![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / httpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.154 / (download) - annotate - [select for diffs], Tue Feb 13 14:00:24 2024 UTC (3 months, 2 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.153: +5 -5 lines
Diff to previous 1.153 (colored)
Stop logging misleading errors when custom generic error pages are in use. Only call the open(2) log_warn for errnos that are not ENOENT. Since that is an error worth logging. Based on a diff from Carsten Reith (carsten.reith t-online.de) OK florian@ deraadt@
Revision 1.153 / (download) - annotate - [select for diffs], Wed Sep 21 05:55:18 2022 UTC (20 months, 1 week ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.152: +4 -7 lines
Diff to previous 1.152 (colored)
Default request message body size should be 0. ok claudio
Revision 1.152 / (download) - annotate - [select for diffs], Thu Sep 1 20:36:25 2022 UTC (21 months ago) by tb
Branch: MAIN
Changes since 1.151: +3 -3 lines
Diff to previous 1.151 (colored)
ugly whitespace
Revision 1.151 / (download) - annotate - [select for diffs], Mon Aug 15 09:36:19 2022 UTC (21 months, 2 weeks ago) by op
Branch: MAIN
Changes since 1.150: +5 -2 lines
Diff to previous 1.150 (colored)
plug a fd leak in read_errdoc if fstat fails or if the file is empty tweak/ok tb@
Revision 1.150 / (download) - annotate - [select for diffs], Wed Mar 2 11:10:43 2022 UTC (2 years, 3 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.149: +1 -4 lines
Diff to previous 1.149 (colored)
Nothing uses kv_flags. John (j AT bitminer.ca) pointed out that we didn't correctly initialize struct kv and might use slower KV_FLAG_GLOBBING path in kv_find depending on stack garbage. Instead of fixing the initialization just delete kv_flags from struct kv. OK claudio, tb
Revision 1.149 / (download) - annotate - [select for diffs], Thu Nov 11 15:52:33 2021 UTC (2 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.148: +9 -9 lines
Diff to previous 1.148 (colored)
Move the assignment of http_query down. Also do not assign a non-malloced string to it since the code assumes it can call free on it. Fixes crashes noticed by tobhe@ and florian@ OK otto@ tobhe@
Revision 1.148 / (download) - annotate - [select for diffs], Fri Nov 5 19:01:02 2021 UTC (2 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.147: +19 -11 lines
Diff to previous 1.147 (colored)
Perform stricter checking on the version string (which RFC 7230 says must be "HTTP" "/" DIGIT "." DIGIT), and answer 505 version not supported when the number is outside of what we support, and 400 bad request when the version format is wrong. from Ross L Richardson, thanks! ok claudio@
Revision 1.147 / (download) - annotate - [select for diffs], Sun Oct 24 16:01:04 2021 UTC (2 years, 7 months ago) by ian
Branch: MAIN
Changes since 1.146: +83 -4 lines
Diff to previous 1.146 (colored)
Add httpd custom error page facility. Adapted by me from https://github.com/mpfr/httpd-plus. Improvements from & (earlier version) reads fine to tracey@; improvements & OK this version benno@, florian@. Thanks.
Revision 1.146 / (download) - annotate - [select for diffs], Sat Oct 23 15:30:28 2021 UTC (2 years, 7 months ago) by benno
Branch: MAIN
Changes since 1.145: +2 -2 lines
Diff to previous 1.145 (colored)
annotate a 413 error with "request body too large" in the error log. ok claudio@
Revision 1.145 / (download) - annotate - [select for diffs], Fri Oct 22 08:51:50 2021 UTC (2 years, 7 months ago) by benno
Branch: MAIN
Changes since 1.144: +40 -8 lines
Diff to previous 1.144 (colored)
return unsupported version for version less than HTTP/0.9 and higher than HTTP/1.9. Downgrade version >= HTTP/1.2++ to 1.1. Found by "J. K." (openbsd DOT list AT krottmayer DOT com) ok claudio@
Revision 1.144 / (download) - annotate - [select for diffs], Thu Oct 21 11:48:30 2021 UTC (2 years, 7 months ago) by benno
Branch: MAIN
Changes since 1.143: +8 -2 lines
Diff to previous 1.143 (colored)
when a client sends header lines without a colon, respond with 400 Bad Request instead of 500 Internal Server Error. ok claudio@
Revision 1.143 / (download) - annotate - [select for diffs], Tue Jan 5 19:56:11 2021 UTC (3 years, 4 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.142: +2 -3 lines
Diff to previous 1.142 (colored)
unwrap a line
Revision 1.142 / (download) - annotate - [select for diffs], Thu Oct 29 12:30:52 2020 UTC (3 years, 7 months ago) by denis
Branch: MAIN
Changes since 1.141: +41 -3 lines
Diff to previous 1.141 (colored)
Add location (found|not found) option to test for resource path existence. Diff by Matthias Pressfreund <mpfr @ fn de>. Thanks.
Revision 1.141 / (download) - annotate - [select for diffs], Sat Sep 12 07:34:17 2020 UTC (3 years, 8 months ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.140: +9 -3 lines
Diff to previous 1.140 (colored)
Use the original requested URI for REQUEST_URI. ok millert florian
Revision 1.140 / (download) - annotate - [select for diffs], Mon Aug 3 10:59:53 2020 UTC (3 years, 9 months ago) by benno
Branch: MAIN
Changes since 1.139: +2 -3 lines
Diff to previous 1.139 (colored)
remove another tautology from Ross L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@
Revision 1.139 / (download) - annotate - [select for diffs], Fri May 22 07:18:17 2020 UTC (4 years ago) by bentley
Branch: MAIN
Changes since 1.138: +2 -3 lines
Diff to previous 1.138 (colored)
Use the simpler HTML5 idiom to declare charset in autogenerated pages. This came from a suggestion by Andras Farkas to replace use of XHTML self-closing tags. ok cwen@ danj@ florian@
Revision 1.138 / (download) - annotate - [select for diffs], Mon May 18 14:40:06 2020 UTC (4 years ago) by cwen
Branch: MAIN
Changes since 1.137: +5 -2 lines
Diff to previous 1.137 (colored)
httpd: add a "dark mode" in directory listings and error pages Introduce a new "dark mode" for httpd(8) directory listings and error pages, using the prefers-color-scheme css function. It uses the colorscheme already used in OpenBSD project websites. This version will only be displayed if the user's browser specifically sends a "prefer darker themes if available" request. Input from florian@, danj@ and clematis. OK florian@, danj@ (on a previous version with the wrong background color)
Revision 1.137 / (download) - annotate - [select for diffs], Tue Feb 25 15:18:41 2020 UTC (4 years, 3 months ago) by sthen
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.136: +10 -1 lines
Diff to previous 1.136 (colored)
httpd: allow $REQUEST_SCHEME in redirect targets, ok jung@ florian@
Sometimes you want to redirect a request to another site but maintaining
the same type of connection (http or https) as the original request.
