(unsigned char *id, int idlen, - char *str, int strsize) +char *modssl_SSL_SESSION_id2sz(unsigned char *id, int idlen, + char *str, int strsize) { if (idlen > SSL_MAX_SSL_SESSION_ID_LENGTH) idlen = SSL_MAX_SSL_SESSION_ID_LENGTH; diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h index 8944702d..5f748319 100644 --- a/modules/ssl/ssl_util_ssl.h +++ b/modules/ssl/ssl_util_ssl.h @@ -38,41 +38,36 @@ * SSL library version number */ -#define SSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER -#define SSL_LIBRARY_NAME "OpenSSL" -#define SSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT -#define SSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION) +#define MODSSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER +#define MODSSL_LIBRARY_NAME "OpenSSL" +#define MODSSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT +#define MODSSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION) /** * Maximum length of a DER encoded session. * FIXME: There is no define in OpenSSL, but OpenSSL uses 1024*10, * so this value should be ok. Although we have no warm feeling. */ -#define SSL_SESSION_MAX_DER 1024*10 +#define MODSSL_SESSION_MAX_DER 1024*10 -/** max length for SSL_SESSION_id2sz */ -#define SSL_SESSION_ID_STRING_LEN \ +/** max length for modssl_SSL_SESSION_id2sz */ +#define MODSSL_SESSION_ID_STRING_LEN \ ((SSL_MAX_SSL_SESSION_ID_LENGTH + 1) * 2) /** * Additional Functions */ -void SSL_init_app_data2_idx(void); -void *SSL_get_app_data2(SSL *); -void SSL_set_app_data2(SSL *, void *); -EVP_PKEY *SSL_read_PrivateKey(const char *, EVP_PKEY **, pem_password_cb *, void *); -int SSL_smart_shutdown(SSL *ssl); -BOOL SSL_X509_getBC(X509 *, int *, int *); -char *SSL_ASN1_STRING_to_utf8(apr_pool_t *, ASN1_STRING *); -char *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne); -char *SSL_X509_NAME_to_string(apr_pool_t *, X509_NAME *, int); -BOOL SSL_X509_getSAN(apr_pool_t *, X509 *, int, int, apr_array_header_t **); -BOOL SSL_X509_getIDs(apr_pool_t *, X509 *, apr_array_header_t **); -BOOL SSL_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL, server_rec *); -BOOL SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); -BOOL SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); -int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *); -char *SSL_SESSION_id2sz(unsigned char *, int, char *, int); +void modssl_init_app_data2_idx(void); +void *modssl_get_app_data2(SSL *); +void modssl_set_app_data2(SSL *, void *); +EVP_PKEY *modssl_read_privatekey(const char *, EVP_PKEY **, pem_password_cb *, void *); +int modssl_smart_shutdown(SSL *ssl); +BOOL modssl_X509_getBC(X509 *, int *, int *); +char *modssl_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne); +char *modssl_X509_NAME_to_string(apr_pool_t *, X509_NAME *, int); +BOOL modssl_X509_getSAN(apr_pool_t *, X509 *, int, const char *, int, apr_array_header_t **); +BOOL modssl_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL, server_rec *); +char *modssl_SSL_SESSION_id2sz(unsigned char *, int, char *, int); #endif /* __SSL_UTIL_SSL_H__ */ /** @} */ diff --git a/modules/test/mod_optional_fn_import.c b/modules/test/mod_optional_fn_import.c index a01a3e74..aba70e12 100644 --- a/modules/test/mod_optional_fn_import.c +++ b/modules/test/mod_optional_fn_import.c @@ -27,14 +27,14 @@ static APR_OPTIONAL_FN_TYPE(TestOptionalFn) *pfn; static int ImportLogTransaction(request_rec *r) { - if(pfn) + if (pfn) return pfn(r->the_request); return DECLINED; } static void ImportFnRetrieve(void) { - pfn=APR_RETRIEVE_OPTIONAL_FN(TestOptionalFn); + pfn = APR_RETRIEVE_OPTIONAL_FN(TestOptionalFn); } static void ImportRegisterHooks(apr_pool_t *p) diff --git a/os/win32/BaseAddr.ref b/os/win32/BaseAddr.ref index 678e7be1..c7a98e00 100644 --- a/os/win32/BaseAddr.ref +++ b/os/win32/BaseAddr.ref @@ -127,3 +127,4 @@ mod_optional_fn_import.so 0x70BC0000 0x00010000 mod_optional_hook_export.so 0x70BD0000 0x00010000 mod_optional_hook_import.so 0x70BE0000 0x00010000 mod_authnz_fcgi.so 0x70BF0000 0x00020000 +mod_http2.so 0x70C10000 0x00030000 diff --git a/server/core.c b/server/core.c index a3681719..37484b66 100644 --- a/server/core.c +++ b/server/core.c @@ -468,6 +468,9 @@ static void *create_core_server_config(apr_pool_t *a, server_rec *s) conf->trace_enable = AP_TRACE_UNSET; + conf->protocols = apr_array_make(a, 5, sizeof(const char *)); + conf->protocols_honor_order = -1; + return (void *)conf; } @@ -518,6 +521,12 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv) ? virt->merge_trailers : base->merge_trailers; + conf->protocols = ((virt->protocols->nelts > 0)? + virt->protocols : base->protocols); + conf->protocols_honor_order = ((virt->protocols_honor_order < 0)? + base->protocols_honor_order : + virt->protocols_honor_order); + return conf; } @@ -1097,7 +1106,7 @@ AP_DECLARE(apr_off_t) ap_get_limit_req_body(const request_rec *r) /***************************************************************** * * Commands... this module handles almost all of the NCSA httpd.conf - * commands, but most of the old srm.conf is in the the modules. + * commands, but most of the old srm.conf is in the modules. */ @@ -1230,8 +1239,8 @@ AP_DECLARE(const char *) ap_resolve_env(apr_pool_t *p, const char * word) } if (*s == '$') { - if (s[1] == '{' && (e = ap_strchr_c(s, '}'))) { - char *name = apr_pstrndup(p, s+2, e-s-2); + if (s[1] == '{' && (e = ap_strchr_c(s+2, '}'))) { + char *name = apr_pstrmemdup(p, s+2, e-s-2); word = NULL; if (server_config_defined_vars) word = apr_table_get(server_config_defined_vars, name); @@ -2084,7 +2093,7 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd, return unclosed_directive(cmd); } - limited_methods = apr_pstrndup(cmd->temp_pool, arg, endp - arg); + limited_methods = apr_pstrmemdup(cmd->temp_pool, arg, endp - arg); if (!limited_methods[0]) { return missing_container_arg(cmd); @@ -2101,7 +2110,7 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd, return "TRACE cannot be controlled by , see TraceEnable"; } else if (methnum == M_INVALID) { - /* method has not been registered yet, but resorce restriction + /* method has not been registered yet, but resource restriction * is always checked before method handling, so register it. */ methnum = ap_method_register(cmd->pool, @@ -3692,6 +3701,48 @@ static const char *set_trace_enable(cmd_parms *cmd, void *dummy, return NULL; } +static const char *set_protocols(cmd_parms *cmd, void *dummy, + const char *arg) +{ + core_server_config *conf = + ap_get_core_module_config(cmd->server->module_config); + const char **np; + const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE); + + if (err) { + return err; + } + + np = (const char **)apr_array_push(conf->protocols); + *np = arg; + + return NULL; +} + +static const char *set_protocols_honor_order(cmd_parms *cmd, void *dummy, + const char *arg) +{ + core_server_config *conf = + ap_get_core_module_config(cmd->server->module_config); + const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE); + + if (err) { + return err; + } + + if (strcasecmp(arg, "on") == 0) { + conf->protocols_honor_order = 1; + } + else if (strcasecmp(arg, "off") == 0) { + conf->protocols_honor_order = 0; + } + else { + return "ProtocolsHonorOrder must be 'on' or 'off'"; + } + + return NULL; +} + static apr_hash_t *errorlog_hash; static int log_constant_item(const ap_errorlog_info *info, const char *arg, @@ -4205,6 +4256,11 @@ AP_INIT_TAKE1("TraceEnable", set_trace_enable, NULL, RSRC_CONF, "'on' (default), 'off' or 'extended' to trace request body content"), AP_INIT_FLAG("MergeTrailers", set_merge_trailers, NULL, RSRC_CONF, "merge request trailers into request headers or not"), +AP_INIT_ITERATE("Protocols", set_protocols, NULL, RSRC_CONF, + "Controls which protocols are allowed"), +AP_INIT_TAKE1("ProtocolsHonorOrder", set_protocols_honor_order, NULL, RSRC_CONF, + "'off' (default) or 'on' to respect given order of protocols, " + "by default the client specified order determines selection"), { NULL } }; @@ -4936,6 +4992,61 @@ static void core_dump_config(apr_pool_t *p, server_rec *s) } } +static int core_upgrade_handler(request_rec *r) +{ + conn_rec *c = r->connection; + const char *upgrade = apr_table_get(r->headers_in, "Upgrade"); + + if (upgrade && *upgrade) { + const char *conn = apr_table_get(r->headers_in, "Connection"); + if (ap_find_token(r->pool, conn, "upgrade")) { + apr_array_header_t *offers = NULL; + const char *err; + + err = ap_parse_token_list_strict(r->pool, upgrade, &offers, 0); + if (err) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02910) + "parsing Upgrade header: %s", err); + return DECLINED; + } + + if (offers && offers->nelts > 0) { + const char *protocol = ap_select_protocol(c, r, r->server, + offers); + if (protocol && strcmp(protocol, ap_get_protocol(c))) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02909) + "Upgrade selects '%s'", protocol); + /* Let the client know what we are upgrading to. */ + apr_table_clear(r->headers_out); + apr_table_setn(r->headers_out, "Upgrade", protocol); + apr_table_setn(r->headers_out, "Connection", "Upgrade"); + + r->status = HTTP_SWITCHING_PROTOCOLS; + r->status_line = ap_get_status_line(r->status); + ap_send_interim_response(r, 1); + + ap_switch_protocol(c, r, r->server, protocol); + + /* make sure httpd closes the connection after this */ + c->keepalive = AP_CONN_CLOSE; + return DONE; + } + } + } + } + + return DECLINED; +} + +static int core_upgrade_storage(request_rec *r) +{ + if ((r->method_number == M_OPTIONS) && r->uri && (r->uri[0] == '*') && + (r->uri[1] == '\0')) { + return core_upgrade_handler(r); + } + return DECLINED; +} + static void register_hooks(apr_pool_t *p) { errorlog_hash = apr_hash_make(p); @@ -4958,10 +5069,12 @@ static void register_hooks(apr_pool_t *p) ap_hook_check_config(core_check_config,NULL,NULL,APR_HOOK_FIRST); ap_hook_test_config(core_dump_config,NULL,NULL,APR_HOOK_FIRST); ap_hook_translate_name(ap_core_translate,NULL,NULL,APR_HOOK_REALLY_LAST); + ap_hook_map_to_storage(core_upgrade_storage,NULL,NULL,APR_HOOK_REALLY_FIRST); ap_hook_map_to_storage(core_map_to_storage,NULL,NULL,APR_HOOK_REALLY_LAST); ap_hook_open_logs(ap_open_logs,NULL,NULL,APR_HOOK_REALLY_FIRST); ap_hook_child_init(core_child_init,NULL,NULL,APR_HOOK_REALLY_FIRST); ap_hook_child_init(ap_logs_child_init,NULL,NULL,APR_HOOK_MIDDLE); + ap_hook_handler(core_upgrade_handler,NULL,NULL,APR_HOOK_REALLY_FIRST); ap_hook_handler(default_handler,NULL,NULL,APR_HOOK_REALLY_LAST); /* FIXME: I suspect we can eliminate the need for these do_nothings - Ben */ ap_hook_type_checker(do_nothing,NULL,NULL,APR_HOOK_REALLY_LAST); diff --git a/server/core_filters.c b/server/core_filters.c index 61dc2f0a..958055ba 100644 --- a/server/core_filters.c +++ b/server/core_filters.c @@ -48,7 +48,6 @@ #include "mpm_common.h" #include "scoreboard.h" #include "mod_core.h" -#include "mod_proxy.h" #include "ap_listen.h" #include "mod_so.h" /* for ap_find_loaded_module_symbol */ diff --git a/server/listen.c b/server/listen.c index 7950a100..1d9be83f 100644 --- a/server/listen.c +++ b/server/listen.c @@ -22,20 +22,41 @@ #include "ap_config.h" #include "httpd.h" +#include "http_main.h" #include "http_config.h" #include "http_core.h" #include "ap_listen.h" #include "http_log.h" #include "mpm_common.h" +#include +#if APR_HAVE_UNISTD_H +#include +#endif + /* we know core's module_index is 0 */ #undef APLOG_MODULE_INDEX #define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX AP_DECLARE_DATA ap_listen_rec *ap_listeners = NULL; +/* Let ap_num_listen_buckets be global so that it can + * be printed by ap_log_mpm_common(), but keep the listeners + * buckets static since it is used only here to close them + * all (including duplicated) with ap_close_listeners(). + */ +AP_DECLARE_DATA int ap_num_listen_buckets; +static ap_listen_rec **ap_listen_buckets; + +/* Determine once, at runtime, whether or not SO_REUSEPORT + * is usable on this platform, and hence whether or not + * listeners can be duplicated (if configured). + */ +AP_DECLARE_DATA int ap_have_so_reuseport = -1; + static ap_listen_rec *old_listeners; static int ap_listenbacklog; +static int ap_listencbratio; static int send_buffer_size; static int receive_buffer_size; @@ -131,6 +152,23 @@ static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server) ap_sock_disable_nagle(s); #endif +#if defined(SO_REUSEPORT) + if (ap_have_so_reuseport) { + int thesock; + apr_os_sock_get(&thesock, s); + if (setsockopt(thesock, SOL_SOCKET, SO_REUSEPORT, + (void *)&one, sizeof(int)) < 0) { + stat = apr_get_netos_error(); + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02638) + "make_sock: for address %pI, apr_socket_opt_set: " + "(SO_REUSEPORT)", + server->bind_addr); + apr_socket_close(s); + return stat; + } + } +#endif + if ((stat = apr_socket_bind(s, server->bind_addr)) != APR_SUCCESS) { ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, stat, p, APLOGNO(00072) "make_sock: could not bind to address %pI", @@ -482,11 +520,7 @@ static int open_listeners(apr_pool_t *pool) } /* close the old listeners */ - for (lr = old_listeners; lr; lr = next) { - apr_socket_close(lr->sd); - lr->active = 0; - next = lr->next; - } + ap_close_listeners_ex(old_listeners); old_listeners = NULL; #if AP_NONBLOCK_WHEN_MULTI_LISTEN @@ -558,7 +592,7 @@ AP_DECLARE(int) ap_setup_listeners(server_rec *s) } if (open_listeners(s->process->pool)) { - return 0; + return 0; } for (lr = ap_listeners; lr; lr = lr->next) { @@ -582,15 +616,124 @@ AP_DECLARE(int) ap_setup_listeners(server_rec *s) return num_listeners; } -AP_DECLARE_NONSTD(void) ap_close_listeners(void) +AP_DECLARE(apr_status_t) ap_duplicate_listeners(apr_pool_t *p, server_rec *s, + ap_listen_rec ***buckets, + int *num_buckets) { + static int warn_once; + int i; + apr_status_t stat; + int use_nonblock = 0; ap_listen_rec *lr; - for (lr = ap_listeners; lr; lr = lr->next) { + if (*num_buckets < 1) { + *num_buckets = 1; + if (ap_listencbratio > 0) { +#ifdef _SC_NPROCESSORS_ONLN + if (ap_have_so_reuseport) { + int num_online_cores = sysconf(_SC_NPROCESSORS_ONLN), + val = num_online_cores / ap_listencbratio; + if (val > 1) { + *num_buckets = val; + } + ap_log_perror(APLOG_MARK, APLOG_INFO, 0, p, APLOGNO(02819) + "Using %i listeners bucket(s) based on %i " + "online CPU cores and a ratio of %i", + *num_buckets, num_online_cores, + ap_listencbratio); + } + else +#endif + if (!warn_once) { + ap_log_perror(APLOG_MARK, APLOG_WARNING, 0, p, APLOGNO(02820) + "ListenCoresBucketsRatio ignored without " + "SO_REUSEPORT and _SC_NPROCESSORS_ONLN " + "support: using a single listeners bucket"); + warn_once = 1; + } + } + } + + *buckets = apr_pcalloc(p, *num_buckets * sizeof(ap_listen_rec *)); + (*buckets)[0] = ap_listeners; + + for (i = 1; i < *num_buckets; i++) { + ap_listen_rec *last = NULL; + lr = ap_listeners; + while (lr) { + ap_listen_rec *duplr; + char *hostname; + apr_port_t port; + apr_sockaddr_t *sa; + duplr = apr_palloc(p, sizeof(ap_listen_rec)); + duplr->slave = NULL; + duplr->protocol = apr_pstrdup(p, lr->protocol); + hostname = apr_pstrdup(p, lr->bind_addr->hostname); + port = lr->bind_addr->port; + apr_sockaddr_info_get(&sa, hostname, APR_UNSPEC, port, 0, p); + duplr->bind_addr = sa; + duplr->next = NULL; + stat = apr_socket_create(&duplr->sd, duplr->bind_addr->family, + SOCK_STREAM, 0, p); + if (stat != APR_SUCCESS) { + ap_log_perror(APLOG_MARK, APLOG_CRIT, 0, p, APLOGNO(02640) + "ap_duplicate_listeners: for address %pI, " + "cannot duplicate a new socket!", + duplr->bind_addr); + return stat; + } + make_sock(p, duplr); +#if AP_NONBLOCK_WHEN_MULTI_LISTEN + use_nonblock = (ap_listeners && ap_listeners->next); + stat = apr_socket_opt_set(duplr->sd, APR_SO_NONBLOCK, use_nonblock); + if (stat != APR_SUCCESS) { + ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02641) + "unable to control socket non-blocking status"); + return stat; + } +#endif + ap_apply_accept_filter(p, duplr, s); + + if (last == NULL) { + (*buckets)[i] = last = duplr; + } + else { + last->next = duplr; + last = duplr; + } + lr = lr->next; + } + } + + ap_listen_buckets = *buckets; + ap_num_listen_buckets = *num_buckets; + return APR_SUCCESS; +} + +AP_DECLARE_NONSTD(void) ap_close_listeners(void) +{ + int i; + + ap_close_listeners_ex(ap_listeners); + + /* Start from index 1 since either ap_duplicate_listeners() + * was called and ap_listen_buckets[0] == ap_listeners, or + * it wasn't and ap_num_listen_buckets == 0. + */ + for (i = 1; i < ap_num_listen_buckets; i++) { + ap_close_listeners_ex(ap_listen_buckets[i]); + } +} + +AP_DECLARE_NONSTD(void) ap_close_listeners_ex(ap_listen_rec *listeners) +{ + ap_listen_rec *lr; + for (lr = listeners; lr; lr = lr->next) { apr_socket_close(lr->sd); lr->active = 0; } } + AP_DECLARE_NONSTD(int) ap_close_selected_listeners(ap_slave_t *slave) { ap_listen_rec *lr; @@ -612,7 +755,43 @@ AP_DECLARE(void) ap_listen_pre_config(void) { old_listeners = ap_listeners; ap_listeners = NULL; + ap_listen_buckets = NULL; + ap_num_listen_buckets = 0; ap_listenbacklog = DEFAULT_LISTENBACKLOG; + ap_listencbratio = 0; + + /* Check once whether or not SO_REUSEPORT is supported. */ + if (ap_have_so_reuseport < 0) { + /* This is limited to Linux with defined SO_REUSEPORT (ie. 3.9+) for + * now since the implementation evenly distributes connections accross + * all the listening threads/processes. + * + * *BSDs have SO_REUSEPORT too but with a different semantic: the first + * wildcard address bound socket or the last non-wildcard address bound + * socket will receive connections (no evenness garantee); the rest of + * the sockets bound to the same port will not. + * This can't (always) work for httpd. + * + * TODO: latests DragonFlyBSD's SO_REUSEPORT (seems to?) have the same + * semantic as Linux, so we may need HAVE_SO_REUSEPORT available from + * configure.in some day. + */ +#if defined(SO_REUSEPORT) && defined(__linux__) + apr_socket_t *sock; + if (apr_socket_create(&sock, APR_UNSPEC, SOCK_STREAM, 0, + ap_pglobal) == APR_SUCCESS) { + int thesock, on = 1; + apr_os_sock_get(&thesock, sock); + ap_have_so_reuseport = (setsockopt(thesock, SOL_SOCKET, + SO_REUSEPORT, (void *)&on, + sizeof(int)) == 0); + apr_socket_close(sock); + } + else +#endif + ap_have_so_reuseport = 0; + + } } AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy, @@ -684,6 +863,26 @@ AP_DECLARE_NONSTD(const char *) ap_set_listenbacklog(cmd_parms *cmd, return NULL; } +AP_DECLARE_NONSTD(const char *) ap_set_listencbratio(cmd_parms *cmd, + void *dummy, + const char *arg) +{ + int b; + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + + if (err != NULL) { + return err; + } + + b = atoi(arg); + if (b < 1) { + return "ListenCoresBucketsRatio must be > 0"; + } + + ap_listencbratio = b; + return NULL; +} + AP_DECLARE_NONSTD(const char *) ap_set_send_buffer_size(cmd_parms *cmd, void *dummy, const char *arg) diff --git a/server/log.c b/server/log.c index 03de91a2..bfec379d 100644 --- a/server/log.c +++ b/server/log.c @@ -53,6 +53,7 @@ #include "http_main.h" #include "util_time.h" #include "ap_mpm.h" +#include "ap_listen.h" #if HAVE_GETTID #include @@ -497,8 +498,8 @@ int ap_open_logs(apr_pool_t *pconf, apr_pool_t *p /* plog */, * as stdin. This in turn would prevent the piped logger from * exiting. */ - apr_file_close(s_main->error_log); - s_main->error_log = stderr_log; + apr_file_close(s_main->error_log); + s_main->error_log = stderr_log; } } /* note that stderr may still need to be replaced with something @@ -624,7 +625,7 @@ static int log_ctime(const ap_errorlog_info *info, const char *arg, int time_len = buflen; int option = AP_CTIME_OPTION_NONE; - while(arg && *arg) { + while (arg && *arg) { switch (*arg) { case 'u': option |= AP_CTIME_OPTION_USEC; break; @@ -1536,6 +1537,15 @@ AP_DECLARE(void) ap_log_command_line(apr_pool_t *plog, server_rec *s) "Command line: '%s'", result); } +/* grab bag function to log commonly logged and shared info */ +AP_DECLARE(void) ap_log_mpm_common(server_rec *s) +{ + ap_log_error(APLOG_MARK, APLOG_DEBUG , 0, s, APLOGNO(02639) + "Using SO_REUSEPORT: %s (%d)", + ap_have_so_reuseport ? "yes" : "no", + ap_num_listen_buckets); +} + AP_DECLARE(void) ap_remove_pid(apr_pool_t *p, const char *rel_fname) { apr_status_t rv; diff --git a/server/mpm/config.m4 b/server/mpm/config.m4 index 07118bd9..6d3ab86b 100644 --- a/server/mpm/config.m4 +++ b/server/mpm/config.m4 @@ -60,7 +60,7 @@ case $host in esac dnl APACHE_MPM_SUPPORTED(name, supports-shared, is_threaded) -AC_DEFUN(APACHE_MPM_SUPPORTED,[ +AC_DEFUN([APACHE_MPM_SUPPORTED],[ if test "$2" = "yes"; then eval "ap_supported_mpm_$1=shared" ap_supported_shared_mpms="$ap_supported_shared_mpms $1 " @@ -73,7 +73,7 @@ AC_DEFUN(APACHE_MPM_SUPPORTED,[ ])dnl dnl APACHE_MPM_ENABLED(name) -AC_DEFUN(APACHE_MPM_ENABLED,[ +AC_DEFUN([APACHE_MPM_ENABLED],[ if ap_mpm_is_enabled $1; then : else diff --git a/server/mpm/event/event.c b/server/mpm/event/event.c index 9d68dd9b..cd70b7d9 100644 --- a/server/mpm/event/event.c +++ b/server/mpm/event/event.c @@ -59,6 +59,8 @@ #include "apr_want.h" #include "apr_version.h" +#include + #if APR_HAVE_UNISTD_H #include #endif @@ -336,16 +338,29 @@ typedef struct event_retained_data { /* * idle_spawn_rate is the number of children that will be spawned on the * next maintenance cycle if there aren't enough idle servers. It is - * doubled up to MAX_SPAWN_RATE, and reset only when a cycle goes by - * without the need to spawn. + * maintained per listeners bucket, doubled up to MAX_SPAWN_RATE, and + * reset only when a cycle goes by without the need to spawn. */ - int idle_spawn_rate; + int *idle_spawn_rate; #ifndef MAX_SPAWN_RATE #define MAX_SPAWN_RATE (32) #endif int hold_off_on_exponential_spawning; + /* + * Current number of listeners buckets and maximum reached accross + * restarts (to size retained data according to dynamic num_buckets, + * eg. idle_spawn_rate). + */ + int num_buckets, max_buckets; } event_retained_data; static event_retained_data *retained; + +typedef struct event_child_bucket { + ap_pod_t *pod; + ap_listen_rec *listeners; +} event_child_bucket; +static event_child_bucket *all_buckets, /* All listeners buckets */ + *my_bucket; /* Current child bucket */ struct event_srv_cfg_s { struct timeout_queue *wc_q, @@ -354,8 +369,6 @@ struct event_srv_cfg_s { #define ID_FROM_CHILD_THREAD(c, t) ((c * thread_limit) + t) -static ap_pod_t *pod; - /* The event MPM respects a couple of runtime flags that can aid * in debugging. Setting the -DNO_DETACH flag will prevent the root process * from detaching from its controlling terminal. Additionally, setting @@ -1190,11 +1203,12 @@ static void check_infinite_requests(void) } } -static void close_listeners(int process_slot, int *closed) { +static void close_listeners(int process_slot, int *closed) +{ if (!*closed) { int i; disable_listensocks(process_slot); - ap_close_listeners(); + ap_close_listeners_ex(my_bucket->listeners); *closed = 1; dying = 1; ap_scoreboard_image->parent[process_slot].quiescing = 1; @@ -1235,7 +1249,7 @@ static apr_status_t init_pollset(apr_pool_t *p) int i = 0; listener_pollfd = apr_palloc(p, sizeof(apr_pollfd_t) * num_listensocks); - for (lr = ap_listeners; lr != NULL; lr = lr->next, i++) { + for (lr = my_bucket->listeners; lr != NULL; lr = lr->next, i++) { apr_pollfd_t *pfd; AP_DEBUG_ASSERT(i < num_listensocks); pfd = &listener_pollfd[i]; @@ -2216,13 +2230,14 @@ static void join_start_thread(apr_thread_t * start_thread_id) } } -static void child_main(int child_num_arg) +static void child_main(int child_num_arg, int child_bucket) { apr_thread_t **threads; apr_status_t rv; thread_starter *ts; apr_threadattr_t *thread_attr; apr_thread_t *start_thread_id; + int i; mpm_state = AP_MPMQ_STARTING; /* for benefit of any hooks that run as this * child initializes @@ -2231,6 +2246,14 @@ static void child_main(int child_num_arg) ap_fatal_signal_child_setup(ap_server_conf); apr_pool_create(&pchild, pconf); + /* close unused listeners and pods */ + for (i = 0; i < retained->num_buckets; i++) { + if (i != child_bucket) { + ap_close_listeners_ex(all_buckets[i].listeners); + ap_mpm_podx_close(all_buckets[i].pod); + } + } + /*stuff to do before we switch id's, so we have permissions. */ ap_reopen_scoreboard(pchild, NULL, 0); @@ -2340,7 +2363,7 @@ static void child_main(int child_num_arg) apr_signal(SIGTERM, dummy_signal_handler); /* Watch for any messages from the parent over the POD */ while (1) { - rv = ap_mpm_podx_check(pod); + rv = ap_mpm_podx_check(my_bucket->pod); if (rv == AP_MPM_PODX_NORESTART) { /* see if termination was triggered while we slept */ switch (terminate_mode) { @@ -2378,7 +2401,7 @@ static void child_main(int child_num_arg) clean_child_exit(resource_shortage ? APEXIT_CHILDSICK : 0); } -static int make_child(server_rec * s, int slot) +static int make_child(server_rec * s, int slot, int bucket) { int pid; @@ -2387,10 +2410,14 @@ static int make_child(server_rec * s, int slot) } if (one_process) { + my_bucket = &all_buckets[0]; + set_signals(); event_note_child_started(slot, getpid()); - child_main(slot); + child_main(slot, 0); /* NOTREACHED */ + ap_assert(0); + return -1; } if ((pid = fork()) == -1) { @@ -2413,6 +2440,8 @@ static int make_child(server_rec * s, int slot) } if (!pid) { + my_bucket = &all_buckets[bucket]; + #ifdef HAVE_BINDPROCESSOR /* By default, AIX binds to a single processor. This bit unbinds * children which will then bind to another CPU. @@ -2427,10 +2456,12 @@ static int make_child(server_rec * s, int slot) RAISE_SIGSTOP(MAKE_CHILD); apr_signal(SIGTERM, just_die); - child_main(slot); + child_main(slot, bucket); /* NOTREACHED */ + ap_assert(0); + return -1; } - /* else */ + if (ap_scoreboard_image->parent[slot].pid != 0) { /* This new child process is squatting on the scoreboard * entry owned by an exiting child process, which cannot @@ -2440,6 +2471,7 @@ static int make_child(server_rec * s, int slot) } ap_scoreboard_image->parent[slot].quiescing = 0; ap_scoreboard_image->parent[slot].not_accepting = 0; + ap_scoreboard_image->parent[slot].bucket = bucket; event_note_child_started(slot, pid); return 0; } @@ -2453,14 +2485,14 @@ static void startup_children(int number_to_start) if (ap_scoreboard_image->parent[i].pid != 0) { continue; } - if (make_child(ap_server_conf, i) < 0) { + if (make_child(ap_server_conf, i, i % retained->num_buckets) < 0) { break; } --number_to_start; } } -static void perform_idle_server_maintenance(void) +static void perform_idle_server_maintenance(int child_bucket, int num_buckets) { int i, j; int idle_thread_count; @@ -2490,7 +2522,7 @@ static void perform_idle_server_maintenance(void) int child_threads_active = 0; if (i >= retained->max_daemons_limit - && totally_free_length == retained->idle_spawn_rate) + && totally_free_length == retained->idle_spawn_rate[child_bucket]) /* short cut if all active processes have been examined and * enough empty scoreboard slots have been found */ @@ -2517,7 +2549,8 @@ static void perform_idle_server_maintenance(void) if (ps->pid != 0) { /* XXX just set all_dead_threads in outer for loop if no pid? not much else matters */ if (status <= SERVER_READY && !ps->quiescing && !ps->not_accepting - && ps->generation == retained->my_generation) + && ps->generation == retained->my_generation + && ps->bucket == child_bucket) { ++idle_thread_count; } @@ -2528,8 +2561,8 @@ static void perform_idle_server_maintenance(void) } active_thread_count += child_threads_active; if (any_dead_threads - && totally_free_length < retained->idle_spawn_rate - && free_length < MAX_SPAWN_RATE + && totally_free_length < retained->idle_spawn_rate[child_bucket] + && free_length < MAX_SPAWN_RATE / num_buckets && (!ps->pid /* no process in the slot */ || ps->quiescing)) { /* or at least one is going away */ if (all_dead_threads) { @@ -2585,12 +2618,13 @@ static void perform_idle_server_maintenance(void) retained->max_daemons_limit = last_non_dead + 1; - if (idle_thread_count > max_spare_threads) { + if (idle_thread_count > max_spare_threads / num_buckets) { /* Kill off one child */ - ap_mpm_podx_signal(pod, AP_MPM_PODX_GRACEFUL); - retained->idle_spawn_rate = 1; + ap_mpm_podx_signal(all_buckets[child_bucket].pod, + AP_MPM_PODX_GRACEFUL); + retained->idle_spawn_rate[child_bucket] = 1; } - else if (idle_thread_count < min_spare_threads) { + else if (idle_thread_count < min_spare_threads / num_buckets) { /* terminate the free list */ if (free_length == 0) { /* scoreboard is full, can't fork */ @@ -2608,13 +2642,13 @@ static void perform_idle_server_maintenance(void) ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, APLOGNO(00485) "scoreboard is full, not at MaxRequestWorkers"); } - retained->idle_spawn_rate = 1; + retained->idle_spawn_rate[child_bucket] = 1; } else { - if (free_length > retained->idle_spawn_rate) { - free_length = retained->idle_spawn_rate; + if (free_length > retained->idle_spawn_rate[child_bucket]) { + free_length = retained->idle_spawn_rate[child_bucket]; } - if (retained->idle_spawn_rate >= 8) { + if (retained->idle_spawn_rate[child_bucket] >= 8) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf, APLOGNO(00486) "server seems busy, (you may need " "to increase StartServers, ThreadsPerChild " @@ -2624,7 +2658,7 @@ static void perform_idle_server_maintenance(void) idle_thread_count, total_non_dead); } for (i = 0; i < free_length; ++i) { - make_child(ap_server_conf, free_slots[i]); + make_child(ap_server_conf, free_slots[i], child_bucket); } /* the next time around we want to spawn twice as many if this * wasn't good enough, but not if we've just done a graceful @@ -2632,17 +2666,18 @@ static void perform_idle_server_maintenance(void) if (retained->hold_off_on_exponential_spawning) { --retained->hold_off_on_exponential_spawning; } - else if (retained->idle_spawn_rate < MAX_SPAWN_RATE) { - retained->idle_spawn_rate *= 2; + else if (retained->idle_spawn_rate[child_bucket] + < MAX_SPAWN_RATE / num_buckets) { + retained->idle_spawn_rate[child_bucket] *= 2; } } } else { - retained->idle_spawn_rate = 1; + retained->idle_spawn_rate[child_bucket] = 1; } } -static void server_main_loop(int remaining_children_to_start) +static void server_main_loop(int remaining_children_to_start, int num_buckets) { ap_generation_t old_gen; int child_slot; @@ -2686,23 +2721,26 @@ static void server_main_loop(int remaining_children_to_start) } /* non-fatal death... note that it's gone in the scoreboard. */ if (child_slot >= 0) { + process_score *ps; + for (i = 0; i < threads_per_child; i++) ap_update_child_status_from_indexes(child_slot, i, SERVER_DEAD, (request_rec *) NULL); event_note_child_killed(child_slot, 0, 0); - ap_scoreboard_image->parent[child_slot].quiescing = 0; + ps = &ap_scoreboard_image->parent[child_slot]; + ps->quiescing = 0; if (processed_status == APEXIT_CHILDSICK) { /* resource shortage, minimize the fork rate */ - retained->idle_spawn_rate = 1; + retained->idle_spawn_rate[ps->bucket] = 1; } else if (remaining_children_to_start && child_slot < ap_daemons_limit) { /* we're still doing a 1-for-1 replacement of dead * children with new children */ - make_child(ap_server_conf, child_slot); + make_child(ap_server_conf, child_slot, ps->bucket); --remaining_children_to_start; } } @@ -2713,7 +2751,9 @@ static void server_main_loop(int remaining_children_to_start) if (processed_status == APEXIT_CHILDSICK && old_gen == retained->my_generation) { /* resource shortage, minimize the fork rate */ - retained->idle_spawn_rate = 1; + for (i = 0; i < num_buckets; i++) { + retained->idle_spawn_rate[i] = 1; + } } #if APR_HAS_OTHER_CHILD } @@ -2752,13 +2792,17 @@ static void server_main_loop(int remaining_children_to_start) continue; } - perform_idle_server_maintenance(); + for (i = 0; i < num_buckets; i++) { + perform_idle_server_maintenance(i, num_buckets); + } } } static int event_run(apr_pool_t * _pconf, apr_pool_t * plog, server_rec * s) { + int num_buckets = retained->num_buckets; int remaining_children_to_start; + int i; ap_log_pid(pconf, ap_pid_fname); @@ -2775,9 +2819,18 @@ static int event_run(apr_pool_t * _pconf, apr_pool_t * plog, server_rec * s) restart_pending = shutdown_pending = 0; set_signals(); - /* Don't thrash... */ - if (max_spare_threads < min_spare_threads + threads_per_child) - max_spare_threads = min_spare_threads + threads_per_child; + + /* Don't thrash since num_buckets depends on the + * system and the number of online CPU cores... + */ + if (ap_daemons_limit < num_buckets) + ap_daemons_limit = num_buckets; + if (ap_daemons_to_start < num_buckets) + ap_daemons_to_start = num_buckets; + if (min_spare_threads < threads_per_child * num_buckets) + min_spare_threads = threads_per_child * num_buckets; + if (max_spare_threads < min_spare_threads + threads_per_child * num_buckets) + max_spare_threads = min_spare_threads + threads_per_child * num_buckets; /* If we're doing a graceful_restart then we're going to see a lot * of children exiting immediately when we get into the main loop @@ -2808,17 +2861,21 @@ static int event_run(apr_pool_t * _pconf, apr_pool_t * plog, server_rec * s) ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf, APLOGNO(00490) "Server built: %s", ap_get_server_built()); ap_log_command_line(plog, s); + ap_log_mpm_common(s); mpm_state = AP_MPMQ_RUNNING; - server_main_loop(remaining_children_to_start); + server_main_loop(remaining_children_to_start, num_buckets); mpm_state = AP_MPMQ_STOPPING; if (shutdown_pending && !retained->is_graceful) { /* Time to shut down: * Kill child processes, tell them to call child_exit, etc... */ - ap_mpm_podx_killpg(pod, ap_daemons_limit, AP_MPM_PODX_RESTART); + for (i = 0; i < num_buckets; i++) { + ap_mpm_podx_killpg(all_buckets[i].pod, ap_daemons_limit, + AP_MPM_PODX_RESTART); + } ap_reclaim_child_processes(1, /* Start with SIGTERM */ event_note_child_killed); @@ -2839,7 +2896,10 @@ static int event_run(apr_pool_t * _pconf, apr_pool_t * plog, server_rec * s) /* Close our listeners, and then ask our children to do same */ ap_close_listeners(); - ap_mpm_podx_killpg(pod, ap_daemons_limit, AP_MPM_PODX_GRACEFUL); + for (i = 0; i < num_buckets; i++) { + ap_mpm_podx_killpg(all_buckets[i].pod, ap_daemons_limit, + AP_MPM_PODX_GRACEFUL); + } ap_relieve_child_processes(event_note_child_killed); if (!child_fatal) { @@ -2879,7 +2939,10 @@ static int event_run(apr_pool_t * _pconf, apr_pool_t * plog, server_rec * s) * way, try and make sure that all of our processes are * really dead. */ - ap_mpm_podx_killpg(pod, ap_daemons_limit, AP_MPM_PODX_RESTART); + for (i = 0; i < num_buckets; i++) { + ap_mpm_podx_killpg(all_buckets[i].pod, ap_daemons_limit, + AP_MPM_PODX_RESTART); + } ap_reclaim_child_processes(1, event_note_child_killed); return DONE; @@ -2905,8 +2968,10 @@ static int event_run(apr_pool_t * _pconf, apr_pool_t * plog, server_rec * s) AP_SIG_GRACEFUL_STRING " received. Doing graceful restart"); /* wake up the children...time to die. But we'll have more soon */ - ap_mpm_podx_killpg(pod, ap_daemons_limit, AP_MPM_PODX_GRACEFUL); - + for (i = 0; i < num_buckets; i++) { + ap_mpm_podx_killpg(all_buckets[i].pod, ap_daemons_limit, + AP_MPM_PODX_GRACEFUL); + } /* This is mostly for debugging... so that we know what is still * gracefully dealing with existing request. @@ -2918,7 +2983,10 @@ static int event_run(apr_pool_t * _pconf, apr_pool_t * plog, server_rec * s) * and a SIGHUP, we may as well use the same signal, because some user * pthreads are stealing signals from us left and right. */ - ap_mpm_podx_killpg(pod, ap_daemons_limit, AP_MPM_PODX_RESTART); + for (i = 0; i < num_buckets; i++) { + ap_mpm_podx_killpg(all_buckets[i].pod, ap_daemons_limit, + AP_MPM_PODX_RESTART); + } ap_reclaim_child_processes(1, /* Start with SIGTERM */ event_note_child_killed); @@ -2937,7 +3005,10 @@ static int event_open_logs(apr_pool_t * p, apr_pool_t * plog, { int startup = 0; int level_flags = 0; + int num_buckets = 0; + ap_listen_rec **listen_buckets; apr_status_t rv; + int i; pconf = p; @@ -2954,14 +3025,62 @@ static int event_open_logs(apr_pool_t * p, apr_pool_t * plog, return DONE; } - if (!one_process) { - if ((rv = ap_mpm_podx_open(pconf, &pod))) { + if (one_process) { + num_buckets = 1; + } + else if (retained->is_graceful) { + /* Preserve the number of buckets on graceful restarts. */ + num_buckets = retained->num_buckets; + } + if ((rv = ap_duplicate_listeners(pconf, ap_server_conf, + &listen_buckets, &num_buckets))) { + ap_log_error(APLOG_MARK, APLOG_CRIT | level_flags, rv, + (startup ? NULL : s), + "could not duplicate listeners"); + return DONE; + } + + all_buckets = apr_pcalloc(pconf, num_buckets * sizeof(*all_buckets)); + for (i = 0; i < num_buckets; i++) { + if (!one_process && /* no POD in one_process mode */ + (rv = ap_mpm_podx_open(pconf, &all_buckets[i].pod))) { ap_log_error(APLOG_MARK, APLOG_CRIT | level_flags, rv, (startup ? NULL : s), "could not open pipe-of-death"); return DONE; } + all_buckets[i].listeners = listen_buckets[i]; + } + + if (retained->max_buckets < num_buckets) { + int new_max, *new_ptr; + new_max = retained->max_buckets * 2; + if (new_max < num_buckets) { + new_max = num_buckets; + } + new_ptr = (int *)apr_palloc(ap_pglobal, new_max * sizeof(int)); + memcpy(new_ptr, retained->idle_spawn_rate, + retained->num_buckets * sizeof(int)); + retained->idle_spawn_rate = new_ptr; + retained->max_buckets = new_max; } + if (retained->num_buckets < num_buckets) { + int rate_max = 1; + /* If new buckets are added, set their idle spawn rate to + * the highest so far, so that they get filled as quickly + * as the existing ones. + */ + for (i = 0; i < retained->num_buckets; i++) { + if (rate_max < retained->idle_spawn_rate[i]) { + rate_max = retained->idle_spawn_rate[i]; + } + } + for (/* up to date i */; i < num_buckets; i++) { + retained->idle_spawn_rate[i] = rate_max; + } + } + retained->num_buckets = num_buckets; + /* for skiplist */ srand((unsigned int)apr_time_now()); return OK; @@ -2993,7 +3112,6 @@ static int event_pre_config(apr_pool_t * pconf, apr_pool_t * plog, if (!retained) { retained = ap_retained_data_create(userdata_key, sizeof(*retained)); retained->max_daemons_limit = -1; - retained->idle_spawn_rate = 1; } ++retained->module_loads; if (retained->module_loads == 2) { @@ -3007,6 +3125,7 @@ static int event_pre_config(apr_pool_t * pconf, apr_pool_t * plog, "atomics not working as expected - add32 of negative number"); return HTTP_INTERNAL_SERVER_ERROR; } + rv = apr_pollset_create(&event_pollset, 1, plog, APR_POLLSET_THREADSAFE | APR_POLLSET_NOCOPY); if (rv != APR_SUCCESS) { @@ -3309,7 +3428,7 @@ static int event_check_config(apr_pool_t *p, apr_pool_t *plog, } /* ap_daemons_to_start > ap_daemons_limit checked in ap_mpm_run() */ - if (ap_daemons_to_start < 0) { + if (ap_daemons_to_start < 1) { if (startup) { ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_STARTUP, 0, NULL, APLOGNO(00517) "WARNING: StartServers of %d not allowed, " diff --git a/server/mpm/mpmt_os2/mpmt_os2.c b/server/mpm/mpmt_os2/mpmt_os2.c index 3bd360d0..c1e122d7 100644 --- a/server/mpm/mpmt_os2/mpmt_os2.c +++ b/server/mpm/mpmt_os2/mpmt_os2.c @@ -24,7 +24,7 @@ * spawning children as required to ensure there are always ap_daemons_to_start * processes accepting connections. * - * Each child process consists of a a pool of worker threads and a + * Each child process consists of a pool of worker threads and a * main thread that accepts connections & passes them to the workers via * a work queue. The worker thread pool is dynamic, managed by a maintanence * thread so that the number of idle threads is kept between diff --git a/server/mpm/netware/mpm_netware.c b/server/mpm/netware/mpm_netware.c index ecd76c7c..74f2ecc6 100644 --- a/server/mpm/netware/mpm_netware.c +++ b/server/mpm/netware/mpm_netware.c @@ -916,6 +916,7 @@ static int netware_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf, APLOGNO(00225) "Server built: %s", ap_get_server_built()); ap_log_command_line(plog, s); + ap_log_mpm_common(s); show_server_data(); mpm_state = AP_MPMQ_RUNNING; @@ -1202,7 +1203,7 @@ static int CommandLineInterpreter(scr_t screenID, const char *commandLine) ActivateScreen (getscreenhandle()); /* If an instance id was not given but the nlm is loaded in - protected space, then the the command belongs to the + protected space, then the command belongs to the OS address space instance to pass it on. */ pID = strstr (szcommandLine, "-p"); if ((pID == NULL) && nlmisloadedprotected()) diff --git a/server/mpm/prefork/prefork.c b/server/mpm/prefork/prefork.c index ae0fd374..9d424c54 100644 --- a/server/mpm/prefork/prefork.c +++ b/server/mpm/prefork/prefork.c @@ -48,6 +48,8 @@ #include "ap_mmn.h" #include "apr_poll.h" +#include + #ifdef HAVE_TIME_H #include #endif @@ -86,14 +88,12 @@ /* config globals */ -static apr_proc_mutex_t *accept_mutex; static int ap_daemons_to_start=0; static int ap_daemons_min_free=0; static int ap_daemons_max_free=0; static int ap_daemons_limit=0; /* MaxRequestWorkers */ static int server_limit = 0; static int mpm_state = AP_MPMQ_STARTING; -static ap_pod_t *pod; /* data retained by prefork across load/unload of the module * allocated on first call to pre-config hook; located on @@ -125,6 +125,15 @@ typedef struct prefork_retained_data { } prefork_retained_data; static prefork_retained_data *retained; +typedef struct prefork_child_bucket { + ap_pod_t *pod; + ap_listen_rec *listeners; + apr_proc_mutex_t *mutex; +} prefork_child_bucket; +static int num_buckets; /* Number of listeners buckets */ +static prefork_child_bucket *all_buckets, /* All listeners buckets */ + *my_bucket; /* Current child bucket */ + #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid) /* one_process --- debugging mode variable; can be set from the command line @@ -222,14 +231,14 @@ static void clean_child_exit(int code) prefork_note_child_killed(/* slot */ 0, 0, 0); } - ap_mpm_pod_close(pod); + ap_mpm_pod_close(my_bucket->pod); chdir_for_gprof(); exit(code); } -static void accept_mutex_on(void) +static apr_status_t accept_mutex_on(void) { - apr_status_t rv = apr_proc_mutex_lock(accept_mutex); + apr_status_t rv = apr_proc_mutex_lock(my_bucket->mutex); if (rv != APR_SUCCESS) { const char *msg = "couldn't grab the accept mutex"; @@ -243,11 +252,12 @@ static void accept_mutex_on(void) exit(APEXIT_CHILDFATAL); } } + return APR_SUCCESS; } -static void accept_mutex_off(void) +static apr_status_t accept_mutex_off(void) { - apr_status_t rv = apr_proc_mutex_unlock(accept_mutex); + apr_status_t rv = apr_proc_mutex_unlock(my_bucket->mutex); if (rv != APR_SUCCESS) { const char *msg = "couldn't release the accept mutex"; @@ -264,6 +274,7 @@ static void accept_mutex_off(void) exit(APEXIT_CHILDFATAL); } } + return APR_SUCCESS; } /* On some architectures it's safe to do unserialized accept()s in the single @@ -272,9 +283,9 @@ static void accept_mutex_off(void) * when it's safe in the single Listen case. */ #ifdef SINGLE_LISTEN_UNSERIALIZED_ACCEPT -#define SAFE_ACCEPT(stmt) do {if (ap_listeners->next) {stmt;}} while(0) +#define SAFE_ACCEPT(stmt) (ap_listeners->next ? (stmt) : APR_SUCCESS) #else -#define SAFE_ACCEPT(stmt) do {stmt;} while(0) +#define SAFE_ACCEPT(stmt) (stmt) #endif static int prefork_query(int query_code, int *result, apr_status_t *rv) @@ -352,7 +363,7 @@ static int volatile die_now = 0; static void stop_listening(int sig) { mpm_state = AP_MPMQ_STOPPING; - ap_close_listeners(); + ap_close_listeners_ex(my_bucket->listeners); /* For a graceful stop, we want the child to exit when done */ die_now = 1; @@ -477,7 +488,7 @@ static void set_signals(void) static int requests_this_child; static int num_listensocks = 0; -static void child_main(int child_num_arg) +static void child_main(int child_num_arg, int child_bucket) { #if APR_HAS_THREADS apr_thread_t *thd = NULL; @@ -521,18 +532,26 @@ static void child_main(int child_num_arg) apr_pool_create(&ptrans, pchild); apr_pool_tag(ptrans, "transaction"); + /* close unused listeners and pods */ + for (i = 0; i < num_buckets; i++) { + if (i != child_bucket) { + ap_close_listeners_ex(all_buckets[i].listeners); + ap_mpm_pod_close(all_buckets[i].pod); + } + } + /* needs to be done before we switch UIDs so we have permissions */ ap_reopen_scoreboard(pchild, NULL, 0); - lockfile = apr_proc_mutex_lockfile(accept_mutex); - status = apr_proc_mutex_child_init(&accept_mutex, - lockfile, - pchild); + status = SAFE_ACCEPT(apr_proc_mutex_child_init(&my_bucket->mutex, + apr_proc_mutex_lockfile(my_bucket->mutex), + pchild)); if (status != APR_SUCCESS) { + lockfile = apr_proc_mutex_lockfile(my_bucket->mutex); ap_log_error(APLOG_MARK, APLOG_EMERG, status, ap_server_conf, APLOGNO(00155) "Couldn't initialize cross-process lock in child " "(%s) (%s)", lockfile ? lockfile : "none", - apr_proc_mutex_name(accept_mutex)); + apr_proc_mutex_name(my_bucket->mutex)); clean_child_exit(APEXIT_CHILDFATAL); } @@ -554,7 +573,7 @@ static void child_main(int child_num_arg) clean_child_exit(APEXIT_CHILDSICK); /* assume temporary resource issue */ } - for (lr = ap_listeners, i = num_listensocks; i--; lr = lr->next) { + for (lr = my_bucket->listeners, i = num_listensocks; i--; lr = lr->next) { apr_pollfd_t pfd = { 0 }; pfd.desc_type = APR_POLL_SOCKET; @@ -612,7 +631,7 @@ static void child_main(int child_num_arg) if (num_listensocks == 1) { /* There is only one listener record, so refer to that one. */ - lr = ap_listeners; + lr = my_bucket->listeners; } else { /* multiple listening sockets - need to poll */ @@ -710,7 +729,7 @@ static void child_main(int child_num_arg) * while we were processing the connection or we are the lucky * idle server process that gets to die. */ - if (ap_mpm_pod_check(pod) == APR_SUCCESS) { /* selected as idle? */ + if (ap_mpm_pod_check(my_bucket->pod) == APR_SUCCESS) { /* selected as idle? */ die_now = 1; } else if (retained->my_generation != @@ -726,7 +745,7 @@ static void child_main(int child_num_arg) } -static int make_child(server_rec *s, int slot) +static int make_child(server_rec *s, int slot, int bucket) { int pid; @@ -735,6 +754,8 @@ static int make_child(server_rec *s, int slot) } if (one_process) { + my_bucket = &all_buckets[0]; + apr_signal(SIGHUP, sig_term); /* Don't catch AP_SIG_GRACEFUL in ONE_PROCESS mode :) */ apr_signal(SIGINT, sig_term); @@ -743,14 +764,15 @@ static int make_child(server_rec *s, int slot) #endif apr_signal(SIGTERM, sig_term); prefork_note_child_started(slot, getpid()); - child_main(slot); + child_main(slot, 0); /* NOTREACHED */ + ap_assert(0); + return -1; } (void) ap_update_child_status_from_indexes(slot, 0, SERVER_STARTING, (request_rec *) NULL); - #ifdef _OSD_POSIX /* BS2000 requires a "special" version of fork() before a setuid() call */ if ((pid = os_fork(ap_unixd_config.user_name)) == -1) { @@ -775,6 +797,8 @@ static int make_child(server_rec *s, int slot) } if (!pid) { + my_bucket = &all_buckets[bucket]; + #ifdef HAVE_BINDPROCESSOR /* by default AIX binds to a single processor * this bit unbinds children which will then bind to another cpu @@ -797,9 +821,10 @@ static int make_child(server_rec *s, int slot) * The pod is used for signalling the graceful restart. */ apr_signal(AP_SIG_GRACEFUL, stop_listening); - child_main(slot); + child_main(slot, bucket); } + ap_scoreboard_image->parent[slot].bucket = bucket; prefork_note_child_started(slot, pid); return 0; @@ -815,7 +840,7 @@ static void startup_children(int number_to_start) if (ap_scoreboard_image->servers[i][0].status != SERVER_DEAD) { continue; } - if (make_child(ap_server_conf, i) < 0) { + if (make_child(ap_server_conf, i, i % num_buckets) < 0) { break; } --number_to_start; @@ -824,6 +849,8 @@ static void startup_children(int number_to_start) static void perform_idle_server_maintenance(apr_pool_t *p) { + static int bucket_make_child_record = -1; + static int bucket_kill_child_record = -1; int i; int idle_count; worker_score *ws; @@ -874,7 +901,8 @@ static void perform_idle_server_maintenance(apr_pool_t *p) * shut down gracefully, in case it happened to pick up a request * while we were counting */ - ap_mpm_pod_signal(pod); + bucket_kill_child_record = (bucket_kill_child_record + 1) % num_buckets; + ap_mpm_pod_signal(all_buckets[bucket_kill_child_record].pod); retained->idle_spawn_rate = 1; } else if (idle_count < ap_daemons_min_free) { @@ -899,7 +927,10 @@ static void perform_idle_server_maintenance(apr_pool_t *p) idle_count, total_non_dead); } for (i = 0; i < free_length; ++i) { - make_child(ap_server_conf, free_slots[i]); + bucket_make_child_record++; + bucket_make_child_record %= num_buckets; + make_child(ap_server_conf, free_slots[i], + bucket_make_child_record); } /* the next time around we want to spawn twice as many if this * wasn't good enough, but not if we've just done a graceful @@ -925,18 +956,10 @@ static int prefork_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) { int index; int remaining_children_to_start; - apr_status_t rv; + int i; ap_log_pid(pconf, ap_pid_fname); - /* Initialize cross-process accept lock */ - rv = ap_proc_mutex_create(&accept_mutex, NULL, AP_ACCEPT_MUTEX_TYPE, NULL, - s, _pconf, 0); - if (rv != APR_SUCCESS) { - mpm_state = AP_MPMQ_STOPPING; - return DONE; - } - if (!retained->is_graceful) { if (ap_run_pre_mpm(s->process->pool, SB_SHARED) != OK) { mpm_state = AP_MPMQ_STOPPING; @@ -953,12 +976,23 @@ static int prefork_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) if (one_process) { AP_MONCONTROL(1); - make_child(ap_server_conf, 0); + make_child(ap_server_conf, 0, 0); /* NOTREACHED */ + ap_assert(0); + return DONE; } - else { - if (ap_daemons_max_free < ap_daemons_min_free + 1) /* Don't thrash... */ - ap_daemons_max_free = ap_daemons_min_free + 1; + + /* Don't thrash since num_buckets depends on the + * system and the number of online CPU cores... + */ + if (ap_daemons_limit < num_buckets) + ap_daemons_limit = num_buckets; + if (ap_daemons_to_start < num_buckets) + ap_daemons_to_start = num_buckets; + if (ap_daemons_min_free < num_buckets) + ap_daemons_min_free = num_buckets; + if (ap_daemons_max_free < ap_daemons_min_free + num_buckets) + ap_daemons_max_free = ap_daemons_min_free + num_buckets; /* If we're doing a graceful_restart then we're going to see a lot * of children exiting immediately when we get into the main loop @@ -989,9 +1023,12 @@ static int prefork_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf, APLOGNO(00164) "Server built: %s", ap_get_server_built()); ap_log_command_line(plog, s); + ap_log_mpm_common(s); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, APLOGNO(00165) "Accept mutex: %s (default: %s)", - apr_proc_mutex_name(accept_mutex), + (all_buckets[0].mutex) + ? apr_proc_mutex_name(all_buckets[0].mutex) + : "none", apr_proc_mutex_defname()); mpm_state = AP_MPMQ_RUNNING; @@ -1048,7 +1085,8 @@ static int prefork_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) /* we're still doing a 1-for-1 replacement of dead * children with new children */ - make_child(ap_server_conf, child_slot); + make_child(ap_server_conf, child_slot, + ap_get_scoreboard_process(child_slot)->bucket); --remaining_children_to_start; } #if APR_HAS_OTHER_CHILD @@ -1089,7 +1127,6 @@ static int prefork_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) perform_idle_server_maintenance(pconf); } - } /* one_process */ mpm_state = AP_MPMQ_STOPPING; @@ -1122,7 +1159,9 @@ static int prefork_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) ap_close_listeners(); /* kill off the idle ones */ - ap_mpm_pod_killpg(pod, retained->max_daemons_limit); + for (i = 0; i < num_buckets; i++) { + ap_mpm_pod_killpg(all_buckets[i].pod, retained->max_daemons_limit); + } /* Send SIGUSR1 to the active children */ active_children = 0; @@ -1196,7 +1235,9 @@ static int prefork_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) "Graceful restart requested, doing restart"); /* kill off the idle ones */ - ap_mpm_pod_killpg(pod, retained->max_daemons_limit); + for (i = 0; i < num_buckets; i++) { + ap_mpm_pod_killpg(all_buckets[i].pod, retained->max_daemons_limit); + } /* This is mostly for debugging... so that we know what is still * gracefully dealing with existing request. This will break @@ -1238,7 +1279,10 @@ static int prefork_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, { int startup = 0; int level_flags = 0; + ap_listen_rec **listen_buckets; apr_status_t rv; + char id[16]; + int i; pconf = p; @@ -1255,12 +1299,43 @@ static int prefork_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, return DONE; } - if ((rv = ap_mpm_pod_open(pconf, &pod))) { + if (one_process) { + num_buckets = 1; + } + else if (!retained->is_graceful) { /* Preserve the number of buckets + on graceful restarts. */ + num_buckets = 0; + } + if ((rv = ap_duplicate_listeners(pconf, ap_server_conf, + &listen_buckets, &num_buckets))) { ap_log_error(APLOG_MARK, APLOG_CRIT | level_flags, rv, (startup ? NULL : s), - "could not open pipe-of-death"); + "could not duplicate listeners"); return DONE; } + all_buckets = apr_pcalloc(pconf, num_buckets * + sizeof(prefork_child_bucket)); + for (i = 0; i < num_buckets; i++) { + if (!one_process && /* no POD in one_process mode */ + (rv = ap_mpm_pod_open(pconf, &all_buckets[i].pod))) { + ap_log_error(APLOG_MARK, APLOG_CRIT | level_flags, rv, + (startup ? NULL : s), + "could not open pipe-of-death"); + return DONE; + } + /* Initialize cross-process accept lock (safe accept needed only) */ + if ((rv = SAFE_ACCEPT((apr_snprintf(id, sizeof id, "%i", i), + ap_proc_mutex_create(&all_buckets[i].mutex, + NULL, AP_ACCEPT_MUTEX_TYPE, + id, s, pconf, 0))))) { + ap_log_error(APLOG_MARK, APLOG_CRIT | level_flags, rv, + (startup ? NULL : s), + "could not create accept mutex"); + return DONE; + } + all_buckets[i].listeners = listen_buckets[i]; + } + return OK; } @@ -1409,7 +1484,7 @@ static int prefork_check_config(apr_pool_t *p, apr_pool_t *plog, } /* ap_daemons_to_start > ap_daemons_limit checked in prefork_run() */ - if (ap_daemons_to_start < 0) { + if (ap_daemons_to_start < 1) { if (startup) { ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_STARTUP, 0, NULL, APLOGNO(00184) "WARNING: StartServers of %d not allowed, " diff --git a/server/mpm/winnt/mpm_winnt.c b/server/mpm/winnt/mpm_winnt.c index 957af639..853c38b8 100644 --- a/server/mpm/winnt/mpm_winnt.c +++ b/server/mpm/winnt/mpm_winnt.c @@ -360,6 +360,13 @@ static int send_handles_to_child(apr_pool_t *p, HANDLE hScore; apr_size_t BytesWritten; + if ((rv = apr_file_write_full(child_in, &my_generation, + sizeof(my_generation), NULL)) + != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_CRIT, rv, ap_server_conf, APLOGNO(02964) + "Parent: Unable to send its generation to the child"); + return -1; + } if (!DuplicateHandle(hCurrentProcess, child_ready_event, hProcess, &hDup, EVENT_MODIFY_STATE | SYNCHRONIZE, FALSE, 0)) { ap_log_error(APLOG_MARK, APLOG_CRIT, apr_get_os_error(), ap_server_conf, APLOGNO(00392) @@ -1037,6 +1044,7 @@ static void winnt_rewrite_args(process_rec *process) { HANDLE filehand; HANDLE hproc = GetCurrentProcess(); + DWORD BytesRead; /* This is the child */ my_pid = GetCurrentProcessId(); @@ -1074,6 +1082,16 @@ static void winnt_rewrite_args(process_rec *process) * already */ + /* Read this child's generation number as soon as now, + * so that further hooks can query it. + */ + if (!ReadFile(pipe, &my_generation, sizeof(my_generation), + &BytesRead, (LPOVERLAPPED) NULL) + || (BytesRead != sizeof(my_generation))) { + ap_log_error(APLOG_MARK, APLOG_CRIT, apr_get_os_error(), NULL, APLOGNO(02965) + "Child: Unable to retrieve my generation from the parent"); + exit(APEXIT_CHILDINIT); + } /* The parent is responsible for providing the * COMPLETE ARGUMENTS REQUIRED to the child. @@ -1665,8 +1683,6 @@ static void winnt_child_init(apr_pool_t *pchild, struct server_rec *s) /* Done reading from the parent, close that channel */ CloseHandle(pipe); - - my_generation = ap_scoreboard_image->global->running_generation; } else { /* Single process mode - this lock doesn't even need to exist */ @@ -1723,6 +1739,7 @@ static int winnt_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s ) ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, APLOGNO(00456) "Server built: %s", ap_get_server_built()); ap_log_command_line(plog, s); + ap_log_mpm_common(s); restart = master_main(ap_server_conf, shutdown_event, restart_event); diff --git a/server/mpm/worker/worker.c b/server/mpm/worker/worker.c index 408d3176..4a729c0d 100644 --- a/server/mpm/worker/worker.c +++ b/server/mpm/worker/worker.c @@ -30,6 +30,9 @@ #include "apr_thread_mutex.h" #include "apr_proc_mutex.h" #include "apr_poll.h" + +#include + #define APR_WANT_STRFUNC #include "apr_want.h" @@ -156,17 +159,31 @@ typedef struct worker_retained_data { /* * idle_spawn_rate is the number of children that will be spawned on the * next maintenance cycle if there aren't enough idle servers. It is - * doubled up to MAX_SPAWN_RATE, and reset only when a cycle goes by - * without the need to spawn. + * maintained per listeners bucket, doubled up to MAX_SPAWN_RATE, and + * reset only when a cycle goes by without the need to spawn. */ - int idle_spawn_rate; + int *idle_spawn_rate; #ifndef MAX_SPAWN_RATE #define MAX_SPAWN_RATE (32) #endif int hold_off_on_exponential_spawning; + /* + * Current number of listeners buckets and maximum reached accross + * restarts (to size retained data according to dynamic num_buckets, + * eg. idle_spawn_rate). + */ + int num_buckets, max_buckets; } worker_retained_data; static worker_retained_data *retained; +typedef struct worker_child_bucket { + ap_pod_t *pod; + ap_listen_rec *listeners; + apr_proc_mutex_t *mutex; +} worker_child_bucket; +static worker_child_bucket *all_buckets, /* All listeners buckets */ + *my_bucket; /* Current child bucket */ + #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid) /* The structure used to pass unique initialization info to each thread */ @@ -188,8 +205,6 @@ typedef struct { #define ID_FROM_CHILD_THREAD(c, t) ((c * thread_limit) + t) -static ap_pod_t *pod; - /* The worker MPM respects a couple of runtime flags that can aid * in debugging. Setting the -DNO_DETACH flag will prevent the root process * from detaching from its controlling terminal. Additionally, setting @@ -217,9 +232,6 @@ static pid_t ap_my_pid; /* Linux getpid() doesn't work except in main static pid_t parent_pid; static apr_os_thread_t *listener_os_thread; -/* Locks for accept serialization */ -static apr_proc_mutex_t *accept_mutex; - #ifdef SINGLE_LISTEN_UNSERIALIZED_ACCEPT #define SAFE_ACCEPT(stmt) (ap_listeners->next ? (stmt) : APR_SUCCESS) #else @@ -701,7 +713,7 @@ static void * APR_THREAD_FUNC listener_thread(apr_thread_t *thd, void * dummy) clean_child_exit(APEXIT_CHILDSICK); } - for (lr = ap_listeners; lr != NULL; lr = lr->next) { + for (lr = my_bucket->listeners; lr != NULL; lr = lr->next) { apr_pollfd_t pfd = { 0 }; pfd.desc_type = APR_POLL_SOCKET; @@ -758,7 +770,7 @@ static void * APR_THREAD_FUNC listener_thread(apr_thread_t *thd, void * dummy) /* We've already decremented the idle worker count inside * ap_queue_info_wait_for_idler. */ - if ((rv = SAFE_ACCEPT(apr_proc_mutex_lock(accept_mutex))) + if ((rv = SAFE_ACCEPT(apr_proc_mutex_lock(my_bucket->mutex))) != APR_SUCCESS) { if (!listener_may_exit) { @@ -767,9 +779,9 @@ static void * APR_THREAD_FUNC listener_thread(apr_thread_t *thd, void * dummy) break; /* skip the lock release */ } - if (!ap_listeners->next) { + if (!my_bucket->listeners->next) { /* Only one listener, so skip the poll */ - lr = ap_listeners; + lr = my_bucket->listeners; } else { while (!listener_may_exit) { @@ -839,7 +851,7 @@ static void * APR_THREAD_FUNC listener_thread(apr_thread_t *thd, void * dummy) resource_shortage = 1; signal_threads(ST_GRACEFUL); } - if ((rv = SAFE_ACCEPT(apr_proc_mutex_unlock(accept_mutex))) + if ((rv = SAFE_ACCEPT(apr_proc_mutex_unlock(my_bucket->mutex))) != APR_SUCCESS) { if (listener_may_exit) { @@ -863,7 +875,7 @@ static void * APR_THREAD_FUNC listener_thread(apr_thread_t *thd, void * dummy) } } else { - if ((rv = SAFE_ACCEPT(apr_proc_mutex_unlock(accept_mutex))) + if ((rv = SAFE_ACCEPT(apr_proc_mutex_unlock(my_bucket->mutex))) != APR_SUCCESS) { int level = APLOG_EMERG; @@ -880,7 +892,7 @@ static void * APR_THREAD_FUNC listener_thread(apr_thread_t *thd, void * dummy) } } - ap_close_listeners(); + ap_close_listeners_ex(my_bucket->listeners); ap_queue_term(worker_queue); dying = 1; ap_scoreboard_image->parent[process_slot].quiescing = 1; @@ -1210,13 +1222,14 @@ static void join_start_thread(apr_thread_t *start_thread_id) } } -static void child_main(int child_num_arg) +static void child_main(int child_num_arg, int child_bucket) { apr_thread_t **threads; apr_status_t rv; thread_starter *ts; apr_threadattr_t *thread_attr; apr_thread_t *start_thread_id; + int i; mpm_state = AP_MPMQ_STARTING; /* for benefit of any hooks that run as this * child initializes @@ -1225,12 +1238,20 @@ static void child_main(int child_num_arg) ap_fatal_signal_child_setup(ap_server_conf); apr_pool_create(&pchild, pconf); + /* close unused listeners and pods */ + for (i = 0; i < retained->num_buckets; i++) { + if (i != child_bucket) { + ap_close_listeners_ex(all_buckets[i].listeners); + ap_mpm_podx_close(all_buckets[i].pod); + } + } + /*stuff to do before we switch id's, so we have permissions.*/ ap_reopen_scoreboard(pchild, NULL, 0); - rv = SAFE_ACCEPT(apr_proc_mutex_child_init(&accept_mutex, - apr_proc_mutex_lockfile(accept_mutex), - pchild)); + rv = SAFE_ACCEPT(apr_proc_mutex_child_init(&my_bucket->mutex, + apr_proc_mutex_lockfile(my_bucket->mutex), + pchild)); if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_EMERG, rv, ap_server_conf, APLOGNO(00280) "Couldn't initialize cross-process lock in child"); @@ -1338,7 +1359,7 @@ static void child_main(int child_num_arg) apr_signal(SIGTERM, dummy_signal_handler); /* Watch for any messages from the parent over the POD */ while (1) { - rv = ap_mpm_podx_check(pod); + rv = ap_mpm_podx_check(my_bucket->pod); if (rv == AP_MPM_PODX_NORESTART) { /* see if termination was triggered while we slept */ switch(terminate_mode) { @@ -1376,7 +1397,7 @@ static void child_main(int child_num_arg) clean_child_exit(resource_shortage ? APEXIT_CHILDSICK : 0); } -static int make_child(server_rec *s, int slot) +static int make_child(server_rec *s, int slot, int bucket) { int pid; @@ -1385,10 +1406,14 @@ static int make_child(server_rec *s, int slot) } if (one_process) { + my_bucket = &all_buckets[0]; + set_signals(); worker_note_child_started(slot, getpid()); - child_main(slot); + child_main(slot, 0); /* NOTREACHED */ + ap_assert(0); + return -1; } if ((pid = fork()) == -1) { @@ -1410,6 +1435,8 @@ static int make_child(server_rec *s, int slot) } if (!pid) { + my_bucket = &all_buckets[bucket]; + #ifdef HAVE_BINDPROCESSOR /* By default, AIX binds to a single processor. This bit unbinds * children which will then bind to another CPU. @@ -1424,10 +1451,12 @@ static int make_child(server_rec *s, int slot) RAISE_SIGSTOP(MAKE_CHILD); apr_signal(SIGTERM, just_die); - child_main(slot); + child_main(slot, bucket); /* NOTREACHED */ + ap_assert(0); + return -1; } - /* else */ + if (ap_scoreboard_image->parent[slot].pid != 0) { /* This new child process is squatting on the scoreboard * entry owned by an exiting child process, which cannot @@ -1436,6 +1465,7 @@ static int make_child(server_rec *s, int slot) worker_note_child_lost_slot(slot, pid); } ap_scoreboard_image->parent[slot].quiescing = 0; + ap_scoreboard_image->parent[slot].bucket = bucket; worker_note_child_started(slot, pid); return 0; } @@ -1449,14 +1479,14 @@ static void startup_children(int number_to_start) if (ap_scoreboard_image->parent[i].pid != 0) { continue; } - if (make_child(ap_server_conf, i) < 0) { + if (make_child(ap_server_conf, i, i % retained->num_buckets) < 0) { break; } --number_to_start; } } -static void perform_idle_server_maintenance(void) +static void perform_idle_server_maintenance(int child_bucket, int num_buckets) { int i, j; int idle_thread_count; @@ -1485,7 +1515,7 @@ static void perform_idle_server_maintenance(void) int all_dead_threads = 1; int child_threads_active = 0; - if (i >= retained->max_daemons_limit && totally_free_length == retained->idle_spawn_rate) + if (i >= retained->max_daemons_limit && totally_free_length == retained->idle_spawn_rate[child_bucket]) /* short cut if all active processes have been examined and * enough empty scoreboard slots have been found */ @@ -1513,7 +1543,8 @@ static void perform_idle_server_maintenance(void) loop if no pid? not much else matters */ if (status <= SERVER_READY && !ps->quiescing && - ps->generation == retained->my_generation) { + ps->generation == retained->my_generation && + ps->bucket == child_bucket) { ++idle_thread_count; } if (status >= SERVER_READY && status < SERVER_GRACEFUL) { @@ -1522,8 +1553,8 @@ static void perform_idle_server_maintenance(void) } } active_thread_count += child_threads_active; - if (any_dead_threads && totally_free_length < retained->idle_spawn_rate - && free_length < MAX_SPAWN_RATE + if (any_dead_threads && totally_free_length < retained->idle_spawn_rate[child_bucket] + && free_length < MAX_SPAWN_RATE / num_buckets && (!ps->pid /* no process in the slot */ || ps->quiescing)) { /* or at least one is going away */ if (all_dead_threads) { @@ -1579,12 +1610,13 @@ static void perform_idle_server_maintenance(void) retained->max_daemons_limit = last_non_dead + 1; - if (idle_thread_count > max_spare_threads) { + if (idle_thread_count > max_spare_threads / num_buckets) { /* Kill off one child */ - ap_mpm_podx_signal(pod, AP_MPM_PODX_GRACEFUL); - retained->idle_spawn_rate = 1; + ap_mpm_podx_signal(all_buckets[child_bucket].pod, + AP_MPM_PODX_GRACEFUL); + retained->idle_spawn_rate[child_bucket] = 1; } - else if (idle_thread_count < min_spare_threads) { + else if (idle_thread_count < min_spare_threads / num_buckets) { /* terminate the free list */ if (free_length == 0) { /* scoreboard is full, can't fork */ @@ -1615,13 +1647,13 @@ static void perform_idle_server_maintenance(void) ap_server_conf, APLOGNO(00288) "scoreboard is full, not at MaxRequestWorkers"); } - retained->idle_spawn_rate = 1; + retained->idle_spawn_rate[child_bucket] = 1; } else { - if (free_length > retained->idle_spawn_rate) { - free_length = retained->idle_spawn_rate; + if (free_length > retained->idle_spawn_rate[child_bucket]) { + free_length = retained->idle_spawn_rate[child_bucket]; } - if (retained->idle_spawn_rate >= 8) { + if (retained->idle_spawn_rate[child_bucket] >= 8) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf, APLOGNO(00289) "server seems busy, (you may need " @@ -1632,7 +1664,7 @@ static void perform_idle_server_maintenance(void) idle_thread_count, total_non_dead); } for (i = 0; i < free_length; ++i) { - make_child(ap_server_conf, free_slots[i]); + make_child(ap_server_conf, free_slots[i], child_bucket); } /* the next time around we want to spawn twice as many if this * wasn't good enough, but not if we've just done a graceful @@ -1640,17 +1672,18 @@ static void perform_idle_server_maintenance(void) if (retained->hold_off_on_exponential_spawning) { --retained->hold_off_on_exponential_spawning; } - else if (retained->idle_spawn_rate < MAX_SPAWN_RATE) { - retained->idle_spawn_rate *= 2; + else if (retained->idle_spawn_rate[child_bucket] + < MAX_SPAWN_RATE / num_buckets) { + retained->idle_spawn_rate[child_bucket] *= 2; } } } else { - retained->idle_spawn_rate = 1; + retained->idle_spawn_rate[child_bucket] = 1; } } -static void server_main_loop(int remaining_children_to_start) +static void server_main_loop(int remaining_children_to_start, int num_buckets) { ap_generation_t old_gen; int child_slot; @@ -1694,22 +1727,25 @@ static void server_main_loop(int remaining_children_to_start) } /* non-fatal death... note that it's gone in the scoreboard. */ if (child_slot >= 0) { + process_score *ps; + for (i = 0; i < threads_per_child; i++) ap_update_child_status_from_indexes(child_slot, i, SERVER_DEAD, (request_rec *) NULL); worker_note_child_killed(child_slot, 0, 0); - ap_scoreboard_image->parent[child_slot].quiescing = 0; + ps = &ap_scoreboard_image->parent[child_slot]; + ps->quiescing = 0; if (processed_status == APEXIT_CHILDSICK) { /* resource shortage, minimize the fork rate */ - retained->idle_spawn_rate = 1; + retained->idle_spawn_rate[ps->bucket] = 1; } else if (remaining_children_to_start && child_slot < ap_daemons_limit) { /* we're still doing a 1-for-1 replacement of dead * children with new children */ - make_child(ap_server_conf, child_slot); + make_child(ap_server_conf, child_slot, ps->bucket); --remaining_children_to_start; } } @@ -1719,7 +1755,9 @@ static void server_main_loop(int remaining_children_to_start) if (processed_status == APEXIT_CHILDSICK && old_gen == retained->my_generation) { /* resource shortage, minimize the fork rate */ - retained->idle_spawn_rate = 1; + for (i = 0; i < num_buckets; i++) { + retained->idle_spawn_rate[i] = 1; + } } #if APR_HAS_OTHER_CHILD } @@ -1758,25 +1796,20 @@ static void server_main_loop(int remaining_children_to_start) continue; } - perform_idle_server_maintenance(); + for (i = 0; i < num_buckets; i++) { + perform_idle_server_maintenance(i, num_buckets); + } } } static int worker_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) { + int num_buckets = retained->num_buckets; int remaining_children_to_start; - apr_status_t rv; + int i; ap_log_pid(pconf, ap_pid_fname); - /* Initialize cross-process accept lock */ - rv = ap_proc_mutex_create(&accept_mutex, NULL, AP_ACCEPT_MUTEX_TYPE, NULL, - s, _pconf, 0); - if (rv != APR_SUCCESS) { - mpm_state = AP_MPMQ_STOPPING; - return DONE; - } - if (!retained->is_graceful) { if (ap_run_pre_mpm(s->process->pool, SB_SHARED) != OK) { mpm_state = AP_MPMQ_STOPPING; @@ -1790,9 +1823,18 @@ static int worker_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) restart_pending = shutdown_pending = 0; set_signals(); - /* Don't thrash... */ - if (max_spare_threads < min_spare_threads + threads_per_child) - max_spare_threads = min_spare_threads + threads_per_child; + + /* Don't thrash since num_buckets depends on the + * system and the number of online CPU cores... + */ + if (ap_daemons_limit < num_buckets) + ap_daemons_limit = num_buckets; + if (ap_daemons_to_start < num_buckets) + ap_daemons_to_start = num_buckets; + if (min_spare_threads < threads_per_child * num_buckets) + min_spare_threads = threads_per_child * num_buckets; + if (max_spare_threads < min_spare_threads + threads_per_child * num_buckets) + max_spare_threads = min_spare_threads + threads_per_child * num_buckets; /* If we're doing a graceful_restart then we're going to see a lot * of children exiting immediately when we get into the main loop @@ -1823,20 +1865,26 @@ static int worker_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf, APLOGNO(00293) "Server built: %s", ap_get_server_built()); ap_log_command_line(plog, s); + ap_log_mpm_common(s); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, APLOGNO(00294) "Accept mutex: %s (default: %s)", - apr_proc_mutex_name(accept_mutex), + (all_buckets[0].mutex) + ? apr_proc_mutex_name(all_buckets[0].mutex) + : "none", apr_proc_mutex_defname()); mpm_state = AP_MPMQ_RUNNING; - server_main_loop(remaining_children_to_start); + server_main_loop(remaining_children_to_start, num_buckets); mpm_state = AP_MPMQ_STOPPING; if (shutdown_pending && !retained->is_graceful) { /* Time to shut down: * Kill child processes, tell them to call child_exit, etc... */ - ap_mpm_podx_killpg(pod, ap_daemons_limit, AP_MPM_PODX_RESTART); + for (i = 0; i < num_buckets; i++) { + ap_mpm_podx_killpg(all_buckets[i].pod, ap_daemons_limit, + AP_MPM_PODX_RESTART); + } ap_reclaim_child_processes(1, /* Start with SIGTERM */ worker_note_child_killed); @@ -1857,7 +1905,11 @@ static int worker_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) /* Close our listeners, and then ask our children to do same */ ap_close_listeners(); - ap_mpm_podx_killpg(pod, ap_daemons_limit, AP_MPM_PODX_GRACEFUL); + + for (i = 0; i < num_buckets; i++) { + ap_mpm_podx_killpg(all_buckets[i].pod, ap_daemons_limit, + AP_MPM_PODX_GRACEFUL); + } ap_relieve_child_processes(worker_note_child_killed); if (!child_fatal) { @@ -1897,7 +1949,10 @@ static int worker_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) * way, try and make sure that all of our processes are * really dead. */ - ap_mpm_podx_killpg(pod, ap_daemons_limit, AP_MPM_PODX_RESTART); + for (i = 0; i < num_buckets; i++) { + ap_mpm_podx_killpg(all_buckets[i].pod, ap_daemons_limit, + AP_MPM_PODX_RESTART); + } ap_reclaim_child_processes(1, worker_note_child_killed); return DONE; @@ -1922,8 +1977,10 @@ static int worker_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, APLOGNO(00297) AP_SIG_GRACEFUL_STRING " received. Doing graceful restart"); /* wake up the children...time to die. But we'll have more soon */ - ap_mpm_podx_killpg(pod, ap_daemons_limit, AP_MPM_PODX_GRACEFUL); - + for (i = 0; i < num_buckets; i++) { + ap_mpm_podx_killpg(all_buckets[i].pod, ap_daemons_limit, + AP_MPM_PODX_GRACEFUL); + } /* This is mostly for debugging... so that we know what is still * gracefully dealing with existing request. @@ -1935,7 +1992,10 @@ static int worker_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s) * and a SIGHUP, we may as well use the same signal, because some user * pthreads are stealing signals from us left and right. */ - ap_mpm_podx_killpg(pod, ap_daemons_limit, AP_MPM_PODX_RESTART); + for (i = 0; i < num_buckets; i++) { + ap_mpm_podx_killpg(all_buckets[i].pod, ap_daemons_limit, + AP_MPM_PODX_RESTART); + } ap_reclaim_child_processes(1, /* Start with SIGTERM */ worker_note_child_killed); @@ -1953,7 +2013,11 @@ static int worker_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, { int startup = 0; int level_flags = 0; + int num_buckets = 0; + ap_listen_rec **listen_buckets; apr_status_t rv; + char id[16]; + int i; pconf = p; @@ -1970,14 +2034,72 @@ static int worker_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, return DONE; } - if (!one_process) { - if ((rv = ap_mpm_podx_open(pconf, &pod))) { + if (one_process) { + num_buckets = 1; + } + else if (retained->is_graceful) { + /* Preserve the number of buckets on graceful restarts. */ + num_buckets = retained->num_buckets; + } + if ((rv = ap_duplicate_listeners(pconf, ap_server_conf, + &listen_buckets, &num_buckets))) { + ap_log_error(APLOG_MARK, APLOG_CRIT | level_flags, rv, + (startup ? NULL : s), + "could not duplicate listeners"); + return DONE; + } + + all_buckets = apr_pcalloc(pconf, num_buckets * sizeof(*all_buckets)); + for (i = 0; i < num_buckets; i++) { + if (!one_process && /* no POD in one_process mode */ + (rv = ap_mpm_podx_open(pconf, &all_buckets[i].pod))) { ap_log_error(APLOG_MARK, APLOG_CRIT | level_flags, rv, (startup ? NULL : s), "could not open pipe-of-death"); return DONE; } + /* Initialize cross-process accept lock (safe accept needed only) */ + if ((rv = SAFE_ACCEPT((apr_snprintf(id, sizeof id, "%i", i), + ap_proc_mutex_create(&all_buckets[i].mutex, + NULL, AP_ACCEPT_MUTEX_TYPE, + id, s, pconf, 0))))) { + ap_log_error(APLOG_MARK, APLOG_CRIT | level_flags, rv, + (startup ? NULL : s), + "could not create accept mutex"); + return DONE; + } + all_buckets[i].listeners = listen_buckets[i]; } + + if (retained->max_buckets < num_buckets) { + int new_max, *new_ptr; + new_max = retained->max_buckets * 2; + if (new_max < num_buckets) { + new_max = num_buckets; + } + new_ptr = (int *)apr_palloc(ap_pglobal, new_max * sizeof(int)); + memcpy(new_ptr, retained->idle_spawn_rate, + retained->num_buckets * sizeof(int)); + retained->idle_spawn_rate = new_ptr; + retained->max_buckets = new_max; + } + if (retained->num_buckets < num_buckets) { + int rate_max = 1; + /* If new buckets are added, set their idle spawn rate to + * the highest so far, so that they get filled as quickly + * as the existing ones. + */ + for (i = 0; i < retained->num_buckets; i++) { + if (rate_max < retained->idle_spawn_rate[i]) { + rate_max = retained->idle_spawn_rate[i]; + } + } + for (/* up to date i */; i < num_buckets; i++) { + retained->idle_spawn_rate[i] = rate_max; + } + } + retained->num_buckets = num_buckets; + return OK; } @@ -2009,7 +2131,6 @@ static int worker_pre_config(apr_pool_t *pconf, apr_pool_t *plog, if (!retained) { retained = ap_retained_data_create(userdata_key, sizeof(*retained)); retained->max_daemons_limit = -1; - retained->idle_spawn_rate = 1; } ++retained->module_loads; if (retained->module_loads == 2) { @@ -2241,7 +2362,7 @@ static int worker_check_config(apr_pool_t *p, apr_pool_t *plog, } /* ap_daemons_to_start > ap_daemons_limit checked in worker_run() */ - if (ap_daemons_to_start < 0) { + if (ap_daemons_to_start < 1) { if (startup) { ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_STARTUP, 0, NULL, APLOGNO(00320) "WARNING: StartServers of %d not allowed, " diff --git a/server/protocol.c b/server/protocol.c index 8ebf4f41..fc507fa0 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -67,6 +67,9 @@ APR_HOOK_STRUCT( APR_HOOK_LINK(http_scheme) APR_HOOK_LINK(default_port) APR_HOOK_LINK(note_auth_failure) + APR_HOOK_LINK(protocol_propose) + APR_HOOK_LINK(protocol_switch) + APR_HOOK_LINK(protocol_get) ) AP_DECLARE_DATA ap_filter_rec_t *ap_old_write_func = NULL; @@ -1790,6 +1793,150 @@ AP_DECLARE(void) ap_send_interim_response(request_rec *r, int send_headers) apr_brigade_destroy(x.bb); } +/* + * Compare two protocol identifier. Result is similar to strcmp(): + * 0 gives same precedence, >0 means proto1 is preferred. + */ +static int protocol_cmp(const apr_array_header_t *preferences, + const char *proto1, + const char *proto2) +{ + if (preferences && preferences->nelts > 0) { + int index1 = ap_array_str_index(preferences, proto1, 0); + int index2 = ap_array_str_index(preferences, proto2, 0); + if (index2 > index1) { + return (index1 >= 0) ? 1 : -1; + } + else if (index1 > index2) { + return (index2 >= 0) ? -1 : 1; + } + } + /* both have the same index (mabye -1 or no pref configured) and we compare + * the names so that spdy3 gets precedence over spdy2. That makes + * the outcome at least deterministic. */ + return strcmp(proto1, proto2); +} + +AP_DECLARE(const char *) ap_get_protocol(conn_rec *c) +{ + const char *protocol = ap_run_protocol_get(c); + return protocol? protocol : AP_PROTOCOL_HTTP1; +} + +AP_DECLARE(const char *) ap_select_protocol(conn_rec *c, request_rec *r, + server_rec *s, + const apr_array_header_t *choices) +{ + apr_pool_t *pool = r? r->pool : c->pool; + core_server_config *conf = ap_get_core_module_config(s->module_config); + const char *protocol = NULL, *existing; + apr_array_header_t *proposals; + + if (APLOGcdebug(c)) { + const char *p = apr_array_pstrcat(pool, conf->protocols, ','); + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, + "select protocol from %s, choices=%s for server %s", + p, apr_array_pstrcat(pool, choices, ','), + s->server_hostname); + } + + if (conf->protocols->nelts <= 0) { + /* nothing configured, by default, we only allow http/1.1 here. + * For now... + */ + if (ap_array_str_contains(choices, AP_PROTOCOL_HTTP1)) { + return AP_PROTOCOL_HTTP1; + } + else { + return NULL; + } + } + + proposals = apr_array_make(pool, choices->nelts + 1, sizeof(char *)); + ap_run_protocol_propose(c, r, s, choices, proposals); + + /* If the existing protocol has not been proposed, but is a choice, + * add it to the proposals implicitly. + */ + existing = ap_get_protocol(c); + if (!ap_array_str_contains(proposals, existing) + && ap_array_str_contains(choices, existing)) { + APR_ARRAY_PUSH(proposals, const char*) = existing; + } + + if (proposals->nelts > 0) { + int i; + const apr_array_header_t *prefs = NULL; + + /* Default for protocols_honor_order is 'on' or != 0 */ + if (conf->protocols_honor_order == 0 && choices->nelts > 0) { + prefs = choices; + } + else { + prefs = conf->protocols; + } + + /* Select the most preferred protocol */ + if (APLOGcdebug(c)) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, + "select protocol, proposals=%s preferences=%s configured=%s", + apr_array_pstrcat(pool, proposals, ','), + apr_array_pstrcat(pool, prefs, ','), + apr_array_pstrcat(pool, conf->protocols, ',')); + } + for (i = 0; i < proposals->nelts; ++i) { + const char *p = APR_ARRAY_IDX(proposals, i, const char *); + if (!ap_array_str_contains(conf->protocols, p)) { + /* not a configured protocol here */ + continue; + } + else if (!protocol + || (protocol_cmp(prefs, protocol, p) < 0)) { + /* none selected yet or this one has preference */ + protocol = p; + } + } + } + if (APLOGcdebug(c)) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "selected protocol=%s", + protocol? protocol : "(none)"); + } + + return protocol; +} + +AP_DECLARE(apr_status_t) ap_switch_protocol(conn_rec *c, request_rec *r, + server_rec *s, + const char *protocol) +{ + const char *current = ap_get_protocol(c); + int rc; + + if (!strcmp(current, protocol)) { + ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c, APLOGNO(02906) + "already at it, protocol_switch to %s", + protocol); + return APR_SUCCESS; + } + + rc = ap_run_protocol_switch(c, r, s, protocol); + switch (rc) { + case DECLINED: + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02907) + "no implementation for protocol_switch to %s", + protocol); + return APR_ENOTIMPL; + case OK: + case DONE: + return APR_SUCCESS; + default: + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02905) + "unexpected return code %d from protocol_switch to %s" + , rc, protocol); + return APR_EOF; + } +} + AP_IMPLEMENT_HOOK_VOID(pre_read_request, (request_rec *r, conn_rec *c), @@ -1805,3 +1952,14 @@ AP_IMPLEMENT_HOOK_RUN_FIRST(unsigned short,default_port, AP_IMPLEMENT_HOOK_RUN_FIRST(int, note_auth_failure, (request_rec *r, const char *auth_type), (r, auth_type), DECLINED) +AP_IMPLEMENT_HOOK_RUN_ALL(int,protocol_propose, + (conn_rec *c, request_rec *r, server_rec *s, + const apr_array_header_t *offers, + apr_array_header_t *proposals), + (c, r, s, offers, proposals), OK, DECLINED) +AP_IMPLEMENT_HOOK_RUN_FIRST(int,protocol_switch, + (conn_rec *c, request_rec *r, server_rec *s, + const char *protocol), + (c, r, s, protocol), DECLINED) +AP_IMPLEMENT_HOOK_RUN_FIRST(const char *,protocol_get, + (const conn_rec *c), (c), NULL) diff --git a/server/request.c b/server/request.c index 750b1511..849aad18 100644 --- a/server/request.c +++ b/server/request.c @@ -568,10 +568,9 @@ static void core_opts_merge(const ap_conf_vector_t *sec, core_opts_t *opts) opts->override_opts = this_dir->override_opts; } - if (this_dir->override_list != NULL) { + if (this_dir->override_list != NULL) { opts->override_list = this_dir->override_list; - } - + } } @@ -614,7 +613,7 @@ AP_DECLARE(int) ap_directory_walk(request_rec *r) ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00029) "Module bug? Request filename is missing for URI %s", r->uri); - return OK; + return OK; } /* Canonicalize the file path without resolving filename case or aliases diff --git a/server/util.c b/server/util.c index 464b07f4..916213c3 100644 --- a/server/util.c +++ b/server/util.c @@ -1451,6 +1451,95 @@ AP_DECLARE(int) ap_find_etag_weak(apr_pool_t *p, const char *line, return find_list_item(p, line, tok, AP_ETAG_WEAK); } +/* Grab a list of tokens of the format 1#token (from RFC7230) */ +AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, + const char *str_in, + apr_array_header_t **tokens, + int skip_invalid) +{ + int in_leading_space = 1; + int in_trailing_space = 0; + int string_end = 0; + const char *tok_begin; + const char *cur; + + if (!str_in) { + return NULL; + } + + tok_begin = cur = str_in; + + while (!string_end) { + const unsigned char c = (unsigned char)*cur; + + if (!TEST_CHAR(c, T_HTTP_TOKEN_STOP) && c != '\0') { + /* Non-separator character; we are finished with leading + * whitespace. We must never have encountered any trailing + * whitespace before the delimiter (comma) */ + in_leading_space = 0; + if (in_trailing_space) { + return "Encountered illegal whitespace in token"; + } + } + else if (c == ' ' || c == '\t') { + /* "Linear whitespace" only includes ASCII CRLF, space, and tab; + * we can't get a CRLF since headers are split on them already, + * so only look for a space or a tab */ + if (in_leading_space) { + /* We're still in leading whitespace */ + ++tok_begin; + } + else { + /* We must be in trailing whitespace */ + ++in_trailing_space; + } + } + else if (c == ',' || c == '\0') { + if (!in_leading_space) { + /* If we're out of the leading space, we know we've read some + * characters of a token */ + if (*tokens == NULL) { + *tokens = apr_array_make(p, 4, sizeof(char *)); + } + APR_ARRAY_PUSH(*tokens, char *) = + apr_pstrmemdup((*tokens)->pool, tok_begin, + (cur - tok_begin) - in_trailing_space); + } + /* We're allowed to have null elements, just don't add them to the + * array */ + + tok_begin = cur + 1; + in_leading_space = 1; + in_trailing_space = 0; + string_end = (c == '\0'); + } + else { + /* Encountered illegal separator char */ + if (skip_invalid) { + /* Skip to the next separator */ + const char *temp; + temp = ap_strchr_c(cur, ','); + if(!temp) { + temp = ap_strchr_c(cur, '\0'); + } + + /* Act like we haven't seen a token so we reset */ + cur = temp - 1; + in_leading_space = 1; + in_trailing_space = 0; + } + else { + return apr_psprintf(p, "Encountered illegal separator " + "'\\x%.2x'", (unsigned int)c); + } + } + + ++cur; + } + + return NULL; +} + /* Retrieve a token, spacing over it and returning a pointer to * the first non-white byte afterwards. Note that these tokens * are delimited by semis and commas; and can also be delimited @@ -3005,3 +3094,28 @@ AP_DECLARE(char *) ap_get_exec_line(apr_pool_t *p, return apr_pstrndup(p, buf, k); } + +AP_DECLARE(int) ap_array_str_index(const apr_array_header_t *array, + const char *s, + int start) +{ + if (start >= 0) { + int i; + + for (i = start; i < array->nelts; i++) { + const char *p = APR_ARRAY_IDX(array, i, const char *); + if (!strcmp(p, s)) { + return i; + } + } + } + + return -1; +} + +AP_DECLARE(int) ap_array_str_contains(const apr_array_header_t *array, + const char *s) +{ + return (ap_array_str_index(array, s, 0) >= 0); +} + diff --git a/server/util_script.c b/server/util_script.c index a8d9ebc4..14991cd0 100644 --- a/server/util_script.c +++ b/server/util_script.c @@ -282,12 +282,25 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r) /* Apache custom error responses. If we have redirected set two new vars */ if (r->prev) { + /* PR#57785: reconstruct full URL here */ + apr_uri_t *uri = &r->prev->parsed_uri; + if (!uri->scheme) { + uri->scheme = (char*)ap_http_scheme(r->prev); + } + if (!uri->port) { + uri->port = ap_get_server_port(r->prev); + uri->port_str = apr_psprintf(r->pool, "%u", uri->port); + } + if (!uri->hostname) { + uri->hostname = (char*)ap_get_server_name_for_url(r->prev); + } add_unless_null(e, "REDIRECT_QUERY_STRING", r->prev->args); - add_unless_null(e, "REDIRECT_URL", r->prev->uri); + add_unless_null(e, "REDIRECT_URL", + apr_uri_unparse(r->pool, uri, 0)); } if (e != r->subprocess_env) { - apr_table_overlap(r->subprocess_env, e, APR_OVERLAP_TABLES_SET); + apr_table_overlap(r->subprocess_env, e, APR_OVERLAP_TABLES_SET); } } diff --git a/support/ab.c b/support/ab.c index 5ba5d67c..46fa3b86 100644 --- a/support/ab.c +++ b/support/ab.c @@ -1222,7 +1222,7 @@ static void start_connect(struct connection * c) apr_status_t rv; if (!(started < requests)) - return; + return; c->read = 0; c->bread = 0; @@ -1890,14 +1890,14 @@ static void test(void) static void copyright(void) { if (!use_html) { - printf("This is ApacheBench, Version %s\n", AP_AB_BASEREVISION " <$Revision: 1663405 $>"); + printf("This is ApacheBench, Version %s\n", AP_AB_BASEREVISION " <$Revision: 1706008 $>"); printf("Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/\n"); printf("Licensed to The Apache Software Foundation, http://www.apache.org/\n"); printf("\n"); } else { printf("

    \n"); - printf(" This is ApacheBench, Version %s <%s>
    \n", AP_AB_BASEREVISION, "$Revision: 1663405 $"); + printf(" This is ApacheBench, Version %s <%s>
    \n", AP_AB_BASEREVISION, "$Revision: 1706008 $"); printf(" Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
    \n"); printf(" Licensed to The Apache Software Foundation, http://www.apache.org/
    \n"); printf("

    \n

    \n"); @@ -1961,6 +1961,12 @@ static void usage(const char *progname) #define SSL2_HELP_MSG "" #endif +#ifndef OPENSSL_NO_SSL3 +#define SSL3_HELP_MSG "SSL3, " +#else +#define SSL3_HELP_MSG "" +#endif + #ifdef HAVE_TLSV1_X #define TLS1_X_HELP_MSG ", TLS1.1, TLS1.2" #else @@ -1969,7 +1975,7 @@ static void usage(const char *progname) fprintf(stderr, " -Z ciphersuite Specify SSL/TLS cipher suite (See openssl ciphers)\n"); fprintf(stderr, " -f protocol Specify SSL/TLS protocol\n"); - fprintf(stderr, " (" SSL2_HELP_MSG "SSL3, TLS1" TLS1_X_HELP_MSG " or ALL)\n"); + fprintf(stderr, " (" SSL2_HELP_MSG SSL3_HELP_MSG "TLS1" TLS1_X_HELP_MSG " or ALL)\n"); #endif exit(EINVAL); } @@ -2314,8 +2320,10 @@ int main(int argc, const char * const argv[]) } else if (strncasecmp(opt_arg, "SSL2", 4) == 0) { meth = SSLv2_client_method(); #endif +#ifndef OPENSSL_NO_SSL3 } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) { meth = SSLv3_client_method(); +#endif #ifdef HAVE_TLSV1_X } else if (strncasecmp(opt_arg, "TLS1.1", 6) == 0) { meth = TLSv1_1_client_method(); diff --git a/support/htdbm.c b/support/htdbm.c index 1cd0591f..40a3d232 100644 --- a/support/htdbm.c +++ b/support/htdbm.c @@ -345,7 +345,7 @@ int main(int argc, const char * const argv[]) case 'n': need_file = 0; cmd = HTDBM_NOFILE; - args_left--; + args_left--; break; case 'l': need_pwd = 0; diff --git a/support/logresolve.c b/support/logresolve.c index b0ba6ec1..71dca452 100644 --- a/support/logresolve.c +++ b/support/logresolve.c @@ -122,7 +122,7 @@ static void usage(void) "Options:" NL " -s Record statistics to STATFILE when finished." NL NL - " -c Perform double lookups when resolving IP addresses." NL, + " -c Perform double lookups when resolving IP addresses." NL, shortname, shortname); exit(1); } @@ -200,7 +200,7 @@ int main(int argc, const char * const argv[]) apr_file_buffer_set(outfile, outbuffer, WRITE_BUF_SIZE); cache = apr_hash_make(pool); - if(apr_pool_create(&pline, pool) != APR_SUCCESS){ + if (apr_pool_create(&pline, pool) != APR_SUCCESS) { return 1; } @@ -220,7 +220,7 @@ int main(int argc, const char * const argv[]) /* Check if this could even be an IP address */ if (!apr_isxdigit(line[0]) && line[0] != ':') { - withname++; + withname++; apr_file_puts(line, outfile); continue; } @@ -315,7 +315,7 @@ int main(int argc, const char * const argv[]) if (stats) { apr_file_t *statsfile; if (apr_file_open(&statsfile, stats, - APR_FOPEN_WRITE | APR_FOPEN_CREATE | APR_FOPEN_TRUNCATE, + APR_FOPEN_WRITE | APR_FOPEN_CREATE | APR_FOPEN_TRUNCATE, APR_OS_DEFAULT, pool) != APR_SUCCESS) { apr_file_printf(errfile, "%s: Could not open %s for writing.", shortname, stats); diff --git a/support/passwd_common.c b/support/passwd_common.c index 343fa790..113236c3 100644 --- a/support/passwd_common.c +++ b/support/passwd_common.c @@ -99,9 +99,9 @@ static int generate_salt(char *s, size_t size, const char **errstr, size--; val >>= 6; bits -= 6; - } - *s = '\0'; - return 0; + } + *s = '\0'; + return 0; } void putline(apr_file_t *f, const char *l) -- cgit v1.2.3 From 48eddd3d39fa2668ee29198ebfb33c41d4738c21 Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Sat, 9 Apr 2016 13:46:36 +0200 Subject: Imported Upstream version 2.4.20 --- Apache-apr2.dsw | 27 - Apache.dsw | 30 - CHANGES | 260 +- CMakeLists.txt | 23 +- Makefile.in | 1 + Makefile.win | 9 +- NOTICE | 2 +- NWGNUmakefile | 1 + README.cmake | 3 +- acinclude.m4 | 8 + configure | 11720 ++++++++++--------- docs/conf/mime.types | 2 +- docs/manual/bind.html.de | 4 +- docs/manual/bind.html.en | 4 +- docs/manual/bind.html.fr | 4 +- docs/manual/bind.html.ja.utf8 | 4 +- docs/manual/bind.html.ko.euc-kr | 4 +- docs/manual/bind.html.tr.utf8 | 4 +- docs/manual/caching.html.en | 4 +- docs/manual/caching.html.fr | 4 +- docs/manual/caching.html.tr.utf8 | 4 +- docs/manual/configuring.html.de | 4 +- docs/manual/configuring.html.en | 4 +- docs/manual/configuring.html.fr | 4 +- docs/manual/configuring.html.ja.utf8 | 4 +- docs/manual/configuring.html.ko.euc-kr | 4 +- docs/manual/configuring.html.tr.utf8 | 4 +- docs/manual/content-negotiation.html.en | 4 +- docs/manual/content-negotiation.html.fr | 4 +- docs/manual/content-negotiation.html.ja.utf8 | 4 +- docs/manual/content-negotiation.html.ko.euc-kr | 4 +- docs/manual/content-negotiation.html.tr.utf8 | 4 +- docs/manual/convenience.map | 6 + docs/manual/custom-error.html.en | 4 +- docs/manual/custom-error.html.es | 4 +- docs/manual/custom-error.html.fr | 4 +- docs/manual/custom-error.html.ja.utf8 | 4 +- docs/manual/custom-error.html.ko.euc-kr | 4 +- docs/manual/custom-error.html.tr.utf8 | 4 +- docs/manual/developer/API.html.en | 4 +- docs/manual/developer/debugging.html.en | 4 +- docs/manual/developer/documenting.html.en | 4 +- docs/manual/developer/documenting.html.zh-cn.utf8 | 4 +- docs/manual/developer/filters.html.en | 18 +- docs/manual/developer/hooks.html.en | 27 +- docs/manual/developer/index.html.en | 13 +- docs/manual/developer/index.html.zh-cn.utf8 | 4 +- docs/manual/developer/modguide.html.en | 4 +- docs/manual/developer/modules.html.en | 4 +- docs/manual/developer/modules.html.ja.utf8 | 4 +- docs/manual/developer/new_api_2_4.html.en | 4 +- docs/manual/developer/output-filters.html.en | 4 +- docs/manual/developer/request.html.en | 12 +- docs/manual/developer/thread_safety.html.en | 4 +- docs/manual/dns-caveats.html.en | 4 +- docs/manual/dns-caveats.html.fr | 4 +- docs/manual/dns-caveats.html.ja.utf8 | 4 +- docs/manual/dns-caveats.html.ko.euc-kr | 4 +- docs/manual/dns-caveats.html.tr.utf8 | 4 +- docs/manual/dso.html.en | 4 +- docs/manual/dso.html.fr | 4 +- docs/manual/dso.html.ja.utf8 | 4 +- docs/manual/dso.html.ko.euc-kr | 4 +- docs/manual/dso.html.tr.utf8 | 4 +- docs/manual/env.html.en | 4 +- docs/manual/env.html.fr | 4 +- docs/manual/env.html.ja.utf8 | 4 +- docs/manual/env.html.ko.euc-kr | 4 +- docs/manual/env.html.tr.utf8 | 4 +- docs/manual/expr.html.en | 32 +- docs/manual/expr.html.fr | 33 +- docs/manual/faq/index.html.en | 4 +- docs/manual/faq/index.html.fr | 4 +- docs/manual/faq/index.html.tr.utf8 | 4 +- docs/manual/faq/index.html.zh-cn.utf8 | 4 +- docs/manual/filter.html.en | 4 +- docs/manual/filter.html.es | 4 +- docs/manual/filter.html.fr | 4 +- docs/manual/filter.html.ja.utf8 | 4 +- docs/manual/filter.html.ko.euc-kr | 4 +- docs/manual/filter.html.tr.utf8 | 4 +- docs/manual/getting-started.html.en | 4 +- docs/manual/getting-started.html.fr | 4 +- docs/manual/glossary.html.de | 4 +- docs/manual/glossary.html.en | 4 +- docs/manual/glossary.html.es | 4 +- docs/manual/glossary.html.fr | 4 +- docs/manual/glossary.html.ja.utf8 | 4 +- docs/manual/glossary.html.ko.euc-kr | 4 +- docs/manual/glossary.html.tr.utf8 | 4 +- docs/manual/handler.html.en | 4 +- docs/manual/handler.html.es | 4 +- docs/manual/handler.html.fr | 4 +- docs/manual/handler.html.ja.utf8 | 4 +- docs/manual/handler.html.ko.euc-kr | 4 +- docs/manual/handler.html.tr.utf8 | 4 +- docs/manual/handler.html.zh-cn.utf8 | 4 +- docs/manual/howto/access.html.en | 9 +- docs/manual/howto/access.html.fr | 9 +- docs/manual/howto/auth.html.en | 4 +- docs/manual/howto/auth.html.fr | 4 +- docs/manual/howto/auth.html.ja.utf8 | 4 +- docs/manual/howto/auth.html.ko.euc-kr | 4 +- docs/manual/howto/auth.html.tr.utf8 | 4 +- docs/manual/howto/cgi.html.en | 4 +- docs/manual/howto/cgi.html.fr | 4 +- docs/manual/howto/cgi.html.ja.utf8 | 4 +- docs/manual/howto/cgi.html.ko.euc-kr | 4 +- docs/manual/howto/htaccess.html.en | 4 +- docs/manual/howto/htaccess.html.fr | 4 +- docs/manual/howto/htaccess.html.ja.utf8 | 4 +- docs/manual/howto/htaccess.html.ko.euc-kr | 4 +- docs/manual/howto/htaccess.html.pt-br | 4 +- docs/manual/howto/index.html.en | 17 +- docs/manual/howto/index.html.fr | 18 +- docs/manual/howto/index.html.ja.utf8 | 8 +- docs/manual/howto/index.html.ko.euc-kr | 4 +- docs/manual/howto/index.html.zh-cn.utf8 | 4 +- docs/manual/howto/public_html.html.en | 4 +- docs/manual/howto/public_html.html.fr | 4 +- docs/manual/howto/public_html.html.ja.utf8 | 4 +- docs/manual/howto/public_html.html.ko.euc-kr | 4 +- docs/manual/howto/public_html.html.tr.utf8 | 4 +- docs/manual/howto/reverse_proxy.html | 5 + docs/manual/howto/reverse_proxy.html.en | 340 + docs/manual/howto/ssi.html.en | 4 +- docs/manual/howto/ssi.html.fr | 4 +- docs/manual/howto/ssi.html.ja.utf8 | 4 +- docs/manual/howto/ssi.html.ko.euc-kr | 4 +- docs/manual/images/bal-man-b.png | Bin 0 -> 321860 bytes docs/manual/images/bal-man-w.png | Bin 0 -> 374905 bytes docs/manual/images/bal-man.png | Bin 0 -> 255941 bytes docs/manual/images/favicon.ico | Bin 1078 -> 1086 bytes docs/manual/images/feather.gif | Bin 6471 -> 3656 bytes docs/manual/images/feather.png | Bin 5768 -> 6090 bytes docs/manual/images/reverse-proxy-arch.png | Bin 0 -> 11702 bytes docs/manual/index.html.da | 4 +- docs/manual/index.html.de | 7 +- docs/manual/index.html.en | 8 +- docs/manual/index.html.es | 4 +- docs/manual/index.html.fr | 6 +- docs/manual/index.html.ja.utf8 | 8 +- docs/manual/index.html.ko.euc-kr | 4 +- docs/manual/index.html.pt-br | 4 +- docs/manual/index.html.tr.utf8 | 5 +- docs/manual/index.html.zh-cn.utf8 | 4 +- docs/manual/install.html.de | 4 +- docs/manual/install.html.en | 4 +- docs/manual/install.html.es | 4 +- docs/manual/install.html.fr | 4 +- docs/manual/install.html.ja.utf8 | 4 +- docs/manual/install.html.ko.euc-kr | 4 +- docs/manual/install.html.tr.utf8 | 4 +- docs/manual/invoking.html.de | 4 +- docs/manual/invoking.html.en | 4 +- docs/manual/invoking.html.es | 4 +- docs/manual/invoking.html.fr | 4 +- docs/manual/invoking.html.ja.utf8 | 4 +- docs/manual/invoking.html.ko.euc-kr | 4 +- docs/manual/invoking.html.tr.utf8 | 4 +- docs/manual/license.html.en | 4 +- docs/manual/logs.html.en | 4 +- docs/manual/logs.html.fr | 4 +- docs/manual/logs.html.ja.utf8 | 4 +- docs/manual/logs.html.ko.euc-kr | 4 +- docs/manual/logs.html.tr.utf8 | 4 +- docs/manual/misc/index.html.en | 4 +- docs/manual/misc/index.html.fr | 4 +- docs/manual/misc/index.html.ko.euc-kr | 4 +- docs/manual/misc/index.html.tr.utf8 | 4 +- docs/manual/misc/index.html.zh-cn.utf8 | 4 +- docs/manual/misc/password_encryptions.html.en | 10 +- docs/manual/misc/password_encryptions.html.fr | 10 +- docs/manual/misc/perf-tuning.html.en | 4 +- docs/manual/misc/perf-tuning.html.fr | 4 +- docs/manual/misc/perf-tuning.html.ko.euc-kr | 4 +- docs/manual/misc/perf-tuning.html.tr.utf8 | 4 +- docs/manual/misc/relevant_standards.html.en | 4 +- docs/manual/misc/relevant_standards.html.fr | 4 +- docs/manual/misc/relevant_standards.html.ko.euc-kr | 4 +- docs/manual/misc/security_tips.html.en | 4 +- docs/manual/misc/security_tips.html.fr | 4 +- docs/manual/misc/security_tips.html.ko.euc-kr | 4 +- docs/manual/misc/security_tips.html.tr.utf8 | 4 +- docs/manual/mod/core.html.de | 8 +- docs/manual/mod/core.html.en | 64 +- docs/manual/mod/core.html.es | 8 +- docs/manual/mod/core.html.fr | 59 +- docs/manual/mod/core.html.ja.utf8 | 8 +- docs/manual/mod/core.html.tr.utf8 | 81 +- docs/manual/mod/directive-dict.html.en | 4 +- docs/manual/mod/directive-dict.html.fr | 4 +- docs/manual/mod/directive-dict.html.ja.utf8 | 4 +- docs/manual/mod/directive-dict.html.ko.euc-kr | 4 +- docs/manual/mod/directive-dict.html.tr.utf8 | 4 +- docs/manual/mod/directives.html.de | 12 +- docs/manual/mod/directives.html.en | 12 +- docs/manual/mod/directives.html.es | 12 +- docs/manual/mod/directives.html.fr | 12 +- docs/manual/mod/directives.html.ja.utf8 | 12 +- docs/manual/mod/directives.html.ko.euc-kr | 12 +- docs/manual/mod/directives.html.tr.utf8 | 12 +- docs/manual/mod/directives.html.zh-cn.utf8 | 12 +- docs/manual/mod/event.html.en | 213 +- docs/manual/mod/event.html.fr | 284 +- docs/manual/mod/index.html.de | 4 +- docs/manual/mod/index.html.en | 4 +- docs/manual/mod/index.html.es | 4 +- docs/manual/mod/index.html.fr | 8 +- docs/manual/mod/index.html.ja.utf8 | 4 +- docs/manual/mod/index.html.ko.euc-kr | 4 +- docs/manual/mod/index.html.tr.utf8 | 4 +- docs/manual/mod/index.html.zh-cn.utf8 | 4 +- docs/manual/mod/mod_access_compat.html.en | 4 +- docs/manual/mod/mod_access_compat.html.fr | 4 +- docs/manual/mod/mod_access_compat.html.ja.utf8 | 4 +- docs/manual/mod/mod_actions.html.de | 4 +- docs/manual/mod/mod_actions.html.en | 4 +- docs/manual/mod/mod_actions.html.fr | 4 +- docs/manual/mod/mod_actions.html.ja.utf8 | 4 +- docs/manual/mod/mod_actions.html.ko.euc-kr | 4 +- docs/manual/mod/mod_alias.html.en | 97 +- docs/manual/mod/mod_alias.html.fr | 97 +- docs/manual/mod/mod_alias.html.ja.utf8 | 4 +- docs/manual/mod/mod_alias.html.ko.euc-kr | 4 +- docs/manual/mod/mod_alias.html.tr.utf8 | 99 +- docs/manual/mod/mod_allowmethods.html.en | 4 +- docs/manual/mod/mod_allowmethods.html.fr | 4 +- docs/manual/mod/mod_asis.html.en | 4 +- docs/manual/mod/mod_asis.html.fr | 4 +- docs/manual/mod/mod_asis.html.ja.utf8 | 4 +- docs/manual/mod/mod_asis.html.ko.euc-kr | 4 +- docs/manual/mod/mod_auth_basic.html.en | 4 +- docs/manual/mod/mod_auth_basic.html.fr | 4 +- docs/manual/mod/mod_auth_basic.html.ja.utf8 | 4 +- docs/manual/mod/mod_auth_basic.html.ko.euc-kr | 4 +- docs/manual/mod/mod_auth_digest.html.en | 4 +- docs/manual/mod/mod_auth_digest.html.fr | 4 +- docs/manual/mod/mod_auth_digest.html.ko.euc-kr | 4 +- docs/manual/mod/mod_auth_form.html.en | 4 +- docs/manual/mod/mod_auth_form.html.fr | 4 +- docs/manual/mod/mod_authn_anon.html.en | 4 +- docs/manual/mod/mod_authn_anon.html.fr | 4 +- docs/manual/mod/mod_authn_anon.html.ja.utf8 | 4 +- docs/manual/mod/mod_authn_anon.html.ko.euc-kr | 4 +- docs/manual/mod/mod_authn_core.html.en | 4 +- docs/manual/mod/mod_authn_core.html.fr | 4 +- docs/manual/mod/mod_authn_dbd.html.en | 4 +- docs/manual/mod/mod_authn_dbd.html.fr | 4 +- docs/manual/mod/mod_authn_dbm.html.en | 4 +- docs/manual/mod/mod_authn_dbm.html.fr | 4 +- docs/manual/mod/mod_authn_dbm.html.ja.utf8 | 4 +- docs/manual/mod/mod_authn_dbm.html.ko.euc-kr | 4 +- docs/manual/mod/mod_authn_file.html.en | 4 +- docs/manual/mod/mod_authn_file.html.fr | 4 +- docs/manual/mod/mod_authn_file.html.ja.utf8 | 4 +- docs/manual/mod/mod_authn_file.html.ko.euc-kr | 4 +- docs/manual/mod/mod_authn_socache.html.en | 4 +- docs/manual/mod/mod_authn_socache.html.fr | 4 +- docs/manual/mod/mod_authnz_fcgi.html.en | 16 +- docs/manual/mod/mod_authnz_ldap.html.en | 35 +- docs/manual/mod/mod_authnz_ldap.html.fr | 38 +- docs/manual/mod/mod_authz_core.html.en | 4 +- docs/manual/mod/mod_authz_core.html.fr | 4 +- docs/manual/mod/mod_authz_dbd.html.en | 4 +- docs/manual/mod/mod_authz_dbd.html.fr | 4 +- docs/manual/mod/mod_authz_dbm.html.en | 4 +- docs/manual/mod/mod_authz_dbm.html.fr | 4 +- docs/manual/mod/mod_authz_dbm.html.ko.euc-kr | 4 +- docs/manual/mod/mod_authz_groupfile.html.en | 4 +- docs/manual/mod/mod_authz_groupfile.html.fr | 4 +- docs/manual/mod/mod_authz_groupfile.html.ja.utf8 | 4 +- docs/manual/mod/mod_authz_groupfile.html.ko.euc-kr | 4 +- docs/manual/mod/mod_authz_host.html.en | 32 +- docs/manual/mod/mod_authz_host.html.fr | 39 +- docs/manual/mod/mod_authz_owner.html.en | 4 +- docs/manual/mod/mod_authz_owner.html.fr | 4 +- docs/manual/mod/mod_authz_owner.html.ja.utf8 | 4 +- docs/manual/mod/mod_authz_owner.html.ko.euc-kr | 4 +- docs/manual/mod/mod_authz_user.html.en | 4 +- docs/manual/mod/mod_authz_user.html.fr | 4 +- docs/manual/mod/mod_authz_user.html.ja.utf8 | 4 +- docs/manual/mod/mod_authz_user.html.ko.euc-kr | 4 +- docs/manual/mod/mod_autoindex.html.en | 4 +- docs/manual/mod/mod_autoindex.html.fr | 4 +- docs/manual/mod/mod_autoindex.html.ja.utf8 | 4 +- docs/manual/mod/mod_autoindex.html.ko.euc-kr | 4 +- docs/manual/mod/mod_autoindex.html.tr.utf8 | 4 +- docs/manual/mod/mod_buffer.html.en | 4 +- docs/manual/mod/mod_buffer.html.fr | 4 +- docs/manual/mod/mod_cache.html.en | 4 +- docs/manual/mod/mod_cache.html.fr | 4 +- docs/manual/mod/mod_cache.html.ja.utf8 | 4 +- docs/manual/mod/mod_cache.html.ko.euc-kr | 4 +- docs/manual/mod/mod_cache_disk.html.en | 4 +- docs/manual/mod/mod_cache_disk.html.fr | 4 +- docs/manual/mod/mod_cache_disk.html.ja.utf8 | 4 +- docs/manual/mod/mod_cache_disk.html.ko.euc-kr | 4 +- docs/manual/mod/mod_cache_socache.html.en | 4 +- docs/manual/mod/mod_cache_socache.html.fr | 4 +- docs/manual/mod/mod_cern_meta.html.en | 4 +- docs/manual/mod/mod_cern_meta.html.fr | 4 +- docs/manual/mod/mod_cern_meta.html.ko.euc-kr | 4 +- docs/manual/mod/mod_cgi.html.en | 29 +- docs/manual/mod/mod_cgi.html.fr | 29 +- docs/manual/mod/mod_cgi.html.ja.utf8 | 8 +- docs/manual/mod/mod_cgi.html.ko.euc-kr | 4 +- docs/manual/mod/mod_cgid.html.en | 4 +- docs/manual/mod/mod_cgid.html.fr | 4 +- docs/manual/mod/mod_cgid.html.ja.utf8 | 4 +- docs/manual/mod/mod_cgid.html.ko.euc-kr | 4 +- docs/manual/mod/mod_charset_lite.html.en | 4 +- docs/manual/mod/mod_charset_lite.html.fr | 4 +- docs/manual/mod/mod_charset_lite.html.ko.euc-kr | 4 +- docs/manual/mod/mod_data.html.en | 4 +- docs/manual/mod/mod_data.html.fr | 4 +- docs/manual/mod/mod_dav.html.en | 4 +- docs/manual/mod/mod_dav.html.fr | 4 +- docs/manual/mod/mod_dav.html.ja.utf8 | 4 +- docs/manual/mod/mod_dav.html.ko.euc-kr | 4 +- docs/manual/mod/mod_dav_fs.html.en | 4 +- docs/manual/mod/mod_dav_fs.html.fr | 4 +- docs/manual/mod/mod_dav_fs.html.ja.utf8 | 4 +- docs/manual/mod/mod_dav_fs.html.ko.euc-kr | 4 +- docs/manual/mod/mod_dav_lock.html.en | 4 +- docs/manual/mod/mod_dav_lock.html.fr | 4 +- docs/manual/mod/mod_dav_lock.html.ja.utf8 | 4 +- docs/manual/mod/mod_dbd.html.en | 4 +- docs/manual/mod/mod_dbd.html.fr | 4 +- docs/manual/mod/mod_deflate.html.en | 22 +- docs/manual/mod/mod_deflate.html.fr | 24 +- docs/manual/mod/mod_deflate.html.ja.utf8 | 4 +- docs/manual/mod/mod_deflate.html.ko.euc-kr | 4 +- docs/manual/mod/mod_dialup.html.en | 6 +- docs/manual/mod/mod_dialup.html.fr | 6 +- docs/manual/mod/mod_dir.html.en | 4 +- docs/manual/mod/mod_dir.html.fr | 4 +- docs/manual/mod/mod_dir.html.ja.utf8 | 4 +- docs/manual/mod/mod_dir.html.ko.euc-kr | 4 +- docs/manual/mod/mod_dir.html.tr.utf8 | 4 +- docs/manual/mod/mod_dumpio.html.en | 4 +- docs/manual/mod/mod_dumpio.html.fr | 4 +- docs/manual/mod/mod_dumpio.html.ja.utf8 | 4 +- docs/manual/mod/mod_echo.html.en | 4 +- docs/manual/mod/mod_echo.html.fr | 4 +- docs/manual/mod/mod_echo.html.ja.utf8 | 4 +- docs/manual/mod/mod_echo.html.ko.euc-kr | 4 +- docs/manual/mod/mod_env.html.en | 4 +- docs/manual/mod/mod_env.html.fr | 4 +- docs/manual/mod/mod_env.html.ja.utf8 | 4 +- docs/manual/mod/mod_env.html.ko.euc-kr | 4 +- docs/manual/mod/mod_env.html.tr.utf8 | 4 +- docs/manual/mod/mod_example_hooks.html.en | 4 +- docs/manual/mod/mod_example_hooks.html.fr | 4 +- docs/manual/mod/mod_example_hooks.html.ko.euc-kr | 4 +- docs/manual/mod/mod_expires.html.en | 4 +- docs/manual/mod/mod_expires.html.fr | 4 +- docs/manual/mod/mod_expires.html.ja.utf8 | 4 +- docs/manual/mod/mod_expires.html.ko.euc-kr | 4 +- docs/manual/mod/mod_ext_filter.html.en | 4 +- docs/manual/mod/mod_ext_filter.html.fr | 4 +- docs/manual/mod/mod_ext_filter.html.ja.utf8 | 4 +- docs/manual/mod/mod_ext_filter.html.ko.euc-kr | 4 +- docs/manual/mod/mod_file_cache.html.en | 4 +- docs/manual/mod/mod_file_cache.html.fr | 4 +- docs/manual/mod/mod_file_cache.html.ko.euc-kr | 4 +- docs/manual/mod/mod_filter.html.en | 4 +- docs/manual/mod/mod_filter.html.fr | 4 +- docs/manual/mod/mod_headers.html.en | 10 +- docs/manual/mod/mod_headers.html.fr | 11 +- docs/manual/mod/mod_headers.html.ja.utf8 | 4 +- docs/manual/mod/mod_headers.html.ko.euc-kr | 4 +- docs/manual/mod/mod_heartbeat.html.en | 4 +- docs/manual/mod/mod_heartbeat.html.fr | 4 +- docs/manual/mod/mod_heartmonitor.html.en | 4 +- docs/manual/mod/mod_heartmonitor.html.fr | 4 +- docs/manual/mod/mod_http2.html.en | 172 +- docs/manual/mod/mod_ident.html.en | 4 +- docs/manual/mod/mod_ident.html.fr | 4 +- docs/manual/mod/mod_ident.html.ja.utf8 | 4 +- docs/manual/mod/mod_ident.html.ko.euc-kr | 4 +- docs/manual/mod/mod_imagemap.html.en | 4 +- docs/manual/mod/mod_imagemap.html.fr | 4 +- docs/manual/mod/mod_imagemap.html.ko.euc-kr | 4 +- docs/manual/mod/mod_include.html.en | 25 +- docs/manual/mod/mod_include.html.fr | 22 +- docs/manual/mod/mod_include.html.ja.utf8 | 4 +- docs/manual/mod/mod_info.html.en | 4 +- docs/manual/mod/mod_info.html.fr | 4 +- docs/manual/mod/mod_info.html.ja.utf8 | 4 +- docs/manual/mod/mod_info.html.ko.euc-kr | 4 +- docs/manual/mod/mod_isapi.html.en | 4 +- docs/manual/mod/mod_isapi.html.fr | 4 +- docs/manual/mod/mod_isapi.html.ko.euc-kr | 4 +- docs/manual/mod/mod_lbmethod_bybusyness.html.en | 4 +- docs/manual/mod/mod_lbmethod_bybusyness.html.fr | 4 +- docs/manual/mod/mod_lbmethod_byrequests.html.en | 4 +- docs/manual/mod/mod_lbmethod_byrequests.html.fr | 4 +- docs/manual/mod/mod_lbmethod_bytraffic.html.en | 4 +- docs/manual/mod/mod_lbmethod_bytraffic.html.fr | 4 +- docs/manual/mod/mod_lbmethod_heartbeat.html.en | 4 +- docs/manual/mod/mod_lbmethod_heartbeat.html.fr | 4 +- docs/manual/mod/mod_ldap.html.en | 4 +- docs/manual/mod/mod_ldap.html.fr | 4 +- docs/manual/mod/mod_log_config.html.en | 34 +- docs/manual/mod/mod_log_config.html.fr | 33 +- docs/manual/mod/mod_log_config.html.ja.utf8 | 20 +- docs/manual/mod/mod_log_config.html.ko.euc-kr | 20 +- docs/manual/mod/mod_log_config.html.tr.utf8 | 34 +- docs/manual/mod/mod_log_debug.html.en | 4 +- docs/manual/mod/mod_log_debug.html.fr | 4 +- docs/manual/mod/mod_log_forensic.html.en | 4 +- docs/manual/mod/mod_log_forensic.html.fr | 4 +- docs/manual/mod/mod_log_forensic.html.ja.utf8 | 4 +- docs/manual/mod/mod_log_forensic.html.tr.utf8 | 4 +- docs/manual/mod/mod_logio.html.en | 4 +- docs/manual/mod/mod_logio.html.fr | 4 +- docs/manual/mod/mod_logio.html.ja.utf8 | 4 +- docs/manual/mod/mod_logio.html.ko.euc-kr | 4 +- docs/manual/mod/mod_logio.html.tr.utf8 | 4 +- docs/manual/mod/mod_lua.html.en | 4 +- docs/manual/mod/mod_lua.html.fr | 4 +- docs/manual/mod/mod_macro.html.en | 23 +- docs/manual/mod/mod_macro.html.fr | 16 +- docs/manual/mod/mod_mime.html.en | 4 +- docs/manual/mod/mod_mime.html.fr | 4 +- docs/manual/mod/mod_mime.html.ja.utf8 | 4 +- docs/manual/mod/mod_mime_magic.html.en | 4 +- docs/manual/mod/mod_mime_magic.html.fr | 4 +- docs/manual/mod/mod_negotiation.html.en | 4 +- docs/manual/mod/mod_negotiation.html.fr | 4 +- docs/manual/mod/mod_negotiation.html.ja.utf8 | 4 +- docs/manual/mod/mod_nw_ssl.html.en | 4 +- docs/manual/mod/mod_nw_ssl.html.fr | 4 +- docs/manual/mod/mod_privileges.html.en | 4 +- docs/manual/mod/mod_privileges.html.fr | 4 +- docs/manual/mod/mod_proxy.html.en | 4 +- docs/manual/mod/mod_proxy.html.fr | 11 +- docs/manual/mod/mod_proxy.html.ja.utf8 | 4 +- docs/manual/mod/mod_proxy_ajp.html.en | 4 +- docs/manual/mod/mod_proxy_ajp.html.fr | 4 +- docs/manual/mod/mod_proxy_ajp.html.ja.utf8 | 4 +- docs/manual/mod/mod_proxy_balancer.html.en | 32 +- docs/manual/mod/mod_proxy_balancer.html.fr | 33 +- docs/manual/mod/mod_proxy_balancer.html.ja.utf8 | 4 +- docs/manual/mod/mod_proxy_connect.html.en | 4 +- docs/manual/mod/mod_proxy_connect.html.fr | 4 +- docs/manual/mod/mod_proxy_connect.html.ja.utf8 | 4 +- docs/manual/mod/mod_proxy_express.html.en | 4 +- docs/manual/mod/mod_proxy_express.html.fr | 4 +- docs/manual/mod/mod_proxy_fcgi.html.en | 4 +- docs/manual/mod/mod_proxy_fcgi.html.fr | 4 +- docs/manual/mod/mod_proxy_fdpass.html.en | 4 +- docs/manual/mod/mod_proxy_fdpass.html.fr | 12 +- docs/manual/mod/mod_proxy_ftp.html.en | 4 +- docs/manual/mod/mod_proxy_ftp.html.fr | 4 +- docs/manual/mod/mod_proxy_html.html.en | 4 +- docs/manual/mod/mod_proxy_html.html.fr | 4 +- docs/manual/mod/mod_proxy_http.html.en | 4 +- docs/manual/mod/mod_proxy_http.html.fr | 4 +- docs/manual/mod/mod_proxy_scgi.html.en | 4 +- docs/manual/mod/mod_proxy_scgi.html.fr | 4 +- docs/manual/mod/mod_proxy_wstunnel.html.en | 18 +- docs/manual/mod/mod_ratelimit.html.en | 4 +- docs/manual/mod/mod_ratelimit.html.fr | 4 +- docs/manual/mod/mod_reflector.html.en | 4 +- docs/manual/mod/mod_reflector.html.fr | 4 +- docs/manual/mod/mod_remoteip.html.en | 4 +- docs/manual/mod/mod_remoteip.html.fr | 71 +- docs/manual/mod/mod_reqtimeout.html.en | 4 +- docs/manual/mod/mod_reqtimeout.html.fr | 4 +- docs/manual/mod/mod_request.html.en | 4 +- docs/manual/mod/mod_request.html.fr | 4 +- docs/manual/mod/mod_request.html.tr.utf8 | 4 +- docs/manual/mod/mod_rewrite.html.en | 233 +- docs/manual/mod/mod_rewrite.html.fr | 230 +- docs/manual/mod/mod_sed.html.en | 4 +- docs/manual/mod/mod_sed.html.fr | 4 +- docs/manual/mod/mod_session.html.en | 4 +- docs/manual/mod/mod_session.html.fr | 4 +- docs/manual/mod/mod_session_cookie.html.en | 4 +- docs/manual/mod/mod_session_cookie.html.fr | 4 +- docs/manual/mod/mod_session_crypto.html.en | 4 +- docs/manual/mod/mod_session_crypto.html.fr | 4 +- docs/manual/mod/mod_session_dbd.html.en | 4 +- docs/manual/mod/mod_session_dbd.html.fr | 4 +- docs/manual/mod/mod_setenvif.html.en | 13 +- docs/manual/mod/mod_setenvif.html.fr | 22 +- docs/manual/mod/mod_setenvif.html.ja.utf8 | 4 +- docs/manual/mod/mod_setenvif.html.ko.euc-kr | 4 +- docs/manual/mod/mod_setenvif.html.tr.utf8 | 14 +- docs/manual/mod/mod_slotmem_plain.html.en | 4 +- docs/manual/mod/mod_slotmem_plain.html.fr | 4 +- docs/manual/mod/mod_slotmem_shm.html.en | 4 +- docs/manual/mod/mod_slotmem_shm.html.fr | 4 +- docs/manual/mod/mod_so.html.en | 20 +- docs/manual/mod/mod_so.html.fr | 23 +- docs/manual/mod/mod_so.html.ja.utf8 | 8 +- docs/manual/mod/mod_so.html.ko.euc-kr | 4 +- docs/manual/mod/mod_so.html.tr.utf8 | 8 +- docs/manual/mod/mod_socache_dbm.html.en | 4 +- docs/manual/mod/mod_socache_dbm.html.fr | 4 +- docs/manual/mod/mod_socache_dc.html.en | 4 +- docs/manual/mod/mod_socache_dc.html.fr | 4 +- docs/manual/mod/mod_socache_memcache.html.en | 4 +- docs/manual/mod/mod_socache_memcache.html.fr | 4 +- docs/manual/mod/mod_socache_shmcb.html.en | 4 +- docs/manual/mod/mod_socache_shmcb.html.fr | 4 +- docs/manual/mod/mod_speling.html.en | 4 +- docs/manual/mod/mod_speling.html.fr | 4 +- docs/manual/mod/mod_speling.html.ja.utf8 | 4 +- docs/manual/mod/mod_speling.html.ko.euc-kr | 4 +- docs/manual/mod/mod_ssl.html.en | 49 +- docs/manual/mod/mod_ssl.html.fr | 53 +- docs/manual/mod/mod_status.html.en | 4 +- docs/manual/mod/mod_status.html.fr | 4 +- docs/manual/mod/mod_status.html.ja.utf8 | 4 +- docs/manual/mod/mod_status.html.ko.euc-kr | 4 +- docs/manual/mod/mod_status.html.tr.utf8 | 4 +- docs/manual/mod/mod_substitute.html.en | 4 +- docs/manual/mod/mod_substitute.html.fr | 4 +- docs/manual/mod/mod_suexec.html.en | 4 +- docs/manual/mod/mod_suexec.html.fr | 4 +- docs/manual/mod/mod_suexec.html.ja.utf8 | 4 +- docs/manual/mod/mod_suexec.html.ko.euc-kr | 4 +- docs/manual/mod/mod_suexec.html.tr.utf8 | 4 +- docs/manual/mod/mod_unique_id.html.en | 4 +- docs/manual/mod/mod_unique_id.html.fr | 4 +- docs/manual/mod/mod_unique_id.html.ja.utf8 | 4 +- docs/manual/mod/mod_unique_id.html.ko.euc-kr | 4 +- docs/manual/mod/mod_unixd.html.en | 4 +- docs/manual/mod/mod_unixd.html.fr | 4 +- docs/manual/mod/mod_unixd.html.tr.utf8 | 4 +- docs/manual/mod/mod_userdir.html.en | 4 +- docs/manual/mod/mod_userdir.html.fr | 4 +- docs/manual/mod/mod_userdir.html.ja.utf8 | 4 +- docs/manual/mod/mod_userdir.html.ko.euc-kr | 4 +- docs/manual/mod/mod_userdir.html.tr.utf8 | 4 +- docs/manual/mod/mod_usertrack.html.en | 4 +- docs/manual/mod/mod_usertrack.html.fr | 4 +- docs/manual/mod/mod_version.html.en | 4 +- docs/manual/mod/mod_version.html.ja.utf8 | 4 +- docs/manual/mod/mod_version.html.ko.euc-kr | 4 +- docs/manual/mod/mod_vhost_alias.html.en | 4 +- docs/manual/mod/mod_vhost_alias.html.fr | 4 +- docs/manual/mod/mod_vhost_alias.html.tr.utf8 | 4 +- docs/manual/mod/mod_watchdog.html.en | 4 +- docs/manual/mod/mod_xml2enc.html.en | 4 +- docs/manual/mod/mod_xml2enc.html.fr | 4 +- docs/manual/mod/module-dict.html.en | 4 +- docs/manual/mod/module-dict.html.fr | 4 +- docs/manual/mod/module-dict.html.ja.utf8 | 4 +- docs/manual/mod/module-dict.html.ko.euc-kr | 4 +- docs/manual/mod/module-dict.html.tr.utf8 | 4 +- docs/manual/mod/mpm_common.html.de | 4 +- docs/manual/mod/mpm_common.html.en | 4 +- docs/manual/mod/mpm_common.html.fr | 4 +- docs/manual/mod/mpm_common.html.ja.utf8 | 4 +- docs/manual/mod/mpm_common.html.tr.utf8 | 77 +- docs/manual/mod/mpm_netware.html.en | 4 +- docs/manual/mod/mpm_netware.html.fr | 4 +- docs/manual/mod/mpm_winnt.html.de | 4 +- docs/manual/mod/mpm_winnt.html.en | 4 +- docs/manual/mod/mpm_winnt.html.fr | 4 +- docs/manual/mod/mpm_winnt.html.ja.utf8 | 4 +- docs/manual/mod/mpmt_os2.html.en | 4 +- docs/manual/mod/mpmt_os2.html.fr | 4 +- docs/manual/mod/prefork.html.de | 4 +- docs/manual/mod/prefork.html.en | 4 +- docs/manual/mod/prefork.html.fr | 4 +- docs/manual/mod/prefork.html.ja.utf8 | 4 +- docs/manual/mod/prefork.html.tr.utf8 | 4 +- docs/manual/mod/quickreference.html.de | 724 +- docs/manual/mod/quickreference.html.en | 724 +- docs/manual/mod/quickreference.html.es | 724 +- docs/manual/mod/quickreference.html.fr | 744 +- docs/manual/mod/quickreference.html.ja.utf8 | 704 +- docs/manual/mod/quickreference.html.ko.euc-kr | 718 +- docs/manual/mod/quickreference.html.tr.utf8 | 736 +- docs/manual/mod/quickreference.html.zh-cn.utf8 | 724 +- docs/manual/mod/worker.html.de | 4 +- docs/manual/mod/worker.html.en | 4 +- docs/manual/mod/worker.html.fr | 4 +- docs/manual/mod/worker.html.ja.utf8 | 4 +- docs/manual/mod/worker.html.tr.utf8 | 4 +- docs/manual/mpm.html.de | 4 +- docs/manual/mpm.html.en | 4 +- docs/manual/mpm.html.es | 4 +- docs/manual/mpm.html.fr | 4 +- docs/manual/mpm.html.ja.utf8 | 4 +- docs/manual/mpm.html.ko.euc-kr | 4 +- docs/manual/mpm.html.tr.utf8 | 4 +- docs/manual/mpm.html.zh-cn.utf8 | 4 +- docs/manual/new_features_2_0.html.de | 4 +- docs/manual/new_features_2_0.html.en | 4 +- docs/manual/new_features_2_0.html.fr | 4 +- docs/manual/new_features_2_0.html.ja.utf8 | 4 +- docs/manual/new_features_2_0.html.ko.euc-kr | 4 +- docs/manual/new_features_2_0.html.pt-br | 4 +- docs/manual/new_features_2_0.html.ru.koi8-r | 4 +- docs/manual/new_features_2_0.html.tr.utf8 | 4 +- docs/manual/new_features_2_2.html.en | 4 +- docs/manual/new_features_2_2.html.fr | 4 +- docs/manual/new_features_2_2.html.ko.euc-kr | 4 +- docs/manual/new_features_2_2.html.pt-br | 4 +- docs/manual/new_features_2_2.html.tr.utf8 | 4 +- docs/manual/new_features_2_4.html.en | 11 +- docs/manual/new_features_2_4.html.fr | 7 +- docs/manual/new_features_2_4.html.tr.utf8 | 7 +- docs/manual/platform/ebcdic.html.en | 4 +- docs/manual/platform/ebcdic.html.ko.euc-kr | 4 +- docs/manual/platform/index.html.en | 4 +- docs/manual/platform/index.html.fr | 4 +- docs/manual/platform/index.html.ko.euc-kr | 4 +- docs/manual/platform/index.html.zh-cn.utf8 | 4 +- docs/manual/platform/netware.html.en | 4 +- docs/manual/platform/netware.html.fr | 4 +- docs/manual/platform/netware.html.ko.euc-kr | 4 +- docs/manual/platform/perf-hp.html.en | 4 +- docs/manual/platform/perf-hp.html.fr | 4 +- docs/manual/platform/perf-hp.html.ko.euc-kr | 4 +- docs/manual/platform/rpm.html.en | 4 +- docs/manual/platform/win_compiling.html.en | 4 +- docs/manual/platform/win_compiling.html.fr | 4 +- docs/manual/platform/win_compiling.html.ko.euc-kr | 4 +- docs/manual/platform/windows.html.en | 4 +- docs/manual/platform/windows.html.fr | 4 +- docs/manual/platform/windows.html.ko.euc-kr | 4 +- docs/manual/programs/ab.html.en | 4 +- docs/manual/programs/ab.html.fr | 4 +- docs/manual/programs/ab.html.ko.euc-kr | 4 +- docs/manual/programs/ab.html.tr.utf8 | 4 +- docs/manual/programs/apachectl.html.en | 4 +- docs/manual/programs/apachectl.html.fr | 4 +- docs/manual/programs/apachectl.html.ko.euc-kr | 4 +- docs/manual/programs/apachectl.html.tr.utf8 | 4 +- docs/manual/programs/apxs.html.en | 4 +- docs/manual/programs/apxs.html.fr | 4 +- docs/manual/programs/apxs.html.ko.euc-kr | 4 +- docs/manual/programs/apxs.html.tr.utf8 | 4 +- docs/manual/programs/configure.html.en | 4 +- docs/manual/programs/configure.html.fr | 4 +- docs/manual/programs/configure.html.ko.euc-kr | 4 +- docs/manual/programs/configure.html.tr.utf8 | 4 +- docs/manual/programs/dbmmanage.html.en | 4 +- docs/manual/programs/dbmmanage.html.fr | 4 +- docs/manual/programs/dbmmanage.html.ko.euc-kr | 4 +- docs/manual/programs/dbmmanage.html.tr.utf8 | 4 +- docs/manual/programs/fcgistarter.html.en | 4 +- docs/manual/programs/fcgistarter.html.fr | 4 +- docs/manual/programs/fcgistarter.html.tr.utf8 | 4 +- docs/manual/programs/htcacheclean.html.en | 4 +- docs/manual/programs/htcacheclean.html.fr | 4 +- docs/manual/programs/htcacheclean.html.ko.euc-kr | 4 +- docs/manual/programs/htcacheclean.html.tr.utf8 | 4 +- docs/manual/programs/htdbm.html.en | 4 +- docs/manual/programs/htdbm.html.fr | 4 +- docs/manual/programs/htdbm.html.tr.utf8 | 4 +- docs/manual/programs/htdigest.html.en | 4 +- docs/manual/programs/htdigest.html.fr | 4 +- docs/manual/programs/htdigest.html.ko.euc-kr | 4 +- docs/manual/programs/htdigest.html.tr.utf8 | 4 +- docs/manual/programs/htpasswd.html.en | 4 +- docs/manual/programs/htpasswd.html.fr | 4 +- docs/manual/programs/htpasswd.html.ko.euc-kr | 4 +- docs/manual/programs/htpasswd.html.tr.utf8 | 4 +- docs/manual/programs/httpd.html.en | 4 +- docs/manual/programs/httpd.html.fr | 4 +- docs/manual/programs/httpd.html.ko.euc-kr | 4 +- docs/manual/programs/httpd.html.tr.utf8 | 4 +- docs/manual/programs/httxt2dbm.html.en | 4 +- docs/manual/programs/httxt2dbm.html.fr | 4 +- docs/manual/programs/httxt2dbm.html.tr.utf8 | 4 +- docs/manual/programs/index.html.en | 4 +- docs/manual/programs/index.html.es | 4 +- docs/manual/programs/index.html.fr | 4 +- docs/manual/programs/index.html.ko.euc-kr | 4 +- docs/manual/programs/index.html.tr.utf8 | 4 +- docs/manual/programs/index.html.zh-cn.utf8 | 4 +- docs/manual/programs/log_server_status.html.en | 4 +- docs/manual/programs/logresolve.html.en | 4 +- docs/manual/programs/logresolve.html.fr | 4 +- docs/manual/programs/logresolve.html.ko.euc-kr | 4 +- docs/manual/programs/logresolve.html.tr.utf8 | 4 +- docs/manual/programs/other.html.en | 4 +- docs/manual/programs/other.html.fr | 4 +- docs/manual/programs/other.html.ko.euc-kr | 4 +- docs/manual/programs/other.html.tr.utf8 | 4 +- docs/manual/programs/rotatelogs.html.en | 4 +- docs/manual/programs/rotatelogs.html.fr | 4 +- docs/manual/programs/rotatelogs.html.ko.euc-kr | 4 +- docs/manual/programs/rotatelogs.html.tr.utf8 | 4 +- docs/manual/programs/split-logfile.html.en | 4 +- docs/manual/programs/suexec.html.en | 4 +- docs/manual/programs/suexec.html.ko.euc-kr | 4 +- docs/manual/programs/suexec.html.tr.utf8 | 4 +- docs/manual/rewrite/access.html.en | 4 +- docs/manual/rewrite/access.html.fr | 4 +- docs/manual/rewrite/advanced.html.en | 4 +- docs/manual/rewrite/advanced.html.fr | 4 +- docs/manual/rewrite/avoid.html.en | 32 +- docs/manual/rewrite/avoid.html.fr | 32 +- docs/manual/rewrite/flags.html.en | 28 +- docs/manual/rewrite/flags.html.fr | 30 +- docs/manual/rewrite/htaccess.html.en | 4 +- docs/manual/rewrite/htaccess.html.fr | 4 +- docs/manual/rewrite/index.html.en | 4 +- docs/manual/rewrite/index.html.fr | 4 +- docs/manual/rewrite/index.html.tr.utf8 | 4 +- docs/manual/rewrite/index.html.zh-cn.utf8 | 4 +- docs/manual/rewrite/intro.html.en | 4 +- docs/manual/rewrite/intro.html.fr | 4 +- docs/manual/rewrite/proxy.html.en | 4 +- docs/manual/rewrite/proxy.html.fr | 4 +- docs/manual/rewrite/remapping.html.en | 4 +- docs/manual/rewrite/remapping.html.fr | 4 +- docs/manual/rewrite/rewritemap.html.en | 18 +- docs/manual/rewrite/rewritemap.html.fr | 6 +- docs/manual/rewrite/tech.html.en | 4 +- docs/manual/rewrite/tech.html.fr | 4 +- docs/manual/rewrite/vhosts.html.en | 4 +- docs/manual/rewrite/vhosts.html.fr | 4 +- docs/manual/sections.html.en | 67 +- docs/manual/sections.html.fr | 106 +- docs/manual/sections.html.ja.utf8 | 4 +- docs/manual/sections.html.ko.euc-kr | 4 +- docs/manual/sections.html.tr.utf8 | 91 +- docs/manual/server-wide.html.en | 4 +- docs/manual/server-wide.html.fr | 4 +- docs/manual/server-wide.html.ja.utf8 | 4 +- docs/manual/server-wide.html.ko.euc-kr | 4 +- docs/manual/server-wide.html.tr.utf8 | 4 +- docs/manual/sitemap.html.de | 7 +- docs/manual/sitemap.html.en | 5 +- docs/manual/sitemap.html.es | 4 +- docs/manual/sitemap.html.fr | 6 +- docs/manual/sitemap.html.ja.utf8 | 4 +- docs/manual/sitemap.html.ko.euc-kr | 4 +- docs/manual/sitemap.html.tr.utf8 | 5 +- docs/manual/sitemap.html.zh-cn.utf8 | 4 +- docs/manual/socache.html.en | 4 +- docs/manual/socache.html.fr | 4 +- docs/manual/ssl/index.html.en | 4 +- docs/manual/ssl/index.html.fr | 4 +- docs/manual/ssl/index.html.ja.utf8 | 4 +- docs/manual/ssl/index.html.tr.utf8 | 4 +- docs/manual/ssl/index.html.zh-cn.utf8 | 4 +- docs/manual/ssl/ssl_compat.html.en | 4 +- docs/manual/ssl/ssl_compat.html.fr | 4 +- docs/manual/ssl/ssl_faq.html.en | 4 +- docs/manual/ssl/ssl_faq.html.fr | 4 +- docs/manual/ssl/ssl_howto.html.en | 4 +- docs/manual/ssl/ssl_howto.html.fr | 4 +- docs/manual/ssl/ssl_intro.html.en | 4 +- docs/manual/ssl/ssl_intro.html.fr | 4 +- docs/manual/ssl/ssl_intro.html.ja.utf8 | 4 +- docs/manual/stopping.html.de | 4 +- docs/manual/stopping.html.en | 4 +- docs/manual/stopping.html.es | 4 +- docs/manual/stopping.html.fr | 4 +- docs/manual/stopping.html.ja.utf8 | 4 +- docs/manual/stopping.html.ko.euc-kr | 4 +- docs/manual/stopping.html.tr.utf8 | 4 +- docs/manual/style/version.ent | 2 +- docs/manual/suexec.html.en | 4 +- docs/manual/suexec.html.fr | 4 +- docs/manual/suexec.html.ja.utf8 | 4 +- docs/manual/suexec.html.ko.euc-kr | 4 +- docs/manual/suexec.html.tr.utf8 | 4 +- docs/manual/upgrading.html.en | 4 +- docs/manual/upgrading.html.fr | 4 +- docs/manual/urlmapping.html.en | 4 +- docs/manual/urlmapping.html.fr | 4 +- docs/manual/urlmapping.html.ja.utf8 | 4 +- docs/manual/urlmapping.html.ko.euc-kr | 4 +- docs/manual/urlmapping.html.tr.utf8 | 4 +- docs/manual/vhosts/details.html.en | 4 +- docs/manual/vhosts/details.html.fr | 4 +- docs/manual/vhosts/details.html.ko.euc-kr | 4 +- docs/manual/vhosts/details.html.tr.utf8 | 4 +- docs/manual/vhosts/examples.html.en | 4 +- docs/manual/vhosts/examples.html.fr | 4 +- docs/manual/vhosts/examples.html.ja.utf8 | 4 +- docs/manual/vhosts/examples.html.ko.euc-kr | 4 +- docs/manual/vhosts/examples.html.tr.utf8 | 4 +- docs/manual/vhosts/fd-limits.html.en | 4 +- docs/manual/vhosts/fd-limits.html.fr | 4 +- docs/manual/vhosts/fd-limits.html.ja.utf8 | 4 +- docs/manual/vhosts/fd-limits.html.ko.euc-kr | 4 +- docs/manual/vhosts/fd-limits.html.tr.utf8 | 4 +- docs/manual/vhosts/index.html.de | 4 +- docs/manual/vhosts/index.html.en | 4 +- docs/manual/vhosts/index.html.fr | 4 +- docs/manual/vhosts/index.html.ja.utf8 | 4 +- docs/manual/vhosts/index.html.ko.euc-kr | 4 +- docs/manual/vhosts/index.html.tr.utf8 | 4 +- docs/manual/vhosts/index.html.zh-cn.utf8 | 4 +- docs/manual/vhosts/ip-based.html.en | 4 +- docs/manual/vhosts/ip-based.html.fr | 4 +- docs/manual/vhosts/ip-based.html.ja.utf8 | 4 +- docs/manual/vhosts/ip-based.html.ko.euc-kr | 4 +- docs/manual/vhosts/ip-based.html.tr.utf8 | 4 +- docs/manual/vhosts/mass.html.en | 4 +- docs/manual/vhosts/mass.html.fr | 4 +- docs/manual/vhosts/mass.html.ko.euc-kr | 4 +- docs/manual/vhosts/mass.html.tr.utf8 | 4 +- docs/manual/vhosts/name-based.html.de | 4 +- docs/manual/vhosts/name-based.html.en | 4 +- docs/manual/vhosts/name-based.html.fr | 4 +- docs/manual/vhosts/name-based.html.ja.utf8 | 4 +- docs/manual/vhosts/name-based.html.ko.euc-kr | 4 +- docs/manual/vhosts/name-based.html.tr.utf8 | 4 +- httpd.dep | 68 + httpd.mak | 344 + httpd.spec | 2 +- include/ap_mmn.h | 13 +- include/ap_release.h | 4 +- include/http_connection.h | 14 + include/http_core.h | 32 +- include/http_protocol.h | 2 +- include/httpd.h | 13 +- include/scoreboard.h | 5 + libhttpd.dep | 2421 ++++ libhttpd.mak | 1325 +++ modules/aaa/mod_access_compat.c | 6 +- modules/aaa/mod_access_compat.dep | 59 + modules/aaa/mod_access_compat.mak | 353 + modules/aaa/mod_allowmethods.dep | 56 + modules/aaa/mod_allowmethods.mak | 353 + modules/aaa/mod_auth_basic.dep | 63 + modules/aaa/mod_auth_basic.mak | 353 + modules/aaa/mod_auth_digest.dep | 68 + modules/aaa/mod_auth_digest.mak | 353 + modules/aaa/mod_auth_form.c | 4 +- modules/aaa/mod_auth_form.dep | 66 + modules/aaa/mod_auth_form.mak | 353 + modules/aaa/mod_authn_anon.dep | 58 + modules/aaa/mod_authn_anon.mak | 381 + modules/aaa/mod_authn_core.dep | 58 + modules/aaa/mod_authn_core.mak | 381 + modules/aaa/mod_authn_dbd.dep | 56 + modules/aaa/mod_authn_dbd.mak | 409 + modules/aaa/mod_authn_dbm.dep | 61 + modules/aaa/mod_authn_dbm.mak | 381 + modules/aaa/mod_authn_file.dep | 60 + modules/aaa/mod_authn_file.mak | 381 + modules/aaa/mod_authn_socache.c | 21 +- modules/aaa/mod_authn_socache.dep | 62 + modules/aaa/mod_authn_socache.mak | 353 + modules/aaa/mod_authnz_fcgi.dep | 61 + modules/aaa/mod_authnz_fcgi.mak | 353 + modules/aaa/mod_authnz_ldap.c | 4 +- modules/aaa/mod_authnz_ldap.dep | 70 + modules/aaa/mod_authnz_ldap.mak | 381 + modules/aaa/mod_authz_core.dep | 60 + modules/aaa/mod_authz_core.mak | 381 + modules/aaa/mod_authz_dbd.c | 32 +- modules/aaa/mod_authz_dbd.dep | 61 + modules/aaa/mod_authz_dbd.mak | 409 + modules/aaa/mod_authz_dbm.dep | 62 + modules/aaa/mod_authz_dbm.mak | 381 + modules/aaa/mod_authz_groupfile.dep | 61 + modules/aaa/mod_authz_groupfile.mak | 381 + modules/aaa/mod_authz_host.c | 80 +- modules/aaa/mod_authz_host.dep | 60 + modules/aaa/mod_authz_host.mak | 381 + modules/aaa/mod_authz_owner.dep | 59 + modules/aaa/mod_authz_owner.mak | 381 + modules/aaa/mod_authz_user.dep | 58 + modules/aaa/mod_authz_user.mak | 381 + modules/arch/netware/mod_nw_ssl.c | 7 +- modules/arch/unix/mod_privileges.c | 38 +- modules/arch/win32/mod_isapi.c | 22 +- modules/arch/win32/mod_isapi.dep | 61 + modules/arch/win32/mod_isapi.mak | 353 + modules/arch/win32/mod_win32.c | 4 +- modules/cache/mod_cache.dep | 194 + modules/cache/mod_cache.mak | 370 + modules/cache/mod_cache_disk.dep | 59 + modules/cache/mod_cache_disk.mak | 381 + modules/cache/mod_cache_socache.c | 72 +- modules/cache/mod_cache_socache.dep | 67 + modules/cache/mod_cache_socache.mak | 381 + modules/cache/mod_file_cache.dep | 56 + modules/cache/mod_file_cache.mak | 353 + modules/cache/mod_socache_dbm.c | 3 - modules/cache/mod_socache_dbm.dep | 60 + modules/cache/mod_socache_dbm.mak | 353 + modules/cache/mod_socache_dc.dep | 55 + modules/cache/mod_socache_dc.mak | 353 + modules/cache/mod_socache_memcache.dep | 59 + modules/cache/mod_socache_memcache.mak | 353 + modules/cache/mod_socache_shmcb.c | 4 + modules/cache/mod_socache_shmcb.dep | 56 + modules/cache/mod_socache_shmcb.mak | 353 + modules/cluster/mod_heartbeat.dep | 55 + modules/cluster/mod_heartbeat.mak | 380 + modules/cluster/mod_heartmonitor.c | 43 +- modules/cluster/mod_heartmonitor.dep | 63 + modules/cluster/mod_heartmonitor.mak | 380 + modules/core/mod_macro.c | 2 +- modules/core/mod_macro.dep | 45 + modules/core/mod_macro.mak | 353 + modules/core/mod_watchdog.c | 27 +- modules/core/mod_watchdog.dep | 59 + modules/core/mod_watchdog.mak | 353 + modules/database/mod_dbd.dep | 58 + modules/database/mod_dbd.mak | 353 + modules/dav/fs/mod_dav_fs.dep | 203 + modules/dav/fs/mod_dav_fs.mak | 407 + modules/dav/lock/mod_dav_lock.dep | 100 + modules/dav/lock/mod_dav_lock.mak | 389 + modules/dav/main/mod_dav.c | 1 + modules/dav/main/mod_dav.dep | 354 + modules/dav/main/mod_dav.mak | 406 + modules/dav/main/props.c | 1 - modules/debugging/mod_bucketeer.dep | 53 + modules/debugging/mod_bucketeer.mak | 353 + modules/debugging/mod_dumpio.dep | 50 + modules/debugging/mod_dumpio.mak | 353 + modules/echo/mod_echo.c | 1 - modules/echo/mod_echo.dep | 56 + modules/echo/mod_echo.mak | 353 + modules/examples/mod_case_filter.dep | 46 + modules/examples/mod_case_filter.mak | 353 + modules/examples/mod_case_filter_in.dep | 46 + modules/examples/mod_case_filter_in.mak | 353 + modules/examples/mod_example_hooks.c | 3 +- modules/examples/mod_example_hooks.dep | 62 + modules/examples/mod_example_hooks.mak | 353 + modules/examples/mod_example_ipc.c | 12 +- modules/examples/mod_example_ipc.dep | 56 + modules/examples/mod_example_ipc.mak | 353 + modules/filters/mod_buffer.dep | 48 + modules/filters/mod_buffer.mak | 353 + modules/filters/mod_charset_lite.c | 2 +- modules/filters/mod_charset_lite.dep | 60 + modules/filters/mod_charset_lite.mak | 353 + modules/filters/mod_data.dep | 55 + modules/filters/mod_data.mak | 353 + modules/filters/mod_deflate.c | 17 +- modules/filters/mod_deflate.dep | 52 + modules/filters/mod_deflate.mak | 353 + modules/filters/mod_ext_filter.dep | 58 + modules/filters/mod_ext_filter.mak | 353 + modules/filters/mod_filter.c | 2 - modules/filters/mod_filter.dep | 50 + modules/filters/mod_filter.mak | 353 + modules/filters/mod_include.c | 27 +- modules/filters/mod_include.dep | 63 + modules/filters/mod_include.mak | 353 + modules/filters/mod_proxy_html.dep | 58 + modules/filters/mod_proxy_html.mak | 352 + modules/filters/mod_ratelimit.c | 3 +- modules/filters/mod_ratelimit.dep | 45 + modules/filters/mod_ratelimit.mak | 353 + modules/filters/mod_reflector.dep | 57 + modules/filters/mod_reflector.mak | 353 + modules/filters/mod_reqtimeout.c | 33 +- modules/filters/mod_reqtimeout.dep | 58 + modules/filters/mod_reqtimeout.mak | 353 + modules/filters/mod_request.dep | 55 + modules/filters/mod_request.mak | 353 + modules/filters/mod_sed.c | 2 +- modules/filters/mod_sed.dep | 109 + modules/filters/mod_sed.mak | 380 + modules/filters/mod_substitute.c | 2 +- modules/filters/mod_substitute.dep | 53 + modules/filters/mod_substitute.mak | 353 + modules/filters/mod_xml2enc.dep | 54 + modules/filters/mod_xml2enc.mak | 352 + modules/generators/mod_asis.dep | 56 + modules/generators/mod_asis.mak | 353 + modules/generators/mod_autoindex.dep | 61 + modules/generators/mod_autoindex.mak | 353 + modules/generators/mod_cgi.c | 19 +- modules/generators/mod_cgi.dep | 64 + modules/generators/mod_cgi.mak | 353 + modules/generators/mod_cgid.c | 29 +- modules/generators/mod_info.dep | 66 + modules/generators/mod_info.mak | 353 + modules/generators/mod_status.c | 10 +- modules/generators/mod_status.dep | 60 + modules/generators/mod_status.mak | 353 + modules/http/http_protocol.c | 25 +- modules/http/mod_mime.dep | 55 + modules/http/mod_mime.mak | 353 + modules/http2/NWGNUmakefile | 117 +- modules/http2/NWGNUmod_http2 | 416 + modules/http2/config.m4 | 197 - modules/http2/config2.m4 | 211 + modules/http2/h2.h | 158 + modules/http2/h2_alt_svc.c | 16 +- modules/http2/h2_bucket_eoc.h | 1 + modules/http2/h2_bucket_eos.h | 1 + modules/http2/h2_config.c | 98 +- modules/http2/h2_config.h | 5 +- modules/http2/h2_conn.c | 386 +- modules/http2/h2_conn.h | 37 +- modules/http2/h2_conn_io.c | 418 +- modules/http2/h2_conn_io.h | 47 +- modules/http2/h2_ctx.c | 51 +- modules/http2/h2_ctx.h | 20 +- modules/http2/h2_filter.c | 322 + modules/http2/h2_filter.h | 77 + modules/http2/h2_from_h1.c | 24 +- modules/http2/h2_from_h1.h | 2 - modules/http2/h2_h2.c | 270 +- modules/http2/h2_h2.h | 41 - modules/http2/h2_int_queue.c | 187 + modules/http2/h2_int_queue.h | 108 + modules/http2/h2_io.c | 409 +- modules/http2/h2_io.h | 100 +- modules/http2/h2_io_set.c | 20 +- modules/http2/h2_io_set.h | 7 +- modules/http2/h2_mplx.c | 1372 ++- modules/http2/h2_mplx.h | 154 +- modules/http2/h2_ngn_shed.c | 352 + modules/http2/h2_ngn_shed.h | 76 + modules/http2/h2_private.h | 13 +- modules/http2/h2_push.c | 722 +- modules/http2/h2_push.h | 85 + modules/http2/h2_request.c | 122 +- modules/http2/h2_request.h | 47 +- modules/http2/h2_response.c | 80 +- modules/http2/h2_response.h | 13 +- modules/http2/h2_session.c | 1692 ++- modules/http2/h2_session.h | 119 +- modules/http2/h2_stream.c | 514 +- modules/http2/h2_stream.h | 78 +- modules/http2/h2_switch.c | 29 +- modules/http2/h2_task.c | 218 +- modules/http2/h2_task.h | 47 +- modules/http2/h2_task_input.c | 79 +- modules/http2/h2_task_input.h | 8 +- modules/http2/h2_task_output.c | 182 +- modules/http2/h2_task_output.h | 22 +- modules/http2/h2_task_queue.c | 6 +- modules/http2/h2_task_queue.h | 2 - modules/http2/h2_util.c | 521 +- modules/http2/h2_util.h | 139 +- modules/http2/h2_version.h | 14 +- modules/http2/h2_worker.c | 128 +- modules/http2/h2_worker.h | 16 +- modules/http2/h2_workers.c | 300 +- modules/http2/h2_workers.h | 58 +- modules/http2/mod_http2.c | 203 +- modules/http2/mod_http2.dep | 1641 +++ modules/http2/mod_http2.dsp | 24 +- modules/http2/mod_http2.h | 93 + modules/http2/mod_http2.mak | 596 + modules/ldap/mod_ldap.dep | 192 + modules/ldap/mod_ldap.mak | 371 + modules/loggers/mod_log_config.c | 37 +- modules/loggers/mod_log_config.dep | 62 + modules/loggers/mod_log_config.mak | 353 + modules/loggers/mod_log_debug.c | 8 +- modules/loggers/mod_log_debug.dep | 54 + modules/loggers/mod_log_debug.mak | 325 + modules/loggers/mod_log_forensic.dep | 53 + modules/loggers/mod_log_forensic.mak | 353 + modules/loggers/mod_logio.c | 1 - modules/loggers/mod_logio.dep | 59 + modules/loggers/mod_logio.mak | 353 + modules/lua/lua_request.c | 53 +- modules/lua/lua_vmprep.c | 38 +- modules/lua/mod_lua.c | 6 +- modules/lua/mod_lua.dep | 418 + modules/lua/mod_lua.mak | 407 + modules/mappers/mod_actions.dep | 58 + modules/mappers/mod_actions.mak | 353 + modules/mappers/mod_alias.c | 213 +- modules/mappers/mod_alias.dep | 51 + modules/mappers/mod_alias.mak | 353 + modules/mappers/mod_dir.dep | 60 + modules/mappers/mod_dir.mak | 353 + modules/mappers/mod_imagemap.c | 8 +- modules/mappers/mod_imagemap.dep | 60 + modules/mappers/mod_imagemap.mak | 353 + modules/mappers/mod_negotiation.c | 28 +- modules/mappers/mod_negotiation.dep | 58 + modules/mappers/mod_negotiation.mak | 353 + modules/mappers/mod_rewrite.c | 58 +- modules/mappers/mod_rewrite.dep | 65 + modules/mappers/mod_rewrite.mak | 353 + modules/mappers/mod_speling.c | 8 +- modules/mappers/mod_speling.dep | 51 + modules/mappers/mod_speling.mak | 353 + modules/mappers/mod_userdir.dep | 46 + modules/mappers/mod_userdir.mak | 353 + modules/mappers/mod_vhost_alias.dep | 50 + modules/mappers/mod_vhost_alias.mak | 353 + modules/metadata/mod_cern_meta.dep | 55 + modules/metadata/mod_cern_meta.mak | 353 + modules/metadata/mod_env.dep | 47 + modules/metadata/mod_env.mak | 353 + modules/metadata/mod_expires.c | 2 +- modules/metadata/mod_expires.dep | 54 + modules/metadata/mod_expires.mak | 353 + modules/metadata/mod_headers.dep | 57 + modules/metadata/mod_headers.mak | 353 + modules/metadata/mod_ident.dep | 52 + modules/metadata/mod_ident.mak | 353 + modules/metadata/mod_mime_magic.dep | 58 + modules/metadata/mod_mime_magic.mak | 353 + modules/metadata/mod_remoteip.c | 21 +- modules/metadata/mod_remoteip.dep | 53 + modules/metadata/mod_remoteip.mak | 353 + modules/metadata/mod_setenvif.c | 3 +- modules/metadata/mod_setenvif.dep | 56 + modules/metadata/mod_setenvif.mak | 353 + modules/metadata/mod_unique_id.dep | 50 + modules/metadata/mod_unique_id.mak | 353 + modules/metadata/mod_usertrack.c | 1 - modules/metadata/mod_usertrack.dep | 51 + modules/metadata/mod_usertrack.mak | 353 + modules/metadata/mod_version.dep | 45 + modules/metadata/mod_version.mak | 353 + modules/proxy/NWGNUproxy | 2 + modules/proxy/ajp_header.c | 4 +- modules/proxy/ajp_msg.c | 4 +- .../proxy/balancers/mod_lbmethod_bybusyness.dep | 76 + .../proxy/balancers/mod_lbmethod_bybusyness.mak | 408 + .../proxy/balancers/mod_lbmethod_byrequests.dep | 76 + .../proxy/balancers/mod_lbmethod_byrequests.mak | 408 + modules/proxy/balancers/mod_lbmethod_bytraffic.dep | 76 + modules/proxy/balancers/mod_lbmethod_bytraffic.mak | 408 + modules/proxy/balancers/mod_lbmethod_heartbeat.c | 20 +- modules/proxy/balancers/mod_lbmethod_heartbeat.dep | 77 + modules/proxy/balancers/mod_lbmethod_heartbeat.mak | 408 + modules/proxy/examples/mod_lbmethod_rr.c | 134 - modules/proxy/examples/mod_lbmethod_rr.dsp | 111 - modules/proxy/mod_proxy.c | 15 +- modules/proxy/mod_proxy.dep | 153 + modules/proxy/mod_proxy.h | 61 + modules/proxy/mod_proxy.mak | 361 + modules/proxy/mod_proxy_ajp.dep | 356 + modules/proxy/mod_proxy_ajp.mak | 416 + modules/proxy/mod_proxy_balancer.dep | 76 + modules/proxy/mod_proxy_balancer.mak | 380 + modules/proxy/mod_proxy_connect.c | 83 +- modules/proxy/mod_proxy_connect.dep | 73 + modules/proxy/mod_proxy_connect.mak | 380 + modules/proxy/mod_proxy_express.c | 10 +- modules/proxy/mod_proxy_express.dep | 74 + modules/proxy/mod_proxy_express.mak | 380 + modules/proxy/mod_proxy_fcgi.c | 10 + modules/proxy/mod_proxy_fcgi.dep | 75 + modules/proxy/mod_proxy_fcgi.mak | 380 + modules/proxy/mod_proxy_ftp.c | 3 +- modules/proxy/mod_proxy_ftp.dep | 74 + modules/proxy/mod_proxy_ftp.mak | 380 + modules/proxy/mod_proxy_http.c | 61 +- modules/proxy/mod_proxy_http.dep | 73 + modules/proxy/mod_proxy_http.mak | 380 + modules/proxy/mod_proxy_scgi.dep | 75 + modules/proxy/mod_proxy_scgi.mak | 380 + modules/proxy/mod_proxy_wstunnel.c | 79 +- modules/proxy/mod_proxy_wstunnel.dep | 73 + modules/proxy/mod_proxy_wstunnel.mak | 380 + modules/proxy/proxy_util.c | 138 +- modules/session/mod_session.dep | 56 + modules/session/mod_session.mak | 353 + modules/session/mod_session_cookie.dep | 49 + modules/session/mod_session_cookie.mak | 381 + modules/session/mod_session_crypto.dep | 57 + modules/session/mod_session_crypto.mak | 381 + modules/session/mod_session_dbd.dep | 60 + modules/session/mod_session_dbd.mak | 409 + modules/slotmem/mod_slotmem_plain.dep | 51 + modules/slotmem/mod_slotmem_plain.mak | 353 + modules/slotmem/mod_slotmem_shm.dep | 57 + modules/slotmem/mod_slotmem_shm.mak | 353 + modules/ssl/mod_ssl.c | 17 +- modules/ssl/mod_ssl.dep | 1086 ++ modules/ssl/mod_ssl.dsp | 4 +- modules/ssl/mod_ssl.h | 21 + modules/ssl/mod_ssl.mak | 487 + modules/ssl/mod_ssl_openssl.h | 73 + modules/ssl/ssl_engine_config.c | 16 +- modules/ssl/ssl_engine_init.c | 28 +- modules/ssl/ssl_engine_io.c | 55 +- modules/ssl/ssl_engine_kernel.c | 80 +- modules/ssl/ssl_engine_ocsp.c | 2 +- modules/ssl/ssl_engine_vars.c | 3 +- modules/ssl/ssl_private.h | 4 +- modules/ssl/ssl_util_ocsp.c | 45 +- modules/ssl/ssl_util_stapling.c | 8 +- os/win32/BaseAddr.ref | 1 - server/config.c | 17 +- server/connection.c | 21 +- server/core.c | 170 +- server/core_filters.c | 1 - server/gen_test_char.dep | 7 + server/gen_test_char.mak | 234 + server/main.c | 22 +- server/mpm/event/event.c | 153 +- server/mpm/mpmt_os2/mpmt_os2.c | 40 +- server/mpm/netware/mpm_netware.c | 35 +- server/mpm/prefork/prefork.c | 40 +- server/mpm/winnt/mpm_winnt.c | 20 +- server/mpm/worker/worker.c | 85 +- server/mpm_common.c | 1 - server/protocol.c | 9 +- server/request.c | 7 +- server/scoreboard.c | 117 +- server/util_expr_eval.c | 23 +- server/util_filter.c | 3 +- server/util_mutex.c | 3 +- server/util_regex.c | 7 +- server/util_script.c | 10 +- server/vhost.c | 4 +- support/ab.dep | 37 + support/ab.mak | 317 + support/abs.dep | 37 + support/abs.mak | 336 + support/fcgistarter.dep | 29 + support/fcgistarter.mak | 317 + support/htcacheclean.dep | 37 + support/htcacheclean.mak | 317 + support/htdbm.dep | 58 + support/htdbm.mak | 326 + support/htdigest.dep | 27 + support/htdigest.mak | 317 + support/htpasswd.dep | 57 + support/htpasswd.mak | 326 + support/httxt2dbm.dep | 26 + support/httxt2dbm.mak | 317 + support/logresolve.dep | 26 + support/logresolve.mak | 317 + support/rotatelogs.dep | 28 + support/rotatelogs.mak | 317 + support/suexec.c | 1 + support/win32/ApacheMonitor.dep | 18 + support/win32/ApacheMonitor.mak | 309 + support/win32/wintty.dep | 5 + support/win32/wintty.mak | 317 + 1237 files changed, 84420 insertions(+), 15370 deletions(-) create mode 100644 docs/manual/howto/reverse_proxy.html create mode 100644 docs/manual/howto/reverse_proxy.html.en create mode 100644 docs/manual/images/bal-man-b.png create mode 100644 docs/manual/images/bal-man-w.png create mode 100644 docs/manual/images/bal-man.png create mode 100644 docs/manual/images/reverse-proxy-arch.png create mode 100644 httpd.dep create mode 100644 httpd.mak create mode 100644 libhttpd.dep create mode 100644 libhttpd.mak create mode 100644 modules/aaa/mod_access_compat.dep create mode 100644 modules/aaa/mod_access_compat.mak create mode 100644 modules/aaa/mod_allowmethods.dep create mode 100644 modules/aaa/mod_allowmethods.mak create mode 100644 modules/aaa/mod_auth_basic.dep create mode 100644 modules/aaa/mod_auth_basic.mak create mode 100644 modules/aaa/mod_auth_digest.dep create mode 100644 modules/aaa/mod_auth_digest.mak create mode 100644 modules/aaa/mod_auth_form.dep create mode 100644 modules/aaa/mod_auth_form.mak create mode 100644 modules/aaa/mod_authn_anon.dep create mode 100644 modules/aaa/mod_authn_anon.mak create mode 100644 modules/aaa/mod_authn_core.dep create mode 100644 modules/aaa/mod_authn_core.mak create mode 100644 modules/aaa/mod_authn_dbd.dep create mode 100644 modules/aaa/mod_authn_dbd.mak create mode 100644 modules/aaa/mod_authn_dbm.dep create mode 100644 modules/aaa/mod_authn_dbm.mak create mode 100644 modules/aaa/mod_authn_file.dep create mode 100644 modules/aaa/mod_authn_file.mak create mode 100644 modules/aaa/mod_authn_socache.dep create mode 100644 modules/aaa/mod_authn_socache.mak create mode 100644 modules/aaa/mod_authnz_fcgi.dep create mode 100644 modules/aaa/mod_authnz_fcgi.mak create mode 100644 modules/aaa/mod_authnz_ldap.dep create mode 100644 modules/aaa/mod_authnz_ldap.mak create mode 100644 modules/aaa/mod_authz_core.dep create mode 100644 modules/aaa/mod_authz_core.mak create mode 100644 modules/aaa/mod_authz_dbd.dep create mode 100644 modules/aaa/mod_authz_dbd.mak create mode 100644 modules/aaa/mod_authz_dbm.dep create mode 100644 modules/aaa/mod_authz_dbm.mak create mode 100644 modules/aaa/mod_authz_groupfile.dep create mode 100644 modules/aaa/mod_authz_groupfile.mak create mode 100644 modules/aaa/mod_authz_host.dep create mode 100644 modules/aaa/mod_authz_host.mak create mode 100644 modules/aaa/mod_authz_owner.dep create mode 100644 modules/aaa/mod_authz_owner.mak create mode 100644 modules/aaa/mod_authz_user.dep create mode 100644 modules/aaa/mod_authz_user.mak create mode 100644 modules/arch/win32/mod_isapi.dep create mode 100644 modules/arch/win32/mod_isapi.mak create mode 100644 modules/cache/mod_cache.dep create mode 100644 modules/cache/mod_cache.mak create mode 100644 modules/cache/mod_cache_disk.dep create mode 100644 modules/cache/mod_cache_disk.mak create mode 100644 modules/cache/mod_cache_socache.dep create mode 100644 modules/cache/mod_cache_socache.mak create mode 100644 modules/cache/mod_file_cache.dep create mode 100644 modules/cache/mod_file_cache.mak create mode 100644 modules/cache/mod_socache_dbm.dep create mode 100644 modules/cache/mod_socache_dbm.mak create mode 100644 modules/cache/mod_socache_dc.dep create mode 100644 modules/cache/mod_socache_dc.mak create mode 100644 modules/cache/mod_socache_memcache.dep create mode 100644 modules/cache/mod_socache_memcache.mak create mode 100644 modules/cache/mod_socache_shmcb.dep create mode 100644 modules/cache/mod_socache_shmcb.mak create mode 100644 modules/cluster/mod_heartbeat.dep create mode 100644 modules/cluster/mod_heartbeat.mak create mode 100644 modules/cluster/mod_heartmonitor.dep create mode 100644 modules/cluster/mod_heartmonitor.mak create mode 100644 modules/core/mod_macro.dep create mode 100644 modules/core/mod_macro.mak create mode 100644 modules/core/mod_watchdog.dep create mode 100644 modules/core/mod_watchdog.mak create mode 100644 modules/database/mod_dbd.dep create mode 100644 modules/database/mod_dbd.mak create mode 100644 modules/dav/fs/mod_dav_fs.dep create mode 100644 modules/dav/fs/mod_dav_fs.mak create mode 100644 modules/dav/lock/mod_dav_lock.dep create mode 100644 modules/dav/lock/mod_dav_lock.mak create mode 100644 modules/dav/main/mod_dav.dep create mode 100644 modules/dav/main/mod_dav.mak create mode 100644 modules/debugging/mod_bucketeer.dep create mode 100644 modules/debugging/mod_bucketeer.mak create mode 100644 modules/debugging/mod_dumpio.dep create mode 100644 modules/debugging/mod_dumpio.mak create mode 100644 modules/echo/mod_echo.dep create mode 100644 modules/echo/mod_echo.mak create mode 100644 modules/examples/mod_case_filter.dep create mode 100644 modules/examples/mod_case_filter.mak create mode 100644 modules/examples/mod_case_filter_in.dep create mode 100644 modules/examples/mod_case_filter_in.mak create mode 100644 modules/examples/mod_example_hooks.dep create mode 100644 modules/examples/mod_example_hooks.mak create mode 100644 modules/examples/mod_example_ipc.dep create mode 100644 modules/examples/mod_example_ipc.mak create mode 100644 modules/filters/mod_buffer.dep create mode 100644 modules/filters/mod_buffer.mak create mode 100644 modules/filters/mod_charset_lite.dep create mode 100644 modules/filters/mod_charset_lite.mak create mode 100644 modules/filters/mod_data.dep create mode 100644 modules/filters/mod_data.mak create mode 100644 modules/filters/mod_deflate.dep create mode 100644 modules/filters/mod_deflate.mak create mode 100644 modules/filters/mod_ext_filter.dep create mode 100644 modules/filters/mod_ext_filter.mak create mode 100644 modules/filters/mod_filter.dep create mode 100644 modules/filters/mod_filter.mak create mode 100644 modules/filters/mod_include.dep create mode 100644 modules/filters/mod_include.mak create mode 100644 modules/filters/mod_proxy_html.dep create mode 100644 modules/filters/mod_proxy_html.mak create mode 100644 modules/filters/mod_ratelimit.dep create mode 100644 modules/filters/mod_ratelimit.mak create mode 100644 modules/filters/mod_reflector.dep create mode 100644 modules/filters/mod_reflector.mak create mode 100644 modules/filters/mod_reqtimeout.dep create mode 100644 modules/filters/mod_reqtimeout.mak create mode 100644 modules/filters/mod_request.dep create mode 100644 modules/filters/mod_request.mak create mode 100644 modules/filters/mod_sed.dep create mode 100644 modules/filters/mod_sed.mak create mode 100644 modules/filters/mod_substitute.dep create mode 100644 modules/filters/mod_substitute.mak create mode 100644 modules/filters/mod_xml2enc.dep create mode 100644 modules/filters/mod_xml2enc.mak create mode 100644 modules/generators/mod_asis.dep create mode 100644 modules/generators/mod_asis.mak create mode 100644 modules/generators/mod_autoindex.dep create mode 100644 modules/generators/mod_autoindex.mak create mode 100644 modules/generators/mod_cgi.dep create mode 100644 modules/generators/mod_cgi.mak create mode 100644 modules/generators/mod_info.dep create mode 100644 modules/generators/mod_info.mak create mode 100644 modules/generators/mod_status.dep create mode 100644 modules/generators/mod_status.mak create mode 100644 modules/http/mod_mime.dep create mode 100644 modules/http/mod_mime.mak create mode 100644 modules/http2/NWGNUmod_http2 delete mode 100644 modules/http2/config.m4 create mode 100644 modules/http2/config2.m4 create mode 100644 modules/http2/h2.h create mode 100644 modules/http2/h2_filter.c create mode 100644 modules/http2/h2_filter.h create mode 100644 modules/http2/h2_int_queue.c create mode 100644 modules/http2/h2_int_queue.h create mode 100644 modules/http2/h2_ngn_shed.c create mode 100644 modules/http2/h2_ngn_shed.h create mode 100644 modules/http2/mod_http2.dep create mode 100644 modules/http2/mod_http2.h create mode 100644 modules/http2/mod_http2.mak create mode 100644 modules/ldap/mod_ldap.dep create mode 100644 modules/ldap/mod_ldap.mak create mode 100644 modules/loggers/mod_log_config.dep create mode 100644 modules/loggers/mod_log_config.mak create mode 100644 modules/loggers/mod_log_debug.dep create mode 100644 modules/loggers/mod_log_debug.mak create mode 100644 modules/loggers/mod_log_forensic.dep create mode 100644 modules/loggers/mod_log_forensic.mak create mode 100644 modules/loggers/mod_logio.dep create mode 100644 modules/loggers/mod_logio.mak create mode 100644 modules/lua/mod_lua.dep create mode 100644 modules/lua/mod_lua.mak create mode 100644 modules/mappers/mod_actions.dep create mode 100644 modules/mappers/mod_actions.mak create mode 100644 modules/mappers/mod_alias.dep create mode 100644 modules/mappers/mod_alias.mak create mode 100644 modules/mappers/mod_dir.dep create mode 100644 modules/mappers/mod_dir.mak create mode 100644 modules/mappers/mod_imagemap.dep create mode 100644 modules/mappers/mod_imagemap.mak create mode 100644 modules/mappers/mod_negotiation.dep create mode 100644 modules/mappers/mod_negotiation.mak create mode 100644 modules/mappers/mod_rewrite.dep create mode 100644 modules/mappers/mod_rewrite.mak create mode 100644 modules/mappers/mod_speling.dep create mode 100644 modules/mappers/mod_speling.mak create mode 100644 modules/mappers/mod_userdir.dep create mode 100644 modules/mappers/mod_userdir.mak create mode 100644 modules/mappers/mod_vhost_alias.dep create mode 100644 modules/mappers/mod_vhost_alias.mak create mode 100644 modules/metadata/mod_cern_meta.dep create mode 100644 modules/metadata/mod_cern_meta.mak create mode 100644 modules/metadata/mod_env.dep create mode 100644 modules/metadata/mod_env.mak create mode 100644 modules/metadata/mod_expires.dep create mode 100644 modules/metadata/mod_expires.mak create mode 100644 modules/metadata/mod_headers.dep create mode 100644 modules/metadata/mod_headers.mak create mode 100644 modules/metadata/mod_ident.dep create mode 100644 modules/metadata/mod_ident.mak create mode 100644 modules/metadata/mod_mime_magic.dep create mode 100644 modules/metadata/mod_mime_magic.mak create mode 100644 modules/metadata/mod_remoteip.dep create mode 100644 modules/metadata/mod_remoteip.mak create mode 100644 modules/metadata/mod_setenvif.dep create mode 100644 modules/metadata/mod_setenvif.mak create mode 100644 modules/metadata/mod_unique_id.dep create mode 100644 modules/metadata/mod_unique_id.mak create mode 100644 modules/metadata/mod_usertrack.dep create mode 100644 modules/metadata/mod_usertrack.mak create mode 100644 modules/metadata/mod_version.dep create mode 100644 modules/metadata/mod_version.mak create mode 100644 modules/proxy/balancers/mod_lbmethod_bybusyness.dep create mode 100644 modules/proxy/balancers/mod_lbmethod_bybusyness.mak create mode 100644 modules/proxy/balancers/mod_lbmethod_byrequests.dep create mode 100644 modules/proxy/balancers/mod_lbmethod_byrequests.mak create mode 100644 modules/proxy/balancers/mod_lbmethod_bytraffic.dep create mode 100644 modules/proxy/balancers/mod_lbmethod_bytraffic.mak create mode 100644 modules/proxy/balancers/mod_lbmethod_heartbeat.dep create mode 100644 modules/proxy/balancers/mod_lbmethod_heartbeat.mak delete mode 100644 modules/proxy/examples/mod_lbmethod_rr.c delete mode 100644 modules/proxy/examples/mod_lbmethod_rr.dsp create mode 100644 modules/proxy/mod_proxy.dep create mode 100644 modules/proxy/mod_proxy.mak create mode 100644 modules/proxy/mod_proxy_ajp.dep create mode 100644 modules/proxy/mod_proxy_ajp.mak create mode 100644 modules/proxy/mod_proxy_balancer.dep create mode 100644 modules/proxy/mod_proxy_balancer.mak create mode 100644 modules/proxy/mod_proxy_connect.dep create mode 100644 modules/proxy/mod_proxy_connect.mak create mode 100644 modules/proxy/mod_proxy_express.dep create mode 100644 modules/proxy/mod_proxy_express.mak create mode 100644 modules/proxy/mod_proxy_fcgi.dep create mode 100644 modules/proxy/mod_proxy_fcgi.mak create mode 100644 modules/proxy/mod_proxy_ftp.dep create mode 100644 modules/proxy/mod_proxy_ftp.mak create mode 100644 modules/proxy/mod_proxy_http.dep create mode 100644 modules/proxy/mod_proxy_http.mak create mode 100644 modules/proxy/mod_proxy_scgi.dep create mode 100644 modules/proxy/mod_proxy_scgi.mak create mode 100644 modules/proxy/mod_proxy_wstunnel.dep create mode 100644 modules/proxy/mod_proxy_wstunnel.mak create mode 100644 modules/session/mod_session.dep create mode 100644 modules/session/mod_session.mak create mode 100644 modules/session/mod_session_cookie.dep create mode 100644 modules/session/mod_session_cookie.mak create mode 100644 modules/session/mod_session_crypto.dep create mode 100644 modules/session/mod_session_crypto.mak create mode 100644 modules/session/mod_session_dbd.dep create mode 100644 modules/session/mod_session_dbd.mak create mode 100644 modules/slotmem/mod_slotmem_plain.dep create mode 100644 modules/slotmem/mod_slotmem_plain.mak create mode 100644 modules/slotmem/mod_slotmem_shm.dep create mode 100644 modules/slotmem/mod_slotmem_shm.mak create mode 100644 modules/ssl/mod_ssl.dep create mode 100644 modules/ssl/mod_ssl.mak create mode 100644 modules/ssl/mod_ssl_openssl.h create mode 100644 server/gen_test_char.dep create mode 100644 server/gen_test_char.mak create mode 100644 support/ab.dep create mode 100644 support/ab.mak create mode 100644 support/abs.dep create mode 100644 support/abs.mak create mode 100644 support/fcgistarter.dep create mode 100644 support/fcgistarter.mak create mode 100644 support/htcacheclean.dep create mode 100644 support/htcacheclean.mak create mode 100644 support/htdbm.dep create mode 100644 support/htdbm.mak create mode 100644 support/htdigest.dep create mode 100644 support/htdigest.mak create mode 100644 support/htpasswd.dep create mode 100644 support/htpasswd.mak create mode 100644 support/httxt2dbm.dep create mode 100644 support/httxt2dbm.mak create mode 100644 support/logresolve.dep create mode 100644 support/logresolve.mak create mode 100644 support/rotatelogs.dep create mode 100644 support/rotatelogs.mak create mode 100644 support/win32/ApacheMonitor.dep create mode 100644 support/win32/ApacheMonitor.mak create mode 100644 support/win32/wintty.dep create mode 100644 support/win32/wintty.mak (limited to 'modules/proxy/ajp_header.c') diff --git a/Apache-apr2.dsw b/Apache-apr2.dsw index 8f336803..3fbc62d2 100644 --- a/Apache-apr2.dsw +++ b/Apache-apr2.dsw @@ -68,9 +68,6 @@ Package=<4> Begin Project Dependency Project_Dep_Name mod_example_ipc End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_lbmethod_rr - End Project Dependency }}} ############################################################################### @@ -1987,30 +1984,6 @@ Package=<4> ############################################################################### -Project: "mod_lbmethod_rr"=.\modules\proxy\examples\mod_lbmethod_rr.dsp - Package Owner=<4> - -Package=<5> -{{{ -}}} - -Package=<4> -{{{ - Begin Project Dependency - Project_Dep_Name libapr - End Project Dependency - Begin Project Dependency - Project_Dep_Name libhttpd - End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_proxy - End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_proxy_balancer - End Project Dependency -}}} - -############################################################################### - Project: "mod_ldap"=.\modules\ldap\mod_ldap.dsp - Package Owner=<4> Package=<5> diff --git a/Apache.dsw b/Apache.dsw index 1b0f8c6b..a77b870a 100644 --- a/Apache.dsw +++ b/Apache.dsw @@ -71,9 +71,6 @@ Package=<4> Begin Project Dependency Project_Dep_Name mod_example_ipc End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_lbmethod_rr - End Project Dependency }}} ############################################################################### @@ -2344,33 +2341,6 @@ Package=<4> ############################################################################### -Project: "mod_lbmethod_rr"=.\modules\proxy\examples\mod_lbmethod_rr.dsp - Package Owner=<4> - -Package=<5> -{{{ -}}} - -Package=<4> -{{{ - Begin Project Dependency - Project_Dep_Name libapr - End Project Dependency - Begin Project Dependency - Project_Dep_Name libaprutil - End Project Dependency - Begin Project Dependency - Project_Dep_Name libhttpd - End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_proxy - End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_proxy_balancer - End Project Dependency -}}} - -############################################################################### - Project: "mod_ldap"=.\modules\ldap\mod_ldap.dsp - Package Owner=<4> Package=<5> diff --git a/CHANGES b/CHANGES index ef9a38bc..65c8b54a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,254 @@ -*- coding: utf-8 -*- +Changes with Apache 2.4.20 + + *) core: Do not read .htaccess if AllowOverride and AllowOverrideList + are "None". PR 58528. + [Michael Schlenker ] + + *) core/util_script: relax alphanumeric filter of enviroment variable names + on Windows to allow '(' and ')' for passing PROGRAMFILES(X86) et.al. + unadulterated in 64 bit versions of Windows. PR 46751. + [John ] + + *) mod_http2: incrementing keepalives on each request started so that logging + %k gives increasing numbers per master http2 connection. + New documented variables in env, usable in custom log formats: H2_PUSH, + H2_PUSHED, H2_PUSHED_ON, H2_STREAM_ID and H2_STREAM_TAG. + [Stefan Eissing] + + *) mod_http2: more efficient passing of response bodies with less contention + and file bucket forwarding. [Stefan Eissing] + + *) mod_http2: fix for missing score board updates on request count, fix for + memory leak on slave connection reuse. [Stefan Eissing] + + *) mod_http2: Fix build on Windows from dsp files. + [Stefan Eissing] + +Changes with Apache 2.4.19 + + *) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the + request for the SSI document. [Jeff Trawick] + + *) mod_authz_host: Add a new "forward-dns" authorization type, not relying on + reverse DNS lookups. [Fabien] + + *) mod_ssl: Add hooks to allow other modules to perform processing at + several stages of initialization and connection handling. See + mod_ssl_openssl.h. [Jeff Trawick] + + *) mod_http2: disabling PUSH when client sends GOAWAY. Slave connections are + reused for several requests, improved performance and better memory use. + [Stefan Eissing] + + *) mod_rewrite: Don't implicitly URL-escape the original query string + when no substitution has changed it (like PR50447 but server context) + [Evgeny Kotkov ] + + *) mod_http2: fixes problem with wrong lifetime of file buckets on main + connection. [Stefan Eissing] + + *) mod_http2: fixes incorrect denial of requests without :authority header. + [Stefan Eissing] + + *) mod_reqtimeout: Prevent long response times from triggering a timeout once + the request has been fully read. PR 59045. [Yann Ylavic] + + *) ap_expr: expression support for variable HTTP2=on|off. [Stefan Eissing] + + *) mod_http2: give control to async mpm for keepalive timeouts only when + no streams are open and even if only after 1 sec delay. Under load, event + mpm discards connections otherwise too quickly. [Stefan Eissing] + + *) mod_ssl: Don't lose track of the SSL context if an unlikely failure occurs + in ssl_init_ssl_connection(). [Graham Leggett] + + *) mod_rewrite: Add QSL|qslast flag to allow rewrites to files with + literal question marks in their names. PR 58777. [Eric Covener] + + *) event: use pre_connection hook to properly initialize connection state for + slave connections. use protocol_switch hook to initialize server config + early based on SNI selected vhost. + [Stefan Eissing] + + *) hostname: Test and log useragent_host per-request across various modules, + including the scoreboard, expression and rewrite engines, setenvif, + authz_host, access_compat, custom logging, ssl and REMOTE_HOST variables. + PR55348 [William Rowe] + + *) core: Track the useragent_host per-request when mod_remoteip or similar + modules track a per-request useragent_ip. Modules should be updated + to inquire for ap_get_useragent_host() in place of ap_get_remote_host(). + [William Rowe] + + *) core: fix a bug in directive processing. When used, the last + 'ed variable was also withdrawn. PR 59019 + [Christophe Jaillet] + + *) mod_http2: Accept-Encoding is, when present on the initiating request, + added to push promises. This lets compressed content work in pushes. + by the client. [Stefan Eissing] + + *) mod_http2: fixed possible read after free when streams were cancelled early + by the client. [Stefan Eissing] + + *) mod_http2: fixed possible deadlock during connection shutdown. Thanks to + @FrankStolle for reporting and getting the necessary data. + [Stefan Eissing] + + *) mod_http2: fixed apr_uint64_t formatting in a log statement to user proper + APR def, thanks to @Sp1l. + + *) mod_http2: number of worker threads allowed to a connection is adjusting + dynamically. Starting with 4, the number is doubled when streams can be + served without block on http/2 connection flow. The number is halfed, when + the server has to wait on client flow control grants. + This can happen with a maximum frequency of 5 times per second. + When a connection occupies too many workers, repeatable requests + (GET/HEAD/OPTIONS) are cancelled and placed back in the queue. Should that + not suffice and a stream is busy longer than the server timeout, the + connection will be aborted with error code ENHANCE_YOUR_CALM. + This does *not* limit the number of streams a client may open, rather the + number of server threads a connection might use. + [Stefan Eissing] + + *) mod_http2: allowing link header to specify multiple "rel" values, + space-separated inside a quoted string. Prohibiting push when Link + parameter "nopush" is present. + [Stefan Eissing] + + *) mod_http2: reworked connection state handling. Idle connections accept a + GOAWAY from the client without further reply. Otherwise the + module makes a best effort to send one last GOAWAY to the client. + + *) mod_http2: the values from standard directives Timeout and KeepAliveTimeout + properly are applied to http/2 connections. + [Stefan Eissing] + + *) mod_http2: idle connections are returned to async mpms. new hook + "pre_close_connection" used to send GOAWAY frame when not already done. + Setting event mpm server config "by hand" for the main connection to + the correct negotiated server. + [Stefan Eissing] + + *) mod_http2: keep-alive blocking reads are done with 1 second timeouts to + check for MPM stopping. Will announce early GOAWAY and finish processing + open streams, then close. + [Stefan Eissing] + + *) mod_http2: bytes read/written on slave connections are reported via the + optional mod_logio functions. Fixes PR 58871. + + *) prefork: Initialize the POD when running in ONE_PROCESS (or -X) mode to + avoid a crash. [Jan Kaluza, Yann Ylavic] + + *) mod_ssl: When SSLVerify is disabled (NONE), don't force a renegotiation if + the SSLVerifyDepth applied with the default/handshaken vhost differs from + the one applicable with the finally selected vhost. [Yann Ylavic] + + *) core: Ensure that httpd exits with an error status when the MPM fails + to run. [Yann Ylavic] + + *) mod_ssl: Fix a possible memory leak on restart for custom [EC]DH params. + [Jan Kaluza, Yann Ylavic] + + *) mod_ssl: Add SSLOCSPProxyURL to add the possibility to do all queries + to OCSP responders through a HTTP proxy. [Ruediger Pluem] + + *) mod_proxy: Play/restore the TLS-SNI on new backend connections which + had to be issued because the remote closed the previous/reusable one + during idle (keep-alive) time. [Yann Ylavic] + + *) mod_cache_socache: Fix a possible cached entity body corruption when it + is received from an origin server in multiple batches and forwarded by + mod_proxy. [Yann Ylavic] + + *) core: Add expression support to SetHandler. + [Eric Covener] + + *) mod_remoteip: Prevent an external proxy from presenting an internal + proxy. PR 55962. [Mike Rumph] + + *) core: Prevent a server crash in case of an invalid CONNECT request with + a custom error page for status code 400 that uses server side includes. + PR 58929 [Ruediger Pluem] + + *) mod_ssl: handle TIMEOUT on empty SSL input as non-fatal, returning + APR_TIMEUP and preserving connection state for later retry. + [Stefan Eissing] + + *) mod_ssl: Save some TLS record (application data) fragmentations by + including the last and subsequent suitable buckets when coalescing. + [Yann Ylavic] + + *) mod_proxy_fcgi: Suppress HTTP error 503 and message 01075, + "Error dispatching request", when the cause appears to be + due to the client closing the connection. + PR58118. [Tobias Adolph ] + + *) mod_cgid: Message AH02550, failure to flush a response to the client, + is now logged at TRACE1 level to match the underlying core output filter + severity. [Eric Covener] + + *) mime.types: add common extension "m4a" for MPEG 4 Audio. + PR 57895 [Dylan Millikin ] + + *) Added many log numbers to log statements that had none. + [Rainer Jung] + + *) mod_log_config: Add GlobalLog to allow a globally defined log to + be inherited by virtual hosts that define a CustomLog. + [Edward Lu] + + *) mod_http2: connections how keep a "push diary" where hashes of already + pushed resources are kept. See directive H2PushDiarySize for managing this. + Push diaries can be initialized by clients via the "Cache-Digest" request + header. This carries a base64url encoded. compressed Golomb set as described + in https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/ + Introduced a status handler for HTTP/2 connections, giving various counters + and statistics about the current connection, plus its cache digest value + in a JSON record. Not a replacement for more HTTP/2 in the server status. + Configured as + + SetHandler http2-status + + [Stefan Eissing] + + *) mod_http2: Fixed flushing of last GOAWAY frame. Previously, that frame + did not always reach the client, causing some to fail the next request. + Fixed calculation of last stream id accepted as described in rfc7540. + Reading in KEEPALIVE state now correctly shown in scoreboard. + Fixed possible race in connection shutdown after review by Ylavic. + Fixed segfault on connection shutdown, callback ran into a semi dismantled session. + [Stefan Eissing] + + *) mod_http2: Added support for experimental accept-push-policy draft + (https://tools.ietf.org/html/draft-ruellan-http-accept-push-policy-00). Clients + may now influence server pushes by sending accept-push-policy headers. + [Stefan Eissing] + + *) mod_http2: new r->subprocess_env variables HTTP2 and H2PUSH, set to "on" + when available for request. + [Stefan Eissing] + + *) mod_http2: fixed bug in input window size calculation by moving chunked + request body encoding into later stage of processing. Fixes PR 58825. + [Stefan Eissing] + + *) core: new hook "pre_close_connection" which is run before the lingering + close of connections is started. This gives protocol handlers one last + chance to use a connection before it goes down. + [Stefan Eissing] + + *) mod_status/scoreboard: showing connection protocol in new column, new + ap_update_child_status methods for updating server/description. mod_ssl + sets vhost negotiated by servername directly. + [Stefan Eissing] + Changes with Apache 2.4.18 *) mod_ssl: for all ssl_engine_vars.c lookups, fall back to master connection @@ -77,6 +326,9 @@ Changes with Apache 2.4.18 Renegotiation is 403ed when a master connection is present. Exact reason is given additionally in a request note. [Stefan Eissing] + *) mod_ssl: Make the output filter more friendly with deferred write and + response pipelining. [Yann Ylavic, Joe Orton] + *) core: Fix scoreboard crash (SIGBUS) on hardware requiring strict 64bit alignment (SPARC64, PPC64). [Yann Ylavic] @@ -103,9 +355,6 @@ Changes with Apache 2.4.17 to avoid reusing it should the close be effective after some new request is ready to be sent. [Yann Ylavic] - *) mod_ssl: Make the output filter more friendly with deferred write and - response pipelining. [Yann Ylavic, Joe Orton] - *) mod_substitute: Allow to configure the patterns merge order with the new SubstituteInheritBefore on|off directive. PR 57641 [Marc.Stern , Yann Ylavic, William Rowe] @@ -148,6 +397,11 @@ Changes with Apache 2.4.17 records for scalability. [Yingqi Lu , Jeff Trawick, Jim Jagielski, Yann Ylavic] + *) mod_alias: Introduce expression parser support for Alias, ScriptAlias + and Redirect. Limit Redirect expressions to directory (Location) context + and redirect statuses (implicit or explicit). + [Graham Leggett, Yann Ylavic, Ruediger Pluem] + *) mod_proxy: Fix a race condition that caused a failed worker to be retried before the retry period is over. [Ruediger Pluem] diff --git a/CMakeLists.txt b/CMakeLists.txt index 7de4c5a1..2ea01808 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -382,16 +382,17 @@ SET(mod_http2_extra_sources modules/http2/h2_alt_svc.c modules/http2/h2_bucket_eoc.c modules/http2/h2_bucket_eos.c modules/http2/h2_config.c modules/http2/h2_conn.c modules/http2/h2_conn_io.c - modules/http2/h2_ctx.c modules/http2/h2_from_h1.c - modules/http2/h2_h2.c modules/http2/h2_io.c - modules/http2/h2_io_set.c modules/http2/h2_mplx.c - modules/http2/h2_push.c modules/http2/h2_request.c - modules/http2/h2_response.c modules/http2/h2_session.c - modules/http2/h2_stream.c modules/http2/h2_stream_set.c - modules/http2/h2_switch.c modules/http2/h2_task.c - modules/http2/h2_task_input.c modules/http2/h2_task_output.c - modules/http2/h2_task_queue.c modules/http2/h2_util.c - modules/http2/h2_worker.c modules/http2/h2_workers.c + modules/http2/h2_ctx.c modules/http2/h2_filter.c + modules/http2/h2_from_h1.c modules/http2/h2_h2.c + modules/http2/h2_io.c modules/http2/h2_io_set.c + modules/http2/h2_mplx.c modules/http2/h2_push.c + modules/http2/h2_request.c modules/http2/h2_response.c + modules/http2/h2_session.c modules/http2/h2_stream.c + modules/http2/h2_switch.c modules/http2/h2_ngn_shed.c + modules/http2/h2_task.c modules/http2/h2_task_input.c + modules/http2/h2_task_output.c modules/http2/h2_int_queue.c + modules/http2/h2_util.c modules/http2/h2_worker.c + modules/http2/h2_workers.c ) SET(mod_ldap_extra_defines LDAP_DECLARE_EXPORT) SET(mod_ldap_extra_libs wldap32) @@ -444,6 +445,7 @@ SET(mod_session_crypto_requires APU_HAVE_CRYPTO) SET(mod_session_crypto_extra_libs mod_session) SET(mod_session_dbd_extra_libs mod_session) SET(mod_socache_dc_requires AN_UNIMPLEMENTED_SUPPORT_LIBRARY_REQUIREMENT) +SET(mod_ssl_extra_defines SSL_DECLARE_EXPORT) SET(mod_ssl_requires OPENSSL_FOUND) IF(OPENSSL_FOUND) SET(mod_ssl_extra_includes ${OPENSSL_INCLUDE_DIR}) @@ -638,6 +640,7 @@ SET(other_installed_h ${CMAKE_CURRENT_SOURCE_DIR}/modules/proxy/mod_proxy.h ${CMAKE_CURRENT_SOURCE_DIR}/modules/session/mod_session.h ${CMAKE_CURRENT_SOURCE_DIR}/modules/ssl/mod_ssl.h + ${CMAKE_CURRENT_SOURCE_DIR}/modules/ssl/mod_ssl_openssl.h ) # When mod_serf is buildable, don't forget to copy modules/proxy/mod_serf.h diff --git a/Makefile.in b/Makefile.in index c1b08f9b..6d952b24 100644 --- a/Makefile.in +++ b/Makefile.in @@ -234,6 +234,7 @@ INSTALL_HEADERS = \ $(srcdir)/modules/proxy/mod_proxy.h \ $(srcdir)/modules/session/mod_session.h \ $(srcdir)/modules/ssl/mod_ssl.h \ + $(srcdir)/modules/ssl/mod_ssl_openssl.h \ $(srcdir)/os/$(OS_DIR)/*.h install-include: diff --git a/Makefile.win b/Makefile.win index 570037fa..f6a82e5b 100644 --- a/Makefile.win +++ b/Makefile.win @@ -564,11 +564,6 @@ _build: $(MAKE) $(MAKEOPT) -f mod_lbmethod_bytraffic.mak CFG="mod_lbmethod_bytraffic - Win32 $(LONG)" RECURSE=0 $(CTARGET) $(MAKE) $(MAKEOPT) -f mod_lbmethod_heartbeat.mak CFG="mod_lbmethod_heartbeat - Win32 $(LONG)" RECURSE=0 $(CTARGET) cd ..\..\.. -!IFDEF ALL - cd modules\proxy\examples - $(MAKE) $(MAKEOPT) -f mod_lbmethod_rr.mak CFG="mod_lbmethod_rr - Win32 $(LONG)" RECURSE=0 $(CTARGET) - cd ..\..\.. -!ENDIF cd modules\session $(MAKE) $(MAKEOPT) -f mod_session.mak CFG="mod_session - Win32 $(LONG)" RECURSE=0 $(CTARGET) $(MAKE) $(MAKEOPT) -f mod_session_cookie.mak CFG="mod_session_cookie - Win32 $(LONG)" RECURSE=0 $(CTARGET) @@ -836,9 +831,6 @@ _copybin: copy modules\proxy\balancers\$(LONG)\mod_lbmethod_byrequests.$(src_so) "$(inst_so)" <.y copy modules\proxy\balancers\$(LONG)\mod_lbmethod_bytraffic.$(src_so) "$(inst_so)" <.y copy modules\proxy\balancers\$(LONG)\mod_lbmethod_heartbeat.$(src_so) "$(inst_so)" <.y -!IFDEF ALL - copy modules\proxy\examples\$(LONG)\mod_lbmethod_rr.$(src_so) "$(inst_so)" <.y -!ENDIF copy modules\session\$(LONG)\mod_session.$(src_so) "$(inst_so)" <.y copy modules\session\$(LONG)\mod_session_cookie.$(src_so) "$(inst_so)" <.y copy modules\session\$(LONG)\mod_session_dbd.$(src_so) "$(inst_so)" <.y @@ -1132,6 +1124,7 @@ BEGIN { modules\mappers\mod_rewrite.h \ modules\proxy\mod_proxy.h \ modules\ssl\mod_ssl.h \ + modules\ssl\mod_ssl_openssl.h \ ) do \ @copy %f "$(INSTDIR)\include" < .y > nul copy srclib\apr\Lib$(SHORT)\apr-1.lib "$(INSTDIR)\lib" <.y diff --git a/NOTICE b/NOTICE index d24cb1dd..3e80c98a 100644 --- a/NOTICE +++ b/NOTICE @@ -1,5 +1,5 @@ Apache HTTP Server -Copyright 2015 The Apache Software Foundation. +Copyright 2016 The Apache Software Foundation. This product includes software developed at The Apache Software Foundation (http://www.apache.org/). diff --git a/NWGNUmakefile b/NWGNUmakefile index e382203d..904430d2 100644 --- a/NWGNUmakefile +++ b/NWGNUmakefile @@ -446,6 +446,7 @@ installdev :: FORCE $(call COPY,$(STDMOD)/proxy/mod_proxy.h, $(INSTALLBASE)/include/) $(call COPY,$(STDMOD)/session/mod_session.h, $(INSTALLBASE)/include/) $(call COPY,$(STDMOD)/ssl/mod_ssl.h, $(INSTALLBASE)/include/) + $(call COPY,$(STDMOD)/ssl/mod_ssl_openssl.h, $(INSTALLBASE)/include/) $(call COPY,$(APR)/*.imp, $(INSTALLBASE)/lib/) $(call COPY,$(NWOS)/*.imp, $(INSTALLBASE)/lib/) $(call COPY,$(NWOS)/*.xdc, $(INSTALLBASE)/lib/) diff --git a/README.cmake b/README.cmake index 20fda180..60fcc422 100644 --- a/README.cmake +++ b/README.cmake @@ -309,8 +309,7 @@ Known Bugs and Limitations of httpd and support libraries in a manner suitable for typical users * no logic to find support libraries or otherwise build these modules: + mod_socache_dc (requires distcache), mod_serf (requires serf) - + additionally, mod_lbmethod_rr and mod_firehose don't compile on Windows - anyway + + additionally, mod_firehose doesn't compile on Windows anyway * buildmark.c isn't necessarily rebuilt when httpd.exe is regenerated * ApacheMonitor has a build error and is disabled * CGI examples aren't installed diff --git a/acinclude.m4 b/acinclude.m4 index 7ee0ad20..e1537585 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -488,6 +488,8 @@ AC_DEFUN([APACHE_CHECK_OPENSSL],[ ap_openssl_found="" ap_openssl_base="" ap_openssl_libs="" + ap_openssl_mod_cflags="" + ap_openssl_mod_ldflags="" dnl Determine the OpenSSL base directory, if any AC_MSG_CHECKING([for user-provided OpenSSL base directory]) @@ -590,9 +592,15 @@ AC_DEFUN([APACHE_CHECK_OPENSSL],[ CPPFLAGS="$saved_CPPFLAGS" LIBS="$saved_LIBS" LDFLAGS="$saved_LDFLAGS" + + dnl cache MOD_LDFLAGS, MOD_CFLAGS + ap_openssl_mod_cflags=$MOD_CFLAGS + ap_openssl_mod_ldflags=$MOD_LDFLAGS ]) if test "x$ac_cv_openssl" = "xyes"; then AC_DEFINE(HAVE_OPENSSL, 1, [Define if OpenSSL is available]) + APR_ADDTO(MOD_LDFLAGS, [$ap_openssl_mod_ldflags]) + APR_ADDTO(MOD_CFLAGS, [$ap_openssl_mod_cflags]) fi ]) diff --git a/configure b/configure index 9f97e0d7..41817df3 100755 --- a/configure +++ b/configure @@ -724,6 +724,7 @@ MOD_LBMETHOD_HEARTBEAT_LDADD MOD_LBMETHOD_BYBUSYNESS_LDADD MOD_LBMETHOD_BYTRAFFIC_LDADD MOD_LBMETHOD_BYREQUESTS_LDADD +MOD_HTTP2_LDADD APACHECTL_ULIMIT NONPORTABLE_SUPPORT fcgistarter_LTFLAGS @@ -742,6 +743,8 @@ MOD_OPTIONAL_FN_IMPORT_LDADD MOD_OPTIONAL_HOOK_IMPORT_LDADD MOD_OPTIONAL_HOOK_EXPORT_LDADD MOD_SSL_LDADD +ab_LDFLAGS +ab_CFLAGS MOD_SLOTMEM_PLAIN_LDADD MOD_SLOTMEM_SHM_LDADD MOD_SESSION_DBD_LDADD @@ -778,9 +781,6 @@ MOD_LOG_FORENSIC_LDADD MOD_LOG_DEBUG_LDADD MOD_LOG_CONFIG_LDADD MOD_LDAP_LDADD -MOD_HTTP2_LDADD -ab_LDFLAGS -ab_CFLAGS MOD_MIME_LDADD MOD_HTTP_LDADD MOD_PROXY_HTML_LDADD @@ -1036,9 +1036,6 @@ with_libxml2 enable_proxy_html enable_http enable_mime -enable_http2 -with_nghttp2 -enable_nghttp2_staticlib_deps enable_ldap enable_log_config enable_log_debug @@ -1094,6 +1091,9 @@ enable_static_checkgid enable_static_htcacheclean enable_static_httxt2dbm enable_static_fcgistarter +enable_http2 +with_nghttp2 +enable_nghttp2_staticlib_deps enable_lbmethod_byrequests enable_lbmethod_bytraffic enable_lbmethod_bybusyness @@ -1852,17 +1852,6 @@ Optional Features: linked statically. --disable-mime mapping of file-extension to MIME. Disabling this module is normally not recommended. - --enable-http2 HTTP/2 protocol handling in addition to HTTP - protocol handling. Implemented by mod_http2. This - module requires a libnghttp2 installation. See - --with-nghttp2 on how to manage non-standard - locations. This module is usually linked shared and - requires loading. - --enable-nghttp2-staticlib-deps - link mod_http2 with dependencies of libnghttp2's - static libraries (as indicated by "pkg-config - --static"). Must be specified in addition to - --enable-http2. --enable-ldap LDAP caching and connection pooling services --disable-log-config logging configuration. You won't be able to log requests to the server without this module. @@ -1943,6 +1932,17 @@ Optional Features: Build a statically linked version of httxt2dbm --enable-static-fcgistarter Build a statically linked version of fcgistarter + --enable-http2 HTTP/2 protocol handling in addition to HTTP + protocol handling. Implemented by mod_http2. This + module requires a libnghttp2 installation. See + --with-nghttp2 on how to manage non-standard + locations. This module is usually linked shared and + requires loading. + --enable-nghttp2-staticlib-deps + link mod_http2 with dependencies of libnghttp2's + static libraries (as indicated by "pkg-config + --static"). Must be specified in addition to + --enable-http2. --enable-lbmethod-byrequests Apache proxy Load balancing by request counting --enable-lbmethod-bytraffic @@ -1997,9 +1997,9 @@ Optional Packages: --with-distcache=PATH Distcache installation directory --with-z=PATH use a specific zlib library --with-libxml2=PATH location for libxml2 - --with-nghttp2=PATH nghttp2 installation directory --with-lua=PATH Path to the Lua 5.2/5.1 prefix --with-ssl=PATH OpenSSL installation directory + --with-nghttp2=PATH nghttp2 installation directory --with-mpm=MPM Choose the process model for Apache to use by default. MPM={event|worker|prefork|winnt} This will be statically linked as the only available MPM @@ -18151,34 +18151,31 @@ EOF - current_dir=http2 - modpath_current=modules/http2 + + current_dir=ldap + modpath_current=modules/ldap modpath_static= modpath_shared= for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do eval MOD_$var= done - test -d http2 || $srcdir/build/mkdir.sh $modpath_current + test -d ldap || $srcdir/build/mkdir.sh $modpath_current > $modpath_current/modules.mk -http2_objs="mod_http2.lo h2_alt_svc.lo h2_bucket_eoc.lo h2_bucket_eos.lo h2_config.lo h2_conn.lo h2_conn_io.lo h2_ctx.lo h2_from_h1.lo h2_h2.lo h2_io.lo h2_io_set.lo h2_mplx.lo h2_push.lo h2_request.lo h2_response.lo h2_session.lo h2_stream.lo h2_stream_set.lo h2_switch.lo h2_task.lo h2_task_input.lo h2_task_output.lo h2_task_queue.lo h2_util.lo h2_worker.lo h2_workers.lo " - - - - +ldap_objects="util_ldap.lo util_ldap_cache.lo util_ldap_cache_mgr.lo" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_http2" >&5 -$as_echo_n "checking whether to enable mod_http2... " >&6; } - # Check whether --enable-http2 was given. -if test "${enable_http2+set}" = set; then : - enableval=$enable_http2; force_http2=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_ldap" >&5 +$as_echo_n "checking whether to enable mod_ldap... " >&6; } + # Check whether --enable-ldap was given. +if test "${enable_ldap+set}" = set; then : + enableval=$enable_ldap; force_ldap=$enableval else - enable_http2=most + enable_ldap=most fi _apmod_extra_msg="" - case "$enable_http2" in + case "$enable_ldap" in yes|static|shared) _apmod_required="yes" ;; @@ -18192,682 +18189,617 @@ fi ;; esac esac - if test "$enable_http2" = "static"; then - enable_http2=static - elif test "$enable_http2" = "yes"; then - enable_http2=$module_default - elif test "$enable_http2" = "most"; then + if test "$enable_ldap" = "static"; then + enable_ldap=static + elif test "$enable_ldap" = "yes"; then + enable_ldap=$module_default + elif test "$enable_ldap" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_http2=$module_default + enable_ldap=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_http2=no + enable_ldap=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_http2" = "maybe-all"; then + elif test "$enable_ldap" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_http2=$module_default + enable_ldap=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_http2=no + enable_ldap=no fi - elif test "$enable_http2" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_http2" != "no" ; then - enable_http2=$module_default + elif test "$enable_ldap" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_ldap" != "no" ; then + enable_ldap=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_http2" != "no"; then + if test "$enable_ldap" != "no"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 $as_echo "checking dependencies" >&6; } : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nghttp2" >&5 -$as_echo_n "checking for nghttp2... " >&6; } -if ${ac_cv_nghttp2+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap support in apr/apr-util" >&5 +$as_echo_n "checking for ldap support in apr/apr-util... " >&6; } +if ${ac_cv_APR_HAS_LDAP+:} false; then : $as_echo_n "(cached) " >&6 else - ac_cv_nghttp2=no - ap_nghttp2_found="" - ap_nghttp2_base="" - ap_nghttp2_libs="" - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for user-provided nghttp2 base directory" >&5 -$as_echo_n "checking for user-provided nghttp2 base directory... " >&6; } + apache_old_cppflags="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $INCLUDES" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ -# Check whether --with-nghttp2 was given. -if test "${with_nghttp2+set}" = set; then : - withval=$with_nghttp2; - if test "x$withval" != "xyes" -a "x$withval" != "x"; then - ap_nghttp2_base="`cd $withval ; pwd`" - fi +#include +#if APR_HAS_LDAP +YES_IS_DEFINED +#endif +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "YES_IS_DEFINED" >/dev/null 2>&1; then : + ac_cv_APR_HAS_LDAP=yes +else + ac_cv_APR_HAS_LDAP=no fi +rm -f conftest* - if test "x$ap_nghttp2_base" = "x"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 -$as_echo "none" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ap_nghttp2_base" >&5 -$as_echo "$ap_nghttp2_base" >&6; } - fi - - saved_CPPFLAGS="$CPPFLAGS" - saved_LIBS="$LIBS" - saved_LDFLAGS="$LDFLAGS" - - if test -n "$PKGCONFIG"; then - saved_PKG_CONFIG_PATH="$PKG_CONFIG_PATH" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pkg-config along $PKG_CONFIG_PATH" >&5 -$as_echo_n "checking for pkg-config along $PKG_CONFIG_PATH... " >&6; } - if test "x$ap_nghttp2_base" != "x" -a \ - -f "${ap_nghttp2_base}/lib/pkgconfig/libnghttp2.pc"; then - PKG_CONFIG_PATH="${ap_nghttp2_base}/lib/pkgconfig${PKG_CONFIG_PATH+:}${PKG_CONFIG_PATH}" - export PKG_CONFIG_PATH - fi - # Check whether --enable-nghttp2-staticlib-deps was given. -if test "${enable_nghttp2_staticlib_deps+set}" = set; then : - enableval=$enable_nghttp2_staticlib_deps; - if test "$enableval" = "yes"; then - PKGCONFIG_LIBOPTS="--static" - fi + CPPFLAGS="$apache_old_cppflags" fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_APR_HAS_LDAP" >&5 +$as_echo "$ac_cv_APR_HAS_LDAP" >&6; } - ap_nghttp2_libs="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-l --silence-errors libnghttp2`" - if test $? -eq 0; then - ap_nghttp2_found="yes" - pkglookup="`$PKGCONFIG --cflags-only-I libnghttp2`" + if test "$ac_cv_APR_HAS_LDAP" = "yes" ; then + if test -z "$apu_config" ; then + LDAP_LIBS="`$apr_config --ldap-libs`" + else + LDAP_LIBS="`$apu_config --ldap-libs`" + fi - if test "x$CPPFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting CPPFLAGS to \"$pkglookup\"" - CPPFLAGS="$pkglookup" + if test "x$MOD_LDAP_LDADD" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDAP_LDADD to \"$LDAP_LIBS\"" + MOD_LDAP_LDADD="$LDAP_LIBS" else - apr_addto_bugger="$pkglookup" + apr_addto_bugger="$LDAP_LIBS" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $CPPFLAGS; do + for j in $MOD_LDAP_LDADD; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to CPPFLAGS" - CPPFLAGS="$CPPFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDAP_LDADD" + MOD_LDAP_LDADD="$MOD_LDAP_LDADD $i" fi done fi - if test "x$MOD_CFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_CFLAGS to \"$pkglookup\"" - MOD_CFLAGS="$pkglookup" else - apr_addto_bugger="$pkglookup" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $MOD_CFLAGS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_CFLAGS" - MOD_CFLAGS="$MOD_CFLAGS $i" + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: apr/apr-util is compiled without ldap support" >&5 +$as_echo "$as_me: WARNING: apr/apr-util is compiled without ldap support" >&2;} + enable_ldap=no + fi + + : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_ldap" >&5 +$as_echo_n "checking whether to enable mod_ldap... " >&6; } + if test "$enable_ldap" = "no"; then + if test "$_apmod_required" = "no"; then + _apmod_extra_msg=" (disabled)" + else + as_fn_error $? "mod_ldap has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + fi + fi + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_ldap$_apmod_extra_msg" >&5 +$as_echo "$enable_ldap$_apmod_extra_msg" >&6; } + if test "$enable_ldap" != "no"; then + case "$enable_ldap" in + static*) + MODLIST="$MODLIST ldap" + if test "ldap" = "so"; then + sharedobjs=yes fi - done + shared="";; + *) + enable_ldap=`echo $enable_ldap|sed 's/shared,*//'` + sharedobjs=yes + shared=yes + DSO_MODULES="$DSO_MODULES ldap" + if test "most " = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},ldap" + fi + ;; + esac + + + if test -z "$ldap_objects"; then + objects="mod_ldap.lo" + else + objects="$ldap_objects" fi + if test -z "$module_standalone"; then + if test -z "$shared"; then + # The filename of a convenience library must have a "lib" prefix: + libname="libmod_ldap.la" + BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" + modpath_static="$modpath_static $libname" + cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<> $modpath_current/modules.mk + echo "static = $modpath_static" >> $modpath_current/modules.mk + echo "shared = $modpath_shared" >> $modpath_current/modules.mk + for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do + if eval val=\"\$MOD_$var\"; test -n "$val"; then + echo "MOD_$var = $val" >> $modpath_current/modules.mk + fi + done + if test ! -z "$modpath_static" -o ! -z "$modpath_shared"; then + MODULE_DIRS="$MODULE_DIRS $current_dir" else - apr_addto_bugger="$pkglookup" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $MOD_LDFLAGS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" - MOD_LDFLAGS="$MOD_LDFLAGS $i" - fi - done + MODULE_CLEANDIRS="$MODULE_CLEANDIRS $current_dir" fi - fi - PKG_CONFIG_PATH="$saved_PKG_CONFIG_PATH" - fi + APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $modpath_current/Makefile" - if test "x$ap_nghttp2_base" != "x" -a "x$ap_nghttp2_found" = "x"; then - if test "x$CPPFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting CPPFLAGS to \"-I$ap_nghttp2_base/include\"" - CPPFLAGS="-I$ap_nghttp2_base/include" - else - apr_addto_bugger="-I$ap_nghttp2_base/include" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $CPPFLAGS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to CPPFLAGS" - CPPFLAGS="$CPPFLAGS $i" - fi - done + + + + + current_dir=loggers + modpath_current=modules/loggers + modpath_static= + modpath_shared= + for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do + eval MOD_$var= + done + test -d loggers || $srcdir/build/mkdir.sh $modpath_current + > $modpath_current/modules.mk + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_log_config" >&5 +$as_echo_n "checking whether to enable mod_log_config... " >&6; } + # Check whether --enable-log-config was given. +if test "${enable_log_config+set}" = set; then : + enableval=$enable_log_config; force_log_config=$enableval +else + enable_log_config=yes +fi + + _apmod_extra_msg="" + case "$enable_log_config" in + yes|static|shared) + _apmod_required="yes" + ;; + *) + case "$module_selection" in + reallyall|all|most) + _apmod_required="no" + ;; + *) + _apmod_required="yes" + ;; + esac + esac + if test "$enable_log_config" = "static"; then + enable_log_config=static + elif test "$enable_log_config" = "yes"; then + enable_log_config=$module_default + elif test "$enable_log_config" = "most"; then + if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ + "$module_selection" = "reallyall" + then + enable_log_config=$module_default + elif test "$module_selection" = "few" -o "$module_selection" = "none"; then + enable_log_config=no + fi + _apmod_extra_msg=" ($module_selection)" + elif test "$enable_log_config" = "maybe-all"; then + if test "$module_selection" = "all" -o "$module_selection" = "reallyall" + then + enable_log_config=$module_default + _apmod_extra_msg=" ($module_selection)" + else + enable_log_config=no + fi + elif test "$enable_log_config" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_log_config" != "no" ; then + enable_log_config=$module_default + _apmod_extra_msg=" ($module_selection)" fi + if test "$enable_log_config" != "no"; then + : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_log_config$_apmod_extra_msg" >&5 +$as_echo "$enable_log_config$_apmod_extra_msg" >&6; } + if test "$enable_log_config" != "no"; then + case "$enable_log_config" in + static*) + MODLIST="$MODLIST log_config" + if test "log_config" = "so"; then + sharedobjs=yes + fi + shared="";; + *) + enable_log_config=`echo $enable_log_config|sed 's/shared,*//'` + sharedobjs=yes + shared=yes + DSO_MODULES="$DSO_MODULES log_config" + if test "yes" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},log_config" + fi + ;; + esac - if test "x$MOD_CFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_CFLAGS to \"-I$ap_nghttp2_base/include\"" - MOD_CFLAGS="-I$ap_nghttp2_base/include" + if test -z ""; then + objects="mod_log_config.lo" else - apr_addto_bugger="-I$ap_nghttp2_base/include" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $MOD_CFLAGS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_CFLAGS" - MOD_CFLAGS="$MOD_CFLAGS $i" - fi - done + objects="" fi + if test -z "$module_standalone"; then + if test -z "$shared"; then + # The filename of a convenience library must have a "lib" prefix: + libname="libmod_log_config.la" + BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" + modpath_static="$modpath_static $libname" + cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<= 1.2.1" >&5 -$as_echo_n "checking for nghttp2 version >= 1.2.1... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -#if !defined(NGHTTP2_VERSION_NUM) -#error "Missing nghttp2 version" -#endif -#if NGHTTP2_VERSION_NUM < 0x010201 -#error "Unsupported nghttp2 version " NGHTTP2_VERSION_TEXT -#endif - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: OK" >&5 -$as_echo "OK" >&6; } - ac_cv_nghttp2=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_log_debug" >&5 +$as_echo_n "checking whether to enable mod_log_debug... " >&6; } + # Check whether --enable-log-debug was given. +if test "${enable_log_debug+set}" = set; then : + enableval=$enable_log_debug; force_log_debug=$enableval else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: FAILED" >&5 -$as_echo "FAILED" >&6; } + enable_log_debug=most fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - if test "x$ac_cv_nghttp2" = "xyes"; then - ap_nghttp2_libs="${ap_nghttp2_libs:--lnghttp2} `$apr_config --libs`" + _apmod_extra_msg="" + case "$enable_log_debug" in + yes|static|shared) + _apmod_required="yes" + ;; + *) + case "$module_selection" in + reallyall|all|most) + _apmod_required="no" + ;; + *) + _apmod_required="yes" + ;; + esac + esac + if test "$enable_log_debug" = "static"; then + enable_log_debug=static + elif test "$enable_log_debug" = "yes"; then + enable_log_debug=$module_default + elif test "$enable_log_debug" = "most"; then + if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ + "$module_selection" = "reallyall" + then + enable_log_debug=$module_default + elif test "$module_selection" = "few" -o "$module_selection" = "none"; then + enable_log_debug=no + fi + _apmod_extra_msg=" ($module_selection)" + elif test "$enable_log_debug" = "maybe-all"; then + if test "$module_selection" = "all" -o "$module_selection" = "reallyall" + then + enable_log_debug=$module_default + _apmod_extra_msg=" ($module_selection)" + else + enable_log_debug=no + fi + elif test "$enable_log_debug" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_log_debug" != "no" ; then + enable_log_debug=$module_default + _apmod_extra_msg=" ($module_selection)" + fi + if test "$enable_log_debug" != "no"; then + : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_log_debug$_apmod_extra_msg" >&5 +$as_echo "$enable_log_debug$_apmod_extra_msg" >&6; } + if test "$enable_log_debug" != "no"; then + case "$enable_log_debug" in + static*) + MODLIST="$MODLIST log_debug" + if test "log_debug" = "so"; then + sharedobjs=yes + fi + shared="";; + *) + enable_log_debug=`echo $enable_log_debug|sed 's/shared,*//'` + sharedobjs=yes + shared=yes + DSO_MODULES="$DSO_MODULES log_debug" + if test "most" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},log_debug" + fi + ;; + esac - if test "x$MOD_LDFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$ap_nghttp2_libs\"" - MOD_LDFLAGS="$ap_nghttp2_libs" + + if test -z ""; then + objects="mod_log_debug.lo" else - apr_addto_bugger="$ap_nghttp2_libs" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $MOD_LDFLAGS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" - MOD_LDFLAGS="$MOD_LDFLAGS $i" - fi - done + objects="" fi + if test -z "$module_standalone"; then + if test -z "$shared"; then + # The filename of a convenience library must have a "lib" prefix: + libname="libmod_log_debug.la" + BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" + modpath_static="$modpath_static $libname" + cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<>confdefs.h <<_ACEOF -#define HAVE_NGHTTP2_NGHTTP2_H 1 -_ACEOF - -fi - -done - - for ac_func in nghttp2_session_server_new2 -do : - ac_fn_c_check_func "$LINENO" "nghttp2_session_server_new2" "ac_cv_func_nghttp2_session_server_new2" -if test "x$ac_cv_func_nghttp2_session_server_new2" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_NGHTTP2_SESSION_SERVER_NEW2 1 -_ACEOF - + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_log_forensic" >&5 +$as_echo_n "checking whether to enable mod_log_forensic... " >&6; } + # Check whether --enable-log-forensic was given. +if test "${enable_log_forensic+set}" = set; then : + enableval=$enable_log_forensic; force_log_forensic=$enableval else - liberrors="yes" -fi -done - - if test "x$liberrors" != "x"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: nghttp2 library is unusable" >&5 -$as_echo "$as_me: WARNING: nghttp2 library is unusable" >&2;} - fi - for ac_func in nghttp2_stream_get_weight -do : - ac_fn_c_check_func "$LINENO" "nghttp2_stream_get_weight" "ac_cv_func_nghttp2_stream_get_weight" -if test "x$ac_cv_func_nghttp2_stream_get_weight" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_NGHTTP2_STREAM_GET_WEIGHT 1 -_ACEOF - - if test "x$MOD_CPPFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_CPPFLAGS to \""-DH2_NG2_STREAM_API"\"" - MOD_CPPFLAGS=""-DH2_NG2_STREAM_API"" - else - apr_addto_bugger=""-DH2_NG2_STREAM_API"" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $MOD_CPPFLAGS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_CPPFLAGS" - MOD_CPPFLAGS="$MOD_CPPFLAGS $i" - fi - done - fi - -fi -done - - for ac_func in nghttp2_session_change_stream_priority -do : - ac_fn_c_check_func "$LINENO" "nghttp2_session_change_stream_priority" "ac_cv_func_nghttp2_session_change_stream_priority" -if test "x$ac_cv_func_nghttp2_session_change_stream_priority" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_NGHTTP2_SESSION_CHANGE_STREAM_PRIORITY 1 -_ACEOF - - if test "x$MOD_CPPFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_CPPFLAGS to \""-DH2_NG2_CHANGE_PRIO"\"" - MOD_CPPFLAGS=""-DH2_NG2_CHANGE_PRIO"" - else - apr_addto_bugger=""-DH2_NG2_CHANGE_PRIO"" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $MOD_CPPFLAGS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_CPPFLAGS" - MOD_CPPFLAGS="$MOD_CPPFLAGS $i" - fi - done - fi - + enable_log_forensic=maybe-all fi -done - else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: nghttp2 version is too old" >&5 -$as_echo "$as_me: WARNING: nghttp2 version is too old" >&2;} + _apmod_extra_msg="" + case "$enable_log_forensic" in + yes|static|shared) + _apmod_required="yes" + ;; + *) + case "$module_selection" in + reallyall|all|most) + _apmod_required="no" + ;; + *) + _apmod_required="yes" + ;; + esac + esac + if test "$enable_log_forensic" = "static"; then + enable_log_forensic=static + elif test "$enable_log_forensic" = "yes"; then + enable_log_forensic=$module_default + elif test "$enable_log_forensic" = "most"; then + if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ + "$module_selection" = "reallyall" + then + enable_log_forensic=$module_default + elif test "$module_selection" = "few" -o "$module_selection" = "none"; then + enable_log_forensic=no fi - - CPPFLAGS="$saved_CPPFLAGS" - LIBS="$saved_LIBS" - LDFLAGS="$saved_LDFLAGS" - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_nghttp2" >&5 -$as_echo "$ac_cv_nghttp2" >&6; } - if test "x$ac_cv_nghttp2" = "xyes"; then - -$as_echo "#define HAVE_NGHTTP2 1" >>confdefs.h - - fi - - if test "$ac_cv_nghttp2" = "yes" ; then - if test "x$enable_http2" = "xshared"; then - # The only symbol which needs to be exported is the module - # structure, so ask libtool to hide everything else: - - if test "x$MOD_HTTP2_LDADD" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_HTTP2_LDADD to \"-export-symbols-regex http2_module\"" - MOD_HTTP2_LDADD="-export-symbols-regex http2_module" - else - apr_addto_bugger="-export-symbols-regex http2_module" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $MOD_HTTP2_LDADD; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_HTTP2_LDADD" - MOD_HTTP2_LDADD="$MOD_HTTP2_LDADD $i" - fi - done - fi - - fi + _apmod_extra_msg=" ($module_selection)" + elif test "$enable_log_forensic" = "maybe-all"; then + if test "$module_selection" = "all" -o "$module_selection" = "reallyall" + then + enable_log_forensic=$module_default + _apmod_extra_msg=" ($module_selection)" else - enable_http2=no + enable_log_forensic=no fi - + elif test "$enable_log_forensic" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_log_forensic" != "no" ; then + enable_log_forensic=$module_default + _apmod_extra_msg=" ($module_selection)" + fi + if test "$enable_log_forensic" != "no"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_http2" >&5 -$as_echo_n "checking whether to enable mod_http2... " >&6; } - if test "$enable_http2" = "no"; then - if test "$_apmod_required" = "no"; then - _apmod_extra_msg=" (disabled)" - else - as_fn_error $? "mod_http2 has been requested but can not be built due to prerequisite failures" "$LINENO" 5 - fi - fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_http2$_apmod_extra_msg" >&5 -$as_echo "$enable_http2$_apmod_extra_msg" >&6; } - if test "$enable_http2" != "no"; then - case "$enable_http2" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_log_forensic$_apmod_extra_msg" >&5 +$as_echo "$enable_log_forensic$_apmod_extra_msg" >&6; } + if test "$enable_log_forensic" != "no"; then + case "$enable_log_forensic" in static*) - MODLIST="$MODLIST http2" - if test "http2" = "so"; then + MODLIST="$MODLIST log_forensic" + if test "log_forensic" = "so"; then sharedobjs=yes fi shared="";; *) - enable_http2=`echo $enable_http2|sed 's/shared,*//'` + enable_log_forensic=`echo $enable_log_forensic|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES http2" - if test "most" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},http2" + DSO_MODULES="$DSO_MODULES log_forensic" + if test "" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},log_forensic" fi ;; esac - if test -z "$http2_objs"; then - objects="mod_http2.lo" + if test -z ""; then + objects="mod_log_forensic.lo" else - objects="$http2_objs" + objects="" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_http2.la" + libname="libmod_log_forensic.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<> $modpath_current/modules.mk - echo "static = $modpath_static" >> $modpath_current/modules.mk - echo "shared = $modpath_shared" >> $modpath_current/modules.mk - for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do - if eval val=\"\$MOD_$var\"; test -n "$val"; then - echo "MOD_$var = $val" >> $modpath_current/modules.mk - fi - done - if test ! -z "$modpath_static" -o ! -z "$modpath_shared"; then - MODULE_DIRS="$MODULE_DIRS $current_dir" + if test "x$INCLUDES" = "x"; then + test "x$silent" != "xyes" && echo " setting INCLUDES to \"-I\$(top_builddir)/server\"" + INCLUDES="-I\$(top_builddir)/server" else - MODULE_CLEANDIRS="$MODULE_CLEANDIRS $current_dir" + apr_addto_bugger="-I\$(top_builddir)/server" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $INCLUDES; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to INCLUDES" + INCLUDES="$INCLUDES $i" + fi + done fi - APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $modpath_current/Makefile" - - - - - - - - current_dir=ldap - modpath_current=modules/ldap - modpath_static= - modpath_shared= - for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do - eval MOD_$var= - done - test -d ldap || $srcdir/build/mkdir.sh $modpath_current - > $modpath_current/modules.mk - +fi -ldap_objects="util_ldap.lo util_ldap_cache.lo util_ldap_cache_mgr.lo" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_ldap" >&5 -$as_echo_n "checking whether to enable mod_ldap... " >&6; } - # Check whether --enable-ldap was given. -if test "${enable_ldap+set}" = set; then : - enableval=$enable_ldap; force_ldap=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_logio" >&5 +$as_echo_n "checking whether to enable mod_logio... " >&6; } + # Check whether --enable-logio was given. +if test "${enable_logio+set}" = set; then : + enableval=$enable_logio; force_logio=$enableval else - enable_ldap=most + enable_logio=most fi _apmod_extra_msg="" - case "$enable_ldap" in + case "$enable_logio" in yes|static|shared) _apmod_required="yes" ;; @@ -18964,159 +18886,80 @@ fi ;; esac esac - if test "$enable_ldap" = "static"; then - enable_ldap=static - elif test "$enable_ldap" = "yes"; then - enable_ldap=$module_default - elif test "$enable_ldap" = "most"; then + if test "$enable_logio" = "static"; then + enable_logio=static + elif test "$enable_logio" = "yes"; then + enable_logio=$module_default + elif test "$enable_logio" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_ldap=$module_default + enable_logio=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_ldap=no + enable_logio=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_ldap" = "maybe-all"; then + elif test "$enable_logio" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_ldap=$module_default + enable_logio=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_ldap=no + enable_logio=no fi - elif test "$enable_ldap" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_ldap" != "no" ; then - enable_ldap=$module_default + elif test "$enable_logio" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_logio" != "no" ; then + enable_logio=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_ldap" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 -$as_echo "checking dependencies" >&6; } - : - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap support in apr/apr-util" >&5 -$as_echo_n "checking for ldap support in apr/apr-util... " >&6; } -if ${ac_cv_APR_HAS_LDAP+:} false; then : - $as_echo_n "(cached) " >&6 -else - - apache_old_cppflags="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS $INCLUDES" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -#if APR_HAS_LDAP -YES_IS_DEFINED -#endif - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "YES_IS_DEFINED" >/dev/null 2>&1; then : - ac_cv_APR_HAS_LDAP=yes -else - ac_cv_APR_HAS_LDAP=no -fi -rm -f conftest* - - CPPFLAGS="$apache_old_cppflags" - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_APR_HAS_LDAP" >&5 -$as_echo "$ac_cv_APR_HAS_LDAP" >&6; } - - if test "$ac_cv_APR_HAS_LDAP" = "yes" ; then - if test -z "$apu_config" ; then - LDAP_LIBS="`$apr_config --ldap-libs`" - else - LDAP_LIBS="`$apu_config --ldap-libs`" - fi - - if test "x$MOD_LDAP_LDADD" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_LDAP_LDADD to \"$LDAP_LIBS\"" - MOD_LDAP_LDADD="$LDAP_LIBS" - else - apr_addto_bugger="$LDAP_LIBS" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $MOD_LDAP_LDADD; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDAP_LDADD" - MOD_LDAP_LDADD="$MOD_LDAP_LDADD $i" - fi - done - fi - - - else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: apr/apr-util is compiled without ldap support" >&5 -$as_echo "$as_me: WARNING: apr/apr-util is compiled without ldap support" >&2;} - enable_ldap=no - fi - + if test "$enable_logio" != "no"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_ldap" >&5 -$as_echo_n "checking whether to enable mod_ldap... " >&6; } - if test "$enable_ldap" = "no"; then - if test "$_apmod_required" = "no"; then - _apmod_extra_msg=" (disabled)" - else - as_fn_error $? "mod_ldap has been requested but can not be built due to prerequisite failures" "$LINENO" 5 - fi - fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_ldap$_apmod_extra_msg" >&5 -$as_echo "$enable_ldap$_apmod_extra_msg" >&6; } - if test "$enable_ldap" != "no"; then - case "$enable_ldap" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_logio$_apmod_extra_msg" >&5 +$as_echo "$enable_logio$_apmod_extra_msg" >&6; } + if test "$enable_logio" != "no"; then + case "$enable_logio" in static*) - MODLIST="$MODLIST ldap" - if test "ldap" = "so"; then + MODLIST="$MODLIST logio" + if test "logio" = "so"; then sharedobjs=yes fi shared="";; *) - enable_ldap=`echo $enable_ldap|sed 's/shared,*//'` + enable_logio=`echo $enable_logio|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES ldap" - if test "most " = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},ldap" + DSO_MODULES="$DSO_MODULES logio" + if test "most" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},logio" fi ;; esac - if test -z "$ldap_objects"; then - objects="mod_ldap.lo" + if test -z ""; then + objects="mod_logio.lo" else - objects="$ldap_objects" + objects="" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_ldap.la" + libname="libmod_logio.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk< $modpath_current/modules.mk - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_log_config" >&5 -$as_echo_n "checking whether to enable mod_log_config... " >&6; } - # Check whether --enable-log-config was given. -if test "${enable_log_config+set}" = set; then : - enableval=$enable_log_config; force_log_config=$enableval + +lua_objects="lua_apr.lo lua_config.lo mod_lua.lo lua_request.lo lua_vmprep.lo lua_dbd.lo lua_passwd.lo" + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_lua" >&5 +$as_echo_n "checking whether to enable mod_lua... " >&6; } + # Check whether --enable-lua was given. +if test "${enable_lua+set}" = set; then : + enableval=$enable_lua; force_lua=$enableval else - enable_log_config=yes + enable_lua=maybe-all fi _apmod_extra_msg="" - case "$enable_log_config" in + case "$enable_lua" in yes|static|shared) _apmod_required="yes" ;; @@ -19233,59 +19079,1029 @@ fi ;; esac esac - if test "$enable_log_config" = "static"; then - enable_log_config=static - elif test "$enable_log_config" = "yes"; then - enable_log_config=$module_default - elif test "$enable_log_config" = "most"; then + if test "$enable_lua" = "static"; then + enable_lua=static + elif test "$enable_lua" = "yes"; then + enable_lua=$module_default + elif test "$enable_lua" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_log_config=$module_default + enable_lua=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_log_config=no + enable_lua=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_log_config" = "maybe-all"; then + elif test "$enable_lua" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_log_config=$module_default + enable_lua=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_log_config=no + enable_lua=no fi - elif test "$enable_log_config" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_log_config" != "no" ; then - enable_log_config=$module_default + elif test "$enable_lua" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_lua" != "no" ; then + enable_lua=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_log_config" != "no"; then + if test "$enable_lua" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 +$as_echo "checking dependencies" >&6; } : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_log_config$_apmod_extra_msg" >&5 -$as_echo "$enable_log_config$_apmod_extra_msg" >&6; } - if test "$enable_log_config" != "no"; then - case "$enable_log_config" in - static*) - MODLIST="$MODLIST log_config" - if test "log_config" = "so"; then - sharedobjs=yes - fi - shared="";; - *) - enable_log_config=`echo $enable_log_config|sed 's/shared,*//'` - sharedobjs=yes - shared=yes - DSO_MODULES="$DSO_MODULES log_config" + + + +# Check whether --with-lua was given. +if test "${with_lua+set}" = set; then : + withval=$with_lua; lua_path="$withval" +else + : +fi + + +if test -z "$lua_path"; then + test_paths=". /usr/local /usr" +else + test_paths="${lua_path}" +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pow in -lm" >&5 +$as_echo_n "checking for pow in -lm... " >&6; } +if ${ac_cv_lib_m_pow+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lm $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pow (); +int +main () +{ +return pow (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_m_pow=yes +else + ac_cv_lib_m_pow=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_m_pow" >&5 +$as_echo "$ac_cv_lib_m_pow" >&6; } +if test "x$ac_cv_lib_m_pow" = xyes; then : + lib_m="-lm" +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sqrt in -lm" >&5 +$as_echo_n "checking for sqrt in -lm... " >&6; } +if ${ac_cv_lib_m_sqrt+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lm $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char sqrt (); +int +main () +{ +return sqrt (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_m_sqrt=yes +else + ac_cv_lib_m_sqrt=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_m_sqrt" >&5 +$as_echo "$ac_cv_lib_m_sqrt" >&6; } +if test "x$ac_cv_lib_m_sqrt" = xyes; then : + lib_m="-lm" +fi + +for x in $test_paths ; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lua.h in ${x}/include/lua-5.2" >&5 +$as_echo_n "checking for lua.h in ${x}/include/lua-5.2... " >&6; } + if test -f ${x}/include/lua-5.2/lua.h; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + save_CFLAGS=$CFLAGS + save_LDFLAGS=$LDFLAGS + CFLAGS="$CFLAGS" + LDFLAGS="-L$x/lib/lua-5.2 $LDFLAGS $lib_m" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for luaL_newstate in -llua-5.2" >&5 +$as_echo_n "checking for luaL_newstate in -llua-5.2... " >&6; } +if ${ac_cv_lib_lua_5_2_luaL_newstate+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-llua-5.2 $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char luaL_newstate (); +int +main () +{ +return luaL_newstate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_lua_5_2_luaL_newstate=yes +else + ac_cv_lib_lua_5_2_luaL_newstate=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lua_5_2_luaL_newstate" >&5 +$as_echo "$ac_cv_lib_lua_5_2_luaL_newstate" >&6; } +if test "x$ac_cv_lib_lua_5_2_luaL_newstate" = xyes; then : + + LUA_LIBS="-L$x/lib/lua-5.2 -llua-5.2 $lib_m" + if test "x$ap_platform_runtime_link_flag" != "x"; then + + if test "x$LUA_LIBS" = "x"; then + test "x$silent" != "xyes" && echo " setting LUA_LIBS to \"$ap_platform_runtime_link_flag$x/lib/lua-5.2\"" + LUA_LIBS="$ap_platform_runtime_link_flag$x/lib/lua-5.2" + else + apr_addto_bugger="$ap_platform_runtime_link_flag$x/lib/lua-5.2" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $LUA_LIBS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to LUA_LIBS" + LUA_LIBS="$LUA_LIBS $i" + fi + done + fi + + fi + LUA_CFLAGS="-I$x/include/lua-5.2" + +fi + + CFLAGS=$save_CFLAGS + LDFLAGS=$save_LDFLAGS + break + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lua.h in ${x}/include/lua5.2" >&5 +$as_echo_n "checking for lua.h in ${x}/include/lua5.2... " >&6; } + if test -f ${x}/include/lua5.2/lua.h; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + save_CFLAGS=$CFLAGS + save_LDFLAGS=$LDFLAGS + CFLAGS="$CFLAGS" + LDFLAGS="-L$x/lib $LDFLAGS $lib_m" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for luaL_newstate in -llua5.2" >&5 +$as_echo_n "checking for luaL_newstate in -llua5.2... " >&6; } +if ${ac_cv_lib_lua5_2_luaL_newstate+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-llua5.2 $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char luaL_newstate (); +int +main () +{ +return luaL_newstate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_lua5_2_luaL_newstate=yes +else + ac_cv_lib_lua5_2_luaL_newstate=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lua5_2_luaL_newstate" >&5 +$as_echo "$ac_cv_lib_lua5_2_luaL_newstate" >&6; } +if test "x$ac_cv_lib_lua5_2_luaL_newstate" = xyes; then : + + LUA_LIBS="-L$x/lib -llua5.2 $lib_m" + if test "x$ap_platform_runtime_link_flag" != "x"; then + + if test "x$LUA_LIBS" = "x"; then + test "x$silent" != "xyes" && echo " setting LUA_LIBS to \"$ap_platform_runtime_link_flag$x/lib\"" + LUA_LIBS="$ap_platform_runtime_link_flag$x/lib" + else + apr_addto_bugger="$ap_platform_runtime_link_flag$x/lib" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $LUA_LIBS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to LUA_LIBS" + LUA_LIBS="$LUA_LIBS $i" + fi + done + fi + + fi + LUA_CFLAGS="-I$x/include/lua5.2" + +fi + + CFLAGS=$save_CFLAGS + LDFLAGS=$save_LDFLAGS + break + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lua.h in ${x}/include/lua52" >&5 +$as_echo_n "checking for lua.h in ${x}/include/lua52... " >&6; } + if test -f ${x}/include/lua52/lua.h; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + save_CFLAGS=$CFLAGS + save_LDFLAGS=$LDFLAGS + CFLAGS="$CFLAGS" + LDFLAGS="-L$x/lib/lua52 $LDFLAGS $lib_m" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for luaL_newstate in -llua" >&5 +$as_echo_n "checking for luaL_newstate in -llua... " >&6; } +if ${ac_cv_lib_lua_luaL_newstate+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-llua $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char luaL_newstate (); +int +main () +{ +return luaL_newstate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_lua_luaL_newstate=yes +else + ac_cv_lib_lua_luaL_newstate=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lua_luaL_newstate" >&5 +$as_echo "$ac_cv_lib_lua_luaL_newstate" >&6; } +if test "x$ac_cv_lib_lua_luaL_newstate" = xyes; then : + + LUA_LIBS="-L$x/lib/lua52 -llua $lib_m" + if test "x$ap_platform_runtime_link_flag" != "x"; then + + if test "x$LUA_LIBS" = "x"; then + test "x$silent" != "xyes" && echo " setting LUA_LIBS to \"$ap_platform_runtime_link_flag$x/lib/lua52\"" + LUA_LIBS="$ap_platform_runtime_link_flag$x/lib/lua52" + else + apr_addto_bugger="$ap_platform_runtime_link_flag$x/lib/lua52" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $LUA_LIBS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to LUA_LIBS" + LUA_LIBS="$LUA_LIBS $i" + fi + done + fi + + fi + LUA_CFLAGS="-I$x/include/lua52" + +fi + + CFLAGS=$save_CFLAGS + LDFLAGS=$save_LDFLAGS + break + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lua.h in ${x}/include" >&5 +$as_echo_n "checking for lua.h in ${x}/include... " >&6; } + if test -f ${x}/include/lua.h; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + save_CFLAGS=$CFLAGS + save_LDFLAGS=$LDFLAGS + CFLAGS="$CFLAGS" + LDFLAGS="-L$x/lib $LDFLAGS $lib_m" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for luaL_newstate in -llua" >&5 +$as_echo_n "checking for luaL_newstate in -llua... " >&6; } +if ${ac_cv_lib_lua_luaL_newstate+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-llua $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char luaL_newstate (); +int +main () +{ +return luaL_newstate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_lua_luaL_newstate=yes +else + ac_cv_lib_lua_luaL_newstate=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lua_luaL_newstate" >&5 +$as_echo "$ac_cv_lib_lua_luaL_newstate" >&6; } +if test "x$ac_cv_lib_lua_luaL_newstate" = xyes; then : + + LUA_LIBS="-L$x/lib -llua $lib_m" + if test "x$ap_platform_runtime_link_flag" != "x"; then + + if test "x$LUA_LIBS" = "x"; then + test "x$silent" != "xyes" && echo " setting LUA_LIBS to \"$ap_platform_runtime_link_flag$x/lib\"" + LUA_LIBS="$ap_platform_runtime_link_flag$x/lib" + else + apr_addto_bugger="$ap_platform_runtime_link_flag$x/lib" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $LUA_LIBS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to LUA_LIBS" + LUA_LIBS="$LUA_LIBS $i" + fi + done + fi + + fi + LUA_CFLAGS="-I$x/include" + +fi + + CFLAGS=$save_CFLAGS + LDFLAGS=$save_LDFLAGS + break + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lua.h in ${x}/include/lua-5.1" >&5 +$as_echo_n "checking for lua.h in ${x}/include/lua-5.1... " >&6; } + if test -f ${x}/include/lua-5.1/lua.h; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + save_CFLAGS=$CFLAGS + save_LDFLAGS=$LDFLAGS + CFLAGS="$CFLAGS" + LDFLAGS="-L$x/lib/lua-5.1 $LDFLAGS $lib_m" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for luaL_newstate in -llua-5.1" >&5 +$as_echo_n "checking for luaL_newstate in -llua-5.1... " >&6; } +if ${ac_cv_lib_lua_5_1_luaL_newstate+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-llua-5.1 $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char luaL_newstate (); +int +main () +{ +return luaL_newstate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_lua_5_1_luaL_newstate=yes +else + ac_cv_lib_lua_5_1_luaL_newstate=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lua_5_1_luaL_newstate" >&5 +$as_echo "$ac_cv_lib_lua_5_1_luaL_newstate" >&6; } +if test "x$ac_cv_lib_lua_5_1_luaL_newstate" = xyes; then : + + LUA_LIBS="-L$x/lib/lua-5.1 -llua-5.1 $lib_m" + if test "x$ap_platform_runtime_link_flag" != "x"; then + + if test "x$LUA_LIBS" = "x"; then + test "x$silent" != "xyes" && echo " setting LUA_LIBS to \"$ap_platform_runtime_link_flag$x/lib/lua-5.1\"" + LUA_LIBS="$ap_platform_runtime_link_flag$x/lib/lua-5.1" + else + apr_addto_bugger="$ap_platform_runtime_link_flag$x/lib/lua-5.1" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $LUA_LIBS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to LUA_LIBS" + LUA_LIBS="$LUA_LIBS $i" + fi + done + fi + + fi + LUA_CFLAGS="-I$x/include/lua-5.1" + +fi + + CFLAGS=$save_CFLAGS + LDFLAGS=$save_LDFLAGS + break + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lua.h in ${x}/include/lua5.1" >&5 +$as_echo_n "checking for lua.h in ${x}/include/lua5.1... " >&6; } + if test -f ${x}/include/lua5.1/lua.h; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + save_CFLAGS=$CFLAGS + save_LDFLAGS=$LDFLAGS + CFLAGS="$CFLAGS" + LDFLAGS="-L$x/lib $LDFLAGS $lib_m" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for luaL_newstate in -llua5.1" >&5 +$as_echo_n "checking for luaL_newstate in -llua5.1... " >&6; } +if ${ac_cv_lib_lua5_1_luaL_newstate+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-llua5.1 $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char luaL_newstate (); +int +main () +{ +return luaL_newstate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_lua5_1_luaL_newstate=yes +else + ac_cv_lib_lua5_1_luaL_newstate=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lua5_1_luaL_newstate" >&5 +$as_echo "$ac_cv_lib_lua5_1_luaL_newstate" >&6; } +if test "x$ac_cv_lib_lua5_1_luaL_newstate" = xyes; then : + + LUA_LIBS="-L$x/lib -llua5.1 $lib_m" + if test "x$ap_platform_runtime_link_flag" != "x"; then + + if test "x$LUA_LIBS" = "x"; then + test "x$silent" != "xyes" && echo " setting LUA_LIBS to \"$ap_platform_runtime_link_flag$x/lib\"" + LUA_LIBS="$ap_platform_runtime_link_flag$x/lib" + else + apr_addto_bugger="$ap_platform_runtime_link_flag$x/lib" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $LUA_LIBS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to LUA_LIBS" + LUA_LIBS="$LUA_LIBS $i" + fi + done + fi + + fi + LUA_CFLAGS="-I$x/include/lua5.1" + +fi + + CFLAGS=$save_CFLAGS + LDFLAGS=$save_LDFLAGS + break + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lua.h in ${x}/include/lua51" >&5 +$as_echo_n "checking for lua.h in ${x}/include/lua51... " >&6; } + if test -f ${x}/include/lua51/lua.h; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + save_CFLAGS=$CFLAGS + save_LDFLAGS=$LDFLAGS + CFLAGS="$CFLAGS" + LDFLAGS="-L$x/lib/lua51 $LDFLAGS $lib_m" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for luaL_newstate in -llua" >&5 +$as_echo_n "checking for luaL_newstate in -llua... " >&6; } +if ${ac_cv_lib_lua_luaL_newstate+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-llua $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char luaL_newstate (); +int +main () +{ +return luaL_newstate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_lua_luaL_newstate=yes +else + ac_cv_lib_lua_luaL_newstate=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lua_luaL_newstate" >&5 +$as_echo "$ac_cv_lib_lua_luaL_newstate" >&6; } +if test "x$ac_cv_lib_lua_luaL_newstate" = xyes; then : + + LUA_LIBS="-L$x/lib/lua51 -llua $lib_m" + if test "x$ap_platform_runtime_link_flag" != "x"; then + + if test "x$LUA_LIBS" = "x"; then + test "x$silent" != "xyes" && echo " setting LUA_LIBS to \"$ap_platform_runtime_link_flag$x/lib/lua51\"" + LUA_LIBS="$ap_platform_runtime_link_flag$x/lib/lua51" + else + apr_addto_bugger="$ap_platform_runtime_link_flag$x/lib/lua51" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $LUA_LIBS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to LUA_LIBS" + LUA_LIBS="$LUA_LIBS $i" + fi + done + fi + + fi + LUA_CFLAGS="-I$x/include/lua51" + +fi + + CFLAGS=$save_CFLAGS + LDFLAGS=$save_LDFLAGS + break + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi +done + + + + +if test -z "${LUA_LIBS}"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: *** Lua 5.2 or 5.1 library not found." >&5 +$as_echo "$as_me: WARNING: *** Lua 5.2 or 5.1 library not found." >&2;} + enable_lua="no" + if test -z "${lua_path}"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Lua 5.2 or 5.1 library is required" >&5 +$as_echo "$as_me: WARNING: Lua 5.2 or 5.1 library is required" >&2;} + else + as_fn_error $? "Lua 5.2 or 5.1 library is required" "$LINENO" 5 + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: using '${LUA_LIBS}' for Lua Library" >&5 +$as_echo "$as_me: using '${LUA_LIBS}' for Lua Library" >&6;} + # Check whether --enable-luajit was given. +if test "${enable_luajit+set}" = set; then : + enableval=$enable_luajit; + if test "$enableval" = "yes"; then + + if test "x$MOD_CPPFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_CPPFLAGS to \""-DAP_ENABLE_LUAJIT"\"" + MOD_CPPFLAGS=""-DAP_ENABLE_LUAJIT"" + else + apr_addto_bugger=""-DAP_ENABLE_LUAJIT"" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $MOD_CPPFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_CPPFLAGS" + MOD_CPPFLAGS="$MOD_CPPFLAGS $i" + fi + done + fi + + fi + +fi + + +fi + + if test "x$enable_lua" != "xno" ; then + + if test "x$MOD_INCLUDES" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_INCLUDES to \"$LUA_CFLAGS\"" + MOD_INCLUDES="$LUA_CFLAGS" + else + apr_addto_bugger="$LUA_CFLAGS" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $MOD_INCLUDES; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_INCLUDES" + MOD_INCLUDES="$MOD_INCLUDES $i" + fi + done + fi + + + if test "x$MOD_LUA_LDADD" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LUA_LDADD to \"$LUA_LIBS\"" + MOD_LUA_LDADD="$LUA_LIBS" + else + apr_addto_bugger="$LUA_LIBS" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $MOD_LUA_LDADD; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LUA_LDADD" + MOD_LUA_LDADD="$MOD_LUA_LDADD $i" + fi + done + fi + + fi + + : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_lua" >&5 +$as_echo_n "checking whether to enable mod_lua... " >&6; } + if test "$enable_lua" = "no"; then + if test "$_apmod_required" = "no"; then + _apmod_extra_msg=" (disabled)" + else + as_fn_error $? "mod_lua has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + fi + fi + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_lua$_apmod_extra_msg" >&5 +$as_echo "$enable_lua$_apmod_extra_msg" >&6; } + if test "$enable_lua" != "no"; then + case "$enable_lua" in + static*) + MODLIST="$MODLIST lua" + if test "lua" = "so"; then + sharedobjs=yes + fi + shared="";; + *) + enable_lua=`echo $enable_lua|sed 's/shared,*//'` + sharedobjs=yes + shared=yes + DSO_MODULES="$DSO_MODULES lua" + if test "" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},lua" + fi + ;; + esac + + + if test -z "$lua_objects"; then + objects="mod_lua.lo" + else + objects="$lua_objects" + fi + + if test -z "$module_standalone"; then + if test -z "$shared"; then + # The filename of a convenience library must have a "lib" prefix: + libname="libmod_lua.la" + BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" + modpath_static="$modpath_static $libname" + cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<> $modpath_current/modules.mk + echo "static = $modpath_static" >> $modpath_current/modules.mk + echo "shared = $modpath_shared" >> $modpath_current/modules.mk + for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do + if eval val=\"\$MOD_$var\"; test -n "$val"; then + echo "MOD_$var = $val" >> $modpath_current/modules.mk + fi + done + if test ! -z "$modpath_static" -o ! -z "$modpath_shared"; then + MODULE_DIRS="$MODULE_DIRS $current_dir" + else + MODULE_CLEANDIRS="$MODULE_CLEANDIRS $current_dir" + fi + + APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $modpath_current/Makefile" + + + + + + + current_dir=metadata + modpath_current=modules/metadata + modpath_static= + modpath_shared= + for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do + eval MOD_$var= + done + test -d metadata || $srcdir/build/mkdir.sh $modpath_current + > $modpath_current/modules.mk + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_env" >&5 +$as_echo_n "checking whether to enable mod_env... " >&6; } + # Check whether --enable-env was given. +if test "${enable_env+set}" = set; then : + enableval=$enable_env; force_env=$enableval +else + enable_env=yes +fi + + _apmod_extra_msg="" + case "$enable_env" in + yes|static|shared) + _apmod_required="yes" + ;; + *) + case "$module_selection" in + reallyall|all|most) + _apmod_required="no" + ;; + *) + _apmod_required="yes" + ;; + esac + esac + if test "$enable_env" = "static"; then + enable_env=static + elif test "$enable_env" = "yes"; then + enable_env=$module_default + elif test "$enable_env" = "most"; then + if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ + "$module_selection" = "reallyall" + then + enable_env=$module_default + elif test "$module_selection" = "few" -o "$module_selection" = "none"; then + enable_env=no + fi + _apmod_extra_msg=" ($module_selection)" + elif test "$enable_env" = "maybe-all"; then + if test "$module_selection" = "all" -o "$module_selection" = "reallyall" + then + enable_env=$module_default + _apmod_extra_msg=" ($module_selection)" + else + enable_env=no + fi + elif test "$enable_env" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_env" != "no" ; then + enable_env=$module_default + _apmod_extra_msg=" ($module_selection)" + fi + if test "$enable_env" != "no"; then + : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_env$_apmod_extra_msg" >&5 +$as_echo "$enable_env$_apmod_extra_msg" >&6; } + if test "$enable_env" != "no"; then + case "$enable_env" in + static*) + MODLIST="$MODLIST env" + if test "env" = "so"; then + sharedobjs=yes + fi + shared="";; + *) + enable_env=`echo $enable_env|sed 's/shared,*//'` + sharedobjs=yes + shared=yes + DSO_MODULES="$DSO_MODULES env" if test "yes" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},log_config" + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},env" fi ;; esac if test -z ""; then - objects="mod_log_config.lo" + objects="mod_env.lo" else objects="" fi @@ -19293,20 +20109,20 @@ $as_echo "$enable_log_config$_apmod_extra_msg" >&6; } if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_log_config.la" + libname="libmod_env.