Allow a $REQUEST_SCHEME variable to be used in redirect locations to
allow this, e.g.
location "/cgi-bin/foobar*" { block return 302 "$REQUEST_SCHEME://foobar.example.org$REQUEST_URI" }
Revision 1.136 / (download) - annotate - [select for diffs], Tue Jan 14 20:48:57 2020 UTC (4 years, 4 months ago) by benno
Branch: MAIN
Changes since 1.135: +8 -8 lines
Diff to previous 1.135 (colored)
Pick the value for "max requests number" from the correct server {}
section in the config, by moving the code down where the Host: header
has been read and the correct server configuration selected.
Note that it may not be that useful to have this option per server,
because it is valid to send requests with different Host: headers over
the same tcp connection.
problem noted and diff from Tracey Emery, thanks!
ok florian@
Revision 1.135 / (download) - annotate - [select for diffs], Mon Nov 4 14:58:37 2019 UTC (4 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.134: +1 -4 lines
Diff to previous 1.134 (colored)
remove useless NULL check, it's checked 7 lines further up. found by Clemens Goessnitzer, ok and prodded by florian@
Revision 1.134 / (download) - annotate - [select for diffs], Tue Oct 22 09:31:23 2019 UTC (4 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.133: +3 -2 lines
Diff to previous 1.133 (colored)
Do not log "(null)" in debug logging. OK deraadt
Revision 1.133 / (download) - annotate - [select for diffs], Wed May 8 21:46:56 2019 UTC (5 years ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.132: +14 -2 lines
Diff to previous 1.132 (colored)
The QUERY_STRING macro is not actually URL encoded, so fix the manual. Add a QUERY_STRING_ENC macro that is URL encoded. Patch from Tim Baumgartner ok reyk
Revision 1.132 / (download) - annotate - [select for diffs], Wed May 8 21:41:06 2019 UTC (5 years ago) by tb
Branch: MAIN
Changes since 1.131: +11 -9 lines
Diff to previous 1.131 (colored)
Set the REQUEST_URI CGI variable to the requested URI and query string instead of the rewritten path and query string. Patch from Tim Baumgard, reminded by Mischa Peters. ok benno, reyk
Revision 1.131 / (download) - annotate - [select for diffs], Wed May 8 19:57:45 2019 UTC (5 years ago) by reyk
Branch: MAIN
Changes since 1.130: +4 -4 lines
Diff to previous 1.130 (colored)
spacing
Revision 1.130 / (download) - annotate - [select for diffs], Fri May 3 17:16:27 2019 UTC (5 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.129: +41 -5 lines
Diff to previous 1.129 (colored)
Add a "forwarded" log format that extends the "combined" log format by including the contents of the X-Forwarded-For and X-Forwarded-Port headers. If httpd(8) runs behind a proxy like relayd(8), this allows tracking the origin of the requests. The format is compatible with log analyzers such as GoAccess and Webalizer. Patch from Bruno Flueckiger ok benno, reyk
Revision 1.129 / (download) - annotate - [select for diffs], Sun Feb 10 13:41:27 2019 UTC (5 years, 3 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.128: +9 -2 lines
Diff to previous 1.128 (colored)
log X509 peer's cert subject name when tls client authentication is used, in the same way as the http authenticated username is loged. From Karel Gardas, gardask at gmail dot com, Thanks! ok florian@
Revision 1.128 / (download) - annotate - [select for diffs], Tue Dec 4 18:12:08 2018 UTC (5 years, 5 months ago) by florian
Branch: MAIN
Changes since 1.127: +7 -7 lines
Diff to previous 1.127 (colored)
Check maxrequestbody when we found the right server / location. Very patiently pointed out repeatedly by Tracey Emery ( tracey AT traceyemery.net ), thanks! OK benno
Revision 1.127 / (download) - annotate - [select for diffs], Sun Nov 4 05:56:45 2018 UTC (5 years, 6 months ago) by guenther
Branch: MAIN
Changes since 1.126: +2 -2 lines
Diff to previous 1.126 (colored)
isalpha(3) requires an unsigned char value (or -1). from Hiltjo Posthuma (hiltjo(at)codemadness.org)
Revision 1.126 / (download) - annotate - [select for diffs], Mon Oct 15 08:16:17 2018 UTC (5 years, 7 months ago) by bentley
Branch: MAIN
Changes since 1.125: +5 -3 lines
Diff to previous 1.125 (colored)
Omit HSTS headers over unencrypted connections, per RFC 6797. ok florian@
Revision 1.125 / (download) - annotate - [select for diffs], Thu Oct 11 09:52:22 2018 UTC (5 years, 7 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.124: +1 -7 lines
Diff to previous 1.124 (colored)
Backout my previous commit: date: 2018/10/01 19:24:09; author: benno; state: Exp; lines: +7 -1; commitid: 0O8fyHPNvPd8rvYU; Only send 408 Timeout responses when we have seen at least part of a request. Without a request, just close the connection when we hit request timeout. Prompted by a bug report from Nikola Kolev, thanks. ok reyk@ and some suggestions from claudio@ and bluhm@ Mark Patruck (mark AT wrapped DOT cx) found a problem with it, thanks for the report. ok reyk@ bluhm@ sthen@ deraadt@
Revision 1.124 / (download) - annotate - [select for diffs], Mon Oct 1 19:24:09 2018 UTC (5 years, 8 months ago) by benno
Branch: MAIN
Changes since 1.123: +7 -1 lines
Diff to previous 1.123 (colored)
Only send 408 Timeout responses when we have seen at least part of a request. Without a request, just close the connection when we hit request timeout. Prompted by a bug report from Nikola Kolev, thanks. ok reyk@ and some suggestions from claudio@ and bluhm@
Revision 1.123 / (download) - annotate - [select for diffs], Fri Sep 7 09:31:13 2018 UTC (5 years, 8 months ago) by florian
Branch: MAIN
Changes since 1.122: +18 -4 lines
Diff to previous 1.122 (colored)
Do not send a Content-Length header for 1xx and 204 status codes since RFC 7230 states that a server MUST NOT do so. At least relayd chokes on this. Pointed out & diff by Carlin Bingham (cb AT walcyrge.org), thanks! OK benno
Revision 1.122 / (download) - annotate - [select for diffs], Wed Jun 20 16:43:05 2018 UTC (5 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.121: +45 -6 lines
Diff to previous 1.121 (colored)
Add support for simple one-off internal rewrites.
For example:
location match "/page/(%d+)/.*" {
request rewrite "/static/index.php?id=%1&$QUERY_STRING"
}
Requested by many.