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_log_debug... " >&6; } - # Check whether --enable-log-debug was given. -if test "${enable_log_debug+set}" = set; then : - enableval=$enable_log_debug; force_log_debug=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_mime_magic" >&5 +$as_echo_n "checking whether to enable mod_mime_magic... " >&6; } + # Check whether --enable-mime-magic was given. +if test "${enable_mime_magic+set}" = set; then : + enableval=$enable_mime_magic; force_mime_magic=$enableval else - enable_log_debug=most + enable_mime_magic=maybe-all fi _apmod_extra_msg="" - case "$enable_log_debug" in + case "$enable_mime_magic" in yes|static|shared) _apmod_required="yes" ;; @@ -19367,59 +20183,193 @@ fi ;; esac esac - if test "$enable_log_debug" = "static"; then - enable_log_debug=static - elif test "$enable_log_debug" = "yes"; then - enable_log_debug=$module_default - elif test "$enable_log_debug" = "most"; then + if test "$enable_mime_magic" = "static"; then + enable_mime_magic=static + elif test "$enable_mime_magic" = "yes"; then + enable_mime_magic=$module_default + elif test "$enable_mime_magic" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_log_debug=$module_default + enable_mime_magic=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_log_debug=no + enable_mime_magic=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_log_debug" = "maybe-all"; then + elif test "$enable_mime_magic" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_log_debug=$module_default + enable_mime_magic=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_log_debug=no + enable_mime_magic=no fi - elif test "$enable_log_debug" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_log_debug" != "no" ; then - enable_log_debug=$module_default + elif test "$enable_mime_magic" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_mime_magic" != "no" ; then + enable_mime_magic=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_log_debug" != "no"; then + if test "$enable_mime_magic" != "no"; then : fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_log_debug$_apmod_extra_msg" >&5 -$as_echo "$enable_log_debug$_apmod_extra_msg" >&6; } - if test "$enable_log_debug" != "no"; then - case "$enable_log_debug" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_mime_magic$_apmod_extra_msg" >&5 +$as_echo "$enable_mime_magic$_apmod_extra_msg" >&6; } + if test "$enable_mime_magic" != "no"; then + case "$enable_mime_magic" in static*) - MODLIST="$MODLIST log_debug" - if test "log_debug" = "so"; then + MODLIST="$MODLIST mime_magic" + if test "mime_magic" = "so"; then + sharedobjs=yes + fi + shared="";; + *) + enable_mime_magic=`echo $enable_mime_magic|sed 's/shared,*//'` + sharedobjs=yes + shared=yes + DSO_MODULES="$DSO_MODULES mime_magic" + if test "" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mime_magic" + fi + ;; + esac + + + if test -z ""; then + objects="mod_mime_magic.lo" + else + objects="" + fi + + if test -z "$module_standalone"; then + if test -z "$shared"; then + # The filename of a convenience library must have a "lib" prefix: + libname="libmod_mime_magic.la" + BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" + modpath_static="$modpath_static $libname" + cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 +$as_echo_n "checking whether to enable mod_cern_meta... " >&6; } + # Check whether --enable-cern-meta was given. +if test "${enable_cern_meta+set}" = set; then : + enableval=$enable_cern_meta; force_cern_meta=$enableval +else + enable_cern_meta=no +fi + + _apmod_extra_msg="" + case "$enable_cern_meta" in + yes|static|shared) + _apmod_required="yes" + ;; + *) + case "$module_selection" in + reallyall|all|most) + _apmod_required="no" + ;; + *) + _apmod_required="yes" + ;; + esac + esac + if test "$enable_cern_meta" = "static"; then + enable_cern_meta=static + elif test "$enable_cern_meta" = "yes"; then + enable_cern_meta=$module_default + elif test "$enable_cern_meta" = "most"; then + if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ + "$module_selection" = "reallyall" + then + enable_cern_meta=$module_default + elif test "$module_selection" = "few" -o "$module_selection" = "none"; then + enable_cern_meta=no + fi + _apmod_extra_msg=" ($module_selection)" + elif test "$enable_cern_meta" = "maybe-all"; then + if test "$module_selection" = "all" -o "$module_selection" = "reallyall" + then + enable_cern_meta=$module_default + _apmod_extra_msg=" ($module_selection)" + else + enable_cern_meta=no + fi + elif test "$enable_cern_meta" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_cern_meta" != "no" ; then + enable_cern_meta=$module_default + _apmod_extra_msg=" ($module_selection)" + fi + if test "$enable_cern_meta" != "no"; then + : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_cern_meta$_apmod_extra_msg" >&5 +$as_echo "$enable_cern_meta$_apmod_extra_msg" >&6; } + if test "$enable_cern_meta" != "no"; then + case "$enable_cern_meta" in + static*) + MODLIST="$MODLIST cern_meta" + if test "cern_meta" = "so"; then sharedobjs=yes fi shared="";; *) - enable_log_debug=`echo $enable_log_debug|sed 's/shared,*//'` + enable_cern_meta=`echo $enable_cern_meta|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES log_debug" - if test "most" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},log_debug" + DSO_MODULES="$DSO_MODULES cern_meta" + if test "no" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},cern_meta" fi ;; esac if test -z ""; then - objects="mod_log_debug.lo" + objects="mod_cern_meta.lo" else objects="" fi @@ -19427,20 +20377,20 @@ $as_echo "$enable_log_debug$_apmod_extra_msg" >&6; } if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_log_debug.la" + libname="libmod_cern_meta.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_log_forensic... " >&6; } - # Check whether --enable-log-forensic was given. -if test "${enable_log_forensic+set}" = set; then : - enableval=$enable_log_forensic; force_log_forensic=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_expires" >&5 +$as_echo_n "checking whether to enable mod_expires... " >&6; } + # Check whether --enable-expires was given. +if test "${enable_expires+set}" = set; then : + enableval=$enable_expires; force_expires=$enableval else - enable_log_forensic=maybe-all + enable_expires=most fi _apmod_extra_msg="" - case "$enable_log_forensic" in + case "$enable_expires" in yes|static|shared) _apmod_required="yes" ;; @@ -19501,59 +20451,59 @@ fi ;; esac esac - if test "$enable_log_forensic" = "static"; then - enable_log_forensic=static - elif test "$enable_log_forensic" = "yes"; then - enable_log_forensic=$module_default - elif test "$enable_log_forensic" = "most"; then + if test "$enable_expires" = "static"; then + enable_expires=static + elif test "$enable_expires" = "yes"; then + enable_expires=$module_default + elif test "$enable_expires" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_log_forensic=$module_default + enable_expires=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_log_forensic=no + enable_expires=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_log_forensic" = "maybe-all"; then + elif test "$enable_expires" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_log_forensic=$module_default + enable_expires=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_log_forensic=no + enable_expires=no fi - elif test "$enable_log_forensic" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_log_forensic" != "no" ; then - enable_log_forensic=$module_default + elif test "$enable_expires" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_expires" != "no" ; then + enable_expires=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_log_forensic" != "no"; then + if test "$enable_expires" != "no"; then : fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_log_forensic$_apmod_extra_msg" >&5 -$as_echo "$enable_log_forensic$_apmod_extra_msg" >&6; } - if test "$enable_log_forensic" != "no"; then - case "$enable_log_forensic" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_expires$_apmod_extra_msg" >&5 +$as_echo "$enable_expires$_apmod_extra_msg" >&6; } + if test "$enable_expires" != "no"; then + case "$enable_expires" in static*) - MODLIST="$MODLIST log_forensic" - if test "log_forensic" = "so"; then + MODLIST="$MODLIST expires" + if test "expires" = "so"; then sharedobjs=yes fi shared="";; *) - enable_log_forensic=`echo $enable_log_forensic|sed 's/shared,*//'` + enable_expires=`echo $enable_expires|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES log_forensic" - if test "" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},log_forensic" + DSO_MODULES="$DSO_MODULES expires" + if test "most" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},expires" fi ;; esac if test -z ""; then - objects="mod_log_forensic.lo" + objects="mod_expires.lo" else objects="" fi @@ -19561,20 +20511,20 @@ $as_echo "$enable_log_forensic$_apmod_extra_msg" >&6; } if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_log_forensic.la" + libname="libmod_expires.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_logio... " >&6; } - # Check whether --enable-logio was given. -if test "${enable_logio+set}" = set; then : - enableval=$enable_logio; force_logio=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_headers" >&5 +$as_echo_n "checking whether to enable mod_headers... " >&6; } + # Check whether --enable-headers was given. +if test "${enable_headers+set}" = set; then : + enableval=$enable_headers; force_headers=$enableval else - enable_logio=most + enable_headers=yes fi _apmod_extra_msg="" - case "$enable_logio" in + case "$enable_headers" in yes|static|shared) _apmod_required="yes" ;; @@ -19661,59 +20585,59 @@ fi ;; esac esac - if test "$enable_logio" = "static"; then - enable_logio=static - elif test "$enable_logio" = "yes"; then - enable_logio=$module_default - elif test "$enable_logio" = "most"; then + if test "$enable_headers" = "static"; then + enable_headers=static + elif test "$enable_headers" = "yes"; then + enable_headers=$module_default + elif test "$enable_headers" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_logio=$module_default + enable_headers=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_logio=no + enable_headers=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_logio" = "maybe-all"; then + elif test "$enable_headers" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_logio=$module_default + enable_headers=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_logio=no + enable_headers=no fi - elif test "$enable_logio" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_logio" != "no" ; then - enable_logio=$module_default + elif test "$enable_headers" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_headers" != "no" ; then + enable_headers=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_logio" != "no"; then + if test "$enable_headers" != "no"; then : fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_logio$_apmod_extra_msg" >&5 -$as_echo "$enable_logio$_apmod_extra_msg" >&6; } - if test "$enable_logio" != "no"; then - case "$enable_logio" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_headers$_apmod_extra_msg" >&5 +$as_echo "$enable_headers$_apmod_extra_msg" >&6; } + if test "$enable_headers" != "no"; then + case "$enable_headers" in static*) - MODLIST="$MODLIST logio" - if test "logio" = "so"; then + MODLIST="$MODLIST headers" + if test "headers" = "so"; then sharedobjs=yes fi shared="";; *) - enable_logio=`echo $enable_logio|sed 's/shared,*//'` + enable_headers=`echo $enable_headers|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES logio" - if test "most" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},logio" + DSO_MODULES="$DSO_MODULES headers" + if test "yes" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},headers" fi ;; esac if test -z ""; then - objects="mod_logio.lo" + objects="mod_headers.lo" else objects="" fi @@ -19721,126 +20645,67 @@ $as_echo "$enable_logio$_apmod_extra_msg" >&6; } if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_logio.la" + libname="libmod_headers.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<> $modpath_current/modules.mk - echo "static = $modpath_static" >> $modpath_current/modules.mk - echo "shared = $modpath_shared" >> $modpath_current/modules.mk - for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do - if eval val=\"\$MOD_$var\"; test -n "$val"; then - echo "MOD_$var = $val" >> $modpath_current/modules.mk + fi + else + apache_need_shared=yes + libname="mod_headers.la" + shobjects=`echo $objects | sed 's/\.lo/.slo/g'` + modpath_shared="$modpath_shared $libname" + cat >>$modpath_current/modules.mk< $modpath_current/modules.mk + APACHE_VAR_SUBST="$APACHE_VAR_SUBST MOD_HEADERS_LDADD" -lua_objects="lua_apr.lo lua_config.lo mod_lua.lo lua_request.lo lua_vmprep.lo lua_dbd.lo lua_passwd.lo" + fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_lua" >&5 -$as_echo_n "checking whether to enable mod_lua... " >&6; } - # Check whether --enable-lua was given. -if test "${enable_lua+set}" = set; then : - enableval=$enable_lua; force_lua=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_ident" >&5 +$as_echo_n "checking whether to enable mod_ident... " >&6; } + # Check whether --enable-ident was given. +if test "${enable_ident+set}" = set; then : + enableval=$enable_ident; force_ident=$enableval else - enable_lua=maybe-all + enable_ident=no fi _apmod_extra_msg="" - case "$enable_lua" in + case "$enable_ident" in yes|static|shared) _apmod_required="yes" ;; @@ -19854,860 +20719,789 @@ fi ;; esac esac - if test "$enable_lua" = "static"; then - enable_lua=static - elif test "$enable_lua" = "yes"; then - enable_lua=$module_default - elif test "$enable_lua" = "most"; then + if test "$enable_ident" = "static"; then + enable_ident=static + elif test "$enable_ident" = "yes"; then + enable_ident=$module_default + elif test "$enable_ident" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_lua=$module_default + enable_ident=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_lua=no + enable_ident=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_lua" = "maybe-all"; then + elif test "$enable_ident" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_lua=$module_default + enable_ident=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_lua=no + enable_ident=no fi - elif test "$enable_lua" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_lua" != "no" ; then - enable_lua=$module_default + elif test "$enable_ident" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_ident" != "no" ; then + enable_ident=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_lua" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 -$as_echo "checking dependencies" >&6; } + if test "$enable_ident" != "no"; then : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_ident$_apmod_extra_msg" >&5 +$as_echo "$enable_ident$_apmod_extra_msg" >&6; } + if test "$enable_ident" != "no"; then + case "$enable_ident" in + static*) + MODLIST="$MODLIST ident" + if test "ident" = "so"; then + sharedobjs=yes + fi + shared="";; + *) + enable_ident=`echo $enable_ident|sed 's/shared,*//'` + sharedobjs=yes + shared=yes + DSO_MODULES="$DSO_MODULES ident" + if test "no" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},ident" + fi + ;; + esac - -# Check whether --with-lua was given. -if test "${with_lua+set}" = set; then : - withval=$with_lua; lua_path="$withval" -else - : -fi - - -if test -z "$lua_path"; then - test_paths=". /usr/local /usr" -else - test_paths="${lua_path}" -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pow in -lm" >&5 -$as_echo_n "checking for pow in -lm... " >&6; } -if ${ac_cv_lib_m_pow+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lm $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char pow (); -int -main () -{ -return pow (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_m_pow=yes -else - ac_cv_lib_m_pow=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_m_pow" >&5 -$as_echo "$ac_cv_lib_m_pow" >&6; } -if test "x$ac_cv_lib_m_pow" = xyes; then : - lib_m="-lm" -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sqrt in -lm" >&5 -$as_echo_n "checking for sqrt in -lm... " >&6; } -if ${ac_cv_lib_m_sqrt+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lm $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char sqrt (); -int -main () -{ -return sqrt (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_m_sqrt=yes -else - ac_cv_lib_m_sqrt=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_m_sqrt" >&5 -$as_echo "$ac_cv_lib_m_sqrt" >&6; } -if test "x$ac_cv_lib_m_sqrt" = xyes; then : - lib_m="-lm" -fi - -for x in $test_paths ; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lua.h in ${x}/include/lua-5.2" >&5 -$as_echo_n "checking for lua.h in ${x}/include/lua-5.2... " >&6; } - if test -f ${x}/include/lua-5.2/lua.h; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - save_CFLAGS=$CFLAGS - save_LDFLAGS=$LDFLAGS - CFLAGS="$CFLAGS" - LDFLAGS="-L$x/lib/lua-5.2 $LDFLAGS $lib_m" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for luaL_newstate in -llua-5.2" >&5 -$as_echo_n "checking for luaL_newstate in -llua-5.2... " >&6; } -if ${ac_cv_lib_lua_5_2_luaL_newstate+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-llua-5.2 $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char luaL_newstate (); -int -main () -{ -return luaL_newstate (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_lua_5_2_luaL_newstate=yes -else - ac_cv_lib_lua_5_2_luaL_newstate=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lua_5_2_luaL_newstate" >&5 -$as_echo "$ac_cv_lib_lua_5_2_luaL_newstate" >&6; } -if test "x$ac_cv_lib_lua_5_2_luaL_newstate" = xyes; then : - - LUA_LIBS="-L$x/lib/lua-5.2 -llua-5.2 $lib_m" - if test "x$ap_platform_runtime_link_flag" != "x"; then - - if test "x$LUA_LIBS" = "x"; then - test "x$silent" != "xyes" && echo " setting LUA_LIBS to \"$ap_platform_runtime_link_flag$x/lib/lua-5.2\"" - LUA_LIBS="$ap_platform_runtime_link_flag$x/lib/lua-5.2" + if test -z ""; then + objects="mod_ident.lo" else - apr_addto_bugger="$ap_platform_runtime_link_flag$x/lib/lua-5.2" + objects="" + fi + + if test -z "$module_standalone"; then + if test -z "$shared"; then + # The filename of a convenience library must have a "lib" prefix: + libname="libmod_ident.la" + BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" + modpath_static="$modpath_static $libname" + cat >>$modpath_current/modules.mk<&5 -$as_echo "no" >&6; } + apache_need_shared=yes + libname="mod_ident.la" + shobjects=`echo $objects | sed 's/\.lo/.slo/g'` + modpath_shared="$modpath_shared $libname" + cat >>$modpath_current/modules.mk<&5 -$as_echo_n "checking for lua.h in ${x}/include/lua5.2... " >&6; } - if test -f ${x}/include/lua5.2/lua.h; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - save_CFLAGS=$CFLAGS - save_LDFLAGS=$LDFLAGS - CFLAGS="$CFLAGS" - LDFLAGS="-L$x/lib $LDFLAGS $lib_m" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for luaL_newstate in -llua5.2" >&5 -$as_echo_n "checking for luaL_newstate in -llua5.2... " >&6; } -if ${ac_cv_lib_lua5_2_luaL_newstate+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-llua5.2 $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + fi + + + APACHE_VAR_SUBST="$APACHE_VAR_SUBST MOD_IDENT_LDADD" -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char luaL_newstate (); -int -main () -{ -return luaL_newstate (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_lua5_2_luaL_newstate=yes -else - ac_cv_lib_lua5_2_luaL_newstate=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lua5_2_luaL_newstate" >&5 -$as_echo "$ac_cv_lib_lua5_2_luaL_newstate" >&6; } -if test "x$ac_cv_lib_lua5_2_luaL_newstate" = xyes; then : - LUA_LIBS="-L$x/lib -llua5.2 $lib_m" - if test "x$ap_platform_runtime_link_flag" != "x"; then - if test "x$LUA_LIBS" = "x"; then - test "x$silent" != "xyes" && echo " setting LUA_LIBS to \"$ap_platform_runtime_link_flag$x/lib\"" - LUA_LIBS="$ap_platform_runtime_link_flag$x/lib" - else - apr_addto_bugger="$ap_platform_runtime_link_flag$x/lib" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $LUA_LIBS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to LUA_LIBS" - LUA_LIBS="$LUA_LIBS $i" - fi - done fi - fi - LUA_CFLAGS="-I$x/include/lua5.2" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_usertrack" >&5 +$as_echo_n "checking whether to enable mod_usertrack... " >&6; } + # Check whether --enable-usertrack was given. +if test "${enable_usertrack+set}" = set; then : + enableval=$enable_usertrack; force_usertrack=$enableval +else + enable_usertrack=maybe-all fi - CFLAGS=$save_CFLAGS - LDFLAGS=$save_LDFLAGS - break + _apmod_extra_msg="" + case "$enable_usertrack" in + yes|static|shared) + _apmod_required="yes" + ;; + *) + case "$module_selection" in + reallyall|all|most) + _apmod_required="no" + ;; + *) + _apmod_required="yes" + ;; + esac + esac + if test "$enable_usertrack" = "static"; then + enable_usertrack=static + elif test "$enable_usertrack" = "yes"; then + enable_usertrack=$module_default + elif test "$enable_usertrack" = "most"; then + if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ + "$module_selection" = "reallyall" + then + enable_usertrack=$module_default + elif test "$module_selection" = "few" -o "$module_selection" = "none"; then + enable_usertrack=no + fi + _apmod_extra_msg=" ($module_selection)" + elif test "$enable_usertrack" = "maybe-all"; then + if test "$module_selection" = "all" -o "$module_selection" = "reallyall" + then + enable_usertrack=$module_default + _apmod_extra_msg=" ($module_selection)" else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + enable_usertrack=no fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lua.h in ${x}/include/lua52" >&5 -$as_echo_n "checking for lua.h in ${x}/include/lua52... " >&6; } - if test -f ${x}/include/lua52/lua.h; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - save_CFLAGS=$CFLAGS - save_LDFLAGS=$LDFLAGS - CFLAGS="$CFLAGS" - LDFLAGS="-L$x/lib/lua52 $LDFLAGS $lib_m" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for luaL_newstate in -llua" >&5 -$as_echo_n "checking for luaL_newstate in -llua... " >&6; } -if ${ac_cv_lib_lua_luaL_newstate+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-llua $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + elif test "$enable_usertrack" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_usertrack" != "no" ; then + enable_usertrack=$module_default + _apmod_extra_msg=" ($module_selection)" + fi + if test "$enable_usertrack" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 +$as_echo "checking dependencies" >&6; } + : -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char luaL_newstate (); -int -main () -{ -return luaL_newstate (); - ; - return 0; -} + for ac_header in sys/times.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "sys/times.h" "ac_cv_header_sys_times_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_times_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SYS_TIMES_H 1 _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_lua_luaL_newstate=yes -else - ac_cv_lib_lua_luaL_newstate=no + fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS + +done + + for ac_func in times +do : + ac_fn_c_check_func "$LINENO" "times" "ac_cv_func_times" +if test "x$ac_cv_func_times" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_TIMES 1 +_ACEOF + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lua_luaL_newstate" >&5 -$as_echo "$ac_cv_lib_lua_luaL_newstate" >&6; } -if test "x$ac_cv_lib_lua_luaL_newstate" = xyes; then : +done + + + : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_usertrack" >&5 +$as_echo_n "checking whether to enable mod_usertrack... " >&6; } + if test "$enable_usertrack" = "no"; then + if test "$_apmod_required" = "no"; then + _apmod_extra_msg=" (disabled)" + else + as_fn_error $? "mod_usertrack has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + fi + fi + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_usertrack$_apmod_extra_msg" >&5 +$as_echo "$enable_usertrack$_apmod_extra_msg" >&6; } + if test "$enable_usertrack" != "no"; then + case "$enable_usertrack" in + static*) + MODLIST="$MODLIST usertrack" + if test "usertrack" = "so"; then + sharedobjs=yes + fi + shared="";; + *) + enable_usertrack=`echo $enable_usertrack|sed 's/shared,*//'` + sharedobjs=yes + shared=yes + DSO_MODULES="$DSO_MODULES usertrack" + if test "" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},usertrack" + fi + ;; + esac - LUA_LIBS="-L$x/lib/lua52 -llua $lib_m" - if test "x$ap_platform_runtime_link_flag" != "x"; then - if test "x$LUA_LIBS" = "x"; then - test "x$silent" != "xyes" && echo " setting LUA_LIBS to \"$ap_platform_runtime_link_flag$x/lib/lua52\"" - LUA_LIBS="$ap_platform_runtime_link_flag$x/lib/lua52" + if test -z ""; then + objects="mod_usertrack.lo" else - apr_addto_bugger="$ap_platform_runtime_link_flag$x/lib/lua52" + objects="" + fi + + if test -z "$module_standalone"; then + if test -z "$shared"; then + # The filename of a convenience library must have a "lib" prefix: + libname="libmod_usertrack.la" + BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" + modpath_static="$modpath_static $libname" + cat >>$modpath_current/modules.mk<&5 -$as_echo "no" >&6; } + apache_need_shared=yes + libname="mod_usertrack.la" + shobjects=`echo $objects | sed 's/\.lo/.slo/g'` + modpath_shared="$modpath_shared $libname" + cat >>$modpath_current/modules.mk<&5 -$as_echo_n "checking for lua.h in ${x}/include... " >&6; } - if test -f ${x}/include/lua.h; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - save_CFLAGS=$CFLAGS - save_LDFLAGS=$LDFLAGS - CFLAGS="$CFLAGS" - LDFLAGS="-L$x/lib $LDFLAGS $lib_m" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for luaL_newstate in -llua" >&5 -$as_echo_n "checking for luaL_newstate in -llua... " >&6; } -if ${ac_cv_lib_lua_luaL_newstate+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-llua $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + fi -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char luaL_newstate (); -int -main () -{ -return luaL_newstate (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_lua_luaL_newstate=yes -else - ac_cv_lib_lua_luaL_newstate=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lua_luaL_newstate" >&5 -$as_echo "$ac_cv_lib_lua_luaL_newstate" >&6; } -if test "x$ac_cv_lib_lua_luaL_newstate" = xyes; then : - LUA_LIBS="-L$x/lib -llua $lib_m" - if test "x$ap_platform_runtime_link_flag" != "x"; then + APACHE_VAR_SUBST="$APACHE_VAR_SUBST MOD_USERTRACK_LDADD" - if test "x$LUA_LIBS" = "x"; then - test "x$silent" != "xyes" && echo " setting LUA_LIBS to \"$ap_platform_runtime_link_flag$x/lib\"" - LUA_LIBS="$ap_platform_runtime_link_flag$x/lib" - else - apr_addto_bugger="$ap_platform_runtime_link_flag$x/lib" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $LUA_LIBS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to LUA_LIBS" - LUA_LIBS="$LUA_LIBS $i" - fi - done - fi - fi - LUA_CFLAGS="-I$x/include" -fi + fi - CFLAGS=$save_CFLAGS - LDFLAGS=$save_LDFLAGS - break - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lua.h in ${x}/include/lua-5.1" >&5 -$as_echo_n "checking for lua.h in ${x}/include/lua-5.1... " >&6; } - if test -f ${x}/include/lua-5.1/lua.h; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - save_CFLAGS=$CFLAGS - save_LDFLAGS=$LDFLAGS - CFLAGS="$CFLAGS" - LDFLAGS="-L$x/lib/lua-5.1 $LDFLAGS $lib_m" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for luaL_newstate in -llua-5.1" >&5 -$as_echo_n "checking for luaL_newstate in -llua-5.1... " >&6; } -if ${ac_cv_lib_lua_5_1_luaL_newstate+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-llua-5.1 $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char luaL_newstate (); -int -main () -{ -return luaL_newstate (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_lua_5_1_luaL_newstate=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_unique_id" >&5 +$as_echo_n "checking whether to enable mod_unique_id... " >&6; } + # Check whether --enable-unique-id was given. +if test "${enable_unique_id+set}" = set; then : + enableval=$enable_unique_id; force_unique_id=$enableval else - ac_cv_lib_lua_5_1_luaL_newstate=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS + enable_unique_id=most fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lua_5_1_luaL_newstate" >&5 -$as_echo "$ac_cv_lib_lua_5_1_luaL_newstate" >&6; } -if test "x$ac_cv_lib_lua_5_1_luaL_newstate" = xyes; then : - LUA_LIBS="-L$x/lib/lua-5.1 -llua-5.1 $lib_m" - if test "x$ap_platform_runtime_link_flag" != "x"; then + _apmod_extra_msg="" + case "$enable_unique_id" in + yes|static|shared) + _apmod_required="yes" + ;; + *) + case "$module_selection" in + reallyall|all|most) + _apmod_required="no" + ;; + *) + _apmod_required="yes" + ;; + esac + esac + if test "$enable_unique_id" = "static"; then + enable_unique_id=static + elif test "$enable_unique_id" = "yes"; then + enable_unique_id=$module_default + elif test "$enable_unique_id" = "most"; then + if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ + "$module_selection" = "reallyall" + then + enable_unique_id=$module_default + elif test "$module_selection" = "few" -o "$module_selection" = "none"; then + enable_unique_id=no + fi + _apmod_extra_msg=" ($module_selection)" + elif test "$enable_unique_id" = "maybe-all"; then + if test "$module_selection" = "all" -o "$module_selection" = "reallyall" + then + enable_unique_id=$module_default + _apmod_extra_msg=" ($module_selection)" + else + enable_unique_id=no + fi + elif test "$enable_unique_id" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_unique_id" != "no" ; then + enable_unique_id=$module_default + _apmod_extra_msg=" ($module_selection)" + fi + if test "$enable_unique_id" != "no"; then + : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_unique_id$_apmod_extra_msg" >&5 +$as_echo "$enable_unique_id$_apmod_extra_msg" >&6; } + if test "$enable_unique_id" != "no"; then + case "$enable_unique_id" in + static*) + MODLIST="$MODLIST unique_id" + if test "unique_id" = "so"; then + sharedobjs=yes + fi + shared="";; + *) + enable_unique_id=`echo $enable_unique_id|sed 's/shared,*//'` + sharedobjs=yes + shared=yes + DSO_MODULES="$DSO_MODULES unique_id" + if test "most" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},unique_id" + fi + ;; + esac + - if test "x$LUA_LIBS" = "x"; then - test "x$silent" != "xyes" && echo " setting LUA_LIBS to \"$ap_platform_runtime_link_flag$x/lib/lua-5.1\"" - LUA_LIBS="$ap_platform_runtime_link_flag$x/lib/lua-5.1" + if test -z ""; then + objects="mod_unique_id.lo" else - apr_addto_bugger="$ap_platform_runtime_link_flag$x/lib/lua-5.1" + objects="" + fi + + if test -z "$module_standalone"; then + if test -z "$shared"; then + # The filename of a convenience library must have a "lib" prefix: + libname="libmod_unique_id.la" + BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" + modpath_static="$modpath_static $libname" + cat >>$modpath_current/modules.mk<&5 -$as_echo "no" >&6; } + apache_need_shared=yes + libname="mod_unique_id.la" + shobjects=`echo $objects | sed 's/\.lo/.slo/g'` + modpath_shared="$modpath_shared $libname" + cat >>$modpath_current/modules.mk<&5 -$as_echo_n "checking for lua.h in ${x}/include/lua5.1... " >&6; } - if test -f ${x}/include/lua5.1/lua.h; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - save_CFLAGS=$CFLAGS - save_LDFLAGS=$LDFLAGS - CFLAGS="$CFLAGS" - LDFLAGS="-L$x/lib $LDFLAGS $lib_m" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for luaL_newstate in -llua5.1" >&5 -$as_echo_n "checking for luaL_newstate in -llua5.1... " >&6; } -if ${ac_cv_lib_lua5_1_luaL_newstate+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-llua5.1 $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + fi + + + APACHE_VAR_SUBST="$APACHE_VAR_SUBST MOD_UNIQUE_ID_LDADD" -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char luaL_newstate (); -int -main () -{ -return luaL_newstate (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_lua5_1_luaL_newstate=yes -else - ac_cv_lib_lua5_1_luaL_newstate=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lua5_1_luaL_newstate" >&5 -$as_echo "$ac_cv_lib_lua5_1_luaL_newstate" >&6; } -if test "x$ac_cv_lib_lua5_1_luaL_newstate" = xyes; then : - LUA_LIBS="-L$x/lib -llua5.1 $lib_m" - if test "x$ap_platform_runtime_link_flag" != "x"; then - if test "x$LUA_LIBS" = "x"; then - test "x$silent" != "xyes" && echo " setting LUA_LIBS to \"$ap_platform_runtime_link_flag$x/lib\"" - LUA_LIBS="$ap_platform_runtime_link_flag$x/lib" - else - apr_addto_bugger="$ap_platform_runtime_link_flag$x/lib" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $LUA_LIBS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to LUA_LIBS" - LUA_LIBS="$LUA_LIBS $i" - fi - done fi - fi - LUA_CFLAGS="-I$x/include/lua5.1" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_setenvif" >&5 +$as_echo_n "checking whether to enable mod_setenvif... " >&6; } + # Check whether --enable-setenvif was given. +if test "${enable_setenvif+set}" = set; then : + enableval=$enable_setenvif; force_setenvif=$enableval +else + enable_setenvif=yes fi - CFLAGS=$save_CFLAGS - LDFLAGS=$save_LDFLAGS - break + _apmod_extra_msg="" + case "$enable_setenvif" in + yes|static|shared) + _apmod_required="yes" + ;; + *) + case "$module_selection" in + reallyall|all|most) + _apmod_required="no" + ;; + *) + _apmod_required="yes" + ;; + esac + esac + if test "$enable_setenvif" = "static"; then + enable_setenvif=static + elif test "$enable_setenvif" = "yes"; then + enable_setenvif=$module_default + elif test "$enable_setenvif" = "most"; then + if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ + "$module_selection" = "reallyall" + then + enable_setenvif=$module_default + elif test "$module_selection" = "few" -o "$module_selection" = "none"; then + enable_setenvif=no + fi + _apmod_extra_msg=" ($module_selection)" + elif test "$enable_setenvif" = "maybe-all"; then + if test "$module_selection" = "all" -o "$module_selection" = "reallyall" + then + enable_setenvif=$module_default + _apmod_extra_msg=" ($module_selection)" else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + enable_setenvif=no fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lua.h in ${x}/include/lua51" >&5 -$as_echo_n "checking for lua.h in ${x}/include/lua51... " >&6; } - if test -f ${x}/include/lua51/lua.h; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - save_CFLAGS=$CFLAGS - save_LDFLAGS=$LDFLAGS - CFLAGS="$CFLAGS" - LDFLAGS="-L$x/lib/lua51 $LDFLAGS $lib_m" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for luaL_newstate in -llua" >&5 -$as_echo_n "checking for luaL_newstate in -llua... " >&6; } -if ${ac_cv_lib_lua_luaL_newstate+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-llua $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + elif test "$enable_setenvif" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_setenvif" != "no" ; then + enable_setenvif=$module_default + _apmod_extra_msg=" ($module_selection)" + fi + if test "$enable_setenvif" != "no"; then + : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_setenvif$_apmod_extra_msg" >&5 +$as_echo "$enable_setenvif$_apmod_extra_msg" >&6; } + if test "$enable_setenvif" != "no"; then + case "$enable_setenvif" in + static*) + MODLIST="$MODLIST setenvif" + if test "setenvif" = "so"; then + sharedobjs=yes + fi + shared="";; + *) + enable_setenvif=`echo $enable_setenvif|sed 's/shared,*//'` + sharedobjs=yes + shared=yes + DSO_MODULES="$DSO_MODULES setenvif" + if test "yes" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},setenvif" + fi + ;; + esac -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char luaL_newstate (); -int -main () -{ -return luaL_newstate (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_lua_luaL_newstate=yes -else - ac_cv_lib_lua_luaL_newstate=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lua_luaL_newstate" >&5 -$as_echo "$ac_cv_lib_lua_luaL_newstate" >&6; } -if test "x$ac_cv_lib_lua_luaL_newstate" = xyes; then : - LUA_LIBS="-L$x/lib/lua51 -llua $lib_m" - if test "x$ap_platform_runtime_link_flag" != "x"; then + if test -z ""; then + objects="mod_setenvif.lo" + else + objects="" + fi + + if test -z "$module_standalone"; then + if test -z "$shared"; then + # The filename of a convenience library must have a "lib" prefix: + libname="libmod_setenvif.la" + BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" + modpath_static="$modpath_static $libname" + cat >>$modpath_current/modules.mk<&5 -$as_echo "no" >&6; } + apache_need_shared=yes + libname="mod_setenvif.la" + shobjects=`echo $objects | sed 's/\.lo/.slo/g'` + modpath_shared="$modpath_shared $libname" + cat >>$modpath_current/modules.mk<&5 -$as_echo "$as_me: WARNING: *** Lua 5.2 or 5.1 library not found." >&2;} - enable_lua="no" - if test -z "${lua_path}"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Lua 5.2 or 5.1 library is required" >&5 -$as_echo "$as_me: WARNING: Lua 5.2 or 5.1 library is required" >&2;} + + fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_version" >&5 +$as_echo_n "checking whether to enable mod_version... " >&6; } + # Check whether --enable-version was given. +if test "${enable_version+set}" = set; then : + enableval=$enable_version; force_version=$enableval +else + enable_version=yes +fi + + _apmod_extra_msg="" + case "$enable_version" in + yes|static|shared) + _apmod_required="yes" + ;; + *) + case "$module_selection" in + reallyall|all|most) + _apmod_required="no" + ;; + *) + _apmod_required="yes" + ;; + esac + esac + if test "$enable_version" = "static"; then + enable_version=static + elif test "$enable_version" = "yes"; then + enable_version=$module_default + elif test "$enable_version" = "most"; then + if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ + "$module_selection" = "reallyall" + then + enable_version=$module_default + elif test "$module_selection" = "few" -o "$module_selection" = "none"; then + enable_version=no + fi + _apmod_extra_msg=" ($module_selection)" + elif test "$enable_version" = "maybe-all"; then + if test "$module_selection" = "all" -o "$module_selection" = "reallyall" + then + enable_version=$module_default + _apmod_extra_msg=" ($module_selection)" else - as_fn_error $? "Lua 5.2 or 5.1 library is required" "$LINENO" 5 + enable_version=no fi -else - { $as_echo "$as_me:${as_lineno-$LINENO}: using '${LUA_LIBS}' for Lua Library" >&5 -$as_echo "$as_me: using '${LUA_LIBS}' for Lua Library" >&6;} - # Check whether --enable-luajit was given. -if test "${enable_luajit+set}" = set; then : - enableval=$enable_luajit; - if test "$enableval" = "yes"; then + elif test "$enable_version" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_version" != "no" ; then + enable_version=$module_default + _apmod_extra_msg=" ($module_selection)" + fi + if test "$enable_version" != "no"; then + : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_version$_apmod_extra_msg" >&5 +$as_echo "$enable_version$_apmod_extra_msg" >&6; } + if test "$enable_version" != "no"; then + case "$enable_version" in + static*) + MODLIST="$MODLIST version" + if test "version" = "so"; then + sharedobjs=yes + fi + shared="";; + *) + enable_version=`echo $enable_version|sed 's/shared,*//'` + sharedobjs=yes + shared=yes + DSO_MODULES="$DSO_MODULES version" + if test "yes" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},version" + fi + ;; + esac - if test "x$MOD_CPPFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_CPPFLAGS to \""-DAP_ENABLE_LUAJIT"\"" - MOD_CPPFLAGS=""-DAP_ENABLE_LUAJIT"" + + if test -z ""; then + objects="mod_version.lo" else - apr_addto_bugger=""-DAP_ENABLE_LUAJIT"" + objects="" + fi + + if test -z "$module_standalone"; then + if test -z "$shared"; then + # The filename of a convenience library must have a "lib" prefix: + libname="libmod_version.la" + BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" + modpath_static="$modpath_static $libname" + cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 +$as_echo_n "checking whether to enable mod_remoteip... " >&6; } + # Check whether --enable-remoteip was given. +if test "${enable_remoteip+set}" = set; then : + enableval=$enable_remoteip; force_remoteip=$enableval +else + enable_remoteip=most +fi + _apmod_extra_msg="" + case "$enable_remoteip" in + yes|static|shared) + _apmod_required="yes" + ;; + *) + case "$module_selection" in + reallyall|all|most) + _apmod_required="no" + ;; + *) + _apmod_required="yes" + ;; + esac + esac + if test "$enable_remoteip" = "static"; then + enable_remoteip=static + elif test "$enable_remoteip" = "yes"; then + enable_remoteip=$module_default + elif test "$enable_remoteip" = "most"; then + if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ + "$module_selection" = "reallyall" + then + enable_remoteip=$module_default + elif test "$module_selection" = "few" -o "$module_selection" = "none"; then + enable_remoteip=no + fi + _apmod_extra_msg=" ($module_selection)" + elif test "$enable_remoteip" = "maybe-all"; then + if test "$module_selection" = "all" -o "$module_selection" = "reallyall" + then + enable_remoteip=$module_default + _apmod_extra_msg=" ($module_selection)" + else + enable_remoteip=no + fi + elif test "$enable_remoteip" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_remoteip" != "no" ; then + enable_remoteip=$module_default + _apmod_extra_msg=" ($module_selection)" fi - + if test "$enable_remoteip" != "no"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_lua" >&5 -$as_echo_n "checking whether to enable mod_lua... " >&6; } - if test "$enable_lua" = "no"; then - if test "$_apmod_required" = "no"; then - _apmod_extra_msg=" (disabled)" - else - as_fn_error $? "mod_lua has been requested but can not be built due to prerequisite failures" "$LINENO" 5 - fi - fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_lua$_apmod_extra_msg" >&5 -$as_echo "$enable_lua$_apmod_extra_msg" >&6; } - if test "$enable_lua" != "no"; then - case "$enable_lua" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_remoteip$_apmod_extra_msg" >&5 +$as_echo "$enable_remoteip$_apmod_extra_msg" >&6; } + if test "$enable_remoteip" != "no"; then + case "$enable_remoteip" in static*) - MODLIST="$MODLIST lua" - if test "lua" = "so"; then + MODLIST="$MODLIST remoteip" + if test "remoteip" = "so"; then sharedobjs=yes fi shared="";; *) - enable_lua=`echo $enable_lua|sed 's/shared,*//'` + enable_remoteip=`echo $enable_remoteip|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES lua" - if test "" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},lua" + DSO_MODULES="$DSO_MODULES remoteip" + if test "most" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},remoteip" fi ;; esac - if test -z "$lua_objects"; then - objects="mod_lua.lo" + if test -z ""; then + objects="mod_remoteip.lo" else - objects="$lua_objects" + objects="" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_lua.la" + libname="libmod_remoteip.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk< $modpath_current/modules.mk +if test "$enable_proxy" = "shared"; then + proxy_mods_enable=shared +elif test "$enable_proxy" = "yes"; then + proxy_mods_enable=yes +else + proxy_mods_enable=most +fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_env" >&5 -$as_echo_n "checking whether to enable mod_env... " >&6; } - # Check whether --enable-env was given. -if test "${enable_env+set}" = set; then : - enableval=$enable_env; force_env=$enableval +proxy_objs="mod_proxy.lo proxy_util.lo" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy" >&5 +$as_echo_n "checking whether to enable mod_proxy... " >&6; } + # Check whether --enable-proxy was given. +if test "${enable_proxy+set}" = set; then : + enableval=$enable_proxy; force_proxy=$enableval else - enable_env=yes + enable_proxy=$proxy_mods_enable fi _apmod_extra_msg="" - case "$enable_env" in + case "$enable_proxy" in yes|static|shared) _apmod_required="yes" ;; @@ -20824,80 +21604,80 @@ fi ;; esac esac - if test "$enable_env" = "static"; then - enable_env=static - elif test "$enable_env" = "yes"; then - enable_env=$module_default - elif test "$enable_env" = "most"; then + if test "$enable_proxy" = "static"; then + enable_proxy=static + elif test "$enable_proxy" = "yes"; then + enable_proxy=$module_default + elif test "$enable_proxy" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_env=$module_default + enable_proxy=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_env=no + enable_proxy=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_env" = "maybe-all"; then + elif test "$enable_proxy" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_env=$module_default + enable_proxy=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_env=no + enable_proxy=no fi - elif test "$enable_env" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_env" != "no" ; then - enable_env=$module_default + elif test "$enable_proxy" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_proxy" != "no" ; then + enable_proxy=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_env" != "no"; then + if test "$enable_proxy" != "no"; then : fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_env$_apmod_extra_msg" >&5 -$as_echo "$enable_env$_apmod_extra_msg" >&6; } - if test "$enable_env" != "no"; then - case "$enable_env" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy$_apmod_extra_msg" >&5 +$as_echo "$enable_proxy$_apmod_extra_msg" >&6; } + if test "$enable_proxy" != "no"; then + case "$enable_proxy" in static*) - MODLIST="$MODLIST env" - if test "env" = "so"; then + MODLIST="$MODLIST proxy" + if test "proxy" = "so"; then sharedobjs=yes fi shared="";; *) - enable_env=`echo $enable_env|sed 's/shared,*//'` + enable_proxy=`echo $enable_proxy|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES env" - if test "yes" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},env" + DSO_MODULES="$DSO_MODULES proxy" + if test "$proxy_mods_enable" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy" fi ;; esac - if test -z ""; then - objects="mod_env.lo" + if test -z "$proxy_objs"; then + objects="mod_proxy.lo" else - objects="" + objects="$proxy_objs" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_env.la" + libname="libmod_proxy.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_mime_magic... " >&6; } - # Check whether --enable-mime-magic was given. -if test "${enable_mime_magic+set}" = set; then : - enableval=$enable_mime_magic; force_mime_magic=$enableval +proxy_connect_objs="mod_proxy_connect.lo" +proxy_ftp_objs="mod_proxy_ftp.lo" +proxy_http_objs="mod_proxy_http.lo" +proxy_fcgi_objs="mod_proxy_fcgi.lo" +proxy_scgi_objs="mod_proxy_scgi.lo" +proxy_fdpass_objs="mod_proxy_fdpass.lo" +proxy_ajp_objs="mod_proxy_ajp.lo ajp_header.lo ajp_link.lo ajp_msg.lo ajp_utils.lo" +proxy_wstunnel_objs="mod_proxy_wstunnel.lo" +proxy_balancer_objs="mod_proxy_balancer.lo" + +case "$host" in + *os2*) + # OS/2 DLLs must resolve all symbols at build time and + # these sub-modules need some from the main proxy module + proxy_connect_objs="$proxy_connect_objs mod_proxy.la" + proxy_ftp_objs="$proxy_ftp_objs mod_proxy.la" + proxy_http_objs="$proxy_http_objs mod_proxy.la" + proxy_fcgi_objs="$proxy_fcgi_objs mod_proxy.la" + proxy_scgi_objs="$proxy_scgi_objs mod_proxy.la" + proxy_fdpass_objs="$proxy_fdpass_objs mod_proxy.la" + proxy_ajp_objs="$proxy_ajp_objs mod_proxy.la" + proxy_wstunnel_objs="$proxy_wstunnel_objs mod_proxy.la" + proxy_balancer_objs="$proxy_balancer_objs mod_proxy.la" + ;; +esac + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_connect" >&5 +$as_echo_n "checking whether to enable mod_proxy_connect... " >&6; } + # Check whether --enable-proxy-connect was given. +if test "${enable_proxy_connect+set}" = set; then : + enableval=$enable_proxy_connect; force_proxy_connect=$enableval else - enable_mime_magic=maybe-all + enable_proxy_connect=$proxy_mods_enable fi _apmod_extra_msg="" - case "$enable_mime_magic" in + case "$enable_proxy_connect" in yes|static|shared) _apmod_required="yes" ;; @@ -20958,80 +21765,101 @@ fi ;; esac esac - if test "$enable_mime_magic" = "static"; then - enable_mime_magic=static - elif test "$enable_mime_magic" = "yes"; then - enable_mime_magic=$module_default - elif test "$enable_mime_magic" = "most"; then + if test "$enable_proxy_connect" = "static"; then + enable_proxy_connect=static + elif test "$enable_proxy_connect" = "yes"; then + enable_proxy_connect=$module_default + elif test "$enable_proxy_connect" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_mime_magic=$module_default + enable_proxy_connect=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_mime_magic=no + enable_proxy_connect=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_mime_magic" = "maybe-all"; then + elif test "$enable_proxy_connect" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_mime_magic=$module_default + enable_proxy_connect=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_mime_magic=no + enable_proxy_connect=no fi - elif test "$enable_mime_magic" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_mime_magic" != "no" ; then - enable_mime_magic=$module_default + elif test "$enable_proxy_connect" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_proxy_connect" != "no" ; then + enable_proxy_connect=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_mime_magic" != "no"; then + if test "$enable_proxy_connect" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 +$as_echo "checking dependencies" >&6; } + if test "$enable_proxy" = "no" ; then + enable_proxy_connect=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_connect\"" >&5 +$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_connect\"" >&2;} + elif test "$enable_proxy_connect" = "static" && test "$enable_proxy" != "static" ; then + enable_proxy_connect=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_connect statically if mod_proxy is built shared\"" >&5 +$as_echo "$as_me: WARNING: \"cannot build mod_proxy_connect statically if mod_proxy is built shared\"" >&2;} + else : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_connect" >&5 +$as_echo_n "checking whether to enable mod_proxy_connect... " >&6; } + if test "$enable_proxy_connect" = "no"; then + if test "$_apmod_required" = "no"; then + _apmod_extra_msg=" (disabled)" + else + as_fn_error $? "mod_proxy_connect has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + fi + fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_mime_magic$_apmod_extra_msg" >&5 -$as_echo "$enable_mime_magic$_apmod_extra_msg" >&6; } - if test "$enable_mime_magic" != "no"; then - case "$enable_mime_magic" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_connect$_apmod_extra_msg" >&5 +$as_echo "$enable_proxy_connect$_apmod_extra_msg" >&6; } + if test "$enable_proxy_connect" != "no"; then + case "$enable_proxy_connect" in static*) - MODLIST="$MODLIST mime_magic" - if test "mime_magic" = "so"; then + MODLIST="$MODLIST proxy_connect" + if test "proxy_connect" = "so"; then sharedobjs=yes fi shared="";; *) - enable_mime_magic=`echo $enable_mime_magic|sed 's/shared,*//'` + enable_proxy_connect=`echo $enable_proxy_connect|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES mime_magic" - if test "" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mime_magic" + DSO_MODULES="$DSO_MODULES proxy_connect" + if test "$proxy_mods_enable" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_connect" fi ;; esac - if test -z ""; then - objects="mod_mime_magic.lo" + if test -z "$proxy_connect_objs"; then + objects="mod_proxy_connect.lo" else - objects="" + objects="$proxy_connect_objs" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_mime_magic.la" + libname="libmod_proxy_connect.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_cern_meta... " >&6; } - # Check whether --enable-cern-meta was given. -if test "${enable_cern_meta+set}" = set; then : - enableval=$enable_cern_meta; force_cern_meta=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_ftp" >&5 +$as_echo_n "checking whether to enable mod_proxy_ftp... " >&6; } + # Check whether --enable-proxy-ftp was given. +if test "${enable_proxy_ftp+set}" = set; then : + enableval=$enable_proxy_ftp; force_proxy_ftp=$enableval else - enable_cern_meta=no + enable_proxy_ftp=$proxy_mods_enable fi _apmod_extra_msg="" - case "$enable_cern_meta" in + case "$enable_proxy_ftp" in yes|static|shared) _apmod_required="yes" ;; @@ -21092,80 +21920,101 @@ fi ;; esac esac - if test "$enable_cern_meta" = "static"; then - enable_cern_meta=static - elif test "$enable_cern_meta" = "yes"; then - enable_cern_meta=$module_default - elif test "$enable_cern_meta" = "most"; then + if test "$enable_proxy_ftp" = "static"; then + enable_proxy_ftp=static + elif test "$enable_proxy_ftp" = "yes"; then + enable_proxy_ftp=$module_default + elif test "$enable_proxy_ftp" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_cern_meta=$module_default + enable_proxy_ftp=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_cern_meta=no + enable_proxy_ftp=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_cern_meta" = "maybe-all"; then + elif test "$enable_proxy_ftp" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_cern_meta=$module_default + enable_proxy_ftp=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_cern_meta=no + enable_proxy_ftp=no fi - elif test "$enable_cern_meta" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_cern_meta" != "no" ; then - enable_cern_meta=$module_default + elif test "$enable_proxy_ftp" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_proxy_ftp" != "no" ; then + enable_proxy_ftp=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_cern_meta" != "no"; then + if test "$enable_proxy_ftp" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 +$as_echo "checking dependencies" >&6; } + if test "$enable_proxy" = "no" ; then + enable_proxy_ftp=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_ftp\"" >&5 +$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_ftp\"" >&2;} + elif test "$enable_proxy_ftp" = "static" && test "$enable_proxy" != "static" ; then + enable_proxy_ftp=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_ftp statically if mod_proxy is built shared\"" >&5 +$as_echo "$as_me: WARNING: \"cannot build mod_proxy_ftp statically if mod_proxy is built shared\"" >&2;} + else : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_ftp" >&5 +$as_echo_n "checking whether to enable mod_proxy_ftp... " >&6; } + if test "$enable_proxy_ftp" = "no"; then + if test "$_apmod_required" = "no"; then + _apmod_extra_msg=" (disabled)" + else + as_fn_error $? "mod_proxy_ftp has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + fi + fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_cern_meta$_apmod_extra_msg" >&5 -$as_echo "$enable_cern_meta$_apmod_extra_msg" >&6; } - if test "$enable_cern_meta" != "no"; then - case "$enable_cern_meta" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_ftp$_apmod_extra_msg" >&5 +$as_echo "$enable_proxy_ftp$_apmod_extra_msg" >&6; } + if test "$enable_proxy_ftp" != "no"; then + case "$enable_proxy_ftp" in static*) - MODLIST="$MODLIST cern_meta" - if test "cern_meta" = "so"; then + MODLIST="$MODLIST proxy_ftp" + if test "proxy_ftp" = "so"; then sharedobjs=yes fi shared="";; *) - enable_cern_meta=`echo $enable_cern_meta|sed 's/shared,*//'` + enable_proxy_ftp=`echo $enable_proxy_ftp|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES cern_meta" - if test "no" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},cern_meta" + DSO_MODULES="$DSO_MODULES proxy_ftp" + if test "$proxy_mods_enable" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_ftp" fi ;; esac - if test -z ""; then - objects="mod_cern_meta.lo" + if test -z "$proxy_ftp_objs"; then + objects="mod_proxy_ftp.lo" else - objects="" + objects="$proxy_ftp_objs" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_cern_meta.la" + libname="libmod_proxy_ftp.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_expires... " >&6; } - # Check whether --enable-expires was given. -if test "${enable_expires+set}" = set; then : - enableval=$enable_expires; force_expires=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_http" >&5 +$as_echo_n "checking whether to enable mod_proxy_http... " >&6; } + # Check whether --enable-proxy-http was given. +if test "${enable_proxy_http+set}" = set; then : + enableval=$enable_proxy_http; force_proxy_http=$enableval else - enable_expires=most + enable_proxy_http=$proxy_mods_enable fi _apmod_extra_msg="" - case "$enable_expires" in + case "$enable_proxy_http" in yes|static|shared) _apmod_required="yes" ;; @@ -21226,80 +22075,101 @@ fi ;; esac esac - if test "$enable_expires" = "static"; then - enable_expires=static - elif test "$enable_expires" = "yes"; then - enable_expires=$module_default - elif test "$enable_expires" = "most"; then + if test "$enable_proxy_http" = "static"; then + enable_proxy_http=static + elif test "$enable_proxy_http" = "yes"; then + enable_proxy_http=$module_default + elif test "$enable_proxy_http" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_expires=$module_default + enable_proxy_http=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_expires=no + enable_proxy_http=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_expires" = "maybe-all"; then + elif test "$enable_proxy_http" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_expires=$module_default + enable_proxy_http=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_expires=no + enable_proxy_http=no fi - elif test "$enable_expires" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_expires" != "no" ; then - enable_expires=$module_default + elif test "$enable_proxy_http" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_proxy_http" != "no" ; then + enable_proxy_http=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_expires" != "no"; then + if test "$enable_proxy_http" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 +$as_echo "checking dependencies" >&6; } + if test "$enable_proxy" = "no" ; then + enable_proxy_http=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_http\"" >&5 +$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_http\"" >&2;} + elif test "$enable_proxy_http" = "static" && test "$enable_proxy" != "static" ; then + enable_proxy_http=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_http statically if mod_proxy is built shared\"" >&5 +$as_echo "$as_me: WARNING: \"cannot build mod_proxy_http statically if mod_proxy is built shared\"" >&2;} + else : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_http" >&5 +$as_echo_n "checking whether to enable mod_proxy_http... " >&6; } + if test "$enable_proxy_http" = "no"; then + if test "$_apmod_required" = "no"; then + _apmod_extra_msg=" (disabled)" + else + as_fn_error $? "mod_proxy_http has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + fi + fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_expires$_apmod_extra_msg" >&5 -$as_echo "$enable_expires$_apmod_extra_msg" >&6; } - if test "$enable_expires" != "no"; then - case "$enable_expires" in - static*) - MODLIST="$MODLIST expires" - if test "expires" = "so"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_http$_apmod_extra_msg" >&5 +$as_echo "$enable_proxy_http$_apmod_extra_msg" >&6; } + if test "$enable_proxy_http" != "no"; then + case "$enable_proxy_http" in + static*) + MODLIST="$MODLIST proxy_http" + if test "proxy_http" = "so"; then sharedobjs=yes fi shared="";; *) - enable_expires=`echo $enable_expires|sed 's/shared,*//'` + enable_proxy_http=`echo $enable_proxy_http|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES expires" - if test "most" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},expires" + DSO_MODULES="$DSO_MODULES proxy_http" + if test "$proxy_mods_enable" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_http" fi ;; esac - if test -z ""; then - objects="mod_expires.lo" + if test -z "$proxy_http_objs"; then + objects="mod_proxy_http.lo" else - objects="" + objects="$proxy_http_objs" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_expires.la" + libname="libmod_proxy_http.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_headers... " >&6; } - # Check whether --enable-headers was given. -if test "${enable_headers+set}" = set; then : - enableval=$enable_headers; force_headers=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_fcgi" >&5 +$as_echo_n "checking whether to enable mod_proxy_fcgi... " >&6; } + # Check whether --enable-proxy-fcgi was given. +if test "${enable_proxy_fcgi+set}" = set; then : + enableval=$enable_proxy_fcgi; force_proxy_fcgi=$enableval else - enable_headers=yes + enable_proxy_fcgi=$proxy_mods_enable fi _apmod_extra_msg="" - case "$enable_headers" in + case "$enable_proxy_fcgi" in yes|static|shared) _apmod_required="yes" ;; @@ -21360,80 +22230,101 @@ fi ;; esac esac - if test "$enable_headers" = "static"; then - enable_headers=static - elif test "$enable_headers" = "yes"; then - enable_headers=$module_default - elif test "$enable_headers" = "most"; then + if test "$enable_proxy_fcgi" = "static"; then + enable_proxy_fcgi=static + elif test "$enable_proxy_fcgi" = "yes"; then + enable_proxy_fcgi=$module_default + elif test "$enable_proxy_fcgi" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_headers=$module_default + enable_proxy_fcgi=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_headers=no + enable_proxy_fcgi=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_headers" = "maybe-all"; then + elif test "$enable_proxy_fcgi" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_headers=$module_default + enable_proxy_fcgi=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_headers=no + enable_proxy_fcgi=no fi - elif test "$enable_headers" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_headers" != "no" ; then - enable_headers=$module_default + elif test "$enable_proxy_fcgi" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_proxy_fcgi" != "no" ; then + enable_proxy_fcgi=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_headers" != "no"; then + if test "$enable_proxy_fcgi" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 +$as_echo "checking dependencies" >&6; } + if test "$enable_proxy" = "no" ; then + enable_proxy_fcgi=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_fcgi\"" >&5 +$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_fcgi\"" >&2;} + elif test "$enable_proxy_fcgi" = "static" && test "$enable_proxy" != "static" ; then + enable_proxy_fcgi=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_fcgi statically if mod_proxy is built shared\"" >&5 +$as_echo "$as_me: WARNING: \"cannot build mod_proxy_fcgi statically if mod_proxy is built shared\"" >&2;} + else : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_fcgi" >&5 +$as_echo_n "checking whether to enable mod_proxy_fcgi... " >&6; } + if test "$enable_proxy_fcgi" = "no"; then + if test "$_apmod_required" = "no"; then + _apmod_extra_msg=" (disabled)" + else + as_fn_error $? "mod_proxy_fcgi has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + fi + fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_headers$_apmod_extra_msg" >&5 -$as_echo "$enable_headers$_apmod_extra_msg" >&6; } - if test "$enable_headers" != "no"; then - case "$enable_headers" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_fcgi$_apmod_extra_msg" >&5 +$as_echo "$enable_proxy_fcgi$_apmod_extra_msg" >&6; } + if test "$enable_proxy_fcgi" != "no"; then + case "$enable_proxy_fcgi" in static*) - MODLIST="$MODLIST headers" - if test "headers" = "so"; then + MODLIST="$MODLIST proxy_fcgi" + if test "proxy_fcgi" = "so"; then sharedobjs=yes fi shared="";; *) - enable_headers=`echo $enable_headers|sed 's/shared,*//'` + enable_proxy_fcgi=`echo $enable_proxy_fcgi|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES headers" - if test "yes" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},headers" + DSO_MODULES="$DSO_MODULES proxy_fcgi" + if test "$proxy_mods_enable" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_fcgi" fi ;; esac - if test -z ""; then - objects="mod_headers.lo" + if test -z "$proxy_fcgi_objs"; then + objects="mod_proxy_fcgi.lo" else - objects="" + objects="$proxy_fcgi_objs" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_headers.la" + libname="libmod_proxy_fcgi.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_ident... " >&6; } - # Check whether --enable-ident was given. -if test "${enable_ident+set}" = set; then : - enableval=$enable_ident; force_ident=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_scgi" >&5 +$as_echo_n "checking whether to enable mod_proxy_scgi... " >&6; } + # Check whether --enable-proxy-scgi was given. +if test "${enable_proxy_scgi+set}" = set; then : + enableval=$enable_proxy_scgi; force_proxy_scgi=$enableval else - enable_ident=no + enable_proxy_scgi=$proxy_mods_enable fi _apmod_extra_msg="" - case "$enable_ident" in + case "$enable_proxy_scgi" in yes|static|shared) _apmod_required="yes" ;; @@ -21494,80 +22385,101 @@ fi ;; esac esac - if test "$enable_ident" = "static"; then - enable_ident=static - elif test "$enable_ident" = "yes"; then - enable_ident=$module_default - elif test "$enable_ident" = "most"; then + if test "$enable_proxy_scgi" = "static"; then + enable_proxy_scgi=static + elif test "$enable_proxy_scgi" = "yes"; then + enable_proxy_scgi=$module_default + elif test "$enable_proxy_scgi" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_ident=$module_default + enable_proxy_scgi=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_ident=no + enable_proxy_scgi=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_ident" = "maybe-all"; then + elif test "$enable_proxy_scgi" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_ident=$module_default + enable_proxy_scgi=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_ident=no + enable_proxy_scgi=no fi - elif test "$enable_ident" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_ident" != "no" ; then - enable_ident=$module_default + elif test "$enable_proxy_scgi" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_proxy_scgi" != "no" ; then + enable_proxy_scgi=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_ident" != "no"; then + if test "$enable_proxy_scgi" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 +$as_echo "checking dependencies" >&6; } + if test "$enable_proxy" = "no" ; then + enable_proxy_scgi=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_scgi\"" >&5 +$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_scgi\"" >&2;} + elif test "$enable_proxy_scgi" = "static" && test "$enable_proxy" != "static" ; then + enable_proxy_scgi=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_scgi statically if mod_proxy is built shared\"" >&5 +$as_echo "$as_me: WARNING: \"cannot build mod_proxy_scgi statically if mod_proxy is built shared\"" >&2;} + else : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_scgi" >&5 +$as_echo_n "checking whether to enable mod_proxy_scgi... " >&6; } + if test "$enable_proxy_scgi" = "no"; then + if test "$_apmod_required" = "no"; then + _apmod_extra_msg=" (disabled)" + else + as_fn_error $? "mod_proxy_scgi has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + fi + fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_ident$_apmod_extra_msg" >&5 -$as_echo "$enable_ident$_apmod_extra_msg" >&6; } - if test "$enable_ident" != "no"; then - case "$enable_ident" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_scgi$_apmod_extra_msg" >&5 +$as_echo "$enable_proxy_scgi$_apmod_extra_msg" >&6; } + if test "$enable_proxy_scgi" != "no"; then + case "$enable_proxy_scgi" in static*) - MODLIST="$MODLIST ident" - if test "ident" = "so"; then + MODLIST="$MODLIST proxy_scgi" + if test "proxy_scgi" = "so"; then sharedobjs=yes fi shared="";; *) - enable_ident=`echo $enable_ident|sed 's/shared,*//'` + enable_proxy_scgi=`echo $enable_proxy_scgi|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES ident" - if test "no" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},ident" + DSO_MODULES="$DSO_MODULES proxy_scgi" + if test "$proxy_mods_enable" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_scgi" fi ;; esac - if test -z ""; then - objects="mod_ident.lo" + if test -z "$proxy_scgi_objs"; then + objects="mod_proxy_scgi.lo" else - objects="" + objects="$proxy_scgi_objs" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_ident.la" + libname="libmod_proxy_scgi.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_usertrack... " >&6; } - # Check whether --enable-usertrack was given. -if test "${enable_usertrack+set}" = set; then : - enableval=$enable_usertrack; force_usertrack=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_fdpass" >&5 +$as_echo_n "checking whether to enable mod_proxy_fdpass... " >&6; } + # Check whether --enable-proxy-fdpass was given. +if test "${enable_proxy_fdpass+set}" = set; then : + enableval=$enable_proxy_fdpass; force_proxy_fdpass=$enableval else - enable_usertrack=maybe-all + enable_proxy_fdpass=maybe-all fi _apmod_extra_msg="" - case "$enable_usertrack" in + case "$enable_proxy_fdpass" in yes|static|shared) _apmod_required="yes" ;; @@ -21629,117 +22540,116 @@ fi ;; esac esac - if test "$enable_usertrack" = "static"; then - enable_usertrack=static - elif test "$enable_usertrack" = "yes"; then - enable_usertrack=$module_default - elif test "$enable_usertrack" = "most"; then + if test "$enable_proxy_fdpass" = "static"; then + enable_proxy_fdpass=static + elif test "$enable_proxy_fdpass" = "yes"; then + enable_proxy_fdpass=$module_default + elif test "$enable_proxy_fdpass" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_usertrack=$module_default + enable_proxy_fdpass=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_usertrack=no + enable_proxy_fdpass=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_usertrack" = "maybe-all"; then + elif test "$enable_proxy_fdpass" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_usertrack=$module_default + enable_proxy_fdpass=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_usertrack=no + enable_proxy_fdpass=no fi - elif test "$enable_usertrack" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_usertrack" != "no" ; then - enable_usertrack=$module_default + elif test "$enable_proxy_fdpass" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_proxy_fdpass" != "no" ; then + enable_proxy_fdpass=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_usertrack" != "no"; then + if test "$enable_proxy_fdpass" != "no"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 $as_echo "checking dependencies" >&6; } - : - - for ac_header in sys/times.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "sys/times.h" "ac_cv_header_sys_times_h" "$ac_includes_default" -if test "x$ac_cv_header_sys_times_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SYS_TIMES_H 1 -_ACEOF - -fi + if test "$enable_proxy" = "no" ; then + enable_proxy_fdpass=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_fdpass\"" >&5 +$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_fdpass\"" >&2;} + elif test "$enable_proxy_fdpass" = "static" && test "$enable_proxy" != "static" ; then + enable_proxy_fdpass=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_fdpass statically if mod_proxy is built shared\"" >&5 +$as_echo "$as_me: WARNING: \"cannot build mod_proxy_fdpass statically if mod_proxy is built shared\"" >&2;} + else -done + ac_fn_c_check_decl "$LINENO" "CMSG_DATA" "ac_cv_have_decl_CMSG_DATA" " + #include + #include - for ac_func in times -do : - ac_fn_c_check_func "$LINENO" "times" "ac_cv_func_times" -if test "x$ac_cv_func_times" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_TIMES 1 -_ACEOF +" +if test "x$ac_cv_have_decl_CMSG_DATA" = xyes; then : fi -done + if test $ac_cv_have_decl_CMSG_DATA = "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your system does not support CMSG_DATA." >&5 +$as_echo "$as_me: WARNING: Your system does not support CMSG_DATA." >&2;} + enable_proxy_fdpass=no + fi - : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_usertrack" >&5 -$as_echo_n "checking whether to enable mod_usertrack... " >&6; } - if test "$enable_usertrack" = "no"; then + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_fdpass" >&5 +$as_echo_n "checking whether to enable mod_proxy_fdpass... " >&6; } + if test "$enable_proxy_fdpass" = "no"; then if test "$_apmod_required" = "no"; then _apmod_extra_msg=" (disabled)" else - as_fn_error $? "mod_usertrack has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + as_fn_error $? "mod_proxy_fdpass has been requested but can not be built due to prerequisite failures" "$LINENO" 5 fi fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_usertrack$_apmod_extra_msg" >&5 -$as_echo "$enable_usertrack$_apmod_extra_msg" >&6; } - if test "$enable_usertrack" != "no"; then - case "$enable_usertrack" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_fdpass$_apmod_extra_msg" >&5 +$as_echo "$enable_proxy_fdpass$_apmod_extra_msg" >&6; } + if test "$enable_proxy_fdpass" != "no"; then + case "$enable_proxy_fdpass" in static*) - MODLIST="$MODLIST usertrack" - if test "usertrack" = "so"; then + MODLIST="$MODLIST proxy_fdpass" + if test "proxy_fdpass" = "so"; then sharedobjs=yes fi shared="";; *) - enable_usertrack=`echo $enable_usertrack|sed 's/shared,*//'` + enable_proxy_fdpass=`echo $enable_proxy_fdpass|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES usertrack" + DSO_MODULES="$DSO_MODULES proxy_fdpass" if test "" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},usertrack" + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_fdpass" fi ;; esac - if test -z ""; then - objects="mod_usertrack.lo" + if test -z "$proxy_fdpass_objs"; then + objects="mod_proxy_fdpass.lo" else - objects="" + objects="$proxy_fdpass_objs" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_usertrack.la" + libname="libmod_proxy_fdpass.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_unique_id... " >&6; } - # Check whether --enable-unique-id was given. -if test "${enable_unique_id+set}" = set; then : - enableval=$enable_unique_id; force_unique_id=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_wstunnel" >&5 +$as_echo_n "checking whether to enable mod_proxy_wstunnel... " >&6; } + # Check whether --enable-proxy-wstunnel was given. +if test "${enable_proxy_wstunnel+set}" = set; then : + enableval=$enable_proxy_wstunnel; force_proxy_wstunnel=$enableval else - enable_unique_id=most + enable_proxy_wstunnel=$proxy_mods_enable fi _apmod_extra_msg="" - case "$enable_unique_id" in + case "$enable_proxy_wstunnel" in yes|static|shared) _apmod_required="yes" ;; @@ -21801,80 +22710,101 @@ fi ;; esac esac - if test "$enable_unique_id" = "static"; then - enable_unique_id=static - elif test "$enable_unique_id" = "yes"; then - enable_unique_id=$module_default - elif test "$enable_unique_id" = "most"; then + if test "$enable_proxy_wstunnel" = "static"; then + enable_proxy_wstunnel=static + elif test "$enable_proxy_wstunnel" = "yes"; then + enable_proxy_wstunnel=$module_default + elif test "$enable_proxy_wstunnel" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_unique_id=$module_default + enable_proxy_wstunnel=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_unique_id=no + enable_proxy_wstunnel=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_unique_id" = "maybe-all"; then + elif test "$enable_proxy_wstunnel" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_unique_id=$module_default + enable_proxy_wstunnel=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_unique_id=no + enable_proxy_wstunnel=no fi - elif test "$enable_unique_id" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_unique_id" != "no" ; then - enable_unique_id=$module_default + elif test "$enable_proxy_wstunnel" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_proxy_wstunnel" != "no" ; then + enable_proxy_wstunnel=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_unique_id" != "no"; then + if test "$enable_proxy_wstunnel" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 +$as_echo "checking dependencies" >&6; } + if test "$enable_proxy" = "no" ; then + enable_proxy_wstunnel=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_wstunnel\"" >&5 +$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_wstunnel\"" >&2;} + elif test "$enable_proxy_wstunnel" = "static" && test "$enable_proxy" != "static" ; then + enable_proxy_wstunnel=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_wstunnel statically if mod_proxy is built shared\"" >&5 +$as_echo "$as_me: WARNING: \"cannot build mod_proxy_wstunnel statically if mod_proxy is built shared\"" >&2;} + else : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_wstunnel" >&5 +$as_echo_n "checking whether to enable mod_proxy_wstunnel... " >&6; } + if test "$enable_proxy_wstunnel" = "no"; then + if test "$_apmod_required" = "no"; then + _apmod_extra_msg=" (disabled)" + else + as_fn_error $? "mod_proxy_wstunnel has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + fi + fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_unique_id$_apmod_extra_msg" >&5 -$as_echo "$enable_unique_id$_apmod_extra_msg" >&6; } - if test "$enable_unique_id" != "no"; then - case "$enable_unique_id" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_wstunnel$_apmod_extra_msg" >&5 +$as_echo "$enable_proxy_wstunnel$_apmod_extra_msg" >&6; } + if test "$enable_proxy_wstunnel" != "no"; then + case "$enable_proxy_wstunnel" in static*) - MODLIST="$MODLIST unique_id" - if test "unique_id" = "so"; then + MODLIST="$MODLIST proxy_wstunnel" + if test "proxy_wstunnel" = "so"; then sharedobjs=yes fi shared="";; *) - enable_unique_id=`echo $enable_unique_id|sed 's/shared,*//'` + enable_proxy_wstunnel=`echo $enable_proxy_wstunnel|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES unique_id" - if test "most" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},unique_id" + DSO_MODULES="$DSO_MODULES proxy_wstunnel" + if test "$proxy_mods_enable" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_wstunnel" fi ;; esac - if test -z ""; then - objects="mod_unique_id.lo" + if test -z "$proxy_wstunnel_objs"; then + objects="mod_proxy_wstunnel.lo" else - objects="" + objects="$proxy_wstunnel_objs" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_unique_id.la" + libname="libmod_proxy_wstunnel.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_setenvif... " >&6; } - # Check whether --enable-setenvif was given. -if test "${enable_setenvif+set}" = set; then : - enableval=$enable_setenvif; force_setenvif=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_ajp" >&5 +$as_echo_n "checking whether to enable mod_proxy_ajp... " >&6; } + # Check whether --enable-proxy-ajp was given. +if test "${enable_proxy_ajp+set}" = set; then : + enableval=$enable_proxy_ajp; force_proxy_ajp=$enableval else - enable_setenvif=yes + enable_proxy_ajp=$proxy_mods_enable fi _apmod_extra_msg="" - case "$enable_setenvif" in + case "$enable_proxy_ajp" in yes|static|shared) _apmod_required="yes" ;; @@ -21933,82 +22863,103 @@ fi *) _apmod_required="yes" ;; - esac - esac - if test "$enable_setenvif" = "static"; then - enable_setenvif=static - elif test "$enable_setenvif" = "yes"; then - enable_setenvif=$module_default - elif test "$enable_setenvif" = "most"; then + esac + esac + if test "$enable_proxy_ajp" = "static"; then + enable_proxy_ajp=static + elif test "$enable_proxy_ajp" = "yes"; then + enable_proxy_ajp=$module_default + elif test "$enable_proxy_ajp" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_setenvif=$module_default + enable_proxy_ajp=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_setenvif=no + enable_proxy_ajp=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_setenvif" = "maybe-all"; then + elif test "$enable_proxy_ajp" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_setenvif=$module_default + enable_proxy_ajp=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_setenvif=no + enable_proxy_ajp=no fi - elif test "$enable_setenvif" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_setenvif" != "no" ; then - enable_setenvif=$module_default + elif test "$enable_proxy_ajp" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_proxy_ajp" != "no" ; then + enable_proxy_ajp=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_setenvif" != "no"; then + if test "$enable_proxy_ajp" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 +$as_echo "checking dependencies" >&6; } + if test "$enable_proxy" = "no" ; then + enable_proxy_ajp=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_ajp\"" >&5 +$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_ajp\"" >&2;} + elif test "$enable_proxy_ajp" = "static" && test "$enable_proxy" != "static" ; then + enable_proxy_ajp=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_ajp statically if mod_proxy is built shared\"" >&5 +$as_echo "$as_me: WARNING: \"cannot build mod_proxy_ajp statically if mod_proxy is built shared\"" >&2;} + else : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_ajp" >&5 +$as_echo_n "checking whether to enable mod_proxy_ajp... " >&6; } + if test "$enable_proxy_ajp" = "no"; then + if test "$_apmod_required" = "no"; then + _apmod_extra_msg=" (disabled)" + else + as_fn_error $? "mod_proxy_ajp has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + fi + fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_setenvif$_apmod_extra_msg" >&5 -$as_echo "$enable_setenvif$_apmod_extra_msg" >&6; } - if test "$enable_setenvif" != "no"; then - case "$enable_setenvif" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_ajp$_apmod_extra_msg" >&5 +$as_echo "$enable_proxy_ajp$_apmod_extra_msg" >&6; } + if test "$enable_proxy_ajp" != "no"; then + case "$enable_proxy_ajp" in static*) - MODLIST="$MODLIST setenvif" - if test "setenvif" = "so"; then + MODLIST="$MODLIST proxy_ajp" + if test "proxy_ajp" = "so"; then sharedobjs=yes fi shared="";; *) - enable_setenvif=`echo $enable_setenvif|sed 's/shared,*//'` + enable_proxy_ajp=`echo $enable_proxy_ajp|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES setenvif" - if test "yes" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},setenvif" + DSO_MODULES="$DSO_MODULES proxy_ajp" + if test "$proxy_mods_enable" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_ajp" fi ;; esac - if test -z ""; then - objects="mod_setenvif.lo" + if test -z "$proxy_ajp_objs"; then + objects="mod_proxy_ajp.lo" else - objects="" + objects="$proxy_ajp_objs" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_setenvif.la" + libname="libmod_proxy_ajp.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_version... " >&6; } - # Check whether --enable-version was given. -if test "${enable_version+set}" = set; then : - enableval=$enable_version; force_version=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_balancer" >&5 +$as_echo_n "checking whether to enable mod_proxy_balancer... " >&6; } + # Check whether --enable-proxy-balancer was given. +if test "${enable_proxy_balancer+set}" = set; then : + enableval=$enable_proxy_balancer; force_proxy_balancer=$enableval else - enable_version=yes + enable_proxy_balancer=$proxy_mods_enable fi _apmod_extra_msg="" - case "$enable_version" in + case "$enable_proxy_balancer" in yes|static|shared) _apmod_required="yes" ;; @@ -22069,80 +23020,101 @@ fi ;; esac esac - if test "$enable_version" = "static"; then - enable_version=static - elif test "$enable_version" = "yes"; then - enable_version=$module_default - elif test "$enable_version" = "most"; then + if test "$enable_proxy_balancer" = "static"; then + enable_proxy_balancer=static + elif test "$enable_proxy_balancer" = "yes"; then + enable_proxy_balancer=$module_default + elif test "$enable_proxy_balancer" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_version=$module_default + enable_proxy_balancer=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_version=no + enable_proxy_balancer=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_version" = "maybe-all"; then + elif test "$enable_proxy_balancer" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_version=$module_default + enable_proxy_balancer=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_version=no + enable_proxy_balancer=no fi - elif test "$enable_version" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_version" != "no" ; then - enable_version=$module_default + elif test "$enable_proxy_balancer" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_proxy_balancer" != "no" ; then + enable_proxy_balancer=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_version" != "no"; then + if test "$enable_proxy_balancer" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 +$as_echo "checking dependencies" >&6; } + if test "$enable_proxy" = "no" ; then + enable_proxy_balancer=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_balancer\"" >&5 +$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_balancer\"" >&2;} + elif test "$enable_proxy_balancer" = "static" && test "$enable_proxy" != "static" ; then + enable_proxy_balancer=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_balancer statically if mod_proxy is built shared\"" >&5 +$as_echo "$as_me: WARNING: \"cannot build mod_proxy_balancer statically if mod_proxy is built shared\"" >&2;} + else : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_balancer" >&5 +$as_echo_n "checking whether to enable mod_proxy_balancer... " >&6; } + if test "$enable_proxy_balancer" = "no"; then + if test "$_apmod_required" = "no"; then + _apmod_extra_msg=" (disabled)" + else + as_fn_error $? "mod_proxy_balancer has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + fi + fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_version$_apmod_extra_msg" >&5 -$as_echo "$enable_version$_apmod_extra_msg" >&6; } - if test "$enable_version" != "no"; then - case "$enable_version" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_balancer$_apmod_extra_msg" >&5 +$as_echo "$enable_proxy_balancer$_apmod_extra_msg" >&6; } + if test "$enable_proxy_balancer" != "no"; then + case "$enable_proxy_balancer" in static*) - MODLIST="$MODLIST version" - if test "version" = "so"; then + MODLIST="$MODLIST proxy_balancer" + if test "proxy_balancer" = "so"; then sharedobjs=yes fi shared="";; *) - enable_version=`echo $enable_version|sed 's/shared,*//'` + enable_proxy_balancer=`echo $enable_proxy_balancer|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES version" - if test "yes" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},version" + DSO_MODULES="$DSO_MODULES proxy_balancer" + if test "$proxy_mods_enable" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_balancer" fi ;; esac - if test -z ""; then - objects="mod_version.lo" + if test -z "$proxy_balancer_objs"; then + objects="mod_proxy_balancer.lo" else - objects="" + objects="$proxy_balancer_objs" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_version.la" + libname="libmod_proxy_balancer.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_remoteip... " >&6; } - # Check whether --enable-remoteip was given. -if test "${enable_remoteip+set}" = set; then : - enableval=$enable_remoteip; force_remoteip=$enableval + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_express" >&5 +$as_echo_n "checking whether to enable mod_proxy_express... " >&6; } + # Check whether --enable-proxy-express was given. +if test "${enable_proxy_express+set}" = set; then : + enableval=$enable_proxy_express; force_proxy_express=$enableval else - enable_remoteip=most + enable_proxy_express=$proxy_mods_enable fi _apmod_extra_msg="" - case "$enable_remoteip" in + case "$enable_proxy_express" in yes|static|shared) _apmod_required="yes" ;; @@ -22203,59 +23176,80 @@ fi ;; esac esac - if test "$enable_remoteip" = "static"; then - enable_remoteip=static - elif test "$enable_remoteip" = "yes"; then - enable_remoteip=$module_default - elif test "$enable_remoteip" = "most"; then + if test "$enable_proxy_express" = "static"; then + enable_proxy_express=static + elif test "$enable_proxy_express" = "yes"; then + enable_proxy_express=$module_default + elif test "$enable_proxy_express" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_remoteip=$module_default + enable_proxy_express=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_remoteip=no + enable_proxy_express=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_remoteip" = "maybe-all"; then + elif test "$enable_proxy_express" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_remoteip=$module_default + enable_proxy_express=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_remoteip=no + enable_proxy_express=no fi - elif test "$enable_remoteip" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_remoteip" != "no" ; then - enable_remoteip=$module_default + elif test "$enable_proxy_express" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_proxy_express" != "no" ; then + enable_proxy_express=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_remoteip" != "no"; then + if test "$enable_proxy_express" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 +$as_echo "checking dependencies" >&6; } + if test "$enable_proxy" = "no" ; then + enable_proxy_express=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_express\"" >&5 +$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_express\"" >&2;} + elif test "$enable_proxy_express" = "static" && test "$enable_proxy" != "static" ; then + enable_proxy_express=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_express statically if mod_proxy is built shared\"" >&5 +$as_echo "$as_me: WARNING: \"cannot build mod_proxy_express statically if mod_proxy is built shared\"" >&2;} + else : + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_express" >&5 +$as_echo_n "checking whether to enable mod_proxy_express... " >&6; } + if test "$enable_proxy_express" = "no"; then + if test "$_apmod_required" = "no"; then + _apmod_extra_msg=" (disabled)" + else + as_fn_error $? "mod_proxy_express has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + fi + fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_remoteip$_apmod_extra_msg" >&5 -$as_echo "$enable_remoteip$_apmod_extra_msg" >&6; } - if test "$enable_remoteip" != "no"; then - case "$enable_remoteip" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_express$_apmod_extra_msg" >&5 +$as_echo "$enable_proxy_express$_apmod_extra_msg" >&6; } + if test "$enable_proxy_express" != "no"; then + case "$enable_proxy_express" in static*) - MODLIST="$MODLIST remoteip" - if test "remoteip" = "so"; then + MODLIST="$MODLIST proxy_express" + if test "proxy_express" = "so"; then sharedobjs=yes fi shared="";; *) - enable_remoteip=`echo $enable_remoteip|sed 's/shared,*//'` + enable_proxy_express=`echo $enable_proxy_express|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES remoteip" - if test "most" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},remoteip" + DSO_MODULES="$DSO_MODULES proxy_express" + if test "$proxy_mods_enable" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_express" fi ;; esac if test -z ""; then - objects="mod_remoteip.lo" + objects="mod_proxy_express.lo" else objects="" fi @@ -22263,20 +23257,20 @@ $as_echo "$enable_remoteip$_apmod_extra_msg" >&6; } if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_remoteip.la" + libname="libmod_proxy_express.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk< $modpath_current/modules.mk -if test "$enable_proxy" = "shared"; then - proxy_mods_enable=shared -elif test "$enable_proxy" = "yes"; then - proxy_mods_enable=yes -else - proxy_mods_enable=most -fi +session_cookie_objects='mod_session_cookie.lo' +session_crypto_objects='mod_session_crypto.lo' +session_dbd_objects='mod_session_dbd.lo' -proxy_objs="mod_proxy.lo proxy_util.lo" +case "$host" in + *os2*) + # OS/2 DLLs must resolve all symbols at build time + # and we need some from main session module + session_cookie_objects="$session_cookie_objects mod_session.la" + session_crypto_objects="$session_crypto_objects mod_session.la" + session_dbd_objects="$session_dbd_objects mod_session.la" + ;; +esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy" >&5 -$as_echo_n "checking whether to enable mod_proxy... " >&6; } - # Check whether --enable-proxy was given. -if test "${enable_proxy+set}" = set; then : - enableval=$enable_proxy; force_proxy=$enableval + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_session" >&5 +$as_echo_n "checking whether to enable mod_session... " >&6; } + # Check whether --enable-session was given. +if test "${enable_session+set}" = set; then : + enableval=$enable_session; force_session=$enableval else - enable_proxy=$proxy_mods_enable + enable_session=most fi _apmod_extra_msg="" - case "$enable_proxy" in + case "$enable_session" in yes|static|shared) _apmod_required="yes" ;; @@ -22379,80 +23409,80 @@ fi ;; esac esac - if test "$enable_proxy" = "static"; then - enable_proxy=static - elif test "$enable_proxy" = "yes"; then - enable_proxy=$module_default - elif test "$enable_proxy" = "most"; then + if test "$enable_session" = "static"; then + enable_session=static + elif test "$enable_session" = "yes"; then + enable_session=$module_default + elif test "$enable_session" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_proxy=$module_default + enable_session=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_proxy=no + enable_session=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_proxy" = "maybe-all"; then + elif test "$enable_session" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_proxy=$module_default + enable_session=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_proxy=no + enable_session=no fi - elif test "$enable_proxy" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_proxy" != "no" ; then - enable_proxy=$module_default + elif test "$enable_session" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_session" != "no" ; then + enable_session=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_proxy" != "no"; then + if test "$enable_session" != "no"; then : fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy$_apmod_extra_msg" >&5 -$as_echo "$enable_proxy$_apmod_extra_msg" >&6; } - if test "$enable_proxy" != "no"; then - case "$enable_proxy" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_session$_apmod_extra_msg" >&5 +$as_echo "$enable_session$_apmod_extra_msg" >&6; } + if test "$enable_session" != "no"; then + case "$enable_session" in static*) - MODLIST="$MODLIST proxy" - if test "proxy" = "so"; then + MODLIST="$MODLIST session" + if test "session" = "so"; then sharedobjs=yes fi shared="";; *) - enable_proxy=`echo $enable_proxy|sed 's/shared,*//'` + enable_session=`echo $enable_session|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES proxy" - if test "$proxy_mods_enable" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy" + DSO_MODULES="$DSO_MODULES session" + if test "most" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},session" fi ;; esac - if test -z "$proxy_objs"; then - objects="mod_proxy.lo" + if test -z ""; then + objects="mod_session.lo" else - objects="$proxy_objs" + objects="" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_proxy.la" + libname="libmod_session.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_proxy_connect... " >&6; } - # Check whether --enable-proxy-connect was given. -if test "${enable_proxy_connect+set}" = set; then : - enableval=$enable_proxy_connect; force_proxy_connect=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_session_cookie" >&5 +$as_echo_n "checking whether to enable mod_session_cookie... " >&6; } + # Check whether --enable-session-cookie was given. +if test "${enable_session_cookie+set}" = set; then : + enableval=$enable_session_cookie; force_session_cookie=$enableval else - enable_proxy_connect=$proxy_mods_enable + enable_session_cookie=$session_mods_enable fi _apmod_extra_msg="" - case "$enable_proxy_connect" in + case "$enable_session_cookie" in yes|static|shared) _apmod_required="yes" ;; @@ -22540,101 +23543,101 @@ fi ;; esac esac - if test "$enable_proxy_connect" = "static"; then - enable_proxy_connect=static - elif test "$enable_proxy_connect" = "yes"; then - enable_proxy_connect=$module_default - elif test "$enable_proxy_connect" = "most"; then + if test "$enable_session_cookie" = "static"; then + enable_session_cookie=static + elif test "$enable_session_cookie" = "yes"; then + enable_session_cookie=$module_default + elif test "$enable_session_cookie" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_proxy_connect=$module_default + enable_session_cookie=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_proxy_connect=no + enable_session_cookie=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_proxy_connect" = "maybe-all"; then + elif test "$enable_session_cookie" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_proxy_connect=$module_default + enable_session_cookie=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_proxy_connect=no + enable_session_cookie=no fi - elif test "$enable_proxy_connect" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_proxy_connect" != "no" ; then - enable_proxy_connect=$module_default + elif test "$enable_session_cookie" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_session_cookie" != "no" ; then + enable_session_cookie=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_proxy_connect" != "no"; then + if test "$enable_session_cookie" != "no"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 $as_echo "checking dependencies" >&6; } - if test "$enable_proxy" = "no" ; then - enable_proxy_connect=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_connect\"" >&5 -$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_connect\"" >&2;} - elif test "$enable_proxy_connect" = "static" && test "$enable_proxy" != "static" ; then - enable_proxy_connect=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_connect statically if mod_proxy is built shared\"" >&5 -$as_echo "$as_me: WARNING: \"cannot build mod_proxy_connect statically if mod_proxy is built shared\"" >&2;} + if test "$enable_session" = "no" ; then + enable_session_cookie=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_session is disabled but required for mod_session_cookie\"" >&5 +$as_echo "$as_me: WARNING: \"mod_session is disabled but required for mod_session_cookie\"" >&2;} + elif test "$enable_session_cookie" = "static" && test "$enable_session" != "static" ; then + enable_session_cookie=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_session_cookie statically if mod_session is built shared\"" >&5 +$as_echo "$as_me: WARNING: \"cannot build mod_session_cookie statically if mod_session is built shared\"" >&2;} else : fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_connect" >&5 -$as_echo_n "checking whether to enable mod_proxy_connect... " >&6; } - if test "$enable_proxy_connect" = "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_session_cookie" >&5 +$as_echo_n "checking whether to enable mod_session_cookie... " >&6; } + if test "$enable_session_cookie" = "no"; then if test "$_apmod_required" = "no"; then _apmod_extra_msg=" (disabled)" else - as_fn_error $? "mod_proxy_connect has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + as_fn_error $? "mod_session_cookie has been requested but can not be built due to prerequisite failures" "$LINENO" 5 fi fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_connect$_apmod_extra_msg" >&5 -$as_echo "$enable_proxy_connect$_apmod_extra_msg" >&6; } - if test "$enable_proxy_connect" != "no"; then - case "$enable_proxy_connect" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_session_cookie$_apmod_extra_msg" >&5 +$as_echo "$enable_session_cookie$_apmod_extra_msg" >&6; } + if test "$enable_session_cookie" != "no"; then + case "$enable_session_cookie" in static*) - MODLIST="$MODLIST proxy_connect" - if test "proxy_connect" = "so"; then + MODLIST="$MODLIST session_cookie" + if test "session_cookie" = "so"; then sharedobjs=yes fi shared="";; *) - enable_proxy_connect=`echo $enable_proxy_connect|sed 's/shared,*//'` + enable_session_cookie=`echo $enable_session_cookie|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES proxy_connect" - if test "$proxy_mods_enable" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_connect" + DSO_MODULES="$DSO_MODULES session_cookie" + if test "$session_mods_enable" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},session_cookie" fi ;; esac - if test -z "$proxy_connect_objs"; then - objects="mod_proxy_connect.lo" + if test -z "$session_cookie_objects"; then + objects="mod_session_cookie.lo" else - objects="$proxy_connect_objs" + objects="$session_cookie_objects" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_proxy_connect.la" + libname="libmod_session_cookie.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_proxy_ftp... " >&6; } - # Check whether --enable-proxy-ftp was given. -if test "${enable_proxy_ftp+set}" = set; then : - enableval=$enable_proxy_ftp; force_proxy_ftp=$enableval +if test "$enable_session_crypto" != ""; then + session_mods_enable_crypto=$enable_session_crypto else - enable_proxy_ftp=$proxy_mods_enable + session_mods_enable_crypto=$session_mods_enable +fi +if test "$session_mods_enable_crypto" != "no"; then + saved_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $APR_INCLUDES $APU_INCLUDES" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + +#if APU_HAVE_CRYPTO == 0 +#error no crypto support +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ap_HAVE_APR_CRYPTO="yes" +else + ap_HAVE_APR_CRYPTO="no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CPPFLAGS="$saved_CPPFLAGS" + if test $ap_HAVE_APR_CRYPTO = "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your APR does not include SSL/EVP support. To enable it: configure --with-crypto" >&5 +$as_echo "$as_me: WARNING: Your APR does not include SSL/EVP support. To enable it: configure --with-crypto" >&2;} + if test "$enable_session_crypto" != "" -a "$enable_session_crypto" != "no"; then + as_fn_error $? "mod_session_crypto cannot be enabled" "$LINENO" 5 + fi + session_mods_enable_crypto="no" + fi +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_session_crypto" >&5 +$as_echo_n "checking whether to enable mod_session_crypto... " >&6; } + # Check whether --enable-session-crypto was given. +if test "${enable_session_crypto+set}" = set; then : + enableval=$enable_session_crypto; force_session_crypto=$enableval +else + enable_session_crypto=$session_mods_enable_crypto fi _apmod_extra_msg="" - case "$enable_proxy_ftp" in + case "$enable_session_crypto" in yes|static|shared) _apmod_required="yes" ;; @@ -22695,101 +23738,105 @@ fi ;; esac esac - if test "$enable_proxy_ftp" = "static"; then - enable_proxy_ftp=static - elif test "$enable_proxy_ftp" = "yes"; then - enable_proxy_ftp=$module_default - elif test "$enable_proxy_ftp" = "most"; then + if test "$enable_session_crypto" = "static"; then + enable_session_crypto=static + elif test "$enable_session_crypto" = "yes"; then + enable_session_crypto=$module_default + elif test "$enable_session_crypto" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_proxy_ftp=$module_default + enable_session_crypto=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_proxy_ftp=no + enable_session_crypto=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_proxy_ftp" = "maybe-all"; then + elif test "$enable_session_crypto" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_proxy_ftp=$module_default + enable_session_crypto=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_proxy_ftp=no + enable_session_crypto=no fi - elif test "$enable_proxy_ftp" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_proxy_ftp" != "no" ; then - enable_proxy_ftp=$module_default + elif test "$enable_session_crypto" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_session_crypto" != "no" ; then + enable_session_crypto=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_proxy_ftp" != "no"; then + if test "$enable_session_crypto" != "no"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 $as_echo "checking dependencies" >&6; } - if test "$enable_proxy" = "no" ; then - enable_proxy_ftp=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_ftp\"" >&5 -$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_ftp\"" >&2;} - elif test "$enable_proxy_ftp" = "static" && test "$enable_proxy" != "static" ; then - enable_proxy_ftp=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_ftp statically if mod_proxy is built shared\"" >&5 -$as_echo "$as_me: WARNING: \"cannot build mod_proxy_ftp statically if mod_proxy is built shared\"" >&2;} + if test "$enable_session" = "no" ; then + enable_session_crypto=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_session is disabled but required for mod_session_crypto\"" >&5 +$as_echo "$as_me: WARNING: \"mod_session is disabled but required for mod_session_crypto\"" >&2;} + elif test "$enable_session_crypto" = "static" && test "$enable_session" != "static" ; then + enable_session_crypto=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_session_crypto statically if mod_session is built shared\"" >&5 +$as_echo "$as_me: WARNING: \"cannot build mod_session_crypto statically if mod_session is built shared\"" >&2;} else - : + +if test "$session_mods_enable_crypto" = "no" ; then + enable_session_crypto=no +fi + fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_ftp" >&5 -$as_echo_n "checking whether to enable mod_proxy_ftp... " >&6; } - if test "$enable_proxy_ftp" = "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_session_crypto" >&5 +$as_echo_n "checking whether to enable mod_session_crypto... " >&6; } + if test "$enable_session_crypto" = "no"; then if test "$_apmod_required" = "no"; then _apmod_extra_msg=" (disabled)" else - as_fn_error $? "mod_proxy_ftp has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + as_fn_error $? "mod_session_crypto has been requested but can not be built due to prerequisite failures" "$LINENO" 5 fi fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_ftp$_apmod_extra_msg" >&5 -$as_echo "$enable_proxy_ftp$_apmod_extra_msg" >&6; } - if test "$enable_proxy_ftp" != "no"; then - case "$enable_proxy_ftp" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_session_crypto$_apmod_extra_msg" >&5 +$as_echo "$enable_session_crypto$_apmod_extra_msg" >&6; } + if test "$enable_session_crypto" != "no"; then + case "$enable_session_crypto" in static*) - MODLIST="$MODLIST proxy_ftp" - if test "proxy_ftp" = "so"; then + MODLIST="$MODLIST session_crypto" + if test "session_crypto" = "so"; then sharedobjs=yes fi shared="";; *) - enable_proxy_ftp=`echo $enable_proxy_ftp|sed 's/shared,*//'` + enable_session_crypto=`echo $enable_session_crypto|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES proxy_ftp" - if test "$proxy_mods_enable" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_ftp" + DSO_MODULES="$DSO_MODULES session_crypto" + if test "$session_mods_enable_crypto" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},session_crypto" fi ;; esac - if test -z "$proxy_ftp_objs"; then - objects="mod_proxy_ftp.lo" + if test -z "$session_crypto_objects"; then + objects="mod_session_crypto.lo" else - objects="$proxy_ftp_objs" + objects="$session_crypto_objects" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_proxy_ftp.la" + libname="libmod_session_crypto.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_proxy_http... " >&6; } - # Check whether --enable-proxy-http was given. -if test "${enable_proxy_http+set}" = set; then : - enableval=$enable_proxy_http; force_proxy_http=$enableval + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_session_dbd" >&5 +$as_echo_n "checking whether to enable mod_session_dbd... " >&6; } + # Check whether --enable-session-dbd was given. +if test "${enable_session_dbd+set}" = set; then : + enableval=$enable_session_dbd; force_session_dbd=$enableval else - enable_proxy_http=$proxy_mods_enable + enable_session_dbd=$session_mods_enable fi _apmod_extra_msg="" - case "$enable_proxy_http" in + case "$enable_session_dbd" in yes|static|shared) _apmod_required="yes" ;; @@ -22850,101 +23898,101 @@ fi ;; esac esac - if test "$enable_proxy_http" = "static"; then - enable_proxy_http=static - elif test "$enable_proxy_http" = "yes"; then - enable_proxy_http=$module_default - elif test "$enable_proxy_http" = "most"; then + if test "$enable_session_dbd" = "static"; then + enable_session_dbd=static + elif test "$enable_session_dbd" = "yes"; then + enable_session_dbd=$module_default + elif test "$enable_session_dbd" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_proxy_http=$module_default + enable_session_dbd=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_proxy_http=no + enable_session_dbd=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_proxy_http" = "maybe-all"; then + elif test "$enable_session_dbd" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_proxy_http=$module_default + enable_session_dbd=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_proxy_http=no + enable_session_dbd=no fi - elif test "$enable_proxy_http" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_proxy_http" != "no" ; then - enable_proxy_http=$module_default + elif test "$enable_session_dbd" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_session_dbd" != "no" ; then + enable_session_dbd=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_proxy_http" != "no"; then + if test "$enable_session_dbd" != "no"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 $as_echo "checking dependencies" >&6; } - if test "$enable_proxy" = "no" ; then - enable_proxy_http=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_http\"" >&5 -$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_http\"" >&2;} - elif test "$enable_proxy_http" = "static" && test "$enable_proxy" != "static" ; then - enable_proxy_http=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_http statically if mod_proxy is built shared\"" >&5 -$as_echo "$as_me: WARNING: \"cannot build mod_proxy_http statically if mod_proxy is built shared\"" >&2;} + if test "$enable_session" = "no" ; then + enable_session_dbd=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_session is disabled but required for mod_session_dbd\"" >&5 +$as_echo "$as_me: WARNING: \"mod_session is disabled but required for mod_session_dbd\"" >&2;} + elif test "$enable_session_dbd" = "static" && test "$enable_session" != "static" ; then + enable_session_dbd=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_session_dbd statically if mod_session is built shared\"" >&5 +$as_echo "$as_me: WARNING: \"cannot build mod_session_dbd statically if mod_session is built shared\"" >&2;} else : fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_http" >&5 -$as_echo_n "checking whether to enable mod_proxy_http... " >&6; } - if test "$enable_proxy_http" = "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_session_dbd" >&5 +$as_echo_n "checking whether to enable mod_session_dbd... " >&6; } + if test "$enable_session_dbd" = "no"; then if test "$_apmod_required" = "no"; then _apmod_extra_msg=" (disabled)" else - as_fn_error $? "mod_proxy_http has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + as_fn_error $? "mod_session_dbd has been requested but can not be built due to prerequisite failures" "$LINENO" 5 fi fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_http$_apmod_extra_msg" >&5 -$as_echo "$enable_proxy_http$_apmod_extra_msg" >&6; } - if test "$enable_proxy_http" != "no"; then - case "$enable_proxy_http" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_session_dbd$_apmod_extra_msg" >&5 +$as_echo "$enable_session_dbd$_apmod_extra_msg" >&6; } + if test "$enable_session_dbd" != "no"; then + case "$enable_session_dbd" in static*) - MODLIST="$MODLIST proxy_http" - if test "proxy_http" = "so"; then + MODLIST="$MODLIST session_dbd" + if test "session_dbd" = "so"; then sharedobjs=yes fi shared="";; *) - enable_proxy_http=`echo $enable_proxy_http|sed 's/shared,*//'` + enable_session_dbd=`echo $enable_session_dbd|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES proxy_http" - if test "$proxy_mods_enable" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_http" + DSO_MODULES="$DSO_MODULES session_dbd" + if test "$session_mods_enable" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},session_dbd" fi ;; esac - if test -z "$proxy_http_objs"; then - objects="mod_proxy_http.lo" + if test -z "$session_dbd_objects"; then + objects="mod_session_dbd.lo" else - objects="$proxy_http_objs" + objects="$session_dbd_objects" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_proxy_http.la" + libname="libmod_session_dbd.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_proxy_fcgi... " >&6; } - # Check whether --enable-proxy-fcgi was given. -if test "${enable_proxy_fcgi+set}" = set; then : - enableval=$enable_proxy_fcgi; force_proxy_fcgi=$enableval + + if test "x$INCLUDES" = "x"; then + test "x$silent" != "xyes" && echo " setting INCLUDES to \"-I\$(top_srcdir)/$modpath_current\"" + INCLUDES="-I\$(top_srcdir)/$modpath_current" + else + apr_addto_bugger="-I\$(top_srcdir)/$modpath_current" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $INCLUDES; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to INCLUDES" + INCLUDES="$INCLUDES $i" + fi + done + fi + + + + echo "DISTCLEAN_TARGETS = modules.mk" >> $modpath_current/modules.mk + echo "static = $modpath_static" >> $modpath_current/modules.mk + echo "shared = $modpath_shared" >> $modpath_current/modules.mk + for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do + if eval val=\"\$MOD_$var\"; test -n "$val"; then + echo "MOD_$var = $val" >> $modpath_current/modules.mk + fi + done + if test ! -z "$modpath_static" -o ! -z "$modpath_shared"; then + MODULE_DIRS="$MODULE_DIRS $current_dir" + else + MODULE_CLEANDIRS="$MODULE_CLEANDIRS $current_dir" + fi + + APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $modpath_current/Makefile" + + + + + + + + current_dir=slotmem + modpath_current=modules/slotmem + modpath_static= + modpath_shared= + for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do + eval MOD_$var= + done + test -d slotmem || $srcdir/build/mkdir.sh $modpath_current + > $modpath_current/modules.mk + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_slotmem_shm" >&5 +$as_echo_n "checking whether to enable mod_slotmem_shm... " >&6; } + # Check whether --enable-slotmem-shm was given. +if test "${enable_slotmem_shm+set}" = set; then : + enableval=$enable_slotmem_shm; force_slotmem_shm=$enableval else - enable_proxy_fcgi=$proxy_mods_enable + enable_slotmem_shm=most fi _apmod_extra_msg="" - case "$enable_proxy_fcgi" in + case "$enable_slotmem_shm" in yes|static|shared) _apmod_required="yes" ;; @@ -23005,101 +24110,80 @@ fi ;; esac esac - if test "$enable_proxy_fcgi" = "static"; then - enable_proxy_fcgi=static - elif test "$enable_proxy_fcgi" = "yes"; then - enable_proxy_fcgi=$module_default - elif test "$enable_proxy_fcgi" = "most"; then + if test "$enable_slotmem_shm" = "static"; then + enable_slotmem_shm=static + elif test "$enable_slotmem_shm" = "yes"; then + enable_slotmem_shm=$module_default + elif test "$enable_slotmem_shm" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_proxy_fcgi=$module_default + enable_slotmem_shm=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_proxy_fcgi=no + enable_slotmem_shm=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_proxy_fcgi" = "maybe-all"; then + elif test "$enable_slotmem_shm" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_proxy_fcgi=$module_default + enable_slotmem_shm=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_proxy_fcgi=no + enable_slotmem_shm=no fi - elif test "$enable_proxy_fcgi" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_proxy_fcgi" != "no" ; then - enable_proxy_fcgi=$module_default + elif test "$enable_slotmem_shm" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_slotmem_shm" != "no" ; then + enable_slotmem_shm=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_proxy_fcgi" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 -$as_echo "checking dependencies" >&6; } - if test "$enable_proxy" = "no" ; then - enable_proxy_fcgi=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_fcgi\"" >&5 -$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_fcgi\"" >&2;} - elif test "$enable_proxy_fcgi" = "static" && test "$enable_proxy" != "static" ; then - enable_proxy_fcgi=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_fcgi statically if mod_proxy is built shared\"" >&5 -$as_echo "$as_me: WARNING: \"cannot build mod_proxy_fcgi statically if mod_proxy is built shared\"" >&2;} - else + if test "$enable_slotmem_shm" != "no"; then : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_fcgi" >&5 -$as_echo_n "checking whether to enable mod_proxy_fcgi... " >&6; } - if test "$enable_proxy_fcgi" = "no"; then - if test "$_apmod_required" = "no"; then - _apmod_extra_msg=" (disabled)" - else - as_fn_error $? "mod_proxy_fcgi has been requested but can not be built due to prerequisite failures" "$LINENO" 5 - fi - fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_fcgi$_apmod_extra_msg" >&5 -$as_echo "$enable_proxy_fcgi$_apmod_extra_msg" >&6; } - if test "$enable_proxy_fcgi" != "no"; then - case "$enable_proxy_fcgi" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_slotmem_shm$_apmod_extra_msg" >&5 +$as_echo "$enable_slotmem_shm$_apmod_extra_msg" >&6; } + if test "$enable_slotmem_shm" != "no"; then + case "$enable_slotmem_shm" in static*) - MODLIST="$MODLIST proxy_fcgi" - if test "proxy_fcgi" = "so"; then + MODLIST="$MODLIST slotmem_shm" + if test "slotmem_shm" = "so"; then sharedobjs=yes fi shared="";; *) - enable_proxy_fcgi=`echo $enable_proxy_fcgi|sed 's/shared,*//'` + enable_slotmem_shm=`echo $enable_slotmem_shm|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES proxy_fcgi" - if test "$proxy_mods_enable" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_fcgi" + DSO_MODULES="$DSO_MODULES slotmem_shm" + if test "most" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},slotmem_shm" fi ;; esac - if test -z "$proxy_fcgi_objs"; then - objects="mod_proxy_fcgi.lo" + if test -z ""; then + objects="mod_slotmem_shm.lo" else - objects="$proxy_fcgi_objs" + objects="" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_proxy_fcgi.la" + libname="libmod_slotmem_shm.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_proxy_scgi... " >&6; } - # Check whether --enable-proxy-scgi was given. -if test "${enable_proxy_scgi+set}" = set; then : - enableval=$enable_proxy_scgi; force_proxy_scgi=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_slotmem_plain" >&5 +$as_echo_n "checking whether to enable mod_slotmem_plain... " >&6; } + # Check whether --enable-slotmem-plain was given. +if test "${enable_slotmem_plain+set}" = set; then : + enableval=$enable_slotmem_plain; force_slotmem_plain=$enableval else - enable_proxy_scgi=$proxy_mods_enable + enable_slotmem_plain=maybe-all fi _apmod_extra_msg="" - case "$enable_proxy_scgi" in + case "$enable_slotmem_plain" in yes|static|shared) _apmod_required="yes" ;; @@ -23160,101 +24244,80 @@ fi ;; esac esac - if test "$enable_proxy_scgi" = "static"; then - enable_proxy_scgi=static - elif test "$enable_proxy_scgi" = "yes"; then - enable_proxy_scgi=$module_default - elif test "$enable_proxy_scgi" = "most"; then + if test "$enable_slotmem_plain" = "static"; then + enable_slotmem_plain=static + elif test "$enable_slotmem_plain" = "yes"; then + enable_slotmem_plain=$module_default + elif test "$enable_slotmem_plain" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_proxy_scgi=$module_default + enable_slotmem_plain=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_proxy_scgi=no + enable_slotmem_plain=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_proxy_scgi" = "maybe-all"; then + elif test "$enable_slotmem_plain" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_proxy_scgi=$module_default + enable_slotmem_plain=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_proxy_scgi=no + enable_slotmem_plain=no fi - elif test "$enable_proxy_scgi" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_proxy_scgi" != "no" ; then - enable_proxy_scgi=$module_default + elif test "$enable_slotmem_plain" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_slotmem_plain" != "no" ; then + enable_slotmem_plain=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_proxy_scgi" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 -$as_echo "checking dependencies" >&6; } - if test "$enable_proxy" = "no" ; then - enable_proxy_scgi=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_scgi\"" >&5 -$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_scgi\"" >&2;} - elif test "$enable_proxy_scgi" = "static" && test "$enable_proxy" != "static" ; then - enable_proxy_scgi=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_scgi statically if mod_proxy is built shared\"" >&5 -$as_echo "$as_me: WARNING: \"cannot build mod_proxy_scgi statically if mod_proxy is built shared\"" >&2;} - else + if test "$enable_slotmem_plain" != "no"; then : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_scgi" >&5 -$as_echo_n "checking whether to enable mod_proxy_scgi... " >&6; } - if test "$enable_proxy_scgi" = "no"; then - if test "$_apmod_required" = "no"; then - _apmod_extra_msg=" (disabled)" - else - as_fn_error $? "mod_proxy_scgi has been requested but can not be built due to prerequisite failures" "$LINENO" 5 - fi - fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_scgi$_apmod_extra_msg" >&5 -$as_echo "$enable_proxy_scgi$_apmod_extra_msg" >&6; } - if test "$enable_proxy_scgi" != "no"; then - case "$enable_proxy_scgi" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_slotmem_plain$_apmod_extra_msg" >&5 +$as_echo "$enable_slotmem_plain$_apmod_extra_msg" >&6; } + if test "$enable_slotmem_plain" != "no"; then + case "$enable_slotmem_plain" in static*) - MODLIST="$MODLIST proxy_scgi" - if test "proxy_scgi" = "so"; then + MODLIST="$MODLIST slotmem_plain" + if test "slotmem_plain" = "so"; then sharedobjs=yes fi shared="";; *) - enable_proxy_scgi=`echo $enable_proxy_scgi|sed 's/shared,*//'` + enable_slotmem_plain=`echo $enable_slotmem_plain|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES proxy_scgi" - if test "$proxy_mods_enable" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_scgi" + DSO_MODULES="$DSO_MODULES slotmem_plain" + if test "" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},slotmem_plain" fi ;; esac - if test -z "$proxy_scgi_objs"; then - objects="mod_proxy_scgi.lo" + if test -z ""; then + objects="mod_slotmem_plain.lo" else - objects="$proxy_scgi_objs" + objects="" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_proxy_scgi.la" + libname="libmod_slotmem_plain.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_proxy_fdpass... " >&6; } - # Check whether --enable-proxy-fdpass was given. -if test "${enable_proxy_fdpass+set}" = set; then : - enableval=$enable_proxy_fdpass; force_proxy_fdpass=$enableval + + echo "DISTCLEAN_TARGETS = modules.mk" >> $modpath_current/modules.mk + echo "static = $modpath_static" >> $modpath_current/modules.mk + echo "shared = $modpath_shared" >> $modpath_current/modules.mk + for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do + if eval val=\"\$MOD_$var\"; test -n "$val"; then + echo "MOD_$var = $val" >> $modpath_current/modules.mk + fi + done + if test ! -z "$modpath_static" -o ! -z "$modpath_shared"; then + MODULE_DIRS="$MODULE_DIRS $current_dir" + else + MODULE_CLEANDIRS="$MODULE_CLEANDIRS $current_dir" + fi + + APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $modpath_current/Makefile" + + + + + + current_dir=ssl + modpath_current=modules/ssl + modpath_static= + modpath_shared= + for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do + eval MOD_$var= + done + test -d ssl || $srcdir/build/mkdir.sh $modpath_current + > $modpath_current/modules.mk + + +ssl_objs="mod_ssl.lo ssl_engine_config.lo ssl_engine_init.lo ssl_engine_io.lo ssl_engine_kernel.lo ssl_engine_log.lo ssl_engine_mutex.lo ssl_engine_pphrase.lo ssl_engine_rand.lo ssl_engine_vars.lo ssl_scache.lo ssl_util_stapling.lo ssl_util.lo ssl_util_ssl.lo ssl_engine_ocsp.lo ssl_util_ocsp.lo " + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_ssl" >&5 +$as_echo_n "checking whether to enable mod_ssl... " >&6; } + # Check whether --enable-ssl was given. +if test "${enable_ssl+set}" = set; then : + enableval=$enable_ssl; force_ssl=$enableval else - enable_proxy_fdpass=maybe-all + enable_ssl=most fi _apmod_extra_msg="" - case "$enable_proxy_fdpass" in + case "$enable_ssl" in yes|static|shared) _apmod_required="yes" ;; @@ -23315,581 +24412,678 @@ fi ;; esac esac - if test "$enable_proxy_fdpass" = "static"; then - enable_proxy_fdpass=static - elif test "$enable_proxy_fdpass" = "yes"; then - enable_proxy_fdpass=$module_default - elif test "$enable_proxy_fdpass" = "most"; then + if test "$enable_ssl" = "static"; then + enable_ssl=static + elif test "$enable_ssl" = "yes"; then + enable_ssl=$module_default + elif test "$enable_ssl" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_proxy_fdpass=$module_default + enable_ssl=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_proxy_fdpass=no + enable_ssl=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_proxy_fdpass" = "maybe-all"; then + elif test "$enable_ssl" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_proxy_fdpass=$module_default + enable_ssl=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_proxy_fdpass=no + enable_ssl=no fi - elif test "$enable_proxy_fdpass" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_proxy_fdpass" != "no" ; then - enable_proxy_fdpass=$module_default + elif test "$enable_ssl" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_ssl" != "no" ; then + enable_ssl=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_proxy_fdpass" != "no"; then + if test "$enable_ssl" != "no"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 $as_echo "checking dependencies" >&6; } - if test "$enable_proxy" = "no" ; then - enable_proxy_fdpass=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_fdpass\"" >&5 -$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_fdpass\"" >&2;} - elif test "$enable_proxy_fdpass" = "static" && test "$enable_proxy" != "static" ; then - enable_proxy_fdpass=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_fdpass statically if mod_proxy is built shared\"" >&5 -$as_echo "$as_me: WARNING: \"cannot build mod_proxy_fdpass statically if mod_proxy is built shared\"" >&2;} - else + : - ac_fn_c_check_decl "$LINENO" "CMSG_DATA" "ac_cv_have_decl_CMSG_DATA" " - #include - #include -" -if test "x$ac_cv_have_decl_CMSG_DATA" = xyes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL" >&5 +$as_echo_n "checking for OpenSSL... " >&6; } +if ${ac_cv_openssl+:} false; then : + $as_echo_n "(cached) " >&6 +else -fi + ac_cv_openssl=no + ap_openssl_found="" + ap_openssl_base="" + ap_openssl_libs="" + ap_openssl_mod_cflags="" + ap_openssl_mod_ldflags="" - if test $ac_cv_have_decl_CMSG_DATA = "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your system does not support CMSG_DATA." >&5 -$as_echo "$as_me: WARNING: Your system does not support CMSG_DATA." >&2;} - enable_proxy_fdpass=no - fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for user-provided OpenSSL base directory" >&5 +$as_echo_n "checking for user-provided OpenSSL base directory... " >&6; } - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_fdpass" >&5 -$as_echo_n "checking whether to enable mod_proxy_fdpass... " >&6; } - if test "$enable_proxy_fdpass" = "no"; then - if test "$_apmod_required" = "no"; then - _apmod_extra_msg=" (disabled)" - else - as_fn_error $? "mod_proxy_fdpass has been requested but can not be built due to prerequisite failures" "$LINENO" 5 - fi - fi - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_fdpass$_apmod_extra_msg" >&5 -$as_echo "$enable_proxy_fdpass$_apmod_extra_msg" >&6; } - if test "$enable_proxy_fdpass" != "no"; then - case "$enable_proxy_fdpass" in - static*) - MODLIST="$MODLIST proxy_fdpass" - if test "proxy_fdpass" = "so"; then - sharedobjs=yes +# Check whether --with-ssl was given. +if test "${with_ssl+set}" = set; then : + withval=$with_ssl; + if test "x$withval" != "xyes" -a "x$withval" != "x"; then + ap_openssl_base="`cd $withval ; pwd`" fi - shared="";; - *) - enable_proxy_fdpass=`echo $enable_proxy_fdpass|sed 's/shared,*//'` - sharedobjs=yes - shared=yes - DSO_MODULES="$DSO_MODULES proxy_fdpass" - if test "" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_fdpass" + +fi + + if test "x$ap_openssl_base" = "x"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 +$as_echo "none" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ap_openssl_base" >&5 +$as_echo "$ap_openssl_base" >&6; } + fi + + saved_CPPFLAGS="$CPPFLAGS" + saved_LIBS="$LIBS" + saved_LDFLAGS="$LDFLAGS" + + if test -n "$PKGCONFIG"; then + saved_PKG_CONFIG_PATH="$PKG_CONFIG_PATH" + if test "x$ap_openssl_base" != "x" -a \ + -f "${ap_openssl_base}/lib/pkgconfig/openssl.pc"; then + PKG_CONFIG_PATH="${ap_openssl_base}/lib/pkgconfig${PKG_CONFIG_PATH+:}${PKG_CONFIG_PATH}" + export PKG_CONFIG_PATH fi - ;; - esac + # Check whether --enable-ssl-staticlib-deps was given. +if test "${enable_ssl_staticlib_deps+set}" = set; then : + enableval=$enable_ssl_staticlib_deps; + if test "$enableval" = "yes"; then + PKGCONFIG_LIBOPTS="--static" + fi +fi - if test -z "$proxy_fdpass_objs"; then - objects="mod_proxy_fdpass.lo" + ap_openssl_libs="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-l --silence-errors openssl`" + if test $? -eq 0; then + ap_openssl_found="yes" + pkglookup="`$PKGCONFIG --cflags-only-I openssl`" + + if test "x$CPPFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting CPPFLAGS to \"$pkglookup\"" + CPPFLAGS="$pkglookup" else - objects="$proxy_fdpass_objs" + apr_addto_bugger="$pkglookup" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $CPPFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to CPPFLAGS" + CPPFLAGS="$CPPFLAGS $i" + fi + done fi - if test -z "$module_standalone"; then - if test -z "$shared"; then - # The filename of a convenience library must have a "lib" prefix: - libname="libmod_proxy_fdpass.la" - BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" - modpath_static="$modpath_static $libname" - cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_proxy_wstunnel... " >&6; } - # Check whether --enable-proxy-wstunnel was given. -if test "${enable_proxy_wstunnel+set}" = set; then : - enableval=$enable_proxy_wstunnel; force_proxy_wstunnel=$enableval -else - enable_proxy_wstunnel=$proxy_mods_enable -fi - - _apmod_extra_msg="" - case "$enable_proxy_wstunnel" in - yes|static|shared) - _apmod_required="yes" - ;; - *) - case "$module_selection" in - reallyall|all|most) - _apmod_required="no" - ;; - *) - _apmod_required="yes" - ;; - esac - esac - if test "$enable_proxy_wstunnel" = "static"; then - enable_proxy_wstunnel=static - elif test "$enable_proxy_wstunnel" = "yes"; then - enable_proxy_wstunnel=$module_default - elif test "$enable_proxy_wstunnel" = "most"; then - if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ - "$module_selection" = "reallyall" - then - enable_proxy_wstunnel=$module_default - elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_proxy_wstunnel=no - fi - _apmod_extra_msg=" ($module_selection)" - elif test "$enable_proxy_wstunnel" = "maybe-all"; then - if test "$module_selection" = "all" -o "$module_selection" = "reallyall" - then - enable_proxy_wstunnel=$module_default - _apmod_extra_msg=" ($module_selection)" - else - enable_proxy_wstunnel=no - fi - elif test "$enable_proxy_wstunnel" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_proxy_wstunnel" != "no" ; then - enable_proxy_wstunnel=$module_default - _apmod_extra_msg=" ($module_selection)" - fi - if test "$enable_proxy_wstunnel" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 -$as_echo "checking dependencies" >&6; } - if test "$enable_proxy" = "no" ; then - enable_proxy_wstunnel=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_wstunnel\"" >&5 -$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_wstunnel\"" >&2;} - elif test "$enable_proxy_wstunnel" = "static" && test "$enable_proxy" != "static" ; then - enable_proxy_wstunnel=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_wstunnel statically if mod_proxy is built shared\"" >&5 -$as_echo "$as_me: WARNING: \"cannot build mod_proxy_wstunnel statically if mod_proxy is built shared\"" >&2;} - else - : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_wstunnel" >&5 -$as_echo_n "checking whether to enable mod_proxy_wstunnel... " >&6; } - if test "$enable_proxy_wstunnel" = "no"; then - if test "$_apmod_required" = "no"; then - _apmod_extra_msg=" (disabled)" - else - as_fn_error $? "mod_proxy_wstunnel has been requested but can not be built due to prerequisite failures" "$LINENO" 5 - fi - fi + if test "x$LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting LDFLAGS to \"$pkglookup\"" + LDFLAGS="$pkglookup" + else + apr_addto_bugger="$pkglookup" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $LDFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to LDFLAGS" + LDFLAGS="$LDFLAGS $i" + fi + done fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_wstunnel$_apmod_extra_msg" >&5 -$as_echo "$enable_proxy_wstunnel$_apmod_extra_msg" >&6; } - if test "$enable_proxy_wstunnel" != "no"; then - case "$enable_proxy_wstunnel" in - static*) - MODLIST="$MODLIST proxy_wstunnel" - if test "proxy_wstunnel" = "so"; then - sharedobjs=yes + + + if test "x$MOD_LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$pkglookup\"" + MOD_LDFLAGS="$pkglookup" + else + apr_addto_bugger="$pkglookup" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $MOD_LDFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" + MOD_LDFLAGS="$MOD_LDFLAGS $i" fi - shared="";; - *) - enable_proxy_wstunnel=`echo $enable_proxy_wstunnel|sed 's/shared,*//'` - sharedobjs=yes - shared=yes - DSO_MODULES="$DSO_MODULES proxy_wstunnel" - if test "$proxy_mods_enable" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_wstunnel" + done + fi + fi - ;; - esac + PKG_CONFIG_PATH="$saved_PKG_CONFIG_PATH" + fi + if test "x$ap_openssl_base" != "x" -a "x$ap_openssl_found" = "x"; then - if test -z "$proxy_wstunnel_objs"; then - objects="mod_proxy_wstunnel.lo" + if test "x$CPPFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting CPPFLAGS to \"-I$ap_openssl_base/include\"" + CPPFLAGS="-I$ap_openssl_base/include" else - objects="$proxy_wstunnel_objs" + apr_addto_bugger="-I$ap_openssl_base/include" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $CPPFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to CPPFLAGS" + CPPFLAGS="$CPPFLAGS $i" + fi + done fi - if test -z "$module_standalone"; then - if test -z "$shared"; then - # The filename of a convenience library must have a "lib" prefix: - libname="libmod_proxy_wstunnel.la" - BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" - modpath_static="$modpath_static $libname" - cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_proxy_ajp... " >&6; } - # Check whether --enable-proxy-ajp was given. -if test "${enable_proxy_ajp+set}" = set; then : - enableval=$enable_proxy_ajp; force_proxy_ajp=$enableval -else - enable_proxy_ajp=$proxy_mods_enable -fi - - _apmod_extra_msg="" - case "$enable_proxy_ajp" in - yes|static|shared) - _apmod_required="yes" - ;; - *) - case "$module_selection" in - reallyall|all|most) - _apmod_required="no" - ;; - *) - _apmod_required="yes" - ;; - esac - esac - if test "$enable_proxy_ajp" = "static"; then - enable_proxy_ajp=static - elif test "$enable_proxy_ajp" = "yes"; then - enable_proxy_ajp=$module_default - elif test "$enable_proxy_ajp" = "most"; then - if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ - "$module_selection" = "reallyall" - then - enable_proxy_ajp=$module_default - elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_proxy_ajp=no - fi - _apmod_extra_msg=" ($module_selection)" - elif test "$enable_proxy_ajp" = "maybe-all"; then - if test "$module_selection" = "all" -o "$module_selection" = "reallyall" - then - enable_proxy_ajp=$module_default - _apmod_extra_msg=" ($module_selection)" - else - enable_proxy_ajp=no - fi - elif test "$enable_proxy_ajp" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_proxy_ajp" != "no" ; then - enable_proxy_ajp=$module_default - _apmod_extra_msg=" ($module_selection)" - fi - if test "$enable_proxy_ajp" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 -$as_echo "checking dependencies" >&6; } - if test "$enable_proxy" = "no" ; then - enable_proxy_ajp=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_ajp\"" >&5 -$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_ajp\"" >&2;} - elif test "$enable_proxy_ajp" = "static" && test "$enable_proxy" != "static" ; then - enable_proxy_ajp=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_ajp statically if mod_proxy is built shared\"" >&5 -$as_echo "$as_me: WARNING: \"cannot build mod_proxy_ajp statically if mod_proxy is built shared\"" >&2;} - else - : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_ajp" >&5 -$as_echo_n "checking whether to enable mod_proxy_ajp... " >&6; } - if test "$enable_proxy_ajp" = "no"; then - if test "$_apmod_required" = "no"; then - _apmod_extra_msg=" (disabled)" - else - as_fn_error $? "mod_proxy_ajp has been requested but can not be built due to prerequisite failures" "$LINENO" 5 - fi - fi + if test "x$LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting LDFLAGS to \"$ap_platform_runtime_link_flag$ap_openssl_base/lib\"" + LDFLAGS="$ap_platform_runtime_link_flag$ap_openssl_base/lib" + else + apr_addto_bugger="$ap_platform_runtime_link_flag$ap_openssl_base/lib" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $LDFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to LDFLAGS" + LDFLAGS="$LDFLAGS $i" + fi + done fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_ajp$_apmod_extra_msg" >&5 -$as_echo "$enable_proxy_ajp$_apmod_extra_msg" >&6; } - if test "$enable_proxy_ajp" != "no"; then - case "$enable_proxy_ajp" in - static*) - MODLIST="$MODLIST proxy_ajp" - if test "proxy_ajp" = "so"; then - sharedobjs=yes + + + if test "x$MOD_LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$ap_platform_runtime_link_flag$ap_openssl_base/lib\"" + MOD_LDFLAGS="$ap_platform_runtime_link_flag$ap_openssl_base/lib" + else + apr_addto_bugger="$ap_platform_runtime_link_flag$ap_openssl_base/lib" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $MOD_LDFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" + MOD_LDFLAGS="$MOD_LDFLAGS $i" fi - shared="";; - *) - enable_proxy_ajp=`echo $enable_proxy_ajp|sed 's/shared,*//'` - sharedobjs=yes - shared=yes - DSO_MODULES="$DSO_MODULES proxy_ajp" - if test "$proxy_mods_enable" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_ajp" + done + fi + fi - ;; - esac + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL version >= 0.9.8a" >&5 +$as_echo_n "checking for OpenSSL version >= 0.9.8a... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + +#if !defined(OPENSSL_VERSION_NUMBER) +#error "Missing OpenSSL version" +#endif +#if OPENSSL_VERSION_NUMBER < 0x0090801f +#error "Unsupported OpenSSL version " OPENSSL_VERSION_TEXT +#endif + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: OK" >&5 +$as_echo "OK" >&6; } + ac_cv_openssl=yes +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: FAILED" >&5 +$as_echo "FAILED" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test "x$ac_cv_openssl" = "xyes"; then + ap_openssl_libs="${ap_openssl_libs:--lssl -lcrypto} `$apr_config --libs`" - if test -z "$proxy_ajp_objs"; then - objects="mod_proxy_ajp.lo" + if test "x$MOD_LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$ap_openssl_libs\"" + MOD_LDFLAGS="$ap_openssl_libs" else - objects="$proxy_ajp_objs" + apr_addto_bugger="$ap_openssl_libs" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $MOD_LDFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" + MOD_LDFLAGS="$MOD_LDFLAGS $i" + fi + done fi - if test -z "$module_standalone"; then - if test -z "$shared"; then - # The filename of a convenience library must have a "lib" prefix: - libname="libmod_proxy_ajp.la" - BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" - modpath_static="$modpath_static $libname" - cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_proxy_balancer... " >&6; } - # Check whether --enable-proxy-balancer was given. -if test "${enable_proxy_balancer+set}" = set; then : - enableval=$enable_proxy_balancer; force_proxy_balancer=$enableval + + liberrors="" + for ac_header in openssl/engine.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "openssl/engine.h" "ac_cv_header_openssl_engine_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_engine_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_OPENSSL_ENGINE_H 1 +_ACEOF + +fi + +done + + for ac_func in SSLeay_version SSL_CTX_new +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + else - enable_proxy_balancer=$proxy_mods_enable + liberrors="yes" fi +done - _apmod_extra_msg="" - case "$enable_proxy_balancer" in - yes|static|shared) - _apmod_required="yes" - ;; - *) - case "$module_selection" in - reallyall|all|most) - _apmod_required="no" - ;; - *) - _apmod_required="yes" - ;; - esac - esac - if test "$enable_proxy_balancer" = "static"; then - enable_proxy_balancer=static - elif test "$enable_proxy_balancer" = "yes"; then - enable_proxy_balancer=$module_default - elif test "$enable_proxy_balancer" = "most"; then - if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ - "$module_selection" = "reallyall" - then - enable_proxy_balancer=$module_default - elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_proxy_balancer=no - fi - _apmod_extra_msg=" ($module_selection)" - elif test "$enable_proxy_balancer" = "maybe-all"; then - if test "$module_selection" = "all" -o "$module_selection" = "reallyall" - then - enable_proxy_balancer=$module_default - _apmod_extra_msg=" ($module_selection)" + for ac_func in ENGINE_init ENGINE_load_builtin_engines RAND_egd +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + if test "x$liberrors" != "x"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL libraries are unusable" >&5 +$as_echo "$as_me: WARNING: OpenSSL libraries are unusable" >&2;} + fi else - enable_proxy_balancer=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL version is too old" >&5 +$as_echo "$as_me: WARNING: OpenSSL version is too old" >&2;} fi - elif test "$enable_proxy_balancer" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_proxy_balancer" != "no" ; then - enable_proxy_balancer=$module_default - _apmod_extra_msg=" ($module_selection)" + + CPPFLAGS="$saved_CPPFLAGS" + LIBS="$saved_LIBS" + LDFLAGS="$saved_LDFLAGS" + + ap_openssl_mod_cflags=$MOD_CFLAGS + ap_openssl_mod_ldflags=$MOD_LDFLAGS + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_openssl" >&5 +$as_echo "$ac_cv_openssl" >&6; } + if test "x$ac_cv_openssl" = "xyes"; then + +$as_echo "#define HAVE_OPENSSL 1" >>confdefs.h + + + if test "x$MOD_LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$ap_openssl_mod_ldflags\"" + MOD_LDFLAGS="$ap_openssl_mod_ldflags" + else + apr_addto_bugger="$ap_openssl_mod_ldflags" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $MOD_LDFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" + MOD_LDFLAGS="$MOD_LDFLAGS $i" + fi + done fi - if test "$enable_proxy_balancer" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 -$as_echo "checking dependencies" >&6; } - if test "$enable_proxy" = "no" ; then - enable_proxy_balancer=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_balancer\"" >&5 -$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_balancer\"" >&2;} - elif test "$enable_proxy_balancer" = "static" && test "$enable_proxy" != "static" ; then - enable_proxy_balancer=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_balancer statically if mod_proxy is built shared\"" >&5 -$as_echo "$as_me: WARNING: \"cannot build mod_proxy_balancer statically if mod_proxy is built shared\"" >&2;} - else + + + if test "x$MOD_CFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_CFLAGS to \"$ap_openssl_mod_cflags\"" + MOD_CFLAGS="$ap_openssl_mod_cflags" + else + apr_addto_bugger="$ap_openssl_mod_cflags" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $MOD_CFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_CFLAGS" + MOD_CFLAGS="$MOD_CFLAGS $i" + fi + done + fi + + fi + + if test "$ac_cv_openssl" = "yes" ; then + if test "x$enable_ssl" = "xshared"; then + # The only symbol which needs to be exported is the module + # structure, so ask libtool to hide everything else: + + if test "x$MOD_SSL_LDADD" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_SSL_LDADD to \"-export-symbols-regex ssl_module\"" + MOD_SSL_LDADD="-export-symbols-regex ssl_module" + else + apr_addto_bugger="-export-symbols-regex ssl_module" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $MOD_SSL_LDADD; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_SSL_LDADD" + MOD_SSL_LDADD="$MOD_SSL_LDADD $i" + fi + done + fi + + fi + else + enable_ssl=no + fi + : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_balancer" >&5 -$as_echo_n "checking whether to enable mod_proxy_balancer... " >&6; } - if test "$enable_proxy_balancer" = "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_ssl" >&5 +$as_echo_n "checking whether to enable mod_ssl... " >&6; } + if test "$enable_ssl" = "no"; then if test "$_apmod_required" = "no"; then _apmod_extra_msg=" (disabled)" else - as_fn_error $? "mod_proxy_balancer has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + as_fn_error $? "mod_ssl has been requested but can not be built due to prerequisite failures" "$LINENO" 5 fi fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_balancer$_apmod_extra_msg" >&5 -$as_echo "$enable_proxy_balancer$_apmod_extra_msg" >&6; } - if test "$enable_proxy_balancer" != "no"; then - case "$enable_proxy_balancer" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_ssl$_apmod_extra_msg" >&5 +$as_echo "$enable_ssl$_apmod_extra_msg" >&6; } + if test "$enable_ssl" != "no"; then + case "$enable_ssl" in static*) - MODLIST="$MODLIST proxy_balancer" - if test "proxy_balancer" = "so"; then + MODLIST="$MODLIST ssl" + if test "ssl" = "so"; then sharedobjs=yes fi shared="";; *) - enable_proxy_balancer=`echo $enable_proxy_balancer|sed 's/shared,*//'` + enable_ssl=`echo $enable_ssl|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES proxy_balancer" - if test "$proxy_mods_enable" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_balancer" + DSO_MODULES="$DSO_MODULES ssl" + if test "most" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},ssl" fi ;; esac - if test -z "$proxy_balancer_objs"; then - objects="mod_proxy_balancer.lo" + if test -z "$ssl_objs"; then + objects="mod_ssl.lo" else - objects="$proxy_balancer_objs" + objects="$ssl_objs" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_proxy_balancer.la" + libname="libmod_ssl.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_proxy_express... " >&6; } - # Check whether --enable-proxy-express was given. -if test "${enable_proxy_express+set}" = set; then : - enableval=$enable_proxy_express; force_proxy_express=$enableval + if test "x$INCLUDES" = "x"; then + test "x$silent" != "xyes" && echo " setting INCLUDES to \"-I\$(top_srcdir)/$modpath_current\"" + INCLUDES="-I\$(top_srcdir)/$modpath_current" + else + apr_addto_bugger="-I\$(top_srcdir)/$modpath_current" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $INCLUDES; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to INCLUDES" + INCLUDES="$INCLUDES $i" + fi + done + fi + + + + echo "DISTCLEAN_TARGETS = modules.mk" >> $modpath_current/modules.mk + echo "static = $modpath_static" >> $modpath_current/modules.mk + echo "shared = $modpath_shared" >> $modpath_current/modules.mk + for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do + if eval val=\"\$MOD_$var\"; test -n "$val"; then + echo "MOD_$var = $val" >> $modpath_current/modules.mk + fi + done + if test ! -z "$modpath_static" -o ! -z "$modpath_shared"; then + MODULE_DIRS="$MODULE_DIRS $current_dir" + else + MODULE_CLEANDIRS="$MODULE_CLEANDIRS $current_dir" + fi + + APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $modpath_current/Makefile" + + + + + + + current_dir=test + modpath_current=modules/test + modpath_static= + modpath_shared= + for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do + eval MOD_$var= + done + test -d test || $srcdir/build/mkdir.sh $modpath_current + > $modpath_current/modules.mk + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_optional_hook_export" >&5 +$as_echo_n "checking whether to enable mod_optional_hook_export... " >&6; } + # Check whether --enable-optional-hook-export was given. +if test "${enable_optional_hook_export+set}" = set; then : + enableval=$enable_optional_hook_export; force_optional_hook_export=$enableval else - enable_proxy_express=$proxy_mods_enable + enable_optional_hook_export=no fi _apmod_extra_msg="" - case "$enable_proxy_express" in + case "$enable_optional_hook_export" in yes|static|shared) _apmod_required="yes" ;; @@ -23951,80 +25201,59 @@ fi ;; esac esac - if test "$enable_proxy_express" = "static"; then - enable_proxy_express=static - elif test "$enable_proxy_express" = "yes"; then - enable_proxy_express=$module_default - elif test "$enable_proxy_express" = "most"; then + if test "$enable_optional_hook_export" = "static"; then + enable_optional_hook_export=static + elif test "$enable_optional_hook_export" = "yes"; then + enable_optional_hook_export=$module_default + elif test "$enable_optional_hook_export" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_proxy_express=$module_default + enable_optional_hook_export=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_proxy_express=no + enable_optional_hook_export=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_proxy_express" = "maybe-all"; then + elif test "$enable_optional_hook_export" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_proxy_express=$module_default + enable_optional_hook_export=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_proxy_express=no + enable_optional_hook_export=no fi - elif test "$enable_proxy_express" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_proxy_express" != "no" ; then - enable_proxy_express=$module_default + elif test "$enable_optional_hook_export" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_optional_hook_export" != "no" ; then + enable_optional_hook_export=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_proxy_express" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 -$as_echo "checking dependencies" >&6; } - if test "$enable_proxy" = "no" ; then - enable_proxy_express=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_proxy is disabled but required for mod_proxy_express\"" >&5 -$as_echo "$as_me: WARNING: \"mod_proxy is disabled but required for mod_proxy_express\"" >&2;} - elif test "$enable_proxy_express" = "static" && test "$enable_proxy" != "static" ; then - enable_proxy_express=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_proxy_express statically if mod_proxy is built shared\"" >&5 -$as_echo "$as_me: WARNING: \"cannot build mod_proxy_express statically if mod_proxy is built shared\"" >&2;} - else + if test "$enable_optional_hook_export" != "no"; then : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_proxy_express" >&5 -$as_echo_n "checking whether to enable mod_proxy_express... " >&6; } - if test "$enable_proxy_express" = "no"; then - if test "$_apmod_required" = "no"; then - _apmod_extra_msg=" (disabled)" - else - as_fn_error $? "mod_proxy_express has been requested but can not be built due to prerequisite failures" "$LINENO" 5 - fi - fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_proxy_express$_apmod_extra_msg" >&5 -$as_echo "$enable_proxy_express$_apmod_extra_msg" >&6; } - if test "$enable_proxy_express" != "no"; then - case "$enable_proxy_express" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_optional_hook_export$_apmod_extra_msg" >&5 +$as_echo "$enable_optional_hook_export$_apmod_extra_msg" >&6; } + if test "$enable_optional_hook_export" != "no"; then + case "$enable_optional_hook_export" in static*) - MODLIST="$MODLIST proxy_express" - if test "proxy_express" = "so"; then + MODLIST="$MODLIST optional_hook_export" + if test "optional_hook_export" = "so"; then sharedobjs=yes fi shared="";; *) - enable_proxy_express=`echo $enable_proxy_express|sed 's/shared,*//'` + enable_optional_hook_export=`echo $enable_optional_hook_export|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES proxy_express" - if test "$proxy_mods_enable" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},proxy_express" + DSO_MODULES="$DSO_MODULES optional_hook_export" + if test "no" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},optional_hook_export" fi ;; esac if test -z ""; then - objects="mod_proxy_express.lo" + objects="mod_optional_hook_export.lo" else objects="" fi @@ -24032,145 +25261,67 @@ $as_echo "$enable_proxy_express$_apmod_extra_msg" >&6; } if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_proxy_express.la" - BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" - modpath_static="$modpath_static $libname" - cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<>$modpath_current/modules.mk<> $modpath_current/modules.mk - echo "static = $modpath_static" >> $modpath_current/modules.mk - echo "shared = $modpath_shared" >> $modpath_current/modules.mk - for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do - if eval val=\"\$MOD_$var\"; test -n "$val"; then - echo "MOD_$var = $val" >> $modpath_current/modules.mk + fi + else + apache_need_shared=yes + libname="mod_optional_hook_export.la" + shobjects=`echo $objects | sed 's/\.lo/.slo/g'` + modpath_shared="$modpath_shared $libname" + cat >>$modpath_current/modules.mk< $modpath_current/modules.mk - - -session_cookie_objects='mod_session_cookie.lo' -session_crypto_objects='mod_session_crypto.lo' -session_dbd_objects='mod_session_dbd.lo' -case "$host" in - *os2*) - # OS/2 DLLs must resolve all symbols at build time - # and we need some from main session module - session_cookie_objects="$session_cookie_objects mod_session.la" - session_crypto_objects="$session_crypto_objects mod_session.la" - session_dbd_objects="$session_dbd_objects mod_session.la" - ;; -esac + fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_session" >&5 -$as_echo_n "checking whether to enable mod_session... " >&6; } - # Check whether --enable-session was given. -if test "${enable_session+set}" = set; then : - enableval=$enable_session; force_session=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_optional_hook_import" >&5 +$as_echo_n "checking whether to enable mod_optional_hook_import... " >&6; } + # Check whether --enable-optional-hook-import was given. +if test "${enable_optional_hook_import+set}" = set; then : + enableval=$enable_optional_hook_import; force_optional_hook_import=$enableval else - enable_session=most + enable_optional_hook_import=no fi _apmod_extra_msg="" - case "$enable_session" in + case "$enable_optional_hook_import" in yes|static|shared) _apmod_required="yes" ;; @@ -24184,59 +25335,59 @@ fi ;; esac esac - if test "$enable_session" = "static"; then - enable_session=static - elif test "$enable_session" = "yes"; then - enable_session=$module_default - elif test "$enable_session" = "most"; then + if test "$enable_optional_hook_import" = "static"; then + enable_optional_hook_import=static + elif test "$enable_optional_hook_import" = "yes"; then + enable_optional_hook_import=$module_default + elif test "$enable_optional_hook_import" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_session=$module_default + enable_optional_hook_import=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_session=no + enable_optional_hook_import=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_session" = "maybe-all"; then + elif test "$enable_optional_hook_import" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_session=$module_default + enable_optional_hook_import=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_session=no + enable_optional_hook_import=no fi - elif test "$enable_session" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_session" != "no" ; then - enable_session=$module_default + elif test "$enable_optional_hook_import" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_optional_hook_import" != "no" ; then + enable_optional_hook_import=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_session" != "no"; then + if test "$enable_optional_hook_import" != "no"; then : fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_session$_apmod_extra_msg" >&5 -$as_echo "$enable_session$_apmod_extra_msg" >&6; } - if test "$enable_session" != "no"; then - case "$enable_session" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_optional_hook_import$_apmod_extra_msg" >&5 +$as_echo "$enable_optional_hook_import$_apmod_extra_msg" >&6; } + if test "$enable_optional_hook_import" != "no"; then + case "$enable_optional_hook_import" in static*) - MODLIST="$MODLIST session" - if test "session" = "so"; then + MODLIST="$MODLIST optional_hook_import" + if test "optional_hook_import" = "so"; then sharedobjs=yes fi shared="";; *) - enable_session=`echo $enable_session|sed 's/shared,*//'` + enable_optional_hook_import=`echo $enable_optional_hook_import|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES session" - if test "most" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},session" + DSO_MODULES="$DSO_MODULES optional_hook_import" + if test "no" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},optional_hook_import" fi ;; esac if test -z ""; then - objects="mod_session.lo" + objects="mod_optional_hook_import.lo" else objects="" fi @@ -24244,20 +25395,20 @@ $as_echo "$enable_session$_apmod_extra_msg" >&6; } if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_session.la" + libname="libmod_optional_hook_import.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_session_cookie... " >&6; } - # Check whether --enable-session-cookie was given. -if test "${enable_session_cookie+set}" = set; then : - enableval=$enable_session_cookie; force_session_cookie=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_optional_fn_import" >&5 +$as_echo_n "checking whether to enable mod_optional_fn_import... " >&6; } + # Check whether --enable-optional-fn-import was given. +if test "${enable_optional_fn_import+set}" = set; then : + enableval=$enable_optional_fn_import; force_optional_fn_import=$enableval else - enable_session_cookie=$session_mods_enable + enable_optional_fn_import=no fi _apmod_extra_msg="" - case "$enable_session_cookie" in + case "$enable_optional_fn_import" in yes|static|shared) _apmod_required="yes" ;; @@ -24318,101 +25469,80 @@ fi ;; esac esac - if test "$enable_session_cookie" = "static"; then - enable_session_cookie=static - elif test "$enable_session_cookie" = "yes"; then - enable_session_cookie=$module_default - elif test "$enable_session_cookie" = "most"; then + if test "$enable_optional_fn_import" = "static"; then + enable_optional_fn_import=static + elif test "$enable_optional_fn_import" = "yes"; then + enable_optional_fn_import=$module_default + elif test "$enable_optional_fn_import" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_session_cookie=$module_default + enable_optional_fn_import=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_session_cookie=no + enable_optional_fn_import=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_session_cookie" = "maybe-all"; then + elif test "$enable_optional_fn_import" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_session_cookie=$module_default + enable_optional_fn_import=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_session_cookie=no + enable_optional_fn_import=no fi - elif test "$enable_session_cookie" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_session_cookie" != "no" ; then - enable_session_cookie=$module_default + elif test "$enable_optional_fn_import" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_optional_fn_import" != "no" ; then + enable_optional_fn_import=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_session_cookie" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 -$as_echo "checking dependencies" >&6; } - if test "$enable_session" = "no" ; then - enable_session_cookie=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_session is disabled but required for mod_session_cookie\"" >&5 -$as_echo "$as_me: WARNING: \"mod_session is disabled but required for mod_session_cookie\"" >&2;} - elif test "$enable_session_cookie" = "static" && test "$enable_session" != "static" ; then - enable_session_cookie=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_session_cookie statically if mod_session is built shared\"" >&5 -$as_echo "$as_me: WARNING: \"cannot build mod_session_cookie statically if mod_session is built shared\"" >&2;} - else + if test "$enable_optional_fn_import" != "no"; then : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_session_cookie" >&5 -$as_echo_n "checking whether to enable mod_session_cookie... " >&6; } - if test "$enable_session_cookie" = "no"; then - if test "$_apmod_required" = "no"; then - _apmod_extra_msg=" (disabled)" - else - as_fn_error $? "mod_session_cookie has been requested but can not be built due to prerequisite failures" "$LINENO" 5 - fi - fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_session_cookie$_apmod_extra_msg" >&5 -$as_echo "$enable_session_cookie$_apmod_extra_msg" >&6; } - if test "$enable_session_cookie" != "no"; then - case "$enable_session_cookie" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_optional_fn_import$_apmod_extra_msg" >&5 +$as_echo "$enable_optional_fn_import$_apmod_extra_msg" >&6; } + if test "$enable_optional_fn_import" != "no"; then + case "$enable_optional_fn_import" in static*) - MODLIST="$MODLIST session_cookie" - if test "session_cookie" = "so"; then + MODLIST="$MODLIST optional_fn_import" + if test "optional_fn_import" = "so"; then sharedobjs=yes fi shared="";; *) - enable_session_cookie=`echo $enable_session_cookie|sed 's/shared,*//'` + enable_optional_fn_import=`echo $enable_optional_fn_import|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES session_cookie" - if test "$session_mods_enable" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},session_cookie" + DSO_MODULES="$DSO_MODULES optional_fn_import" + if test "no" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},optional_fn_import" fi ;; esac - if test -z "$session_cookie_objects"; then - objects="mod_session_cookie.lo" + if test -z ""; then + objects="mod_optional_fn_import.lo" else - objects="$session_cookie_objects" + objects="" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_session_cookie.la" + libname="libmod_optional_fn_import.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ - -#if APU_HAVE_CRYPTO == 0 -#error no crypto support -#endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ap_HAVE_APR_CRYPTO="yes" -else - ap_HAVE_APR_CRYPTO="no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - CPPFLAGS="$saved_CPPFLAGS" - if test $ap_HAVE_APR_CRYPTO = "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your APR does not include SSL/EVP support. To enable it: configure --with-crypto" >&5 -$as_echo "$as_me: WARNING: Your APR does not include SSL/EVP support. To enable it: configure --with-crypto" >&2;} - if test "$enable_session_crypto" != "" -a "$enable_session_crypto" != "no"; then - as_fn_error $? "mod_session_crypto cannot be enabled" "$LINENO" 5 - fi - session_mods_enable_crypto="no" - fi -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_session_crypto" >&5 -$as_echo_n "checking whether to enable mod_session_crypto... " >&6; } - # Check whether --enable-session-crypto was given. -if test "${enable_session_crypto+set}" = set; then : - enableval=$enable_session_crypto; force_session_crypto=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_optional_fn_export" >&5 +$as_echo_n "checking whether to enable mod_optional_fn_export... " >&6; } + # Check whether --enable-optional-fn-export was given. +if test "${enable_optional_fn_export+set}" = set; then : + enableval=$enable_optional_fn_export; force_optional_fn_export=$enableval else - enable_session_crypto=$session_mods_enable_crypto + enable_optional_fn_export=no fi _apmod_extra_msg="" - case "$enable_session_crypto" in + case "$enable_optional_fn_export" in yes|static|shared) _apmod_required="yes" ;; @@ -24513,105 +25603,80 @@ fi ;; esac esac - if test "$enable_session_crypto" = "static"; then - enable_session_crypto=static - elif test "$enable_session_crypto" = "yes"; then - enable_session_crypto=$module_default - elif test "$enable_session_crypto" = "most"; then + if test "$enable_optional_fn_export" = "static"; then + enable_optional_fn_export=static + elif test "$enable_optional_fn_export" = "yes"; then + enable_optional_fn_export=$module_default + elif test "$enable_optional_fn_export" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_session_crypto=$module_default + enable_optional_fn_export=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_session_crypto=no + enable_optional_fn_export=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_session_crypto" = "maybe-all"; then + elif test "$enable_optional_fn_export" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_session_crypto=$module_default + enable_optional_fn_export=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_session_crypto=no + enable_optional_fn_export=no fi - elif test "$enable_session_crypto" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_session_crypto" != "no" ; then - enable_session_crypto=$module_default + elif test "$enable_optional_fn_export" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_optional_fn_export" != "no" ; then + enable_optional_fn_export=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_session_crypto" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 -$as_echo "checking dependencies" >&6; } - if test "$enable_session" = "no" ; then - enable_session_crypto=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_session is disabled but required for mod_session_crypto\"" >&5 -$as_echo "$as_me: WARNING: \"mod_session is disabled but required for mod_session_crypto\"" >&2;} - elif test "$enable_session_crypto" = "static" && test "$enable_session" != "static" ; then - enable_session_crypto=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_session_crypto statically if mod_session is built shared\"" >&5 -$as_echo "$as_me: WARNING: \"cannot build mod_session_crypto statically if mod_session is built shared\"" >&2;} - else - -if test "$session_mods_enable_crypto" = "no" ; then - enable_session_crypto=no -fi - - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_session_crypto" >&5 -$as_echo_n "checking whether to enable mod_session_crypto... " >&6; } - if test "$enable_session_crypto" = "no"; then - if test "$_apmod_required" = "no"; then - _apmod_extra_msg=" (disabled)" - else - as_fn_error $? "mod_session_crypto has been requested but can not be built due to prerequisite failures" "$LINENO" 5 - fi - fi + if test "$enable_optional_fn_export" != "no"; then + : fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_session_crypto$_apmod_extra_msg" >&5 -$as_echo "$enable_session_crypto$_apmod_extra_msg" >&6; } - if test "$enable_session_crypto" != "no"; then - case "$enable_session_crypto" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_optional_fn_export$_apmod_extra_msg" >&5 +$as_echo "$enable_optional_fn_export$_apmod_extra_msg" >&6; } + if test "$enable_optional_fn_export" != "no"; then + case "$enable_optional_fn_export" in static*) - MODLIST="$MODLIST session_crypto" - if test "session_crypto" = "so"; then + MODLIST="$MODLIST optional_fn_export" + if test "optional_fn_export" = "so"; then sharedobjs=yes fi shared="";; *) - enable_session_crypto=`echo $enable_session_crypto|sed 's/shared,*//'` + enable_optional_fn_export=`echo $enable_optional_fn_export|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES session_crypto" - if test "$session_mods_enable_crypto" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},session_crypto" + DSO_MODULES="$DSO_MODULES optional_fn_export" + if test "no" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},optional_fn_export" fi ;; esac - if test -z "$session_crypto_objects"; then - objects="mod_session_crypto.lo" + if test -z ""; then + objects="mod_optional_fn_export.lo" else - objects="$session_crypto_objects" + objects="" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_session_crypto.la" + libname="libmod_optional_fn_export.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_session_dbd... " >&6; } - # Check whether --enable-session-dbd was given. -if test "${enable_session_dbd+set}" = set; then : - enableval=$enable_session_dbd; force_session_dbd=$enableval + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_dialup" >&5 +$as_echo_n "checking whether to enable mod_dialup... " >&6; } + # Check whether --enable-dialup was given. +if test "${enable_dialup+set}" = set; then : + enableval=$enable_dialup; force_dialup=$enableval else - enable_session_dbd=$session_mods_enable + enable_dialup=maybe-all fi _apmod_extra_msg="" - case "$enable_session_dbd" in + case "$enable_dialup" in yes|static|shared) _apmod_required="yes" ;; @@ -24673,101 +25738,80 @@ fi ;; esac esac - if test "$enable_session_dbd" = "static"; then - enable_session_dbd=static - elif test "$enable_session_dbd" = "yes"; then - enable_session_dbd=$module_default - elif test "$enable_session_dbd" = "most"; then + if test "$enable_dialup" = "static"; then + enable_dialup=static + elif test "$enable_dialup" = "yes"; then + enable_dialup=$module_default + elif test "$enable_dialup" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_session_dbd=$module_default + enable_dialup=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_session_dbd=no + enable_dialup=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_session_dbd" = "maybe-all"; then + elif test "$enable_dialup" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_session_dbd=$module_default + enable_dialup=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_session_dbd=no + enable_dialup=no fi - elif test "$enable_session_dbd" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_session_dbd" != "no" ; then - enable_session_dbd=$module_default + elif test "$enable_dialup" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_dialup" != "no" ; then + enable_dialup=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_session_dbd" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 -$as_echo "checking dependencies" >&6; } - if test "$enable_session" = "no" ; then - enable_session_dbd=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"mod_session is disabled but required for mod_session_dbd\"" >&5 -$as_echo "$as_me: WARNING: \"mod_session is disabled but required for mod_session_dbd\"" >&2;} - elif test "$enable_session_dbd" = "static" && test "$enable_session" != "static" ; then - enable_session_dbd=no - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"cannot build mod_session_dbd statically if mod_session is built shared\"" >&5 -$as_echo "$as_me: WARNING: \"cannot build mod_session_dbd statically if mod_session is built shared\"" >&2;} - else + if test "$enable_dialup" != "no"; then : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_session_dbd" >&5 -$as_echo_n "checking whether to enable mod_session_dbd... " >&6; } - if test "$enable_session_dbd" = "no"; then - if test "$_apmod_required" = "no"; then - _apmod_extra_msg=" (disabled)" - else - as_fn_error $? "mod_session_dbd has been requested but can not be built due to prerequisite failures" "$LINENO" 5 - fi - fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_session_dbd$_apmod_extra_msg" >&5 -$as_echo "$enable_session_dbd$_apmod_extra_msg" >&6; } - if test "$enable_session_dbd" != "no"; then - case "$enable_session_dbd" in + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_dialup$_apmod_extra_msg" >&5 +$as_echo "$enable_dialup$_apmod_extra_msg" >&6; } + if test "$enable_dialup" != "no"; then + case "$enable_dialup" in static*) - MODLIST="$MODLIST session_dbd" - if test "session_dbd" = "so"; then + MODLIST="$MODLIST dialup" + if test "dialup" = "so"; then sharedobjs=yes fi shared="";; *) - enable_session_dbd=`echo $enable_session_dbd|sed 's/shared,*//'` + enable_dialup=`echo $enable_dialup|sed 's/shared,*//'` sharedobjs=yes shared=yes - DSO_MODULES="$DSO_MODULES session_dbd" - if test "$session_mods_enable" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},session_dbd" + DSO_MODULES="$DSO_MODULES dialup" + if test "" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},dialup" fi ;; esac - if test -z "$session_dbd_objects"; then - objects="mod_session_dbd.lo" + if test -z ""; then + objects="mod_dialup.lo" else - objects="$session_dbd_objects" + objects="" fi if test -z "$module_standalone"; then if test -z "$shared"; then # The filename of a convenience library must have a "lib" prefix: - libname="libmod_session_dbd.la" + libname="libmod_dialup.la" BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" modpath_static="$modpath_static $libname" cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 +$as_echo_n "checking for target platform... " >&6; } +case $host in +*pc-os2-emx*) + OS="os2" + OS_DIR=$OS + ;; +bs2000*) + OS="unix" + OS_DIR=$OS + ;; +*cygwin*) + OS="cygwin" + OS_DIR="unix" + ;; +*mingw32*) + OS="win32" + OS_DIR=$OS + ;; +*) + OS="unix" + OS_DIR=$OS;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $OS" >&5 +$as_echo "$OS" >&6; } + APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES os/${OS_DIR}/Makefile" - current_dir=slotmem - modpath_current=modules/slotmem - modpath_static= - modpath_shared= - for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do - eval MOD_$var= - done - test -d slotmem || $srcdir/build/mkdir.sh $modpath_current - > $modpath_current/modules.mk - - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_slotmem_shm" >&5 -$as_echo_n "checking whether to enable mod_slotmem_shm... " >&6; } - # Check whether --enable-slotmem-shm was given. -if test "${enable_slotmem_shm+set}" = set; then : - enableval=$enable_slotmem_shm; force_slotmem_shm=$enableval -else - enable_slotmem_shm=most -fi - - _apmod_extra_msg="" - case "$enable_slotmem_shm" in - yes|static|shared) - _apmod_required="yes" - ;; - *) - case "$module_selection" in - reallyall|all|most) - _apmod_required="no" - ;; - *) - _apmod_required="yes" - ;; - esac - esac - if test "$enable_slotmem_shm" = "static"; then - enable_slotmem_shm=static - elif test "$enable_slotmem_shm" = "yes"; then - enable_slotmem_shm=$module_default - elif test "$enable_slotmem_shm" = "most"; then - if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ - "$module_selection" = "reallyall" - then - enable_slotmem_shm=$module_default - elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_slotmem_shm=no - fi - _apmod_extra_msg=" ($module_selection)" - elif test "$enable_slotmem_shm" = "maybe-all"; then - if test "$module_selection" = "all" -o "$module_selection" = "reallyall" - then - enable_slotmem_shm=$module_default - _apmod_extra_msg=" ($module_selection)" - else - enable_slotmem_shm=no - fi - elif test "$enable_slotmem_shm" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_slotmem_shm" != "no" ; then - enable_slotmem_shm=$module_default - _apmod_extra_msg=" ($module_selection)" - fi - if test "$enable_slotmem_shm" != "no"; then - : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_slotmem_shm$_apmod_extra_msg" >&5 -$as_echo "$enable_slotmem_shm$_apmod_extra_msg" >&6; } - if test "$enable_slotmem_shm" != "no"; then - case "$enable_slotmem_shm" in - static*) - MODLIST="$MODLIST slotmem_shm" - if test "slotmem_shm" = "so"; then - sharedobjs=yes - fi - shared="";; - *) - enable_slotmem_shm=`echo $enable_slotmem_shm|sed 's/shared,*//'` - sharedobjs=yes - shared=yes - DSO_MODULES="$DSO_MODULES slotmem_shm" - if test "most" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},slotmem_shm" - fi - ;; - esac - - - if test -z ""; then - objects="mod_slotmem_shm.lo" - else - objects="" - fi - if test -z "$module_standalone"; then - if test -z "$shared"; then - # The filename of a convenience library must have a "lib" prefix: - libname="libmod_slotmem_shm.la" - BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" - modpath_static="$modpath_static $libname" - cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 +$as_echo_n "checking for rlim_t... " >&6; } +if ${ac_cv_type_rlim_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main () +{ +rlim_t spoon; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + ac_cv_type_rlim_t=yes + +else + ac_cv_type_rlim_t=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_rlim_t" >&5 +$as_echo "$ac_cv_type_rlim_t" >&6; } + if test "$ac_cv_type_rlim_t" = "no" ; then + +$as_echo "#define rlim_t int" >>confdefs.h + fi - APACHE_VAR_SUBST="$APACHE_VAR_SUBST MOD_SLOTMEM_SHM_LDADD" + for ac_header in sys/time.h sys/resource.h sys/sem.h sys/ipc.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + for ac_func in setsid killpg +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +fi + + + +for ac_header in bstring.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done - fi +for ac_func in syslog +do : + ac_fn_c_check_func "$LINENO" "syslog" "ac_cv_func_syslog" +if test "x$ac_cv_func_syslog" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SYSLOG 1 +_ACEOF - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_slotmem_plain" >&5 -$as_echo_n "checking whether to enable mod_slotmem_plain... " >&6; } - # Check whether --enable-slotmem-plain was given. -if test "${enable_slotmem_plain+set}" = set; then : - enableval=$enable_slotmem_plain; force_slotmem_plain=$enableval -else - enable_slotmem_plain=maybe-all fi +done - _apmod_extra_msg="" - case "$enable_slotmem_plain" in - yes|static|shared) - _apmod_required="yes" - ;; - *) - case "$module_selection" in - reallyall|all|most) - _apmod_required="no" - ;; - *) - _apmod_required="yes" - ;; - esac - esac - if test "$enable_slotmem_plain" = "static"; then - enable_slotmem_plain=static - elif test "$enable_slotmem_plain" = "yes"; then - enable_slotmem_plain=$module_default - elif test "$enable_slotmem_plain" = "most"; then - if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ - "$module_selection" = "reallyall" - then - enable_slotmem_plain=$module_default - elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_slotmem_plain=no - fi - _apmod_extra_msg=" ($module_selection)" - elif test "$enable_slotmem_plain" = "maybe-all"; then - if test "$module_selection" = "all" -o "$module_selection" = "reallyall" - then - enable_slotmem_plain=$module_default - _apmod_extra_msg=" ($module_selection)" - else - enable_slotmem_plain=no - fi - elif test "$enable_slotmem_plain" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_slotmem_plain" != "no" ; then - enable_slotmem_plain=$module_default - _apmod_extra_msg=" ($module_selection)" - fi - if test "$enable_slotmem_plain" != "no"; then - : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_slotmem_plain$_apmod_extra_msg" >&5 -$as_echo "$enable_slotmem_plain$_apmod_extra_msg" >&6; } - if test "$enable_slotmem_plain" != "no"; then - case "$enable_slotmem_plain" in - static*) - MODLIST="$MODLIST slotmem_plain" - if test "slotmem_plain" = "so"; then - sharedobjs=yes - fi - shared="";; - *) - enable_slotmem_plain=`echo $enable_slotmem_plain|sed 's/shared,*//'` - sharedobjs=yes - shared=yes - DSO_MODULES="$DSO_MODULES slotmem_plain" - if test "" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},slotmem_plain" - fi - ;; - esac + for ac_header in sys/times.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "sys/times.h" "ac_cv_header_sys_times_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_times_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SYS_TIMES_H 1 +_ACEOF - if test -z ""; then - objects="mod_slotmem_plain.lo" - else - objects="" - fi +fi - if test -z "$module_standalone"; then - if test -z "$shared"; then - # The filename of a convenience library must have a "lib" prefix: - libname="libmod_slotmem_plain.la" - BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" - modpath_static="$modpath_static $libname" - cat >>$modpath_current/modules.mk<>confdefs.h <<_ACEOF +#define HAVE_TIMES 1 +_ACEOF + +fi +done + + +# util_expr needs header files in server source dir + + if test "x$INCLUDES" = "x"; then + test "x$silent" != "xyes" && echo " setting INCLUDES to \"-I\$(top_srcdir)/server\"" + INCLUDES="-I\$(top_srcdir)/server" else - apr_addto_bugger="\$(MOD_SLOTMEM_PLAIN_LDADD)" + apr_addto_bugger="-I\$(top_srcdir)/server" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $AP_LIBS; do + for j in $INCLUDES; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to AP_LIBS" - AP_LIBS="$AP_LIBS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to INCLUDES" + INCLUDES="$INCLUDES $i" fi done fi - fi - else - apache_need_shared=yes - libname="mod_slotmem_plain.la" - shobjects=`echo $objects | sed 's/\.lo/.slo/g'` - modpath_shared="$modpath_shared $libname" - cat >>$modpath_current/modules.mk<conftest.$ac_ext +/* end confdefs.h. */ - fi +#include +#if APR_HAS_THREADS +YES_IS_DEFINED +#endif +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "YES_IS_DEFINED" >/dev/null 2>&1; then : + ac_cv_define_APR_HAS_THREADS=yes +else + ac_cv_define_APR_HAS_THREADS=no +fi +rm -f conftest* +CPPFLAGS=$apr_old_cppflags - echo "DISTCLEAN_TARGETS = modules.mk" >> $modpath_current/modules.mk - echo "static = $modpath_static" >> $modpath_current/modules.mk - echo "shared = $modpath_shared" >> $modpath_current/modules.mk - for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do - if eval val=\"\$MOD_$var\"; test -n "$val"; then - echo "MOD_$var = $val" >> $modpath_current/modules.mk - fi - done - if test ! -z "$modpath_static" -o ! -z "$modpath_shared"; then - MODULE_DIRS="$MODULE_DIRS $current_dir" - else - MODULE_CLEANDIRS="$MODULE_CLEANDIRS $current_dir" - fi - APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $modpath_current/Makefile" +have_threaded_sig_graceful=yes +case $host in + *-linux-*) + case `uname -r` in + 2.0* ) + have_threaded_sig_graceful=no + ;; + esac + ;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether APR supports thread-safe pollsets" >&5 +$as_echo_n "checking whether APR supports thread-safe pollsets... " >&6; } +if ${ac_cv_have_threadsafe_pollset+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $host in + *-apple-darwin[1-9].*) + if test -z "$ac_cv_func_kqueue"; then + test "x$silent" != "xyes" && echo " setting ac_cv_func_kqueue to \"no\"" + ac_cv_func_kqueue="no" + fi - current_dir=ssl - modpath_current=modules/ssl - modpath_static= - modpath_shared= - for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do - eval MOD_$var= - done - test -d ssl || $srcdir/build/mkdir.sh $modpath_current - > $modpath_current/modules.mk + ;; + esac + for ac_func in kqueue port_create epoll_create +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF +fi +done -ssl_objs="mod_ssl.lo ssl_engine_config.lo ssl_engine_init.lo ssl_engine_io.lo ssl_engine_kernel.lo ssl_engine_log.lo ssl_engine_mutex.lo ssl_engine_pphrase.lo ssl_engine_rand.lo ssl_engine_vars.lo ssl_scache.lo ssl_util_stapling.lo ssl_util.lo ssl_util_ssl.lo ssl_engine_ocsp.lo ssl_util_ocsp.lo " + if test "$ac_cv_func_kqueue$ac_cv_func_port_create$ac_cv_func_epoll_create" != "nonono"; then + ac_cv_have_threadsafe_pollset=yes + else + ac_cv_have_threadsafe_pollset=no + fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_ssl" >&5 -$as_echo_n "checking whether to enable mod_ssl... " >&6; } - # Check whether --enable-ssl was given. -if test "${enable_ssl+set}" = set; then : - enableval=$enable_ssl; force_ssl=$enableval -else - enable_ssl=most fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_threadsafe_pollset" >&5 +$as_echo "$ac_cv_have_threadsafe_pollset" >&6; } - _apmod_extra_msg="" - case "$enable_ssl" in - yes|static|shared) - _apmod_required="yes" - ;; +case $APR_VERSION in + 1.4*) + apr_has_skiplist=no + ;; *) - case "$module_selection" in - reallyall|all|most) - _apmod_required="no" + apr_has_skiplist=yes +esac + +case $host in + *mingw32* | *os2-emx*) + forking_mpms_supported=no ;; - *) - _apmod_required="yes" + *) + forking_mpms_supported=yes ;; - esac - esac - if test "$enable_ssl" = "static"; then - enable_ssl=static - elif test "$enable_ssl" = "yes"; then - enable_ssl=$module_default - elif test "$enable_ssl" = "most"; then - if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ - "$module_selection" = "reallyall" - then - enable_ssl=$module_default - elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_ssl=no +esac + + + +ap_mpm_is_supported () +{ + eval "tmp=\$ap_supported_mpm_$1" + if test -z "$tmp"; then + return 1 + else + return 0 fi - _apmod_extra_msg=" ($module_selection)" - elif test "$enable_ssl" = "maybe-all"; then - if test "$module_selection" = "all" -o "$module_selection" = "reallyall" - then - enable_ssl=$module_default - _apmod_extra_msg=" ($module_selection)" +} + +ap_mpm_supports_shared () +{ + eval "tmp=\$ap_supported_mpm_$1" + if test "$tmp" = "shared"; then + return 0 else - enable_ssl=no + return 1 fi - elif test "$enable_ssl" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_ssl" != "no" ; then - enable_ssl=$module_default - _apmod_extra_msg=" ($module_selection)" - fi - if test "$enable_ssl" != "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 -$as_echo "checking dependencies" >&6; } - : +} +ap_mpm_is_threaded () +{ + if test "$mpm_build" = "shared" -a ac_cv_define_APR_HAS_THREADS = "yes"; then + return 0 + fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL" >&5 -$as_echo_n "checking for OpenSSL... " >&6; } -if ${ac_cv_openssl+:} false; then : - $as_echo_n "(cached) " >&6 -else + for mpm in $ap_enabled_mpms; do + eval "tmp=\$ap_threaded_mpm_$mpm" + if test "$tmp" = "yes"; then + return 0 + fi + done + return 1 +} - ac_cv_openssl=no - ap_openssl_found="" - ap_openssl_base="" - ap_openssl_libs="" +ap_mpm_is_enabled () +{ + eval "tmp=\$ap_enabled_mpm_$1" + if test "$tmp" = "yes"; then + return 0 + else + return 1 + fi +} - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for user-provided OpenSSL base directory" >&5 -$as_echo_n "checking for user-provided OpenSSL base directory... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if event MPM supports this platform" >&5 +$as_echo_n "checking if event MPM supports this platform... " >&6; } +if test $forking_mpms_supported != yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - This is not a forking platform" >&5 +$as_echo "no - This is not a forking platform" >&6; } +elif test $ac_cv_define_APR_HAS_THREADS != yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - APR does not support threads" >&5 +$as_echo "no - APR does not support threads" >&6; } +elif test $have_threaded_sig_graceful != yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - SIG_GRACEFUL cannot be used with a threaded MPM" >&5 +$as_echo "no - SIG_GRACEFUL cannot be used with a threaded MPM" >&6; } +elif test $ac_cv_have_threadsafe_pollset != yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - APR_POLLSET_THREADSAFE is not supported" >&5 +$as_echo "no - APR_POLLSET_THREADSAFE is not supported" >&6; } +elif test $apr_has_skiplist != yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - APR skiplist is not available" >&5 +$as_echo "no - APR skiplist is not available" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } -# Check whether --with-ssl was given. -if test "${with_ssl+set}" = set; then : - withval=$with_ssl; - if test "x$withval" != "xyes" -a "x$withval" != "x"; then - ap_openssl_base="`cd $withval ; pwd`" - fi + if test "yes" = "yes"; then + eval "ap_supported_mpm_event=shared" + ap_supported_shared_mpms="$ap_supported_shared_mpms event " + else + eval "ap_supported_mpm_event=static" + fi + if test "yes" = "yes"; then + eval "ap_threaded_mpm_event=yes" + fi fi - if test "x$ap_openssl_base" = "x"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 -$as_echo "none" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if mpmt_os2 MPM supports this platform" >&5 +$as_echo_n "checking if mpmt_os2 MPM supports this platform... " >&6; } +case $host in + *os2-emx*) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + if test "no" = "yes"; then + eval "ap_supported_mpm_mpmt_os2=shared" + ap_supported_shared_mpms="$ap_supported_shared_mpms mpmt_os2 " else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ap_openssl_base" >&5 -$as_echo "$ap_openssl_base" >&6; } + eval "ap_supported_mpm_mpmt_os2=static" + fi + if test "yes" = "yes"; then + eval "ap_threaded_mpm_mpmt_os2=yes" fi - saved_CPPFLAGS="$CPPFLAGS" - saved_LIBS="$LIBS" - saved_LDFLAGS="$LDFLAGS" + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; +esac - if test -n "$PKGCONFIG"; then - saved_PKG_CONFIG_PATH="$PKG_CONFIG_PATH" - if test "x$ap_openssl_base" != "x" -a \ - -f "${ap_openssl_base}/lib/pkgconfig/openssl.pc"; then - PKG_CONFIG_PATH="${ap_openssl_base}/lib/pkgconfig${PKG_CONFIG_PATH+:}${PKG_CONFIG_PATH}" - export PKG_CONFIG_PATH - fi - # Check whether --enable-ssl-staticlib-deps was given. -if test "${enable_ssl_staticlib_deps+set}" = set; then : - enableval=$enable_ssl_staticlib_deps; - if test "$enableval" = "yes"; then - PKGCONFIG_LIBOPTS="--static" - fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if prefork MPM supports this platform" >&5 +$as_echo_n "checking if prefork MPM supports this platform... " >&6; } +if test $forking_mpms_supported != yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - This is not a forking platform" >&5 +$as_echo "no - This is not a forking platform" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } -fi + if test "yes" = "yes"; then + eval "ap_supported_mpm_prefork=shared" + ap_supported_shared_mpms="$ap_supported_shared_mpms prefork " + else + eval "ap_supported_mpm_prefork=static" + fi + if test "no" = "yes"; then + eval "ap_threaded_mpm_prefork=yes" + fi - ap_openssl_libs="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-l --silence-errors openssl`" - if test $? -eq 0; then - ap_openssl_found="yes" - pkglookup="`$PKGCONFIG --cflags-only-I openssl`" +fi - if test "x$CPPFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting CPPFLAGS to \"$pkglookup\"" - CPPFLAGS="$pkglookup" - else - apr_addto_bugger="$pkglookup" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $CPPFLAGS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to CPPFLAGS" - CPPFLAGS="$CPPFLAGS $i" - fi - done - fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if WinNT MPM supports this platform" >&5 +$as_echo_n "checking if WinNT MPM supports this platform... " >&6; } +case $host in + *mingw32*) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + if test "no" = "yes"; then + eval "ap_supported_mpm_winnt=shared" + ap_supported_shared_mpms="$ap_supported_shared_mpms winnt " + else + eval "ap_supported_mpm_winnt=static" + fi + if test "yes" = "yes"; then + eval "ap_threaded_mpm_winnt=yes" + fi - if test "x$MOD_CFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_CFLAGS to \"$pkglookup\"" - MOD_CFLAGS="$pkglookup" - else - apr_addto_bugger="$pkglookup" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $MOD_CFLAGS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_CFLAGS" - MOD_CFLAGS="$MOD_CFLAGS $i" - fi - done - fi + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if worker MPM supports this platform" >&5 +$as_echo_n "checking if worker MPM supports this platform... " >&6; } +if test $forking_mpms_supported != yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - This is not a forking platform" >&5 +$as_echo "no - This is not a forking platform" >&6; } +elif test $ac_cv_define_APR_HAS_THREADS != yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - APR does not support threads" >&5 +$as_echo "no - APR does not support threads" >&6; } +elif test $have_threaded_sig_graceful != yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - SIG_GRACEFUL cannot be used with a threaded MPM" >&5 +$as_echo "no - SIG_GRACEFUL cannot be used with a threaded MPM" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } - if test "x$ab_CFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting ab_CFLAGS to \"$pkglookup\"" - ab_CFLAGS="$pkglookup" - else - apr_addto_bugger="$pkglookup" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $ab_CFLAGS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to ab_CFLAGS" - ab_CFLAGS="$ab_CFLAGS $i" - fi - done - fi + if test "yes" = "yes"; then + eval "ap_supported_mpm_worker=shared" + ap_supported_shared_mpms="$ap_supported_shared_mpms worker " + else + eval "ap_supported_mpm_worker=static" + fi + if test "yes" = "yes"; then + eval "ap_threaded_mpm_worker=yes" + fi - pkglookup="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-L openssl`" +fi - if test "x$LDFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting LDFLAGS to \"$pkglookup\"" - LDFLAGS="$pkglookup" - else - apr_addto_bugger="$pkglookup" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $LDFLAGS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to LDFLAGS" - LDFLAGS="$LDFLAGS $i" - fi - done - fi +htpasswd_LTFLAGS="" +htdigest_LTFLAGS="" +rotatelogs_LTFLAGS="" +logresolve_LTFLAGS="" +htdbm_LTFLAGS="" +ab_LTFLAGS="" +checkgid_LTFLAGS="" +htcacheclean_LTFLAGS="" +httxt2dbm_LTFLAGS="" +fcgistarter_LTFLAGS="" +# Check whether --enable-static-support was given. +if test "${enable_static_support+set}" = set; then : + enableval=$enable_static_support; +if test "$enableval" = "yes" ; then - if test "x$MOD_LDFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$pkglookup\"" - MOD_LDFLAGS="$pkglookup" + if test "x$htpasswd_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting htpasswd_LTFLAGS to \"-static\"" + htpasswd_LTFLAGS="-static" else - apr_addto_bugger="$pkglookup" + apr_addto_bugger="-static" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $MOD_LDFLAGS; do + for j in $htpasswd_LTFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" - MOD_LDFLAGS="$MOD_LDFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to htpasswd_LTFLAGS" + htpasswd_LTFLAGS="$htpasswd_LTFLAGS $i" fi done fi - pkglookup="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-other openssl`" - if test "x$LDFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting LDFLAGS to \"$pkglookup\"" - LDFLAGS="$pkglookup" + if test "x$htdigest_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting htdigest_LTFLAGS to \"-static\"" + htdigest_LTFLAGS="-static" else - apr_addto_bugger="$pkglookup" + apr_addto_bugger="-static" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $LDFLAGS; do + for j in $htdigest_LTFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to LDFLAGS" - LDFLAGS="$LDFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to htdigest_LTFLAGS" + htdigest_LTFLAGS="$htdigest_LTFLAGS $i" fi done fi - if test "x$MOD_LDFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$pkglookup\"" - MOD_LDFLAGS="$pkglookup" + if test "x$rotatelogs_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting rotatelogs_LTFLAGS to \"-static\"" + rotatelogs_LTFLAGS="-static" else - apr_addto_bugger="$pkglookup" + apr_addto_bugger="-static" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $MOD_LDFLAGS; do + for j in $rotatelogs_LTFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" - MOD_LDFLAGS="$MOD_LDFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to rotatelogs_LTFLAGS" + rotatelogs_LTFLAGS="$rotatelogs_LTFLAGS $i" fi done fi - fi - PKG_CONFIG_PATH="$saved_PKG_CONFIG_PATH" - fi - - if test "x$ap_openssl_base" != "x" -a "x$ap_openssl_found" = "x"; then - if test "x$CPPFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting CPPFLAGS to \"-I$ap_openssl_base/include\"" - CPPFLAGS="-I$ap_openssl_base/include" + if test "x$logresolve_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting logresolve_LTFLAGS to \"-static\"" + logresolve_LTFLAGS="-static" else - apr_addto_bugger="-I$ap_openssl_base/include" + apr_addto_bugger="-static" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $CPPFLAGS; do + for j in $logresolve_LTFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to CPPFLAGS" - CPPFLAGS="$CPPFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to logresolve_LTFLAGS" + logresolve_LTFLAGS="$logresolve_LTFLAGS $i" fi done fi - if test "x$MOD_CFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_CFLAGS to \"-I$ap_openssl_base/include\"" - MOD_CFLAGS="-I$ap_openssl_base/include" + if test "x$htdbm_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting htdbm_LTFLAGS to \"-static\"" + htdbm_LTFLAGS="-static" else - apr_addto_bugger="-I$ap_openssl_base/include" + apr_addto_bugger="-static" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $MOD_CFLAGS; do + for j in $htdbm_LTFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_CFLAGS" - MOD_CFLAGS="$MOD_CFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to htdbm_LTFLAGS" + htdbm_LTFLAGS="$htdbm_LTFLAGS $i" fi done fi - if test "x$ab_CFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting ab_CFLAGS to \"-I$ap_openssl_base/include\"" - ab_CFLAGS="-I$ap_openssl_base/include" + if test "x$ab_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting ab_LTFLAGS to \"-static\"" + ab_LTFLAGS="-static" else - apr_addto_bugger="-I$ap_openssl_base/include" + apr_addto_bugger="-static" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $ab_CFLAGS; do + for j in $ab_LTFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to ab_CFLAGS" - ab_CFLAGS="$ab_CFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to ab_LTFLAGS" + ab_LTFLAGS="$ab_LTFLAGS $i" fi done fi - if test "x$LDFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting LDFLAGS to \"-L$ap_openssl_base/lib\"" - LDFLAGS="-L$ap_openssl_base/lib" + if test "x$checkgid_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting checkgid_LTFLAGS to \"-static\"" + checkgid_LTFLAGS="-static" else - apr_addto_bugger="-L$ap_openssl_base/lib" + apr_addto_bugger="-static" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $LDFLAGS; do + for j in $checkgid_LTFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to LDFLAGS" - LDFLAGS="$LDFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to checkgid_LTFLAGS" + checkgid_LTFLAGS="$checkgid_LTFLAGS $i" fi done fi - if test "x$MOD_LDFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"-L$ap_openssl_base/lib\"" - MOD_LDFLAGS="-L$ap_openssl_base/lib" + if test "x$htcacheclean_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting htcacheclean_LTFLAGS to \"-static\"" + htcacheclean_LTFLAGS="-static" else - apr_addto_bugger="-L$ap_openssl_base/lib" + apr_addto_bugger="-static" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $MOD_LDFLAGS; do + for j in $htcacheclean_LTFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" - MOD_LDFLAGS="$MOD_LDFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to htcacheclean_LTFLAGS" + htcacheclean_LTFLAGS="$htcacheclean_LTFLAGS $i" fi done fi - if test "x$ap_platform_runtime_link_flag" != "x"; then - if test "x$LDFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting LDFLAGS to \"$ap_platform_runtime_link_flag$ap_openssl_base/lib\"" - LDFLAGS="$ap_platform_runtime_link_flag$ap_openssl_base/lib" + if test "x$httxt2dbm_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting httxt2dbm_LTFLAGS to \"-static\"" + httxt2dbm_LTFLAGS="-static" else - apr_addto_bugger="$ap_platform_runtime_link_flag$ap_openssl_base/lib" + apr_addto_bugger="-static" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $LDFLAGS; do + for j in $httxt2dbm_LTFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to LDFLAGS" - LDFLAGS="$LDFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to httxt2dbm_LTFLAGS" + httxt2dbm_LTFLAGS="$httxt2dbm_LTFLAGS $i" fi done fi - if test "x$MOD_LDFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$ap_platform_runtime_link_flag$ap_openssl_base/lib\"" - MOD_LDFLAGS="$ap_platform_runtime_link_flag$ap_openssl_base/lib" + if test "x$fcgistarter_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting fcgistarter_LTFLAGS to \"-static\"" + fcgistarter_LTFLAGS="-static" else - apr_addto_bugger="$ap_platform_runtime_link_flag$ap_openssl_base/lib" + apr_addto_bugger="-static" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $MOD_LDFLAGS; do + for j in $fcgistarter_LTFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" - MOD_LDFLAGS="$MOD_LDFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to fcgistarter_LTFLAGS" + fcgistarter_LTFLAGS="$fcgistarter_LTFLAGS $i" fi done fi - fi - fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL version >= 0.9.8a" >&5 -$as_echo_n "checking for OpenSSL version >= 0.9.8a... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ +fi -#if !defined(OPENSSL_VERSION_NUMBER) -#error "Missing OpenSSL version" -#endif -#if OPENSSL_VERSION_NUMBER < 0x0090801f -#error "Unsupported OpenSSL version " OPENSSL_VERSION_TEXT -#endif - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: OK" >&5 -$as_echo "OK" >&6; } - ac_cv_openssl=yes -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: FAILED" >&5 -$as_echo "FAILED" >&6; } fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - if test "x$ac_cv_openssl" = "xyes"; then - ap_openssl_libs="${ap_openssl_libs:--lssl -lcrypto} `$apr_config --libs`" - if test "x$MOD_LDFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$ap_openssl_libs\"" - MOD_LDFLAGS="$ap_openssl_libs" +# Check whether --enable-static-htpasswd was given. +if test "${enable_static_htpasswd+set}" = set; then : + enableval=$enable_static_htpasswd; +if test "$enableval" = "yes" ; then + + if test "x$htpasswd_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting htpasswd_LTFLAGS to \"-static\"" + htpasswd_LTFLAGS="-static" else - apr_addto_bugger="$ap_openssl_libs" + apr_addto_bugger="-static" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $MOD_LDFLAGS; do + for j in $htpasswd_LTFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" - MOD_LDFLAGS="$MOD_LDFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to htpasswd_LTFLAGS" + htpasswd_LTFLAGS="$htpasswd_LTFLAGS $i" fi done fi +else - if test "x$LIBS" = "x"; then - test "x$silent" != "xyes" && echo " setting LIBS to \"$ap_openssl_libs\"" - LIBS="$ap_openssl_libs" + if test "x$htpasswd_LTFLAGS" = "x-static"; then + test "x$silent" != "xyes" && echo " nulling htpasswd_LTFLAGS" + htpasswd_LTFLAGS="" else - apr_addto_bugger="$ap_openssl_libs" + apr_new_bugger="" + apr_removed=0 + for i in $htpasswd_LTFLAGS; do + if test "x$i" != "x-static"; then + apr_new_bugger="$apr_new_bugger $i" + else + apr_removed=1 + fi + done + if test $apr_removed = "1"; then + test "x$silent" != "xyes" && echo " removed \"-static\" from htpasswd_LTFLAGS" + htpasswd_LTFLAGS=$apr_new_bugger + fi + fi + +fi + +fi + + + APACHE_VAR_SUBST="$APACHE_VAR_SUBST htpasswd_LTFLAGS" + + + +# Check whether --enable-static-htdigest was given. +if test "${enable_static_htdigest+set}" = set; then : + enableval=$enable_static_htdigest; +if test "$enableval" = "yes" ; then + + if test "x$htdigest_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting htdigest_LTFLAGS to \"-static\"" + htdigest_LTFLAGS="-static" + else + apr_addto_bugger="-static" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $LIBS; do + for j in $htdigest_LTFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to LIBS" - LIBS="$LIBS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to htdigest_LTFLAGS" + htdigest_LTFLAGS="$htdigest_LTFLAGS $i" fi done fi +else - test "x$silent" != "xyes" && echo " forcing ab_LDFLAGS to \"$MOD_LDFLAGS\"" - ab_LDFLAGS="$MOD_LDFLAGS" - - - APACHE_VAR_SUBST="$APACHE_VAR_SUBST ab_CFLAGS" - + if test "x$htdigest_LTFLAGS" = "x-static"; then + test "x$silent" != "xyes" && echo " nulling htdigest_LTFLAGS" + htdigest_LTFLAGS="" + else + apr_new_bugger="" + apr_removed=0 + for i in $htdigest_LTFLAGS; do + if test "x$i" != "x-static"; then + apr_new_bugger="$apr_new_bugger $i" + else + apr_removed=1 + fi + done + if test $apr_removed = "1"; then + test "x$silent" != "xyes" && echo " removed \"-static\" from htdigest_LTFLAGS" + htdigest_LTFLAGS=$apr_new_bugger + fi + fi +fi - APACHE_VAR_SUBST="$APACHE_VAR_SUBST ab_LDFLAGS" +fi + APACHE_VAR_SUBST="$APACHE_VAR_SUBST htdigest_LTFLAGS" - liberrors="" - for ac_header in openssl/engine.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "openssl/engine.h" "ac_cv_header_openssl_engine_h" "$ac_includes_default" -if test "x$ac_cv_header_openssl_engine_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_ENGINE_H 1 -_ACEOF -fi -done +# Check whether --enable-static-rotatelogs was given. +if test "${enable_static_rotatelogs+set}" = set; then : + enableval=$enable_static_rotatelogs; +if test "$enableval" = "yes" ; then - for ac_func in SSLeay_version SSL_CTX_new -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF + if test "x$rotatelogs_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting rotatelogs_LTFLAGS to \"-static\"" + rotatelogs_LTFLAGS="-static" + else + apr_addto_bugger="-static" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $rotatelogs_LTFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to rotatelogs_LTFLAGS" + rotatelogs_LTFLAGS="$rotatelogs_LTFLAGS $i" + fi + done + fi else - liberrors="yes" -fi -done - - for ac_func in ENGINE_init ENGINE_load_builtin_engines RAND_egd -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - if test "x$liberrors" != "x"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL libraries are unusable" >&5 -$as_echo "$as_me: WARNING: OpenSSL libraries are unusable" >&2;} + if test "x$rotatelogs_LTFLAGS" = "x-static"; then + test "x$silent" != "xyes" && echo " nulling rotatelogs_LTFLAGS" + rotatelogs_LTFLAGS="" + else + apr_new_bugger="" + apr_removed=0 + for i in $rotatelogs_LTFLAGS; do + if test "x$i" != "x-static"; then + apr_new_bugger="$apr_new_bugger $i" + else + apr_removed=1 fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL version is too old" >&5 -$as_echo "$as_me: WARNING: OpenSSL version is too old" >&2;} + done + if test $apr_removed = "1"; then + test "x$silent" != "xyes" && echo " removed \"-static\" from rotatelogs_LTFLAGS" + rotatelogs_LTFLAGS=$apr_new_bugger fi + fi - CPPFLAGS="$saved_CPPFLAGS" - LIBS="$saved_LIBS" - LDFLAGS="$saved_LDFLAGS" +fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_openssl" >&5 -$as_echo "$ac_cv_openssl" >&6; } - if test "x$ac_cv_openssl" = "xyes"; then -$as_echo "#define HAVE_OPENSSL 1" >>confdefs.h - fi + APACHE_VAR_SUBST="$APACHE_VAR_SUBST rotatelogs_LTFLAGS" - if test "$ac_cv_openssl" = "yes" ; then - if test "x$enable_ssl" = "xshared"; then - # The only symbol which needs to be exported is the module - # structure, so ask libtool to hide everything else: - if test "x$MOD_SSL_LDADD" = "x"; then - test "x$silent" != "xyes" && echo " setting MOD_SSL_LDADD to \"-export-symbols-regex ssl_module\"" - MOD_SSL_LDADD="-export-symbols-regex ssl_module" + +# Check whether --enable-static-logresolve was given. +if test "${enable_static_logresolve+set}" = set; then : + enableval=$enable_static_logresolve; +if test "$enableval" = "yes" ; then + + if test "x$logresolve_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting logresolve_LTFLAGS to \"-static\"" + logresolve_LTFLAGS="-static" else - apr_addto_bugger="-export-symbols-regex ssl_module" + apr_addto_bugger="-static" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $MOD_SSL_LDADD; do + for j in $logresolve_LTFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_SSL_LDADD" - MOD_SSL_LDADD="$MOD_SSL_LDADD $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to logresolve_LTFLAGS" + logresolve_LTFLAGS="$logresolve_LTFLAGS $i" fi done fi - fi - else - enable_ssl=no - fi +else - : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_ssl" >&5 -$as_echo_n "checking whether to enable mod_ssl... " >&6; } - if test "$enable_ssl" = "no"; then - if test "$_apmod_required" = "no"; then - _apmod_extra_msg=" (disabled)" - else - as_fn_error $? "mod_ssl has been requested but can not be built due to prerequisite failures" "$LINENO" 5 - fi - fi - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_ssl$_apmod_extra_msg" >&5 -$as_echo "$enable_ssl$_apmod_extra_msg" >&6; } - if test "$enable_ssl" != "no"; then - case "$enable_ssl" in - static*) - MODLIST="$MODLIST ssl" - if test "ssl" = "so"; then - sharedobjs=yes - fi - shared="";; - *) - enable_ssl=`echo $enable_ssl|sed 's/shared,*//'` - sharedobjs=yes - shared=yes - DSO_MODULES="$DSO_MODULES ssl" - if test "most" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},ssl" + if test "x$logresolve_LTFLAGS" = "x-static"; then + test "x$silent" != "xyes" && echo " nulling logresolve_LTFLAGS" + logresolve_LTFLAGS="" + else + apr_new_bugger="" + apr_removed=0 + for i in $logresolve_LTFLAGS; do + if test "x$i" != "x-static"; then + apr_new_bugger="$apr_new_bugger $i" + else + apr_removed=1 fi - ;; - esac + done + if test $apr_removed = "1"; then + test "x$silent" != "xyes" && echo " removed \"-static\" from logresolve_LTFLAGS" + logresolve_LTFLAGS=$apr_new_bugger + fi + fi + +fi + +fi + + + APACHE_VAR_SUBST="$APACHE_VAR_SUBST logresolve_LTFLAGS" - if test -z "$ssl_objs"; then - objects="mod_ssl.lo" - else - objects="$ssl_objs" - fi - if test -z "$module_standalone"; then - if test -z "$shared"; then - # The filename of a convenience library must have a "lib" prefix: - libname="libmod_ssl.la" - BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" - modpath_static="$modpath_static $libname" - cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<> $modpath_current/modules.mk - echo "static = $modpath_static" >> $modpath_current/modules.mk - echo "shared = $modpath_shared" >> $modpath_current/modules.mk - for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do - if eval val=\"\$MOD_$var\"; test -n "$val"; then - echo "MOD_$var = $val" >> $modpath_current/modules.mk - fi - done - if test ! -z "$modpath_static" -o ! -z "$modpath_shared"; then - MODULE_DIRS="$MODULE_DIRS $current_dir" + if test "x$ab_LTFLAGS" = "x-static"; then + test "x$silent" != "xyes" && echo " nulling ab_LTFLAGS" + ab_LTFLAGS="" else - MODULE_CLEANDIRS="$MODULE_CLEANDIRS $current_dir" + apr_new_bugger="" + apr_removed=0 + for i in $ab_LTFLAGS; do + if test "x$i" != "x-static"; then + apr_new_bugger="$apr_new_bugger $i" + else + apr_removed=1 + fi + done + if test $apr_removed = "1"; then + test "x$silent" != "xyes" && echo " removed \"-static\" from ab_LTFLAGS" + ab_LTFLAGS=$apr_new_bugger + fi fi - APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $modpath_current/Makefile" - +fi +fi + APACHE_VAR_SUBST="$APACHE_VAR_SUBST ab_LTFLAGS" - current_dir=test - modpath_current=modules/test - modpath_static= - modpath_shared= - for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do - eval MOD_$var= - done - test -d test || $srcdir/build/mkdir.sh $modpath_current - > $modpath_current/modules.mk +# Check whether --enable-static-checkgid was given. +if test "${enable_static_checkgid+set}" = set; then : + enableval=$enable_static_checkgid; +if test "$enableval" = "yes" ; then + if test "x$checkgid_LTFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting checkgid_LTFLAGS to \"-static\"" + checkgid_LTFLAGS="-static" + else + apr_addto_bugger="-static" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $checkgid_LTFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to checkgid_LTFLAGS" + checkgid_LTFLAGS="$checkgid_LTFLAGS $i" + fi + done + fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_optional_hook_export" >&5 -$as_echo_n "checking whether to enable mod_optional_hook_export... " >&6; } - # Check whether --enable-optional-hook-export was given. -if test "${enable_optional_hook_export+set}" = set; then : - enableval=$enable_optional_hook_export; force_optional_hook_export=$enableval else - enable_optional_hook_export=no -fi - _apmod_extra_msg="" - case "$enable_optional_hook_export" in - yes|static|shared) - _apmod_required="yes" - ;; - *) - case "$module_selection" in - reallyall|all|most) - _apmod_required="no" - ;; - *) - _apmod_required="yes" - ;; - esac - esac - if test "$enable_optional_hook_export" = "static"; then - enable_optional_hook_export=static - elif test "$enable_optional_hook_export" = "yes"; then - enable_optional_hook_export=$module_default - elif test "$enable_optional_hook_export" = "most"; then - if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ - "$module_selection" = "reallyall" - then - enable_optional_hook_export=$module_default - elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_optional_hook_export=no - fi - _apmod_extra_msg=" ($module_selection)" - elif test "$enable_optional_hook_export" = "maybe-all"; then - if test "$module_selection" = "all" -o "$module_selection" = "reallyall" - then - enable_optional_hook_export=$module_default - _apmod_extra_msg=" ($module_selection)" - else - enable_optional_hook_export=no + if test "x$checkgid_LTFLAGS" = "x-static"; then + test "x$silent" != "xyes" && echo " nulling checkgid_LTFLAGS" + checkgid_LTFLAGS="" + else + apr_new_bugger="" + apr_removed=0 + for i in $checkgid_LTFLAGS; do + if test "x$i" != "x-static"; then + apr_new_bugger="$apr_new_bugger $i" + else + apr_removed=1 + fi + done + if test $apr_removed = "1"; then + test "x$silent" != "xyes" && echo " removed \"-static\" from checkgid_LTFLAGS" + checkgid_LTFLAGS=$apr_new_bugger fi - elif test "$enable_optional_hook_export" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_optional_hook_export" != "no" ; then - enable_optional_hook_export=$module_default - _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_optional_hook_export" != "no"; then - : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_optional_hook_export$_apmod_extra_msg" >&5 -$as_echo "$enable_optional_hook_export$_apmod_extra_msg" >&6; } - if test "$enable_optional_hook_export" != "no"; then - case "$enable_optional_hook_export" in - static*) - MODLIST="$MODLIST optional_hook_export" - if test "optional_hook_export" = "so"; then - sharedobjs=yes - fi - shared="";; - *) - enable_optional_hook_export=`echo $enable_optional_hook_export|sed 's/shared,*//'` - sharedobjs=yes - shared=yes - DSO_MODULES="$DSO_MODULES optional_hook_export" - if test "no" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},optional_hook_export" - fi - ;; - esac +fi - if test -z ""; then - objects="mod_optional_hook_export.lo" - else - objects="" - fi +fi + + + APACHE_VAR_SUBST="$APACHE_VAR_SUBST checkgid_LTFLAGS" - if test -z "$module_standalone"; then - if test -z "$shared"; then - # The filename of a convenience library must have a "lib" prefix: - libname="libmod_optional_hook_export.la" - BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" - modpath_static="$modpath_static $libname" - cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_optional_hook_import... " >&6; } - # Check whether --enable-optional-hook-import was given. -if test "${enable_optional_hook_import+set}" = set; then : - enableval=$enable_optional_hook_import; force_optional_hook_import=$enableval -else - enable_optional_hook_import=no fi - _apmod_extra_msg="" - case "$enable_optional_hook_import" in - yes|static|shared) - _apmod_required="yes" - ;; - *) - case "$module_selection" in - reallyall|all|most) - _apmod_required="no" - ;; - *) - _apmod_required="yes" - ;; - esac - esac - if test "$enable_optional_hook_import" = "static"; then - enable_optional_hook_import=static - elif test "$enable_optional_hook_import" = "yes"; then - enable_optional_hook_import=$module_default - elif test "$enable_optional_hook_import" = "most"; then - if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ - "$module_selection" = "reallyall" - then - enable_optional_hook_import=$module_default - elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_optional_hook_import=no - fi - _apmod_extra_msg=" ($module_selection)" - elif test "$enable_optional_hook_import" = "maybe-all"; then - if test "$module_selection" = "all" -o "$module_selection" = "reallyall" - then - enable_optional_hook_import=$module_default - _apmod_extra_msg=" ($module_selection)" - else - enable_optional_hook_import=no - fi - elif test "$enable_optional_hook_import" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_optional_hook_import" != "no" ; then - enable_optional_hook_import=$module_default - _apmod_extra_msg=" ($module_selection)" - fi - if test "$enable_optional_hook_import" != "no"; then - : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_optional_hook_import$_apmod_extra_msg" >&5 -$as_echo "$enable_optional_hook_import$_apmod_extra_msg" >&6; } - if test "$enable_optional_hook_import" != "no"; then - case "$enable_optional_hook_import" in - static*) - MODLIST="$MODLIST optional_hook_import" - if test "optional_hook_import" = "so"; then - sharedobjs=yes - fi - shared="";; - *) - enable_optional_hook_import=`echo $enable_optional_hook_import|sed 's/shared,*//'` - sharedobjs=yes - shared=yes - DSO_MODULES="$DSO_MODULES optional_hook_import" - if test "no" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},optional_hook_import" - fi - ;; - esac + APACHE_VAR_SUBST="$APACHE_VAR_SUBST htcacheclean_LTFLAGS" - if test -z ""; then - objects="mod_optional_hook_import.lo" - else - objects="" - fi - if test -z "$module_standalone"; then - if test -z "$shared"; then - # The filename of a convenience library must have a "lib" prefix: - libname="libmod_optional_hook_import.la" - BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" - modpath_static="$modpath_static $libname" - cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_optional_fn_import... " >&6; } - # Check whether --enable-optional-fn-import was given. -if test "${enable_optional_fn_import+set}" = set; then : - enableval=$enable_optional_fn_import; force_optional_fn_import=$enableval else - enable_optional_fn_import=no -fi - _apmod_extra_msg="" - case "$enable_optional_fn_import" in - yes|static|shared) - _apmod_required="yes" - ;; - *) - case "$module_selection" in - reallyall|all|most) - _apmod_required="no" - ;; - *) - _apmod_required="yes" - ;; - esac - esac - if test "$enable_optional_fn_import" = "static"; then - enable_optional_fn_import=static - elif test "$enable_optional_fn_import" = "yes"; then - enable_optional_fn_import=$module_default - elif test "$enable_optional_fn_import" = "most"; then - if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ - "$module_selection" = "reallyall" - then - enable_optional_fn_import=$module_default - elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_optional_fn_import=no - fi - _apmod_extra_msg=" ($module_selection)" - elif test "$enable_optional_fn_import" = "maybe-all"; then - if test "$module_selection" = "all" -o "$module_selection" = "reallyall" - then - enable_optional_fn_import=$module_default - _apmod_extra_msg=" ($module_selection)" - else - enable_optional_fn_import=no - fi - elif test "$enable_optional_fn_import" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_optional_fn_import" != "no" ; then - enable_optional_fn_import=$module_default - _apmod_extra_msg=" ($module_selection)" - fi - if test "$enable_optional_fn_import" != "no"; then - : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_optional_fn_import$_apmod_extra_msg" >&5 -$as_echo "$enable_optional_fn_import$_apmod_extra_msg" >&6; } - if test "$enable_optional_fn_import" != "no"; then - case "$enable_optional_fn_import" in - static*) - MODLIST="$MODLIST optional_fn_import" - if test "optional_fn_import" = "so"; then - sharedobjs=yes - fi - shared="";; - *) - enable_optional_fn_import=`echo $enable_optional_fn_import|sed 's/shared,*//'` - sharedobjs=yes - shared=yes - DSO_MODULES="$DSO_MODULES optional_fn_import" - if test "no" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},optional_fn_import" + if test "x$httxt2dbm" = "x-static"; then + test "x$silent" != "xyes" && echo " nulling httxt2dbm" + httxt2dbm="" + else + apr_new_bugger="" + apr_removed=0 + for i in $httxt2dbm; do + if test "x$i" != "x-static"; then + apr_new_bugger="$apr_new_bugger $i" + else + apr_removed=1 fi - ;; - esac + done + if test $apr_removed = "1"; then + test "x$silent" != "xyes" && echo " removed \"-static\" from httxt2dbm" + httxt2dbm=$apr_new_bugger + fi + fi +fi - if test -z ""; then - objects="mod_optional_fn_import.lo" - else - objects="" - fi +fi - if test -z "$module_standalone"; then - if test -z "$shared"; then - # The filename of a convenience library must have a "lib" prefix: - libname="libmod_optional_fn_import.la" - BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" - modpath_static="$modpath_static $libname" - cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_optional_fn_export... " >&6; } - # Check whether --enable-optional-fn-export was given. -if test "${enable_optional_fn_export+set}" = set; then : - enableval=$enable_optional_fn_export; force_optional_fn_export=$enableval +# Configure or check which of the non-portable support programs can be enabled. + +NONPORTABLE_SUPPORT="" +case $host in + *mingw*) + ;; + *) + NONPORTABLE_SUPPORT="checkgid fcgistarter" + ;; +esac + + APACHE_VAR_SUBST="$APACHE_VAR_SUBST NONPORTABLE_SUPPORT" + + + +# Configure the ulimit -n command used by apachectl. + +case $host in + *aix*) + # this works in any locale, unlike the default command below, which + # fails in a non-English locale if the hard limit is unlimited + # since the display of the limit will translate "unlimited", but + # ulimit only accepts English "unlimited" on input + APACHECTL_ULIMIT="ulimit -S -n unlimited" + ;; + *alpha*-dec-osf*) + # Tru64: -H is for setting, not retrieving + APACHECTL_ULIMIT="ulimit -S -n \`ulimit -h -n\`" + ;; + *) + if TMP_ULIMIT=`ulimit -H -n` && ulimit -S -n $TMP_ULIMIT >/dev/null 2>&1; then + APACHECTL_ULIMIT="ulimit -S -n \`ulimit -H -n\`" + else + APACHECTL_ULIMIT="" + fi + ;; +esac + + APACHE_VAR_SUBST="$APACHE_VAR_SUBST APACHECTL_ULIMIT" + + + + + + current_dir=http2 + modpath_current=modules/http2 + modpath_static= + modpath_shared= + for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do + eval MOD_$var= + done + test -d http2 || $srcdir/build/mkdir.sh $modpath_current + > $modpath_current/modules.mk + + +http2_objs="mod_http2.lo h2_alt_svc.lo h2_bucket_eoc.lo h2_bucket_eos.lo h2_config.lo h2_conn.lo h2_conn_io.lo h2_ctx.lo h2_filter.lo h2_from_h1.lo h2_h2.lo h2_int_queue.lo h2_io.lo h2_io_set.lo h2_mplx.lo h2_ngn_shed.lo h2_push.lo h2_request.lo h2_response.lo h2_session.lo h2_stream.lo h2_switch.lo h2_task.lo h2_task_input.lo h2_task_output.lo h2_util.lo h2_worker.lo h2_workers.lo " + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_http2" >&5 +$as_echo_n "checking whether to enable mod_http2... " >&6; } + # Check whether --enable-http2 was given. +if test "${enable_http2+set}" = set; then : + enableval=$enable_http2; force_http2=$enableval else - enable_optional_fn_export=no + enable_http2=most fi _apmod_extra_msg="" - case "$enable_optional_fn_export" in + case "$enable_http2" in yes|static|shared) _apmod_required="yes" ;; @@ -26331,1581 +27224,1306 @@ fi ;; esac esac - if test "$enable_optional_fn_export" = "static"; then - enable_optional_fn_export=static - elif test "$enable_optional_fn_export" = "yes"; then - enable_optional_fn_export=$module_default - elif test "$enable_optional_fn_export" = "most"; then + if test "$enable_http2" = "static"; then + enable_http2=static + elif test "$enable_http2" = "yes"; then + enable_http2=$module_default + elif test "$enable_http2" = "most"; then if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ "$module_selection" = "reallyall" then - enable_optional_fn_export=$module_default + enable_http2=$module_default elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_optional_fn_export=no + enable_http2=no fi _apmod_extra_msg=" ($module_selection)" - elif test "$enable_optional_fn_export" = "maybe-all"; then + elif test "$enable_http2" = "maybe-all"; then if test "$module_selection" = "all" -o "$module_selection" = "reallyall" then - enable_optional_fn_export=$module_default + enable_http2=$module_default _apmod_extra_msg=" ($module_selection)" else - enable_optional_fn_export=no + enable_http2=no fi - elif test "$enable_optional_fn_export" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_optional_fn_export" != "no" ; then - enable_optional_fn_export=$module_default + elif test "$enable_http2" = "no" -a "$module_selection" = "reallyall" -a \ + "$force_http2" != "no" ; then + enable_http2=$module_default _apmod_extra_msg=" ($module_selection)" fi - if test "$enable_optional_fn_export" != "no"; then + if test "$enable_http2" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5 +$as_echo "checking dependencies" >&6; } : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_optional_fn_export$_apmod_extra_msg" >&5 -$as_echo "$enable_optional_fn_export$_apmod_extra_msg" >&6; } - if test "$enable_optional_fn_export" != "no"; then - case "$enable_optional_fn_export" in - static*) - MODLIST="$MODLIST optional_fn_export" - if test "optional_fn_export" = "so"; then - sharedobjs=yes + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL" >&5 +$as_echo_n "checking for OpenSSL... " >&6; } +if ${ac_cv_openssl+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ac_cv_openssl=no + ap_openssl_found="" + ap_openssl_base="" + ap_openssl_libs="" + ap_openssl_mod_cflags="" + ap_openssl_mod_ldflags="" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for user-provided OpenSSL base directory" >&5 +$as_echo_n "checking for user-provided OpenSSL base directory... " >&6; } + +# Check whether --with-ssl was given. +if test "${with_ssl+set}" = set; then : + withval=$with_ssl; + if test "x$withval" != "xyes" -a "x$withval" != "x"; then + ap_openssl_base="`cd $withval ; pwd`" fi - shared="";; - *) - enable_optional_fn_export=`echo $enable_optional_fn_export|sed 's/shared,*//'` - sharedobjs=yes - shared=yes - DSO_MODULES="$DSO_MODULES optional_fn_export" - if test "no" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},optional_fn_export" + +fi + + if test "x$ap_openssl_base" = "x"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 +$as_echo "none" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ap_openssl_base" >&5 +$as_echo "$ap_openssl_base" >&6; } + fi + + saved_CPPFLAGS="$CPPFLAGS" + saved_LIBS="$LIBS" + saved_LDFLAGS="$LDFLAGS" + + if test -n "$PKGCONFIG"; then + saved_PKG_CONFIG_PATH="$PKG_CONFIG_PATH" + if test "x$ap_openssl_base" != "x" -a \ + -f "${ap_openssl_base}/lib/pkgconfig/openssl.pc"; then + PKG_CONFIG_PATH="${ap_openssl_base}/lib/pkgconfig${PKG_CONFIG_PATH+:}${PKG_CONFIG_PATH}" + export PKG_CONFIG_PATH fi - ;; - esac + # Check whether --enable-ssl-staticlib-deps was given. +if test "${enable_ssl_staticlib_deps+set}" = set; then : + enableval=$enable_ssl_staticlib_deps; + if test "$enableval" = "yes"; then + PKGCONFIG_LIBOPTS="--static" + fi +fi - if test -z ""; then - objects="mod_optional_fn_export.lo" + ap_openssl_libs="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-l --silence-errors openssl`" + if test $? -eq 0; then + ap_openssl_found="yes" + pkglookup="`$PKGCONFIG --cflags-only-I openssl`" + + if test "x$CPPFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting CPPFLAGS to \"$pkglookup\"" + CPPFLAGS="$pkglookup" else - objects="" + apr_addto_bugger="$pkglookup" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $CPPFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to CPPFLAGS" + CPPFLAGS="$CPPFLAGS $i" + fi + done fi - if test -z "$module_standalone"; then - if test -z "$shared"; then - # The filename of a convenience library must have a "lib" prefix: - libname="libmod_optional_fn_export.la" - BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" - modpath_static="$modpath_static $libname" - cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<&5 -$as_echo_n "checking whether to enable mod_dialup... " >&6; } - # Check whether --enable-dialup was given. -if test "${enable_dialup+set}" = set; then : - enableval=$enable_dialup; force_dialup=$enableval -else - enable_dialup=maybe-all -fi + pkglookup="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-other openssl`" - _apmod_extra_msg="" - case "$enable_dialup" in - yes|static|shared) - _apmod_required="yes" - ;; - *) - case "$module_selection" in - reallyall|all|most) - _apmod_required="no" - ;; - *) - _apmod_required="yes" - ;; - esac - esac - if test "$enable_dialup" = "static"; then - enable_dialup=static - elif test "$enable_dialup" = "yes"; then - enable_dialup=$module_default - elif test "$enable_dialup" = "most"; then - if test "$module_selection" = "most" -o "$module_selection" = "all" -o \ - "$module_selection" = "reallyall" - then - enable_dialup=$module_default - elif test "$module_selection" = "few" -o "$module_selection" = "none"; then - enable_dialup=no - fi - _apmod_extra_msg=" ($module_selection)" - elif test "$enable_dialup" = "maybe-all"; then - if test "$module_selection" = "all" -o "$module_selection" = "reallyall" - then - enable_dialup=$module_default - _apmod_extra_msg=" ($module_selection)" - else - enable_dialup=no - fi - elif test "$enable_dialup" = "no" -a "$module_selection" = "reallyall" -a \ - "$force_dialup" != "no" ; then - enable_dialup=$module_default - _apmod_extra_msg=" ($module_selection)" - fi - if test "$enable_dialup" != "no"; then - : - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_dialup$_apmod_extra_msg" >&5 -$as_echo "$enable_dialup$_apmod_extra_msg" >&6; } - if test "$enable_dialup" != "no"; then - case "$enable_dialup" in - static*) - MODLIST="$MODLIST dialup" - if test "dialup" = "so"; then - sharedobjs=yes - fi - shared="";; - *) - enable_dialup=`echo $enable_dialup|sed 's/shared,*//'` - sharedobjs=yes - shared=yes - DSO_MODULES="$DSO_MODULES dialup" - if test "" = "yes" ; then - ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},dialup" + if test "x$LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting LDFLAGS to \"$pkglookup\"" + LDFLAGS="$pkglookup" + else + apr_addto_bugger="$pkglookup" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $LDFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to LDFLAGS" + LDFLAGS="$LDFLAGS $i" fi - ;; - esac + done + fi - if test -z ""; then - objects="mod_dialup.lo" + if test "x$MOD_LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$pkglookup\"" + MOD_LDFLAGS="$pkglookup" else - objects="" + apr_addto_bugger="$pkglookup" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $MOD_LDFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" + MOD_LDFLAGS="$MOD_LDFLAGS $i" + fi + done fi - if test -z "$module_standalone"; then - if test -z "$shared"; then - # The filename of a convenience library must have a "lib" prefix: - libname="libmod_dialup.la" - BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" - modpath_static="$modpath_static $libname" - cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<> $modpath_current/modules.mk - echo "static = $modpath_static" >> $modpath_current/modules.mk - echo "shared = $modpath_shared" >> $modpath_current/modules.mk - for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do - if eval val=\"\$MOD_$var\"; test -n "$val"; then - echo "MOD_$var = $val" >> $modpath_current/modules.mk - fi - done - if test ! -z "$modpath_static" -o ! -z "$modpath_shared"; then - MODULE_DIRS="$MODULE_DIRS $current_dir" + if test "x$ab_CFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting ab_CFLAGS to \"-I$ap_openssl_base/include\"" + ab_CFLAGS="-I$ap_openssl_base/include" else - MODULE_CLEANDIRS="$MODULE_CLEANDIRS $current_dir" + apr_addto_bugger="-I$ap_openssl_base/include" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $ab_CFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to ab_CFLAGS" + ab_CFLAGS="$ab_CFLAGS $i" + fi + done fi - APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $modpath_current/Makefile" - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for target platform" >&5 -$as_echo_n "checking for target platform... " >&6; } - -case $host in -*pc-os2-emx*) - OS="os2" - OS_DIR=$OS - ;; -bs2000*) - OS="unix" - OS_DIR=$OS - ;; -*cygwin*) - OS="cygwin" - OS_DIR="unix" - ;; -*mingw32*) - OS="win32" - OS_DIR=$OS - ;; -*) - OS="unix" - OS_DIR=$OS;; -esac - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $OS" >&5 -$as_echo "$OS" >&6; } - - APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES os/${OS_DIR}/Makefile" - - -if test "$OS" = "os2" ; then - if test "x$CFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting CFLAGS to \"-DOS2 -O2\"" - CFLAGS="-DOS2 -O2" + if test "x$LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting LDFLAGS to \"-L$ap_openssl_base/lib\"" + LDFLAGS="-L$ap_openssl_base/lib" else - apr_addto_bugger="-DOS2 -O2" + apr_addto_bugger="-L$ap_openssl_base/lib" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $CFLAGS; do + for j in $LDFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to CFLAGS" - CFLAGS="$CFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to LDFLAGS" + LDFLAGS="$LDFLAGS $i" fi done fi -fi - -if test "$OS" = "unix" ; then - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rlim_t" >&5 -$as_echo_n "checking for rlim_t... " >&6; } -if ${ac_cv_type_rlim_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -#include -#include - -int -main () -{ -rlim_t spoon; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - ac_cv_type_rlim_t=yes - -else - ac_cv_type_rlim_t=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_rlim_t" >&5 -$as_echo "$ac_cv_type_rlim_t" >&6; } - if test "$ac_cv_type_rlim_t" = "no" ; then - -$as_echo "#define rlim_t int" >>confdefs.h - - fi - - - for ac_header in sys/time.h sys/resource.h sys/sem.h sys/ipc.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - for ac_func in setsid killpg -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -fi - - - -for ac_header in bstring.h unistd.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - - -for ac_func in syslog -do : - ac_fn_c_check_func "$LINENO" "syslog" "ac_cv_func_syslog" -if test "x$ac_cv_func_syslog" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SYSLOG 1 -_ACEOF - -fi -done - - - for ac_header in sys/times.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "sys/times.h" "ac_cv_header_sys_times_h" "$ac_includes_default" -if test "x$ac_cv_header_sys_times_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SYS_TIMES_H 1 -_ACEOF - -fi - -done - - for ac_func in times -do : - ac_fn_c_check_func "$LINENO" "times" "ac_cv_func_times" -if test "x$ac_cv_func_times" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_TIMES 1 -_ACEOF - -fi -done + if test "x$MOD_LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"-L$ap_openssl_base/lib\"" + MOD_LDFLAGS="-L$ap_openssl_base/lib" + else + apr_addto_bugger="-L$ap_openssl_base/lib" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $MOD_LDFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" + MOD_LDFLAGS="$MOD_LDFLAGS $i" + fi + done + fi -# util_expr needs header files in server source dir + if test "x$ap_platform_runtime_link_flag" != "x"; then - if test "x$INCLUDES" = "x"; then - test "x$silent" != "xyes" && echo " setting INCLUDES to \"-I\$(top_srcdir)/server\"" - INCLUDES="-I\$(top_srcdir)/server" + if test "x$LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting LDFLAGS to \"$ap_platform_runtime_link_flag$ap_openssl_base/lib\"" + LDFLAGS="$ap_platform_runtime_link_flag$ap_openssl_base/lib" else - apr_addto_bugger="-I\$(top_srcdir)/server" + apr_addto_bugger="$ap_platform_runtime_link_flag$ap_openssl_base/lib" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $INCLUDES; do + for j in $LDFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to INCLUDES" - INCLUDES="$INCLUDES $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to LDFLAGS" + LDFLAGS="$LDFLAGS $i" fi done fi + if test "x$MOD_LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$ap_platform_runtime_link_flag$ap_openssl_base/lib\"" + MOD_LDFLAGS="$ap_platform_runtime_link_flag$ap_openssl_base/lib" + else + apr_addto_bugger="$ap_platform_runtime_link_flag$ap_openssl_base/lib" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $MOD_LDFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" + MOD_LDFLAGS="$MOD_LDFLAGS $i" + fi + done + fi + fi + fi -apr_old_cppflags=$CPPFLAGS -CPPFLAGS="$CPPFLAGS $INCLUDES" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL version >= 0.9.8a" >&5 +$as_echo_n "checking for OpenSSL version >= 0.9.8a... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#include +int +main () +{ -#include -#if APR_HAS_THREADS -YES_IS_DEFINED +#if !defined(OPENSSL_VERSION_NUMBER) +#error "Missing OpenSSL version" #endif - +#if OPENSSL_VERSION_NUMBER < 0x0090801f +#error "Unsupported OpenSSL version " OPENSSL_VERSION_TEXT +#endif + ; + return 0; +} _ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "YES_IS_DEFINED" >/dev/null 2>&1; then : - ac_cv_define_APR_HAS_THREADS=yes +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: OK" >&5 +$as_echo "OK" >&6; } + ac_cv_openssl=yes else - ac_cv_define_APR_HAS_THREADS=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: FAILED" >&5 +$as_echo "FAILED" >&6; } fi -rm -f conftest* - -CPPFLAGS=$apr_old_cppflags - - -have_threaded_sig_graceful=yes -case $host in - *-linux-*) - case `uname -r` in - 2.0* ) - have_threaded_sig_graceful=no - ;; - esac - ;; -esac - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether APR supports thread-safe pollsets" >&5 -$as_echo_n "checking whether APR supports thread-safe pollsets... " >&6; } -if ${ac_cv_have_threadsafe_pollset+:} false; then : - $as_echo_n "(cached) " >&6 -else +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - case $host in - *-apple-darwin[1-9].*) + if test "x$ac_cv_openssl" = "xyes"; then + ap_openssl_libs="${ap_openssl_libs:--lssl -lcrypto} `$apr_config --libs`" - if test -z "$ac_cv_func_kqueue"; then - test "x$silent" != "xyes" && echo " setting ac_cv_func_kqueue to \"no\"" - ac_cv_func_kqueue="no" + if test "x$MOD_LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$ap_openssl_libs\"" + MOD_LDFLAGS="$ap_openssl_libs" + else + apr_addto_bugger="$ap_openssl_libs" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $MOD_LDFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" + MOD_LDFLAGS="$MOD_LDFLAGS $i" + fi + done fi - ;; - esac - for ac_func in kqueue port_create epoll_create -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - if test "$ac_cv_func_kqueue$ac_cv_func_port_create$ac_cv_func_epoll_create" != "nonono"; then - ac_cv_have_threadsafe_pollset=yes - else - ac_cv_have_threadsafe_pollset=no - fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_threadsafe_pollset" >&5 -$as_echo "$ac_cv_have_threadsafe_pollset" >&6; } - -case $APR_VERSION in - 1.4*) - apr_has_skiplist=no - ;; - *) - apr_has_skiplist=yes -esac - -case $host in - *mingw32* | *os2-emx*) - forking_mpms_supported=no - ;; - *) - forking_mpms_supported=yes - ;; -esac + if test "x$LIBS" = "x"; then + test "x$silent" != "xyes" && echo " setting LIBS to \"$ap_openssl_libs\"" + LIBS="$ap_openssl_libs" + else + apr_addto_bugger="$ap_openssl_libs" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $LIBS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to LIBS" + LIBS="$LIBS $i" + fi + done + fi -ap_mpm_is_supported () -{ - eval "tmp=\$ap_supported_mpm_$1" - if test -z "$tmp"; then - return 1 - else - return 0 - fi -} + test "x$silent" != "xyes" && echo " forcing ab_LDFLAGS to \"$MOD_LDFLAGS\"" + ab_LDFLAGS="$MOD_LDFLAGS" -ap_mpm_supports_shared () -{ - eval "tmp=\$ap_supported_mpm_$1" - if test "$tmp" = "shared"; then - return 0 - else - return 1 - fi -} -ap_mpm_is_threaded () -{ - if test "$mpm_build" = "shared" -a ac_cv_define_APR_HAS_THREADS = "yes"; then - return 0 - fi + APACHE_VAR_SUBST="$APACHE_VAR_SUBST ab_CFLAGS" - for mpm in $ap_enabled_mpms; do - eval "tmp=\$ap_threaded_mpm_$mpm" - if test "$tmp" = "yes"; then - return 0 - fi - done - return 1 -} -ap_mpm_is_enabled () -{ - eval "tmp=\$ap_enabled_mpm_$1" - if test "$tmp" = "yes"; then - return 0 - else - return 1 - fi -} -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if event MPM supports this platform" >&5 -$as_echo_n "checking if event MPM supports this platform... " >&6; } -if test $forking_mpms_supported != yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - This is not a forking platform" >&5 -$as_echo "no - This is not a forking platform" >&6; } -elif test $ac_cv_define_APR_HAS_THREADS != yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - APR does not support threads" >&5 -$as_echo "no - APR does not support threads" >&6; } -elif test $have_threaded_sig_graceful != yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - SIG_GRACEFUL cannot be used with a threaded MPM" >&5 -$as_echo "no - SIG_GRACEFUL cannot be used with a threaded MPM" >&6; } -elif test $ac_cv_have_threadsafe_pollset != yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - APR_POLLSET_THREADSAFE is not supported" >&5 -$as_echo "no - APR_POLLSET_THREADSAFE is not supported" >&6; } -elif test $apr_has_skiplist != yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - APR skiplist is not available" >&5 -$as_echo "no - APR skiplist is not available" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + APACHE_VAR_SUBST="$APACHE_VAR_SUBST ab_LDFLAGS" - if test "yes" = "yes"; then - eval "ap_supported_mpm_event=shared" - ap_supported_shared_mpms="$ap_supported_shared_mpms event " - else - eval "ap_supported_mpm_event=static" - fi - if test "yes" = "yes"; then - eval "ap_threaded_mpm_event=yes" - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if mpmt_os2 MPM supports this platform" >&5 -$as_echo_n "checking if mpmt_os2 MPM supports this platform... " >&6; } -case $host in - *os2-emx*) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + liberrors="" + for ac_header in openssl/engine.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "openssl/engine.h" "ac_cv_header_openssl_engine_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_engine_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_OPENSSL_ENGINE_H 1 +_ACEOF - if test "no" = "yes"; then - eval "ap_supported_mpm_mpmt_os2=shared" - ap_supported_shared_mpms="$ap_supported_shared_mpms mpmt_os2 " - else - eval "ap_supported_mpm_mpmt_os2=static" - fi - if test "yes" = "yes"; then - eval "ap_threaded_mpm_mpmt_os2=yes" - fi +fi - ;; - *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ;; -esac +done + + for ac_func in SSLeay_version SSL_CTX_new +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if prefork MPM supports this platform" >&5 -$as_echo_n "checking if prefork MPM supports this platform... " >&6; } -if test $forking_mpms_supported != yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - This is not a forking platform" >&5 -$as_echo "no - This is not a forking platform" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + liberrors="yes" +fi +done - if test "yes" = "yes"; then - eval "ap_supported_mpm_prefork=shared" - ap_supported_shared_mpms="$ap_supported_shared_mpms prefork " - else - eval "ap_supported_mpm_prefork=static" - fi - if test "no" = "yes"; then - eval "ap_threaded_mpm_prefork=yes" - fi + for ac_func in ENGINE_init ENGINE_load_builtin_engines RAND_egd +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF fi +done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if WinNT MPM supports this platform" >&5 -$as_echo_n "checking if WinNT MPM supports this platform... " >&6; } -case $host in - *mingw32*) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - - if test "no" = "yes"; then - eval "ap_supported_mpm_winnt=shared" - ap_supported_shared_mpms="$ap_supported_shared_mpms winnt " + if test "x$liberrors" != "x"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL libraries are unusable" >&5 +$as_echo "$as_me: WARNING: OpenSSL libraries are unusable" >&2;} + fi else - eval "ap_supported_mpm_winnt=static" - fi - if test "yes" = "yes"; then - eval "ap_threaded_mpm_winnt=yes" + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL version is too old" >&5 +$as_echo "$as_me: WARNING: OpenSSL version is too old" >&2;} fi - ;; - *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ;; -esac - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if worker MPM supports this platform" >&5 -$as_echo_n "checking if worker MPM supports this platform... " >&6; } -if test $forking_mpms_supported != yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - This is not a forking platform" >&5 -$as_echo "no - This is not a forking platform" >&6; } -elif test $ac_cv_define_APR_HAS_THREADS != yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - APR does not support threads" >&5 -$as_echo "no - APR does not support threads" >&6; } -elif test $have_threaded_sig_graceful != yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - SIG_GRACEFUL cannot be used with a threaded MPM" >&5 -$as_echo "no - SIG_GRACEFUL cannot be used with a threaded MPM" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + CPPFLAGS="$saved_CPPFLAGS" + LIBS="$saved_LIBS" + LDFLAGS="$saved_LDFLAGS" - if test "yes" = "yes"; then - eval "ap_supported_mpm_worker=shared" - ap_supported_shared_mpms="$ap_supported_shared_mpms worker " - else - eval "ap_supported_mpm_worker=static" - fi - if test "yes" = "yes"; then - eval "ap_threaded_mpm_worker=yes" - fi + ap_openssl_mod_cflags=$MOD_CFLAGS + ap_openssl_mod_ldflags=$MOD_LDFLAGS fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_openssl" >&5 +$as_echo "$ac_cv_openssl" >&6; } + if test "x$ac_cv_openssl" = "xyes"; then -htpasswd_LTFLAGS="" -htdigest_LTFLAGS="" -rotatelogs_LTFLAGS="" -logresolve_LTFLAGS="" -htdbm_LTFLAGS="" -ab_LTFLAGS="" -checkgid_LTFLAGS="" -htcacheclean_LTFLAGS="" -httxt2dbm_LTFLAGS="" -fcgistarter_LTFLAGS="" +$as_echo "#define HAVE_OPENSSL 1" >>confdefs.h -# Check whether --enable-static-support was given. -if test "${enable_static_support+set}" = set; then : - enableval=$enable_static_support; -if test "$enableval" = "yes" ; then - if test "x$htpasswd_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting htpasswd_LTFLAGS to \"-static\"" - htpasswd_LTFLAGS="-static" + if test "x$MOD_LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$ap_openssl_mod_ldflags\"" + MOD_LDFLAGS="$ap_openssl_mod_ldflags" else - apr_addto_bugger="-static" + apr_addto_bugger="$ap_openssl_mod_ldflags" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $htpasswd_LTFLAGS; do + for j in $MOD_LDFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to htpasswd_LTFLAGS" - htpasswd_LTFLAGS="$htpasswd_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" + MOD_LDFLAGS="$MOD_LDFLAGS $i" fi done fi - if test "x$htdigest_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting htdigest_LTFLAGS to \"-static\"" - htdigest_LTFLAGS="-static" + if test "x$MOD_CFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_CFLAGS to \"$ap_openssl_mod_cflags\"" + MOD_CFLAGS="$ap_openssl_mod_cflags" else - apr_addto_bugger="-static" + apr_addto_bugger="$ap_openssl_mod_cflags" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $htdigest_LTFLAGS; do + for j in $MOD_CFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to htdigest_LTFLAGS" - htdigest_LTFLAGS="$htdigest_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_CFLAGS" + MOD_CFLAGS="$MOD_CFLAGS $i" fi done fi + fi - if test "x$rotatelogs_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting rotatelogs_LTFLAGS to \"-static\"" - rotatelogs_LTFLAGS="-static" + if test "$ac_cv_openssl" = "yes" ; then + + if test "x$MOD_CPPFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_CPPFLAGS to \""-DH2_OPENSSL"\"" + MOD_CPPFLAGS=""-DH2_OPENSSL"" else - apr_addto_bugger="-static" + apr_addto_bugger=""-DH2_OPENSSL"" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $rotatelogs_LTFLAGS; do + for j in $MOD_CPPFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to rotatelogs_LTFLAGS" - rotatelogs_LTFLAGS="$rotatelogs_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_CPPFLAGS" + MOD_CPPFLAGS="$MOD_CPPFLAGS $i" fi done fi + fi - if test "x$logresolve_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting logresolve_LTFLAGS to \"-static\"" - logresolve_LTFLAGS="-static" - else - apr_addto_bugger="-static" - for i in $apr_addto_bugger; do - apr_addto_duplicate="0" - for j in $logresolve_LTFLAGS; do - if test "x$i" = "x$j"; then - apr_addto_duplicate="1" - break - fi - done - if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to logresolve_LTFLAGS" - logresolve_LTFLAGS="$logresolve_LTFLAGS $i" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nghttp2" >&5 +$as_echo_n "checking for nghttp2... " >&6; } +if ${ac_cv_nghttp2+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ac_cv_nghttp2=no + ap_nghttp2_found="" + ap_nghttp2_base="" + ap_nghttp2_libs="" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for user-provided nghttp2 base directory" >&5 +$as_echo_n "checking for user-provided nghttp2 base directory... " >&6; } + +# Check whether --with-nghttp2 was given. +if test "${with_nghttp2+set}" = set; then : + withval=$with_nghttp2; + if test "x$withval" != "xyes" -a "x$withval" != "x"; then + ap_nghttp2_base="`cd $withval ; pwd`" fi - done - fi +fi - if test "x$htdbm_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting htdbm_LTFLAGS to \"-static\"" - htdbm_LTFLAGS="-static" + if test "x$ap_nghttp2_base" = "x"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 +$as_echo "none" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ap_nghttp2_base" >&5 +$as_echo "$ap_nghttp2_base" >&6; } + fi + + saved_CPPFLAGS="$CPPFLAGS" + saved_LIBS="$LIBS" + saved_LDFLAGS="$LDFLAGS" + + if test -n "$PKGCONFIG"; then + saved_PKG_CONFIG_PATH="$PKG_CONFIG_PATH" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pkg-config along $PKG_CONFIG_PATH" >&5 +$as_echo_n "checking for pkg-config along $PKG_CONFIG_PATH... " >&6; } + if test "x$ap_nghttp2_base" != "x" -a \ + -f "${ap_nghttp2_base}/lib/pkgconfig/libnghttp2.pc"; then + PKG_CONFIG_PATH="${ap_nghttp2_base}/lib/pkgconfig${PKG_CONFIG_PATH+:}${PKG_CONFIG_PATH}" + export PKG_CONFIG_PATH + fi + # Check whether --enable-nghttp2-staticlib-deps was given. +if test "${enable_nghttp2_staticlib_deps+set}" = set; then : + enableval=$enable_nghttp2_staticlib_deps; + if test "$enableval" = "yes"; then + PKGCONFIG_LIBOPTS="--static" + fi + +fi + + ap_nghttp2_libs="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-l --silence-errors libnghttp2`" + if test $? -eq 0; then + ap_nghttp2_found="yes" + pkglookup="`$PKGCONFIG --cflags-only-I libnghttp2`" + + if test "x$CPPFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting CPPFLAGS to \"$pkglookup\"" + CPPFLAGS="$pkglookup" else - apr_addto_bugger="-static" + apr_addto_bugger="$pkglookup" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $htdbm_LTFLAGS; do + for j in $CPPFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to htdbm_LTFLAGS" - htdbm_LTFLAGS="$htdbm_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to CPPFLAGS" + CPPFLAGS="$CPPFLAGS $i" fi done fi - if test "x$ab_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting ab_LTFLAGS to \"-static\"" - ab_LTFLAGS="-static" + if test "x$MOD_CFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_CFLAGS to \"$pkglookup\"" + MOD_CFLAGS="$pkglookup" else - apr_addto_bugger="-static" + apr_addto_bugger="$pkglookup" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $ab_LTFLAGS; do + for j in $MOD_CFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to ab_LTFLAGS" - ab_LTFLAGS="$ab_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_CFLAGS" + MOD_CFLAGS="$MOD_CFLAGS $i" fi done fi - if test "x$checkgid_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting checkgid_LTFLAGS to \"-static\"" - checkgid_LTFLAGS="-static" + if test "x$ab_CFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting ab_CFLAGS to \"$pkglookup\"" + ab_CFLAGS="$pkglookup" else - apr_addto_bugger="-static" + apr_addto_bugger="$pkglookup" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $checkgid_LTFLAGS; do + for j in $ab_CFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to checkgid_LTFLAGS" - checkgid_LTFLAGS="$checkgid_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to ab_CFLAGS" + ab_CFLAGS="$ab_CFLAGS $i" fi done fi + pkglookup="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-L libnghttp2`" - if test "x$htcacheclean_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting htcacheclean_LTFLAGS to \"-static\"" - htcacheclean_LTFLAGS="-static" + if test "x$LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting LDFLAGS to \"$pkglookup\"" + LDFLAGS="$pkglookup" else - apr_addto_bugger="-static" + apr_addto_bugger="$pkglookup" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $htcacheclean_LTFLAGS; do + for j in $LDFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to htcacheclean_LTFLAGS" - htcacheclean_LTFLAGS="$htcacheclean_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to LDFLAGS" + LDFLAGS="$LDFLAGS $i" fi done fi - if test "x$httxt2dbm_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting httxt2dbm_LTFLAGS to \"-static\"" - httxt2dbm_LTFLAGS="-static" + if test "x$MOD_LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$pkglookup\"" + MOD_LDFLAGS="$pkglookup" else - apr_addto_bugger="-static" + apr_addto_bugger="$pkglookup" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $httxt2dbm_LTFLAGS; do + for j in $MOD_LDFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to httxt2dbm_LTFLAGS" - httxt2dbm_LTFLAGS="$httxt2dbm_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" + MOD_LDFLAGS="$MOD_LDFLAGS $i" fi done fi + pkglookup="`$PKGCONFIG $PKGCONFIG_LIBOPTS --libs-only-other libnghttp2`" - if test "x$fcgistarter_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting fcgistarter_LTFLAGS to \"-static\"" - fcgistarter_LTFLAGS="-static" + if test "x$LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting LDFLAGS to \"$pkglookup\"" + LDFLAGS="$pkglookup" else - apr_addto_bugger="-static" + apr_addto_bugger="$pkglookup" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $fcgistarter_LTFLAGS; do + for j in $LDFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to fcgistarter_LTFLAGS" - fcgistarter_LTFLAGS="$fcgistarter_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to LDFLAGS" + LDFLAGS="$LDFLAGS $i" fi done fi -fi - -fi - - -# Check whether --enable-static-htpasswd was given. -if test "${enable_static_htpasswd+set}" = set; then : - enableval=$enable_static_htpasswd; -if test "$enableval" = "yes" ; then - if test "x$htpasswd_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting htpasswd_LTFLAGS to \"-static\"" - htpasswd_LTFLAGS="-static" + if test "x$MOD_LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$pkglookup\"" + MOD_LDFLAGS="$pkglookup" else - apr_addto_bugger="-static" + apr_addto_bugger="$pkglookup" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $htpasswd_LTFLAGS; do + for j in $MOD_LDFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to htpasswd_LTFLAGS" - htpasswd_LTFLAGS="$htpasswd_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" + MOD_LDFLAGS="$MOD_LDFLAGS $i" fi done fi -else - - if test "x$htpasswd_LTFLAGS" = "x-static"; then - test "x$silent" != "xyes" && echo " nulling htpasswd_LTFLAGS" - htpasswd_LTFLAGS="" - else - apr_new_bugger="" - apr_removed=0 - for i in $htpasswd_LTFLAGS; do - if test "x$i" != "x-static"; then - apr_new_bugger="$apr_new_bugger $i" - else - apr_removed=1 fi - done - if test $apr_removed = "1"; then - test "x$silent" != "xyes" && echo " removed \"-static\" from htpasswd_LTFLAGS" - htpasswd_LTFLAGS=$apr_new_bugger + PKG_CONFIG_PATH="$saved_PKG_CONFIG_PATH" fi - fi - -fi - -fi - - APACHE_VAR_SUBST="$APACHE_VAR_SUBST htpasswd_LTFLAGS" - - - -# Check whether --enable-static-htdigest was given. -if test "${enable_static_htdigest+set}" = set; then : - enableval=$enable_static_htdigest; -if test "$enableval" = "yes" ; then + if test "x$ap_nghttp2_base" != "x" -a "x$ap_nghttp2_found" = "x"; then - if test "x$htdigest_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting htdigest_LTFLAGS to \"-static\"" - htdigest_LTFLAGS="-static" + if test "x$CPPFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting CPPFLAGS to \"-I$ap_nghttp2_base/include\"" + CPPFLAGS="-I$ap_nghttp2_base/include" else - apr_addto_bugger="-static" + apr_addto_bugger="-I$ap_nghttp2_base/include" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $htdigest_LTFLAGS; do + for j in $CPPFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to htdigest_LTFLAGS" - htdigest_LTFLAGS="$htdigest_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to CPPFLAGS" + CPPFLAGS="$CPPFLAGS $i" fi done fi -else - if test "x$htdigest_LTFLAGS" = "x-static"; then - test "x$silent" != "xyes" && echo " nulling htdigest_LTFLAGS" - htdigest_LTFLAGS="" + if test "x$MOD_CFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_CFLAGS to \"-I$ap_nghttp2_base/include\"" + MOD_CFLAGS="-I$ap_nghttp2_base/include" else - apr_new_bugger="" - apr_removed=0 - for i in $htdigest_LTFLAGS; do - if test "x$i" != "x-static"; then - apr_new_bugger="$apr_new_bugger $i" - else - apr_removed=1 + apr_addto_bugger="-I$ap_nghttp2_base/include" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $MOD_CFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_CFLAGS" + MOD_CFLAGS="$MOD_CFLAGS $i" fi done - if test $apr_removed = "1"; then - test "x$silent" != "xyes" && echo " removed \"-static\" from htdigest_LTFLAGS" - htdigest_LTFLAGS=$apr_new_bugger - fi fi -fi - -fi - - - APACHE_VAR_SUBST="$APACHE_VAR_SUBST htdigest_LTFLAGS" - - - -# Check whether --enable-static-rotatelogs was given. -if test "${enable_static_rotatelogs+set}" = set; then : - enableval=$enable_static_rotatelogs; -if test "$enableval" = "yes" ; then - if test "x$rotatelogs_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting rotatelogs_LTFLAGS to \"-static\"" - rotatelogs_LTFLAGS="-static" + if test "x$ab_CFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting ab_CFLAGS to \"-I$ap_nghttp2_base/include\"" + ab_CFLAGS="-I$ap_nghttp2_base/include" else - apr_addto_bugger="-static" + apr_addto_bugger="-I$ap_nghttp2_base/include" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $rotatelogs_LTFLAGS; do + for j in $ab_CFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to rotatelogs_LTFLAGS" - rotatelogs_LTFLAGS="$rotatelogs_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to ab_CFLAGS" + ab_CFLAGS="$ab_CFLAGS $i" fi done fi -else - if test "x$rotatelogs_LTFLAGS" = "x-static"; then - test "x$silent" != "xyes" && echo " nulling rotatelogs_LTFLAGS" - rotatelogs_LTFLAGS="" + if test "x$LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting LDFLAGS to \"-L$ap_nghttp2_base/lib\"" + LDFLAGS="-L$ap_nghttp2_base/lib" else - apr_new_bugger="" - apr_removed=0 - for i in $rotatelogs_LTFLAGS; do - if test "x$i" != "x-static"; then - apr_new_bugger="$apr_new_bugger $i" - else - apr_removed=1 + apr_addto_bugger="-L$ap_nghttp2_base/lib" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $LDFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to LDFLAGS" + LDFLAGS="$LDFLAGS $i" fi done - if test $apr_removed = "1"; then - test "x$silent" != "xyes" && echo " removed \"-static\" from rotatelogs_LTFLAGS" - rotatelogs_LTFLAGS=$apr_new_bugger - fi fi - -fi - -fi - - - APACHE_VAR_SUBST="$APACHE_VAR_SUBST rotatelogs_LTFLAGS" - - - -# Check whether --enable-static-logresolve was given. -if test "${enable_static_logresolve+set}" = set; then : - enableval=$enable_static_logresolve; -if test "$enableval" = "yes" ; then - - if test "x$logresolve_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting logresolve_LTFLAGS to \"-static\"" - logresolve_LTFLAGS="-static" + + + if test "x$MOD_LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"-L$ap_nghttp2_base/lib\"" + MOD_LDFLAGS="-L$ap_nghttp2_base/lib" else - apr_addto_bugger="-static" + apr_addto_bugger="-L$ap_nghttp2_base/lib" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $logresolve_LTFLAGS; do + for j in $MOD_LDFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to logresolve_LTFLAGS" - logresolve_LTFLAGS="$logresolve_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" + MOD_LDFLAGS="$MOD_LDFLAGS $i" fi done fi -else + if test "x$ap_platform_runtime_link_flag" != "x"; then - if test "x$logresolve_LTFLAGS" = "x-static"; then - test "x$silent" != "xyes" && echo " nulling logresolve_LTFLAGS" - logresolve_LTFLAGS="" + if test "x$LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting LDFLAGS to \"$ap_platform_runtime_link_flag$ap_nghttp2_base/lib\"" + LDFLAGS="$ap_platform_runtime_link_flag$ap_nghttp2_base/lib" else - apr_new_bugger="" - apr_removed=0 - for i in $logresolve_LTFLAGS; do - if test "x$i" != "x-static"; then - apr_new_bugger="$apr_new_bugger $i" - else - apr_removed=1 + apr_addto_bugger="$ap_platform_runtime_link_flag$ap_nghttp2_base/lib" + for i in $apr_addto_bugger; do + apr_addto_duplicate="0" + for j in $LDFLAGS; do + if test "x$i" = "x$j"; then + apr_addto_duplicate="1" + break + fi + done + if test $apr_addto_duplicate = "0"; then + test "x$silent" != "xyes" && echo " adding \"$i\" to LDFLAGS" + LDFLAGS="$LDFLAGS $i" fi done - if test $apr_removed = "1"; then - test "x$silent" != "xyes" && echo " removed \"-static\" from logresolve_LTFLAGS" - logresolve_LTFLAGS=$apr_new_bugger - fi fi -fi - -fi - - APACHE_VAR_SUBST="$APACHE_VAR_SUBST logresolve_LTFLAGS" - - - -# Check whether --enable-static-htdbm was given. -if test "${enable_static_htdbm+set}" = set; then : - enableval=$enable_static_htdbm; -if test "$enableval" = "yes" ; then - - if test "x$htdbm_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting htdbm_LTFLAGS to \"-static\"" - htdbm_LTFLAGS="-static" + if test "x$MOD_LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$ap_platform_runtime_link_flag$ap_nghttp2_base/lib\"" + MOD_LDFLAGS="$ap_platform_runtime_link_flag$ap_nghttp2_base/lib" else - apr_addto_bugger="-static" + apr_addto_bugger="$ap_platform_runtime_link_flag$ap_nghttp2_base/lib" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $htdbm_LTFLAGS; do + for j in $MOD_LDFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to htdbm_LTFLAGS" - htdbm_LTFLAGS="$htdbm_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" + MOD_LDFLAGS="$MOD_LDFLAGS $i" fi done fi -else - - if test "x$htdbm_LTFLAGS" = "x-static"; then - test "x$silent" != "xyes" && echo " nulling htdbm_LTFLAGS" - htdbm_LTFLAGS="" - else - apr_new_bugger="" - apr_removed=0 - for i in $htdbm_LTFLAGS; do - if test "x$i" != "x-static"; then - apr_new_bugger="$apr_new_bugger $i" - else - apr_removed=1 fi - done - if test $apr_removed = "1"; then - test "x$silent" != "xyes" && echo " removed \"-static\" from htdbm_LTFLAGS" - htdbm_LTFLAGS=$apr_new_bugger fi - fi -fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nghttp2 version >= 1.2.1" >&5 +$as_echo_n "checking for nghttp2 version >= 1.2.1... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +#if !defined(NGHTTP2_VERSION_NUM) +#error "Missing nghttp2 version" +#endif +#if NGHTTP2_VERSION_NUM < 0x010201 +#error "Unsupported nghttp2 version " NGHTTP2_VERSION_TEXT +#endif + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: OK" >&5 +$as_echo "OK" >&6; } + ac_cv_nghttp2=yes +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: FAILED" >&5 +$as_echo "FAILED" >&6; } fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test "x$ac_cv_nghttp2" = "xyes"; then + ap_nghttp2_libs="${ap_nghttp2_libs:--lnghttp2} `$apr_config --libs`" - APACHE_VAR_SUBST="$APACHE_VAR_SUBST htdbm_LTFLAGS" - - - -# Check whether --enable-static-ab was given. -if test "${enable_static_ab+set}" = set; then : - enableval=$enable_static_ab; -if test "$enableval" = "yes" ; then - - if test "x$ab_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting ab_LTFLAGS to \"-static\"" - ab_LTFLAGS="-static" + if test "x$MOD_LDFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_LDFLAGS to \"$ap_nghttp2_libs\"" + MOD_LDFLAGS="$ap_nghttp2_libs" else - apr_addto_bugger="-static" + apr_addto_bugger="$ap_nghttp2_libs" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $ab_LTFLAGS; do + for j in $MOD_LDFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to ab_LTFLAGS" - ab_LTFLAGS="$ab_LTFLAGS $i" - fi - done - fi - -else - - if test "x$ab_LTFLAGS" = "x-static"; then - test "x$silent" != "xyes" && echo " nulling ab_LTFLAGS" - ab_LTFLAGS="" - else - apr_new_bugger="" - apr_removed=0 - for i in $ab_LTFLAGS; do - if test "x$i" != "x-static"; then - apr_new_bugger="$apr_new_bugger $i" - else - apr_removed=1 + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_LDFLAGS" + MOD_LDFLAGS="$MOD_LDFLAGS $i" fi done - if test $apr_removed = "1"; then - test "x$silent" != "xyes" && echo " removed \"-static\" from ab_LTFLAGS" - ab_LTFLAGS=$apr_new_bugger - fi fi -fi - -fi - - - APACHE_VAR_SUBST="$APACHE_VAR_SUBST ab_LTFLAGS" - - - -# Check whether --enable-static-checkgid was given. -if test "${enable_static_checkgid+set}" = set; then : - enableval=$enable_static_checkgid; -if test "$enableval" = "yes" ; then - if test "x$checkgid_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting checkgid_LTFLAGS to \"-static\"" - checkgid_LTFLAGS="-static" + if test "x$LIBS" = "x"; then + test "x$silent" != "xyes" && echo " setting LIBS to \"$ap_nghttp2_libs\"" + LIBS="$ap_nghttp2_libs" else - apr_addto_bugger="-static" + apr_addto_bugger="$ap_nghttp2_libs" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $checkgid_LTFLAGS; do + for j in $LIBS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to checkgid_LTFLAGS" - checkgid_LTFLAGS="$checkgid_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to LIBS" + LIBS="$LIBS $i" fi done fi -else - if test "x$checkgid_LTFLAGS" = "x-static"; then - test "x$silent" != "xyes" && echo " nulling checkgid_LTFLAGS" - checkgid_LTFLAGS="" - else - apr_new_bugger="" - apr_removed=0 - for i in $checkgid_LTFLAGS; do - if test "x$i" != "x-static"; then - apr_new_bugger="$apr_new_bugger $i" - else - apr_removed=1 - fi - done - if test $apr_removed = "1"; then - test "x$silent" != "xyes" && echo " removed \"-static\" from checkgid_LTFLAGS" - checkgid_LTFLAGS=$apr_new_bugger - fi - fi + test "x$silent" != "xyes" && echo " forcing ab_LDFLAGS to \"$MOD_LDFLAGS\"" + ab_LDFLAGS="$MOD_LDFLAGS" -fi + + APACHE_VAR_SUBST="$APACHE_VAR_SUBST ab_CFLAGS" + + + + APACHE_VAR_SUBST="$APACHE_VAR_SUBST ab_LDFLAGS" + + + + liberrors="" + for ac_header in nghttp2/nghttp2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "nghttp2/nghttp2.h" "ac_cv_header_nghttp2_nghttp2_h" "$ac_includes_default" +if test "x$ac_cv_header_nghttp2_nghttp2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NGHTTP2_NGHTTP2_H 1 +_ACEOF fi +done - APACHE_VAR_SUBST="$APACHE_VAR_SUBST checkgid_LTFLAGS" + for ac_func in nghttp2_session_server_new2 +do : + ac_fn_c_check_func "$LINENO" "nghttp2_session_server_new2" "ac_cv_func_nghttp2_session_server_new2" +if test "x$ac_cv_func_nghttp2_session_server_new2" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NGHTTP2_SESSION_SERVER_NEW2 1 +_ACEOF + +else + liberrors="yes" +fi +done + if test "x$liberrors" != "x"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: nghttp2 library is unusable" >&5 +$as_echo "$as_me: WARNING: nghttp2 library is unusable" >&2;} + fi + for ac_func in nghttp2_stream_get_weight +do : + ac_fn_c_check_func "$LINENO" "nghttp2_stream_get_weight" "ac_cv_func_nghttp2_stream_get_weight" +if test "x$ac_cv_func_nghttp2_stream_get_weight" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NGHTTP2_STREAM_GET_WEIGHT 1 +_ACEOF +else + liberrors="yes" +fi +done -# Check whether --enable-static-htcacheclean was given. -if test "${enable_static_htcacheclean+set}" = set; then : - enableval=$enable_static_htcacheclean; -if test "$enableval" = "yes" ; then + if test "x$liberrors" != "x"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: nghttp2 version >= 1.3.0 is required" >&5 +$as_echo "$as_me: WARNING: nghttp2 version >= 1.3.0 is required" >&2;} + fi + for ac_func in nghttp2_session_change_stream_priority +do : + ac_fn_c_check_func "$LINENO" "nghttp2_session_change_stream_priority" "ac_cv_func_nghttp2_session_change_stream_priority" +if test "x$ac_cv_func_nghttp2_session_change_stream_priority" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NGHTTP2_SESSION_CHANGE_STREAM_PRIORITY 1 +_ACEOF - if test "x$htcacheclean_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting htcacheclean_LTFLAGS to \"-static\"" - htcacheclean_LTFLAGS="-static" + if test "x$MOD_CPPFLAGS" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_CPPFLAGS to \""-DH2_NG2_CHANGE_PRIO"\"" + MOD_CPPFLAGS=""-DH2_NG2_CHANGE_PRIO"" else - apr_addto_bugger="-static" + apr_addto_bugger=""-DH2_NG2_CHANGE_PRIO"" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $htcacheclean_LTFLAGS; do + for j in $MOD_CPPFLAGS; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to htcacheclean_LTFLAGS" - htcacheclean_LTFLAGS="$htcacheclean_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_CPPFLAGS" + MOD_CPPFLAGS="$MOD_CPPFLAGS $i" fi done fi -else +fi +done - if test "x$htcacheclean_LTFLAGS" = "x-static"; then - test "x$silent" != "xyes" && echo " nulling htcacheclean_LTFLAGS" - htcacheclean_LTFLAGS="" - else - apr_new_bugger="" - apr_removed=0 - for i in $htcacheclean_LTFLAGS; do - if test "x$i" != "x-static"; then - apr_new_bugger="$apr_new_bugger $i" - else - apr_removed=1 - fi - done - if test $apr_removed = "1"; then - test "x$silent" != "xyes" && echo " removed \"-static\" from htcacheclean_LTFLAGS" - htcacheclean_LTFLAGS=$apr_new_bugger + else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: nghttp2 version is too old" >&5 +$as_echo "$as_me: WARNING: nghttp2 version is too old" >&2;} fi - fi -fi + CPPFLAGS="$saved_CPPFLAGS" + LIBS="$saved_LIBS" + LDFLAGS="$saved_LDFLAGS" fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_nghttp2" >&5 +$as_echo "$ac_cv_nghttp2" >&6; } + if test "x$ac_cv_nghttp2" = "xyes"; then +$as_echo "#define HAVE_NGHTTP2 1" >>confdefs.h - APACHE_VAR_SUBST="$APACHE_VAR_SUBST htcacheclean_LTFLAGS" - - + fi -# Check whether --enable-static-httxt2dbm was given. -if test "${enable_static_httxt2dbm+set}" = set; then : - enableval=$enable_static_httxt2dbm; -if test "$enableval" = "yes" ; then + if test "$ac_cv_nghttp2" = "yes" ; then + if test "x$enable_http2" = "xshared"; then + # The only symbol which needs to be exported is the module + # structure, so ask libtool to hide everything else: - if test "x$httxt2dbm_LTFLAGS" = "x"; then - test "x$silent" != "xyes" && echo " setting httxt2dbm_LTFLAGS to \"-static\"" - httxt2dbm_LTFLAGS="-static" + if test "x$MOD_HTTP2_LDADD" = "x"; then + test "x$silent" != "xyes" && echo " setting MOD_HTTP2_LDADD to \"-export-symbols-regex http2_module\"" + MOD_HTTP2_LDADD="-export-symbols-regex http2_module" else - apr_addto_bugger="-static" + apr_addto_bugger="-export-symbols-regex http2_module" for i in $apr_addto_bugger; do apr_addto_duplicate="0" - for j in $httxt2dbm_LTFLAGS; do + for j in $MOD_HTTP2_LDADD; do if test "x$i" = "x$j"; then apr_addto_duplicate="1" break fi done if test $apr_addto_duplicate = "0"; then - test "x$silent" != "xyes" && echo " adding \"$i\" to httxt2dbm_LTFLAGS" - httxt2dbm_LTFLAGS="$httxt2dbm_LTFLAGS $i" + test "x$silent" != "xyes" && echo " adding \"$i\" to MOD_HTTP2_LDADD" + MOD_HTTP2_LDADD="$MOD_HTTP2_LDADD $i" fi done fi -else - - if test "x$httxt2dbm" = "x-static"; then - test "x$silent" != "xyes" && echo " nulling httxt2dbm" - httxt2dbm="" - else - apr_new_bugger="" - apr_removed=0 - for i in $httxt2dbm; do - if test "x$i" != "x-static"; then - apr_new_bugger="$apr_new_bugger $i" - else - apr_removed=1 - fi - done - if test $apr_removed = "1"; then - test "x$silent" != "xyes" && echo " removed \"-static\" from httxt2dbm" - httxt2dbm=$apr_new_bugger + fi + else + enable_http2=no fi - fi - -fi - -fi - - APACHE_VAR_SUBST="$APACHE_VAR_SUBST httxt2dbm_LTFLAGS" + : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_http2" >&5 +$as_echo_n "checking whether to enable mod_http2... " >&6; } + if test "$enable_http2" = "no"; then + if test "$_apmod_required" = "no"; then + _apmod_extra_msg=" (disabled)" + else + as_fn_error $? "mod_http2 has been requested but can not be built due to prerequisite failures" "$LINENO" 5 + fi + fi + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_http2$_apmod_extra_msg" >&5 +$as_echo "$enable_http2$_apmod_extra_msg" >&6; } + if test "$enable_http2" != "no"; then + case "$enable_http2" in + static*) + MODLIST="$MODLIST http2" + if test "http2" = "so"; then + sharedobjs=yes + fi + shared="";; + *) + enable_http2=`echo $enable_http2|sed 's/shared,*//'` + sharedobjs=yes + shared=yes + DSO_MODULES="$DSO_MODULES http2" + if test "most" = "yes" ; then + ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},http2" + fi + ;; + esac + if test -z "$http2_objs"; then + objects="mod_http2.lo" + else + objects="$http2_objs" + fi -# Check whether --enable-static-fcgistarter was given. -if test "${enable_static_fcgistarter+set}" = set; then : - enableval=$enable_static_fcgistarter; -if test "$enableval" = "yes" ; then + if test -z "$module_standalone"; then + if test -z "$shared"; then + # The filename of a convenience library must have a "lib" prefix: + libname="libmod_http2.la" + BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname" + modpath_static="$modpath_static $libname" + cat >>$modpath_current/modules.mk<>$modpath_current/modules.mk<> $modpath_current/modules.mk + echo "static = $modpath_static" >> $modpath_current/modules.mk + echo "shared = $modpath_shared" >> $modpath_current/modules.mk + for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do + if eval val=\"\$MOD_$var\"; test -n "$val"; then + echo "MOD_$var = $val" >> $modpath_current/modules.mk + fi + done + if test ! -z "$modpath_static" -o ! -z "$modpath_shared"; then + MODULE_DIRS="$MODULE_DIRS $current_dir" + else + MODULE_CLEANDIRS="$MODULE_CLEANDIRS $current_dir" + fi -case $host in - *aix*) - # this works in any locale, unlike the default command below, which - # fails in a non-English locale if the hard limit is unlimited - # since the display of the limit will translate "unlimited", but - # ulimit only accepts English "unlimited" on input - APACHECTL_ULIMIT="ulimit -S -n unlimited" - ;; - *alpha*-dec-osf*) - # Tru64: -H is for setting, not retrieving - APACHECTL_ULIMIT="ulimit -S -n \`ulimit -h -n\`" - ;; - *) - if TMP_ULIMIT=`ulimit -H -n` && ulimit -S -n $TMP_ULIMIT >/dev/null 2>&1; then - APACHECTL_ULIMIT="ulimit -S -n \`ulimit -H -n\`" - else - APACHECTL_ULIMIT="" - fi - ;; -esac + APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $modpath_current/Makefile" - APACHE_VAR_SUBST="$APACHE_VAR_SUBST APACHECTL_ULIMIT" diff --git a/docs/conf/mime.types b/docs/conf/mime.types index b90b1658..51752426 100644 --- a/docs/conf/mime.types +++ b/docs/conf/mime.types @@ -1212,7 +1212,7 @@ audio/basic au snd # audio/lpc audio/midi mid midi kar rmi # audio/mobile-xmf -audio/mp4 mp4a +audio/mp4 m4a mp4a # audio/mp4a-latm # audio/mpa # audio/mpa-robust diff --git a/docs/manual/bind.html.de b/docs/manual/bind.html.de index 02af1105..ae257f24 100644 --- a/docs/manual/bind.html.de +++ b/docs/manual/bind.html.de @@ -18,7 +18,7 @@