Ok benno@
Revision 1.121 / (download) - annotate - [select for diffs], Fri Jun 15 12:36:05 2018 UTC (5 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.120: +5 -5 lines
Diff to previous 1.120 (colored)
Fix 304 Not Modified response: don't send a body, use the correct MIME type. Reported by Hidvegi Gabor gaborca websivision hu Fix found by anton@ OK anton@
Revision 1.120 / (download) - annotate - [select for diffs], Mon Jun 11 12:12:51 2018 UTC (5 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.119: +7 -22 lines
Diff to previous 1.119 (colored)
The http_query is already url_encoded; don't encode it twice. This fixes a bug in the macros and log file handler that double-encoded the query. This does not change FCGI as it was already handling the query correctly. Additional verification of the QUERY_STRING should be implemented as well. OK claudio@
Revision 1.118.2.1 / (download) - annotate - [select for diffs], Wed Apr 18 09:37:25 2018 UTC (6 years, 1 month ago) by benno
Branch: OPENBSD_6_3
Changes since 1.118: +2 -1 lines
Diff to previous 1.118 (colored) next main 1.119 (colored)
Merge usr.sbin/httpd/server_http.c revision 1.119 to 6.3-stable:
revision 1.119
date: 2018/04/06 13:02:07; author: florian; state: Exp; lines: +2 -1; commitid: fU72v0$
After processing of a range request httpd would never close the
connection and eventually stop answering queries because of file
descriptor starvation.
Problem reported by, minimal testcase provided and testing by trondd
_AT_ kagu-tsuchi.com, thanks!
Testing Nick Holland and millert
OK deraadt
ok florian@
Revision 1.117.4.1 / (download) - annotate - [select for diffs], Wed Apr 18 09:36:47 2018 UTC (6 years, 1 month ago) by benno
Branch: OPENBSD_6_2
Changes since 1.117: +2 -1 lines
Diff to previous 1.117 (colored) next main 1.118 (colored)
Merge usr.sbin/httpd/server_http.c revision 1.119 to 6.2-stable:
revision 1.119
date: 2018/04/06 13:02:07; author: florian; state: Exp; lines: +2 -1; commitid: fU72v0$
After processing of a range request httpd would never close the
connection and eventually stop answering queries because of file
descriptor starvation.
Problem reported by, minimal testcase provided and testing by trondd
_AT_ kagu-tsuchi.com, thanks!
Testing Nick Holland and millert
OK deraadt
ok florian@
Revision 1.119 / (download) - annotate - [select for diffs], Fri Apr 6 13:02:07 2018 UTC (6 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.118: +2 -1 lines
Diff to previous 1.118 (colored)
After processing of a range request httpd would never close the connection and eventually stop answering queries because of file descriptor starvation. Problem reported by, minimal testcase provided and testing by trondd _AT_ kagu-tsuchi.com, thanks! Testing Nick Holland and millert OK deraadt
Revision 1.118 / (download) - annotate - [select for diffs], Thu Dec 14 21:19:47 2017 UTC (6 years, 5 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE
Branch point for: OPENBSD_6_3
Changes since 1.117: +3 -1 lines
Diff to previous 1.117 (colored)
set Location header for 307 and 308 status codes ok sthen@ phessler@
Revision 1.117 / (download) - annotate - [select for diffs], Mon May 15 10:40:47 2017 UTC (7 years ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE
Branch point for: OPENBSD_6_2
Changes since 1.116: +5 -1 lines
Diff to previous 1.116 (colored)
Avoid a crash servicing requests when a server is configured with "block return 401". Problem reported by Jurjen Oskam. ok florian@
Revision 1.116 / (download) - annotate - [select for diffs], Thu Mar 16 10:18:11 2017 UTC (7 years, 2 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.115: +9 -1 lines
Diff to previous 1.115 (colored)
Expand $HTTP_HOST in redirects. From Rivo Nurges Rivo.Nurges AT smit.ee, thanks! OK reyk
Revision 1.115 / (download) - annotate - [select for diffs], Fri Mar 10 21:06:43 2017 UTC (7 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.114: +2 -2 lines
Diff to previous 1.114 (colored)
Sync from relayd: DELETE can have a body. Fix by Rivo Nurges, fixes a problem with Atlassian JIRA OK benno@
Revision 1.114 / (download) - annotate - [select for diffs], Tue Feb 7 12:22:41 2017 UTC (7 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.113: +22 -4 lines
Diff to previous 1.113 (colored)
Improve parsing of the HTTP request line Make sure that the beginning of a new request starts with an alphabetic character. This is a quick way to detect non-ASCII requests (eg. TLS on port 80). The full validation of the request method is done once the input line is read. Make sure that non-terminated lines do not exceed the SERVER_MAXHEADERLENGTH which is 8k. As the current read watermark is set to 64k, this means that the limit check is triggered after max. 64k of input, depending on the TCP read buffer. OK benno@ jsing@
Revision 1.113 / (download) - annotate - [select for diffs], Thu Feb 2 22:19:59 2017 UTC (7 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.112: +5 -1 lines
Diff to previous 1.112 (colored)
Fix support for HTTP pipelining by handling all requests in the buffer. Tested & OK jung@
Revision 1.112 / (download) - annotate - [select for diffs], Tue Jan 31 14:39:47 2017 UTC (7 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.111: +97 -2 lines
Diff to previous 1.111 (colored)
Reimplement httpd's support for byte ranges. The previous implementation loaded all the output into a single output buffer and used its size to determine the Content-Length of the body. The new implementation calculates the body length first and writes the individual ranges in an async way using the bufferevent mechanism. This prevents httpd from using too much memory and applies the watermark and throttling mechanisms to range requests. Problem reported by Pierre Kim (pierre.kim.sec at gmail.com) OK benno@ sunil@
Revision 1.111 / (download) - annotate - [select for diffs], Tue Jan 31 12:21:27 2017 UTC (7 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.110: +6 -5 lines
Diff to previous 1.110 (colored)
The variable clt_done is used in too many places. Introduce a new variable clt_headersdone in the async HTTP parser. OK sunil@ benno@
Revision 1.110 / (download) - annotate - [select for diffs], Fri Aug 26 10:46:39 2016 UTC (7 years, 9 months ago) by rzalamena
Branch: MAIN
Changes since 1.109: +3 -8 lines
Diff to previous 1.109 (colored)
Replace the static env variables with a single global variable. ok reyk@
Revision 1.109 / (download) - annotate - [select for diffs], Wed Jul 27 11:02:41 2016 UTC (7 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.108: +2 -2 lines
Diff to previous 1.108 (colored)
According to RFC 7231 4.3.7, OPTIONS may have body. "Although this specification does not define any use for such a payload, future extensions to HTTP might use the OPTIONS body to make more detailed queries about the target resource." The future has arrived. Found and tested by Michael Lechtermann OK benno@
Revision 1.108 / (download) - annotate - [select for diffs], Fri May 27 11:24:13 2016 UTC (8 years ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.107: +5 -3 lines
Diff to previous 1.107 (colored)
Return "400 Bad Request" instead of "500 Server Internal Error" for requests lacking "HTTP/<version>". This makes it more obvious that httpd(8) does not attempt to support HTTP v0.9 (circa 1991), when "GET <url>\r\n" was valid. ok millert@ florian@
Revision 1.107 / (download) - annotate - [select for diffs], Sun May 22 19:20:03 2016 UTC (8 years ago) by jung
Branch: MAIN
Changes since 1.106: +7 -3 lines
Diff to previous 1.106 (colored)
makes sure the value of the asprintf buffer is zeroed on error from Hiltjo Posthuma "do." deraadt
Revision 1.106 / (download) - annotate - [select for diffs], Tue Mar 8 09:33:15 2016 UTC (8 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.105: +3 -1 lines
Diff to previous 1.105 (colored)
Set content charset for auto index generated page. Pointed out and diff by dhill, thanks! Tweaks and same change for error documents by me.