    Module | Direktiven | FAQ | Glossar | Seitenindex

    Apache HTTP Server Version 2.4

    -
    +
    <-

    An Adressen und Ports binden

    @@ -217,7 +217,7 @@ var comments_identifier = 'http://httpd.apache.org/docs/2.4/bind.html'; } })(window, document); //-->
    + + +
    +

    Modules | Directives | FAQ | Glossary | Sitemap

    +

    Apache HTTP Server Version 2.4

    +
    +
    <-
    +

    Reverse Proxy Guide

    +
    +

    Available Languages:  en  | + fr  | + ja  | + ko  | + tr 

    +
    + +

    In addition to being a "basic" web server, and providing static and + dynamic content to end-users, Apache httpd (as well as most other web + servers) can also act as a reverse proxy server, also-known-as a + "gateway" server.

    + +

    In such scenarios, httpd itself does not generate or host the data, + but rather the content is obtained by one or several backend servers, + which normally have no direct connection to the external network. As + httpd receives a request from a client, the request itself is proxied + to one of these backend servers, which then handles the request, generates + the content and then sends this content back to httpd, which then + generates the actual HTTP response back to the client.

    + +

    There are numerous reasons for such an implementation, but generally + the typical rationales are due to security, high-availability, load-balancing + and centralized authentication/authorization. It is critical in these + implementations that the layout, design and architecture of the backend + infrastructure (those servers which actually handle the requests) are + insulated and protected from the outside; as far as the client is concerned, + the reverse proxy server is the sole source of all content.