Revision 1.105 / (download) - annotate - [select for diffs], Thu Feb 11 19:30:04 2016 UTC (8 years, 3 months ago) by tim
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.104: +6 -6 lines
Diff to previous 1.104 (colored)
Back out previous; requested by jung@
Revision 1.104 / (download) - annotate - [select for diffs], Thu Feb 11 16:14:11 2016 UTC (8 years, 3 months ago) by tim
Branch: MAIN
Changes since 1.103: +7 -7 lines
Diff to previous 1.103 (colored)
Include the server port number in the common and combined logs. This is useful to distinguish between http and https requests. OK florian@ reyk@ a while ago
Revision 1.103 / (download) - annotate - [select for diffs], Mon Dec 7 20:30:17 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
Changes since 1.102: +2 -3 lines
Diff to previous 1.102 (colored)
No need to check for NULL before free().
Revision 1.102 / (download) - annotate - [select for diffs], Thu Dec 3 11:46:25 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.101: +13 -21 lines
Diff to previous 1.101 (colored)
Remove unnecessary NULL checks before free(). From Jan Schreiber
Revision 1.101 / (download) - annotate - [select for diffs], Tue Oct 13 08:33:06 2015 UTC (8 years, 7 months ago) by sunil
Branch: MAIN
Changes since 1.100: +2 -1 lines
Diff to previous 1.100 (colored)
Plug a leak. Ok gilles@, reyk@
Revision 1.100 / (download) - annotate - [select for diffs], Tue Oct 13 07:57:13 2015 UTC (8 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.99: +2 -2 lines
Diff to previous 1.99 (colored)
Pass unsigned chars to ctype functions. From Michael McConville
Revision 1.99 / (download) - annotate - [select for diffs], Mon Sep 7 14:46:24 2015 UTC (8 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.98: +2 -2 lines
Diff to previous 1.98 (colored)
Fix a regression that was introduced with server.c r1.64: Do NOT free srv_conf->auth in serverconfig_free() because it was not allocated in config_getserver() but assigned as a reference by id from a global list that is maintained independently. This fixes a potential double-free. This fix also makes srv_conf->auth "const" to emphasize that the read-only auth pointer was not allocated here. OK jsing@
Revision 1.98 / (download) - annotate - [select for diffs], Fri Aug 21 07:30:50 2015 UTC (8 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.97: +2 -1 lines
Diff to previous 1.97 (colored)
The WebDAV MOVE method was not included in the switch statement handling the HTTP methods in server_http.c which resulted in a 405 method not allowed error when trying to use it. Fix by jaminh on github
Revision 1.97 / (download) - annotate - [select for diffs], Thu Aug 20 13:00:23 2015 UTC (8 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.96: +7 -7 lines
Diff to previous 1.96 (colored)
Change httpd(8) to use C99-style fixed-width integers (uintN_t instead of u_intN_t) and replace u_int with unsigned int. Mixing both variants is a bad style and most contributors seem to prefer this style; it also helps us to get used to it, portability, and standardization. Theoretically no binary change, except one in practice: httpd.o has a different checksum because gcc with -O2 pads/optimizes "struct privsep" differently when using "unsigned int" instead "u_int" for the affected members. "u_int" is just a typedef of "unsigned int", -O0 doesn't build the difference and clang with -O2 doesn't do it either - it is just another curiosity from gcc-land. OK semarie@
Revision 1.96 / (download) - annotate - [select for diffs], Fri Jul 31 00:10:51 2015 UTC (8 years, 10 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.95: +3 -3 lines
Diff to previous 1.95 (colored)
repair hsts header output, wrong format strings caused broken Strict-Transport-Security headers. Add __format__ attribute to kv_set() and kv_setkey() to make it easier to spot such problems. Found by and fix from Donovan Watteau <tsoomi -AT- gmail -DOT- com>, thanks for your help. ok deraadt@
Revision 1.95 / (download) - annotate - [select for diffs], Wed Jul 29 22:03:41 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.94: +1 -2 lines
Diff to previous 1.94 (colored)
backout the previous: it broke wordpress somehow. we need more care to find a proper fix for the fastcgi headers. acknowledged by deraadt@
Revision 1.94 / (download) - annotate - [select for diffs], Wed Jul 29 20:03:14 2015 UTC (8 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.93: +2 -1 lines
Diff to previous 1.93 (colored)
Read fcgi response records until we have the whole http header and can parse it. Otherwise http headers can leak into the body. Pointed out by Jean-Philippe Ouellet on bugs@ Thanks! OK reyk, commit ASAP deraadt@
Revision 1.93 / (download) - annotate - [select for diffs], Thu Jul 23 09:36:32 2015 UTC (8 years, 10 months ago) by semarie
Branch: MAIN
Changes since 1.92: +10 -3 lines
Diff to previous 1.92 (colored)
The realm in authenticate directive of config file isn't escaped for '"' char. The diff corrects this problem by using VIS_DQ. ok reyk@ florian@
Revision 1.92 / (download) - annotate - [select for diffs], Sun Jul 19 05:17:27 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.91: +11 -7 lines
Diff to previous 1.91 (colored)
For the completeness of HSTS, add the non-standard preload option. OK florian@
Revision 1.91 / (download) - annotate - [select for diffs], Sat Jul 18 06:00:43 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.90: +4 -5 lines
Diff to previous 1.90 (colored)
Allow to change the default media type globally or per-location, eg. default type text/html. OK florian@
Revision 1.90 / (download) - annotate - [select for diffs], Sat Jul 18 05:41:19 2015 UTC (8 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.89: +26 -4 lines
Diff to previous 1.89 (colored)
Implement HTTP Strict Transport Security (HSTS). Input & OK reyk
Revision 1.89 / (download) - annotate - [select for diffs], Thu Jul 16 19:05:28 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.88: +5 -5 lines
Diff to previous 1.88 (colored)
spacing