    + +

    A typical implementation is below:

    +

    reverse-proxy-arch

    + +
    + +
    top
    +
    +

    Reverse Proxy

    + +
    AddType type-mdium extension [extension] ...svdhB
    Associe les extensions de noms de fichiers au type de contenu spcifi
    Alias [chemin URL] +
    Alias chemin URL chemin fichier|chemin rpertoiresvB
    Met en correspondance des URLs avec des chemins du systme de fichiers
    AliasMatch regex @@ -577,152 +577,163 @@ gmon.out.
    Group groupe unix #-1 sB
    Groupe sous lequel le serveur va traiter les requtes
    Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note +
    H2Direct on|off on (for non TLS) svE
    H2 Direct Protocol Switch
    H2MaxSessionStreams n 100 svE
    Maximum number of active streams per HTTP/2 session.
    H2MaxWorkerIdleSeconds n 600 sE
    Maximum number of seconds h2 workers remain idle until shut down.
    H2MaxWorkers nsE
    Maximum number of worker threads to use per child process.
    H2MinWorkers nsE
    Minimal number of worker threads to use per child process.
    H2SerializeHeaders on|off off svE
    Serialize Request/Resoonse Processing Switch
    H2SessionExtraFiles n 5 svE
    Number of Extra File Handles
    H2StreamMaxMemSize bytes 65536 svE
    Maximum amount of output data buffered per stream.
    H2WindowSize bytes 65536 svE
    Size of Stream Window for upstream data.
    Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note en-tte [[expr=]valeur [remplacement] [early|env=[!]variable|expr=expression]] -svdhE
    Configure les en-ttes d'une rponse HTTP
    HeaderName nom fichiersvdhB
    Nom du fichier qui sera insr au dbut de la page +svdhE
    Configure les en-ttes d'une rponse HTTP
    HeaderName nom fichiersvdhB
    Nom du fichier qui sera insr au dbut de la page contenant l'index
    HeartbeatAddress addr:portsX
    Adresse multicast laquelle envoyer les requtes +
    HeartbeatAddress addr:portsX
    Adresse multicast laquelle envoyer les requtes heartbeat
    HeartbeatListenaddr:portsX
    Adresse multicast d'coute des requtes entrantes heartbeat
    HeartbeatMaxServers nombre-de-serveurs 10 sX
    Spcifie le nombre maximal de serveurs qui pourront envoyer +
    HeartbeatListenaddr:portsX
    Adresse multicast d'coute des requtes entrantes heartbeat
    HeartbeatMaxServers nombre-de-serveurs 10 sX
    Spcifie le nombre maximal de serveurs qui pourront envoyer des requtes heartbeat ce serveur.
    HeartbeatStorage chemin fichier logs/hb.dat sX
    Chemin vers le stockage des donnes heartbeat
    HeartbeatStorage chemin-fichier logs/hb.dat sX
    Indique le chemin permettant de lire les donnes +
    HeartbeatStorage chemin fichier logs/hb.dat sX
    Chemin vers le stockage des donnes heartbeat
    HeartbeatStorage chemin-fichier logs/hb.dat sX
    Indique le chemin permettant de lire les donnes heartbeat
    HostnameLookups On|Off|Double Off svdC
    Active la recherche DNS sur les adresses IP des +
    HostnameLookups On|Off|Double Off svdC
    Active la recherche DNS sur les adresses IP des clients
    IdentityCheck On|Off Off svdE
    Active la journalisation de l'identit RFC 1413 de +
    IdentityCheck On|Off Off svdE
    Active la journalisation de l'identit RFC 1413 de l'utilisateur distant
    IdentityCheckTimeout secondes 30 svdE
    Dtermine le dlai d'attente pour les requtes +
    IdentityCheckTimeout secondes 30 svdE
    Dtermine le dlai d'attente pour les requtes ident
    <If expression> ... </If>svdhC
    Contient des directives qui ne s'appliquent que si une +
    <If expression> ... </If>svdhC
    Contient des directives qui ne s'appliquent que si une condition est satisfaite au cours du traitement d'une requte
    <IfDefine [!]paramtre> ... - </IfDefine>svdhC
    Contient des directives qui ne s'appliqueront que si un +
    <IfDefine [!]paramtre> ... + </IfDefine>svdhC
    Contient des directives qui ne s'appliqueront que si un test retourne "vrai" au dmarrage du serveur
    <IfModule [!]fichier module|identificateur -module> ... </IfModule>svdhC
    Contient des directives qui ne s'appliquent qu'en fonction +
    <IfModule [!]fichier module|identificateur +module> ... </IfModule>svdhC
    Contient des directives qui ne s'appliquent qu'en fonction de la prsence ou de l'absence d'un module spcifique
    <IfVersion [[!]operator] version> ... -</IfVersion>svdhE
    contains version dependent configuration
    ImapBase map|referer|URL http://nom_serveur/ +svdhB
    Valeur par dfaut de la directive base des +
    <IfVersion [[!]operator] version> ... +</IfVersion>svdhE
    contains version dependent configuration
    ImapBase map|referer|URL http://nom_serveur/ +svdhB
    Valeur par dfaut de la directive base des fichiers imagemap
    ImapDefault error|nocontent|map|referer|URL nocontent svdhB
    Action entreprendre par dfaut lorsqu'un fichier imagemap +
    ImapDefault error|nocontent|map|referer|URL nocontent svdhB
    Action entreprendre par dfaut lorsqu'un fichier imagemap est invoqu avec des coordonnes qui ne correspondent aucune cible
    ImapMenu none|formatted|semiformatted|unformatted formatted svdhB
    Action entreprendre si aucune coordonne n'est fournie +
    ImapMenu none|formatted|semiformatted|unformatted formatted svdhB
    Action entreprendre si aucune coordonne n'est fournie lorsqu'on invoque un fichier imagemap
    Include chemin-fichier|chemin-rpertoire|wildcardsvdC
    Inclut d'autres fichiers de configuration dans un des +
    Include chemin-fichier|chemin-rpertoire|wildcardsvdC
    Inclut d'autres fichiers de configuration dans un des fichiers de configuration du serveur
    IncludeOptional -chemin-fichier|chemin-rpertoire|wildcardsvdC
    Inclusion de fichiers dans le fichier de configuration
    IndexHeadInsert "marque ..."svdhB
    Insre du texte dans la section HEAD de la page +
    IncludeOptional +chemin-fichier|chemin-rpertoire|wildcardsvdC
    Inclusion de fichiers dans le fichier de configuration
    IndexHeadInsert "marque ..."svdhB
    Insre du texte dans la section HEAD de la page d'index.
    IndexIgnore fichier [fichier] ... "." svdhB
    Ajouts la liste des fichiers cacher lors de l'affichage +
    IndexIgnore fichier [fichier] ... "." svdhB
    Ajouts la liste des fichiers cacher lors de l'affichage de l'index d'un rpertoire
    IndexIgnoreReset ON|OFFsvdhB
    Vide la liste des fichiers cacher lors de l'affichage du +
    IndexIgnoreReset ON|OFFsvdhB
    Vide la liste des fichiers cacher lors de l'affichage du contenu d'un rpertoire
    IndexOptions [+|-]option [[+|-]option] -...svdhB
    Diverses options de configuration pour l'indexation d'un +
    IndexOptions [+|-]option [[+|-]option] +...svdhB
    Diverses options de configuration pour l'indexation d'un rpertoire
    IndexOrderDefault Ascending|Descending -Name|Date|Size|Description Ascending Name svdhB
    Dfinit l'ordre d'affichage par dfaut d'un index de +
    IndexOrderDefault Ascending|Descending +Name|Date|Size|Description Ascending Name svdhB
    Dfinit l'ordre d'affichage par dfaut d'un index de rpertoire
    IndexStyleSheet chemin-urlsvdhB
    Ajoute une feuille de style CSS l'index du +
    IndexStyleSheet chemin-urlsvdhB
    Ajoute une feuille de style CSS l'index du rpertoire
    InputSed commande-seddh
    Commande sed excuter pour le filtrage des donnes d'une +
    InputSed commande-seddh
    Commande sed excuter pour le filtrage des donnes d'une requte (en gnral des donnes POST)
    ISAPIAppendLogToErrors on|off off svdhB
    Enregistrement des requtes +
    ISAPIAppendLogToErrors on|off off svdhB
    Enregistrement des requtes HSE_APPEND_LOG_PARAMETER de la part des extensions ISAPI dans le journal des erreurs
    ISAPIAppendLogToQuery on|off on svdhB
    Enregistre les requtes +
    ISAPIAppendLogToQuery on|off on svdhB
    Enregistre les requtes HSE_APPEND_LOG_PARAMETER de la part des extensions ISAPI dans la partie arguments de la requte
    ISAPICacheFile chemin-fichier +
    ISAPICacheFile chemin-fichier [chemin-fichier] -...svB
    Fichiers .dll ISAPI devant tre chargs au +...svB
    Fichiers .dll ISAPI devant tre chargs au dmarrage
    ISAPIFakeAsync on|off off svdhB
    Emulation du support des entres/sorties asynchrones pour +
    ISAPIFakeAsync on|off off svdhB
    Emulation du support des entres/sorties asynchrones pour les appels ISAPI
    ISAPILogNotSupported on|off off svdhB
    Journalisation des demandes de fonctionnalits non +
    ISAPILogNotSupported on|off off svdhB
    Journalisation des demandes de fonctionnalits non supportes de la part des extensions ISAPI
    ISAPIReadAheadBuffer taille 49152 svdhB
    Taille du tampon de lecture anticipe envoy aux extensions +
    ISAPIReadAheadBuffer taille 49152 svdhB
    Taille du tampon de lecture anticipe envoy aux extensions ISAPI
    KeepAlive On|Off On svC
    Active les connexions HTTP persistantes
    KeepAliveTimeout nombre[ms] 5 svC
    Dure pendant laquelle le serveur va attendre une requte +
    KeepAlive On|Off On svC
    Active les connexions HTTP persistantes
    KeepAliveTimeout nombre[ms] 5 svC
    Dure pendant laquelle le serveur va attendre une requte avant de fermer une connexion persistante
    KeptBodySize taille maximale en octets 0 dB
    Conserve le corps de la requte concurrence de la taille +
    KeptBodySize taille maximale en octets 0 dB
    Conserve le corps de la requte concurrence de la taille maximale spcifie, pour une utilisation ventuelle par des filtres comme mod_include.
    LanguagePriority langage-MIME [langage-MIME] -...svdhB
    L'ordre de priorit des variantes de langages pour les +
    LanguagePriority langage-MIME [langage-MIME] +...svdhB
    L'ordre de priorit des variantes de langages pour les cas o le client n'a pas formul de prfrences
    LDAPCacheEntries nombre 1024 sE
    Nombre maximum d'entres dans le cache LDAP +
    LDAPCacheEntries nombre 1024 sE
    Nombre maximum d'entres dans le cache LDAP primaire
    LDAPCacheTTL secondes 600 sE
    Dure pendant laquelle les entres du cache restent +
    LDAPCacheTTL secondes 600 sE
    Dure pendant laquelle les entres du cache restent valides.
    LDAPConnectionPoolTTL n -1 svE
    Dsactive les connexions d'arrire-plan qui sont restes +
    LDAPConnectionPoolTTL n -1 svE
    Dsactive les connexions d'arrire-plan qui sont restes inactives trop longtemps au sein du jeu de connexions.
    LDAPConnectionTimeout secondessE
    Spcifie le dlai d'attente en secondes de la socket de +
    LDAPConnectionTimeout secondessE
    Spcifie le dlai d'attente en secondes de la socket de connexion
    LDAPLibraryDebug 7sE
    Active le dbogage dans le SDK LDAP
    LDAPOpCacheEntries nombre 1024 sE
    Nombre d'entres utilises pour mettre en cache les +
    LDAPLibraryDebug 7sE
    Active le dbogage dans le SDK LDAP
    LDAPOpCacheEntries nombre 1024 sE
    Nombre d'entres utilises pour mettre en cache les oprations de comparaison LDAP
    LDAPOpCacheTTL secondes 600 sE
    Dure pendant laquelle les entres du cache d'oprations +
    LDAPOpCacheTTL secondes 600 sE
    Dure pendant laquelle les entres du cache d'oprations restent valides
    LDAPReferralHopLimit nombredhE
    Le nombre maximum de redirections vers des serveurs +
    LDAPReferralHopLimit nombredhE
    Le nombre maximum de redirections vers des serveurs alternatifs (referrals) avant l'abandon de la requte LDAP.
    LDAPReferrals On|Off|default On dhE
    Active la redirection vers des serveurs alternatifs au +
    LDAPReferrals On|Off|default On dhE
    Active la redirection vers des serveurs alternatifs au cours des requtes vers le serveur LDAP.
    LDAPRetries nombre d'essais 3 sE
    Dfinit le nombre maximum de tentatives de connexions au +
    LDAPRetries nombre d'essais 3 sE
    Dfinit le nombre maximum de tentatives de connexions au serveur LDAP.
    LDAPRetryDelay secondes 0 sE
    Dfinit le temps d'attente avant un autre essai de connexion au +
    LDAPRetryDelay secondes 0 sE
    Dfinit le temps d'attente avant un autre essai de connexion au serveur LDAP.
    LDAPSharedCacheFile chemin/fichiersE
    Dfinit le fichier du cache en mmoire +
    LDAPSharedCacheFile chemin/fichiersE
    Dfinit le fichier du cache en mmoire partage
    LDAPSharedCacheSize octets 500000 sE
    Taille en octets du cache en mmoire partage
    LDAPTimeout secondes 60 sE
    Spcifie le dlai d'attente pour les oprations de +
    LDAPSharedCacheSize octets 500000 sE
    Taille en octets du cache en mmoire partage
    LDAPTimeout secondes 60 sE
    Spcifie le dlai d'attente pour les oprations de recherche et d'identification LDAP en secondes
    LDAPTrustedClientCert type -chemin/nom-fichier/alias [mot de passe]svdhE
    Dfinit le nom de fichier contenant un certificat client ou +
    LDAPTrustedClientCert type +chemin/nom-fichier/alias [mot de passe]svdhE
    Dfinit le nom de fichier contenant un certificat client ou un alias renvoyant vers un certificat client spcifique une connexion. Tous les SDK LDAP ne supportent pas les certificats clients par connexion.
    LDAPTrustedGlobalCert type -chemin/nom-fichier [mot de passe]sE
    Dfinit le nom de fichier ou la base de donnes contenant +
    LDAPTrustedGlobalCert type +chemin/nom-fichier [mot de passe]sE
    Dfinit le nom de fichier ou la base de donnes contenant les Autorits de Certification de confiance globales ou les certificats clients globaux
    LDAPTrustedMode typesvE
    Spcifie le mode (SSL ou TLS) utiliser lors de la +
    LDAPTrustedMode typesvE
    Spcifie le mode (SSL ou TLS) utiliser lors de la connexion un serveur LDAP.
    LDAPVerifyServerCert On|Off On sE
    Force la vrification du certificat du +
    LDAPVerifyServerCert On|Off On sE
    Force la vrification du certificat du serveur
    <Limit mthode [mthode] ... > ... - </Limit>dhC
    Limite les contrles d'accs que la section contient +
    <Limit mthode [mthode] ... > ... + </Limit>dhC
    Limite les contrles d'accs que la section contient certaines mthodes HTTP
    <LimitExcept mthode [mthode] ... > ... - </LimitExcept>dhC
    Applique les contrles d'accs toutes les mthodes HTTP, +
    <LimitExcept mthode [mthode] ... > ... + </LimitExcept>dhC
    Applique les contrles d'accs toutes les mthodes HTTP, sauf celles qui sont spcifies
    LimitInternalRecursion nombre [nombre] 10 svC
    Dtermine le nombre maximal de redirections internes et de +
    LimitInternalRecursion nombre [nombre] 10 svC
    Dtermine le nombre maximal de redirections internes et de sous-requtes imbriques
    LimitRequestBody octets 0 svdhC
    limite la taille maximale du corps de la requte HTTP +
    LimitRequestBody octets 0 svdhC
    limite la taille maximale du corps de la requte HTTP envoye par le client
    LimitRequestFields nombre 100 svC
    Limite le nombre de champs d'en-tte autoriss dans une +
    LimitRequestFields nombre 100 svC
    Limite le nombre de champs d'en-tte autoriss dans une requte HTTP
    LimitRequestFieldSize octets 8190 svC
    Ddinit la taille maximale autorise d'un en-tte de +
    LimitRequestFieldSize octets 8190 svC
    Ddinit la taille maximale autorise d'un en-tte de requte HTTP
    LimitRequestLine octets 8190 svC
    Dfinit la taille maximale d'une ligne de requte +
    LimitRequestLine octets 8190 svC
    Dfinit la taille maximale d'une ligne de requte HTTP
    LimitXMLRequestBody octets 1000000 svdhC
    Dfinit la taille maximale du corps d'une requte au format +
    LimitXMLRequestBody octets 1000000 svdhC
    Dfinit la taille maximale du corps d'une requte au format XML
    Listen [adresse IP:]numro port -[protocole]sM
    Les adresses IP et ports sur lesquels le serveur coute
    ListenBacklog backlogsM
    Longueur maximale de la liste d'attente des +
    Listen [adresse IP:]numro port +[protocole]sM
    Les adresses IP et ports sur lesquels le serveur coute
    ListenBacklog backlogsM
    Longueur maximale de la liste d'attente des connexions
    ListenCoresBucketsRatio ratio 0 (disabled) sM
    Rapport entre le nombre de coeurs de processeur activs et +le nombre de segments d'coute
    LoadFile nom-fichier [nom-fichier] ...svE
    Liaison du fichier objet ou de la bibliothque spcifi
    LoadModule module nom-fichiersvE
    Liaison avec le serveur du fichier objet ou de la @@ -805,495 +816,500 @@ simultan inactifs
    MaxSpareThreads nombresM
    Nombre maximum de threads inactifs
    MaxThreads nombre 2048 sM
    Dfinit le nombre maximum de threads esclaves
    MergeTrailers [on|off] off svC
    Dtermine si les donnes supplmentaires (trailers) sont +
    MemcacheConnTTL num[units] 15s svE
    Dure de conservation des connexions inactives
    MergeTrailers [on|off] off svC
    Dtermine si les donnes supplmentaires (trailers) sont fusionnes avec les en-ttes
    MetaDir rpertoire .web svdhE
    Le nom du rpertoire o trouver les fichiers de +
    MetaDir rpertoire .web svdhE
    Le nom du rpertoire o trouver les fichiers de mtainformations dans le style du CERN
    MetaFiles on|off off svdhE
    Active le traitement des mtafichiers du CERN
    MetaSuffix suffixe .meta svdhE
    Suffixe du fichier contenant les mtainformations dans le +
    MetaFiles on|off off svdhE
    Active le traitement des mtafichiers du CERN
    MetaSuffix suffixe .meta svdhE
    Suffixe du fichier contenant les mtainformations dans le style du CERN
    MimeMagicFile chemin-fichiersvE
    Active la dtermination du type MIME en se basant sur le +
    MimeMagicFile chemin-fichiersvE
    Active la dtermination du type MIME en se basant sur le contenu du fichier et en utilisant le fichier magique spcifi
    MinSpareServers nombre 5 sM
    Nombre minimum de processus serveurs enfants +
    MinSpareServers nombre 5 sM
    Nombre minimum de processus serveurs enfants inactifs
    MinSpareThreads nombresM
    Nombre minimum de threads inactifs qui seront disponibles +
    MinSpareThreads nombresM
    Nombre minimum de threads inactifs qui seront disponibles pour pouvoir traiter les pics de requtes
    MMapFile chemin fichier [chemin fichier] ...sX
    Charge au dmarrage une liste de fichiers en mmoire
    ModemStandard V.21|V.26bis|V.32|V.92dX
    Standard de modem simuler
    ModMimeUsePathInfo On|Off Off dB
    Indique mod_mime de traiter les lments +
    MMapFile chemin fichier [chemin fichier] ...sX
    Charge au dmarrage une liste de fichiers en mmoire
    ModemStandard V.21|V.26bis|V.32|V.92dX
    Standard de modem simuler
    ModMimeUsePathInfo On|Off Off dB
    Indique mod_mime de traiter les lments de path_info en tant que parties du nom de fichier
    MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers -[Handlers|Filters] NegotiatedOnly svdhB
    Les types de fichiers qui seront inclus lors d'une +
    MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers +[Handlers|Filters] NegotiatedOnly svdhB
    Les types de fichiers qui seront inclus lors d'une recherche de correspondance de fichier avec les vues multiples (MultiViews)
    Mutex mcanisme [default|nom-mutex] ... [OmitPID] default sC
    Dfinit les mcanismes de mutex et le repertoire du fichier +
    Mutex mcanisme [default|nom-mutex] ... [OmitPID] default sC
    Dfinit les mcanismes de mutex et le repertoire du fichier verrou pour tous les mutex ou seulement les mutex spcifis
    NameVirtualHost adresse[:port]sC
    OBSOLETE : Dfinit une adresse IP pour les serveurs virtuels base de +
    NameVirtualHost adresse[:port]sC
    OBSOLETE : Dfinit une adresse IP pour les serveurs virtuels base de nom
    NoProxy domaine [domaine] ...svE
    Serveurs, domaines ou rseaux auquels on se connectera +
    NoProxy domaine [domaine] ...svE
    Serveurs, domaines ou rseaux auquels on se connectera directement
    NWSSLTrustedCerts nom-fichier -[nom-fichier] ...sB
    Liste de certificats clients supplmentaires
    NWSSLUpgradeable [adresse-IP:]num-portsB
    Permet de promouvoir une connexion non SSL au statut de +
    NWSSLTrustedCerts nom-fichier +[nom-fichier] ...sB
    Liste de certificats clients supplmentaires
    NWSSLUpgradeable [adresse-IP:]num-portsB
    Permet de promouvoir une connexion non SSL au statut de connexion SSL la demande
    Options - [+|-]option [[+|-]option] ... FollowSymlinks svdhC
    Dfinit les fonctionnalits disponibles pour un rpertoire +
    Options + [+|-]option [[+|-]option] ... FollowSymlinks svdhC
    Dfinit les fonctionnalits disponibles pour un rpertoire particulier
    Order ordre Deny,Allow dhE
    Dfinit le statut d'accs par dfaut et l'ordre dans lequel +
    Order ordre Deny,Allow dhE
    Dfinit le statut d'accs par dfaut et l'ordre dans lequel les directives Allow et Deny sont values.
    OutputSed commande-seddh
    Commande sed pour le filtrage des contenus de type +
    OutputSed commande-seddh
    Commande sed pour le filtrage des contenus de type rponse
    PassEnv var-env [var-env] -...svdhB
    Transmet des variables d'environnement depuis le +
    PassEnv var-env [var-env] +...svdhB
    Transmet des variables d'environnement depuis le shell
    PidFile nom fichier logs/httpd.pid sM
    Ficher dans lequel le serveur enregistre l'identificateur +
    PidFile nom fichier logs/httpd.pid sM
    Ficher dans lequel le serveur enregistre l'identificateur de processus du dmon
    PrivilegesMode FAST|SECURE|SELECTIVE FAST svdX
    Fait un compromis entre d'une part l'efficacit et la +
    PrivilegesMode FAST|SECURE|SELECTIVE FAST svdX
    Fait un compromis entre d'une part l'efficacit et la vitesse de traitement et d'autre part la scurit l'encontre des codes malicieux supportant les privilges.
    Protocol protocolesvC
    Protocole pour une socket d'coute
    ProtocolEcho On|Off Off svX
    Active ou dsactive le serveur d'cho
    <Proxy url-avec-jokers> ...</Proxy>svE
    Conteneur de directives s'appliquant des ressources +
    Protocol protocolesvC
    Protocole pour une socket d'coute
    ProtocolEcho On|Off Off svX
    Active ou dsactive le serveur d'cho
    Protocols protocole ... http/1.1 svC
    Protocoles disponibles pour un serveur virtuel ou non
    ProtocolsHonorOrder On|Off On svC
    Dtermine qui du client ou du serveur dtermine l'ordre + des protocoles au cours de la ngociation de la connexion
    <Proxy url-avec-jokers> ...</Proxy>svE
    Conteneur de directives s'appliquant des ressources mandates
    ProxyAddHeaders Off|On On svdE
    Ajoute des informations propos du mandataire aux +
    ProxyAddHeaders Off|On On svdE
    Ajoute des informations propos du mandataire aux en-ttes X-Forwarded-*
    ProxyBadHeader IsError|Ignore|StartBody IsError svE
    Dtermine la manire de traiter les lignes d'en-tte +
    ProxyBadHeader IsError|Ignore|StartBody IsError svE
    Dtermine la manire de traiter les lignes d'en-tte incorrectes d'une rponse
    ProxyBlock *|terme|serveur|domaine -[terme|serveur|domaine] ...svE
    Termes, serveurs ou domaines bloqus par le +
    ProxyBlock *|terme|serveur|domaine +[terme|serveur|domaine] ...svE
    Termes, serveurs ou domaines bloqus par le mandataire
    ProxyDomain DomainesvE
    Nom de domaine par dfaut pour les requtes +
    ProxyDomain DomainesvE
    Nom de domaine par dfaut pour les requtes mandates
    ProxyErrorOverride On|Off Off svdE
    Outrepasser les pages d'erreur pour les contenus +
    ProxyErrorOverride On|Off Off svdE
    Outrepasser les pages d'erreur pour les contenus mandats
    ProxyExpressDBMFile <chemin>svE
    Chemin du fichier DBM.
    ProxyExpressDBMFile <type>svE
    Type de fichier DBM.
    ProxyExpressEnable [on|off]svE
    Active la fonctionnalit du module.
    ProxyFtpDirCharset jeu-caractres ISO-8859-1 svdE
    Dfinit le jeu de caractres des listings FTP +
    ProxyExpressDBMFile <chemin>svE
    Chemin du fichier DBM.
    ProxyExpressDBMFile <type>svE
    Type de fichier DBM.
    ProxyExpressEnable [on|off]svE
    Active la fonctionnalit du module.
    ProxyFtpDirCharset jeu-caractres ISO-8859-1 svdE
    Dfinit le jeu de caractres des listings FTP mandats
    ProxyFtpEscapeWildcards [on|off]svdE
    Les caractres gnriques dans les noms de fichiers +
    ProxyFtpEscapeWildcards [on|off]svdE
    Les caractres gnriques dans les noms de fichiers doivent-ils tre chapps lorsqu'ils sont envoys au serveur FTP ?
    ProxyFtpListOnWildcard [on|off]svdE
    Les caractres gnriques dans les noms de fichiers +
    ProxyFtpListOnWildcard [on|off]svdE
    Les caractres gnriques dans les noms de fichiers demands doivent-ils dclencher l'affichage d'un listing ?
    ProxyHTMLBufSize nb-octetssvdB
    Dfinit l'incrment de la taille du tampon, ainsi que sa +
    ProxyHTMLBufSize nb-octetssvdB
    Dfinit l'incrment de la taille du tampon, ainsi que sa taille initiale, pour la mise en tampon des scripts en ligne et des feuilles de style.
    ProxyHTMLCharsetOut jeu-de-caractres | *svdB
    Spcifie un jeu de caractres pour la sortie de +
    ProxyHTMLCharsetOut jeu-de-caractres | *svdB
    Spcifie un jeu de caractres pour la sortie de mod_proxy_html.
    ProxyHTMLDocType HTML|XHTML [Legacy]
    OU -
    ProxyHTMLDocType fpi [SGML|XML]    		svdB
    Dfinit une dclaration de type de document HTML ou XHTML.
    ProxyHTMLEnable On|Off Off svdB
    Permet d'activer/dsactiver le filtre proxy_html.
    ProxyHTMLEvents attribut [attribut ...]svdB
    Spcifie les attributs traiter comme des vnements de +
    ProxyHTMLDocType HTML|XHTML [Legacy]
    OU +
    ProxyHTMLDocType fpi [SGML|XML]    		svdB
    Dfinit une dclaration de type de document HTML ou XHTML.
    ProxyHTMLEnable On|Off Off svdB
    Permet d'activer/dsactiver le filtre proxy_html.
    ProxyHTMLEvents attribut [attribut ...]svdB
    Spcifie les attributs traiter comme des vnements de type scripting.
    ProxyHTMLExtended On|Off Off svdB
    Dtermine si l'on doit corriger les liens dans les scripts +
    ProxyHTMLExtended On|Off Off svdB
    Dtermine si l'on doit corriger les liens dans les scripts en ligne, les feuilles de style et les vnements de type scripting.
    ProxyHTMLFixups [lowercase] [dospath] [reset]svdB
    Corrige les erreurs HTML simples.
    ProxyHTMLInterp On|Off Off svdB
    Active la rinterprtation des rgles +
    ProxyHTMLFixups [lowercase] [dospath] [reset]svdB
    Corrige les erreurs HTML simples.
    ProxyHTMLInterp On|Off Off svdB
    Active la rinterprtation des rgles ProxyHTMLURLMap pour chaque requte.
    ProxyHTMLLinks lment attribut [attribut2 ...]svdB
    Spcifie les lments HTML dont les attributs d'URL doivent +
    ProxyHTMLLinks lment attribut [attribut2 ...]svdB
    Spcifie les lments HTML dont les attributs d'URL doivent tre rcrits.
    ProxyHTMLMeta On|Off Off svdB
    Active ou dsactive une printerprtation supplmentaire +
    ProxyHTMLMeta On|Off Off svdB
    Active ou dsactive une printerprtation supplmentaire des mtadonnes dans les sections HTML <head>.
    ProxyHTMLStripComments On|Off Off svdB
    Dtermine si les commentaires HTML doivent tre supprims.
    ProxyHTMLURLMap modle-source modle-cible [drapeaux] [cond]svdB
    Dfinit une rgle de rcriture des liens HTML
    ProxyIOBufferSize octets 8192 svE
    Dtermine la taille du tampon interne de transfert de +
    ProxyHTMLStripComments On|Off Off svdB
    Dtermine si les commentaires HTML doivent tre supprims.
    ProxyHTMLURLMap modle-source modle-cible [drapeaux] [cond]svdB
    Dfinit une rgle de rcriture des liens HTML
    ProxyIOBufferSize octets 8192 svE
    Dtermine la taille du tampon interne de transfert de donnes
    <ProxyMatch regex> ...</ProxyMatch>svE
    Conteneur de directives s'appliquant des ressources +
    <ProxyMatch regex> ...</ProxyMatch>svE
    Conteneur de directives s'appliquant des ressources mandates correspondant une expression rationnelle
    ProxyMaxForwards nombre -1 svE
    Nombre maximum de mandataires travers lesquelles une +
    ProxyMaxForwards nombre -1 svE
    Nombre maximum de mandataires travers lesquelles une requte peut tre redirige
    ProxyPass [chemin] !|url [cl=valeur - [cl=valeur ...]] [nocanon] [interpolate] [noquery]svdE
    Rfrencer des serveurs distants depuis +
    ProxyPass [chemin] !|url [cl=valeur + [cl=valeur ...]] [nocanon] [interpolate] [noquery]svdE
    Rfrencer des serveurs distants depuis l'espace d'URLs du serveur local
    ProxyPassInherit On|Off On svE
    Hritage des directives ProxyPass dfinies au niveau du +
    ProxyPassInherit On|Off On svE
    Hritage des directives ProxyPass dfinies au niveau du serveur principal
    ProxyPassInterpolateEnv On|Off Off svdE
    Active l'interpolation des variables d'environnement dans +
    ProxyPassInterpolateEnv On|Off Off svdE
    Active l'interpolation des variables d'environnement dans les configurations de mandataires inverses
    ProxyPassMatch [regex] !|url +
    ProxyPassMatch [regex] !|url [cl=valeur - [cl=valeur ...]]svdE
    Fait correspondre des serveurs distants dans l'espace d'URL + [cl=valeur ...]]svdE
    Fait correspondre des serveurs distants dans l'espace d'URL du serveur local en utilisant des expressions rationnelles
    ProxyPassReverse [chemin] url -[interpolate]svdE
    Ajuste l'URL dans les en-ttes de la rponse HTTP envoye +
    ProxyPassReverse [chemin] url +[interpolate]svdE
    Ajuste l'URL dans les en-ttes de la rponse HTTP envoye par un serveur mandat en inverse
    ProxyPassReverseCookieDomain domaine-interne -domaine-public [interpolate]svdE
    Ajuste la chane correspondant au domaine dans les en-ttes +
    ProxyPassReverseCookieDomain domaine-interne +domaine-public [interpolate]svdE
    Ajuste la chane correspondant au domaine dans les en-ttes Set-Cookie en provenance d'un serveur mandat
    ProxyPassReverseCookiePath chemin-interne -chemin-public [interpolate]svdE
    Ajuste la chane correspondant au chemin dans les en-ttes +
    ProxyPassReverseCookiePath chemin-interne +chemin-public [interpolate]svdE
    Ajuste la chane correspondant au chemin dans les en-ttes Set-Cookie en provenance d'un serveur mandat
    ProxyPreserveHost On|Off Off svdE
    Utilise l'en-tte de requte entrante Host pour la requte +
    ProxyPreserveHost On|Off Off svdE
    Utilise l'en-tte de requte entrante Host pour la requte du mandataire
    ProxyReceiveBufferSize octets 0 svE
    Taille du tampon rseau pour les connexions mandates HTTP +
    ProxyReceiveBufferSize octets 0 svE
    Taille du tampon rseau pour les connexions mandates HTTP et FTP
    ProxyRemote comparaison serveur-distantsvE
    Mandataire distant utiliser pour traiter certaines +
    ProxyRemote comparaison serveur-distantsvE
    Mandataire distant utiliser pour traiter certaines requtes
    ProxyRemoteMatch regex serveur-distantsvE
    Le mandataire distant utiliser pour traiter les requtes +
    ProxyRemoteMatch regex serveur-distantsvE
    Le mandataire distant utiliser pour traiter les requtes correspondant une expression rationnelle
    ProxyRequests On|Off Off svE
    Active la fonctionnalit (standard) de mandataire +
    ProxyRequests On|Off Off svE
    Active la fonctionnalit (standard) de mandataire direct
    ProxySCGIInternalRedirect On|Off|Headername On svdE
    Active ou dsactive les rponses de redirection interne en +
    ProxySCGIInternalRedirect On|Off|Headername On svdE
    Active ou dsactive les rponses de redirection interne en provenance du serveur cible.
    ProxySCGISendfile On|Off|nom-en-tte Off svdE
    Active l'valuation du pseudo en-tte de rponse +
    ProxySCGISendfile On|Off|nom-en-tte Off svdE
    Active l'valuation du pseudo en-tte de rponse X-Sendfile
    ProxySet url cl=valeur [cl=valeur ...]dE
    Dfinit diffrents paramtres relatifs la rpartition de +
    ProxySet url cl=valeur [cl=valeur ...]dE
    Dfinit diffrents paramtres relatifs la rpartition de charge des mandataires et aux membres des groupes de rpartition de charge
    ProxySourceAddress adressesvE
    Dfinit l'adresse IP locale pour les connexions mandates +
    ProxySourceAddress adressesvE
    Dfinit l'adresse IP locale pour les connexions mandates sortantes
    ProxyStatus Off|On|Full Off svE
    Affiche l'tat du rpartiteur de charge du mandataire dans +
    ProxyStatus Off|On|Full Off svE
    Affiche l'tat du rpartiteur de charge du mandataire dans mod_status
    ProxyTimeout secondessvE
    Dlai d'attente rseau pour les requtes +
    ProxyTimeout secondessvE
    Dlai d'attente rseau pour les requtes mandates
    ProxyVia On|Off|Full|Block Off svE
    Information fournie dans l'en-tte de rponse HTTP +
    ProxyVia On|Off|Full|Block Off svE
    Information fournie dans l'en-tte de rponse HTTP Via pour les requtes mandates
    ReadmeName nom-fichiersvdhB
    Nom du fichier dont le contenu sera insr la fin de +
    ReadmeName nom-fichiersvdhB
    Nom du fichier dont le contenu sera insr la fin de l'index
    ReceiveBufferSize octets 0 sM
    Taille du tampon TCP en entre
    Redirect [tat] [chemin URL] -URLsvdhB
    Envoie une redirection externe demandant au client +
    ReceiveBufferSize octets 0 sM
    Taille du tampon TCP en entre
    Redirect [tat] chemin URL +URLsvdhB
    Envoie une redirection externe demandant au client d'effectuer une autre requte avec une URL diffrente
    RedirectMatch [tat] regex -URLsvdhB
    Envoie une redirection externe faisant appel aux +
    RedirectMatch [tat] regex +URLsvdhB
    Envoie une redirection externe faisant appel aux expressions rationnelles pour la mise en correspondance de l'URL courante
    RedirectPermanent chemin URL URLsvdhB
    Envoie une redirection externe permanente demandant au +
    RedirectPermanent chemin URL URLsvdhB
    Envoie une redirection externe permanente demandant au client d'effectuer une nouvelle requte avec une URL diffrente
    RedirectTemp chemin URL URLsvdhB
    Envoie une redirection externe temporaire demandant au +
    RedirectTemp chemin URL URLsvdhB
    Envoie une redirection externe temporaire demandant au client d'effectuer une nouvelle requte avec une URL diffrente
    ReflectorHeader en-tte-entre [en-tte-sortie]svdhB
    Rflchit un en-tte d'entre dans les en-ttes de sortie
    RemoteIPHeader en-ttesvB
    Dfinit le champ d'en-tte qui contiendra les adresses IP +
    ReflectorHeader en-tte-entre [en-tte-sortie]svdhB
    Rflchit un en-tte d'entre dans les en-ttes de sortie
    RemoteIPHeader en-ttesvB
    Dfinit le champ d'en-tte qui contiendra les adresses IP du client
    RemoteIPInternalProxy -ip-mandataire|ip-mandataire/sous-rseau|nom-hte ...svB
    Dclare les adresses IP intranet clients comme dignes de +
    RemoteIPInternalProxy +ip-mandataire|ip-mandataire/sous-rseau|nom-hte ...svB
    Dclare les adresses IP intranet clients comme dignes de confiance pour prsenter la valeur RemoteIPHeader
    RemoteIPInternalProxyList nom-fichiersvB
    Dclare les adresses IP intranet clients comme dignes de +
    RemoteIPInternalProxyList nom-fichiersvB
    Dclare les adresses IP intranet clients comme dignes de confiance pour prsenter la valeur RemoteIPHeader
    RemoteIPProxiesHeader Nom_en-ttesvB
    Dclare le champ d'en-tte qui contiendra toutes les +
    RemoteIPProxiesHeader Nom_en-ttesvB
    Dclare le champ d'en-tte qui contiendra toutes les adresses IP intermdiaires
    RemoteIPTrustedProxy -ip-mandataire|ip-mandataire/sous-rseau|nom-hte ...svB
    Dclare les adresses IP intranet clients comme dignes de +
    RemoteIPTrustedProxy +ip-mandataire|ip-mandataire/sous-rseau|nom-hte ...svB
    Dclare les adresses IP intranet clients comme dignes de confiance pour prsenter la valeur RemoteIPHeader
    RemoteIPTrustedProxyList nom-fichiersvB
    Dclare les adresses IP intranet clients comme dignes de +
    RemoteIPTrustedProxyList nom-fichiersvB
    Dclare les adresses IP intranet clients comme dignes de confiance pour prsenter la valeur RemoteIPHeader
    RemoveCharset extension [extension] -...vdhB
    Supprime toute association de jeu de caractres pour un +
    RemoveCharset extension [extension] +...vdhB
    Supprime toute association de jeu de caractres pour un ensemble d'extensions de noms de fichiers
    RemoveEncoding extension [extension] -...vdhB
    Supprime toute association de codage de contenu pour un +
    RemoveEncoding extension [extension] +...vdhB
    Supprime toute association de codage de contenu pour un ensemble d'extensions de noms de fichiers
    RemoveHandler extension [extension] -...vdhB
    Supprime toute association de gestionnaire un ensemble +
    RemoveHandler extension [extension] +...vdhB
    Supprime toute association de gestionnaire un ensemble d'extensions de noms de fichiers
    RemoveInputFilter extension [extension] -...vdhB
    Supprime toute association de filtre en entre un +
    RemoveInputFilter extension [extension] +...vdhB
    Supprime toute association de filtre en entre un ensemble d'extensions de noms de fichiers
    RemoveLanguage extension [extension] -...vdhB
    Supprime toute association de langue un ensemble +
    RemoveLanguage extension [extension] +...vdhB
    Supprime toute association de langue un ensemble d'extensions de noms de fichiers
    RemoveOutputFilter extension [extension] -...vdhB
    Supprime toute association de filtre en sortie un +
    RemoveOutputFilter extension [extension] +...vdhB
    Supprime toute association de filtre en sortie un ensemble d'extensions de noms de fichiers
    RemoveType extension [extension] -...vdhB
    Supprime toute association de type de contenu un ensemble +
    RemoveType extension [extension] +...vdhB
    Supprime toute association de type de contenu un ensemble d'extensions de noms de fichiers
    RequestHeader add|append|edit|edit*|merge|set|setifempty|unset +
    RequestHeader add|append|edit|edit*|merge|set|setifempty|unset en-tte [[expr=]valeur [remplacement] [early|env=[!]variable|expr=expression]] -svdhE
    Configure les en-ttes d'une requte HTTP
    RequestReadTimeout +svdhE
    Configure les en-ttes d'une requte HTTP
    RequestReadTimeout [header=dlai[-dlai-maxi][,MinRate=taux-mini] [body=dlai[-dlai-maxi][,MinRate=taux-mini] -svE
    Dfinit des dlais maximums pour la rception des en-ttes +svE
    Dfinit des dlais maximums pour la rception des en-ttes et corps des requtes en provenance du client.
    Require [not] nom-entit [nom-entit] -...dhB
    Vrifie si un utilisateur authentifi a une +
    Require [not] nom-entit [nom-entit] +...dhB
    Vrifie si un utilisateur authentifi a une autorisation d'accs accorde par un fournisseur d'autorisation.
    <RequireAll> ... </RequireAll>dhB
    Regroupe plusieurs directives d'autorisation dont aucune ne +
    <RequireAll> ... </RequireAll>dhB
    Regroupe plusieurs directives d'autorisation dont aucune ne doit chouer et dont au moins une doit retourner un rsultat positif pour que la directive globale retourne elle-mme un rsultat positif.
    <RequireAny> ... </RequireAny>dhB
    Regroupe des directives d'autorisation dont au moins une +
    <RequireAny> ... </RequireAny>dhB
    Regroupe des directives d'autorisation dont au moins une doit retourner un rsultat positif pour que la directive globale retourne elle-mme un rsultat positif.
    <RequireNone> ... </RequireNone>dhB
    Regroupe des directives d'autorisation dont aucune ne doit +
    <RequireNone> ... </RequireNone>dhB
    Regroupe des directives d'autorisation dont aucune ne doit retourner un rsultat positif pour que la directive globale n'choue pas.
    RewriteBase chemin_URLdhE
    Dfinit l'URL de base pour les rcritures au niveau +
    RewriteBase chemin_URLdhE
    Dfinit l'URL de base pour les rcritures au niveau rpertoire
    RewriteCond - chane_de_test expression_de_comparaisonsvdhE
    Dfinit une condition qui devra tre satisfaite pour que +
    RewriteCond + chane_de_test expression_de_comparaisonsvdhE
    Dfinit une condition qui devra tre satisfaite pour que la rcriture soit effectue
    RewriteEngine on|off off svdhE
    Active ou dsactive l'excution du +
    RewriteEngine on|off off svdhE
    Active ou dsactive l'excution du moteur de rcriture
    RewriteMap nom_de_la_correspondance type_de_correspondance:source_de_la_correspondance -svE
    Dfinit une fonction de mise en correspondance pour la +
    RewriteMap nom_de_la_correspondance type_de_correspondance:source_de_la_correspondance +svE
    Dfinit une fonction de mise en correspondance pour la recherche de mots-cls
    RewriteOptions OptionssvdhE
    Configure certaines options spciales +
    RewriteOptions OptionssvdhE
    Configure certaines options spciales pour le moteur de rcriture
    RewriteRule - Modle Substitution [drapeaux]svdhE
    Dfinit les rgles pour le moteur de rcriture
    RLimitCPU secondes|max [secondes|max]svdhC
    Limite le temps CPU allou aux processus initis par les +
    RewriteRule + Modle Substitution [drapeaux]svdhE
    Dfinit les rgles pour le moteur de rcriture
    RLimitCPU secondes|max [secondes|max]svdhC
    Limite le temps CPU allou aux processus initis par les processus enfants d'Apache httpd
    RLimitMEM octets|max [octets|max]svdhC
    Limite la mmoire alloue aux processus initis par les +
    RLimitMEM octets|max [octets|max]svdhC
    Limite la mmoire alloue aux processus initis par les processus enfants d'Apache httpd
    RLimitNPROC nombre|max [nombre|max]svdhC
    Limite le nombre de processus qui peuvent tre initis par +
    RLimitNPROC nombre|max [nombre|max]svdhC
    Limite le nombre de processus qui peuvent tre initis par les processus initis par les processus enfants d'Apache httpd
    Satisfy Any|All All dhE
    Interaction entre le contrle d'accs en fonction de l'hte +
    Satisfy Any|All All dhE
    Interaction entre le contrle d'accs en fonction de l'hte et l'authentification utilisateur
    ScoreBoardFile chemin fichier logs/apache_runtime +sM
    Chemin du fichier o sont stockes les donnes concernant +
    ScoreBoardFile chemin fichier logs/apache_runtime +sM
    Chemin du fichier o sont stockes les donnes concernant la coordination des processus enfants
    Script mthode script cgisvdB
    Active un script CGI dans le cas d'une mthode de requte +
    Script mthode script cgisvdB
    Active un script CGI dans le cas d'une mthode de requte particulire.
    ScriptAlias [chemin URL] -chemin fichier|chemin rpertoiresvdB
    Fait correspondre une URL une zone du systme de fichiers -et dsigne la cible comme script CGI
    ScriptAliasMatch regex +
    ScriptAlias chemin URL chemin fichier|chemin rpertoiresvB
    Fait correspondre une URL une zone du systme de fichiers +et dsigne la cible comme script CGI
    ScriptAliasMatch regex +chemin fichier|chemin rpertoiresvB
    Fait correspondre une URL une zone du systme de fichiers en faisant appel aux expressions rationnelles et en dsignant la cible comme un script CGI
    ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhC
    Permet de localiser l'interprteur des scripts +
    ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhC
    Permet de localiser l'interprteur des scripts CGI
    ScriptLog chemin fichiersvB
    Chemin du fichier journal des erreurs du script +
    ScriptLog chemin fichiersvB
    Chemin du fichier journal des erreurs du script CGI
    ScriptLogBuffer octets 1024 svB
    Taille maximale des requtes PUT ou POST qui seront +
    ScriptLogBuffer octets 1024 svB
    Taille maximale des requtes PUT ou POST qui seront enregistres dans le journal du script
    ScriptLogLength octets 10385760 svB
    Taille maximale du fichier journal des scripts +
    ScriptLogLength octets 10385760 svB
    Taille maximale du fichier journal des scripts CGI
    ScriptSock chemin fichier cgisock sB
    Le prfixe du nom de fichier du socket utiliser pour +
    ScriptSock chemin fichier cgisock sB
    Le prfixe du nom de fichier du socket utiliser pour communiquer avec le dmon CGI
    SecureListen [adresse-IP:]num-port -nom-certificat [MUTUAL]sB
    Active le chiffrement SSL pour le port +
    SecureListen [adresse-IP:]num-port +nom-certificat [MUTUAL]sB
    Active le chiffrement SSL pour le port spcifi
    SeeRequestTail On|Off Off sC
    Dtermine si mod_status affiche les 63 premiers caractres +
    SeeRequestTail On|Off Off sC
    Dtermine si mod_status affiche les 63 premiers caractres d'une requte ou les 63 derniers, en supposant que la requte elle-mme possde plus de 63 caractres.
    SendBufferSize octets 0 sM
    Taille du tampon TCP en sortie
    ServerAdmin adresse lectronique|URLsvC
    L'adresse lectronique que le serveur inclut dans les +
    SendBufferSize octets 0 sM
    Taille du tampon TCP en sortie
    ServerAdmin adresse lectronique|URLsvC
    L'adresse lectronique que le serveur inclut dans les messages d'erreur envoys au client
    ServerAlias nom serveur [nom serveur] -...vC
    Autres noms d'un serveur utilisables pour atteindre des +
    ServerAlias nom serveur [nom serveur] +...vC
    Autres noms d'un serveur utilisables pour atteindre des serveurs virtuels base de nom
    ServerLimit nombresM
    Limite suprieure de la dfinition du nombre de +
    ServerLimit nombresM
    Limite suprieure de la dfinition du nombre de processus
    ServerName [protocole://]nom de domaine -entirement qualifi[:port]svC
    Nom d'hte et port que le serveur utilise pour +
    ServerName [protocole://]nom de domaine +entirement qualifi[:port]svC
    Nom d'hte et port que le serveur utilise pour s'authentifier lui-mme
    ServerPath chemin d'URLvC
    Nom de chemin d'URL hrit pour un serveur virtuel base +
    ServerPath chemin d'URLvC
    Nom de chemin d'URL hrit pour un serveur virtuel base de nom accd par un navigateur incompatible
    ServerRoot chemin de rpertoire /usr/local/apache sC
    Racine du rpertoire d'installation du +
    ServerRoot chemin de rpertoire /usr/local/apache sC
    Racine du rpertoire d'installation du serveur
    ServerSignature On|Off|EMail Off svdhC
    Dfinit un pied de page pour les documents gnrs par le +
    ServerSignature On|Off|EMail Off svdhC
    Dfinit un pied de page pour les documents gnrs par le serveur
    ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sC
    Configure l'en-tte Server de la rponse +
    ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sC
    Configure l'en-tte Server de la rponse HTTP
    Session On|Off Off svdhE
    Ouvre une session pour le contexte courant
    SessionCookieName nom attributssvdhE
    Nom et attributs du cookie RFC2109 dans lequel la session +
    Session On|Off Off svdhE
    Ouvre une session pour le contexte courant
    SessionCookieName nom attributssvdhE
    Nom et attributs du cookie RFC2109 dans lequel la session est stocke
    SessionCookieName2 nom attributssvdhE
    Nom et attributs pour le cookie RFC2965 dans lequel est +
    SessionCookieName2 nom attributssvdhE
    Nom et attributs pour le cookie RFC2965 dans lequel est stocke la session
    SessionCookieRemove On|Off Off svdhE
    Dtermine si les cookies de session doivent tre supprims +
    SessionCookieRemove On|Off Off svdhE
    Dtermine si les cookies de session doivent tre supprims des en-ttes HTTP entrants
    SessionCryptoCipher algorithmesvdhX
    L'algorithme utiliser pour le chiffrement de la session
    SessionCryptoDriver nom [param[=valeur]]sX
    Le pilote de chiffrement utiliser pour chiffrer les +
    SessionCryptoCipher algorithmesvdhX
    L'algorithme utiliser pour le chiffrement de la session
    SessionCryptoDriver nom [param[=valeur]]sX
    Le pilote de chiffrement utiliser pour chiffrer les sessions
    SessionCryptoPassphrase secret [ secret ... ] svdhX
    La cl utilise pour chiffrer la session
    SessionCryptoPassphraseFile nom-fichiersvdX
    Le fichier contenant les cls utilises pour chiffrer la +
    SessionCryptoPassphrase secret [ secret ... ] svdhX
    La cl utilise pour chiffrer la session
    SessionCryptoPassphraseFile nom-fichiersvdX
    Le fichier contenant les cls utilises pour chiffrer la session
    SessionDBDCookieName nom attributssvdhE
    Nom et attributs du cookie RFC2109 qui contient +
    SessionDBDCookieName nom attributssvdhE
    Nom et attributs du cookie RFC2109 qui contient l'identifiant de session
    SessionDBDCookieName2 nom attributssvdhE
    Nom et attributs du cookie RFC2965 qui contient +
    SessionDBDCookieName2 nom attributssvdhE
    Nom et attributs du cookie RFC2965 qui contient l'identifiant de session
    SessionDBDCookieRemove On|Off On svdhE
    Dtermine si les cookies de session doivent tre supprims +
    SessionDBDCookieRemove On|Off On svdhE
    Dtermine si les cookies de session doivent tre supprims des en-ttes HTTP entrants
    SessionDBDDeleteLabel tiquette deletesession svdhE
    La requte SQL utiliser pour supprimer des sessions de la +
    SessionDBDDeleteLabel tiquette deletesession svdhE
    La requte SQL utiliser pour supprimer des sessions de la base de donnes
    SessionDBDInsertLabel tiquette insertsession svdhE
    La requte SQL utiliser pour insrer des sessions dans la +
    SessionDBDInsertLabel tiquette insertsession svdhE
    La requte SQL utiliser pour insrer des sessions dans la base de donnes
    SessionDBDPerUser On|Off Off svdhE
    Active une session propre un utilisateur
    SessionDBDSelectLabel tiquette selectsession svdhE
    La requte SQL utiliser pour slectionner des sessions +
    SessionDBDPerUser On|Off Off svdhE
    Active une session propre un utilisateur
    SessionDBDSelectLabel tiquette selectsession svdhE
    La requte SQL utiliser pour slectionner des sessions dans la base de donnes
    SessionDBDUpdateLabel tiquette updatesession svdhE
    La requte SQL utiliser pour mettre jour des sessions +
    SessionDBDUpdateLabel tiquette updatesession svdhE
    La requte SQL utiliser pour mettre jour des sessions prexistantes dans la base de donnes
    SessionEnv On|Off Off svdhE
    Dfinit si le contenu de la session doit tre enregistr +
    SessionEnv On|Off Off svdhE
    Dfinit si le contenu de la session doit tre enregistr dans la variable d'environnement HTTP_SESSION
    SessionExclude cheminsvdhE
    Dfinit les prfixes d'URLs pour lesquels une session sera +
    SessionExclude cheminsvdhE
    Dfinit les prfixes d'URLs pour lesquels une session sera ignore
    SessionHeader en-ttesvdhE
    Importation des mises jour de session depuis l'en-tte de +
    SessionHeader en-ttesvdhE
    Importation des mises jour de session depuis l'en-tte de rponse HTTP spcifi
    SessionInclude cheminsvdhE
    Dfinit les prfixes d'URL pour lesquels une session est +
    SessionInclude cheminsvdhE
    Dfinit les prfixes d'URL pour lesquels une session est valide
    SessionMaxAge dure de vie maximale 0 svdhE
    Dfinit une dure de vie maximale pour la session en +
    SessionMaxAge dure de vie maximale 0 svdhE
    Dfinit une dure de vie maximale pour la session en secondes
    SetEnv var-env [valeur]svdhB
    Dfinit des variables d'environnement
    SetEnvIf attribut +
    SetEnv var-env [valeur]svdhB
    Dfinit des variables d'environnement
    SetEnvIf attribut regex [!]env-variable[=valeur] - [[!]env-variable[=valeur]] ...svdhB
    Dfinit des variables d'environnement en fonction des + [[!]env-variable[=valeur]] ...svdhB
    Dfinit des variables d'environnement en fonction des attributs de la requte
    SetEnvIfExpr expr +
    SetEnvIfExpr expr [!]env-variable[=valeur] - [[!]env-variable[=valeur]] ...svdhB
    Dfinit des variables d'environnement en fonction d'une expression ap_expr
    SetEnvIfNoCase attribut regex + [[!]env-variable[=valeur]] ...svdhB
    Dfinit des variables d'environnement en fonction d'une expression ap_expr
    SetEnvIfNoCase attribut regex [!]env-variable[=valeur] - [[!]env-variable[=valeur]] ...svdhB
    Dfinit des variables d'environnement en fonction des + [[!]env-variable[=valeur]] ...svdhB
    Dfinit des variables d'environnement en fonction des attributs de la requte sans tenir compte de la casse
    SetHandler nom gestionnaire|NonesvdhC
    Force le traitement des fichiers spcifis par un +
    SetHandler nom gestionnaire|NonesvdhC
    Force le traitement des fichiers spcifis par un gestionnaire particulier
    SetInputFilter filtre[;filtre...]svdhC
    Dfinit les filtres par lesquels vont passer les requtes +
    SetInputFilter filtre[;filtre...]svdhC
    Dfinit les filtres par lesquels vont passer les requtes client et les donnes POST
    SetOutputFilter filtre[;filtre...]svdhC
    Dfinit les filtres par lesquels vont passer les rponses +
    SetOutputFilter filtre[;filtre...]svdhC
    Dfinit les filtres par lesquels vont passer les rponses du serveur
    SSIEndTag tag "-->" svB
    Chane qui termine l'lment include
    SSIErrorMsg message "[an error occurred +svdhB
    Message d'erreur affich lorsqu'une erreur SSI +
    SSIEndTag tag "-->" svB
    Chane qui termine l'lment include
    SSIErrorMsg message "[an error occurred +svdhB
    Message d'erreur affich lorsqu'une erreur SSI survient
    SSIETag on|off off dhB
    Dfinit si des en-ttes ETags sont gnrs par le serveur.
    SSILastModified on|off off dhB
    Dfinit si des en-ttes Last-Modified sont +
    SSIETag on|off off dhB
    Dfinit si des en-ttes ETags sont gnrs par le serveur.
    SSILastModified on|off off dhB
    Dfinit si des en-ttes Last-Modified sont gnrs par le serveur.
    SSILegacyExprParser on|off off dhB
    Active le mode de compatibilit pour les expressions +
    SSILegacyExprParser on|off off dhB
    Active le mode de compatibilit pour les expressions conditionnelles.
    SSIStartTag tag "<!--#" svB
    Chane qui marque le dbut d'un lment +
    SSIStartTag tag "<!--#" svB
    Chane qui marque le dbut d'un lment include
    SSITimeFormat chane de formatage "%A, %d-%b-%Y %H:%M +svdhB
    Configuration du format d'affichage des dates
    SSIUndefinedEcho chane "(none)" svdhB
    Chane afficher lorsqu'on tente d'extraire le contenu +
    SSITimeFormat chane de formatage "%A, %d-%b-%Y %H:%M +svdhB
    Configuration du format d'affichage des dates
    SSIUndefinedEcho chane "(none)" svdhB
    Chane afficher lorsqu'on tente d'extraire le contenu d'une variable non dfinie
    SSLCACertificateFile chemin-fichiersvE
    Fichier contenant une concatnation des certificats de CA +
    SSLCACertificateFile chemin-fichiersvE
    Fichier contenant une concatnation des certificats de CA cods en PEM pour l'authentification des clients
    SSLCACertificatePath chemin-rpertoiresvE
    Rpertoire des certificats de CA cods en PEM pour +
    SSLCACertificatePath chemin-rpertoiresvE
    Rpertoire des certificats de CA cods en PEM pour l'authentification des clients
    SSLCADNRequestFile chemin-fichiersvE
    Fichier contenant la concatnation des certificats de CA +
    SSLCADNRequestFile chemin-fichiersvE
    Fichier contenant la concatnation des certificats de CA cods en PEM pour la dfinition de noms de CA acceptables
    SSLCADNRequestPath chemin-rpertoiresvE
    Rpertoire contenant des fichiers de certificats de CA +
    SSLCADNRequestPath chemin-rpertoiresvE
    Rpertoire contenant des fichiers de certificats de CA cods en PEM pour la dfinition de noms de CA acceptables
    SSLCARevocationCheck chain|leaf|none none svE
    Active la vrification des rvocations base sur les CRL
    SSLCARevocationFile chemin-fichiersvE
    Fichier contenant la concatnation des CRLs des CA cods en +
    SSLCARevocationCheck chain|leaf|none none svE
    Active la vrification des rvocations base sur les CRL
    SSLCARevocationFile chemin-fichiersvE
    Fichier contenant la concatnation des CRLs des CA cods en PEM pour l'authentification des clients
    SSLCARevocationPath chemin-rpertoiresvE
    Rpertoire des CRLs de CA cods en PEM pour +
    SSLCARevocationPath chemin-rpertoiresvE
    Rpertoire des CRLs de CA cods en PEM pour l'authentification des clients
    SSLCertificateChainFile chemin-fichiersvE
    Fichier contenant les certificats de CA du serveur cods en +
    SSLCertificateChainFile chemin-fichiersvE
    Fichier contenant les certificats de CA du serveur cods en PEM
    SSLCertificateFile chemin-fichiersvE
    Fichier de donnes contenant le certificat X.509 du serveur cod en +
    SSLCertificateFile chemin-fichiersvE
    Fichier de donnes contenant le certificat X.509 du serveur cod en PEM
    SSLCertificateKeyFile chemin-fichiersvE
    Fichier contenant la cl prive du serveur code en +
    SSLCertificateKeyFile chemin-fichiersvE
    Fichier contenant la cl prive du serveur code en PEM
    SSLCipherSuite algorithmes DEFAULT (dpend de +svdhE
    Algorithmes de chiffrement disponibles pour la ngociation +
    SSLCipherSuite algorithmes DEFAULT (dpend de +svdhE
    Algorithmes de chiffrement disponibles pour la ngociation au cours de l'initialisation de la connexion SSL
    SSLCompression on|off off svE
    Permet d'activer la compression au niveau SSL
    SSLCryptoDevice moteur builtin sE
    Active l'utilisation d'un acclrateur matriel de +
    SSLCompression on|off off svE
    Permet d'activer la compression au niveau SSL
    SSLCryptoDevice moteur builtin sE
    Active l'utilisation d'un acclrateur matriel de chiffrement
    SSLEngine on|off|optional off svE
    Interrupteur marche/arrt du moteur SSL
    SSLFIPS on|off off sE
    Coimmutateur du mode SSL FIPS
    SSLHonorCipherOrder on|off off svE
    Option permettant de classer les algorithmes de chiffrement +
    SSLEngine on|off|optional off svE
    Interrupteur marche/arrt du moteur SSL
    SSLFIPS on|off off sE
    Coimmutateur du mode SSL FIPS
    SSLHonorCipherOrder on|off off svE
    Option permettant de classer les algorithmes de chiffrement du serveur par ordre de prfrence
    SSLInsecureRenegotiation on|off off svE
    Option permettant d'activer le support de la rengociation +
    SSLInsecureRenegotiation on|off off svE
    Option permettant d'activer le support de la rengociation non scurise
    SSLOCSDefaultResponder urisvE
    Dfinit l'URI du rpondeur par dfaut pour la validation +
    SSLOCSDefaultResponder urisvE
    Dfinit l'URI du rpondeur par dfaut pour la validation OCSP
    SSLOCSPEnable on|off off svE
    Active la validation OCSP de la chane de certificats du +
    SSLOCSPEnable on|off off svE
    Active la validation OCSP de la chane de certificats du client
    SSLOCSPOverrideResponder on|off off svE
    Force l'utilisation de l'URI du rpondeur par dfaut pour +
    SSLOCSPOverrideResponder on|off off svE
    Force l'utilisation de l'URI du rpondeur par dfaut pour la validation OCSP
    SSLOCSPResponderTimeout secondes 10 svE
    Dlai d'attente pour les requtes OCSP
    SSLOCSPResponseMaxAge secondes -1 svE
    Age maximum autoris pour les rponses OCSP
    SSLOCSPResponseTimeSkew secondes 300 svE
    Drive temporelle maximale autorise pour la validation des +
    SSLOCSPResponderTimeout secondes 10 svE
    Dlai d'attente pour les requtes OCSP
    SSLOCSPResponseMaxAge secondes -1 svE
    Age maximum autoris pour les rponses OCSP
    SSLOCSPResponseTimeSkew secondes 300 svE
    Drive temporelle maximale autorise pour la validation des rponses OCSP
    SSLOCSPUseRequestNonce on|off on svE
    Use a nonce within OCSP queries
    SSLOpenSSLConfCmd commande valeursvE
    Configuration des paramtres d'OpenSSL via son API SSL_CONF
    SSLOptions [+|-]option ...svdhE
    Configure diffrentes options d'excution du moteur SSL
    SSLPassPhraseDialog type builtin sE
    Mthode utilise pour entrer le mot de passe pour les cls +
    SSLOCSPUseRequestNonce on|off on svE
    Use a nonce within OCSP queries
    SSLOpenSSLConfCmd commande valeursvE
    Configuration des paramtres d'OpenSSL via son API SSL_CONF
    SSLOptions [+|-]option ...svdhE
    Configure diffrentes options d'excution du moteur SSL
    SSLPassPhraseDialog type builtin sE
    Mthode utilise pour entrer le mot de passe pour les cls prives chiffres
    SSLProtocol [+|-]protocole ... all svE
    Indique les versions du protocole SSL/TLS +
    SSLProtocol [+|-]protocole ... all -SSLv3 (jusqu' +svE
    Indique les versions du protocole SSL/TLS disponibles
    SSLProxyCACertificateFile file-pathsvE
    Fichier contenant la concatnation des certificats de CA +
    SSLProxyCACertificateFile file-pathsvE
    Fichier contenant la concatnation des certificats de CA cods en PEM pour l'authentification des serveurs distants
    SSLProxyCACertificatePath chemin-rpertoiresvE
    Rpertoire des certificats de CA cods en PEM pour +
    SSLProxyCACertificatePath chemin-rpertoiresvE
    Rpertoire des certificats de CA cods en PEM pour l'authentification des serveurs distants
    SSLProxyCARevocationCheck chain|leaf|none none svE
    Active la vrification des rvocations base sur les CRLs +
    SSLProxyCARevocationCheck chain|leaf|none none svE
    Active la vrification des rvocations base sur les CRLs pour l'authentification du serveur distant
    SSLProxyCARevocationFile chemin-fichiersvE
    Fichier contenant la concatnation des CRLs de CA cods en +
    SSLProxyCARevocationFile chemin-fichiersvE
    Fichier contenant la concatnation des CRLs de CA cods en PEM pour l'authentification des serveurs distants
    SSLProxyCARevocationPath chemin-rpertoiresvE
    Rpertoire des CRLs de CA cods en PEM pour +
    SSLProxyCARevocationPath chemin-rpertoiresvE
    Rpertoire des CRLs de CA cods en PEM pour l'authentification des serveurs distants
    SSLProxyCheckPeerCN on|off on svE
    Configuration de la vrification du champ CN du certificat +
    SSLProxyCheckPeerCN on|off on svE
    Configuration de la vrification du champ CN du certificat du serveur distant
    SSLProxyCheckPeerExpire on|off on svE
    Configuration de la vrification de l'expiration du +
    SSLProxyCheckPeerExpire on|off on svE
    Configuration de la vrification de l'expiration du certificat du serveur distant
    SSLProxyCheckPeerName on|off on svE
    Configure la vrification du nom d'hte dans les +
    SSLProxyCheckPeerName on|off on svE
    Configure la vrification du nom d'hte dans les certificats serveur distants
    SSLProxyCipherSuite algorithmes ALL:!ADH:RC4+RSA:+H +svdhE
    Algorithmes de chiffrement disponibles pour la ngociation +
    SSLProxyCipherSuite algorithmes ALL:!ADH:RC4+RSA:+H +svdhE
    Algorithmes de chiffrement disponibles pour la ngociation lors de l'initialisation d'une connexion SSL de mandataire
    SSLProxyEngine on|off off svE
    Interrupteur marche/arrt du moteur de mandataire +
    SSLProxyEngine on|off off svE
    Interrupteur marche/arrt du moteur de mandataire SSL
    SSLProxyMachineCertificateChainFile nom-fichiersE
    Fichier de certificats de CA encods PEM concatns permettant au +
    SSLProxyMachineCertificateChainFile nom-fichiersE
    Fichier de certificats de CA encods PEM concatns permettant au mandataire de choisir un certificat
    SSLProxyMachineCertificateFile chemin-fichiersE
    Fichier contenant la concatnation des cls et certificats +
    SSLProxyMachineCertificateFile chemin-fichiersE
    Fichier contenant la concatnation des cls et certificats clients cods en PEM que le mandataire doit utiliser
    SSLProxyMachineCertificatePath chemin-rpertoiresE
    Rpertoire des cls et certificats clients cods en PEM que +
    SSLProxyMachineCertificatePath chemin-rpertoiresE
    Rpertoire des cls et certificats clients cods en PEM que le mandataire doit utiliser
    SSLProxyProtocol [+|-]protocole ... all svE
    Dfinit les protocoles SSL disponibles pour la fonction de +
    SSLProxyProtocol [+|-]protocole ... all -SSLv3 (jusqu' +svE
    Dfinit les protocoles SSL disponibles pour la fonction de mandataire
    SSLProxyVerify niveau none svE
    Niveau de vrification du certificat du serveur +
    SSLProxyVerify niveau none svE
    Niveau de vrification du certificat du serveur distant
    SSLProxyVerifyDepth niveau 1 svE
    Niveau de profondeur maximum dans les certificats de CA +
    SSLProxyVerifyDepth niveau 1 svE
    Niveau de profondeur maximum dans les certificats de CA lors de la vrification du certificat du serveur distant
    SSLRandomSeed contexte source -[nombre]sE
    Source de dclenchement du Gnrateur de Nombres +
    SSLRandomSeed contexte source +[nombre]sE
    Source de dclenchement du Gnrateur de Nombres Pseudo-Alatoires (PRNG)
    SSLRenegBufferSize taille 131072 dhE
    Dfinit la taille du tampon de rengociation +
    SSLRenegBufferSize taille 131072 dhE
    Dfinit la taille du tampon de rengociation SSL
    SSLRequire expressiondhE
    N'autorise l'accs que lorsqu'une expression boolenne +
    SSLRequire expressiondhE
    N'autorise l'accs que lorsqu'une expression boolenne complexe et arbitraire est vraie
    SSLRequireSSLdhE
    Interdit l'accs lorsque la requte HTTP n'utilise pas +
    SSLRequireSSLdhE
    Interdit l'accs lorsque la requte HTTP n'utilise pas SSL
    SSLSessionCache type none sE
    Type du cache de session SSL global et +
    SSLSessionCache type none sE
    Type du cache de session SSL global et inter-processus
    SSLSessionCacheTimeout secondes 300 svE
    Nombre de secondes avant l'expiration d'une session SSL +
    SSLSessionCacheTimeout secondes 300 svE
    Nombre de secondes avant l'expiration d'une session SSL dans le cache de sessions
    SSLSessionTicketKeyFile chemin-fichiersvE
    Cl de chiffrement/dchiffrement permanente pour les +
    SSLSessionTicketKeyFile chemin-fichiersvE
    Cl de chiffrement/dchiffrement permanente pour les tickets de session TLS
    SSLSessionTickets on|off on svE
    Active ou dsactive les tickets de session TLS
    SSLSRPUnknownUserSeed secret-stringsvE
    Source d'ala pour utilisateur SRP inconnu
    SSLSRPVerifierFile file-pathsvE
    Chemin du fichier de vrification SRP
    SSLStaplingCache typesE
    Configuration du cache pour l'agrafage OCSP
    SSLStaplingErrorCacheTimeout secondes 600 svE
    Dure de vie des rponses invalides dans le cache pour +
    SSLSessionTickets on|off on svE
    Active ou dsactive les tickets de session TLS
    SSLSRPUnknownUserSeed secret-stringsvE
    Source d'ala pour utilisateur SRP inconnu
    SSLSRPVerifierFile file-pathsvE
    Chemin du fichier de vrification SRP
    SSLStaplingCache typesE
    Configuration du cache pour l'agrafage OCSP
    SSLStaplingErrorCacheTimeout secondes 600 svE
    Dure de vie des rponses invalides dans le cache pour agrafage OCSP
    SSLStaplingFakeTryLater on|off on svE
    Gnre une rponse "tryLater" pour les requtes OCSP choues
    SSLStaplingForceURL urisvE
    Remplace l'URI du serveur OCSP spcifi dans l'extension +
    SSLStaplingFakeTryLater on|off on svE
    Gnre une rponse "tryLater" pour les requtes OCSP choues
    SSLStaplingForceURL urisvE
    Remplace l'URI du serveur OCSP spcifi dans l'extension AIA du certificat
    SSLStaplingResponderTimeout secondes 10 svE
    Temps d'attente maximum pour les requtes vers les serveurs +
    SSLStaplingResponderTimeout secondes 10 svE
    Temps d'attente maximum pour les requtes vers les serveurs OCSP
    SSLStaplingResponseMaxAge secondes -1 svE
    Age maximum autoris des rponses OCSP incluses dans la +
    SSLStaplingResponseMaxAge secondes -1 svE
    Age maximum autoris des rponses OCSP incluses dans la ngociation TLS
    SSLStaplingResponseTimeSkew secondes 300 svE
    Dure de vie maximale autorise des rponses OCSP incluses dans la +
    SSLStaplingResponseTimeSkew secondes 300 svE
    Dure de vie maximale autorise des rponses OCSP incluses dans la ngociation TLS
    SSLStaplingReturnResponderErrors on|off on svE
    Transmet au client les erreurs survenues lors des requtes +
    SSLStaplingReturnResponderErrors on|off on svE
    Transmet au client les erreurs survenues lors des requtes OCSP
    SSLStaplingStandardCacheTimeout secondes 3600 svE
    Dure de vie des rponses OCSP dans le cache
    SSLStrictSNIVHostCheck on|off off svE
    Contrle de l'accs des clients non-SNI un serveur virtuel +
    SSLStaplingStandardCacheTimeout secondes 3600 svE
    Dure de vie des rponses OCSP dans le cache
    SSLStrictSNIVHostCheck on|off off svE
    Contrle de l'accs des clients non-SNI un serveur virtuel base de nom.
    SSLUserName nom-varsdhE
    Nom de la variable servant dterminer le nom de +
    SSLUserName nom-varsdhE
    Nom de la variable servant dterminer le nom de l'utilisateur
    SSLUseStapling on|off off svE
    Active l'ajout des rponses OCSP la ngociation TLS
    SSLVerifyClient niveau none svdhE
    Niveau de vrification du certificat client
    SSLVerifyDepth nombre 1 svdhE
    Profondeur maximale des certificats de CA pour la +
    SSLUseStapling on|off off svE
    Active l'ajout des rponses OCSP la ngociation TLS
    SSLVerifyClient niveau none svdhE
    Niveau de vrification du certificat client
    SSLVerifyDepth nombre 1 svdhE
    Profondeur maximale des certificats de CA pour la vrification des certificats clients
    StartServers nombresM
    Nombre de processus enfants du serveur crs au +
    StartServers nombresM
    Nombre de processus enfants du serveur crs au dmarrage
    StartThreads nombresM
    Nombre de threads crs au dmarrage
    Substitute s/modle/substitution/[infq]dhE
    Modle de substition dans le contenu de la +
    StartThreads nombresM
    Nombre de threads crs au dmarrage
    Substitute s/modle/substitution/[infq]dhE
    Modle de substition dans le contenu de la rponse
    SubstituteInheritBefore on|off off dhE
    Change the merge order of inherited patterns
    SubstituteMaxLineLength octets(b|B|k|K|m|M|g|G) 1m dhE
    Dfinit la longueur de ligne maximale
    Suexec On|OffsB
    Active ou dsactive la fonctionnalit suEXEC
    SuexecUserGroup Utilisateur GroupesvE
    L'utilisateur et le groupe sous lesquels les programmes CGI diff --git a/docs/manual/mod/quickreference.html.ja.utf8 b/docs/manual/mod/quickreference.html.ja.utf8 index 8cf8dd0f..0deece93 100644 --- a/docs/manual/mod/quickreference.html.ja.utf8 +++ b/docs/manual/mod/quickreference.html.ja.utf8 @@ -443,110 +443,121 @@ request
    GracefulShutDownTimeout secondssM
    穏やかな停止をかけた後、終了するまで待つ時間
    Group unix-group #-1 sB
    Group under which the server will answer requests
    Header [condition] set|append|add|unset|echo -header [value] [early|env=[!]variable]svdhE
    HTTP 応答ヘッダの設定
    HeaderName filenamesvdhB
    +
    H2Direct on|off on (for non TLS) svE
    H2 Direct Protocol Switch
    H2MaxSessionStreams n 100 svE
    Maximum number of active streams per HTTP/2 session.
    H2MaxWorkerIdleSeconds n 600 sE
    Maximum number of seconds h2 workers remain idle until shut down.
    H2MaxWorkers nsE
    Maximum number of worker threads to use per child process.
    H2MinWorkers nsE
    Minimal number of worker threads to use per child process.
    H2SerializeHeaders on|off off svE
    Serialize Request/Resoonse Processing Switch
    H2SessionExtraFiles n 5 svE
    Number of Extra File Handles
    H2StreamMaxMemSize bytes 65536 svE
    Maximum amount of output data buffered per stream.
    H2WindowSize bytes 65536 svE
    Size of Stream Window for upstream data.
    Header [condition] set|append|add|unset|echo +header [value] [early|env=[!]variable]svdhE
    HTTP 応答ヘッダの設定
    HeaderName filenamesvdhB
    インデックス一覧の先頭に挿入されるファイルの名前
    HeartbeatAddress addr:portsX
    Multicast address for heartbeat packets
    HeartbeatListenaddr:portsX
    multicast address to listen for incoming heartbeat requests
    HeartbeatMaxServers number-of-servers 10 sX
    Specifies the maximum number of servers that will be sending +
    HeartbeatAddress addr:portsX
    Multicast address for heartbeat packets
    HeartbeatListenaddr:portsX
    multicast address to listen for incoming heartbeat requests
    HeartbeatMaxServers number-of-servers 10 sX
    Specifies the maximum number of servers that will be sending heartbeat requests to this server
    HeartbeatStorage file-path logs/hb.dat sX
    Path to store heartbeat data
    HeartbeatStorage file-path logs/hb.dat sX
    Path to read heartbeat data
    HostnameLookups On|Off|Double Off svdC
    クライアントの IP アドレスの DNS ルックアップを +
    HeartbeatStorage file-path logs/hb.dat sX
    Path to store heartbeat data
    HeartbeatStorage file-path logs/hb.dat sX
    Path to read heartbeat data
    HostnameLookups On|Off|Double Off svdC
    クライアントの IP アドレスの DNS ルックアップを 有効にする
    IdentityCheck On|Off Off svdE
    リモートユーザの RFC 1413 によるアイデンティティのロギングを +
    IdentityCheck On|Off Off svdE
    リモートユーザの RFC 1413 によるアイデンティティのロギングを 有効にする
    IdentityCheckTimeout seconds 30 svdE
    Ident リクエストがタイムアウトするまでの期間を決める
    <If expression> ... </If>svdhC
    実行時、リクエストが条件を満たした場合にのみ適用される +
    IdentityCheckTimeout seconds 30 svdE
    Ident リクエストがタイムアウトするまでの期間を決める
    <If expression> ... </If>svdhC
    実行時、リクエストが条件を満たした場合にのみ適用される ディレクティブを包含する
    <IfDefine [!]parameter-name> ... - </IfDefine>svdhC
    起動時にテストが真であるときのみに処理されるディレクティブを +
    <IfDefine [!]parameter-name> ... + </IfDefine>svdhC
    起動時にテストが真であるときのみに処理されるディレクティブを 囲む
    <IfModule [!]module-file|module-identifier> ... - </IfModule>svdhC
    モジュールの存在するかしないかに応じて処理される +
    <IfModule [!]module-file|module-identifier> ... + </IfModule>svdhC
    モジュールの存在するかしないかに応じて処理される ディレクティブを囲む
    <IfVersion [[!]operator] version> ... -</IfVersion>svdhE
    バージョン依存の設定を入れる
    ImapBase map|referer|URL http://servername/ svdhB
    Default base for imagemap files
    ImapDefault error|nocontent|map|referer|URL nocontent svdhB
    Default action when an imagemap is called with coordinates +
    <IfVersion [[!]operator] version> ... +</IfVersion>svdhE
    バージョン依存の設定を入れる
    ImapBase map|referer|URL http://servername/ svdhB
    Default base for imagemap files
    ImapDefault error|nocontent|map|referer|URL nocontent svdhB
    Default action when an imagemap is called with coordinates that are not explicitly mapped
    ImapMenu none|formatted|semiformatted|unformatted formatted svdhB
    Action if no coordinates are given when calling +
    ImapMenu none|formatted|semiformatted|unformatted formatted svdhB
    Action if no coordinates are given when calling an imagemap
    Include file-path|directory-pathsvdC
    サーバ設定ファイル中から他の設定ファイルを取り込む
    IncludeOptional file-path|directory-path|wildcardsvdC
    Includes other configuration files from within +
    Include file-path|directory-pathsvdC
    サーバ設定ファイル中から他の設定ファイルを取り込む
    IncludeOptional file-path|directory-path|wildcardsvdC
    Includes other configuration files from within the server configuration files
    IndexHeadInsert "markup ..."svdhB
    インデックスページの HEAD セクションにテキストを挿入する
    IndexIgnore file [file] ...svdhB
    ディレクトリ一覧を行なう際に無視すべき +
    IndexHeadInsert "markup ..."svdhB
    インデックスページの HEAD セクションにテキストを挿入する
    IndexIgnore file [file] ...svdhB
    ディレクトリ一覧を行なう際に無視すべき ファイルリストに追加
    IndexIgnoreReset ON|OFFsvdhB
    Empties the list of files to hide when listing +
    IndexIgnoreReset ON|OFFsvdhB
    Empties the list of files to hide when listing a directory
    IndexOptions [+|-]option [[+|-]option] ...svdhB
    ディレクトリインデックスの様々な設定項目 +
    IndexOptions [+|-]option [[+|-]option] ...svdhB
    ディレクトリインデックスの様々な設定項目
    IndexOrderDefault Ascending|Descending -Name|Date|Size|Description Ascending Name svdhB
    +
    IndexOrderDefault Ascending|Descending +Name|Date|Size|Description Ascending Name svdhB
    ディレクトリインデックスの標準の順番付けを設定
    IndexStyleSheet url-pathsvdhB
    ディレクトリインデックスに CSS スタイルシートを追加する
    InputSed sed-commanddhX
    Sed command to filter request data (typically POST data)
    ISAPIAppendLogToErrors on|off off svdhB
    Record HSE_APPEND_LOG_PARAMETER requests from +
    IndexStyleSheet url-pathsvdhB
    ディレクトリインデックスに CSS スタイルシートを追加する
    InputSed sed-commanddhX
    Sed command to filter request data (typically POST data)
    ISAPIAppendLogToErrors on|off off svdhB
    Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the error log
    ISAPIAppendLogToQuery on|off on svdhB
    Record HSE_APPEND_LOG_PARAMETER requests from +
    ISAPIAppendLogToQuery on|off on svdhB
    Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the query field
    ISAPICacheFile file-path [file-path] -...svB
    ISAPI .dll files to be loaded at startup
    ISAPIFakeAsync on|off off svdhB
    Fake asynchronous support for ISAPI callbacks
    ISAPILogNotSupported on|off off svdhB
    Log unsupported feature requests from ISAPI +
    ISAPICacheFile file-path [file-path] +...svB
    ISAPI .dll files to be loaded at startup
    ISAPIFakeAsync on|off off svdhB
    Fake asynchronous support for ISAPI callbacks
    ISAPILogNotSupported on|off off svdhB
    Log unsupported feature requests from ISAPI extensions
    ISAPIReadAheadBuffer size 49152 svdhB
    Size of the Read Ahead Buffer sent to ISAPI +
    ISAPIReadAheadBuffer size 49152 svdhB
    Size of the Read Ahead Buffer sent to ISAPI extensions
    KeepAlive On|Off On svC
    HTTP の持続的な接続を有効にする
    KeepAliveTimeout seconds 5 svC
    持続的な接続で次のリクエストが来るまでサーバが待つ時間
    KeptBodySize maximum size in bytes 0 dB
    Keep the request body instead of discarding it up to +
    KeepAlive On|Off On svC
    HTTP の持続的な接続を有効にする
    KeepAliveTimeout seconds 5 svC
    持続的な接続で次のリクエストが来るまでサーバが待つ時間
    KeptBodySize maximum size in bytes 0 dB
    Keep the request body instead of discarding it up to the specified maximum size, for potential use by filters such as mod_include.
    LanguagePriority MIME-lang [MIME-lang] -...svdhB
    クライアントが優先度を示さなかったときの言語の variant の優先度を +
    LanguagePriority MIME-lang [MIME-lang] +...svdhB
    クライアントが優先度を示さなかったときの言語の variant の優先度を 指定
    LDAPCacheEntries number 1024 sE
    Maximum number of entries in the primary LDAP cache
    LDAPCacheTTL seconds 600 sE
    Time that cached items remain valid
    LDAPConnectionPoolTTL n -1 svE
    Discard backend connections that have been sitting in the connection pool too long
    LDAPConnectionTimeout secondssE
    Specifies the socket connection timeout in seconds
    LDAPLibraryDebug 7sE
    Enable debugging in the LDAP SDK
    LDAPOpCacheEntries number 1024 sE
    Number of entries used to cache LDAP compare +
    LDAPCacheEntries number 1024 sE
    Maximum number of entries in the primary LDAP cache
    LDAPCacheTTL seconds 600 sE
    Time that cached items remain valid
    LDAPConnectionPoolTTL n -1 svE
    Discard backend connections that have been sitting in the connection pool too long
    LDAPConnectionTimeout secondssE
    Specifies the socket connection timeout in seconds
    LDAPLibraryDebug 7sE
    Enable debugging in the LDAP SDK
    LDAPOpCacheEntries number 1024 sE
    Number of entries used to cache LDAP compare operations
    LDAPOpCacheTTL seconds 600 sE
    Time that entries in the operation cache remain +
    LDAPOpCacheTTL seconds 600 sE
    Time that entries in the operation cache remain valid
    LDAPReferralHopLimit numberdhE
    The maximum number of referral hops to chase before terminating an LDAP query.
    LDAPReferrals On|Off|default On dhE
    Enable referral chasing during queries to the LDAP server.
    LDAPRetries number-of-retries 3 sE
    Configures the number of LDAP server retries.
    LDAPRetryDelay seconds 0 sE
    Configures the delay between LDAP server retries.
    LDAPSharedCacheFile directory-path/filenamesE
    Sets the shared memory cache file
    LDAPSharedCacheSize bytes 500000 sE
    Size in bytes of the shared-memory cache
    LDAPTimeout seconds 60 sE
    Specifies the timeout for LDAP search and bind operations, in seconds
    LDAPTrustedClientCert type directory-path/filename/nickname [password]dhE
    Sets the file containing or nickname referring to a per +
    LDAPReferralHopLimit numberdhE
    The maximum number of referral hops to chase before terminating an LDAP query.
    LDAPReferrals On|Off|default On dhE
    Enable referral chasing during queries to the LDAP server.
    LDAPRetries number-of-retries 3 sE
    Configures the number of LDAP server retries.
    LDAPRetryDelay seconds 0 sE
    Configures the delay between LDAP server retries.
    LDAPSharedCacheFile directory-path/filenamesE
    Sets the shared memory cache file
    LDAPSharedCacheSize bytes 500000 sE
    Size in bytes of the shared-memory cache
    LDAPTimeout seconds 60 sE
    Specifies the timeout for LDAP search and bind operations, in seconds
    LDAPTrustedClientCert type directory-path/filename/nickname [password]dhE
    Sets the file containing or nickname referring to a per connection client certificate. Not all LDAP toolkits support per connection client certificates.
    LDAPTrustedGlobalCert type directory-path/filename [password]sE
    Sets the file or database containing global trusted +
    LDAPTrustedGlobalCert type directory-path/filename [password]sE
    Sets the file or database containing global trusted Certificate Authority or global client certificates
    LDAPTrustedMode typesvE
    Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
    LDAPVerifyServerCert On|Off On sE
    Force server certificate verification
    <Limit method [method] ... > ... - </Limit>svdhC
    囲いの中にあるアクセス制御の適用を特定の HTTP メソッドのみに +
    LDAPTrustedMode typesvE
    Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
    LDAPVerifyServerCert On|Off On sE
    Force server certificate verification
    <Limit method [method] ... > ... + </Limit>svdhC
    囲いの中にあるアクセス制御の適用を特定の HTTP メソッドのみに 制限する
    <LimitExcept method [method] ... > ... - </LimitExcept>svdhC
    指定されたもの以外の HTTP メソッドにアクセス制御を +
    <LimitExcept method [method] ... > ... + </LimitExcept>svdhC
    指定されたもの以外の HTTP メソッドにアクセス制御を 制限する
    LimitInternalRecursion number [number] 10 svC
    内部リダイレクトと入れ子になったサブリクエストの最大数を決定する
    LimitRequestBody bytes 0 svdhC
    クライアントから送られる HTTP リクエストのボディの +
    LimitInternalRecursion number [number] 10 svC
    内部リダイレクトと入れ子になったサブリクエストの最大数を決定する
    LimitRequestBody bytes 0 svdhC
    クライアントから送られる HTTP リクエストのボディの 総量を制限する
    LimitRequestFields number 100 sC
    クライアントからの HTTP リクエストのヘッダフィールドの数を +
    LimitRequestFields number 100 sC
    クライアントからの HTTP リクエストのヘッダフィールドの数を 制限する
    LimitRequestFieldSize bytes 8190 sC
    クライアントからの HTTP リクエストのヘッダの +
    LimitRequestFieldSize bytes 8190 sC
    クライアントからの HTTP リクエストのヘッダの サイズを制限する
    LimitRequestLine bytes 8190 sC
    クライアントからの HTTP リクエスト行のサイズを制限する
    LimitXMLRequestBody bytes 1000000 svdhC
    XML 形式のリクエストのボディのサイズを制限する
    Listen [IP-address:]portnumber [protocol]sM
    サーバが listen するIP アドレスとポート番号
    ListenBacklog backlogsM
    保留状態のコネクションのキューの最大長
    LimitRequestLine bytes 8190 sC
    クライアントからの HTTP リクエスト行のサイズを制限する
    LimitXMLRequestBody bytes 1000000 svdhC
    XML 形式のリクエストのボディのサイズを制限する
    Listen [IP-address:]portnumber [protocol]sM
    サーバが listen するIP アドレスとポート番号
    ListenBacklog backlogsM
    保留状態のコネクションのキューの最大長
    ListenCoresBucketsRatio ratio 0 (disabled) sM
    Ratio between the number of CPU cores (online) and the number of +listeners' buckets
    LoadFile filename [filename] ...svE
    指定されたオブジェクトファイルやライブラリをリンクする
    LoadModule module filenamesvE
    オブジェクトファイルやライブラリをリンクし、使用モジュールの リストに追加する
    MaxSpareServers number 10 sM
    アイドルな子サーバプロセスの最大個数
    MaxSpareThreads numbersM
    アイドルスレッドの最大数
    MaxThreads number 2048 sM
    Set the maximum number of worker threads
    MergeTrailers [on|off] off svC
    Determines whether trailers are merged into headers
    MetaDir directory .web svdhE
    Name of the directory to find CERN-style meta information +
    MemcacheConnTTL num[units] 15s svE
    Keepalive time for idle connections
    MergeTrailers [on|off] off svC
    Determines whether trailers are merged into headers
    MetaDir directory .web svdhE
    Name of the directory to find CERN-style meta information files
    MetaFiles on|off off svdhE
    Activates CERN meta-file processing
    MetaSuffix suffix .meta svdhE
    File name suffix for the file containing CERN-style +
    MetaFiles on|off off svdhE
    Activates CERN meta-file processing
    MetaSuffix suffix .meta svdhE
    File name suffix for the file containing CERN-style meta information
    MimeMagicFile file-pathsvE
    Enable MIME-type determination based on file contents +
    MimeMagicFile file-pathsvE
    Enable MIME-type determination based on file contents using the specified magic file
    MinSpareServers number 5 sM
    アイドルな子サーバプロセスの最小個数
    MinSpareThreads numbersM
    リクエストに応答することのできる +
    MinSpareServers number 5 sM
    アイドルな子サーバプロセスの最小個数
    MinSpareThreads numbersM
    リクエストに応答することのできる アイドルスレッド数の最小数
    MMapFile file-path [file-path] ...sX
    Map a list of files into memory at startup time
    ModemStandard V.21|V.26bis|V.32|V.92dX
    Modem standard to simulate
    ModMimeUsePathInfo On|Off Off d
    path_info コンポーネントをファイル名の一部として扱うように +
    MMapFile file-path [file-path] ...sX
    Map a list of files into memory at startup time
    ModemStandard V.21|V.26bis|V.32|V.92dX
    Modem standard to simulate
    ModMimeUsePathInfo On|Off Off d
    path_info コンポーネントをファイル名の一部として扱うように mod_mime に通知する
    MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers -[Handlers|Filters] NegotiatedOnly svdh
    MultiViews でのマッチングの検索に含ませる +
    MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers +[Handlers|Filters] NegotiatedOnly svdh
    MultiViews でのマッチングの検索に含ませる ファイルのタイプを指定する
    Mutex mechanism [default|mutex-name] ... [OmitPID] default sC
    Configures mutex mechanism and lock file directory for all +
    Mutex mechanism [default|mutex-name] ... [OmitPID] default sC
    Configures mutex mechanism and lock file directory for all or specified mutexes
    NameVirtualHost addr[:port]sC
    名前ベースのバーチャルホストのための IP アドレスを指定
    NoProxy host [host] ...svE
    直接接続する ホスト、ドメイン、ネットワーク
    NWSSLTrustedCerts filename [filename] ...sB
    List of additional client certificates
    NWSSLUpgradeable [IP-address:]portnumbersB
    Allows a connection to be upgraded to an SSL connection upon request
    Options - [+|-]option [[+|-]option] ... All svdhC
    ディレクトリに対して使用可能な機能を設定する
    Order ordering Deny,Allow dhE
    デフォルトのアクセス可能な状態と、Allow と +
    NameVirtualHost addr[:port]sC
    名前ベースのバーチャルホストのための IP アドレスを指定
    NoProxy host [host] ...svE
    直接接続する ホスト、ドメイン、ネットワーク
    NWSSLTrustedCerts filename [filename] ...sB
    List of additional client certificates
    NWSSLUpgradeable [IP-address:]portnumbersB
    Allows a connection to be upgraded to an SSL connection upon request
    Options + [+|-]option [[+|-]option] ... All svdhC
    ディレクトリに対して使用可能な機能を設定する
    Order ordering Deny,Allow dhE
    デフォルトのアクセス可能な状態と、AllowDeny が評価される順番を制御する
    OutputSed sed-commanddhX
    Sed command for filtering response content
    PassEnv env-variable [env-variable] -...svdhB
    シェルからの環境変数を渡す
    PidFile filename logs/httpd.pid sM
    デーモンのプロセス ID +
    OutputSed sed-commanddhX
    Sed command for filtering response content
    PassEnv env-variable [env-variable] +...svdhB
    シェルからの環境変数を渡す
    PidFile filename logs/httpd.pid sM
    デーモンのプロセス ID をサーバが記録するためのファイル
    PrivilegesMode FAST|SECURE|SELECTIVE FAST svdX
    Trade off processing speed and efficiency vs security against +
    PrivilegesMode FAST|SECURE|SELECTIVE FAST svdX
    Trade off processing speed and efficiency vs security against malicious privileges-aware code.
    Protocol protocolsvC
    Protocol for a listening socket
    ProtocolEcho On|Off Off svX
    エコーサーバの有効無効を設定します。
    <Proxy wildcard-url> ...</Proxy>svE
    プロキシされるリソースに適用されるコンテナ
    ProxyAddHeaders Off|On On svdE
    Add proxy information in X-Forwarded-* headers
    ProxyBadHeader IsError|Ignore|StartBody IsError svE
    応答におかしなヘッダがある場合の扱い方を決める
    ProxyBlock *|word|host|domain -[word|host|domain] ...svE
    プロキシ接続を禁止する語句、ホスト名、ドメインを指定する
    ProxyDomain DomainsvE
    プロキシされたリクエストのデフォルトのドメイン名
    ProxyErrorOverride On|Off Off svE
    プロキシされたコンテンツのエラーページを上書きする
    ProxyExpressDBMFile <pathname>svE
    Pathname to DBM file.
    ProxyExpressDBMFile <type>svE
    DBM type of file.
    ProxyExpressEnable [on|off]svE
    Enable the module functionality.
    ProxyFtpDirCharset character set ISO-8859-1 svdE
    Define the character set for proxied FTP listings
    ProxyFtpEscapeWildcards [on|off]svdE
    Whether wildcards in requested filenames are escaped when sent to the FTP server
    ProxyFtpListOnWildcard [on|off]svdE
    Whether wildcards in requested filenames trigger a file listing
    ProxyHTMLBufSize bytessvdB
    Sets the buffer size increment for buffering inline scripts and +
    Protocol protocolsvC
    Protocol for a listening socket
    ProtocolEcho On|Off Off svX
    エコーサーバの有効無効を設定します。
    Protocols protocol ... http/1.1 svC
    Protocols available for a server/virtual host
    ProtocolsHonorOrder On|Off On svC
    Determines if order of Protocols determines precedence during negotiation
    <Proxy wildcard-url> ...</Proxy>svE
    プロキシされるリソースに適用されるコンテナ
    ProxyAddHeaders Off|On On svdE
    Add proxy information in X-Forwarded-* headers
    ProxyBadHeader IsError|Ignore|StartBody IsError svE
    応答におかしなヘッダがある場合の扱い方を決める
    ProxyBlock *|word|host|domain +[word|host|domain] ...svE
    プロキシ接続を禁止する語句、ホスト名、ドメインを指定する
    ProxyDomain DomainsvE
    プロキシされたリクエストのデフォルトのドメイン名
    ProxyErrorOverride On|Off Off svE
    プロキシされたコンテンツのエラーページを上書きする
    ProxyExpressDBMFile <pathname>svE
    Pathname to DBM file.
    ProxyExpressDBMFile <type>svE
    DBM type of file.
    ProxyExpressEnable [on|off]svE
    Enable the module functionality.
    ProxyFtpDirCharset character set ISO-8859-1 svdE
    Define the character set for proxied FTP listings
    ProxyFtpEscapeWildcards [on|off]svdE
    Whether wildcards in requested filenames are escaped when sent to the FTP server
    ProxyFtpListOnWildcard [on|off]svdE
    Whether wildcards in requested filenames trigger a file listing
    ProxyHTMLBufSize bytessvdB
    Sets the buffer size increment for buffering inline scripts and stylesheets.
    ProxyHTMLCharsetOut Charset | *svdB
    Specify a charset for mod_proxy_html output.
    ProxyHTMLDocType HTML|XHTML [Legacy]
    OR -
    ProxyHTMLDocType fpi [SGML|XML]    		svdB
    Sets an HTML or XHTML document type declaration.
    ProxyHTMLEnable On|Off Off svdB
    Turns the proxy_html filter on or off.
    ProxyHTMLEvents attribute [attribute ...]svdB
    Specify attributes to treat as scripting events.
    ProxyHTMLExtended On|Off Off svdB
    Determines whether to fix links in inline scripts, stylesheets, +
    ProxyHTMLCharsetOut Charset | *svdB
    Specify a charset for mod_proxy_html output.
    ProxyHTMLDocType HTML|XHTML [Legacy]
    OR +
    ProxyHTMLDocType fpi [SGML|XML]    		svdB
    Sets an HTML or XHTML document type declaration.
    ProxyHTMLEnable On|Off Off svdB
    Turns the proxy_html filter on or off.
    ProxyHTMLEvents attribute [attribute ...]svdB
    Specify attributes to treat as scripting events.
    ProxyHTMLExtended On|Off Off svdB
    Determines whether to fix links in inline scripts, stylesheets, and scripting events.
    ProxyHTMLFixups [lowercase] [dospath] [reset]svdB
    Fixes for simple HTML errors.
    ProxyHTMLInterp On|Off Off svdB
    Enables per-request interpolation of +
    ProxyHTMLFixups [lowercase] [dospath] [reset]svdB
    Fixes for simple HTML errors.
    ProxyHTMLInterp On|Off Off svdB
    Enables per-request interpolation of ProxyHTMLURLMap rules.
    ProxyHTMLLinks element attribute [attribute2 ...]svdB
    Specify HTML elements that have URL attributes to be rewritten.
    ProxyHTMLMeta On|Off Off svdB
    Turns on or off extra pre-parsing of metadata in HTML +
    ProxyHTMLLinks element attribute [attribute2 ...]svdB
    Specify HTML elements that have URL attributes to be rewritten.
    ProxyHTMLMeta On|Off Off svdB
    Turns on or off extra pre-parsing of metadata in HTML <head> sections.
    ProxyHTMLStripComments On|Off Off svdB
    Determines whether to strip HTML comments.
    ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]svdB
    Defines a rule to rewrite HTML links
    ProxyIOBufferSize bytes 8192 svE
    内部データスループットバッファのサイズを決定する
    <ProxyMatch regex> ...</ProxyMatch>svE
    正規表現でのマッチによるプロキシリソース用のディレクティブコンテナ
    ProxyMaxForwards number 10 svE
    リクエストがフォワードされるプロキシの最大数
    ProxyPass [path] !|url [key=value key=value ...]]svdE
    リモートサーバをローカルサーバの URL 空間にマップする
    ProxyPassInherit On|Off On svE
    Inherit ProxyPass directives defined from the main server
    svdE
    Enable Environment Variable interpolation in Reverse Proxy configurations
    svdE
    Maps remote servers into the local server URL-space using regular expressions
    ProxyPassReverse [path] urlsvdE
    リバースプロキシされたサーバから送られた HTTP 応答ヘッダの +
    ProxyHTMLStripComments On|Off Off svdB
    Determines whether to strip HTML comments.
    ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]svdB
    Defines a rule to rewrite HTML links
    ProxyIOBufferSize bytes 8192 svE
    内部データスループットバッファのサイズを決定する
    <ProxyMatch regex> ...</ProxyMatch>svE
    正規表現でのマッチによるプロキシリソース用のディレクティブコンテナ
    ProxyMaxForwards number 10 svE
    リクエストがフォワードされるプロキシの最大数
    ProxyPass [path] !|url [key=value key=value ...]]svdE
    リモートサーバをローカルサーバの URL 空間にマップする
    ProxyPassInherit On|Off On svE
    Inherit ProxyPass directives defined from the main server
    svdE
    Enable Environment Variable interpolation in Reverse Proxy configurations
    svdE
    Maps remote servers into the local server URL-space using regular expressions
    ProxyPassReverse [path] urlsvdE
    リバースプロキシされたサーバから送られた HTTP 応答ヘッダの URL を調整する
    ProxyPassReverseCookieDomain internal-domain public-domainsvdE
    リバースプロキシサーバからの Set-Cookie ヘッダの Domain 文字列を +
    ProxyPassReverseCookieDomain internal-domain public-domainsvdE
    リバースプロキシサーバからの Set-Cookie ヘッダの Domain 文字列を 調整する
    ProxyPassReverseCookiePath internal-path public-pathsvdE
    Reverse プロキシサーバからの Set-Cookie ヘッダの Path 文字列を +
    ProxyPassReverseCookiePath internal-path public-pathsvdE
    Reverse プロキシサーバからの Set-Cookie ヘッダの Path 文字列を 調整する
    ProxyPreserveHost On|Off Off svE
    プロキシリクエストに、受け付けた Host HTTP ヘッダを使う
    ProxyReceiveBufferSize bytes 0 svE
    プロキシされる HTTP と FTP 接続のためのネットワークバッファサイズ
    ProxyRemote match remote-serversvE
    特定のリクエストを扱う時に使われるリモートプロキシを指定する
    ProxyRemoteMatch regex remote-serversvE
    正規表現でのマッチによるリクエストを扱うリモートプロキシの指定
    ProxyRequests On|Off Off svE
    フォワード (標準の) プロキシリクエストを有効にする
    ProxySCGIInternalRedirect On|Off|Headername On svdE
    Enable or disable internal redirect responses from the +
    ProxyPreserveHost On|Off Off svE
    プロキシリクエストに、受け付けた Host HTTP ヘッダを使う
    ProxyReceiveBufferSize bytes 0 svE
    プロキシされる HTTP と FTP 接続のためのネットワークバッファサイズ
    ProxyRemote match remote-serversvE
    特定のリクエストを扱う時に使われるリモートプロキシを指定する
    ProxyRemoteMatch regex remote-serversvE
    正規表現でのマッチによるリクエストを扱うリモートプロキシの指定
    ProxyRequests On|Off Off svE
    フォワード (標準の) プロキシリクエストを有効にする
    ProxySCGIInternalRedirect On|Off|Headername On svdE
    Enable or disable internal redirect responses from the backend
    ProxySCGISendfile On|Off|Headername Off svdE
    Enable evaluation of X-Sendfile pseudo response +
    ProxySCGISendfile On|Off|Headername Off svdE
    Enable evaluation of X-Sendfile pseudo response header
    dE
    Set various Proxy balancer or member parameters
    ProxySourceAddress addresssvE
    Set local IP address for outgoing proxy connections
    svE
    Show Proxy LoadBalancer status in mod_status
    ProxyTimeout seconds 300 svE
    プロキシされたリクエストのネットワークタイムアウト
    ProxyVia On|Off|Full|Block Off svE
    プロキシされたリクエストの Via HTTP 応答ヘッダ +
    dE
    Set various Proxy balancer or member parameters
    ProxySourceAddress addresssvE
    Set local IP address for outgoing proxy connections
    svE
    Show Proxy LoadBalancer status in mod_status
    ProxyTimeout seconds 300 svE
    プロキシされたリクエストのネットワークタイムアウト
    ProxyVia On|Off|Full|Block Off svE
    プロキシされたリクエストの Via HTTP 応答ヘッダ により提供される情報
    ReadmeName filenamesvdhB
    インデックス一覧の最後に挿入されるファイルの名前
    ReceiveBufferSize bytes 0 sM
    TCP 受信バッファサイズ
    Redirect [status] URL-path -URLsvdhB
    クライアントが違う URL を取得するように外部へのリダイレクトを +
    ReadmeName filenamesvdhB
    インデックス一覧の最後に挿入されるファイルの名前
    ReceiveBufferSize bytes 0 sM
    TCP 受信バッファサイズ
    Redirect [status] URL-path +URLsvdhB
    クライアントが違う URL を取得するように外部へのリダイレクトを 送る
    RedirectMatch [status] regex -URLsvdhB
    現在の URL への正規表現のマッチにより +
    RedirectMatch [status] regex +URLsvdhB
    現在の URL への正規表現のマッチにより 外部へのリダイレクトを送る
    RedirectPermanent URL-path URLsvdhB
    クライアントが違う URL を取得するように外部への永久的な +
    RedirectPermanent URL-path URLsvdhB
    クライアントが違う URL を取得するように外部への永久的な リダイレクトを送る
    RedirectTemp URL-path URLsvdhB
    クライアントが違う URL を取得するように外部への一時的な +
    RedirectTemp URL-path URLsvdhB
    クライアントが違う URL を取得するように外部への一時的な リダイレクトを送る
    ReflectorHeader inputheader [outputheader]svdhB
    Reflect an input header to the output headers
    RemoteIPHeader header-fieldsvB
    Declare the header field which should be parsed for useragent IP addresses
    RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...svB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPInternalProxyList filenamesvB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPProxiesHeader HeaderFieldNamesvB
    Declare the header field which will record all intermediate IP addresses
    RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...svB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPTrustedProxyList filenamesvB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoveCharset extension [extension] -...vdh
    ファイルの拡張子に関連付けられたすべての文字セット +
    ReflectorHeader inputheader [outputheader]svdhB
    Reflect an input header to the output headers
    RemoteIPHeader header-fieldsvB
    Declare the header field which should be parsed for useragent IP addresses
    RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...svB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPInternalProxyList filenamesvB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPProxiesHeader HeaderFieldNamesvB
    Declare the header field which will record all intermediate IP addresses
    RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...svB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPTrustedProxyList filenamesvB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoveCharset extension [extension] +...vdh
    ファイルの拡張子に関連付けられたすべての文字セット を解除する
    RemoveEncoding extension [extension] -...vdh
    ファイルの拡張子に関連付けられたすべてのコンテントエンコーディング +
    RemoveEncoding extension [extension] +...vdh
    ファイルの拡張子に関連付けられたすべてのコンテントエンコーディング を解除する
    RemoveHandler extension [extension] -...vdh
    ファイルの拡張子に関連付けられたすべてのハンドラを +
    RemoveHandler extension [extension] +...vdh
    ファイルの拡張子に関連付けられたすべてのハンドラを 解除する
    RemoveInputFilter extension [extension] -...vdh
    ファイル拡張子に関連付けられた入力フィルタを解除する
    RemoveLanguage extension [extension] -...vdh
    ファイル拡張子に関連付けられた言語を解除する
    RemoveOutputFilter extension [extension] -...vdh
    ファイル拡張子に関連付けられた出力フィルタを解除する
    RemoveType extension [extension] -...vdh
    ファイルの拡張子と関連付けられたコンテントタイプを +
    RemoveInputFilter extension [extension] +...vdh
    ファイル拡張子に関連付けられた入力フィルタを解除する
    RemoveLanguage extension [extension] +...vdh
    ファイル拡張子に関連付けられた言語を解除する
    RemoveOutputFilter extension [extension] +...vdh
    ファイル拡張子に関連付けられた出力フィルタを解除する
    RemoveType extension [extension] +...vdh
    ファイルの拡張子と関連付けられたコンテントタイプを 解除する
    RequestHeader set|append|add|unset header -[value] [early|env=[!]variable]svdhE
    HTTP リクエストヘッダの設定
    RequestReadTimeout +
    RequestHeader set|append|add|unset header +[value] [early|env=[!]variable]svdhE
    HTTP リクエストヘッダの設定
    RequestReadTimeout [header=timeout[-maxtimeout][,MinRate=rate] [body=timeout[-maxtimeout][,MinRate=rate] -svE
    Set timeout values for receiving request headers and body from client. +svE
    Set timeout values for receiving request headers and body from client.
    Require [not] entity-name - [entity-name] ...dhB
    Tests whether an authenticated user is authorized by +
    Require [not] entity-name + [entity-name] ...dhB
    Tests whether an authenticated user is authorized by an authorization provider.
    <RequireAll> ... </RequireAll>dhB
    Enclose a group of authorization directives of which none +
    <RequireAll> ... </RequireAll>dhB
    Enclose a group of authorization directives of which none must fail and at least one must succeed for the enclosing directive to succeed.
    <RequireAny> ... </RequireAny>dhB
    Enclose a group of authorization directives of which one +
    <RequireAny> ... </RequireAny>dhB
    Enclose a group of authorization directives of which one must succeed for the enclosing directive to succeed.
    <RequireNone> ... </RequireNone>dhB
    Enclose a group of authorization directives of which none +
    <RequireNone> ... </RequireNone>dhB
    Enclose a group of authorization directives of which none must succeed for the enclosing directive to not fail.
    RewriteBase URL-pathdhE
    Sets the base URL for per-directory rewrites
    RewriteCond - TestString CondPatternsvdhE
    Defines a condition under which rewriting will take place +
    RewriteBase URL-pathdhE
    Sets the base URL for per-directory rewrites
    RewriteCond + TestString CondPatternsvdhE
    Defines a condition under which rewriting will take place
    RewriteEngine on|off off svdhE
    Enables or disables runtime rewriting engine
    RewriteMap MapName MapType:MapSource -svE
    Defines a mapping function for key-lookup
    RewriteOptions OptionssvdhE
    Sets some special options for the rewrite engine
    RewriteRule - Pattern Substitution [flags]svdhE
    Defines rules for the rewriting engine
    RLimitCPU seconds|max [seconds|max]svdhC
    Apache の子プロセスから起動されたプロセスの CPU 消費量を +
    RewriteEngine on|off off svdhE
    Enables or disables runtime rewriting engine
    RewriteMap MapName MapType:MapSource +svE
    Defines a mapping function for key-lookup
    RewriteOptions OptionssvdhE
    Sets some special options for the rewrite engine
    RewriteRule + Pattern Substitution [flags]svdhE
    Defines rules for the rewriting engine
    RLimitCPU seconds|max [seconds|max]svdhC
    Apache の子プロセスから起動されたプロセスの CPU 消費量を 制限する
    RLimitMEM bytes|max [bytes|max]svdhC
    Apache の子プロセスから起動されたプロセスのメモリ消費量を +
    RLimitMEM bytes|max [bytes|max]svdhC
    Apache の子プロセスから起動されたプロセスのメモリ消費量を 制限する
    RLimitNPROC number|max [number|max]svdhC
    Apache の子プロセスから起動されたプロセスが起動するプロセスの +
    RLimitNPROC number|max [number|max]svdhC
    Apache の子プロセスから起動されたプロセスが起動するプロセスの 数を制限する
    Satisfy Any|All All dhE
    ホストレベルのアクセス制御とユーザ認証との相互作用を指定
    ScoreBoardFile file-path logs/apache_status sM
    子プロセスと連携するためのデータを保存する +
    Satisfy Any|All All dhE
    ホストレベルのアクセス制御とユーザ認証との相互作用を指定
    ScoreBoardFile file-path logs/apache_status sM
    子プロセスと連携するためのデータを保存する ファイルの位置
    Script method cgi-scriptsvdB
    特定のリクエストメソッドに対して CGI スクリプトを +
    Script method cgi-scriptsvdB
    特定のリクエストメソッドに対して CGI スクリプトを 実行するように設定
    ScriptAlias URL-path -file-path|directory-pathsvB
    URL をファイルシステムの位置へマップし、マップ先を +
    ScriptAlias URL-path +file-path|directory-pathsvB
    URL をファイルシステムの位置へマップし、マップ先を CGI スクリプトに指定
    ScriptAliasMatch regex -file-path|directory-pathsvB
    URL を正規表現を使ってファイルシステムの位置へマップし、マップ先を +
    ScriptAliasMatch regex +file-path|directory-pathsvB
    URL を正規表現を使ってファイルシステムの位置へマップし、マップ先を CGI スクリプトに指定
    ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhC
    CGI スクリプトのインタープリタの位置を調べるための手法
    ScriptLog file-pathsvB
    CGI スクリプトのエラーログファイルの場所
    ScriptLogBuffer bytes 1024 svB
    スクリプトログに記録される PUT や POST リクエストの内容の上限
    ScriptLogLength bytes 10385760 svB
    CGI スクリプトのログファイルの大きさの上限
    ScriptSock file-path logs/cgisock sB
    CGI デーモンとの通信に使われるソケットのファイル名の接頭辞
    SecureListen [IP-address:]portnumber -Certificate-Name [MUTUAL]sB
    Enables SSL encryption for the specified port
    SeeRequestTail On|Off Off sC
    Determine if mod_status displays the first 63 characters +
    ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhC
    CGI スクリプトのインタープリタの位置を調べるための手法
    ScriptLog file-pathsvB
    CGI スクリプトのエラーログファイルの場所
    ScriptLogBuffer bytes 1024 svB
    スクリプトログに記録される PUT や POST リクエストの内容の上限
    ScriptLogLength bytes 10385760 svB
    CGI スクリプトのログファイルの大きさの上限
    ScriptSock file-path logs/cgisock sB
    CGI デーモンとの通信に使われるソケットのファイル名の接頭辞
    SecureListen [IP-address:]portnumber +Certificate-Name [MUTUAL]sB
    Enables SSL encryption for the specified port
    SeeRequestTail On|Off Off sC
    Determine if mod_status displays the first 63 characters of a request or the last 63, assuming the request itself is greater than 63 chars.
    SendBufferSize bytes 0 sM
    TCP バッファサイズ
    ServerAdmin email-address|URLsvC
    サーバがクライアントに送るエラーメッセージに含める電子メールの +
    SendBufferSize bytes 0 sM
    TCP バッファサイズ
    ServerAdmin email-address|URLsvC
    サーバがクライアントに送るエラーメッセージに含める電子メールの アドレス
    ServerAlias hostname [hostname] ...vC
    リクエストを名前ベースのバーチャルホストにマッチさせているときに +
    ServerAlias hostname [hostname] ...vC
    リクエストを名前ベースのバーチャルホストにマッチさせているときに 使用されるホストの別名
    ServerLimit numbersM
    設定可能なサーバプロセス数の上限
    ServerName [scheme://]fully-qualified-domain-name[:port]svC
    サーバが自分自身を示すときに使うホスト名とポート
    ServerPath URL-pathvC
    非互換のブラウザが名前ベースのバーチャルホストにアクセスしたときの +
    ServerLimit numbersM
    設定可能なサーバプロセス数の上限
    ServerName [scheme://]fully-qualified-domain-name[:port]svC
    サーバが自分自身を示すときに使うホスト名とポート
    ServerPath URL-pathvC
    非互換のブラウザが名前ベースのバーチャルホストにアクセスしたときの ための互換用 URL パス名
    ServerRoot directory-path /usr/local/apache sC
    インストールされたサーバのベースディレクトリ
    ServerSignature On|Off|EMail Off svdhC
    サーバが生成するドキュメントのフッタを設定
    ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sC
    Server HTTP 応答ヘッダを設定する
    Session On|Off Off svdhE
    Enables a session for the current directory or location
    SessionCookieName name attributessvdhE
    Name and attributes for the RFC2109 cookie storing the session
    SessionCookieName2 name attributessvdhE
    Name and attributes for the RFC2965 cookie storing the session
    SessionCookieRemove On|Off Off svdhE
    Control for whether session cookies should be removed from incoming HTTP headers
    SessionCryptoCipher namesvdhX
    The crypto cipher to be used to encrypt the session
    SessionCryptoDriver name [param[=value]]sX
    The crypto driver to be used to encrypt the session
    SessionCryptoPassphrase secret [ secret ... ] svdhX
    The key used to encrypt the session
    SessionCryptoPassphraseFile filenamesvdX
    File containing keys used to encrypt the session
    SessionDBDCookieName name attributessvdhE
    Name and attributes for the RFC2109 cookie storing the session ID
    SessionDBDCookieName2 name attributessvdhE
    Name and attributes for the RFC2965 cookie storing the session ID
    SessionDBDCookieRemove On|Off On svdhE
    Control for whether session ID cookies should be removed from incoming HTTP headers
    SessionDBDDeleteLabel label deletesession svdhE
    The SQL query to use to remove sessions from the database
    SessionDBDInsertLabel label insertsession svdhE
    The SQL query to use to insert sessions into the database
    SessionDBDPerUser On|Off Off svdhE
    Enable a per user session
    SessionDBDSelectLabel label selectsession svdhE
    The SQL query to use to select sessions from the database
    SessionDBDUpdateLabel label updatesession svdhE
    The SQL query to use to update existing sessions in the database
    SessionEnv On|Off Off svdhE
    Control whether the contents of the session are written to the +
    ServerRoot directory-path /usr/local/apache sC
    インストールされたサーバのベースディレクトリ
    ServerSignature On|Off|EMail Off svdhC
    サーバが生成するドキュメントのフッタを設定
    ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sC
    Server HTTP 応答ヘッダを設定する
    Session On|Off Off svdhE
    Enables a session for the current directory or location
    SessionCookieName name attributessvdhE
    Name and attributes for the RFC2109 cookie storing the session
    SessionCookieName2 name attributessvdhE
    Name and attributes for the RFC2965 cookie storing the session
    SessionCookieRemove On|Off Off svdhE
    Control for whether session cookies should be removed from incoming HTTP headers
    SessionCryptoCipher namesvdhX
    The crypto cipher to be used to encrypt the session
    SessionCryptoDriver name [param[=value]]sX
    The crypto driver to be used to encrypt the session
    SessionCryptoPassphrase secret [ secret ... ] svdhX
    The key used to encrypt the session
    SessionCryptoPassphraseFile filenamesvdX
    File containing keys used to encrypt the session
    SessionDBDCookieName name attributessvdhE
    Name and attributes for the RFC2109 cookie storing the session ID
    SessionDBDCookieName2 name attributessvdhE
    Name and attributes for the RFC2965 cookie storing the session ID
    SessionDBDCookieRemove On|Off On svdhE
    Control for whether session ID cookies should be removed from incoming HTTP headers
    SessionDBDDeleteLabel label deletesession svdhE
    The SQL query to use to remove sessions from the database
    SessionDBDInsertLabel label insertsession svdhE
    The SQL query to use to insert sessions into the database
    SessionDBDPerUser On|Off Off svdhE
    Enable a per user session
    SessionDBDSelectLabel label selectsession svdhE
    The SQL query to use to select sessions from the database
    SessionDBDUpdateLabel label updatesession svdhE
    The SQL query to use to update existing sessions in the database
    SessionEnv On|Off Off svdhE
    Control whether the contents of the session are written to the HTTP_SESSION environment variable
    SessionExclude pathsvdhE
    Define URL prefixes for which a session is ignored
    SessionHeader headersvdhE
    Import session updates from a given HTTP response header
    SessionInclude pathsvdhE
    Define URL prefixes for which a session is valid
    SessionMaxAge maxage 0 svdhE
    Define a maximum age in seconds for a session
    SetEnv env-variable valuesvdhB
    環境変数を設定する
    SetEnvIf attribute +
    SessionExclude pathsvdhE
    Define URL prefixes for which a session is ignored
    SessionHeader headersvdhE
    Import session updates from a given HTTP response header
    SessionInclude pathsvdhE
    Define URL prefixes for which a session is valid
    SessionMaxAge maxage 0 svdhE
    Define a maximum age in seconds for a session
    SetEnv env-variable valuesvdhB
    環境変数を設定する
    SetEnvIf attribute regex [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhB
    リクエストの属性に基づいて環境変数を設定する + [[!]env-variable[=value]] ...svdhB
    リクエストの属性に基づいて環境変数を設定する
    svdhB
    Sets environment variables based on an ap_expr expression
    SetEnvIfNoCase attribute regex +
    svdhB
    Sets environment variables based on an ap_expr expression
    SetEnvIfNoCase attribute regex [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhB
    リクエストの属性に基づいて大文字小文字を区別せずに環境変数を設定する
    SetHandler handler-name|NonesvdhC
    マッチするファイルがハンドラで処理されるようにする
    SetInputFilter filter[;filter...]svdhC
    クライアントのリクエストや POST の入力を処理するフィルタを設定する
    SetOutputFilter filter[;filter...]svdhC
    サーバの応答を処理するフィルタを設定する
    SSIEndTag tag "-->" svB
    include 要素を終了させる文字列
    SSIErrorMsg message "[an error occurred +svdhB
    SSI のエラーがあったときに表示されるエラーメッセージ
    SSIETag on|off off dhB
    Controls whether ETags are generated by the server.
    SSILastModified on|off off dhB
    Controls whether Last-Modified headers are generated by the + [[!]env-variable[=value]] ...svdhB
    リクエストの属性に基づいて大文字小文字を区別せずに環境変数を設定する
    SetHandler handler-name|NonesvdhC
    マッチするファイルがハンドラで処理されるようにする
    SetInputFilter filter[;filter...]svdhC
    クライアントのリクエストや POST の入力を処理するフィルタを設定する
    SetOutputFilter filter[;filter...]svdhC
    サーバの応答を処理するフィルタを設定する
    SSIEndTag tag "-->" svB
    include 要素を終了させる文字列
    SSIErrorMsg message "[an error occurred +svdhB
    SSI のエラーがあったときに表示されるエラーメッセージ
    SSIETag on|off off dhB
    Controls whether ETags are generated by the server.
    SSILastModified on|off off dhB
    Controls whether Last-Modified headers are generated by the server.
    SSILegacyExprParser on|off off dhB
    Enable compatibility mode for conditional expressions.
    SSIStartTag tag "<!--#" svB
    include 要素を開始する文字列
    SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhB
    日付けを現す文字列の書式を設定する
    SSIUndefinedEcho string "(none)" svdhB
    未定義の変数が echo されたときに表示される文字列
    SSLCACertificateFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates +
    SSILegacyExprParser on|off off dhB
    Enable compatibility mode for conditional expressions.
    SSIStartTag tag "<!--#" svB
    include 要素を開始する文字列
    SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhB
    日付けを現す文字列の書式を設定する
    SSIUndefinedEcho string "(none)" svdhB
    未定義の変数が echo されたときに表示される文字列
    SSLCACertificateFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates for Client Auth
    SSLCACertificatePath directory-pathsvE
    Directory of PEM-encoded CA Certificates for +
    SSLCACertificatePath directory-pathsvE
    Directory of PEM-encoded CA Certificates for Client Auth
    SSLCADNRequestFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates +
    SSLCADNRequestFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates for defining acceptable CA names
    SSLCADNRequestPath directory-pathsvE
    Directory of PEM-encoded CA Certificates for +
    SSLCADNRequestPath directory-pathsvE
    Directory of PEM-encoded CA Certificates for defining acceptable CA names
    SSLCARevocationCheck chain|leaf|none none svE
    Enable CRL-based revocation checking
    SSLCARevocationFile file-pathsvE
    File of concatenated PEM-encoded CA CRLs for +
    SSLCARevocationCheck chain|leaf|none none svE
    Enable CRL-based revocation checking
    SSLCARevocationFile file-pathsvE
    File of concatenated PEM-encoded CA CRLs for Client Auth
    SSLCARevocationPath directory-pathsvE
    Directory of PEM-encoded CA CRLs for +
    SSLCARevocationPath directory-pathsvE
    Directory of PEM-encoded CA CRLs for Client Auth
    SSLCertificateChainFile file-pathsvE
    File of PEM-encoded Server CA Certificates
    SSLCertificateFile file-pathsvE
    Server PEM-encoded X.509 certificate data file
    SSLCertificateKeyFile file-pathsvE
    Server PEM-encoded private key file
    SSLCipherSuite cipher-spec DEFAULT (depends on +svdhE
    Cipher Suite available for negotiation in SSL +
    SSLCertificateChainFile file-pathsvE
    File of PEM-encoded Server CA Certificates
    SSLCertificateFile file-pathsvE
    Server PEM-encoded X.509 certificate data file
    SSLCertificateKeyFile file-pathsvE
    Server PEM-encoded private key file
    SSLCipherSuite cipher-spec DEFAULT (depends on +svdhE
    Cipher Suite available for negotiation in SSL handshake
    SSLCompression on|off off svE
    Enable compression on the SSL level
    SSLCryptoDevice engine builtin sE
    Enable use of a cryptographic hardware accelerator
    SSLEngine on|off|optional off svE
    SSL Engine Operation Switch
    SSLFIPS on|off off sE
    SSL FIPS mode Switch
    SSLHonorCipherOrder on|off off svE
    Option to prefer the server's cipher preference order
    SSLInsecureRenegotiation on|off off svE
    Option to enable support for insecure renegotiation
    SSLOCSDefaultResponder urisvE
    Set the default responder URI for OCSP validation
    SSLOCSPEnable on|off off svE
    Enable OCSP validation of the client certificate chain
    SSLOCSPOverrideResponder on|off off svE
    Force use of the default responder URI for OCSP validation
    SSLOCSPResponderTimeout seconds 10 svE
    Timeout for OCSP queries
    SSLOCSPResponseMaxAge seconds -1 svE
    Maximum allowable age for OCSP responses
    SSLOCSPResponseTimeSkew seconds 300 svE
    Maximum allowable time skew for OCSP response validation
    SSLOCSPUseRequestNonce on|off on svE
    Use a nonce within OCSP queries
    SSLOpenSSLConfCmd command-name command-valuesvE
    Configure OpenSSL parameters through its SSL_CONF API
    SSLOptions [+|-]option ...svdhE
    Configure various SSL engine run-time options
    SSLPassPhraseDialog type builtin sE
    Type of pass phrase dialog for encrypted private +
    SSLCompression on|off off svE
    Enable compression on the SSL level
    SSLCryptoDevice engine builtin sE
    Enable use of a cryptographic hardware accelerator
    SSLEngine on|off|optional off svE
    SSL Engine Operation Switch
    SSLFIPS on|off off sE
    SSL FIPS mode Switch
    SSLHonorCipherOrder on|off off svE
    Option to prefer the server's cipher preference order
    SSLInsecureRenegotiation on|off off svE
    Option to enable support for insecure renegotiation
    SSLOCSDefaultResponder urisvE
    Set the default responder URI for OCSP validation
    SSLOCSPEnable on|off off svE
    Enable OCSP validation of the client certificate chain
    SSLOCSPOverrideResponder on|off off svE
    Force use of the default responder URI for OCSP validation
    SSLOCSPResponderTimeout seconds 10 svE
    Timeout for OCSP queries
    SSLOCSPResponseMaxAge seconds -1 svE
    Maximum allowable age for OCSP responses
    SSLOCSPResponseTimeSkew seconds 300 svE
    Maximum allowable time skew for OCSP response validation
    SSLOCSPUseRequestNonce on|off on svE
    Use a nonce within OCSP queries
    SSLOpenSSLConfCmd command-name command-valuesvE
    Configure OpenSSL parameters through its SSL_CONF API
    SSLOptions [+|-]option ...svdhE
    Configure various SSL engine run-time options
    SSLPassPhraseDialog type builtin sE
    Type of pass phrase dialog for encrypted private keys
    SSLProtocol [+|-]protocol ... all svE
    Configure usable SSL/TLS protocol versions
    SSLProxyCACertificateFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates +
    SSLProtocol [+|-]protocol ... all -SSLv3 (up to 2 +svE
    Configure usable SSL/TLS protocol versions
    SSLProxyCACertificateFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates for Remote Server Auth
    SSLProxyCACertificatePath directory-pathsvE
    Directory of PEM-encoded CA Certificates for +
    SSLProxyCACertificatePath directory-pathsvE
    Directory of PEM-encoded CA Certificates for Remote Server Auth
    SSLProxyCARevocationCheck chain|leaf|none none svE
    Enable CRL-based revocation checking for Remote Server Auth
    SSLProxyCARevocationFile file-pathsvE
    File of concatenated PEM-encoded CA CRLs for +
    SSLProxyCARevocationCheck chain|leaf|none none svE
    Enable CRL-based revocation checking for Remote Server Auth
    SSLProxyCARevocationFile file-pathsvE
    File of concatenated PEM-encoded CA CRLs for Remote Server Auth
    SSLProxyCARevocationPath directory-pathsvE
    Directory of PEM-encoded CA CRLs for +
    SSLProxyCARevocationPath directory-pathsvE
    Directory of PEM-encoded CA CRLs for Remote Server Auth
    SSLProxyCheckPeerCN on|off on svE
    Whether to check the remote server certificate's CN field +
    SSLProxyCheckPeerCN on|off on svE
    Whether to check the remote server certificate's CN field
    SSLProxyCheckPeerExpire on|off on svE
    Whether to check if remote server certificate is expired +
    SSLProxyCheckPeerExpire on|off on svE
    Whether to check if remote server certificate is expired
    SSLProxyCheckPeerName on|off on svE
    Configure host name checking for remote server certificates +
    SSLProxyCheckPeerName on|off on svE
    Configure host name checking for remote server certificates
    SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhE
    Cipher Suite available for negotiation in SSL +
    SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhE
    Cipher Suite available for negotiation in SSL proxy handshake
    SSLProxyEngine on|off off svE
    SSL Proxy Engine Operation Switch
    SSLProxyMachineCertificateChainFile filenamesE
    File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate
    SSLProxyMachineCertificateFile filenamesE
    File of concatenated PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyMachineCertificatePath directorysE
    Directory of PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyProtocol [+|-]protocol ... all svE
    Configure usable SSL protocol flavors for proxy usage
    SSLProxyVerify level none svE
    Type of remote server Certificate verification
    SSLProxyVerifyDepth number 1 svE
    Maximum depth of CA Certificates in Remote Server +
    SSLProxyEngine on|off off svE
    SSL Proxy Engine Operation Switch
    SSLProxyMachineCertificateChainFile filenamesE
    File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate
    SSLProxyMachineCertificateFile filenamesE
    File of concatenated PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyMachineCertificatePath directorysE
    Directory of PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyProtocol [+|-]protocol ... all -SSLv3 (up to 2 +svE
    Configure usable SSL protocol flavors for proxy usage
    SSLProxyVerify level none svE
    Type of remote server Certificate verification
    SSLProxyVerifyDepth number 1 svE
    Maximum depth of CA Certificates in Remote Server Certificate verification
    SSLRandomSeed context source -[bytes]sE
    Pseudo Random Number Generator (PRNG) seeding +
    SSLRandomSeed context source +[bytes]sE
    Pseudo Random Number Generator (PRNG) seeding source
    SSLRenegBufferSize bytes 131072 dhE
    Set the size for the SSL renegotiation buffer
    SSLRequire expressiondhE
    Allow access only when an arbitrarily complex +
    SSLRenegBufferSize bytes 131072 dhE
    Set the size for the SSL renegotiation buffer
    SSLRequire expressiondhE
    Allow access only when an arbitrarily complex boolean expression is true
    SSLRequireSSLdhE
    Deny access when SSL is not used for the +
    SSLRequireSSLdhE
    Deny access when SSL is not used for the HTTP request
    SSLSessionCache type none sE
    Type of the global/inter-process SSL Session +
    SSLSessionCache type none sE
    Type of the global/inter-process SSL Session Cache
    SSLSessionCacheTimeout seconds 300 svE
    Number of seconds before an SSL session expires +
    SSLSessionCacheTimeout seconds 300 svE
    Number of seconds before an SSL session expires in the Session Cache
    SSLSessionTicketKeyFile file-pathsvE
    Persistent encryption/decryption key for TLS session tickets
    SSLSessionTickets on|off on svE
    Enable or disable use of TLS session tickets
    SSLSRPUnknownUserSeed secret-stringsvE
    SRP unknown user seed
    SSLSRPVerifierFile file-pathsvE
    Path to SRP verifier file
    SSLStaplingCache typesE
    Configures the OCSP stapling cache
    SSLStaplingErrorCacheTimeout seconds 600 svE
    Number of seconds before expiring invalid responses in the OCSP stapling cache
    SSLStaplingFakeTryLater on|off on svE
    Synthesize "tryLater" responses for failed OCSP stapling queries
    SSLStaplingForceURL urisvE
    Override the OCSP responder URI specified in the certificate's AIA extension
    SSLStaplingResponderTimeout seconds 10 svE
    Timeout for OCSP stapling queries
    SSLStaplingResponseMaxAge seconds -1 svE
    Maximum allowable age for OCSP stapling responses
    SSLStaplingResponseTimeSkew seconds 300 svE
    Maximum allowable time skew for OCSP stapling response validation
    SSLStaplingReturnResponderErrors on|off on svE
    Pass stapling related OCSP errors on to client
    SSLStaplingStandardCacheTimeout seconds 3600 svE
    Number of seconds before expiring responses in the OCSP stapling cache
    SSLStrictSNIVHostCheck on|off off svE
    Whether to allow non-SNI clients to access a name-based virtual +
    SSLSessionTicketKeyFile file-pathsvE
    Persistent encryption/decryption key for TLS session tickets
    SSLSessionTickets on|off on svE
    Enable or disable use of TLS session tickets
    SSLSRPUnknownUserSeed secret-stringsvE
    SRP unknown user seed
    SSLSRPVerifierFile file-pathsvE
    Path to SRP verifier file
    SSLStaplingCache typesE
    Configures the OCSP stapling cache
    SSLStaplingErrorCacheTimeout seconds 600 svE
    Number of seconds before expiring invalid responses in the OCSP stapling cache
    SSLStaplingFakeTryLater on|off on svE
    Synthesize "tryLater" responses for failed OCSP stapling queries
    SSLStaplingForceURL urisvE
    Override the OCSP responder URI specified in the certificate's AIA extension
    SSLStaplingResponderTimeout seconds 10 svE
    Timeout for OCSP stapling queries
    SSLStaplingResponseMaxAge seconds -1 svE
    Maximum allowable age for OCSP stapling responses
    SSLStaplingResponseTimeSkew seconds 300 svE
    Maximum allowable time skew for OCSP stapling response validation
    SSLStaplingReturnResponderErrors on|off on svE
    Pass stapling related OCSP errors on to client
    SSLStaplingStandardCacheTimeout seconds 3600 svE
    Number of seconds before expiring responses in the OCSP stapling cache
    SSLStrictSNIVHostCheck on|off off svE
    Whether to allow non-SNI clients to access a name-based virtual host.
    SSLUserName varnamesdhE
    Variable name to determine user name
    SSLUseStapling on|off off svE
    Enable stapling of OCSP responses in the TLS handshake
    SSLVerifyClient level none svdhE
    Type of Client Certificate verification
    SSLVerifyDepth number 1 svdhE
    Maximum depth of CA Certificates in Client +
    SSLUserName varnamesdhE
    Variable name to determine user name
    SSLUseStapling on|off off svE
    Enable stapling of OCSP responses in the TLS handshake
    SSLVerifyClient level none svdhE
    Type of Client Certificate verification
    SSLVerifyDepth number 1 svdhE
    Maximum depth of CA Certificates in Client Certificate verification
    StartServers numbersM
    起動時に生成される子サーバプロセスの数
    StartThreads numbersM
    起動時に生成されるスレッドの数
    Substitute s/pattern/substitution/[infq]dhE
    Pattern to filter the response content
    StartServers numbersM
    起動時に生成される子サーバプロセスの数
    StartThreads numbersM
    起動時に生成されるスレッドの数
    Substitute s/pattern/substitution/[infq]dhE
    Pattern to filter the response content
    SubstituteInheritBefore on|off off dhE
    Change the merge order of inherited patterns
    SubstituteMaxLineLength bytes(b|B|k|K|m|M|g|G) 1m dhE
    Set the maximum line size
    Suexec On|OffsB
    Enable or disable the suEXEC feature
    SuexecUserGroup User GroupsvE
    CGI プログラムのユーザパーミッション、グループパーミッション
    Group unix-group #-1 sB
    Group under which the server will answer requests
    Header [condition] set|append|add|unset|echo -header [value] [early|env=[!]variable]svdhE
    HTTP Ѵ
    HeaderName filenamesvdhB
    ϸ ̸
    HeartbeatAddress addr:portsX
    Multicast address for heartbeat packets
    HeartbeatListenaddr:portsX
    multicast address to listen for incoming heartbeat requests
    HeartbeatMaxServers number-of-servers 10 sX
    Specifies the maximum number of servers that will be sending +
    H2Direct on|off on (for non TLS) svE
    H2 Direct Protocol Switch
    H2MaxSessionStreams n 100 svE
    Maximum number of active streams per HTTP/2 session.
    H2MaxWorkerIdleSeconds n 600 sE
    Maximum number of seconds h2 workers remain idle until shut down.
    H2MaxWorkers nsE
    Maximum number of worker threads to use per child process.
    H2MinWorkers nsE
    Minimal number of worker threads to use per child process.
    H2SerializeHeaders on|off off svE
    Serialize Request/Resoonse Processing Switch
    H2SessionExtraFiles n 5 svE
    Number of Extra File Handles
    H2StreamMaxMemSize bytes 65536 svE
    Maximum amount of output data buffered per stream.
    H2WindowSize bytes 65536 svE
    Size of Stream Window for upstream data.
    Header [condition] set|append|add|unset|echo +header [value] [early|env=[!]variable]svdhE
    HTTP Ѵ
    HeaderName filenamesvdhB
    ϸ ̸
    HeartbeatAddress addr:portsX
    Multicast address for heartbeat packets
    HeartbeatListenaddr:portsX
    multicast address to listen for incoming heartbeat requests
    HeartbeatMaxServers number-of-servers 10 sX
    Specifies the maximum number of servers that will be sending heartbeat requests to this server
    HeartbeatStorage file-path logs/hb.dat sX
    Path to store heartbeat data
    HeartbeatStorage file-path logs/hb.dat sX
    Path to read heartbeat data
    HostnameLookups On|Off|Double Off svdC
    Enables DNS lookups on client IP addresses
    IdentityCheck On|Off Off svdE
    RFC 1413 ſ α׿ Ѵ
    IdentityCheckTimeout seconds 30 svdE
    ident û ð Ѵ
    <If expression> ... </If>svdhC
    Contains directives that apply only if a condition is +
    HeartbeatStorage file-path logs/hb.dat sX
    Path to store heartbeat data
    HeartbeatStorage file-path logs/hb.dat sX
    Path to read heartbeat data
    HostnameLookups On|Off|Double Off svdC
    Enables DNS lookups on client IP addresses
    IdentityCheck On|Off Off svdE
    RFC 1413 ſ α׿ Ѵ
    IdentityCheckTimeout seconds 30 svdE
    ident û ð Ѵ
    <If expression> ... </If>svdhC
    Contains directives that apply only if a condition is satisfied by a request at runtime
    <IfDefine [!]parameter-name> ... - </IfDefine>svdhC
    Encloses directives that will be processed only +
    <IfDefine [!]parameter-name> ... + </IfDefine>svdhC
    Encloses directives that will be processed only if a test is true at startup
    <IfModule [!]module-file|module-identifier> ... - </IfModule>svdhC
    Encloses directives that are processed conditional on the +
    <IfModule [!]module-file|module-identifier> ... + </IfModule>svdhC
    Encloses directives that are processed conditional on the presence or absence of a specific module
    <IfVersion [[!]operator] version> ... -</IfVersion>svdhE
    ´
    ImapBase map|referer|URL http://servername/ svdhB
    ̹ Ͽ base
    ImapDefault error|nocontent|map|referer|URL nocontent svdhB
    ̹ʿ ش ʴ ǥ +
    <IfVersion [[!]operator] version> ... +</IfVersion>svdhE
    ´
    ImapBase map|referer|URL http://servername/ svdhB
    ̹ Ͽ base
    ImapDefault error|nocontent|map|referer|URL nocontent svdhB
    ̹ʿ ش ʴ ǥ ⺻ ൿ
    ImapMenu none|formatted|semiformatted|unformattedsvdhB
    ǥ ̹ û ൿ
    Include file-path|directory-path|wildcardsvdC
    Includes other configuration files from within +
    ImapMenu none|formatted|semiformatted|unformattedsvdhB
    ǥ ̹ û ൿ
    Include file-path|directory-path|wildcardsvdC
    Includes other configuration files from within the server configuration files
    IncludeOptional file-path|directory-path|wildcardsvdC
    Includes other configuration files from within +
    IncludeOptional file-path|directory-path|wildcardsvdC
    Includes other configuration files from within the server configuration files
    svdhB
    Inserts text in the HEAD section of an index page.
    IndexIgnore file [file] ...svdhB
    丮 Ͽ ϸ ߰Ѵ
    IndexIgnoreReset ON|OFFsvdhB
    Empties the list of files to hide when listing +
    svdhB
    Inserts text in the HEAD section of an index page.
    IndexIgnore file [file] ...svdhB
    丮 Ͽ ϸ ߰Ѵ
    IndexIgnoreReset ON|OFFsvdhB
    Empties the list of files to hide when listing a directory
    IndexOptions [+|-]option [[+|-]option] -...svdhB
    IndexOrderDefault Ascending|Descending -Name|Date|Size|Description Ascending Name svdhB
    丮 ⺻ Ѵ
    IndexStyleSheet url-pathsvdhB
    丮 Ͽ CSS ŸϽƮ ߰Ѵ
    InputSed sed-commanddhX
    Sed command to filter request data (typically POST data)
    ISAPIAppendLogToErrors on|off off svdhB
    ISAPI exntension HSE_APPEND_LOG_PARAMETER +
    IndexOptions [+|-]option [[+|-]option] +...svdhB
    IndexOrderDefault Ascending|Descending +Name|Date|Size|Description Ascending Name svdhB
    丮 ⺻ Ѵ
    IndexStyleSheet url-pathsvdhB
    丮 Ͽ CSS ŸϽƮ ߰Ѵ
    InputSed sed-commanddhX
    Sed command to filter request data (typically POST data)
    ISAPIAppendLogToErrors on|off off svdhB
    ISAPI exntension HSE_APPEND_LOG_PARAMETER û α׿ Ѵ
    ISAPIAppendLogToQuery on|off on svdhB
    ISAPI exntension HSE_APPEND_LOG_PARAMETER +
    ISAPIAppendLogToQuery on|off on svdhB
    ISAPI exntension HSE_APPEND_LOG_PARAMETER û ǹڿ Ѵ
    ISAPICacheFile file-path [file-path] -...svB
    Ҷ ޸𸮷 о ISAPI .dll ϵ
    ISAPIFakeAsync on|off off svdhB
    񵿱 ISAPI ݹ ϴ ôѴ
    ISAPILogNotSupported on|off off svdhB
    ISAPI extension ʴ ûϸ +
    ISAPICacheFile file-path [file-path] +...svB
    Ҷ ޸𸮷 о ISAPI .dll ϵ
    ISAPIFakeAsync on|off off svdhB
    񵿱 ISAPI ݹ ϴ ôѴ
    ISAPILogNotSupported on|off off svdhB
    ISAPI extension ʴ ûϸ α׿ Ѵ
    ISAPIReadAheadBuffer size 49152 svdhB
    ISAPI extension ̸б(read ahead buffer) +
    ISAPIReadAheadBuffer size 49152 svdhB
    ISAPI extension ̸б(read ahead buffer) ũ
    KeepAlive On|Off On svC
    Enables HTTP persistent connections
    KeepAliveTimeout num[ms] 5 svC
    Amount of time the server will wait for subsequent +
    KeepAlive On|Off On svC
    Enables HTTP persistent connections
    KeepAliveTimeout num[ms] 5 svC
    Amount of time the server will wait for subsequent requests on a persistent connection
    KeptBodySize maximum size in bytes 0 dB
    Keep the request body instead of discarding it up to +
    KeptBodySize maximum size in bytes 0 dB
    Keep the request body instead of discarding it up to the specified maximum size, for potential use by filters such as mod_include.
    LanguagePriority MIME-lang [MIME-lang] -...svdhB
    The precendence of language variants for cases where +
    LanguagePriority MIME-lang [MIME-lang] +...svdhB
    The precendence of language variants for cases where the client does not express a preference
    LDAPCacheEntries number 1024 sE
    Maximum number of entries in the primary LDAP cache
    LDAPCacheTTL seconds 600 sE
    Time that cached items remain valid
    LDAPConnectionPoolTTL n -1 svE
    Discard backend connections that have been sitting in the connection pool too long
    LDAPConnectionTimeout secondssE
    Specifies the socket connection timeout in seconds
    LDAPLibraryDebug 7sE
    Enable debugging in the LDAP SDK
    LDAPOpCacheEntries number 1024 sE
    Number of entries used to cache LDAP compare +
    LDAPCacheEntries number 1024 sE
    Maximum number of entries in the primary LDAP cache
    LDAPCacheTTL seconds 600 sE
    Time that cached items remain valid
    LDAPConnectionPoolTTL n -1 svE
    Discard backend connections that have been sitting in the connection pool too long
    LDAPConnectionTimeout secondssE
    Specifies the socket connection timeout in seconds
    LDAPLibraryDebug 7sE
    Enable debugging in the LDAP SDK
    LDAPOpCacheEntries number 1024 sE
    Number of entries used to cache LDAP compare operations
    LDAPOpCacheTTL seconds 600 sE
    Time that entries in the operation cache remain +
    LDAPOpCacheTTL seconds 600 sE
    Time that entries in the operation cache remain valid
    LDAPReferralHopLimit numberdhE
    The maximum number of referral hops to chase before terminating an LDAP query.
    LDAPReferrals On|Off|default On dhE
    Enable referral chasing during queries to the LDAP server.
    LDAPRetries number-of-retries 3 sE
    Configures the number of LDAP server retries.
    LDAPRetryDelay seconds 0 sE
    Configures the delay between LDAP server retries.
    LDAPSharedCacheFile directory-path/filenamesE
    Sets the shared memory cache file
    LDAPSharedCacheSize bytes 500000 sE
    Size in bytes of the shared-memory cache
    LDAPTimeout seconds 60 sE
    Specifies the timeout for LDAP search and bind operations, in seconds
    LDAPTrustedClientCert type directory-path/filename/nickname [password]dhE
    Sets the file containing or nickname referring to a per +
    LDAPReferralHopLimit numberdhE
    The maximum number of referral hops to chase before terminating an LDAP query.
    LDAPReferrals On|Off|default On dhE
    Enable referral chasing during queries to the LDAP server.
    LDAPRetries number-of-retries 3 sE
    Configures the number of LDAP server retries.
    LDAPRetryDelay seconds 0 sE
    Configures the delay between LDAP server retries.
    LDAPSharedCacheFile directory-path/filenamesE
    Sets the shared memory cache file
    LDAPSharedCacheSize bytes 500000 sE
    Size in bytes of the shared-memory cache
    LDAPTimeout seconds 60 sE
    Specifies the timeout for LDAP search and bind operations, in seconds
    LDAPTrustedClientCert type directory-path/filename/nickname [password]dhE
    Sets the file containing or nickname referring to a per connection client certificate. Not all LDAP toolkits support per connection client certificates.
    LDAPTrustedGlobalCert type directory-path/filename [password]sE
    Sets the file or database containing global trusted +
    LDAPTrustedGlobalCert type directory-path/filename [password]sE
    Sets the file or database containing global trusted Certificate Authority or global client certificates
    LDAPTrustedMode typesvE
    Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
    LDAPVerifyServerCert On|Off On sE
    Force server certificate verification
    <Limit method [method] ... > ... - </Limit>dhC
    Restrict enclosed access controls to only certain HTTP +
    LDAPTrustedMode typesvE
    Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
    LDAPVerifyServerCert On|Off On sE
    Force server certificate verification
    <Limit method [method] ... > ... + </Limit>dhC
    Restrict enclosed access controls to only certain HTTP methods
    <LimitExcept method [method] ... > ... - </LimitExcept>dhC
    Restrict access controls to all HTTP methods +
    <LimitExcept method [method] ... > ... + </LimitExcept>dhC
    Restrict access controls to all HTTP methods except the named ones
    LimitInternalRecursion number [number] 10 svC
    Determine maximum number of internal redirects and nested +
    LimitInternalRecursion number [number] 10 svC
    Determine maximum number of internal redirects and nested subrequests
    LimitRequestBody bytes 0 svdhC
    Restricts the total size of the HTTP request body sent +
    LimitRequestBody bytes 0 svdhC
    Restricts the total size of the HTTP request body sent from the client
    LimitRequestFields number 100 svC
    Limits the number of HTTP request header fields that +
    LimitRequestFields number 100 svC
    Limits the number of HTTP request header fields that will be accepted from the client
    LimitRequestFieldSize bytes 8190 svC
    Limits the size of the HTTP request header allowed from the +
    LimitRequestFieldSize bytes 8190 svC
    Limits the size of the HTTP request header allowed from the client
    LimitRequestLine bytes 8190 svC
    Limit the size of the HTTP request line that will be accepted +
    LimitRequestLine bytes 8190 svC
    Limit the size of the HTTP request line that will be accepted from the client
    LimitXMLRequestBody bytes 1000000 svdhC
    Limits the size of an XML-based request body
    Listen [IP-address:]portnumber [protocol]sM
    IP addresses and ports that the server +
    LimitXMLRequestBody bytes 1000000 svdhC
    Limits the size of an XML-based request body
    Listen [IP-address:]portnumber [protocol]sM
    IP addresses and ports that the server listens to
    ListenBacklog backlogsM
    Maximum length of the queue of pending connections
    ListenBacklog backlogsM
    Maximum length of the queue of pending connections
    ListenCoresBucketsRatio ratio 0 (disabled) sM
    Ratio between the number of CPU cores (online) and the number of +listeners' buckets
    LoadFile filename [filename] ...sE
    ̳ ̺귯 оδ
    LoadModule module filenamesE
    ̳ ̺귯 о̰, 밡 Ͽ ߰Ѵ
    MaxSpareServers number 10 sM
    Maximum number of idle child server processes
    MaxSpareThreads numbersM
    Maximum number of idle threads
    MaxThreads number 2048 sM
    Set the maximum number of worker threads
    MergeTrailers [on|off] off svC
    Determines whether trailers are merged into headers
    MetaDir directory .web svdhE
    CERN Ÿ ã 丮 ̸
    MetaFiles on|off off svdhE
    CERN Ÿ óѴ
    MetaSuffix suffix .meta svdhE
    CERN Ÿ ϴ ̻
    MimeMagicFile file-pathsvE
    Enable MIME-type determination based on file contents +
    MemcacheConnTTL num[units] 15s svE
    Keepalive time for idle connections
    MergeTrailers [on|off] off svC
    Determines whether trailers are merged into headers
    MetaDir directory .web svdhE
    CERN Ÿ ã 丮 ̸
    MetaFiles on|off off svdhE
    CERN Ÿ óѴ
    MetaSuffix suffix .meta svdhE
    CERN Ÿ ϴ ̻
    MimeMagicFile file-pathsvE
    Enable MIME-type determination based on file contents using the specified magic file
    MinSpareServers number 5 sM
    Minimum number of idle child server processes
    MinSpareThreads numbersM
    Minimum number of idle threads available to handle request +
    MinSpareServers number 5 sM
    Minimum number of idle child server processes
    MinSpareThreads numbersM
    Minimum number of idle threads available to handle request spikes
    MMapFile file-path [file-path] ...sX
    ۽ ޸𸮿 Ѵ
    ModemStandard V.21|V.26bis|V.32|V.92dX
    Modem standard to simulate
    ModMimeUsePathInfo On|Off Off dB
    Tells mod_mime to treat path_info +
    MMapFile file-path [file-path] ...sX
    ۽ ޸𸮿 Ѵ
    ModemStandard V.21|V.26bis|V.32|V.92dX
    Modem standard to simulate
    ModMimeUsePathInfo On|Off Off dB
    Tells mod_mime to treat path_info components as part of the filename
    MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers -[Handlers|Filters] NegotiatedOnly svdhB
    The types of files that will be included when searching for +
    MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers +[Handlers|Filters] NegotiatedOnly svdhB
    The types of files that will be included when searching for a matching file with MultiViews
    Mutex mechanism [default|mutex-name] ... [OmitPID] default sC
    Configures mutex mechanism and lock file directory for all +
    Mutex mechanism [default|mutex-name] ... [OmitPID] default sC
    Configures mutex mechanism and lock file directory for all or specified mutexes
    NameVirtualHost addr[:port]sC
    DEPRECATED: Designates an IP address for name-virtual +
    NameVirtualHost addr[:port]sC
    DEPRECATED: Designates an IP address for name-virtual hosting
    NoProxy host [host] ...svE
    Hosts, domains, or networks that will be connected to +
    NoProxy host [host] ...svE
    Hosts, domains, or networks that will be connected to directly
    NWSSLTrustedCerts filename [filename] ...sB
    List of additional client certificates
    NWSSLUpgradeable [IP-address:]portnumbersB
    Allows a connection to be upgraded to an SSL connection upon request
    Options - [+|-]option [[+|-]option] ... FollowSymlinks svdhC
    Configures what features are available in a particular +
    NWSSLTrustedCerts filename [filename] ...sB
    List of additional client certificates
    NWSSLUpgradeable [IP-address:]portnumbersB
    Allows a connection to be upgraded to an SSL connection upon request
    Options + [+|-]option [[+|-]option] ... FollowSymlinks svdhC
    Configures what features are available in a particular directory
    Order ordering Deny,Allow dhE
    Controls the default access state and the order in which +
    Order ordering Deny,Allow dhE
    Controls the default access state and the order in which Allow and Deny are evaluated.
    OutputSed sed-commanddhX
    Sed command for filtering response content
    PassEnv env-variable [env-variable] -...svdhB
    ȯ溯 ´
    PidFile filename logs/httpd.pid sM
    File where the server records the process ID +
    OutputSed sed-commanddhX
    Sed command for filtering response content
    PassEnv env-variable [env-variable] +...svdhB
    ȯ溯 ´
    PidFile filename logs/httpd.pid sM
    File where the server records the process ID of the daemon
    PrivilegesMode FAST|SECURE|SELECTIVE FAST svdX
    Trade off processing speed and efficiency vs security against +
    PrivilegesMode FAST|SECURE|SELECTIVE FAST svdX
    Trade off processing speed and efficiency vs security against malicious privileges-aware code.
    Protocol protocolsvC
    Protocol for a listening socket
    ProtocolEcho On|OffsvX
    echo Ű
    <Proxy wildcard-url> ...</Proxy>svE
    Container for directives applied to proxied resources
    ProxyAddHeaders Off|On On svdE
    Add proxy information in X-Forwarded-* headers
    ProxyBadHeader IsError|Ignore|StartBody IsError svE
    Determines how to handle bad header lines in a +
    Protocol protocolsvC
    Protocol for a listening socket
    ProtocolEcho On|OffsvX
    echo Ű
    Protocols protocol ... http/1.1 svC
    Protocols available for a server/virtual host
    ProtocolsHonorOrder On|Off On svC
    Determines if order of Protocols determines precedence during negotiation
    <Proxy wildcard-url> ...</Proxy>svE
    Container for directives applied to proxied resources
    ProxyAddHeaders Off|On On svdE
    Add proxy information in X-Forwarded-* headers
    ProxyBadHeader IsError|Ignore|StartBody IsError svE
    Determines how to handle bad header lines in a response
    ProxyBlock *|word|host|domain -[word|host|domain] ...svE
    Words, hosts, or domains that are banned from being +
    ProxyBlock *|word|host|domain +[word|host|domain] ...svE
    Words, hosts, or domains that are banned from being proxied
    ProxyDomain DomainsvE
    Default domain name for proxied requests
    ProxyErrorOverride On|Off Off svdE
    Override error pages for proxied content
    ProxyExpressDBMFile <pathname>svE
    Pathname to DBM file.
    ProxyExpressDBMFile <type>svE
    DBM type of file.
    ProxyExpressEnable [on|off]svE
    Enable the module functionality.
    ProxyFtpDirCharset character set ISO-8859-1 svdE
    Define the character set for proxied FTP listings
    ProxyFtpEscapeWildcards [on|off]svdE
    Whether wildcards in requested filenames are escaped when sent to the FTP server
    ProxyFtpListOnWildcard [on|off]svdE
    Whether wildcards in requested filenames trigger a file listing
    ProxyHTMLBufSize bytessvdB
    Sets the buffer size increment for buffering inline scripts and +
    ProxyDomain DomainsvE
    Default domain name for proxied requests
    ProxyErrorOverride On|Off Off svdE
    Override error pages for proxied content
    ProxyExpressDBMFile <pathname>svE
    Pathname to DBM file.
    ProxyExpressDBMFile <type>svE
    DBM type of file.
    ProxyExpressEnable [on|off]svE
    Enable the module functionality.
    ProxyFtpDirCharset character set ISO-8859-1 svdE
    Define the character set for proxied FTP listings
    ProxyFtpEscapeWildcards [on|off]svdE
    Whether wildcards in requested filenames are escaped when sent to the FTP server
    ProxyFtpListOnWildcard [on|off]svdE
    Whether wildcards in requested filenames trigger a file listing
    ProxyHTMLBufSize bytessvdB
    Sets the buffer size increment for buffering inline scripts and stylesheets.
    ProxyHTMLCharsetOut Charset | *svdB
    Specify a charset for mod_proxy_html output.
    ProxyHTMLDocType HTML|XHTML [Legacy]
    OR -
    ProxyHTMLDocType fpi [SGML|XML]    		svdB
    Sets an HTML or XHTML document type declaration.
    ProxyHTMLEnable On|Off Off svdB
    Turns the proxy_html filter on or off.
    ProxyHTMLEvents attribute [attribute ...]svdB
    Specify attributes to treat as scripting events.
    ProxyHTMLExtended On|Off Off svdB
    Determines whether to fix links in inline scripts, stylesheets, +
    ProxyHTMLCharsetOut Charset | *svdB
    Specify a charset for mod_proxy_html output.
    ProxyHTMLDocType HTML|XHTML [Legacy]
    OR +
    ProxyHTMLDocType fpi [SGML|XML]    		svdB
    Sets an HTML or XHTML document type declaration.
    ProxyHTMLEnable On|Off Off svdB
    Turns the proxy_html filter on or off.
    ProxyHTMLEvents attribute [attribute ...]svdB
    Specify attributes to treat as scripting events.
    ProxyHTMLExtended On|Off Off svdB
    Determines whether to fix links in inline scripts, stylesheets, and scripting events.
    ProxyHTMLFixups [lowercase] [dospath] [reset]svdB
    Fixes for simple HTML errors.
    ProxyHTMLInterp On|Off Off svdB
    Enables per-request interpolation of +
    ProxyHTMLFixups [lowercase] [dospath] [reset]svdB
    Fixes for simple HTML errors.
    ProxyHTMLInterp On|Off Off svdB
    Enables per-request interpolation of ProxyHTMLURLMap rules.
    ProxyHTMLLinks element attribute [attribute2 ...]svdB
    Specify HTML elements that have URL attributes to be rewritten.
    ProxyHTMLMeta On|Off Off svdB
    Turns on or off extra pre-parsing of metadata in HTML +
    ProxyHTMLLinks element attribute [attribute2 ...]svdB
    Specify HTML elements that have URL attributes to be rewritten.
    ProxyHTMLMeta On|Off Off svdB
    Turns on or off extra pre-parsing of metadata in HTML <head> sections.
    ProxyHTMLStripComments On|Off Off svdB
    Determines whether to strip HTML comments.
    ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]svdB
    Defines a rule to rewrite HTML links
    ProxyIOBufferSize bytes 8192 svE
    Determine size of internal data throughput buffer
    <ProxyMatch regex> ...</ProxyMatch>svE
    Container for directives applied to regular-expression-matched +
    ProxyHTMLStripComments On|Off Off svdB
    Determines whether to strip HTML comments.
    ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]svdB
    Defines a rule to rewrite HTML links
    ProxyIOBufferSize bytes 8192 svE
    Determine size of internal data throughput buffer
    <ProxyMatch regex> ...</ProxyMatch>svE
    Container for directives applied to regular-expression-matched proxied resources
    ProxyMaxForwards number -1 svE
    Maximium number of proxies that a request can be forwarded +
    ProxyMaxForwards number -1 svE
    Maximium number of proxies that a request can be forwarded through
    ProxyPass [path] !|url [key=value - [key=value ...]] [nocanon] [interpolate] [noquery]svdE
    Maps remote servers into the local server URL-space
    ProxyPassInherit On|Off On svE
    Inherit ProxyPass directives defined from the main server
    ProxyPassInterpolateEnv On|Off Off svdE
    Enable Environment Variable interpolation in Reverse Proxy configurations
    ProxyPassMatch [regex] !|url [key=value - [key=value ...]]svdE
    Maps remote servers into the local server URL-space using regular expressions
    ProxyPassReverse [path] url -[interpolate]svdE
    Adjusts the URL in HTTP response headers sent from a reverse +
    ProxyPass [path] !|url [key=value + [key=value ...]] [nocanon] [interpolate] [noquery]svdE
    Maps remote servers into the local server URL-space
    ProxyPassInherit On|Off On svE
    Inherit ProxyPass directives defined from the main server
    ProxyPassInterpolateEnv On|Off Off svdE
    Enable Environment Variable interpolation in Reverse Proxy configurations
    ProxyPassMatch [regex] !|url [key=value + [key=value ...]]svdE
    Maps remote servers into the local server URL-space using regular expressions
    ProxyPassReverse [path] url +[interpolate]svdE
    Adjusts the URL in HTTP response headers sent from a reverse proxied server
    ProxyPassReverseCookieDomain internal-domain -public-domain [interpolate]svdE
    Adjusts the Domain string in Set-Cookie headers from a reverse- +
    ProxyPassReverseCookieDomain internal-domain +public-domain [interpolate]svdE
    Adjusts the Domain string in Set-Cookie headers from a reverse- proxied server
    ProxyPassReverseCookiePath internal-path -public-path [interpolate]svdE
    Adjusts the Path string in Set-Cookie headers from a reverse- +
    ProxyPassReverseCookiePath internal-path +public-path [interpolate]svdE
    Adjusts the Path string in Set-Cookie headers from a reverse- proxied server
    ProxyPreserveHost On|Off Off svdE
    Use incoming Host HTTP request header for proxy +
    ProxyPreserveHost On|Off Off svdE
    Use incoming Host HTTP request header for proxy request
    ProxyReceiveBufferSize bytes 0 svE
    Network buffer size for proxied HTTP and FTP +
    ProxyReceiveBufferSize bytes 0 svE
    Network buffer size for proxied HTTP and FTP connections
    ProxyRemote match remote-serversvE
    Remote proxy used to handle certain requests
    ProxyRemoteMatch regex remote-serversvE
    Remote proxy used to handle requests matched by regular +
    ProxyRemote match remote-serversvE
    Remote proxy used to handle certain requests
    ProxyRemoteMatch regex remote-serversvE
    Remote proxy used to handle requests matched by regular expressions
    ProxyRequests On|Off Off svE
    Enables forward (standard) proxy requests
    ProxySCGIInternalRedirect On|Off|Headername On svdE
    Enable or disable internal redirect responses from the +
    ProxyRequests On|Off Off svE
    Enables forward (standard) proxy requests
    ProxySCGIInternalRedirect On|Off|Headername On svdE
    Enable or disable internal redirect responses from the backend
    ProxySCGISendfile On|Off|Headername Off svdE
    Enable evaluation of X-Sendfile pseudo response +
    ProxySCGISendfile On|Off|Headername Off svdE
    Enable evaluation of X-Sendfile pseudo response header
    ProxySet url key=value [key=value ...]dE
    Set various Proxy balancer or member parameters
    ProxySourceAddress addresssvE
    Set local IP address for outgoing proxy connections
    ProxyStatus Off|On|Full Off svE
    Show Proxy LoadBalancer status in mod_status
    ProxyTimeout secondssvE
    Network timeout for proxied requests
    ProxyVia On|Off|Full|Block Off svE
    Information provided in the Via HTTP response +
    ProxySet url key=value [key=value ...]dE
    Set various Proxy balancer or member parameters
    ProxySourceAddress addresssvE
    Set local IP address for outgoing proxy connections
    ProxyStatus Off|On|Full Off svE
    Show Proxy LoadBalancer status in mod_status
    ProxyTimeout secondssvE
    Network timeout for proxied requests
    ProxyVia On|Off|Full|Block Off svE
    Information provided in the Via HTTP response header for proxied requests
    ReadmeName filenamesvdhB
    ϸ ̸
    ReceiveBufferSize bytes 0 sM
    TCP receive buffer size
    Redirect [status] URL-path -URLsvdhB
    Ŭ̾Ʈ ٸ URL ϵ ûϴ ܺ +
    ReadmeName filenamesvdhB
    ϸ ̸
    ReceiveBufferSize bytes 0 sM
    TCP receive buffer size
    Redirect [status] URL-path +URLsvdhB
    Ŭ̾Ʈ ٸ URL ϵ ûϴ ܺ ̷
    RedirectMatch [status] regex -URLsvdhB
    URL ǥĿ شϸ ܺ ̷ +
    RedirectMatch [status] regex +URLsvdhB
    URL ǥĿ شϸ ܺ ̷
    RedirectPermanent URL-path URLsvdhB
    Ŭ̾Ʈ ٸ URL ϵ ûϴ ܺ +
    RedirectPermanent URL-path URLsvdhB
    Ŭ̾Ʈ ٸ URL ϵ ûϴ ܺ ̷
    RedirectTemp URL-path URLsvdhB
    Ŭ̾Ʈ ٸ URL ϵ ûϴ ܺ +
    RedirectTemp URL-path URLsvdhB
    Ŭ̾Ʈ ٸ URL ϵ ûϴ ܺ ӽ ̷
    ReflectorHeader inputheader [outputheader]svdhB
    Reflect an input header to the output headers
    RemoteIPHeader header-fieldsvB
    Declare the header field which should be parsed for useragent IP addresses
    RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...svB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPInternalProxyList filenamesvB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPProxiesHeader HeaderFieldNamesvB
    Declare the header field which will record all intermediate IP addresses
    RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...svB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPTrustedProxyList filenamesvB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoveCharset extension [extension] -...vdhB
    Removes any character set associations for a set of file +
    ReflectorHeader inputheader [outputheader]svdhB
    Reflect an input header to the output headers
    RemoteIPHeader header-fieldsvB
    Declare the header field which should be parsed for useragent IP addresses
    RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...svB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPInternalProxyList filenamesvB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPProxiesHeader HeaderFieldNamesvB
    Declare the header field which will record all intermediate IP addresses
    RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...svB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPTrustedProxyList filenamesvB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoveCharset extension [extension] +...vdhB
    Removes any character set associations for a set of file extensions
    RemoveEncoding extension [extension] -...vdhB
    Removes any content encoding associations for a set of file +
    RemoveEncoding extension [extension] +...vdhB
    Removes any content encoding associations for a set of file extensions
    RemoveHandler extension [extension] -...vdhB
    Removes any handler associations for a set of file +
    RemoveHandler extension [extension] +...vdhB
    Removes any handler associations for a set of file extensions
    RemoveInputFilter extension [extension] -...vdhB
    Removes any input filter associations for a set of file +
    RemoveInputFilter extension [extension] +...vdhB
    Removes any input filter associations for a set of file extensions
    RemoveLanguage extension [extension] -...vdhB
    Removes any language associations for a set of file +
    RemoveLanguage extension [extension] +...vdhB
    Removes any language associations for a set of file extensions
    RemoveOutputFilter extension [extension] -...vdhB