Revision 1.88 / (download) - annotate - [select for diffs], Wed Jul 15 23:16:38 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.87: +6 -7 lines
Diff to previous 1.87 (colored)
Escape the message in server_log() as well. OK benno@
Revision 1.87 / (download) - annotate - [select for diffs], Wed Jul 15 22:23:00 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.86: +19 -18 lines
Diff to previous 1.86 (colored)
For some values like the User-Agent, use vis(3) instead of url_encode(). This makes the output more readable and matches Apache's log encoding. OK sthen@ brynet@
Revision 1.86 / (download) - annotate - [select for diffs], Wed Jul 15 17:52:23 2015 UTC (8 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.85: +15 -37 lines
Diff to previous 1.85 (colored)
Simplify the error path of the previous commit: by using ret = -1 by default and only setting it to 0 on success, we don't have to set it in each error case. While here, also remove two superfluous NULL checks (as pointed out by semarie). OK semarie@
Revision 1.85 / (download) - annotate - [select for diffs], Wed Jul 15 16:02:38 2015 UTC (8 years, 10 months ago) by semarie
Branch: MAIN
Changes since 1.84: +101 -20 lines
Diff to previous 1.84 (colored)
httpd don't sanitize variables before putting them in logs. It is possible for an attacker to push arbitaries characters in logs (newline for forging entries, or some control escaping interpreted by terminal emulator). OK reyk@
Revision 1.84 / (download) - annotate - [select for diffs], Tue Jun 23 17:25:01 2015 UTC (8 years, 11 months ago) by semarie
Branch: MAIN
Changes since 1.83: +6 -3 lines
Diff to previous 1.83 (colored)
escape the matched substrings before using it in expansion. ok reyk@
Revision 1.83 / (download) - annotate - [select for diffs], Tue Jun 23 15:23:14 2015 UTC (8 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.82: +61 -12 lines
Diff to previous 1.82 (colored)
Add initial support for pattern matching using Lua's pattern matching code. With important help on the pattern matcher from semarie@ OK semarie@
Revision 1.82 / (download) - annotate - [select for diffs], Mon Jun 22 11:46:06 2015 UTC (8 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.81: +16 -9 lines
Diff to previous 1.81 (colored)
After the last change, we also have to url_encode $SERVER_NAME and $REMOTE_USER before using them in the Location. From Sebastien Marie (semarie)
Revision 1.81 / (download) - annotate - [select for diffs], Sun Jun 21 13:08:36 2015 UTC (8 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.80: +37 -22 lines
Diff to previous 1.80 (colored)
When encoding the Location url, only encode the query and path elements from the user input and not the constants from the configuration. This makes it possible to specify chars like '?' in the uri. OK Sebastien Marie
Revision 1.80 / (download) - annotate - [select for diffs], Wed May 20 09:28:47 2015 UTC (9 years ago) by kettenis
Branch: MAIN
Changes since 1.79: +3 -3 lines
Diff to previous 1.79 (colored)
Use off_t instead of size_t to pass file size and print it using %lld when constructing the Content-Length header field. Should fix some, but probably not all, problems with serving files bigger than 2G on 32-bit architectures. ok reyk@, florian@
Revision 1.79 / (download) - annotate - [select for diffs], Sun May 3 18:39:58 2015 UTC (9 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.78: +8 -1 lines
Diff to previous 1.78 (colored)
Implement byte ranges. From Sunil Nimmagadda <sunil At nimmagadda DOT net> OK benno@
Revision 1.78 / (download) - annotate - [select for diffs], Sat Apr 18 09:27:54 2015 UTC (9 years, 1 month ago) by jsg
Branch: MAIN
Changes since 1.77: +6 -5 lines
Diff to previous 1.77 (colored)
Regis Leroy reported that httpd does not strictly accept CRLF for newlines which could lead to http response splitting/smuggling if a badly behaved proxy is in front of httpd. Switch from evbuffer_readline() to evbuffer_readln() with EVBUFFER_EOL_CRLF_STRICT to avoid this. ok florian@
Revision 1.77 / (download) - annotate - [select for diffs], Thu Apr 9 16:48:29 2015 UTC (9 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.76: +1 -6 lines
Diff to previous 1.76 (colored)
Revert previous as this breaks stuff. I fscked up the testing, sorry! Found the hard way by jsg@
Revision 1.76 / (download) - annotate - [select for diffs], Wed Apr 8 19:39:29 2015 UTC (9 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.75: +6 -1 lines
Diff to previous 1.75 (colored)
Do not silently accept multiple Content-Length headers. Pointed out by Regis Leroy (regis.leroy AT makina-corpus DOT com), thanks! Tweak and OK reyk@
Revision 1.75 / (download) - annotate - [select for diffs], Mon Feb 23 18:43:18 2015 UTC (9 years, 3 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.74: +107 -3 lines
Diff to previous 1.74 (colored)
Allow to specify CGI variables as macros in redirection strings, eg. block return 301 "http://www.example.com/$REQUEST_URI" OK tedu@ florian@
Revision 1.74 / (download) - annotate - [select for diffs], Sun Feb 8 00:00:59 2015 UTC (9 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.73: +3 -2 lines
Diff to previous 1.73 (colored)
spacing
Revision 1.73 / (download) - annotate - [select for diffs], Sat Feb 7 23:59:28 2015 UTC (9 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.72: +12 -11 lines
Diff to previous 1.72 (colored)
spacing
Revision 1.72 / (download) - annotate - [select for diffs], Sat Feb 7 01:23:12 2015 UTC (9 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.71: +11 -2 lines
Diff to previous 1.71 (colored)
Add support for blocking, dropping, and redirecting requests. OK florian@
Revision 1.71 / (download) - annotate - [select for diffs], Fri Feb 6 13:05:20 2015 UTC (9 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.70: +4 -4 lines
Diff to previous 1.70 (colored)
Fix log options in locations. Reported and tested by Markus Bergkvist OK florian@
Revision 1.70 / (download) - annotate - [select for diffs], Thu Feb 5 10:47:53 2015 UTC (9 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.69: +6 -5 lines
Diff to previous 1.69 (colored)
Fix potential NULL pointer dereference.
Revision 1.69 / (download) - annotate - [select for diffs], Wed Jan 21 22:21:05 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.68: +3 -11 lines
Diff to previous 1.68 (colored)
httpd is based on relayd and had included many headers that are only needed by its ancestor. jsg@, include-what-you-use, and some manual review helped to cleanup the headers (take iwyu with a grain of salt). Based on common practice, httpd.h now also includes the necessary headers for itself. OK florian@
Revision 1.68 / (download) - annotate - [select for diffs], Mon Jan 19 20:01:02 2015 UTC (9 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.67: +10 -8 lines
Diff to previous 1.67 (colored)
Log the remote user in the access.log. Pointed out by, tweak & OK reyk@
Revision 1.67 / (download) - annotate - [select for diffs], Mon Jan 19 20:00:07 2015 UTC (9 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.66: +7 -7 lines
Diff to previous 1.66 (colored)
s/clt_fcgi_remote_user/clt_remote_user/ OK reyk@
Revision 1.66 / (download) - annotate - [select for diffs], Mon Jan 19 19:37:50 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.65: +4 -3 lines
Diff to previous 1.65 (colored)
Decouple auth parameters from struct server_config into struct auth. OK florian@
Revision 1.65 / (download) - annotate - [select for diffs], Sun Jan 18 14:01:17 2015 UTC (9 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.64: +97 -2 lines
Diff to previous 1.64 (colored)
First stab at implementing basic auth. Currently the htpasswd file needs to be in the chroot; will hopefully improved soonish. Based on a diff from Oscar Linderholm many months ago but turned into a complete rewrite. input/OK reyk@
Revision 1.64 / (download) - annotate - [select for diffs], Fri Jan 16 06:40:17 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.63: +5 -4 lines
Diff to previous 1.63 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.63 / (download) - annotate - [select for diffs], Tue Jan 13 09:21:15 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.62: +2 -2 lines
Diff to previous 1.62 (colored)
bump copyright year
Revision 1.62 / (download) - annotate - [select for diffs], Tue Jan 6 17:48:04 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.61: +2 -3 lines
Diff to previous 1.61 (colored)
I missed one goto abort instead of free(line). Found by Fabian Raetz at gmail
Revision 1.61 / (download) - annotate - [select for diffs], Tue Jan 6 13:48:15 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.60: +13 -22 lines
Diff to previous 1.60 (colored)
Instead of calling free(line) in each error case, call it once in fail:. From Fabian Raetz at gmail
Revision 1.60 / (download) - annotate - [select for diffs], Tue Jan 6 13:38:59 2015 UTC (9 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.59: +5 -3 lines
Diff to previous 1.59 (colored)
Return "400 Bad Request" instead of "500 Internal Server Error" for unknown/invalid HTTP requests. From Fabian Raetz at gmail
Revision 1.59 / (download) - annotate - [select for diffs], Sun Jan 4 22:23:58 2015 UTC (9 years, 4 months ago) by chrisz
Branch: MAIN
Changes since 1.58: +16 -1 lines
Diff to previous 1.58 (colored)
add new url stripping option: strip number Strip number path components from the beginning of the request URI before looking up the stripped-down URI at the document root. reviewed with much patience and OK by reyk@
Revision 1.58 / (download) - annotate - [select for diffs], Thu Jan 1 14:15:02 2015 UTC (9 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.57: +2 -3 lines
Diff to previous 1.57 (colored)
Use the HTML5 doctype for error and auto index pages because it is shorter, newer, and the recommendation. From James Jerkins. Exclude the charset for now because it is not explicitly handled by httpd. OK validator.w3.org (This document was successfully checked as HTML5!)
Revision 1.57 / (download) - annotate - [select for diffs], Sun Dec 21 00:54:49 2014 UTC (9 years, 5 months ago) by guenther
Branch: MAIN
Changes since 1.56: +1 -2 lines
Diff to previous 1.56 (colored)
Stop pulling in <arpa/inet.h> or <arpa/nameser.h> when unnecessary.
*Do* pull it in when in_{port,addr}_h is needed and <netinet/in.h> isn't.
ok reyk@
Revision 1.56 / (download) - annotate - [select for diffs], Mon Dec 8 19:31:27 2014 UTC (9 years, 5 months ago) by florian
Branch: MAIN
Changes since 1.55: +25 -17 lines
Diff to previous 1.55 (colored)
Do not send an error body in a HEAD request answer. From Bertrand Janin (b at janin dot com), thanks! OK reyk@
Revision 1.55 / (download) - annotate - [select for diffs], Thu Dec 4 02:44:42 2014 UTC (9 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.54: +1 -2 lines
Diff to previous 1.54 (colored)
stop viral header propagation. none of this code uses sys/hash.h from Max Fillinger
Revision 1.42.2.1 / (download) - annotate - [select for diffs], Thu Nov 20 07:48:45 2014 UTC (9 years, 6 months ago) by jasper
Branch: OPENBSD_5_6
Changes since 1.42: +181 -66 lines
Diff to previous 1.42 (colored) next main 1.43 (colored)
httpd was developed very rapidly in the weeks before 5.6 release, and it has a few flaws. It would be nice to get these flaws fully remediated before the next release, and that requires the community to want to use it. Therefore here is a "jumbo" patch that brings in the most important fixes. committing on behalf of reyk@
Revision 1.54 / (download) - annotate - [select for diffs], Sat Oct 25 03:23:49 2014 UTC (9 years, 7 months ago) by lteo
Branch: MAIN
Changes since 1.53: +1 -2 lines
Diff to previous 1.53 (colored)
Remove unnecessary netinet/in_systm.h include. ok millert@
Revision 1.53 / (download) - annotate - [select for diffs], Wed Oct 22 09:48:03 2014 UTC (9 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.52: +2 -1 lines
Diff to previous 1.52 (colored)
URL-decode the request path. Tested by ajacoutot@ and others OK doug@
Revision 1.52 / (download) - annotate - [select for diffs], Tue Oct 21 13:00:33 2014 UTC (9 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.51: +14 -10 lines
Diff to previous 1.51 (colored)
Rework the error message a little bit: Do not send details of the error. Traditionally, web servers responsed with the request path on 40x errors which could be abused to inject JavaScript etc. Instead of sanitizing the path, we just don't reprint it. Also modify the style a little bit but keep Comic Sans. With input from Jonas Lindemann and doug@
Revision 1.51 / (download) - annotate - [select for diffs], Mon Sep 29 19:30:47 2014 UTC (9 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.50: +3 -3 lines
Diff to previous 1.50 (colored)
whitespace spotted while studying the code
Revision 1.50 / (download) - annotate - [select for diffs], Mon Sep 15 08:00:27 2014 UTC (9 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.49: +8 -6 lines
Diff to previous 1.49 (colored)
Make the HTTP version mandatory and abort if it is missing in the request.