    Removes any output filter associations for a set of file +
    RemoveOutputFilter extension [extension] +...vdhB
    Removes any output filter associations for a set of file extensions
    RemoveType extension [extension] -...vdhB
    Removes any content type associations for a set of file +
    RemoveType extension [extension] +...vdhB
    Removes any content type associations for a set of file extensions
    RequestHeader set|append|add|unset header -[value] [early|env=[!]variable]svdhE
    HTTP û Ѵ
    RequestReadTimeout +
    RequestHeader set|append|add|unset header +[value] [early|env=[!]variable]svdhE
    HTTP û Ѵ
    RequestReadTimeout [header=timeout[-maxtimeout][,MinRate=rate] [body=timeout[-maxtimeout][,MinRate=rate] -svE
    Set timeout values for receiving request headers and body from client. +svE
    Set timeout values for receiving request headers and body from client.
    Require [not] entity-name - [entity-name] ...dhB
    Tests whether an authenticated user is authorized by +
    Require [not] entity-name + [entity-name] ...dhB
    Tests whether an authenticated user is authorized by an authorization provider.
    <RequireAll> ... </RequireAll>dhB
    Enclose a group of authorization directives of which none +
    <RequireAll> ... </RequireAll>dhB
    Enclose a group of authorization directives of which none must fail and at least one must succeed for the enclosing directive to succeed.
    <RequireAny> ... </RequireAny>dhB
    Enclose a group of authorization directives of which one +
    <RequireAny> ... </RequireAny>dhB
    Enclose a group of authorization directives of which one must succeed for the enclosing directive to succeed.
    <RequireNone> ... </RequireNone>dhB
    Enclose a group of authorization directives of which none +
    <RequireNone> ... </RequireNone>dhB
    Enclose a group of authorization directives of which none must succeed for the enclosing directive to not fail.
    RewriteBase URL-pathdhE
    Sets the base URL for per-directory rewrites
    RewriteCond - TestString CondPatternsvdhE
    Defines a condition under which rewriting will take place +
    RewriteBase URL-pathdhE
    Sets the base URL for per-directory rewrites
    RewriteCond + TestString CondPatternsvdhE
    Defines a condition under which rewriting will take place
    RewriteEngine on|off off svdhE
    Enables or disables runtime rewriting engine
    RewriteMap MapName MapType:MapSource -svE
    Defines a mapping function for key-lookup
    RewriteOptions OptionssvdhE
    Sets some special options for the rewrite engine
    RewriteRule - Pattern Substitution [flags]svdhE
    Defines rules for the rewriting engine
    RLimitCPU seconds|max [seconds|max]svdhC
    Limits the CPU consumption of processes launched +
    RewriteEngine on|off off svdhE
    Enables or disables runtime rewriting engine
    RewriteMap MapName MapType:MapSource +svE
    Defines a mapping function for key-lookup
    RewriteOptions OptionssvdhE
    Sets some special options for the rewrite engine
    RewriteRule + Pattern Substitution [flags]svdhE
    Defines rules for the rewriting engine
    RLimitCPU seconds|max [seconds|max]svdhC
    Limits the CPU consumption of processes launched by Apache httpd children
    RLimitMEM bytes|max [bytes|max]svdhC
    Limits the memory consumption of processes launched +
    RLimitMEM bytes|max [bytes|max]svdhC
    Limits the memory consumption of processes launched by Apache httpd children
    RLimitNPROC number|max [number|max]svdhC
    Limits the number of processes that can be launched by +
    RLimitNPROC number|max [number|max]svdhC
    Limits the number of processes that can be launched by processes launched by Apache httpd children
    Satisfy Any|All All dhE
    Interaction between host-level access control and +
    Satisfy Any|All All dhE
    Interaction between host-level access control and user authentication
    ScoreBoardFile file-path logs/apache_runtime +sM
    Location of the file used to store coordination data for +
    ScoreBoardFile file-path logs/apache_runtime +sM
    Location of the file used to store coordination data for the child processes
    Script method cgi-scriptsvdB
    Ư û޼忡 CGI ũƮ +
    Script method cgi-scriptsvdB
    Ư û޼忡 CGI ũƮ Ѵ.
    ScriptAlias URL-path -file-path|directory-pathsvB
    URL Ư Ͻý ҷ ϰ CGI +
    ScriptAlias URL-path +file-path|directory-pathsvB
    URL Ư Ͻý ҷ ϰ CGI ũƮ ˸
    ScriptAliasMatch regex -file-path|directory-pathsvB
    ǥ Ͽ URL Ư Ͻý ҷ +
    ScriptAliasMatch regex +file-path|directory-pathsvB
    ǥ Ͽ URL Ư Ͻý ҷ ϰ CGI ũƮ ˸
    ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhC
    Technique for locating the interpreter for CGI +
    ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhC
    Technique for locating the interpreter for CGI scripts
    ScriptLog file-pathsvB
    CGI ũƮ α ġ
    ScriptLogBuffer bytes 1024 svB
    ũƮ α׿ PUT Ȥ POST û ִ뷮
    ScriptLogLength bytes 10385760 svB
    CGI ũƮ α ũ
    ScriptSock file-path logs/cgisock svB
    cgi ̸
    SecureListen [IP-address:]portnumber -Certificate-Name [MUTUAL]sB
    Enables SSL encryption for the specified port
    SeeRequestTail On|Off Off sC
    Determine if mod_status displays the first 63 characters +
    ScriptLog file-pathsvB
    CGI ũƮ α ġ
    ScriptLogBuffer bytes 1024 svB
    ũƮ α׿ PUT Ȥ POST û ִ뷮
    ScriptLogLength bytes 10385760 svB
    CGI ũƮ α ũ
    ScriptSock file-path logs/cgisock svB
    cgi ̸
    SecureListen [IP-address:]portnumber +Certificate-Name [MUTUAL]sB
    Enables SSL encryption for the specified port
    SeeRequestTail On|Off Off sC
    Determine if mod_status displays the first 63 characters of a request or the last 63, assuming the request itself is greater than 63 chars.
    SendBufferSize bytes 0 sM
    TCP buffer size
    ServerAdmin email-address|URLsvC
    Email address that the server includes in error +
    SendBufferSize bytes 0 sM
    TCP buffer size
    ServerAdmin email-address|URLsvC
    Email address that the server includes in error messages sent to the client
    ServerAlias hostname [hostname] ...vC
    Alternate names for a host used when matching requests +
    ServerAlias hostname [hostname] ...vC
    Alternate names for a host used when matching requests to name-virtual hosts
    ServerLimit numbersM
    Upper limit on configurable number of processes
    ServerName [scheme://]fully-qualified-domain-name[:port]svC
    Hostname and port that the server uses to identify +
    ServerLimit numbersM
    Upper limit on configurable number of processes
    ServerName [scheme://]fully-qualified-domain-name[:port]svC
    Hostname and port that the server uses to identify itself
    ServerPath URL-pathvC
    Legacy URL pathname for a name-based virtual host that +
    ServerPath URL-pathvC
    Legacy URL pathname for a name-based virtual host that is accessed by an incompatible browser
    ServerRoot directory-path /usr/local/apache sC
    Base directory for the server installation
    ServerSignature On|Off|EMail Off svdhC
    Configures the footer on server-generated documents
    ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sC
    Configures the Server HTTP response +
    ServerRoot directory-path /usr/local/apache sC
    Base directory for the server installation
    ServerSignature On|Off|EMail Off svdhC
    Configures the footer on server-generated documents
    ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sC
    Configures the Server HTTP response header
    Session On|Off Off svdhE
    Enables a session for the current directory or location
    SessionCookieName name attributessvdhE
    Name and attributes for the RFC2109 cookie storing the session
    SessionCookieName2 name attributessvdhE
    Name and attributes for the RFC2965 cookie storing the session
    SessionCookieRemove On|Off Off svdhE
    Control for whether session cookies should be removed from incoming HTTP headers
    SessionCryptoCipher namesvdhX
    The crypto cipher to be used to encrypt the session
    SessionCryptoDriver name [param[=value]]sX
    The crypto driver to be used to encrypt the session
    SessionCryptoPassphrase secret [ secret ... ] svdhX
    The key used to encrypt the session
    SessionCryptoPassphraseFile filenamesvdX
    File containing keys used to encrypt the session
    SessionDBDCookieName name attributessvdhE
    Name and attributes for the RFC2109 cookie storing the session ID
    SessionDBDCookieName2 name attributessvdhE
    Name and attributes for the RFC2965 cookie storing the session ID
    SessionDBDCookieRemove On|Off On svdhE
    Control for whether session ID cookies should be removed from incoming HTTP headers
    SessionDBDDeleteLabel label deletesession svdhE
    The SQL query to use to remove sessions from the database
    SessionDBDInsertLabel label insertsession svdhE
    The SQL query to use to insert sessions into the database
    SessionDBDPerUser On|Off Off svdhE
    Enable a per user session
    SessionDBDSelectLabel label selectsession svdhE
    The SQL query to use to select sessions from the database
    SessionDBDUpdateLabel label updatesession svdhE
    The SQL query to use to update existing sessions in the database
    SessionEnv On|Off Off svdhE
    Control whether the contents of the session are written to the +
    Session On|Off Off svdhE
    Enables a session for the current directory or location
    SessionCookieName name attributessvdhE
    Name and attributes for the RFC2109 cookie storing the session
    SessionCookieName2 name attributessvdhE
    Name and attributes for the RFC2965 cookie storing the session
    SessionCookieRemove On|Off Off svdhE
    Control for whether session cookies should be removed from incoming HTTP headers
    SessionCryptoCipher namesvdhX
    The crypto cipher to be used to encrypt the session
    SessionCryptoDriver name [param[=value]]sX
    The crypto driver to be used to encrypt the session
    SessionCryptoPassphrase secret [ secret ... ] svdhX
    The key used to encrypt the session
    SessionCryptoPassphraseFile filenamesvdX
    File containing keys used to encrypt the session
    SessionDBDCookieName name attributessvdhE
    Name and attributes for the RFC2109 cookie storing the session ID
    SessionDBDCookieName2 name attributessvdhE
    Name and attributes for the RFC2965 cookie storing the session ID
    SessionDBDCookieRemove On|Off On svdhE
    Control for whether session ID cookies should be removed from incoming HTTP headers
    SessionDBDDeleteLabel label deletesession svdhE
    The SQL query to use to remove sessions from the database
    SessionDBDInsertLabel label insertsession svdhE
    The SQL query to use to insert sessions into the database
    SessionDBDPerUser On|Off Off svdhE
    Enable a per user session
    SessionDBDSelectLabel label selectsession svdhE
    The SQL query to use to select sessions from the database
    SessionDBDUpdateLabel label updatesession svdhE
    The SQL query to use to update existing sessions in the database
    SessionEnv On|Off Off svdhE
    Control whether the contents of the session are written to the HTTP_SESSION environment variable
    SessionExclude pathsvdhE
    Define URL prefixes for which a session is ignored
    SessionHeader headersvdhE
    Import session updates from a given HTTP response header
    SessionInclude pathsvdhE
    Define URL prefixes for which a session is valid
    SessionMaxAge maxage 0 svdhE
    Define a maximum age in seconds for a session
    SetEnv env-variable valuesvdhB
    ȯ溯 Ѵ
    SetEnvIf attribute +
    SessionExclude pathsvdhE
    Define URL prefixes for which a session is ignored
    SessionHeader headersvdhE
    Import session updates from a given HTTP response header
    SessionInclude pathsvdhE
    Define URL prefixes for which a session is valid
    SessionMaxAge maxage 0 svdhE
    Define a maximum age in seconds for a session
    SetEnv env-variable valuesvdhB
    ȯ溯 Ѵ
    SetEnvIf attribute regex [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhB
    û ȯ溯 Ѵ
    svdhB
    Sets environment variables based on an ap_expr expression
    SetEnvIfNoCase attribute regex + [[!]env-variable[=value]] ...svdhB
    û ȯ溯 Ѵ
    svdhB
    Sets environment variables based on an ap_expr expression
    SetEnvIfNoCase attribute regex [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhB
    ҹڸ ʰ û ȯ溯 + [[!]env-variable[=value]] ...svdhB
    ҹڸ ʰ û ȯ溯 Ѵ
    SetHandler handler-name|NonesvdhC
    Forces all matching files to be processed by a +
    SetHandler handler-name|NonesvdhC
    Forces all matching files to be processed by a handler
    SetInputFilter filter[;filter...]svdhC
    Sets the filters that will process client requests and POST +
    SetInputFilter filter[;filter...]svdhC
    Sets the filters that will process client requests and POST input
    SetOutputFilter filter[;filter...]svdhC
    Sets the filters that will process responses from the +
    SetOutputFilter filter[;filter...]svdhC
    Sets the filters that will process responses from the server
    SSIEndTag tag "-->" svB
    String that ends an include element
    SSIErrorMsg message "[an error occurred +svdhB
    Error message displayed when there is an SSI +
    SSIEndTag tag "-->" svB
    String that ends an include element
    SSIErrorMsg message "[an error occurred +svdhB
    Error message displayed when there is an SSI error
    SSIETag on|off off dhB
    Controls whether ETags are generated by the server.
    SSILastModified on|off off dhB
    Controls whether Last-Modified headers are generated by the +
    SSIETag on|off off dhB
    Controls whether ETags are generated by the server.
    SSILastModified on|off off dhB
    Controls whether Last-Modified headers are generated by the server.
    SSILegacyExprParser on|off off dhB
    Enable compatibility mode for conditional expressions.
    SSIStartTag tag "<!--#" svB
    String that starts an include element
    SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhB
    Configures the format in which date strings are +
    SSILegacyExprParser on|off off dhB
    Enable compatibility mode for conditional expressions.
    SSIStartTag tag "<!--#" svB
    String that starts an include element
    SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhB
    Configures the format in which date strings are displayed
    SSIUndefinedEcho string "(none)" svdhB
    String displayed when an unset variable is echoed
    SSLCACertificateFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates +
    SSIUndefinedEcho string "(none)" svdhB
    String displayed when an unset variable is echoed
    SSLCACertificateFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates for Client Auth
    SSLCACertificatePath directory-pathsvE
    Directory of PEM-encoded CA Certificates for +
    SSLCACertificatePath directory-pathsvE
    Directory of PEM-encoded CA Certificates for Client Auth
    SSLCADNRequestFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates +
    SSLCADNRequestFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates for defining acceptable CA names
    SSLCADNRequestPath directory-pathsvE
    Directory of PEM-encoded CA Certificates for +
    SSLCADNRequestPath directory-pathsvE
    Directory of PEM-encoded CA Certificates for defining acceptable CA names
    SSLCARevocationCheck chain|leaf|none none svE
    Enable CRL-based revocation checking
    SSLCARevocationFile file-pathsvE
    File of concatenated PEM-encoded CA CRLs for +
    SSLCARevocationCheck chain|leaf|none none svE
    Enable CRL-based revocation checking
    SSLCARevocationFile file-pathsvE
    File of concatenated PEM-encoded CA CRLs for Client Auth
    SSLCARevocationPath directory-pathsvE
    Directory of PEM-encoded CA CRLs for +
    SSLCARevocationPath directory-pathsvE
    Directory of PEM-encoded CA CRLs for Client Auth
    SSLCertificateChainFile file-pathsvE
    File of PEM-encoded Server CA Certificates
    SSLCertificateFile file-pathsvE
    Server PEM-encoded X.509 certificate data file
    SSLCertificateKeyFile file-pathsvE
    Server PEM-encoded private key file
    SSLCipherSuite cipher-spec DEFAULT (depends on +svdhE
    Cipher Suite available for negotiation in SSL +
    SSLCertificateChainFile file-pathsvE
    File of PEM-encoded Server CA Certificates
    SSLCertificateFile file-pathsvE
    Server PEM-encoded X.509 certificate data file
    SSLCertificateKeyFile file-pathsvE
    Server PEM-encoded private key file
    SSLCipherSuite cipher-spec DEFAULT (depends on +svdhE
    Cipher Suite available for negotiation in SSL handshake
    SSLCompression on|off off svE
    Enable compression on the SSL level
    SSLCryptoDevice engine builtin sE
    Enable use of a cryptographic hardware accelerator
    SSLEngine on|off|optional off svE
    SSL Engine Operation Switch
    SSLFIPS on|off off sE
    SSL FIPS mode Switch
    SSLHonorCipherOrder on|off off svE
    Option to prefer the server's cipher preference order
    SSLInsecureRenegotiation on|off off svE
    Option to enable support for insecure renegotiation
    SSLOCSDefaultResponder urisvE
    Set the default responder URI for OCSP validation
    SSLOCSPEnable on|off off svE
    Enable OCSP validation of the client certificate chain
    SSLOCSPOverrideResponder on|off off svE
    Force use of the default responder URI for OCSP validation
    SSLOCSPResponderTimeout seconds 10 svE
    Timeout for OCSP queries
    SSLOCSPResponseMaxAge seconds -1 svE
    Maximum allowable age for OCSP responses
    SSLOCSPResponseTimeSkew seconds 300 svE
    Maximum allowable time skew for OCSP response validation
    SSLOCSPUseRequestNonce on|off on svE
    Use a nonce within OCSP queries
    SSLOpenSSLConfCmd command-name command-valuesvE
    Configure OpenSSL parameters through its SSL_CONF API
    SSLOptions [+|-]option ...svdhE
    Configure various SSL engine run-time options
    SSLPassPhraseDialog type builtin sE
    Type of pass phrase dialog for encrypted private +
    SSLCompression on|off off svE
    Enable compression on the SSL level
    SSLCryptoDevice engine builtin sE
    Enable use of a cryptographic hardware accelerator
    SSLEngine on|off|optional off svE
    SSL Engine Operation Switch
    SSLFIPS on|off off sE
    SSL FIPS mode Switch
    SSLHonorCipherOrder on|off off svE
    Option to prefer the server's cipher preference order
    SSLInsecureRenegotiation on|off off svE
    Option to enable support for insecure renegotiation
    SSLOCSDefaultResponder urisvE
    Set the default responder URI for OCSP validation
    SSLOCSPEnable on|off off svE
    Enable OCSP validation of the client certificate chain
    SSLOCSPOverrideResponder on|off off svE
    Force use of the default responder URI for OCSP validation
    SSLOCSPResponderTimeout seconds 10 svE
    Timeout for OCSP queries
    SSLOCSPResponseMaxAge seconds -1 svE
    Maximum allowable age for OCSP responses
    SSLOCSPResponseTimeSkew seconds 300 svE
    Maximum allowable time skew for OCSP response validation
    SSLOCSPUseRequestNonce on|off on svE
    Use a nonce within OCSP queries
    SSLOpenSSLConfCmd command-name command-valuesvE
    Configure OpenSSL parameters through its SSL_CONF API
    SSLOptions [+|-]option ...svdhE
    Configure various SSL engine run-time options
    SSLPassPhraseDialog type builtin sE
    Type of pass phrase dialog for encrypted private keys
    SSLProtocol [+|-]protocol ... all svE
    Configure usable SSL/TLS protocol versions
    SSLProxyCACertificateFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates +
    SSLProtocol [+|-]protocol ... all -SSLv3 (up to 2 +svE
    Configure usable SSL/TLS protocol versions
    SSLProxyCACertificateFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates for Remote Server Auth
    SSLProxyCACertificatePath directory-pathsvE
    Directory of PEM-encoded CA Certificates for +
    SSLProxyCACertificatePath directory-pathsvE
    Directory of PEM-encoded CA Certificates for Remote Server Auth
    SSLProxyCARevocationCheck chain|leaf|none none svE
    Enable CRL-based revocation checking for Remote Server Auth
    SSLProxyCARevocationFile file-pathsvE
    File of concatenated PEM-encoded CA CRLs for +
    SSLProxyCARevocationCheck chain|leaf|none none svE
    Enable CRL-based revocation checking for Remote Server Auth
    SSLProxyCARevocationFile file-pathsvE
    File of concatenated PEM-encoded CA CRLs for Remote Server Auth
    SSLProxyCARevocationPath directory-pathsvE
    Directory of PEM-encoded CA CRLs for +
    SSLProxyCARevocationPath directory-pathsvE
    Directory of PEM-encoded CA CRLs for Remote Server Auth
    SSLProxyCheckPeerCN on|off on svE
    Whether to check the remote server certificate's CN field +
    SSLProxyCheckPeerCN on|off on svE
    Whether to check the remote server certificate's CN field
    SSLProxyCheckPeerExpire on|off on svE
    Whether to check if remote server certificate is expired +
    SSLProxyCheckPeerExpire on|off on svE
    Whether to check if remote server certificate is expired
    SSLProxyCheckPeerName on|off on svE
    Configure host name checking for remote server certificates +
    SSLProxyCheckPeerName on|off on svE
    Configure host name checking for remote server certificates
    SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhE
    Cipher Suite available for negotiation in SSL +
    SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhE
    Cipher Suite available for negotiation in SSL proxy handshake
    SSLProxyEngine on|off off svE
    SSL Proxy Engine Operation Switch
    SSLProxyMachineCertificateChainFile filenamesE
    File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate
    SSLProxyMachineCertificateFile filenamesE
    File of concatenated PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyMachineCertificatePath directorysE
    Directory of PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyProtocol [+|-]protocol ... all svE
    Configure usable SSL protocol flavors for proxy usage
    SSLProxyVerify level none svE
    Type of remote server Certificate verification
    SSLProxyVerifyDepth number 1 svE
    Maximum depth of CA Certificates in Remote Server +
    SSLProxyEngine on|off off svE
    SSL Proxy Engine Operation Switch
    SSLProxyMachineCertificateChainFile filenamesE
    File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate
    SSLProxyMachineCertificateFile filenamesE
    File of concatenated PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyMachineCertificatePath directorysE
    Directory of PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyProtocol [+|-]protocol ... all -SSLv3 (up to 2 +svE
    Configure usable SSL protocol flavors for proxy usage
    SSLProxyVerify level none svE
    Type of remote server Certificate verification
    SSLProxyVerifyDepth number 1 svE
    Maximum depth of CA Certificates in Remote Server Certificate verification
    SSLRandomSeed context source -[bytes]sE
    Pseudo Random Number Generator (PRNG) seeding +
    SSLRandomSeed context source +[bytes]sE
    Pseudo Random Number Generator (PRNG) seeding source
    SSLRenegBufferSize bytes 131072 dhE
    Set the size for the SSL renegotiation buffer
    SSLRequire expressiondhE
    Allow access only when an arbitrarily complex +
    SSLRenegBufferSize bytes 131072 dhE
    Set the size for the SSL renegotiation buffer
    SSLRequire expressiondhE
    Allow access only when an arbitrarily complex boolean expression is true
    SSLRequireSSLdhE
    Deny access when SSL is not used for the +
    SSLRequireSSLdhE
    Deny access when SSL is not used for the HTTP request
    SSLSessionCache type none sE
    Type of the global/inter-process SSL Session +
    SSLSessionCache type none sE
    Type of the global/inter-process SSL Session Cache
    SSLSessionCacheTimeout seconds 300 svE
    Number of seconds before an SSL session expires +
    SSLSessionCacheTimeout seconds 300 svE
    Number of seconds before an SSL session expires in the Session Cache
    SSLSessionTicketKeyFile file-pathsvE
    Persistent encryption/decryption key for TLS session tickets
    SSLSessionTickets on|off on svE
    Enable or disable use of TLS session tickets
    SSLSRPUnknownUserSeed secret-stringsvE
    SRP unknown user seed
    SSLSRPVerifierFile file-pathsvE
    Path to SRP verifier file
    SSLStaplingCache typesE
    Configures the OCSP stapling cache
    SSLStaplingErrorCacheTimeout seconds 600 svE
    Number of seconds before expiring invalid responses in the OCSP stapling cache
    SSLStaplingFakeTryLater on|off on svE
    Synthesize "tryLater" responses for failed OCSP stapling queries
    SSLStaplingForceURL urisvE
    Override the OCSP responder URI specified in the certificate's AIA extension
    SSLStaplingResponderTimeout seconds 10 svE
    Timeout for OCSP stapling queries
    SSLStaplingResponseMaxAge seconds -1 svE
    Maximum allowable age for OCSP stapling responses
    SSLStaplingResponseTimeSkew seconds 300 svE
    Maximum allowable time skew for OCSP stapling response validation
    SSLStaplingReturnResponderErrors on|off on svE
    Pass stapling related OCSP errors on to client
    SSLStaplingStandardCacheTimeout seconds 3600 svE
    Number of seconds before expiring responses in the OCSP stapling cache
    SSLStrictSNIVHostCheck on|off off svE
    Whether to allow non-SNI clients to access a name-based virtual +
    SSLSessionTicketKeyFile file-pathsvE
    Persistent encryption/decryption key for TLS session tickets
    SSLSessionTickets on|off on svE
    Enable or disable use of TLS session tickets
    SSLSRPUnknownUserSeed secret-stringsvE
    SRP unknown user seed
    SSLSRPVerifierFile file-pathsvE
    Path to SRP verifier file
    SSLStaplingCache typesE
    Configures the OCSP stapling cache
    SSLStaplingErrorCacheTimeout seconds 600 svE
    Number of seconds before expiring invalid responses in the OCSP stapling cache
    SSLStaplingFakeTryLater on|off on svE
    Synthesize "tryLater" responses for failed OCSP stapling queries
    SSLStaplingForceURL urisvE
    Override the OCSP responder URI specified in the certificate's AIA extension
    SSLStaplingResponderTimeout seconds 10 svE
    Timeout for OCSP stapling queries
    SSLStaplingResponseMaxAge seconds -1 svE
    Maximum allowable age for OCSP stapling responses
    SSLStaplingResponseTimeSkew seconds 300 svE
    Maximum allowable time skew for OCSP stapling response validation
    SSLStaplingReturnResponderErrors on|off on svE
    Pass stapling related OCSP errors on to client
    SSLStaplingStandardCacheTimeout seconds 3600 svE
    Number of seconds before expiring responses in the OCSP stapling cache
    SSLStrictSNIVHostCheck on|off off svE
    Whether to allow non-SNI clients to access a name-based virtual host.
    SSLUserName varnamesdhE
    Variable name to determine user name
    SSLUseStapling on|off off svE
    Enable stapling of OCSP responses in the TLS handshake
    SSLVerifyClient level none svdhE
    Type of Client Certificate verification
    SSLVerifyDepth number 1 svdhE
    Maximum depth of CA Certificates in Client +
    SSLUserName varnamesdhE
    Variable name to determine user name
    SSLUseStapling on|off off svE
    Enable stapling of OCSP responses in the TLS handshake
    SSLVerifyClient level none svdhE
    Type of Client Certificate verification
    SSLVerifyDepth number 1 svdhE
    Maximum depth of CA Certificates in Client Certificate verification
    StartServers numbersM
    Number of child server processes created at startup
    StartThreads numbersM
    Number of threads created on startup
    Substitute s/pattern/substitution/[infq]dhE
    Pattern to filter the response content
    StartServers numbersM
    Number of child server processes created at startup
    StartThreads numbersM
    Number of threads created on startup
    Substitute s/pattern/substitution/[infq]dhE
    Pattern to filter the response content
    SubstituteInheritBefore on|off off dhE
    Change the merge order of inherited patterns
    SubstituteMaxLineLength bytes(b|B|k|K|m|M|g|G) 1m dhE
    Set the maximum line size
    Suexec On|OffsB
    Enable or disable the suEXEC feature
    SuexecUserGroup User GroupsvE
    CGI α׷ ڿ ׷
    AddType media-type extension [extension] ...skdhT
    Maps the given filename extensions onto the specified content type
    Alias [URL-yolu] dosya-yolu | -dizin-yoluskdT
    URL’leri dosya sistemi konumlarıyla eşler.
    Alias URL-yolu dosya-yolu | +dizin-yoluskT
    URL’leri dosya sistemi konumlarıyla eşler.
    AliasMatch "düzenli-ifade" "dosya-yolu|dizin-yolu"skT
    URL’leri dosya sistemi konumlarıyla düzenli ifadeleri kullanarak eşler.
    GracefulShutdownTimeout saniye 0 sM
    Sunucunun nazikçe kapatılmasının ardından ana süreç çıkana kadar geçecek süre için bir zaman aşımı belirler.
    Group unix-grubu #-1 sT
    İsteklere yanıt verecek sunucunun ait olacağı grubu belirler.
    Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note +
    H2Direct on|off on (for non TLS) skE
    H2 Direct Protocol Switch
    H2MaxSessionStreams n 100 skE
    Maximum number of active streams per HTTP/2 session.
    H2MaxWorkerIdleSeconds n 600 sE
    Maximum number of seconds h2 workers remain idle until shut down.
    H2MaxWorkers nsE
    Maximum number of worker threads to use per child process.
    H2MinWorkers nsE
    Minimal number of worker threads to use per child process.
    H2SerializeHeaders on|off off skE
    Serialize Request/Resoonse Processing Switch
    H2SessionExtraFiles n 5 skE
    Number of Extra File Handles
    H2StreamMaxMemSize bytes 65536 skE
    Maximum amount of output data buffered per stream.
    H2WindowSize bytes 65536 skE
    Size of Stream Window for upstream data.
    Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] -skdhE
    Configure HTTP response headers
    HeaderName dosya-ismiskdhT
    Dizin listesinin tepesine yerleştirilecek dosyanın ismini +skdhE
    Configure HTTP response headers
    HeaderName dosya-ismiskdhT
    Dizin listesinin tepesine yerleştirilecek dosyanın ismini belirler.
    HeartbeatAddress addr:portsD
    Multicast address for heartbeat packets
    HeartbeatListenaddr:portsD
    multicast address to listen for incoming heartbeat requests
    HeartbeatMaxServers number-of-servers 10 sD
    Specifies the maximum number of servers that will be sending +
    HeartbeatAddress addr:portsD
    Multicast address for heartbeat packets
    HeartbeatListenaddr:portsD
    multicast address to listen for incoming heartbeat requests
    HeartbeatMaxServers number-of-servers 10 sD
    Specifies the maximum number of servers that will be sending heartbeat requests to this server
    HeartbeatStorage file-path logs/hb.dat sD
    Path to store heartbeat data
    HeartbeatStorage file-path logs/hb.dat sD
    Path to read heartbeat data
    HostnameLookups On|Off|Double Off skdÇ
    İstemci IP adresleri üzerinde DNS sorgularını etkin kılar. +
    HeartbeatStorage file-path logs/hb.dat sD
    Path to store heartbeat data
    HeartbeatStorage file-path logs/hb.dat sD
    Path to read heartbeat data
    HostnameLookups On|Off|Double Off skdÇ
    İstemci IP adresleri üzerinde DNS sorgularını etkin kılar.
    IdentityCheck On|Off Off skdE
    Enables logging of the RFC 1413 identity of the remote +
    IdentityCheck On|Off Off skdE
    Enables logging of the RFC 1413 identity of the remote user
    IdentityCheckTimeout seconds 30 skdE
    Determines the timeout duration for ident requests
    <If ifade> ... </If>skdhÇ
    Çalışma anında bir koşul bir istek tarafından yerine getirildiği +
    IdentityCheckTimeout seconds 30 skdE
    Determines the timeout duration for ident requests
    <If ifade> ... </If>skdhÇ
    Çalışma anında bir koşul bir istek tarafından yerine getirildiği takdirde uygulanacak yönergeleri barındırır.
    <IfDefine [!]parametre-adı> ... - </IfDefine>skdhÇ
    Başlatma sırasında bir doğruluk sınamasından sonra işleme +
    <IfDefine [!]parametre-adı> ... + </IfDefine>skdhÇ
    Başlatma sırasında bir doğruluk sınamasından sonra işleme sokulacak yönergeleri sarmalar.
    <IfModule [!]modül-dosyası|modül-betimleyici> ... - </IfModule>skdhÇ
    Belli bir modülün varlığına veya yokluğuna göre işleme sokulacak +
    <IfModule [!]modül-dosyası|modül-betimleyici> ... + </IfModule>skdhÇ
    Belli bir modülün varlığına veya yokluğuna göre işleme sokulacak yönergeleri sarmalar.
    <IfVersion [[!]operator] version> ... -</IfVersion>skdhE
    contains version dependent configuration
    ImapBase map|referer|URL http://servername/ skdhT
    Default base for imagemap files
    ImapDefault error|nocontent|map|referer|URL nocontent skdhT
    Default action when an imagemap is called with coordinates +
    <IfVersion [[!]operator] version> ... +</IfVersion>skdhE
    contains version dependent configuration
    ImapBase map|referer|URL http://servername/ skdhT
    Default base for imagemap files
    ImapDefault error|nocontent|map|referer|URL nocontent skdhT
    Default action when an imagemap is called with coordinates that are not explicitly mapped
    ImapMenu none|formatted|semiformatted|unformatted formatted skdhT
    Action if no coordinates are given when calling +
    ImapMenu none|formatted|semiformatted|unformatted formatted skdhT
    Action if no coordinates are given when calling an imagemap
    Include dosya-yolu|dizin-yolu|jokerskdÇ
    Sunucu yapılandırma dosyalarının başka dosyaları içermesini sağlar. +
    Include dosya-yolu|dizin-yolu|jokerskdÇ
    Sunucu yapılandırma dosyalarının başka dosyaları içermesini sağlar.
    IncludeOptional dosya-yolu|dizin-yolu|jokerskdÇ
    Diğer yapılandırma dosyalarının sunucu yapılandırma dosyasına dahil edilmesini sağlar
    IndexHeadInsert "imlenim ..."skdhT
    Bir dizin sayfasının HEAD bölümüne metin yerleştirir.
    IndexIgnore dosya [dosya] ... "." skdhT
    Dizin içerik listesinden gizlenecek dosyaların listesi belirtilir. +
    IncludeOptional dosya-yolu|dizin-yolu|jokerskdÇ
    Diğer yapılandırma dosyalarının sunucu yapılandırma dosyasına dahil edilmesini sağlar
    IndexHeadInsert "imlenim ..."skdhT
    Bir dizin sayfasının HEAD bölümüne metin yerleştirir.
    IndexIgnore dosya [dosya] ... "." skdhT
    Dizin içerik listesinden gizlenecek dosyaların listesi belirtilir.
    IndexIgnoreReset ON|OFFskdhT
    Bir dizini listelerken gizlenecek dosyalar listesini boşaltır +
    IndexIgnoreReset ON|OFFskdhT
    Bir dizini listelerken gizlenecek dosyalar listesini boşaltır
    IndexOptions [+|-]seçenek [[+|-]seçenek] -...skdhT
    Dizin içerik listesini yapılandıracak seçenekler belirtilir. +
    IndexOptions [+|-]seçenek [[+|-]seçenek] +...skdhT
    Dizin içerik listesini yapılandıracak seçenekler belirtilir.
    IndexOrderDefault Ascending|Descending -Name|Date|Size|Description Ascending Name skdhT
    Dizin içerik listesinin öntanımlı sıralamasını belirler. +
    IndexOrderDefault Ascending|Descending +Name|Date|Size|Description Ascending Name skdhT
    Dizin içerik listesinin öntanımlı sıralamasını belirler.
    IndexStyleSheet url-yoluskdhT
    Dizin listesine bir biçembent ekler.
    InputSed sed-commanddhD
    Sed command to filter request data (typically POST data)
    ISAPIAppendLogToErrors on|off off skdhT
    Record HSE_APPEND_LOG_PARAMETER requests from +
    IndexStyleSheet url-yoluskdhT
    Dizin listesine bir biçembent ekler.
    InputSed sed-commanddhD
    Sed command to filter request data (typically POST data)
    ISAPIAppendLogToErrors on|off off skdhT
    Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the error log
    ISAPIAppendLogToQuery on|off on skdhT
    Record HSE_APPEND_LOG_PARAMETER requests from +
    ISAPIAppendLogToQuery on|off on skdhT
    Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the query field
    ISAPICacheFile file-path [file-path] -...skT
    ISAPI .dll files to be loaded at startup
    ISAPIFakeAsync on|off off skdhT
    Fake asynchronous support for ISAPI callbacks
    ISAPILogNotSupported on|off off skdhT
    Log unsupported feature requests from ISAPI +
    ISAPICacheFile file-path [file-path] +...skT
    ISAPI .dll files to be loaded at startup
    ISAPIFakeAsync on|off off skdhT
    Fake asynchronous support for ISAPI callbacks
    ISAPILogNotSupported on|off off skdhT
    Log unsupported feature requests from ISAPI extensions
    ISAPIReadAheadBuffer size 49152 skdhT
    Size of the Read Ahead Buffer sent to ISAPI +
    ISAPIReadAheadBuffer size 49152 skdhT
    Size of the Read Ahead Buffer sent to ISAPI extensions
    KeepAlive On|Off On skÇ
    HTTP kalıcı bağlantılarını etkin kılar
    KeepAliveTimeout sayı[ms] 5 skÇ
    Bir kalıcı bağlantıda sunucunun bir sonraki isteği bekleme süresi +
    KeepAlive On|Off On skÇ
    HTTP kalıcı bağlantılarını etkin kılar
    KeepAliveTimeout sayı[ms] 5 skÇ
    Bir kalıcı bağlantıda sunucunun bir sonraki isteği bekleme süresi
    KeptBodySize azami_bayt_sayısı 0 dT
    mod_include gibi süzgeçler tarafından kullanılma olasılığına karşı +
    KeptBodySize azami_bayt_sayısı 0 dT
    mod_include gibi süzgeçler tarafından kullanılma olasılığına karşı istek gövdesi iptal edilmek yerine belirtilen azami boyutta tutulur.
    LanguagePriority MIME-lang [MIME-lang] -...skdhT
    The precendence of language variants for cases where +
    LanguagePriority MIME-lang [MIME-lang] +...skdhT
    The precendence of language variants for cases where the client does not express a preference
    LDAPCacheEntries number 1024 sE
    Maximum number of entries in the primary LDAP cache
    LDAPCacheTTL seconds 600 sE
    Time that cached items remain valid
    LDAPConnectionPoolTTL n -1 skE
    Discard backend connections that have been sitting in the connection pool too long
    LDAPConnectionTimeout secondssE
    Specifies the socket connection timeout in seconds
    LDAPLibraryDebug 7sE
    Enable debugging in the LDAP SDK
    LDAPOpCacheEntries number 1024 sE
    Number of entries used to cache LDAP compare +
    LDAPCacheEntries number 1024 sE
    Maximum number of entries in the primary LDAP cache
    LDAPCacheTTL seconds 600 sE
    Time that cached items remain valid
    LDAPConnectionPoolTTL n -1 skE
    Discard backend connections that have been sitting in the connection pool too long
    LDAPConnectionTimeout secondssE
    Specifies the socket connection timeout in seconds
    LDAPLibraryDebug 7sE
    Enable debugging in the LDAP SDK
    LDAPOpCacheEntries number 1024 sE
    Number of entries used to cache LDAP compare operations
    LDAPOpCacheTTL seconds 600 sE
    Time that entries in the operation cache remain +
    LDAPOpCacheTTL seconds 600 sE
    Time that entries in the operation cache remain valid
    LDAPReferralHopLimit numberdhE
    The maximum number of referral hops to chase before terminating an LDAP query.
    LDAPReferrals On|Off|default On dhE
    Enable referral chasing during queries to the LDAP server.
    LDAPRetries number-of-retries 3 sE
    Configures the number of LDAP server retries.
    LDAPRetryDelay seconds 0 sE
    Configures the delay between LDAP server retries.
    LDAPSharedCacheFile directory-path/filenamesE
    Sets the shared memory cache file
    LDAPSharedCacheSize bytes 500000 sE
    Size in bytes of the shared-memory cache
    LDAPTimeout seconds 60 sE
    Specifies the timeout for LDAP search and bind operations, in seconds
    LDAPTrustedClientCert type directory-path/filename/nickname [password]dhE
    Sets the file containing or nickname referring to a per +
    LDAPReferralHopLimit numberdhE
    The maximum number of referral hops to chase before terminating an LDAP query.
    LDAPReferrals On|Off|default On dhE
    Enable referral chasing during queries to the LDAP server.
    LDAPRetries number-of-retries 3 sE
    Configures the number of LDAP server retries.
    LDAPRetryDelay seconds 0 sE
    Configures the delay between LDAP server retries.
    LDAPSharedCacheFile directory-path/filenamesE
    Sets the shared memory cache file
    LDAPSharedCacheSize bytes 500000 sE
    Size in bytes of the shared-memory cache
    LDAPTimeout seconds 60 sE
    Specifies the timeout for LDAP search and bind operations, in seconds
    LDAPTrustedClientCert type directory-path/filename/nickname [password]dhE
    Sets the file containing or nickname referring to a per connection client certificate. Not all LDAP toolkits support per connection client certificates.
    LDAPTrustedGlobalCert type directory-path/filename [password]sE
    Sets the file or database containing global trusted +
    LDAPTrustedGlobalCert type directory-path/filename [password]sE
    Sets the file or database containing global trusted Certificate Authority or global client certificates
    LDAPTrustedMode typeskE
    Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
    LDAPVerifyServerCert On|Off On sE
    Force server certificate verification
    <Limit yöntem [yöntem] ... > ... - </Limit>dhÇ
    Erişimi sınırlanacak HTTP yöntemleri için erişim sınırlayıcıları +
    LDAPTrustedMode typeskE
    Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
    LDAPVerifyServerCert On|Off On sE
    Force server certificate verification
    <Limit yöntem [yöntem] ... > ... + </Limit>dhÇ
    Erişimi sınırlanacak HTTP yöntemleri için erişim sınırlayıcıları sarmalar.
    <LimitExcept yöntem [yöntem] ... > ... - </LimitExcept>dhÇ
    İsimleri belirtilenler dışında kalan HTTP yöntemleri için +
    <LimitExcept yöntem [yöntem] ... > ... + </LimitExcept>dhÇ
    İsimleri belirtilenler dışında kalan HTTP yöntemleri için kullanılacak erişim sınırlayıcıları sarmalar.
    LimitInternalRecursion sayı [sayı] 10 skÇ
    Dahili yönlendirmelerin ve istek içi isteklerin azami sayısını +
    LimitInternalRecursion sayı [sayı] 10 skÇ
    Dahili yönlendirmelerin ve istek içi isteklerin azami sayısını belirler.
    LimitRequestBody bayt-sayısı 0 skdhÇ
    İstemci tarafından gönderilen HTTP istek gövdesinin toplam +
    LimitRequestBody bayt-sayısı 0 skdhÇ
    İstemci tarafından gönderilen HTTP istek gövdesinin toplam uzunluğunu sınırlar.
    LimitRequestFields sayı 100 skÇ
    İstemciden kabul edilecek HTTP isteği başlık alanlarının sayısını +
    LimitRequestFields sayı 100 skÇ
    İstemciden kabul edilecek HTTP isteği başlık alanlarının sayısını sınırlar.
    LimitRequestFieldSize bayt-sayısı 8190 skÇ
    İstemciden kabul edilecek HTTP isteği başlık uzunluğunu sınırlar. +
    LimitRequestFieldSize bayt-sayısı 8190 skÇ
    İstemciden kabul edilecek HTTP isteği başlık uzunluğunu sınırlar.
    LimitRequestLine bayt-sayısı 8190 skÇ
    İstemciden kabul edilecek HTTP istek satırının uzunluğunu sınırlar. +
    LimitRequestLine bayt-sayısı 8190 skÇ
    İstemciden kabul edilecek HTTP istek satırının uzunluğunu sınırlar.
    LimitXMLRequestBody bayt-sayısı 1000000 skdhÇ
    Bir XML temelli istek gövdesinin uzunluğunu sınırlar.
    Listen [IP-adresi:]port-numarası - [protokol]sM
    Sunucunun dinleyeceği IP adresini ve portu belirler.
    ListenBacklog kuyruk-uzunluğusM
    Bekleyen bağlantılar kuyruğunun azami uzunluğunu +
    LimitXMLRequestBody bayt-sayısı 1000000 skdhÇ
    Bir XML temelli istek gövdesinin uzunluğunu sınırlar.
    Listen [IP-adresi:]port-numarası + [protokol]sM
    Sunucunun dinleyeceği IP adresini ve portu belirler.
    ListenBacklog kuyruk-uzunluğusM
    Bekleyen bağlantılar kuyruğunun azami uzunluğunu belirler
    ListenCoresBucketsRatio oran 0 (iptal) sM
    İşlemci çekirdek sayısının dinleyenlerin buket sayısına oranı
    LoadFile dosya-ismi [dosya-ismi] ...skE
    Belirtilen nesne dosyasını veya kütüphaneyi sunucu ile ilintiler.
    LoadModule modül dosya-ismiskE
    Belirtilen nesne dosyasını veya kütüphaneyi sunucu ile ilintiler @@ -590,7 +600,7 @@ uygulanır.
    LogFormat biçem|takma-ad [takma-ad] "%h %l %u %t \"%r\" +skT
    Bir günlük dosyasında kullanılmak üzere girdi biçemi tanımlar.
    LogIOTrackTTFB ON|OFF OFF skdhE
    Enable tracking of time to first byte (TTFB)
    LogIOTrackTTFB ON|OFF OFF skdhE
    İlk baytın yazılmasına kadar geçen süreyi izler
    LogLevel [modül:]seviye [modül:seviye] ... warn skdÇ
    Hata günlüklerinin ayrıntı seviyesini belirler.
    MaxSpareServers sayı 10 sM
    Boştaki çocuk süreçlerin azami sayısı
    MaxSpareThreads numbersM
    Boştaki azami evre sayısını belirler
    MaxThreads number 2048 sM
    Set the maximum number of worker threads
    MergeTrailers [on|off] off skÇ
    Trailer alanlarının başlığa dahil edilip edilmeyeceğini belirler
    MetaDir directory .web skdhE
    Name of the directory to find CERN-style meta information +
    MemcacheConnTTL num[units] 15s skE
    Keepalive time for idle connections
    MergeTrailers [on|off] off skÇ
    Trailer alanlarının başlığa dahil edilip edilmeyeceğini belirler
    MetaDir directory .web skdhE
    Name of the directory to find CERN-style meta information files
    MetaFiles on|off off skdhE
    Activates CERN meta-file processing
    MetaSuffix suffix .meta skdhE
    File name suffix for the file containing CERN-style +
    MetaFiles on|off off skdhE
    Activates CERN meta-file processing
    MetaSuffix suffix .meta skdhE
    File name suffix for the file containing CERN-style meta information
    MimeMagicFile file-pathskE
    Enable MIME-type determination based on file contents +
    MimeMagicFile file-pathskE
    Enable MIME-type determination based on file contents using the specified magic file
    MinSpareServers sayı 5 sM
    Boştaki çocuk süreçlerin asgari sayısı
    MinSpareThreads sayısM
    İsteklerin ani artışında devreye girecek boştaki evrelerin asgari +
    MinSpareServers sayı 5 sM
    Boştaki çocuk süreçlerin asgari sayısı
    MinSpareThreads sayısM
    İsteklerin ani artışında devreye girecek boştaki evrelerin asgari sayısını belirler.
    MMapFile file-path [file-path] ...sD
    Map a list of files into memory at startup time
    ModemStandard V.21|V.26bis|V.32|V.92dD
    Modem standard to simulate
    ModMimeUsePathInfo On|Off Off dT
    Tells mod_mime to treat path_info +
    MMapFile file-path [file-path] ...sD
    Map a list of files into memory at startup time
    ModemStandard V.21|V.26bis|V.32|V.92dD
    Modem standard to simulate
    ModMimeUsePathInfo On|Off Off dT
    Tells mod_mime to treat path_info components as part of the filename
    MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers -[Handlers|Filters] NegotiatedOnly skdhT
    The types of files that will be included when searching for +
    MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers +[Handlers|Filters] NegotiatedOnly skdhT
    The types of files that will be included when searching for a matching file with MultiViews
    Mutex mekanizma [default|muteks-ismi] ... [OmitPID] default sÇ
    Muteks mekanizmasını ve kilit dosyası dizinini tüm muteksler veya belirtilenler için yapılandırır
    NameVirtualHost adres[:port]sÇ
    ÖNERİLMİYOR: İsme dayalı sanal konaklar için IP adresi belirtir
    NoProxy host [host] ...skE
    Hosts, domains, or networks that will be connected to +
    Mutex mekanizma [default|muteks-ismi] ... [OmitPID] default sÇ
    Muteks mekanizmasını ve kilit dosyası dizinini tüm muteksler veya belirtilenler için yapılandırır
    NameVirtualHost adres[:port]sÇ
    ÖNERİLMİYOR: İsme dayalı sanal konaklar için IP adresi belirtir
    NoProxy host [host] ...skE
    Hosts, domains, or networks that will be connected to directly
    NWSSLTrustedCerts filename [filename] ...sT
    List of additional client certificates
    NWSSLUpgradeable [IP-address:]portnumbersT
    Allows a connection to be upgraded to an SSL connection upon request
    Options - [+|-]seçenek [[+|-]seçenek] ... FollowSymlinks skdhÇ
    Belli bir dizinde geçerli olacak özellikleri yapılandırır. +
    NWSSLTrustedCerts filename [filename] ...sT
    List of additional client certificates
    NWSSLUpgradeable [IP-address:]portnumbersT
    Allows a connection to be upgraded to an SSL connection upon request
    Options + [+|-]seçenek [[+|-]seçenek] ... FollowSymlinks skdhÇ
    Belli bir dizinde geçerli olacak özellikleri yapılandırır.
    Order ordering Deny,Allow dhE
    Controls the default access state and the order in which +
    Order ordering Deny,Allow dhE
    Controls the default access state and the order in which Allow and Deny are evaluated.
    OutputSed sed-commanddhD
    Sed command for filtering response content
    PassEnv ortam-değişkeni [ortam-değişkeni] -...skdhT
    Ortam değişkenlerini kabuktan aktarır.
    PidFile dosya logs/httpd.pid sM
    Ana sürecin süreç kimliğinin (PID) kaydedileceği dosyayı belirler.
    PrivilegesMode FAST|SECURE|SELECTIVE FAST skdD
    Trade off processing speed and efficiency vs security against +
    OutputSed sed-commanddhD
    Sed command for filtering response content
    PassEnv ortam-değişkeni [ortam-değişkeni] +...skdhT
    Ortam değişkenlerini kabuktan aktarır.
    PidFile dosya logs/httpd.pid sM
    Ana sürecin süreç kimliğinin (PID) kaydedileceği dosyayı belirler.
    PrivilegesMode FAST|SECURE|SELECTIVE FAST skdD
    Trade off processing speed and efficiency vs security against malicious privileges-aware code.
    Protocol protokolskÇ
    Dinlenen bir soket için protokol
    ProtocolEcho On|Off Off skD
    Turn the echo server on or off
    <Proxy wildcard-url> ...</Proxy>skE
    Container for directives applied to proxied resources
    ProxyAddHeaders Off|On On skdE
    Add proxy information in X-Forwarded-* headers
    ProxyBadHeader IsError|Ignore|StartBody IsError skE
    Determines how to handle bad header lines in a +
    Protocol protokolskÇ
    Dinlenen bir soket için protokol
    ProtocolEcho On|Off Off skD
    Turn the echo server on or off
    Protocols protokol ... http/1.1 skÇ
    Sunucu/sanal konak için kullanılabilecek protokoller
    ProtocolsHonorOrder On|Off On skÇ
    Uzlaşma sırasında protokollerin öncelik sırasını belirler
    <Proxy wildcard-url> ...</Proxy>skE
    Container for directives applied to proxied resources
    ProxyAddHeaders Off|On On skdE
    Add proxy information in X-Forwarded-* headers
    ProxyBadHeader IsError|Ignore|StartBody IsError skE
    Determines how to handle bad header lines in a response
    ProxyBlock *|word|host|domain -[word|host|domain] ...skE
    Words, hosts, or domains that are banned from being +
    ProxyBlock *|word|host|domain +[word|host|domain] ...skE
    Words, hosts, or domains that are banned from being proxied
    ProxyDomain DomainskE
    Default domain name for proxied requests
    ProxyErrorOverride On|Off Off skdE
    Override error pages for proxied content
    ProxyExpressDBMFile <pathname>skE
    Pathname to DBM file.
    ProxyExpressDBMFile <type>skE
    DBM type of file.
    ProxyExpressEnable [on|off]skE
    Enable the module functionality.
    ProxyFtpDirCharset character set ISO-8859-1 skdE
    Define the character set for proxied FTP listings
    ProxyFtpEscapeWildcards [on|off]skdE
    Whether wildcards in requested filenames are escaped when sent to the FTP server
    ProxyFtpListOnWildcard [on|off]skdE
    Whether wildcards in requested filenames trigger a file listing
    ProxyHTMLBufSize bytesskdT
    Sets the buffer size increment for buffering inline scripts and +
    ProxyDomain DomainskE
    Default domain name for proxied requests
    ProxyErrorOverride On|Off Off skdE
    Override error pages for proxied content
    ProxyExpressDBMFile <pathname>skE
    Pathname to DBM file.
    ProxyExpressDBMFile <type>skE
    DBM type of file.
    ProxyExpressEnable [on|off]skE
    Enable the module functionality.
    ProxyFtpDirCharset character set ISO-8859-1 skdE
    Define the character set for proxied FTP listings
    ProxyFtpEscapeWildcards [on|off]skdE
    Whether wildcards in requested filenames are escaped when sent to the FTP server
    ProxyFtpListOnWildcard [on|off]skdE
    Whether wildcards in requested filenames trigger a file listing
    ProxyHTMLBufSize bytesskdT
    Sets the buffer size increment for buffering inline scripts and stylesheets.
    ProxyHTMLCharsetOut Charset | *skdT
    Specify a charset for mod_proxy_html output.
    ProxyHTMLDocType HTML|XHTML [Legacy]
    OR -
    ProxyHTMLDocType fpi [SGML|XML]    		skdT
    Sets an HTML or XHTML document type declaration.
    ProxyHTMLEnable On|Off Off skdT
    Turns the proxy_html filter on or off.
    ProxyHTMLEvents attribute [attribute ...]skdT
    Specify attributes to treat as scripting events.
    ProxyHTMLExtended On|Off Off skdT
    Determines whether to fix links in inline scripts, stylesheets, +
    ProxyHTMLCharsetOut Charset | *skdT
    Specify a charset for mod_proxy_html output.
    ProxyHTMLDocType HTML|XHTML [Legacy]
    OR +
    ProxyHTMLDocType fpi [SGML|XML]    		skdT
    Sets an HTML or XHTML document type declaration.
    ProxyHTMLEnable On|Off Off skdT
    Turns the proxy_html filter on or off.
    ProxyHTMLEvents attribute [attribute ...]skdT
    Specify attributes to treat as scripting events.
    ProxyHTMLExtended On|Off Off skdT
    Determines whether to fix links in inline scripts, stylesheets, and scripting events.
    ProxyHTMLFixups [lowercase] [dospath] [reset]skdT
    Fixes for simple HTML errors.
    ProxyHTMLInterp On|Off Off skdT
    Enables per-request interpolation of +
    ProxyHTMLFixups [lowercase] [dospath] [reset]skdT
    Fixes for simple HTML errors.
    ProxyHTMLInterp On|Off Off skdT
    Enables per-request interpolation of ProxyHTMLURLMap rules.
    ProxyHTMLLinks element attribute [attribute2 ...]skdT
    Specify HTML elements that have URL attributes to be rewritten.
    ProxyHTMLMeta On|Off Off skdT
    Turns on or off extra pre-parsing of metadata in HTML +
    ProxyHTMLLinks element attribute [attribute2 ...]skdT
    Specify HTML elements that have URL attributes to be rewritten.
    ProxyHTMLMeta On|Off Off skdT
    Turns on or off extra pre-parsing of metadata in HTML <head> sections.
    ProxyHTMLStripComments On|Off Off skdT
    Determines whether to strip HTML comments.
    ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]skdT
    Defines a rule to rewrite HTML links
    ProxyIOBufferSize bytes 8192 skE
    Determine size of internal data throughput buffer
    <ProxyMatch regex> ...</ProxyMatch>skE
    Container for directives applied to regular-expression-matched +
    ProxyHTMLStripComments On|Off Off skdT
    Determines whether to strip HTML comments.
    ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]skdT
    Defines a rule to rewrite HTML links
    ProxyIOBufferSize bytes 8192 skE
    Determine size of internal data throughput buffer
    <ProxyMatch regex> ...</ProxyMatch>skE
    Container for directives applied to regular-expression-matched proxied resources
    ProxyMaxForwards number -1 skE
    Maximium number of proxies that a request can be forwarded +
    ProxyMaxForwards number -1 skE
    Maximium number of proxies that a request can be forwarded through
    ProxyPass [path] !|url [key=value - [key=value ...]] [nocanon] [interpolate] [noquery]skdE
    Maps remote servers into the local server URL-space
    ProxyPassInherit On|Off On skE
    Inherit ProxyPass directives defined from the main server
    ProxyPassInterpolateEnv On|Off Off skdE
    Enable Environment Variable interpolation in Reverse Proxy configurations
    ProxyPassMatch [regex] !|url [key=value - [key=value ...]]skdE
    Maps remote servers into the local server URL-space using regular expressions
    ProxyPassReverse [path] url -[interpolate]skdE
    Adjusts the URL in HTTP response headers sent from a reverse +
    ProxyPass [path] !|url [key=value + [key=value ...]] [nocanon] [interpolate] [noquery]skdE
    Maps remote servers into the local server URL-space
    ProxyPassInherit On|Off On skE
    Inherit ProxyPass directives defined from the main server
    ProxyPassInterpolateEnv On|Off Off skdE
    Enable Environment Variable interpolation in Reverse Proxy configurations
    ProxyPassMatch [regex] !|url [key=value + [key=value ...]]skdE
    Maps remote servers into the local server URL-space using regular expressions
    ProxyPassReverse [path] url +[interpolate]skdE
    Adjusts the URL in HTTP response headers sent from a reverse proxied server
    ProxyPassReverseCookieDomain internal-domain -public-domain [interpolate]skdE
    Adjusts the Domain string in Set-Cookie headers from a reverse- +
    ProxyPassReverseCookieDomain internal-domain +public-domain [interpolate]skdE
    Adjusts the Domain string in Set-Cookie headers from a reverse- proxied server
    ProxyPassReverseCookiePath internal-path -public-path [interpolate]skdE
    Adjusts the Path string in Set-Cookie headers from a reverse- +
    ProxyPassReverseCookiePath internal-path +public-path [interpolate]skdE
    Adjusts the Path string in Set-Cookie headers from a reverse- proxied server
    ProxyPreserveHost On|Off Off skdE
    Use incoming Host HTTP request header for proxy +
    ProxyPreserveHost On|Off Off skdE
    Use incoming Host HTTP request header for proxy request
    ProxyReceiveBufferSize bytes 0 skE
    Network buffer size for proxied HTTP and FTP +
    ProxyReceiveBufferSize bytes 0 skE
    Network buffer size for proxied HTTP and FTP connections
    ProxyRemote match remote-serverskE
    Remote proxy used to handle certain requests
    ProxyRemoteMatch regex remote-serverskE
    Remote proxy used to handle requests matched by regular +
    ProxyRemote match remote-serverskE
    Remote proxy used to handle certain requests
    ProxyRemoteMatch regex remote-serverskE
    Remote proxy used to handle requests matched by regular expressions
    ProxyRequests On|Off Off skE
    Enables forward (standard) proxy requests
    ProxySCGIInternalRedirect On|Off|Headername On skdE
    Enable or disable internal redirect responses from the +
    ProxyRequests On|Off Off skE
    Enables forward (standard) proxy requests
    ProxySCGIInternalRedirect On|Off|Headername On skdE
    Enable or disable internal redirect responses from the backend
    ProxySCGISendfile On|Off|Headername Off skdE
    Enable evaluation of X-Sendfile pseudo response +
    ProxySCGISendfile On|Off|Headername Off skdE
    Enable evaluation of X-Sendfile pseudo response header
    ProxySet url key=value [key=value ...]dE
    Set various Proxy balancer or member parameters
    ProxySourceAddress addressskE
    Set local IP address for outgoing proxy connections
    ProxyStatus Off|On|Full Off skE
    Show Proxy LoadBalancer status in mod_status
    ProxyTimeout secondsskE
    Network timeout for proxied requests
    ProxyVia On|Off|Full|Block Off skE
    Information provided in the Via HTTP response +
    ProxySet url key=value [key=value ...]dE
    Set various Proxy balancer or member parameters
    ProxySourceAddress addressskE
    Set local IP address for outgoing proxy connections
    ProxyStatus Off|On|Full Off skE
    Show Proxy LoadBalancer status in mod_status
    ProxyTimeout secondsskE
    Network timeout for proxied requests
    ProxyVia On|Off|Full|Block Off skE
    Information provided in the Via HTTP response header for proxied requests
    ReadmeName dosya-ismiskdhT
    Dizin listesinin sonuna yerleştirilecek dosyanın ismini +
    ReadmeName dosya-ismiskdhT
    Dizin listesinin sonuna yerleştirilecek dosyanın ismini belirler.
    ReceiveBufferSize bayt-sayısı 0 sM
    TCP alım tamponu boyu
    Redirect [durum] [URL-yolu] -URLskdhT
    İstemciyi, bir yönlendirme isteği döndürerek farklı bir URL’ye +
    ReceiveBufferSize bayt-sayısı 0 sM
    TCP alım tamponu boyu
    Redirect [durum] URL-yolu +URLskdhT
    İstemciyi, bir yönlendirme isteği döndürerek farklı bir URL’ye yönlendirir.
    RedirectMatch [durum] düzenli-ifade -URLskdhT
    Geçerli URL ile eşleşen bir düzenli ifadeye dayanarak bir harici +
    RedirectMatch [durum] düzenli-ifade +URLskdhT
    Geçerli URL ile eşleşen bir düzenli ifadeye dayanarak bir harici yönlendirme gönderir.
    RedirectPermanent URL-yolu URLskdhT
    İstemciyi, kalıcı bir yönlendirme isteği döndürerek farklı bir +
    RedirectPermanent URL-yolu URLskdhT
    İstemciyi, kalıcı bir yönlendirme isteği döndürerek farklı bir URL’ye yönlendirir.
    RedirectTemp URL-yolu URLskdhT
    İstemciyi, geçici bir yönlendirme isteği döndürerek farklı bir +
    RedirectTemp URL-yolu URLskdhT
    İstemciyi, geçici bir yönlendirme isteği döndürerek farklı bir URL’ye yönlendirir.
    ReflectorHeader inputheader [outputheader]skdhT
    Reflect an input header to the output headers
    RemoteIPHeader header-fieldskT
    Declare the header field which should be parsed for useragent IP addresses
    RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...skT
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPInternalProxyList filenameskT
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPProxiesHeader HeaderFieldNameskT
    Declare the header field which will record all intermediate IP addresses
    RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...skT
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPTrustedProxyList filenameskT
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoveCharset extension [extension] -...kdhT
    Removes any character set associations for a set of file +
    ReflectorHeader inputheader [outputheader]skdhT
    Reflect an input header to the output headers
    RemoteIPHeader header-fieldskT
    Declare the header field which should be parsed for useragent IP addresses
    RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...skT
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPInternalProxyList filenameskT
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPProxiesHeader HeaderFieldNameskT
    Declare the header field which will record all intermediate IP addresses
    RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...skT
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPTrustedProxyList filenameskT
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoveCharset extension [extension] +...kdhT
    Removes any character set associations for a set of file extensions
    RemoveEncoding extension [extension] -...kdhT
    Removes any content encoding associations for a set of file +
    RemoveEncoding extension [extension] +...kdhT
    Removes any content encoding associations for a set of file extensions
    RemoveHandler extension [extension] -...kdhT
    Removes any handler associations for a set of file +
    RemoveHandler extension [extension] +...kdhT
    Removes any handler associations for a set of file extensions
    RemoveInputFilter extension [extension] -...kdhT
    Removes any input filter associations for a set of file +
    RemoveInputFilter extension [extension] +...kdhT
    Removes any input filter associations for a set of file extensions
    RemoveLanguage extension [extension] -...kdhT
    Removes any language associations for a set of file +
    RemoveLanguage extension [extension] +...kdhT
    Removes any language associations for a set of file extensions
    RemoveOutputFilter extension [extension] -...kdhT
    Removes any output filter associations for a set of file +
    RemoveOutputFilter extension [extension] +...kdhT
    Removes any output filter associations for a set of file extensions
    RemoveType extension [extension] -...kdhT
    Removes any content type associations for a set of file +
    RemoveType extension [extension] +...kdhT
    Removes any content type associations for a set of file extensions
    RequestHeader add|append|edit|edit*|merge|set|setifempty|unset +
    RequestHeader add|append|edit|edit*|merge|set|setifempty|unset header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] -skdhE
    Configure HTTP request headers
    RequestReadTimeout +skdhE
    Configure HTTP request headers
    RequestReadTimeout [header=timeout[-maxtimeout][,MinRate=rate] [body=timeout[-maxtimeout][,MinRate=rate] -skE
    Set timeout values for receiving request headers and body from client. +skE
    Set timeout values for receiving request headers and body from client.
    Require [not] entity-name - [entity-name] ...dhT
    Tests whether an authenticated user is authorized by +
    Require [not] entity-name + [entity-name] ...dhT
    Tests whether an authenticated user is authorized by an authorization provider.
    <RequireAll> ... </RequireAll>dhT
    Enclose a group of authorization directives of which none +
    <RequireAll> ... </RequireAll>dhT
    Enclose a group of authorization directives of which none must fail and at least one must succeed for the enclosing directive to succeed.
    <RequireAny> ... </RequireAny>dhT
    Enclose a group of authorization directives of which one +
    <RequireAny> ... </RequireAny>dhT
    Enclose a group of authorization directives of which one must succeed for the enclosing directive to succeed.
    <RequireNone> ... </RequireNone>dhT
    Enclose a group of authorization directives of which none +
    <RequireNone> ... </RequireNone>dhT
    Enclose a group of authorization directives of which none must succeed for the enclosing directive to not fail.
    RewriteBase URL-pathdhE
    Sets the base URL for per-directory rewrites
    RewriteCond - TestString CondPatternskdhE
    Defines a condition under which rewriting will take place +
    RewriteBase URL-pathdhE
    Sets the base URL for per-directory rewrites
    RewriteCond + TestString CondPatternskdhE
    Defines a condition under which rewriting will take place
    RewriteEngine on|off off skdhE
    Enables or disables runtime rewriting engine
    RewriteMap MapName MapType:MapSource -skE
    Defines a mapping function for key-lookup
    RewriteOptions OptionsskdhE
    Sets some special options for the rewrite engine
    RewriteRule - Pattern Substitution [flags]skdhE
    Defines rules for the rewriting engine
    RLimitCPU saniye|max [saniye|max]skdhÇ
    Apache httpd alt süreçleri tarafından çalıştırılan süreçlerin +
    RewriteEngine on|off off skdhE
    Enables or disables runtime rewriting engine
    RewriteMap MapName MapType:MapSource +skE
    Defines a mapping function for key-lookup
    RewriteOptions OptionsskdhE
    Sets some special options for the rewrite engine
    RewriteRule + Pattern Substitution [flags]skdhE
    Defines rules for the rewriting engine
    RLimitCPU saniye|max [saniye|max]skdhÇ
    Apache httpd alt süreçleri tarafından çalıştırılan süreçlerin işlemci tüketimine sınırlama getirir.
    RLimitMEM bayt-sayısı|max [bayt-sayısı|max] -skdhÇ
    Apache httpd alt süreçleri tarafından çalıştırılan süreçlerin +
    RLimitMEM bayt-sayısı|max [bayt-sayısı|max] +skdhÇ
    Apache httpd alt süreçleri tarafından çalıştırılan süreçlerin bellek tüketimine sınırlama getirir.
    RLimitNPROC sayı|max [sayı|max]skdhÇ
    Apache httpd alt süreçleri tarafından çalıştırılabilecek süreç +
    RLimitNPROC sayı|max [sayı|max]skdhÇ
    Apache httpd alt süreçleri tarafından çalıştırılabilecek süreç sayısına sınırlama getirir.
    Satisfy Any|All All dhE
    Interaction between host-level access control and +
    Satisfy Any|All All dhE
    Interaction between host-level access control and user authentication
    ScoreBoardFile dosya-yolu logs/apache_runtime +sM
    Çocuk süreçler için eşgüdüm verisini saklamakta kullanılan +
    ScoreBoardFile dosya-yolu logs/apache_runtime +sM
    Çocuk süreçler için eşgüdüm verisini saklamakta kullanılan dosyanın yerini belirler.
    Script method cgi-scriptskdT
    Activates a CGI script for a particular request +
    Script method cgi-scriptskdT
    Activates a CGI script for a particular request method.
    ScriptAlias [URL-yolu] -dosya-yolu|dizin-yoluskdT
    Bir URL’yi dosya sistemindeki bir yere eşler ve hedefi bir CGI betiği olarak çalıştırır.
    ScriptAliasMatch düzenli-ifade -dosya-yolu|dizin-yoluskT
    Bir URL’yi dosya sistemindeki bir yere düzenli ifade kullanarak +
    ScriptAlias URL-yolu +dosya-yolu|dizin-yoluskT
    Bir URL’yi dosya sistemindeki bir yere eşler ve hedefi bir CGI betiği olarak çalıştırır.
    ScriptAliasMatch düzenli-ifade +dosya-yolu|dizin-yoluskT
    Bir URL’yi dosya sistemindeki bir yere düzenli ifade kullanarak eşler ve hedefi bir CGI betiği olarak çalıştırır.
    ScriptInterpreterSource Registry|Registry-Strict|Script Script skdhÇ
    CGI betikleri için yorumlayıcı belirleme tekniği
    ScriptLog file-pathskT
    Location of the CGI script error logfile
    ScriptLogBuffer bytes 1024 skT
    Maximum amount of PUT or POST requests that will be recorded +
    ScriptInterpreterSource Registry|Registry-Strict|Script Script skdhÇ
    CGI betikleri için yorumlayıcı belirleme tekniği
    ScriptLog file-pathskT
    Location of the CGI script error logfile
    ScriptLogBuffer bytes 1024 skT
    Maximum amount of PUT or POST requests that will be recorded in the scriptlog
    ScriptLogLength bytes 10385760 skT
    Size limit of the CGI script logfile
    ScriptSock file-path cgisock sT
    The filename prefix of the socket to use for communication with +
    ScriptLogLength bytes 10385760 skT
    Size limit of the CGI script logfile
    ScriptSock file-path cgisock sT
    The filename prefix of the socket to use for communication with the cgi daemon
    SecureListen [IP-address:]portnumber -Certificate-Name [MUTUAL]sT
    Enables SSL encryption for the specified port
    SeeRequestTail On|Off Off sÇ
    İsteğin 63 karakterden büyük olduğu varsayımıyla, mod_status'un +
    SecureListen [IP-address:]portnumber +Certificate-Name [MUTUAL]sT
    Enables SSL encryption for the specified port
    SeeRequestTail On|Off Off sÇ
    İsteğin 63 karakterden büyük olduğu varsayımıyla, mod_status'un ilk 63 karakteri mi yoksa son 63 karakteri mi göstereceğini belirler.
    SendBufferSize bayt-sayısı 0 sM
    TCP tamponu boyu
    ServerAdmin eposta-adresi|URLskÇ
    Sunucunun hata iletilerinde istemciye göstereceği eposta adresi +
    SendBufferSize bayt-sayısı 0 sM
    TCP tamponu boyu
    ServerAdmin eposta-adresi|URLskÇ
    Sunucunun hata iletilerinde istemciye göstereceği eposta adresi
    ServerAlias konakadı [konakadı] ...kÇ
    İstekleri isme dayalı sanal konaklarla eşleştirilirken +
    ServerAlias konakadı [konakadı] ...kÇ
    İstekleri isme dayalı sanal konaklarla eşleştirilirken kullanılacak konak adları için başka isimler belirtebilmeyi sağlar.
    ServerLimit sayısM
    Ayarlanabilir süreç sayısının üst sınırını belirler.
    ServerName [şema://]tam-nitelenmiş-alan-adı[:port] -skÇ
    Sunucunun özdeşleşeceği konak ismi ve port.
    ServerPath URL-yolukÇ
    Uyumsuz bir tarayıcı tarafından erişilmesi için bir isme dayalı sanal konak için meşru URL yolu
    ServerRoot dizin-yolu /usr/local/apache sÇ
    Sunucu yapılandırması için kök dizin
    ServerSignature On|Off|EMail Off skdhÇ
    Sunucu tarafından üretilen belgelerin dipnotunu ayarlar. +
    ServerLimit sayısM
    Ayarlanabilir süreç sayısının üst sınırını belirler.
    ServerName [şema://]tam-nitelenmiş-alan-adı[:port] +skÇ
    Sunucunun özdeşleşeceği konak ismi ve port.
    ServerPath URL-yolukÇ
    Uyumsuz bir tarayıcı tarafından erişilmesi için bir isme dayalı sanal konak için meşru URL yolu
    ServerRoot dizin-yolu /usr/local/apache sÇ
    Sunucu yapılandırması için kök dizin
    ServerSignature On|Off|EMail Off skdhÇ
    Sunucu tarafından üretilen belgelerin dipnotunu ayarlar.
    ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sÇ
    Server HTTP yanıt başlığını yapılandırır. +
    ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sÇ
    Server HTTP yanıt başlığını yapılandırır.
    Session On|Off Off skdhE
    Enables a session for the current directory or location
    SessionCookieName name attributesskdhE
    Name and attributes for the RFC2109 cookie storing the session
    SessionCookieName2 name attributesskdhE
    Name and attributes for the RFC2965 cookie storing the session
    SessionCookieRemove On|Off Off skdhE
    Control for whether session cookies should be removed from incoming HTTP headers
    SessionCryptoCipher nameskdhD
    The crypto cipher to be used to encrypt the session
    SessionCryptoDriver name [param[=value]]sD
    The crypto driver to be used to encrypt the session
    SessionCryptoPassphrase secret [ secret ... ] skdhD
    The key used to encrypt the session
    SessionCryptoPassphraseFile filenameskdD
    File containing keys used to encrypt the session
    SessionDBDCookieName name attributesskdhE
    Name and attributes for the RFC2109 cookie storing the session ID
    SessionDBDCookieName2 name attributesskdhE
    Name and attributes for the RFC2965 cookie storing the session ID
    SessionDBDCookieRemove On|Off On skdhE
    Control for whether session ID cookies should be removed from incoming HTTP headers
    SessionDBDDeleteLabel label deletesession skdhE
    The SQL query to use to remove sessions from the database
    SessionDBDInsertLabel label insertsession skdhE
    The SQL query to use to insert sessions into the database
    SessionDBDPerUser On|Off Off skdhE
    Enable a per user session
    SessionDBDSelectLabel label selectsession skdhE
    The SQL query to use to select sessions from the database
    SessionDBDUpdateLabel label updatesession skdhE
    The SQL query to use to update existing sessions in the database
    SessionEnv On|Off Off skdhE
    Control whether the contents of the session are written to the +
    Session On|Off Off skdhE
    Enables a session for the current directory or location
    SessionCookieName name attributesskdhE
    Name and attributes for the RFC2109 cookie storing the session
    SessionCookieName2 name attributesskdhE
    Name and attributes for the RFC2965 cookie storing the session
    SessionCookieRemove On|Off Off skdhE
    Control for whether session cookies should be removed from incoming HTTP headers
    SessionCryptoCipher nameskdhD
    The crypto cipher to be used to encrypt the session
    SessionCryptoDriver name [param[=value]]sD
    The crypto driver to be used to encrypt the session
    SessionCryptoPassphrase secret [ secret ... ] skdhD
    The key used to encrypt the session
    SessionCryptoPassphraseFile filenameskdD
    File containing keys used to encrypt the session
    SessionDBDCookieName name attributesskdhE
    Name and attributes for the RFC2109 cookie storing the session ID
    SessionDBDCookieName2 name attributesskdhE
    Name and attributes for the RFC2965 cookie storing the session ID
    SessionDBDCookieRemove On|Off On skdhE
    Control for whether session ID cookies should be removed from incoming HTTP headers
    SessionDBDDeleteLabel label deletesession skdhE
    The SQL query to use to remove sessions from the database
    SessionDBDInsertLabel label insertsession skdhE
    The SQL query to use to insert sessions into the database
    SessionDBDPerUser On|Off Off skdhE
    Enable a per user session
    SessionDBDSelectLabel label selectsession skdhE
    The SQL query to use to select sessions from the database
    SessionDBDUpdateLabel label updatesession skdhE
    The SQL query to use to update existing sessions in the database
    SessionEnv On|Off Off skdhE
    Control whether the contents of the session are written to the HTTP_SESSION environment variable
    SessionExclude pathskdhE
    Define URL prefixes for which a session is ignored
    SessionHeader headerskdhE
    Import session updates from a given HTTP response header
    SessionInclude pathskdhE
    Define URL prefixes for which a session is valid
    SessionMaxAge maxage 0 skdhE
    Define a maximum age in seconds for a session
    SetEnv ortam-değişkeni [değer]skdhT
    Ortam değişkenlerini tanımlar.
    SetEnvIf öznitelik +
    SessionExclude pathskdhE
    Define URL prefixes for which a session is ignored
    SessionHeader headerskdhE
    Import session updates from a given HTTP response header
    SessionInclude pathskdhE
    Define URL prefixes for which a session is valid
    SessionMaxAge maxage 0 skdhE
    Define a maximum age in seconds for a session
    SetEnv ortam-değişkeni [değer]skdhT
    Ortam değişkenlerini tanımlar.
    SetEnvIf öznitelik düzifd [!]ort-değişkeni[=değer] - [[!]ort-değişkeni[=değer]] ...skdhT
    Ortam değişkenlerini isteğin özniteliklerine göre atar. + [[!]ort-değişkeni[=değer]] ...skdhT
    Ortam değişkenlerini isteğin özniteliklerine göre atar.
    SetEnvIfExpr ifade +
    SetEnvIfExpr ifade [!]ort-değişkeni[=değer] - [[!]ort-değişkeni[=değer]] ...skdhT
    Bir ap_expr ifadesine dayanarak ortam değişkenlerine değer atar
    SetEnvIfNoCase öznitelik + [[!]ort-değişkeni[=değer]] ...skdhT
    Bir ap_expr ifadesine dayanarak ortam değişkenlerine değer atar
    SetEnvIfNoCase öznitelik düzifd [!]ort-değişkeni[=değer] - [[!]ort-değişkeni[=değer]] ...skdhT
    Ortam değişkenlerini isteğin özniteliklerinde harf büyüklüğüne + [[!]ort-değişkeni[=değer]] ...skdhT
    Ortam değişkenlerini isteğin özniteliklerinde harf büyüklüğüne bağlı olmaksızın yapılmış tanımlara göre atar.
    SetHandler eylemci-ismi|NoneskdhÇ
    Eşleşen tüm dosyaların belli bir eylemci tarafından işlenmesine +
    SetHandler eylemci-ismi|NoneskdhÇ
    Eşleşen tüm dosyaların belli bir eylemci tarafından işlenmesine sebep olur.
    SetInputFilter süzgeç[;süzgeç...]skdhÇ
    POST girdilerini ve istemci isteklerini işleyecek süzgeçleri +
    SetInputFilter süzgeç[;süzgeç...]skdhÇ
    POST girdilerini ve istemci isteklerini işleyecek süzgeçleri belirler.
    SetOutputFilter süzgeç[;süzgeç...]skdhÇ
    Sunucunun yanıtlarını işleyecek süzgeçleri belirler.
    SSIEndTag tag "-->" skT
    String that ends an include element
    SSIErrorMsg message "[an error occurred +skdhT
    Error message displayed when there is an SSI +
    SetOutputFilter süzgeç[;süzgeç...]skdhÇ
    Sunucunun yanıtlarını işleyecek süzgeçleri belirler.
    SSIEndTag tag "-->" skT
    String that ends an include element
    SSIErrorMsg message "[an error occurred +skdhT
    Error message displayed when there is an SSI error
    SSIETag on|off off dhT
    Controls whether ETags are generated by the server.
    SSILastModified on|off off dhT
    Controls whether Last-Modified headers are generated by the +
    SSIETag on|off off dhT
    Controls whether ETags are generated by the server.
    SSILastModified on|off off dhT
    Controls whether Last-Modified headers are generated by the server.
    SSILegacyExprParser on|off off dhT
    Enable compatibility mode for conditional expressions.
    SSIStartTag tag "<!--#" skT
    String that starts an include element
    SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +skdhT
    Configures the format in which date strings are +
    SSILegacyExprParser on|off off dhT
    Enable compatibility mode for conditional expressions.
    SSIStartTag tag "<!--#" skT
    String that starts an include element
    SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +skdhT
    Configures the format in which date strings are displayed
    SSIUndefinedEcho string "(none)" skdhT
    String displayed when an unset variable is echoed
    SSLCACertificateFile file-pathskE
    File of concatenated PEM-encoded CA Certificates +
    SSIUndefinedEcho string "(none)" skdhT
    String displayed when an unset variable is echoed
    SSLCACertificateFile file-pathskE
    File of concatenated PEM-encoded CA Certificates for Client Auth
    SSLCACertificatePath directory-pathskE
    Directory of PEM-encoded CA Certificates for +
    SSLCACertificatePath directory-pathskE
    Directory of PEM-encoded CA Certificates for Client Auth
    SSLCADNRequestFile file-pathskE
    File of concatenated PEM-encoded CA Certificates +
    SSLCADNRequestFile file-pathskE
    File of concatenated PEM-encoded CA Certificates for defining acceptable CA names
    SSLCADNRequestPath directory-pathskE
    Directory of PEM-encoded CA Certificates for +
    SSLCADNRequestPath directory-pathskE
    Directory of PEM-encoded CA Certificates for defining acceptable CA names
    SSLCARevocationCheck chain|leaf|none none skE
    Enable CRL-based revocation checking
    SSLCARevocationFile file-pathskE
    File of concatenated PEM-encoded CA CRLs for +
    SSLCARevocationCheck chain|leaf|none none skE
    Enable CRL-based revocation checking
    SSLCARevocationFile file-pathskE
    File of concatenated PEM-encoded CA CRLs for Client Auth
    SSLCARevocationPath directory-pathskE
    Directory of PEM-encoded CA CRLs for +
    SSLCARevocationPath directory-pathskE
    Directory of PEM-encoded CA CRLs for Client Auth
    SSLCertificateChainFile file-pathskE
    File of PEM-encoded Server CA Certificates
    SSLCertificateFile file-pathskE
    Server PEM-encoded X.509 certificate data file
    SSLCertificateKeyFile file-pathskE
    Server PEM-encoded private key file
    SSLCipherSuite cipher-spec DEFAULT (depends on +skdhE
    Cipher Suite available for negotiation in SSL +
    SSLCertificateChainFile file-pathskE
    File of PEM-encoded Server CA Certificates
    SSLCertificateFile file-pathskE
    Server PEM-encoded X.509 certificate data file
    SSLCertificateKeyFile file-pathskE
    Server PEM-encoded private key file
    SSLCipherSuite cipher-spec DEFAULT (depends on +skdhE
    Cipher Suite available for negotiation in SSL handshake
    SSLCompression on|off off skE
    Enable compression on the SSL level
    SSLCryptoDevice engine builtin sE
    Enable use of a cryptographic hardware accelerator
    SSLEngine on|off|optional off skE
    SSL Engine Operation Switch
    SSLFIPS on|off off sE
    SSL FIPS mode Switch
    SSLHonorCipherOrder on|off off skE
    Option to prefer the server's cipher preference order
    SSLInsecureRenegotiation on|off off skE
    Option to enable support for insecure renegotiation
    SSLOCSDefaultResponder uriskE
    Set the default responder URI for OCSP validation
    SSLOCSPEnable on|off off skE
    Enable OCSP validation of the client certificate chain
    SSLOCSPOverrideResponder on|off off skE
    Force use of the default responder URI for OCSP validation
    SSLOCSPResponderTimeout seconds 10 skE
    Timeout for OCSP queries
    SSLOCSPResponseMaxAge seconds -1 skE
    Maximum allowable age for OCSP responses
    SSLOCSPResponseTimeSkew seconds 300 skE
    Maximum allowable time skew for OCSP response validation
    SSLOCSPUseRequestNonce on|off on skE
    Use a nonce within OCSP queries
    SSLOpenSSLConfCmd command-name command-valueskE
    Configure OpenSSL parameters through its SSL_CONF API
    SSLOptions [+|-]option ...skdhE
    Configure various SSL engine run-time options
    SSLPassPhraseDialog type builtin sE
    Type of pass phrase dialog for encrypted private +
    SSLCompression on|off off skE
    Enable compression on the SSL level
    SSLCryptoDevice engine builtin sE
    Enable use of a cryptographic hardware accelerator
    SSLEngine on|off|optional off skE
    SSL Engine Operation Switch
    SSLFIPS on|off off sE
    SSL FIPS mode Switch
    SSLHonorCipherOrder on|off off skE
    Option to prefer the server's cipher preference order
    SSLInsecureRenegotiation on|off off skE
    Option to enable support for insecure renegotiation
    SSLOCSDefaultResponder uriskE
    Set the default responder URI for OCSP validation
    SSLOCSPEnable on|off off skE
    Enable OCSP validation of the client certificate chain
    SSLOCSPOverrideResponder on|off off skE
    Force use of the default responder URI for OCSP validation
    SSLOCSPResponderTimeout seconds 10 skE
    Timeout for OCSP queries
    SSLOCSPResponseMaxAge seconds -1 skE
    Maximum allowable age for OCSP responses
    SSLOCSPResponseTimeSkew seconds 300 skE
    Maximum allowable time skew for OCSP response validation
    SSLOCSPUseRequestNonce on|off on skE
    Use a nonce within OCSP queries
    SSLOpenSSLConfCmd command-name command-valueskE
    Configure OpenSSL parameters through its SSL_CONF API
    SSLOptions [+|-]option ...skdhE
    Configure various SSL engine run-time options
    SSLPassPhraseDialog type builtin sE
    Type of pass phrase dialog for encrypted private keys
    SSLProtocol [+|-]protocol ... all skE
    Configure usable SSL/TLS protocol versions
    SSLProxyCACertificateFile file-pathskE
    File of concatenated PEM-encoded CA Certificates +
    SSLProtocol [+|-]protocol ... all -SSLv3 (up to 2 +skE
    Configure usable SSL/TLS protocol versions
    SSLProxyCACertificateFile file-pathskE
    File of concatenated PEM-encoded CA Certificates for Remote Server Auth
    SSLProxyCACertificatePath directory-pathskE
    Directory of PEM-encoded CA Certificates for +
    SSLProxyCACertificatePath directory-pathskE
    Directory of PEM-encoded CA Certificates for Remote Server Auth
    SSLProxyCARevocationCheck chain|leaf|none none skE
    Enable CRL-based revocation checking for Remote Server Auth
    SSLProxyCARevocationFile file-pathskE
    File of concatenated PEM-encoded CA CRLs for +
    SSLProxyCARevocationCheck chain|leaf|none none skE
    Enable CRL-based revocation checking for Remote Server Auth
    SSLProxyCARevocationFile file-pathskE
    File of concatenated PEM-encoded CA CRLs for Remote Server Auth
    SSLProxyCARevocationPath directory-pathskE
    Directory of PEM-encoded CA CRLs for +
    SSLProxyCARevocationPath directory-pathskE
    Directory of PEM-encoded CA CRLs for Remote Server Auth
    SSLProxyCheckPeerCN on|off on skE
    Whether to check the remote server certificate's CN field +
    SSLProxyCheckPeerCN on|off on skE
    Whether to check the remote server certificate's CN field
    SSLProxyCheckPeerExpire on|off on skE
    Whether to check if remote server certificate is expired +
    SSLProxyCheckPeerExpire on|off on skE
    Whether to check if remote server certificate is expired
    SSLProxyCheckPeerName on|off on skE
    Configure host name checking for remote server certificates +
    SSLProxyCheckPeerName on|off on skE
    Configure host name checking for remote server certificates
    SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +skdhE
    Cipher Suite available for negotiation in SSL +
    SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +skdhE
    Cipher Suite available for negotiation in SSL proxy handshake
    SSLProxyEngine on|off off skE
    SSL Proxy Engine Operation Switch
    SSLProxyMachineCertificateChainFile filenamesE
    File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate
    SSLProxyMachineCertificateFile filenamesE
    File of concatenated PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyMachineCertificatePath directorysE
    Directory of PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyProtocol [+|-]protocol ... all skE
    Configure usable SSL protocol flavors for proxy usage
    SSLProxyVerify level none skE
    Type of remote server Certificate verification
    SSLProxyVerifyDepth number 1 skE
    Maximum depth of CA Certificates in Remote Server +
    SSLProxyEngine on|off off skE
    SSL Proxy Engine Operation Switch
    SSLProxyMachineCertificateChainFile filenamesE
    File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate
    SSLProxyMachineCertificateFile filenamesE
    File of concatenated PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyMachineCertificatePath directorysE
    Directory of PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyProtocol [+|-]protocol ... all -SSLv3 (up to 2 +skE
    Configure usable SSL protocol flavors for proxy usage
    SSLProxyVerify level none skE
    Type of remote server Certificate verification
    SSLProxyVerifyDepth number 1 skE
    Maximum depth of CA Certificates in Remote Server Certificate verification
    SSLRandomSeed context source -[bytes]sE
    Pseudo Random Number Generator (PRNG) seeding +
    SSLRandomSeed context source +[bytes]sE
    Pseudo Random Number Generator (PRNG) seeding source
    SSLRenegBufferSize bytes 131072 dhE
    Set the size for the SSL renegotiation buffer
    SSLRequire expressiondhE
    Allow access only when an arbitrarily complex +
    SSLRenegBufferSize bytes 131072 dhE
    Set the size for the SSL renegotiation buffer
    SSLRequire expressiondhE
    Allow access only when an arbitrarily complex boolean expression is true
    SSLRequireSSLdhE
    Deny access when SSL is not used for the +
    SSLRequireSSLdhE
    Deny access when SSL is not used for the HTTP request
    SSLSessionCache type none sE
    Type of the global/inter-process SSL Session +
    SSLSessionCache type none sE
    Type of the global/inter-process SSL Session Cache
    SSLSessionCacheTimeout seconds 300 skE
    Number of seconds before an SSL session expires +
    SSLSessionCacheTimeout seconds 300 skE
    Number of seconds before an SSL session expires in the Session Cache
    SSLSessionTicketKeyFile file-pathskE
    Persistent encryption/decryption key for TLS session tickets
    SSLSessionTickets on|off on skE
    Enable or disable use of TLS session tickets
    SSLSRPUnknownUserSeed secret-stringskE
    SRP unknown user seed
    SSLSRPVerifierFile file-pathskE
    Path to SRP verifier file
    SSLStaplingCache typesE
    Configures the OCSP stapling cache
    SSLStaplingErrorCacheTimeout seconds 600 skE
    Number of seconds before expiring invalid responses in the OCSP stapling cache
    SSLStaplingFakeTryLater on|off on skE
    Synthesize "tryLater" responses for failed OCSP stapling queries
    SSLStaplingForceURL uriskE
    Override the OCSP responder URI specified in the certificate's AIA extension
    SSLStaplingResponderTimeout seconds 10 skE
    Timeout for OCSP stapling queries
    SSLStaplingResponseMaxAge seconds -1 skE
    Maximum allowable age for OCSP stapling responses
    SSLStaplingResponseTimeSkew seconds 300 skE
    Maximum allowable time skew for OCSP stapling response validation
    SSLStaplingReturnResponderErrors on|off on skE
    Pass stapling related OCSP errors on to client
    SSLStaplingStandardCacheTimeout seconds 3600 skE
    Number of seconds before expiring responses in the OCSP stapling cache
    SSLStrictSNIVHostCheck on|off off skE
    Whether to allow non-SNI clients to access a name-based virtual +
    SSLSessionTicketKeyFile file-pathskE
    Persistent encryption/decryption key for TLS session tickets
    SSLSessionTickets on|off on skE
    Enable or disable use of TLS session tickets
    SSLSRPUnknownUserSeed secret-stringskE
    SRP unknown user seed
    SSLSRPVerifierFile file-pathskE
    Path to SRP verifier file
    SSLStaplingCache typesE
    Configures the OCSP stapling cache
    SSLStaplingErrorCacheTimeout seconds 600 skE
    Number of seconds before expiring invalid responses in the OCSP stapling cache
    SSLStaplingFakeTryLater on|off on skE
    Synthesize "tryLater" responses for failed OCSP stapling queries
    SSLStaplingForceURL uriskE
    Override the OCSP responder URI specified in the certificate's AIA extension
    SSLStaplingResponderTimeout seconds 10 skE
    Timeout for OCSP stapling queries
    SSLStaplingResponseMaxAge seconds -1 skE
    Maximum allowable age for OCSP stapling responses
    SSLStaplingResponseTimeSkew seconds 300 skE
    Maximum allowable time skew for OCSP stapling response validation
    SSLStaplingReturnResponderErrors on|off on skE
    Pass stapling related OCSP errors on to client
    SSLStaplingStandardCacheTimeout seconds 3600 skE
    Number of seconds before expiring responses in the OCSP stapling cache
    SSLStrictSNIVHostCheck on|off off skE
    Whether to allow non-SNI clients to access a name-based virtual host.
    SSLUserName varnamesdhE
    Variable name to determine user name
    SSLUseStapling on|off off skE
    Enable stapling of OCSP responses in the TLS handshake
    SSLVerifyClient level none skdhE
    Type of Client Certificate verification
    SSLVerifyDepth number 1 skdhE
    Maximum depth of CA Certificates in Client +
    SSLUserName varnamesdhE
    Variable name to determine user name
    SSLUseStapling on|off off skE
    Enable stapling of OCSP responses in the TLS handshake
    SSLVerifyClient level none skdhE
    Type of Client Certificate verification
    SSLVerifyDepth number 1 skdhE
    Maximum depth of CA Certificates in Client Certificate verification
    StartServers sayısM
    Sunucunun başlatılması sırasında oluşturulan çocuk süreçlerin +
    StartServers sayısM
    Sunucunun başlatılması sırasında oluşturulan çocuk süreçlerin sayısını belirler.
    StartThreads sayısM
    Sunucunun başlatılması sırasında oluşturulan evrelerin sayısını +
    StartThreads sayısM
    Sunucunun başlatılması sırasında oluşturulan evrelerin sayısını belirler.
    Substitute s/pattern/substitution/[infq]dhE
    Pattern to filter the response content
    Substitute s/pattern/substitution/[infq]dhE
    Pattern to filter the response content
    SubstituteInheritBefore on|off off dhE
    Change the merge order of inherited patterns
    SubstituteMaxLineLength bytes(b|B|k|K|m|M|g|G) 1m dhE
    Set the maximum line size
    Suexec On|OffsT
    suEXEC özelliğini etkin veya etkisiz yapar
    SuexecUserGroup Kullanıcı GrupskE
    CGI betiklerini çalıştıracak kullanıcı ve grup belirtilir. diff --git a/docs/manual/mod/quickreference.html.zh-cn.utf8 b/docs/manual/mod/quickreference.html.zh-cn.utf8 index 265b2b1b..62843b5f 100644 --- a/docs/manual/mod/quickreference.html.zh-cn.utf8 +++ b/docs/manual/mod/quickreference.html.zh-cn.utf8 @@ -462,116 +462,127 @@ media type in the HTTP Content-Type header field
    Group unix-group #-1 sB
    Group under which the server will answer requests
    Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note +
    H2Direct on|off on (for non TLS) svE
    H2 Direct Protocol Switch
    H2MaxSessionStreams n 100 svE
    Maximum number of active streams per HTTP/2 session.
    H2MaxWorkerIdleSeconds n 600 sE
    Maximum number of seconds h2 workers remain idle until shut down.
    H2MaxWorkers nsE
    Maximum number of worker threads to use per child process.
    H2MinWorkers nsE
    Minimal number of worker threads to use per child process.
    H2SerializeHeaders on|off off svE
    Serialize Request/Resoonse Processing Switch
    H2SessionExtraFiles n 5 svE
    Number of Extra File Handles
    H2StreamMaxMemSize bytes 65536 svE
    Maximum amount of output data buffered per stream.
    H2WindowSize bytes 65536 svE
    Size of Stream Window for upstream data.
    Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] -svdhE
    Configure HTTP response headers
    HeaderName filenamesvdhB
    Name of the file that will be inserted at the top +svdhE
    Configure HTTP response headers
    HeaderName filenamesvdhB
    Name of the file that will be inserted at the top of the index listing
    HeartbeatAddress addr:portsX
    Multicast address for heartbeat packets
    HeartbeatListenaddr:portsX
    multicast address to listen for incoming heartbeat requests
    HeartbeatMaxServers number-of-servers 10 sX
    Specifies the maximum number of servers that will be sending +
    HeartbeatAddress addr:portsX
    Multicast address for heartbeat packets
    HeartbeatListenaddr:portsX
    multicast address to listen for incoming heartbeat requests
    HeartbeatMaxServers number-of-servers 10 sX
    Specifies the maximum number of servers that will be sending heartbeat requests to this server
    HeartbeatStorage file-path logs/hb.dat sX
    Path to store heartbeat data
    HeartbeatStorage file-path logs/hb.dat sX
    Path to read heartbeat data
    HostnameLookups On|Off|Double Off svdC
    Enables DNS lookups on client IP addresses
    IdentityCheck On|Off Off svdE
    Enables logging of the RFC 1413 identity of the remote +
    HeartbeatStorage file-path logs/hb.dat sX
    Path to store heartbeat data
    HeartbeatStorage file-path logs/hb.dat sX
    Path to read heartbeat data
    HostnameLookups On|Off|Double Off svdC
    Enables DNS lookups on client IP addresses
    IdentityCheck On|Off Off svdE
    Enables logging of the RFC 1413 identity of the remote user
    IdentityCheckTimeout seconds 30 svdE
    Determines the timeout duration for ident requests
    <If expression> ... </If>svdhC
    Contains directives that apply only if a condition is +
    IdentityCheckTimeout seconds 30 svdE
    Determines the timeout duration for ident requests
    <If expression> ... </If>svdhC
    Contains directives that apply only if a condition is satisfied by a request at runtime
    <IfDefine [!]parameter-name> ... - </IfDefine>svdhC
    Encloses directives that will be processed only +
    <IfDefine [!]parameter-name> ... + </IfDefine>svdhC
    Encloses directives that will be processed only if a test is true at startup
    <IfModule [!]module-file|module-identifier> ... - </IfModule>svdhC
    Encloses directives that are processed conditional on the +
    <IfModule [!]module-file|module-identifier> ... + </IfModule>svdhC
    Encloses directives that are processed conditional on the presence or absence of a specific module
    <IfVersion [[!]operator] version> ... -</IfVersion>svdhE
    contains version dependent configuration
    ImapBase map|referer|URL http://servername/ svdhB
    Default base for imagemap files
    ImapDefault error|nocontent|map|referer|URL nocontent svdhB
    Default action when an imagemap is called with coordinates +
    <IfVersion [[!]operator] version> ... +</IfVersion>svdhE
    contains version dependent configuration
    ImapBase map|referer|URL http://servername/ svdhB
    Default base for imagemap files
    ImapDefault error|nocontent|map|referer|URL nocontent svdhB
    Default action when an imagemap is called with coordinates that are not explicitly mapped
    ImapMenu none|formatted|semiformatted|unformatted formatted svdhB
    Action if no coordinates are given when calling +
    ImapMenu none|formatted|semiformatted|unformatted formatted svdhB
    Action if no coordinates are given when calling an imagemap
    Include file-path|directory-path|wildcardsvdC
    Includes other configuration files from within +
    Include file-path|directory-path|wildcardsvdC
    Includes other configuration files from within the server configuration files
    IncludeOptional file-path|directory-path|wildcardsvdC
    Includes other configuration files from within +
    IncludeOptional file-path|directory-path|wildcardsvdC
    Includes other configuration files from within the server configuration files
    IndexHeadInsert "markup ..."svdhB
    Inserts text in the HEAD section of an index page.
    IndexIgnore file [file] ... "." svdhB
    Adds to the list of files to hide when listing +
    IndexHeadInsert "markup ..."svdhB
    Inserts text in the HEAD section of an index page.
    IndexIgnore file [file] ... "." svdhB
    Adds to the list of files to hide when listing a directory
    IndexIgnoreReset ON|OFFsvdhB
    Empties the list of files to hide when listing +
    IndexIgnoreReset ON|OFFsvdhB
    Empties the list of files to hide when listing a directory
    IndexOptions [+|-]option [[+|-]option] -...svdhB
    Various configuration settings for directory +
    IndexOptions [+|-]option [[+|-]option] +...svdhB
    Various configuration settings for directory indexing
    IndexOrderDefault Ascending|Descending -Name|Date|Size|Description Ascending Name svdhB
    Sets the default ordering of the directory index
    IndexStyleSheet url-pathsvdhB
    Adds a CSS stylesheet to the directory index
    InputSed sed-commanddhX
    Sed command to filter request data (typically POST data)
    ISAPIAppendLogToErrors on|off off svdhB
    Record HSE_APPEND_LOG_PARAMETER requests from +
    IndexOrderDefault Ascending|Descending +Name|Date|Size|Description Ascending Name svdhB
    Sets the default ordering of the directory index
    IndexStyleSheet url-pathsvdhB
    Adds a CSS stylesheet to the directory index
    InputSed sed-commanddhX
    Sed command to filter request data (typically POST data)
    ISAPIAppendLogToErrors on|off off svdhB
    Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the error log
    ISAPIAppendLogToQuery on|off on svdhB
    Record HSE_APPEND_LOG_PARAMETER requests from +
    ISAPIAppendLogToQuery on|off on svdhB
    Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the query field
    ISAPICacheFile file-path [file-path] -...svB
    ISAPI .dll files to be loaded at startup
    ISAPIFakeAsync on|off off svdhB
    Fake asynchronous support for ISAPI callbacks
    ISAPILogNotSupported on|off off svdhB
    Log unsupported feature requests from ISAPI +
    ISAPICacheFile file-path [file-path] +...svB
    ISAPI .dll files to be loaded at startup
    ISAPIFakeAsync on|off off svdhB
    Fake asynchronous support for ISAPI callbacks
    ISAPILogNotSupported on|off off svdhB
    Log unsupported feature requests from ISAPI extensions
    ISAPIReadAheadBuffer size 49152 svdhB
    Size of the Read Ahead Buffer sent to ISAPI +
    ISAPIReadAheadBuffer size 49152 svdhB
    Size of the Read Ahead Buffer sent to ISAPI extensions
    KeepAlive On|Off On svC
    Enables HTTP persistent connections
    KeepAliveTimeout num[ms] 5 svC
    Amount of time the server will wait for subsequent +
    KeepAlive On|Off On svC
    Enables HTTP persistent connections
    KeepAliveTimeout num[ms] 5 svC
    Amount of time the server will wait for subsequent requests on a persistent connection
    KeptBodySize maximum size in bytes 0 dB
    Keep the request body instead of discarding it up to +
    KeptBodySize maximum size in bytes 0 dB
    Keep the request body instead of discarding it up to the specified maximum size, for potential use by filters such as mod_include.
    LanguagePriority MIME-lang [MIME-lang] -...svdhB
    The precendence of language variants for cases where +
    LanguagePriority MIME-lang [MIME-lang] +...svdhB
    The precendence of language variants for cases where the client does not express a preference
    LDAPCacheEntries number 1024 sE
    Maximum number of entries in the primary LDAP cache
    LDAPCacheTTL seconds 600 sE
    Time that cached items remain valid
    LDAPConnectionPoolTTL n -1 svE
    Discard backend connections that have been sitting in the connection pool too long
    LDAPConnectionTimeout secondssE
    Specifies the socket connection timeout in seconds
    LDAPLibraryDebug 7sE
    Enable debugging in the LDAP SDK
    LDAPOpCacheEntries number 1024 sE
    Number of entries used to cache LDAP compare +
    LDAPCacheEntries number 1024 sE
    Maximum number of entries in the primary LDAP cache
    LDAPCacheTTL seconds 600 sE
    Time that cached items remain valid
    LDAPConnectionPoolTTL n -1 svE
    Discard backend connections that have been sitting in the connection pool too long
    LDAPConnectionTimeout secondssE
    Specifies the socket connection timeout in seconds
    LDAPLibraryDebug 7sE
    Enable debugging in the LDAP SDK
    LDAPOpCacheEntries number 1024 sE
    Number of entries used to cache LDAP compare operations
    LDAPOpCacheTTL seconds 600 sE
    Time that entries in the operation cache remain +
    LDAPOpCacheTTL seconds 600 sE
    Time that entries in the operation cache remain valid
    LDAPReferralHopLimit numberdhE
    The maximum number of referral hops to chase before terminating an LDAP query.
    LDAPReferrals On|Off|default On dhE
    Enable referral chasing during queries to the LDAP server.
    LDAPRetries number-of-retries 3 sE
    Configures the number of LDAP server retries.
    LDAPRetryDelay seconds 0 sE
    Configures the delay between LDAP server retries.
    LDAPSharedCacheFile directory-path/filenamesE
    Sets the shared memory cache file
    LDAPSharedCacheSize bytes 500000 sE
    Size in bytes of the shared-memory cache
    LDAPTimeout seconds 60 sE
    Specifies the timeout for LDAP search and bind operations, in seconds
    LDAPTrustedClientCert type directory-path/filename/nickname [password]dhE
    Sets the file containing or nickname referring to a per +
    LDAPReferralHopLimit numberdhE
    The maximum number of referral hops to chase before terminating an LDAP query.
    LDAPReferrals On|Off|default On dhE
    Enable referral chasing during queries to the LDAP server.
    LDAPRetries number-of-retries 3 sE
    Configures the number of LDAP server retries.
    LDAPRetryDelay seconds 0 sE
    Configures the delay between LDAP server retries.
    LDAPSharedCacheFile directory-path/filenamesE
    Sets the shared memory cache file
    LDAPSharedCacheSize bytes 500000 sE
    Size in bytes of the shared-memory cache
    LDAPTimeout seconds 60 sE
    Specifies the timeout for LDAP search and bind operations, in seconds
    LDAPTrustedClientCert type directory-path/filename/nickname [password]dhE
    Sets the file containing or nickname referring to a per connection client certificate. Not all LDAP toolkits support per connection client certificates.
    LDAPTrustedGlobalCert type directory-path/filename [password]sE
    Sets the file or database containing global trusted +
    LDAPTrustedGlobalCert type directory-path/filename [password]sE
    Sets the file or database containing global trusted Certificate Authority or global client certificates
    LDAPTrustedMode typesvE
    Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
    LDAPVerifyServerCert On|Off On sE
    Force server certificate verification
    <Limit method [method] ... > ... - </Limit>dhC
    Restrict enclosed access controls to only certain HTTP +
    LDAPTrustedMode typesvE
    Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
    LDAPVerifyServerCert On|Off On sE
    Force server certificate verification
    <Limit method [method] ... > ... + </Limit>dhC
    Restrict enclosed access controls to only certain HTTP methods
    <LimitExcept method [method] ... > ... - </LimitExcept>dhC
    Restrict access controls to all HTTP methods +
    <LimitExcept method [method] ... > ... + </LimitExcept>dhC
    Restrict access controls to all HTTP methods except the named ones
    LimitInternalRecursion number [number] 10 svC
    Determine maximum number of internal redirects and nested +
    LimitInternalRecursion number [number] 10 svC
    Determine maximum number of internal redirects and nested subrequests
    LimitRequestBody bytes 0 svdhC
    Restricts the total size of the HTTP request body sent +
    LimitRequestBody bytes 0 svdhC
    Restricts the total size of the HTTP request body sent from the client
    LimitRequestFields number 100 svC
    Limits the number of HTTP request header fields that +
    LimitRequestFields number 100 svC
    Limits the number of HTTP request header fields that will be accepted from the client
    LimitRequestFieldSize bytes 8190 svC
    Limits the size of the HTTP request header allowed from the +
    LimitRequestFieldSize bytes 8190 svC
    Limits the size of the HTTP request header allowed from the client
    LimitRequestLine bytes 8190 svC
    Limit the size of the HTTP request line that will be accepted +
    LimitRequestLine bytes 8190 svC
    Limit the size of the HTTP request line that will be accepted from the client
    LimitXMLRequestBody bytes 1000000 svdhC
    Limits the size of an XML-based request body
    Listen [IP-address:]portnumber [protocol]sM
    IP addresses and ports that the server +
    LimitXMLRequestBody bytes 1000000 svdhC
    Limits the size of an XML-based request body
    Listen [IP-address:]portnumber [protocol]sM
    IP addresses and ports that the server listens to
    ListenBacklog backlogsM
    Maximum length of the queue of pending connections
    ListenBacklog backlogsM
    Maximum length of the queue of pending connections
    ListenCoresBucketsRatio ratio 0 (disabled) sM
    Ratio between the number of CPU cores (online) and the number of +listeners' buckets
    LoadFile filename [filename] ...svE
    Link in the named object file or library
    LoadModule module filenamesvE
    Links in the object file or library, and adds to the list of active modules
    MaxSpareServers number 10 sM
    Maximum number of idle child server processes
    MaxSpareThreads numbersM
    Maximum number of idle threads
    MaxThreads number 2048 sM
    Set the maximum number of worker threads
    MergeTrailers [on|off] off svC
    Determines whether trailers are merged into headers
    MetaDir directory .web svdhE
    Name of the directory to find CERN-style meta information +
    MemcacheConnTTL num[units] 15s svE
    Keepalive time for idle connections
    MergeTrailers [on|off] off svC
    Determines whether trailers are merged into headers
    MetaDir directory .web svdhE
    Name of the directory to find CERN-style meta information files
    MetaFiles on|off off svdhE
    Activates CERN meta-file processing
    MetaSuffix suffix .meta svdhE
    File name suffix for the file containing CERN-style +
    MetaFiles on|off off svdhE
    Activates CERN meta-file processing
    MetaSuffix suffix .meta svdhE
    File name suffix for the file containing CERN-style meta information
    MimeMagicFile file-pathsvE
    Enable MIME-type determination based on file contents +
    MimeMagicFile file-pathsvE
    Enable MIME-type determination based on file contents using the specified magic file
    MinSpareServers number 5 sM
    Minimum number of idle child server processes
    MinSpareThreads numbersM
    Minimum number of idle threads available to handle request +
    MinSpareServers number 5 sM
    Minimum number of idle child server processes
    MinSpareThreads numbersM
    Minimum number of idle threads available to handle request spikes
    MMapFile file-path [file-path] ...sX
    Map a list of files into memory at startup time
    ModemStandard V.21|V.26bis|V.32|V.92dX
    Modem standard to simulate
    ModMimeUsePathInfo On|Off Off dB
    Tells mod_mime to treat path_info +
    MMapFile file-path [file-path] ...sX
    Map a list of files into memory at startup time
    ModemStandard V.21|V.26bis|V.32|V.92dX
    Modem standard to simulate
    ModMimeUsePathInfo On|Off Off dB
    Tells mod_mime to treat path_info components as part of the filename
    MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers -[Handlers|Filters] NegotiatedOnly svdhB
    The types of files that will be included when searching for +
    MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers +[Handlers|Filters] NegotiatedOnly svdhB
    The types of files that will be included when searching for a matching file with MultiViews
    Mutex mechanism [default|mutex-name] ... [OmitPID] default sC
    Configures mutex mechanism and lock file directory for all +
    Mutex mechanism [default|mutex-name] ... [OmitPID] default sC
    Configures mutex mechanism and lock file directory for all or specified mutexes
    NameVirtualHost addr[:port]sC
    DEPRECATED: Designates an IP address for name-virtual +
    NameVirtualHost addr[:port]sC
    DEPRECATED: Designates an IP address for name-virtual hosting
    NoProxy host [host] ...svE
    Hosts, domains, or networks that will be connected to +
    NoProxy host [host] ...svE
    Hosts, domains, or networks that will be connected to directly
    NWSSLTrustedCerts filename [filename] ...sB
    List of additional client certificates
    NWSSLUpgradeable [IP-address:]portnumbersB
    Allows a connection to be upgraded to an SSL connection upon request
    Options - [+|-]option [[+|-]option] ... FollowSymlinks svdhC
    Configures what features are available in a particular +
    NWSSLTrustedCerts filename [filename] ...sB
    List of additional client certificates
    NWSSLUpgradeable [IP-address:]portnumbersB
    Allows a connection to be upgraded to an SSL connection upon request
    Options + [+|-]option [[+|-]option] ... FollowSymlinks svdhC
    Configures what features are available in a particular directory
    Order ordering Deny,Allow dhE
    Controls the default access state and the order in which +
    Order ordering Deny,Allow dhE
    Controls the default access state and the order in which Allow and Deny are evaluated.
    OutputSed sed-commanddhX
    Sed command for filtering response content
    PassEnv env-variable [env-variable] -...svdhB
    Passes environment variables from the shell
    PidFile filename logs/httpd.pid sM
    File where the server records the process ID +
    OutputSed sed-commanddhX
    Sed command for filtering response content
    PassEnv env-variable [env-variable] +...svdhB
    Passes environment variables from the shell
    PidFile filename logs/httpd.pid sM
    File where the server records the process ID of the daemon
    PrivilegesMode FAST|SECURE|SELECTIVE FAST svdX
    Trade off processing speed and efficiency vs security against +
    PrivilegesMode FAST|SECURE|SELECTIVE FAST svdX
    Trade off processing speed and efficiency vs security against malicious privileges-aware code.
    Protocol protocolsvC
    Protocol for a listening socket
    ProtocolEcho On|Off Off svX
    Turn the echo server on or off
    <Proxy wildcard-url> ...</Proxy>svE
    Container for directives applied to proxied resources
    ProxyAddHeaders Off|On On svdE
    Add proxy information in X-Forwarded-* headers
    ProxyBadHeader IsError|Ignore|StartBody IsError svE
    Determines how to handle bad header lines in a +
    Protocol protocolsvC
    Protocol for a listening socket
    ProtocolEcho On|Off Off svX
    Turn the echo server on or off
    Protocols protocol ... http/1.1 svC
    Protocols available for a server/virtual host
    ProtocolsHonorOrder On|Off On svC
    Determines if order of Protocols determines precedence during negotiation
    <Proxy wildcard-url> ...</Proxy>svE
    Container for directives applied to proxied resources
    ProxyAddHeaders Off|On On svdE
    Add proxy information in X-Forwarded-* headers
    ProxyBadHeader IsError|Ignore|StartBody IsError svE
    Determines how to handle bad header lines in a response
    ProxyBlock *|word|host|domain -[word|host|domain] ...svE
    Words, hosts, or domains that are banned from being +
    ProxyBlock *|word|host|domain +[word|host|domain] ...svE
    Words, hosts, or domains that are banned from being proxied
    ProxyDomain DomainsvE
    Default domain name for proxied requests
    ProxyErrorOverride On|Off Off svdE
    Override error pages for proxied content
    ProxyExpressDBMFile <pathname>svE
    Pathname to DBM file.
    ProxyExpressDBMFile <type>svE
    DBM type of file.
    ProxyExpressEnable [on|off]svE
    Enable the module functionality.
    ProxyFtpDirCharset character set ISO-8859-1 svdE
    Define the character set for proxied FTP listings
    ProxyFtpEscapeWildcards [on|off]svdE
    Whether wildcards in requested filenames are escaped when sent to the FTP server
    ProxyFtpListOnWildcard [on|off]svdE
    Whether wildcards in requested filenames trigger a file listing
    ProxyHTMLBufSize bytessvdB
    Sets the buffer size increment for buffering inline scripts and +
    ProxyDomain DomainsvE
    Default domain name for proxied requests
    ProxyErrorOverride On|Off Off svdE
    Override error pages for proxied content
    ProxyExpressDBMFile <pathname>svE
    Pathname to DBM file.
    ProxyExpressDBMFile <type>svE
    DBM type of file.
    ProxyExpressEnable [on|off]svE
    Enable the module functionality.
    ProxyFtpDirCharset character set ISO-8859-1 svdE
    Define the character set for proxied FTP listings
    ProxyFtpEscapeWildcards [on|off]svdE
    Whether wildcards in requested filenames are escaped when sent to the FTP server
    ProxyFtpListOnWildcard [on|off]svdE
    Whether wildcards in requested filenames trigger a file listing
    ProxyHTMLBufSize bytessvdB
    Sets the buffer size increment for buffering inline scripts and stylesheets.
    ProxyHTMLCharsetOut Charset | *svdB
    Specify a charset for mod_proxy_html output.
    ProxyHTMLDocType HTML|XHTML [Legacy]
    OR -
    ProxyHTMLDocType fpi [SGML|XML]    		svdB
    Sets an HTML or XHTML document type declaration.
    ProxyHTMLEnable On|Off Off svdB
    Turns the proxy_html filter on or off.
    ProxyHTMLEvents attribute [attribute ...]svdB
    Specify attributes to treat as scripting events.
    ProxyHTMLExtended On|Off Off svdB
    Determines whether to fix links in inline scripts, stylesheets, +
    ProxyHTMLCharsetOut Charset | *svdB
    Specify a charset for mod_proxy_html output.
    ProxyHTMLDocType HTML|XHTML [Legacy]
    OR +
    ProxyHTMLDocType fpi [SGML|XML]    		svdB
    Sets an HTML or XHTML document type declaration.
    ProxyHTMLEnable On|Off Off svdB
    Turns the proxy_html filter on or off.
    ProxyHTMLEvents attribute [attribute ...]svdB
    Specify attributes to treat as scripting events.
    ProxyHTMLExtended On|Off Off svdB
    Determines whether to fix links in inline scripts, stylesheets, and scripting events.
    ProxyHTMLFixups [lowercase] [dospath] [reset]svdB
    Fixes for simple HTML errors.
    ProxyHTMLInterp On|Off Off svdB
    Enables per-request interpolation of +
    ProxyHTMLFixups [lowercase] [dospath] [reset]svdB
    Fixes for simple HTML errors.
    ProxyHTMLInterp On|Off Off svdB
    Enables per-request interpolation of ProxyHTMLURLMap rules.
    ProxyHTMLLinks element attribute [attribute2 ...]svdB
    Specify HTML elements that have URL attributes to be rewritten.
    ProxyHTMLMeta On|Off Off svdB
    Turns on or off extra pre-parsing of metadata in HTML +
    ProxyHTMLLinks element attribute [attribute2 ...]svdB
    Specify HTML elements that have URL attributes to be rewritten.
    ProxyHTMLMeta On|Off Off svdB
    Turns on or off extra pre-parsing of metadata in HTML <head> sections.
    ProxyHTMLStripComments On|Off Off svdB
    Determines whether to strip HTML comments.
    ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]svdB
    Defines a rule to rewrite HTML links
    ProxyIOBufferSize bytes 8192 svE
    Determine size of internal data throughput buffer
    <ProxyMatch regex> ...</ProxyMatch>svE
    Container for directives applied to regular-expression-matched +
    ProxyHTMLStripComments On|Off Off svdB
    Determines whether to strip HTML comments.
    ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]svdB
    Defines a rule to rewrite HTML links
    ProxyIOBufferSize bytes 8192 svE
    Determine size of internal data throughput buffer
    <ProxyMatch regex> ...</ProxyMatch>svE
    Container for directives applied to regular-expression-matched proxied resources
    ProxyMaxForwards number -1 svE
    Maximium number of proxies that a request can be forwarded +
    ProxyMaxForwards number -1 svE
    Maximium number of proxies that a request can be forwarded through
    ProxyPass [path] !|url [key=value - [key=value ...]] [nocanon] [interpolate] [noquery]svdE
    Maps remote servers into the local server URL-space
    ProxyPassInherit On|Off On svE
    Inherit ProxyPass directives defined from the main server
    ProxyPassInterpolateEnv On|Off Off svdE
    Enable Environment Variable interpolation in Reverse Proxy configurations
    ProxyPassMatch [regex] !|url [key=value - [key=value ...]]svdE
    Maps remote servers into the local server URL-space using regular expressions
    ProxyPassReverse [path] url -[interpolate]svdE
    Adjusts the URL in HTTP response headers sent from a reverse +
    ProxyPass [path] !|url [key=value + [key=value ...]] [nocanon] [interpolate] [noquery]svdE
    Maps remote servers into the local server URL-space
    ProxyPassInherit On|Off On svE
    Inherit ProxyPass directives defined from the main server
    ProxyPassInterpolateEnv On|Off Off svdE
    Enable Environment Variable interpolation in Reverse Proxy configurations
    ProxyPassMatch [regex] !|url [key=value + [key=value ...]]svdE
    Maps remote servers into the local server URL-space using regular expressions
    ProxyPassReverse [path] url +[interpolate]svdE
    Adjusts the URL in HTTP response headers sent from a reverse proxied server
    ProxyPassReverseCookieDomain internal-domain -public-domain [interpolate]svdE
    Adjusts the Domain string in Set-Cookie headers from a reverse- +
    ProxyPassReverseCookieDomain internal-domain +public-domain [interpolate]svdE
    Adjusts the Domain string in Set-Cookie headers from a reverse- proxied server
    ProxyPassReverseCookiePath internal-path -public-path [interpolate]svdE
    Adjusts the Path string in Set-Cookie headers from a reverse- +
    ProxyPassReverseCookiePath internal-path +public-path [interpolate]svdE
    Adjusts the Path string in Set-Cookie headers from a reverse- proxied server
    ProxyPreserveHost On|Off Off svdE
    Use incoming Host HTTP request header for proxy +
    ProxyPreserveHost On|Off Off svdE
    Use incoming Host HTTP request header for proxy request
    ProxyReceiveBufferSize bytes 0 svE
    Network buffer size for proxied HTTP and FTP +
    ProxyReceiveBufferSize bytes 0 svE
    Network buffer size for proxied HTTP and FTP connections
    ProxyRemote match remote-serversvE
    Remote proxy used to handle certain requests
    ProxyRemoteMatch regex remote-serversvE
    Remote proxy used to handle requests matched by regular +
    ProxyRemote match remote-serversvE
    Remote proxy used to handle certain requests
    ProxyRemoteMatch regex remote-serversvE
    Remote proxy used to handle requests matched by regular expressions
    ProxyRequests On|Off Off svE
    Enables forward (standard) proxy requests
    ProxySCGIInternalRedirect On|Off|Headername On svdE
    Enable or disable internal redirect responses from the +
    ProxyRequests On|Off Off svE
    Enables forward (standard) proxy requests
    ProxySCGIInternalRedirect On|Off|Headername On svdE
    Enable or disable internal redirect responses from the backend
    ProxySCGISendfile On|Off|Headername Off svdE
    Enable evaluation of X-Sendfile pseudo response +
    ProxySCGISendfile On|Off|Headername Off svdE
    Enable evaluation of X-Sendfile pseudo response header
    ProxySet url key=value [key=value ...]dE
    Set various Proxy balancer or member parameters
    ProxySourceAddress addresssvE
    Set local IP address for outgoing proxy connections
    ProxyStatus Off|On|Full Off svE
    Show Proxy LoadBalancer status in mod_status
    ProxyTimeout secondssvE
    Network timeout for proxied requests
    ProxyVia On|Off|Full|Block Off svE
    Information provided in the Via HTTP response +
    ProxySet url key=value [key=value ...]dE
    Set various Proxy balancer or member parameters
    ProxySourceAddress addresssvE
    Set local IP address for outgoing proxy connections
    ProxyStatus Off|On|Full Off svE
    Show Proxy LoadBalancer status in mod_status
    ProxyTimeout secondssvE
    Network timeout for proxied requests
    ProxyVia On|Off|Full|Block Off svE
    Information provided in the Via HTTP response header for proxied requests
    ReadmeName filenamesvdhB
    Name of the file that will be inserted at the end +
    ReadmeName filenamesvdhB
    Name of the file that will be inserted at the end of the index listing
    ReceiveBufferSize bytes 0 sM
    TCP receive buffer size
    Redirect [status] URL-path -URLsvdhB
    Sends an external redirect asking the client to fetch +
    ReceiveBufferSize bytes 0 sM
    TCP receive buffer size
    Redirect [status] URL-path +URLsvdhB
    Sends an external redirect asking the client to fetch a different URL
    RedirectMatch [status] regex -URLsvdhB
    Sends an external redirect based on a regular expression match +
    RedirectMatch [status] regex +URLsvdhB
    Sends an external redirect based on a regular expression match of the current URL
    RedirectPermanent URL-path URLsvdhB
    Sends an external permanent redirect asking the client to fetch +
    RedirectPermanent URL-path URLsvdhB
    Sends an external permanent redirect asking the client to fetch a different URL
    RedirectTemp URL-path URLsvdhB
    Sends an external temporary redirect asking the client to fetch +
    RedirectTemp URL-path URLsvdhB
    Sends an external temporary redirect asking the client to fetch a different URL
    ReflectorHeader inputheader [outputheader]svdhB
    Reflect an input header to the output headers
    RemoteIPHeader header-fieldsvB
    Declare the header field which should be parsed for useragent IP addresses
    RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...svB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPInternalProxyList filenamesvB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPProxiesHeader HeaderFieldNamesvB
    Declare the header field which will record all intermediate IP addresses
    RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...svB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPTrustedProxyList filenamesvB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoveCharset extension [extension] -...vdhB
    Removes any character set associations for a set of file +
    ReflectorHeader inputheader [outputheader]svdhB
    Reflect an input header to the output headers
    RemoteIPHeader header-fieldsvB
    Declare the header field which should be parsed for useragent IP addresses
    RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...svB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPInternalProxyList filenamesvB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPProxiesHeader HeaderFieldNamesvB
    Declare the header field which will record all intermediate IP addresses
    RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...svB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoteIPTrustedProxyList filenamesvB
    Declare client intranet IP addresses trusted to present the RemoteIPHeader value
    RemoveCharset extension [extension] +...vdhB
    Removes any character set associations for a set of file extensions
    RemoveEncoding extension [extension] -...vdhB
    Removes any content encoding associations for a set of file +
    RemoveEncoding extension [extension] +...vdhB
    Removes any content encoding associations for a set of file extensions
    RemoveHandler extension [extension] -...vdhB
    Removes any handler associations for a set of file +
    RemoveHandler extension [extension] +...vdhB
    Removes any handler associations for a set of file extensions
    RemoveInputFilter extension [extension] -...vdhB
    Removes any input filter associations for a set of file +
    RemoveInputFilter extension [extension] +...vdhB
    Removes any input filter associations for a set of file extensions
    RemoveLanguage extension [extension] -...vdhB
    Removes any language associations for a set of file +
    RemoveLanguage extension [extension] +...vdhB
    Removes any language associations for a set of file extensions
    RemoveOutputFilter extension [extension] -...vdhB
    Removes any output filter associations for a set of file +
    RemoveOutputFilter extension [extension] +...vdhB
    Removes any output filter associations for a set of file extensions
    RemoveType extension [extension] -...vdhB
    Removes any content type associations for a set of file +
    RemoveType extension [extension] +...vdhB
    Removes any content type associations for a set of file extensions
    RequestHeader add|append|edit|edit*|merge|set|setifempty|unset +
    RequestHeader add|append|edit|edit*|merge|set|setifempty|unset header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] -svdhE
    Configure HTTP request headers
    RequestReadTimeout +svdhE
    Configure HTTP request headers
    RequestReadTimeout [header=timeout[-maxtimeout][,MinRate=rate] [body=timeout[-maxtimeout][,MinRate=rate] -svE
    Set timeout values for receiving request headers and body from client. +svE
    Set timeout values for receiving request headers and body from client.
    Require [not] entity-name - [entity-name] ...dhB
    Tests whether an authenticated user is authorized by +
    Require [not] entity-name + [entity-name] ...dhB
    Tests whether an authenticated user is authorized by an authorization provider.
    <RequireAll> ... </RequireAll>dhB
    Enclose a group of authorization directives of which none +
    <RequireAll> ... </RequireAll>dhB
    Enclose a group of authorization directives of which none must fail and at least one must succeed for the enclosing directive to succeed.
    <RequireAny> ... </RequireAny>dhB
    Enclose a group of authorization directives of which one +
    <RequireAny> ... </RequireAny>dhB
    Enclose a group of authorization directives of which one must succeed for the enclosing directive to succeed.
    <RequireNone> ... </RequireNone>dhB
    Enclose a group of authorization directives of which none +
    <RequireNone> ... </RequireNone>dhB
    Enclose a group of authorization directives of which none must succeed for the enclosing directive to not fail.
    RewriteBase URL-pathdhE
    Sets the base URL for per-directory rewrites
    RewriteCond - TestString CondPatternsvdhE
    Defines a condition under which rewriting will take place +
    RewriteBase URL-pathdhE
    Sets the base URL for per-directory rewrites
    RewriteCond + TestString CondPatternsvdhE
    Defines a condition under which rewriting will take place
    RewriteEngine on|off off svdhE
    Enables or disables runtime rewriting engine
    RewriteMap MapName MapType:MapSource -svE
    Defines a mapping function for key-lookup
    RewriteOptions OptionssvdhE
    Sets some special options for the rewrite engine
    RewriteRule - Pattern Substitution [flags]svdhE
    Defines rules for the rewriting engine
    RLimitCPU seconds|max [seconds|max]svdhC
    Limits the CPU consumption of processes launched +
    RewriteEngine on|off off svdhE
    Enables or disables runtime rewriting engine
    RewriteMap MapName MapType:MapSource +svE
    Defines a mapping function for key-lookup
    RewriteOptions OptionssvdhE
    Sets some special options for the rewrite engine
    RewriteRule + Pattern Substitution [flags]svdhE
    Defines rules for the rewriting engine
    RLimitCPU seconds|max [seconds|max]svdhC
    Limits the CPU consumption of processes launched by Apache httpd children
    RLimitMEM bytes|max [bytes|max]svdhC
    Limits the memory consumption of processes launched +
    RLimitMEM bytes|max [bytes|max]svdhC
    Limits the memory consumption of processes launched by Apache httpd children
    RLimitNPROC number|max [number|max]svdhC
    Limits the number of processes that can be launched by +
    RLimitNPROC number|max [number|max]svdhC
    Limits the number of processes that can be launched by processes launched by Apache httpd children
    Satisfy Any|All All dhE
    Interaction between host-level access control and +
    Satisfy Any|All All dhE
    Interaction between host-level access control and user authentication
    ScoreBoardFile file-path logs/apache_runtime +sM
    Location of the file used to store coordination data for +
    ScoreBoardFile file-path logs/apache_runtime +sM
    Location of the file used to store coordination data for the child processes
    Script method cgi-scriptsvdB
    Activates a CGI script for a particular request +
    Script method cgi-scriptsvdB
    Activates a CGI script for a particular request method.
    ScriptAlias URL-path -file-path|directory-pathsvB
    Maps a URL to a filesystem location and designates the +
    ScriptAlias URL-path +file-path|directory-pathsvB
    Maps a URL to a filesystem location and designates the target as a CGI script
    ScriptAliasMatch regex -file-path|directory-pathsvB
    Maps a URL to a filesystem location using a regular expression +
    ScriptAliasMatch regex +file-path|directory-pathsvB
    Maps a URL to a filesystem location using a regular expression and designates the target as a CGI script
    ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhC
    Technique for locating the interpreter for CGI +
    ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhC
    Technique for locating the interpreter for CGI scripts
    ScriptLog file-pathsvB
    Location of the CGI script error logfile
    ScriptLogBuffer bytes 1024 svB
    Maximum amount of PUT or POST requests that will be recorded +
    ScriptLog file-pathsvB
    Location of the CGI script error logfile
    ScriptLogBuffer bytes 1024 svB
    Maximum amount of PUT or POST requests that will be recorded in the scriptlog
    ScriptLogLength bytes 10385760 svB
    Size limit of the CGI script logfile
    ScriptSock file-path cgisock sB
    The filename prefix of the socket to use for communication with +
    ScriptLogLength bytes 10385760 svB
    Size limit of the CGI script logfile
    ScriptSock file-path cgisock sB
    The filename prefix of the socket to use for communication with the cgi daemon
    SecureListen [IP-address:]portnumber -Certificate-Name [MUTUAL]sB
    Enables SSL encryption for the specified port
    SeeRequestTail On|Off Off sC
    Determine if mod_status displays the first 63 characters +
    SecureListen [IP-address:]portnumber +Certificate-Name [MUTUAL]sB
    Enables SSL encryption for the specified port
    SeeRequestTail On|Off Off sC
    Determine if mod_status displays the first 63 characters of a request or the last 63, assuming the request itself is greater than 63 chars.
    SendBufferSize bytes 0 sM
    TCP buffer size
    ServerAdmin email-address|URLsvC
    Email address that the server includes in error +
    SendBufferSize bytes 0 sM
    TCP buffer size
    ServerAdmin email-address|URLsvC
    Email address that the server includes in error messages sent to the client
    ServerAlias hostname [hostname] ...vC
    Alternate names for a host used when matching requests +
    ServerAlias hostname [hostname] ...vC
    Alternate names for a host used when matching requests to name-virtual hosts
    ServerLimit numbersM
    Upper limit on configurable number of processes
    ServerName [scheme://]fully-qualified-domain-name[:port]svC
    Hostname and port that the server uses to identify +
    ServerLimit numbersM
    Upper limit on configurable number of processes
    ServerName [scheme://]fully-qualified-domain-name[:port]svC
    Hostname and port that the server uses to identify itself
    ServerPath URL-pathvC
    Legacy URL pathname for a name-based virtual host that +
    ServerPath URL-pathvC
    Legacy URL pathname for a name-based virtual host that is accessed by an incompatible browser
    ServerRoot directory-path /usr/local/apache sC
    Base directory for the server installation
    ServerSignature On|Off|EMail Off svdhC
    Configures the footer on server-generated documents
    ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sC
    Configures the Server HTTP response +
    ServerRoot directory-path /usr/local/apache sC
    Base directory for the server installation
    ServerSignature On|Off|EMail Off svdhC
    Configures the footer on server-generated documents
    ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sC
    Configures the Server HTTP response header
    Session On|Off Off svdhE
    Enables a session for the current directory or location
    SessionCookieName name attributessvdhE
    Name and attributes for the RFC2109 cookie storing the session
    SessionCookieName2 name attributessvdhE
    Name and attributes for the RFC2965 cookie storing the session
    SessionCookieRemove On|Off Off svdhE
    Control for whether session cookies should be removed from incoming HTTP headers
    SessionCryptoCipher namesvdhX
    The crypto cipher to be used to encrypt the session
    SessionCryptoDriver name [param[=value]]sX
    The crypto driver to be used to encrypt the session
    SessionCryptoPassphrase secret [ secret ... ] svdhX
    The key used to encrypt the session
    SessionCryptoPassphraseFile filenamesvdX
    File containing keys used to encrypt the session
    SessionDBDCookieName name attributessvdhE
    Name and attributes for the RFC2109 cookie storing the session ID
    SessionDBDCookieName2 name attributessvdhE
    Name and attributes for the RFC2965 cookie storing the session ID
    SessionDBDCookieRemove On|Off On svdhE
    Control for whether session ID cookies should be removed from incoming HTTP headers
    SessionDBDDeleteLabel label deletesession svdhE
    The SQL query to use to remove sessions from the database
    SessionDBDInsertLabel label insertsession svdhE
    The SQL query to use to insert sessions into the database
    SessionDBDPerUser On|Off Off svdhE
    Enable a per user session
    SessionDBDSelectLabel label selectsession svdhE
    The SQL query to use to select sessions from the database
    SessionDBDUpdateLabel label updatesession svdhE
    The SQL query to use to update existing sessions in the database
    SessionEnv On|Off Off svdhE
    Control whether the contents of the session are written to the +
    Session On|Off Off svdhE
    Enables a session for the current directory or location
    SessionCookieName name attributessvdhE
    Name and attributes for the RFC2109 cookie storing the session
    SessionCookieName2 name attributessvdhE
    Name and attributes for the RFC2965 cookie storing the session
    SessionCookieRemove On|Off Off svdhE
    Control for whether session cookies should be removed from incoming HTTP headers
    SessionCryptoCipher namesvdhX
    The crypto cipher to be used to encrypt the session
    SessionCryptoDriver name [param[=value]]sX
    The crypto driver to be used to encrypt the session
    SessionCryptoPassphrase secret [ secret ... ] svdhX
    The key used to encrypt the session
    SessionCryptoPassphraseFile filenamesvdX
    File containing keys used to encrypt the session
    SessionDBDCookieName name attributessvdhE
    Name and attributes for the RFC2109 cookie storing the session ID
    SessionDBDCookieName2 name attributessvdhE
    Name and attributes for the RFC2965 cookie storing the session ID
    SessionDBDCookieRemove On|Off On svdhE
    Control for whether session ID cookies should be removed from incoming HTTP headers
    SessionDBDDeleteLabel label deletesession svdhE
    The SQL query to use to remove sessions from the database
    SessionDBDInsertLabel label insertsession svdhE
    The SQL query to use to insert sessions into the database
    SessionDBDPerUser On|Off Off svdhE
    Enable a per user session
    SessionDBDSelectLabel label selectsession svdhE
    The SQL query to use to select sessions from the database
    SessionDBDUpdateLabel label updatesession svdhE
    The SQL query to use to update existing sessions in the database
    SessionEnv On|Off Off svdhE
    Control whether the contents of the session are written to the HTTP_SESSION environment variable
    SessionExclude pathsvdhE
    Define URL prefixes for which a session is ignored
    SessionHeader headersvdhE
    Import session updates from a given HTTP response header
    SessionInclude pathsvdhE
    Define URL prefixes for which a session is valid
    SessionMaxAge maxage 0 svdhE
    Define a maximum age in seconds for a session
    SetEnv env-variable [value]svdhB
    Sets environment variables
    SetEnvIf attribute +
    SessionExclude pathsvdhE
    Define URL prefixes for which a session is ignored
    SessionHeader headersvdhE
    Import session updates from a given HTTP response header
    SessionInclude pathsvdhE
    Define URL prefixes for which a session is valid
    SessionMaxAge maxage 0 svdhE
    Define a maximum age in seconds for a session
    SetEnv env-variable [value]svdhB
    Sets environment variables
    SetEnvIf attribute regex [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhB
    Sets environment variables based on attributes of the request + [[!]env-variable[=value]] ...svdhB
    Sets environment variables based on attributes of the request
    SetEnvIfExpr expr +
    SetEnvIfExpr expr [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhB
    Sets environment variables based on an ap_expr expression
    SetEnvIfNoCase attribute regex + [[!]env-variable[=value]] ...svdhB
    Sets environment variables based on an ap_expr expression
    SetEnvIfNoCase attribute regex [!]env-variable[=value] - [[!]env-variable[=value]] ...svdhB
    Sets environment variables based on attributes of the request + [[!]env-variable[=value]] ...svdhB
    Sets environment variables based on attributes of the request without respect to case
    SetHandler handler-name|NonesvdhC
    Forces all matching files to be processed by a +
    SetHandler handler-name|NonesvdhC
    Forces all matching files to be processed by a handler
    SetInputFilter filter[;filter...]svdhC
    Sets the filters that will process client requests and POST +
    SetInputFilter filter[;filter...]svdhC
    Sets the filters that will process client requests and POST input
    SetOutputFilter filter[;filter...]svdhC
    Sets the filters that will process responses from the +
    SetOutputFilter filter[;filter...]svdhC
    Sets the filters that will process responses from the server
    SSIEndTag tag "-->" svB
    String that ends an include element
    SSIErrorMsg message "[an error occurred +svdhB
    Error message displayed when there is an SSI +
    SSIEndTag tag "-->" svB
    String that ends an include element
    SSIErrorMsg message "[an error occurred +svdhB
    Error message displayed when there is an SSI error
    SSIETag on|off off dhB
    Controls whether ETags are generated by the server.
    SSILastModified on|off off dhB
    Controls whether Last-Modified headers are generated by the +
    SSIETag on|off off dhB
    Controls whether ETags are generated by the server.
    SSILastModified on|off off dhB
    Controls whether Last-Modified headers are generated by the server.
    SSILegacyExprParser on|off off dhB
    Enable compatibility mode for conditional expressions.
    SSIStartTag tag "<!--#" svB
    String that starts an include element
    SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhB
    Configures the format in which date strings are +
    SSILegacyExprParser on|off off dhB
    Enable compatibility mode for conditional expressions.
    SSIStartTag tag "<!--#" svB
    String that starts an include element
    SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhB
    Configures the format in which date strings are displayed
    SSIUndefinedEcho string "(none)" svdhB
    String displayed when an unset variable is echoed
    SSLCACertificateFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates +
    SSIUndefinedEcho string "(none)" svdhB
    String displayed when an unset variable is echoed
    SSLCACertificateFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates for Client Auth
    SSLCACertificatePath directory-pathsvE
    Directory of PEM-encoded CA Certificates for +
    SSLCACertificatePath directory-pathsvE
    Directory of PEM-encoded CA Certificates for Client Auth
    SSLCADNRequestFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates +
    SSLCADNRequestFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates for defining acceptable CA names
    SSLCADNRequestPath directory-pathsvE
    Directory of PEM-encoded CA Certificates for +
    SSLCADNRequestPath directory-pathsvE
    Directory of PEM-encoded CA Certificates for defining acceptable CA names
    SSLCARevocationCheck chain|leaf|none none svE
    Enable CRL-based revocation checking
    SSLCARevocationFile file-pathsvE
    File of concatenated PEM-encoded CA CRLs for +
    SSLCARevocationCheck chain|leaf|none none svE
    Enable CRL-based revocation checking
    SSLCARevocationFile file-pathsvE
    File of concatenated PEM-encoded CA CRLs for Client Auth
    SSLCARevocationPath directory-pathsvE
    Directory of PEM-encoded CA CRLs for +
    SSLCARevocationPath directory-pathsvE
    Directory of PEM-encoded CA CRLs for Client Auth
    SSLCertificateChainFile file-pathsvE
    File of PEM-encoded Server CA Certificates
    SSLCertificateFile file-pathsvE
    Server PEM-encoded X.509 certificate data file
    SSLCertificateKeyFile file-pathsvE
    Server PEM-encoded private key file
    SSLCipherSuite cipher-spec DEFAULT (depends on +svdhE
    Cipher Suite available for negotiation in SSL +
    SSLCertificateChainFile file-pathsvE
    File of PEM-encoded Server CA Certificates
    SSLCertificateFile file-pathsvE
    Server PEM-encoded X.509 certificate data file
    SSLCertificateKeyFile file-pathsvE
    Server PEM-encoded private key file
    SSLCipherSuite cipher-spec DEFAULT (depends on +svdhE
    Cipher Suite available for negotiation in SSL handshake
    SSLCompression on|off off svE
    Enable compression on the SSL level
    SSLCryptoDevice engine builtin sE
    Enable use of a cryptographic hardware accelerator
    SSLEngine on|off|optional off svE
    SSL Engine Operation Switch
    SSLFIPS on|off off sE
    SSL FIPS mode Switch
    SSLHonorCipherOrder on|off off svE
    Option to prefer the server's cipher preference order
    SSLInsecureRenegotiation on|off off svE
    Option to enable support for insecure renegotiation
    SSLOCSDefaultResponder urisvE
    Set the default responder URI for OCSP validation
    SSLOCSPEnable on|off off svE
    Enable OCSP validation of the client certificate chain
    SSLOCSPOverrideResponder on|off off svE
    Force use of the default responder URI for OCSP validation
    SSLOCSPResponderTimeout seconds 10 svE
    Timeout for OCSP queries
    SSLOCSPResponseMaxAge seconds -1 svE
    Maximum allowable age for OCSP responses
    SSLOCSPResponseTimeSkew seconds 300 svE
    Maximum allowable time skew for OCSP response validation
    SSLOCSPUseRequestNonce on|off on svE
    Use a nonce within OCSP queries
    SSLOpenSSLConfCmd command-name command-valuesvE
    Configure OpenSSL parameters through its SSL_CONF API
    SSLOptions [+|-]option ...svdhE
    Configure various SSL engine run-time options
    SSLPassPhraseDialog type builtin sE
    Type of pass phrase dialog for encrypted private +
    SSLCompression on|off off svE
    Enable compression on the SSL level
    SSLCryptoDevice engine builtin sE
    Enable use of a cryptographic hardware accelerator
    SSLEngine on|off|optional off svE
    SSL Engine Operation Switch
    SSLFIPS on|off off sE
    SSL FIPS mode Switch
    SSLHonorCipherOrder on|off off svE
    Option to prefer the server's cipher preference order
    SSLInsecureRenegotiation on|off off svE
    Option to enable support for insecure renegotiation
    SSLOCSDefaultResponder urisvE
    Set the default responder URI for OCSP validation
    SSLOCSPEnable on|off off svE
    Enable OCSP validation of the client certificate chain
    SSLOCSPOverrideResponder on|off off svE
    Force use of the default responder URI for OCSP validation
    SSLOCSPResponderTimeout seconds 10 svE
    Timeout for OCSP queries
    SSLOCSPResponseMaxAge seconds -1 svE
    Maximum allowable age for OCSP responses
    SSLOCSPResponseTimeSkew seconds 300 svE
    Maximum allowable time skew for OCSP response validation
    SSLOCSPUseRequestNonce on|off on svE
    Use a nonce within OCSP queries
    SSLOpenSSLConfCmd command-name command-valuesvE
    Configure OpenSSL parameters through its SSL_CONF API
    SSLOptions [+|-]option ...svdhE
    Configure various SSL engine run-time options
    SSLPassPhraseDialog type builtin sE
    Type of pass phrase dialog for encrypted private keys
    SSLProtocol [+|-]protocol ... all svE
    Configure usable SSL/TLS protocol versions
    SSLProxyCACertificateFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates +
    SSLProtocol [+|-]protocol ... all -SSLv3 (up to 2 +svE
    Configure usable SSL/TLS protocol versions
    SSLProxyCACertificateFile file-pathsvE
    File of concatenated PEM-encoded CA Certificates for Remote Server Auth
    SSLProxyCACertificatePath directory-pathsvE
    Directory of PEM-encoded CA Certificates for +
    SSLProxyCACertificatePath directory-pathsvE
    Directory of PEM-encoded CA Certificates for Remote Server Auth
    SSLProxyCARevocationCheck chain|leaf|none none svE
    Enable CRL-based revocation checking for Remote Server Auth
    SSLProxyCARevocationFile file-pathsvE
    File of concatenated PEM-encoded CA CRLs for +
    SSLProxyCARevocationCheck chain|leaf|none none svE
    Enable CRL-based revocation checking for Remote Server Auth
    SSLProxyCARevocationFile file-pathsvE
    File of concatenated PEM-encoded CA CRLs for Remote Server Auth
    SSLProxyCARevocationPath directory-pathsvE
    Directory of PEM-encoded CA CRLs for +
    SSLProxyCARevocationPath directory-pathsvE
    Directory of PEM-encoded CA CRLs for Remote Server Auth
    SSLProxyCheckPeerCN on|off on svE
    Whether to check the remote server certificate's CN field +
    SSLProxyCheckPeerCN on|off on svE
    Whether to check the remote server certificate's CN field
    SSLProxyCheckPeerExpire on|off on svE
    Whether to check if remote server certificate is expired +
    SSLProxyCheckPeerExpire on|off on svE
    Whether to check if remote server certificate is expired
    SSLProxyCheckPeerName on|off on svE
    Configure host name checking for remote server certificates +
    SSLProxyCheckPeerName on|off on svE
    Configure host name checking for remote server certificates
    SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhE
    Cipher Suite available for negotiation in SSL +
    SSLProxyCipherSuite cipher-spec ALL:!ADH:RC4+RSA:+H +svdhE
    Cipher Suite available for negotiation in SSL proxy handshake
    SSLProxyEngine on|off off svE
    SSL Proxy Engine Operation Switch
    SSLProxyMachineCertificateChainFile filenamesE
    File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate
    SSLProxyMachineCertificateFile filenamesE
    File of concatenated PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyMachineCertificatePath directorysE
    Directory of PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyProtocol [+|-]protocol ... all svE
    Configure usable SSL protocol flavors for proxy usage
    SSLProxyVerify level none svE
    Type of remote server Certificate verification
    SSLProxyVerifyDepth number 1 svE
    Maximum depth of CA Certificates in Remote Server +
    SSLProxyEngine on|off off svE
    SSL Proxy Engine Operation Switch
    SSLProxyMachineCertificateChainFile filenamesE
    File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate
    SSLProxyMachineCertificateFile filenamesE
    File of concatenated PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyMachineCertificatePath directorysE
    Directory of PEM-encoded client certificates and keys to be used by the proxy
    SSLProxyProtocol [+|-]protocol ... all -SSLv3 (up to 2 +svE
    Configure usable SSL protocol flavors for proxy usage
    SSLProxyVerify level none svE
    Type of remote server Certificate verification
    SSLProxyVerifyDepth number 1 svE
    Maximum depth of CA Certificates in Remote Server Certificate verification
    SSLRandomSeed context source -[bytes]sE
    Pseudo Random Number Generator (PRNG) seeding +
    SSLRandomSeed context source +[bytes]sE
    Pseudo Random Number Generator (PRNG) seeding source
    SSLRenegBufferSize bytes 131072 dhE
    Set the size for the SSL renegotiation buffer
    SSLRequire expressiondhE
    Allow access only when an arbitrarily complex +
    SSLRenegBufferSize bytes 131072 dhE
    Set the size for the SSL renegotiation buffer
    SSLRequire expressiondhE
    Allow access only when an arbitrarily complex boolean expression is true
    SSLRequireSSLdhE
    Deny access when SSL is not used for the +
    SSLRequireSSLdhE
    Deny access when SSL is not used for the HTTP request
    SSLSessionCache type none sE
    Type of the global/inter-process SSL Session +
    SSLSessionCache type none sE
    Type of the global/inter-process SSL Session Cache
    SSLSessionCacheTimeout seconds 300 svE
    Number of seconds before an SSL session expires +
    SSLSessionCacheTimeout seconds 300 svE
    Number of seconds before an SSL session expires in the Session Cache
    SSLSessionTicketKeyFile file-pathsvE
    Persistent encryption/decryption key for TLS session tickets
    SSLSessionTickets on|off on svE
    Enable or disable use of TLS session tickets
    SSLSRPUnknownUserSeed secret-stringsvE
    SRP unknown user seed
    SSLSRPVerifierFile file-pathsvE
    Path to SRP verifier file
    SSLStaplingCache typesE
    Configures the OCSP stapling cache
    SSLStaplingErrorCacheTimeout seconds 600 svE
    Number of seconds before expiring invalid responses in the OCSP stapling cache
    SSLStaplingFakeTryLater on|off on svE
    Synthesize "tryLater" responses for failed OCSP stapling queries
    SSLStaplingForceURL urisvE
    Override the OCSP responder URI specified in the certificate's AIA extension
    SSLStaplingResponderTimeout seconds 10 svE
    Timeout for OCSP stapling queries
    SSLStaplingResponseMaxAge seconds -1 svE
    Maximum allowable age for OCSP stapling responses
    SSLStaplingResponseTimeSkew seconds 300 svE
    Maximum allowable time skew for OCSP stapling response validation
    SSLStaplingReturnResponderErrors on|off on svE
    Pass stapling related OCSP errors on to client
    SSLStaplingStandardCacheTimeout seconds 3600 svE
    Number of seconds before expiring responses in the OCSP stapling cache
    SSLStrictSNIVHostCheck on|off off svE
    Whether to allow non-SNI clients to access a name-based virtual +
    SSLSessionTicketKeyFile file-pathsvE
    Persistent encryption/decryption key for TLS session tickets
    SSLSessionTickets on|off on svE
    Enable or disable use of TLS session tickets
    SSLSRPUnknownUserSeed secret-stringsvE
    SRP unknown user seed
    SSLSRPVerifierFile file-pathsvE
    Path to SRP verifier file
    SSLStaplingCache typesE
    Configures the OCSP stapling cache
    SSLStaplingErrorCacheTimeout seconds 600 svE
    Number of seconds before expiring invalid responses in the OCSP stapling cache
    SSLStaplingFakeTryLater on|off on svE
    Synthesize "tryLater" responses for failed OCSP stapling queries
    SSLStaplingForceURL urisvE
    Override the OCSP responder URI specified in the certificate's AIA extension
    SSLStaplingResponderTimeout seconds 10 svE
    Timeout for OCSP stapling queries
    SSLStaplingResponseMaxAge seconds -1 svE
    Maximum allowable age for OCSP stapling responses
    SSLStaplingResponseTimeSkew seconds 300 svE
    Maximum allowable time skew for OCSP stapling response validation
    SSLStaplingReturnResponderErrors on|off on svE
    Pass stapling related OCSP errors on to client
    SSLStaplingStandardCacheTimeout seconds 3600 svE
    Number of seconds before expiring responses in the OCSP stapling cache
    SSLStrictSNIVHostCheck on|off off svE
    Whether to allow non-SNI clients to access a name-based virtual host.
    SSLUserName varnamesdhE
    Variable name to determine user name
    SSLUseStapling on|off off svE
    Enable stapling of OCSP responses in the TLS handshake
    SSLVerifyClient level none svdhE
    Type of Client Certificate verification
    SSLVerifyDepth number 1 svdhE
    Maximum depth of CA Certificates in Client +
    SSLUserName varnamesdhE
    Variable name to determine user name
    SSLUseStapling on|off off svE
    Enable stapling of OCSP responses in the TLS handshake
    SSLVerifyClient level none svdhE
    Type of Client Certificate verification
    SSLVerifyDepth number 1 svdhE
    Maximum depth of CA Certificates in Client Certificate verification
    StartServers numbersM
    Number of child server processes created at startup
    StartThreads numbersM
    Number of threads created on startup
    Substitute s/pattern/substitution/[infq]dhE
    Pattern to filter the response content
    StartServers numbersM
    Number of child server processes created at startup
    StartThreads numbersM
    Number of threads created on startup
    Substitute s/pattern/substitution/[infq]dhE
    Pattern to filter the response content
    SubstituteInheritBefore on|off off dhE
    Change the merge order of inherited patterns
    SubstituteMaxLineLength bytes(b|B|k|K|m|M|g|G) 1m dhE
    Set the maximum line size
    Suexec On|OffsB
    Enable or disable the suEXEC feature
    SuexecUserGroup User GroupsvE
    User and group for CGI programs to run as
    %s", r); - if (balancer->s->vhost && *(balancer->s->vhost)) { + if (*balancer->s->vhost) { ap_rvputs(r, balancer->s->vhost, " -> ", NULL); } ap_rvputs(r, balancer->s->vpath, "
    Related ModulesRelated Directives
    +
    top
    +
    +