Revision 1.49 / (download) - annotate - [select for diffs], Wed Sep 10 15:39:57 2014 UTC (9 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.48: +65 -6 lines
Diff to previous 1.48 (colored)
Handle different possible variations of the Host header (eg. www.example.com, www.example.com:80, [2001:db8::1], [2001:db8::1]:80). The port is optional and is typically used on non-default ports. If the server name is a plain IPv6 address, it is commonly specified in square brackets. Makes ajacoutot@ happy OK florian@
Revision 1.48 / (download) - annotate - [select for diffs], Fri Sep 5 15:06:05 2014 UTC (9 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.47: +29 -6 lines
Diff to previous 1.47 (colored)
Add various RFC-based WebDAV methods to the list of accepted HTTP methods. This fixes (Fast)CGI-based WebDAV and CalDAV (calendar) servers with httpd. ok benno@ stsp@
Revision 1.47 / (download) - annotate - [select for diffs], Fri Sep 5 10:04:20 2014 UTC (9 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.46: +13 -1 lines
Diff to previous 1.46 (colored)
Remove a limitation that only allowed to specify a server name once. The key has been changed to server name + address + port and now it is possible to use the same server name for multiple servers with different addresses, eg. http://www.example.com and https://www.example.com/. OK doug@ florian@
Revision 1.46 / (download) - annotate - [select for diffs], Fri Aug 29 13:01:46 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.45: +48 -30 lines
Diff to previous 1.45 (colored)
Use two instead of one http descriptor for request and response. OK chrisz@
Revision 1.45 / (download) - annotate - [select for diffs], Thu Aug 21 19:23:10 2014 UTC (9 years, 9 months ago) by chrisz
Branch: MAIN
Changes since 1.44: +18 -12 lines
Diff to previous 1.44 (colored)
Add Last-Modified: HTTP header. OK reyk@
Revision 1.44 / (download) - annotate - [select for diffs], Fri Aug 8 18:29:42 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.43: +23 -10 lines
Diff to previous 1.43 (colored)
When opening directories, re-match the location after the index file has been appended. This allows to use a fastcgi target as the default index, for example index.php. OK florian@
Revision 1.43 / (download) - annotate - [select for diffs], Fri Aug 8 15:46:01 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.42: +4 -4 lines
Diff to previous 1.42 (colored)
Allow to serve emtpy (0 bytes) files. Found by jasper@ OK florian@
Revision 1.42 / (download) - annotate - [select for diffs], Wed Aug 6 18:21:14 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE
Branch point for: OPENBSD_5_6
Changes since 1.41: +7 -1 lines
Diff to previous 1.41 (colored)
Limit the body size in client requests (eg. POST data) to 1M by default; add a configuration option to change the limit. ok florian@
Revision 1.41 / (download) - annotate - [select for diffs], Wed Aug 6 15:08:04 2014 UTC (9 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.40: +11 -10 lines
Diff to previous 1.40 (colored)
http POST support with & OK reyk@
Revision 1.40 / (download) - annotate - [select for diffs], Wed Aug 6 09:34:21 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.39: +3 -3 lines
Diff to previous 1.39 (colored)
Add braces. Style-only change.
Revision 1.39 / (download) - annotate - [select for diffs], Tue Aug 5 18:01:10 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)
Add configuration options for the most-important connection limits: max requests (per connection) and timeout. We don't want to add too many button, and there are good defaults, but these ones are kind of mandatory.
Revision 1.38 / (download) - annotate - [select for diffs], Tue Aug 5 16:30:36 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.37: +4 -1 lines
Diff to previous 1.37 (colored)
Limit the number of (Keep-Alive) requests per connection to 100. (Same default as in nginx and Apache).
Revision 1.37 / (download) - annotate - [select for diffs], Tue Aug 5 14:36:10 2014 UTC (9 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.36: +3 -10 lines
Diff to previous 1.36 (colored)
retire blink because this is serious software now; ok beck
Revision 1.36 / (download) - annotate - [select for diffs], Mon Aug 4 11:09:25 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.35: +1 -3 lines
Diff to previous 1.35 (colored)
httpd doesn't support SSL/TLS yet, remove the remaining bits. The secrect plan is to add it later using the ressl wrapper library.
Revision 1.35 / (download) - annotate - [select for diffs], Mon Aug 4 06:35:10 2014 UTC (9 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
whitespace
Revision 1.34 / (download) - annotate - [select for diffs], Sun Aug 3 22:38:12 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.33: +4 -1 lines
Diff to previous 1.33 (colored)
Also write log messages, like 404 Not Found, on error. This is a bit tricky because we couldn't guarantee a sane state after server_response_http() so fail hard afterwards and close the connection. ok doug@
Revision 1.33 / (download) - annotate - [select for diffs], Sun Aug 3 21:33:27 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.32: +13 -5 lines
Diff to previous 1.32 (colored)
Allocate http_host instead of carrying a buffer in the descriptor.
Revision 1.32 / (download) - annotate - [select for diffs], Sun Aug 3 20:39:40 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.31: +7 -6 lines
Diff to previous 1.31 (colored)
Dynamically pass HTTP request headers as protocol-specific HTTP_* CGI meta-variables. ok florian@
Revision 1.31 / (download) - annotate - [select for diffs], Sun Aug 3 12:26:19 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.30: +6 -6 lines
Diff to previous 1.30 (colored)
Add function to iterate all headers. No functional change.
Revision 1.30 / (download) - annotate - [select for diffs], Sun Aug 3 10:26:44 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.29: +10 -3 lines
Diff to previous 1.29 (colored)
Add another log mode "connection" for a relayd(8)-style log entry after each connection, not every request. The code was already there and enabled on debug, I just turned it into an alternative log format.
Revision 1.29 / (download) - annotate - [select for diffs], Sun Aug 3 10:22:30 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.28: +2 -11 lines
Diff to previous 1.28 (colored)
Prefer getnameinfo() with NI_NUMERICHOST over inet_ntop because it is also aware of the IPv6 scope Id. We already have a function print_host() that uses getnameinfo, so no need for the inet_ntop cases. Confirmed by florian@
Revision 1.28 / (download) - annotate - [select for diffs], Sat Aug 2 21:21:47 2014 UTC (9 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.27: +14 -13 lines
Diff to previous 1.27 (colored)
Locations now inherit access log settings from the server. Add log to the server flags. input/"Looks ok" reyk@
Revision 1.27 / (download) - annotate - [select for diffs], Fri Aug 1 22:24:05 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.26: +12 -7 lines
Diff to previous 1.26 (colored)
Use the log buffer to defer the logging until the connection is closed or the request completed. Turn the old log message into a debug message. ok doug@
Revision 1.26 / (download) - annotate - [select for diffs], Fri Aug 1 21:51:02 2014 UTC (9 years, 10 months ago) by doug
Branch: MAIN
Changes since 1.25: +90 -1 lines
Diff to previous 1.25 (colored)
Add common and combined access logging to httpd. ok reyk@
Revision 1.25 / (download) - annotate - [select for diffs], Thu Jul 31 18:07:11 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.24: +2 -1 lines
Diff to previous 1.24 (colored)
Only write the HTTP header for the first fastcgi chunk.
Revision 1.24 / (download) - annotate - [select for diffs], Thu Jul 31 17:55:09 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.23: +4 -13 lines
Diff to previous 1.23 (colored)
some fastcgi improvements: - DPRINTF instead of log_info for internal debugging. - submit QUERY_STRING, if it exists - use a proper function to create an HTTP header. - use server_file_error() to detect EOF and fastcgi stream errors. - disable keep-alive/persist for now until we have a reliable way to get the content length from the cgi response or support chunked encoding. "Cool, jep" florian@
Revision 1.23 / (download) - annotate - [select for diffs], Thu Jul 31 09:34:57 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.22: +8 -9 lines
Diff to previous 1.22 (colored)
Add a configuration variable "fastcgi" to enable it per server or location.
Revision 1.22 / (download) - annotate - [select for diffs], Thu Jul 31 09:23:53 2014 UTC (9 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.21: +6 -2 lines
Diff to previous 1.21 (colored)
Put in first stab at fastcgi. Very early work in progress. Putting it in now so that we can quickly work on it in tree. Requested by reyk@. deraadt@ is OK with this according to reyk@.
Revision 1.21 / (download) - annotate - [select for diffs], Wed Jul 30 13:49:48 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.20: +19 -7 lines
Diff to previous 1.20 (colored)
Make "location" work with name-based virtual servers.
Revision 1.20 / (download) - annotate - [select for diffs], Wed Jul 30 10:05:14 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.19: +8 -4 lines
Diff to previous 1.19 (colored)
Add "location" keyword to specify path-specific configuration in servers, for example auto index for a sub-directory only. Internally, a "location" is just a special type of a "virtual" server.
Revision 1.19 / (download) - annotate - [select for diffs], Fri Jul 25 23:25:38 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.18: +3 -1 lines
Diff to previous 1.18 (colored)
Reset the default Host for each request
Revision 1.18 / (download) - annotate - [select for diffs], Fri Jul 25 23:23:39 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.17: +56 -8 lines
Diff to previous 1.17 (colored)
It is recommended to use a URL in the Location header of 3xx responses. To accomplish this, add some semantics to retrieve the server host name of a connection: either IP, IP:PORT (if not 80) or [IP6]:PORT, or Host value (if valid).
Revision 1.17 / (download) - annotate - [select for diffs], Fri Jul 25 21:48:05 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.16: +21 -7 lines
Diff to previous 1.16 (colored)
Append mandatory Date header to each response.
Revision 1.16 / (download) - annotate - [select for diffs], Fri Jul 25 21:36:37 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.15: +5 -7 lines
Diff to previous 1.15 (colored)
New HTTP/1.1 RFC 7231 prefers IMF-fixdate from RFC 5322.
Revision 1.15 / (download) - annotate - [select for diffs], Fri Jul 25 21:29:58 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.14: +8 -2 lines
Diff to previous 1.14 (colored)
Canonicalize the request path once without the docroot and prepend the docroot only only when it's needed. Suggested by deraadt@.
Revision 1.14 / (download) - annotate - [select for diffs], Fri Jul 25 16:23:19 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.13: +20 -1 lines
Diff to previous 1.13 (colored)
Add support for "virtual hosts" aka. server blocks aka. multiple servers with the same or "overlapping" IP address but a different name. ok beck@
Revision 1.13 / (download) - annotate - [select for diffs], Fri Jul 25 13:10:18 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.12: +4 -4 lines
Diff to previous 1.12 (colored)
Split server and server_config.
Revision 1.12 / (download) - annotate - [select for diffs], Fri Jul 25 12:46:23 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
Rename a field, needed later, no functional change.
Revision 1.11 / (download) - annotate - [select for diffs], Thu Jul 24 08:32:36 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.10: +2 -1 lines
Diff to previous 1.10 (colored)
Plug a memleak by correctly free'ing the HTTP descriptor that contains all the headers etc. of a connection.
Revision 1.10 / (download) - annotate - [select for diffs], Wed Jul 23 21:43:12 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.9: +19 -3 lines
Diff to previous 1.9 (colored)
First attempt at verifying the request path and the access permissions. We also have to redirect with 301 if a directory name was requested without the trailing slash.
Revision 1.9 / (download) - annotate - [select for diffs], Thu Jul 17 11:35:26 2014 UTC (9 years, 10 months ago) by stsp
Branch: MAIN
Changes since 1.8: +6 -5 lines
Diff to previous 1.8 (colored)
Move comment about strcasecmp() to a more suitable spot. ok reyk benno
Revision 1.8 / (download) - annotate - [select for diffs], Wed Jul 16 10:25:28 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.7: +5 -8 lines
Diff to previous 1.7 (colored)
Implement file descriptor accounting. The concept was taken from relayd but had to be adjusted for httpd. It now handles single-pass HTTP connections, persistent connections with multiple requests, and body-less HEAD requests. With input from benno@
Revision 1.7 / (download) - annotate - [select for diffs], Mon Jul 14 09:03:08 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.6: +11 -5 lines
Diff to previous 1.6 (colored)
Track Connection: Keep-Alive
Revision 1.6 / (download) - annotate - [select for diffs], Mon Jul 14 00:19:48 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.5: +106 -3 lines
Diff to previous 1.5 (colored)
first step towards keep-alive/persistent connections support
Revision 1.5 / (download) - annotate - [select for diffs], Sun Jul 13 15:39:01 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.4: +1 -2 lines
Diff to previous 1.4 (colored)
Remove a debug message
Revision 1.4 / (download) - annotate - [select for diffs], Sun Jul 13 14:17:37 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
Add support for media types (aka. MIME types): the types section is compatible to nginx' mime.types file which can be included directly. If not present, use a few built-in defaults for html, css, txt, jpeg, gif, png, and js.
Revision 1.3 / (download) - annotate - [select for diffs], Sun Jul 13 09:46:19 2014 UTC (9 years, 10 months ago) by beck
Branch: MAIN
Changes since 1.2: +10 -4 lines
Diff to previous 1.2 (colored)
Make error messages more obvious to the user. ok reyk@ florian@
Revision 1.2 / (download) - annotate - [select for diffs], Sat Jul 12 23:55:35 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Changes since 1.1: +3 -2 lines
Diff to previous 1.1 (colored)
Use Comic Sans (or Chalkboard) as the default font for HTTP error messages because we love web hipsters. ok beck@
Revision 1.1 / (download) - annotate - [select for diffs], Sat Jul 12 23:34:54 2014 UTC (9 years, 10 months ago) by reyk
Branch: MAIN
Add httpd(8), an attempt to turn the relayd(8) codebase into a simple web server. It is not finished yet and I just started it today, but the goal is to provide an HTTP server that a) provides minimal features, b) serves static files, c) provides FastCGI support, and d) follows common coding practices of OpenBSD. It will neither support plugins, nor custom memory allocators, EBCDIC support, PCRE or any other things that can be found elsewhere. httpd(8) is not intended to provide a fully-featured replacement for nginx(8) or the Apache, but it will provide enough functionality that is needed in the OpenBSD base system. ok deraadt@