    Simple reverse proxying

    + + +

    + The ProxyPass + directive specifies the mapping of incoming requests to the backend + server (or a cluster of servers known as a Balancer + group). The simpliest example proxies all requests ("/") + to a single backend: +

    + + 
    ProxyPass "/"  "http://www.example.com/"
    + + +

    + To ensure that and Location: headers generated from + the backend are modified to point to the reverse proxy, instead of + back to itself, the ProxyPassReverse + directive is most often required: +

    + + 
    ProxyPass "/"  "http://www.example.com/"
+ProxyPassReverse "/"  "http://www.example.com/"
    + + +

    Only specific URIs can be proxied, as shown in this example:

    + + 
    ProxyPass "/images"  "http://www.example.com/"
+ProxyPassReverse "/images"  "http://www.example.com/"
    + + +

    In the above, any requests which start with the /images + path with be proxied to the specified backend, otherwise it will be handled + locally. +

    +
    top
    +
    +

    Clusters and Balancers

    + + +

    + As useful as the above is, it still has the deficiencies that should + the (single) backend node go down, or become heavily loaded, that proxying + those requests provides no real advantage. What is needed is the ability + to define a set or group of backend servers which can handle such + requests and for the reverse proxy to load balance and failover among + them. This group is sometimes called a cluster but Apache httpd's + term is a balancer. One defines a balancer by leveraging the + Proxy and + BalancerMember directives as + shown: +

    + + 
    <Proxy balancer://myset>
+    BalancerMember http://www2.example.com:8080
+    BalancerMember http://www3.example.com:8080
+    ProxySet lbmethod=bytraffic
+</Proxy>
+
+ProxyPass "/images/"  "balancer://myset/"
+ProxyPassReverse "/images/"  "balancer://myset/"
    + + +

    + The balancer:// scheme is what tells httpd that we are creating + a balancer set, with the name myset. It includes 2 backend servers, + which httpd calls BalancerMembers. In this case, any requests for + /images will be proxied to one of the 2 backends. + The ProxySet directive + specifies that the myset Balancer use a load balancing algorithm + that balances based on I/O bytes. +

    + +

    Hint

    +

    + BalancerMembers are also sometimes referred to as workers. +

    +
    + +
    top
    +
    +

    Balancer and BalancerMember configuration

    + + +

    + You can adjust numerous configuration details of the balancers + and the workers via the various parameters defined in + ProxyPass. For example, + assuming we would want http://www3.example.com:8080 to + handle 3x the traffic with a timeout of 1 second, we would adjust the + configuration as follows: +

    + + 
    <Proxy balancer://myset>
+    BalancerMember http://www2.example.com:8080
+    BalancerMember http://www3.example.com:8080 loadfactor=3 timeout=1
+    ProxySet lbmethod=bytraffic
+</Proxy>
+
+ProxyPass "/images"  "balancer://myset/"
+ProxyPassReverse "/images"  "balancer://myset/"
    + + +
    top
    +
    +

    Failover

    + + +

    + You can also fine-tune various failover scenarios, detailing which + workers and even which balancers should accessed in such cases. For + example, the below setup implements 2 failover cases: In the first, + http://hstandby.example.com:8080 is only sent traffic + if all other workers in the myset balancer are not available. + If that worker itself is not available, only then will the + http://bkup1.example.com:8080 and http://bkup2.example.com:8080 + workers be brought into rotation: +

    + + 
    <Proxy balancer://myset>
+    BalancerMember http://www2.example.com:8080
+    BalancerMember http://www3.example.com:8080 loadfactor=3 timeout=1
+    BalancerMember http://hstandby.example.com:8080 status=+H
+    BalancerMember http://bkup1.example.com:8080 lbset=1
+    BalancerMember http://bkup2.example.com:8080 lbset=1
+    ProxySet lbmethod=byrequests
+</Proxy>
+
+ProxyPass "/images/"  "balancer://myset/"
+ProxyPassReverse "/images/"  "balancer://myset/"
    + + +

    + The magic of this failover setup is setting http://hstandby.example.com:8080 + with the +H status flag, which puts it in hot standby mode, + and making the 2 bkup# servers part of the #1 load balancer set (the + default set is 0); for failover, hot standbys (if they exist) are used 1st, when all regular + workers are unavailable; load balancer sets are always tried lowest number first. +

    + +
    top
    +
    +

    Balancer Manager

    + + +

    + One of the most unique and useful features of Apache httpd's reverse proxy is + the embedded balancer-manager application. Similar to + mod_status, balancer-manager displays + the current working configuration and status of the enabled + balancers and workers currently in use. However, not only does it + display these parameters, it also allows for dynamic, runtime, on-the-fly + reconfiguration of almost all of them, including adding new BalancerMembers + (workers) to an existing balancer. To enable these capability, the following + needs to be added to your configuration: +

    + + 
    <Location "/balancer-manager">
+    SetHandler balancer-manager
+    Require host localhost
+</Location>
    + + +

    Warning

    +

    Do not enable the balancer-manager until you have secured your server. In + particular, ensure that access to the URL is tightly + restricted.

    +
    + +

    + When the reverse proxy server is accessed at that url + (eg: http://rproxy.example.com/balancer-manager/, you will see a + page similar to the below: +

    +

    balancer-manager page

    + +

    + This form allows the devops admin to adjust various parameters, take + workers offline, change load balancing methods and add new works. For + example, clicking on the balancer itself, you will get the following page: +

    +

    balancer-manager page

    + +

    + Whereas clicking on a worker, displays this page: +

    +

    balancer-manager page

    + +

    + To have these changes persist restarts of the reverse proxy, ensure that + BalancerPersist is enabled. +

    + +
    top
    +
    +

    Dynamic Health Checks

    + + +

    + Before httpd proxies a request to a worker, it can "test" if that worker + is available via setting the ping parameter for that worker using + ProxyPass. Oftentimes it is + more useful to check the health of the workers out of band, in a + dynamic fashion. This is achieved in Apache httpd by the + mod_proxy_hcheck module. +

    + +
    top
    +
    +

    BalancerMember status flags

    + + +

    + In the balancer-manager the current state, or status, of a worker + is displayed and can be set/reset. The meanings of these statuses are as follows: +

    + + + + + + + + + + + +
    FlagStringDescription
     OkWorker is available
     InitWorker has been initialized
    DDisWorker is disabled and will not accept any requests; will be + automatically retried.
    SStopWorker is administratively stopped; will not accept requests + and will not be automatically retried
    IIgnWorker is in ignore-errors mode and will always be considered available.
    HStbyWorker is in hot-standby mode and will only be used if no other + viable workers are available.
    EErrWorker is in an error state, usually due to failing pre-request check; + requests will not be proxied to this worker, but it will be retried depending on + the retry setting of the worker.
    NDrnWorker is in drain mode and will only accept existing sticky sessions + destined for itself and ignore all other requests.
    CHcFlWorker has failed dynamic health check and will not be used until it + passes subsequent health checks.
    +
    +
    +

    Available Languages:  en  | + fr  | + ja  | + ko  | + tr 

    +
    top

    Comments

    Notice:
    This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our mailing lists.
    +
    + \ No newline at end of file diff --git a/docs/manual/howto/ssi.html.en b/docs/manual/howto/ssi.html.en index 082fa1d6..fddc7c68 100644 --- a/docs/manual/howto/ssi.html.en +++ b/docs/manual/howto/ssi.html.en @@ -18,7 +18,7 @@

    Modules | Directives | FAQ | Glossary | Sitemap

    Apache HTTP Server Version 2.4

    -
    +
    <-

    Apache httpd Tutorial: Introduction to Server Side Includes

    @@ -494,7 +494,7 @@ var comments_identifier = 'http://httpd.apache.org/docs/2.4/howto/ssi.html'; } })(window, document); //-->