📄 mod_proxy.c
字号:
/* Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */#include "mod_proxy.h"#define CORE_PRIVATE#include "http_log.h"#include "http_core.h"#include "http_vhost.h"#include "http_request.h"/* Some WWW schemes and their default ports; this is basically /etc/services *//* This will become global when the protocol abstraction comes */static struct proxy_services defports[] ={ {"http", DEFAULT_HTTP_PORT}, {"ftp", DEFAULT_FTP_PORT}, {"https", DEFAULT_HTTPS_PORT}, {"gopher", DEFAULT_GOPHER_PORT}, {"nntp", DEFAULT_NNTP_PORT}, {"wais", DEFAULT_WAIS_PORT}, {"snews", DEFAULT_SNEWS_PORT}, {"prospero", DEFAULT_PROSPERO_PORT}, {NULL, -1} /* unknown port */};/* * A Web proxy module. Stages: * * translate_name: set filename to proxy:<URL> * type_checker: set type to PROXY_MAGIC_TYPE if filename begins proxy: * fix_ups: convert the URL stored in the filename to the * canonical form. * handler: handle proxy requests *//* -------------------------------------------------------------- *//* Translate the URL into a 'filename' */static int alias_match(const char *uri, const char *alias_fakename){ const char *end_fakename = alias_fakename + strlen(alias_fakename); const char *aliasp = alias_fakename, *urip = uri; while (aliasp < end_fakename) { if (*aliasp == '/') { /* * any number of '/' in the alias matches any number in the * supplied URI, but there must be at least one... */ if (*urip != '/') return 0; while (*aliasp == '/') ++aliasp; while (*urip == '/') ++urip; } else { /* Other characters are compared literally */ if (*urip++ != *aliasp++) return 0; } } /* Check last alias path component matched all the way */ if (aliasp[-1] != '/' && *urip != '\0' && *urip != '/') return 0; /* * Return number of characters from URI which matched (may be greater * than length of alias, since we may have matched doubled slashes) */ return urip - uri;}/* Detect if an absoluteURI should be proxied or not. Note that we * have to do this during this phase because later phases are * "short-circuiting"... i.e. translate_names will end when the first * module returns OK. So for example, if the request is something like: * * GET http://othervhost/cgi-bin/printenv HTTP/1.0 * * mod_alias will notice the /cgi-bin part and ScriptAlias it and * short-circuit the proxy... just because of the ordering in the * configuration file. */static int proxy_detect(request_rec *r){ void *sconf = r->server->module_config; proxy_server_conf *conf; conf = (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module); if (conf->req && r->parsed_uri.scheme) { /* but it might be something vhosted */ if (!(r->parsed_uri.hostname && !strcasecmp(r->parsed_uri.scheme, ap_http_method(r)) && ap_matches_request_vhost(r, r->parsed_uri.hostname, r->parsed_uri.port_str ? r->parsed_uri.port : ap_default_port(r)))) { r->proxyreq = STD_PROXY; r->uri = r->unparsed_uri; r->filename = ap_pstrcat(r->pool, "proxy:", r->uri, NULL); r->handler = "proxy-server"; } } /* We need special treatment for CONNECT proxying: it has no scheme part */ else if (conf->req && r->method_number == M_CONNECT && r->parsed_uri.hostname && r->parsed_uri.port_str) { r->proxyreq = STD_PROXY; r->uri = r->unparsed_uri; r->filename = ap_pstrcat(r->pool, "proxy:", r->uri, NULL); r->handler = "proxy-server"; } return DECLINED;}static int proxy_trans(request_rec *r){ void *sconf = r->server->module_config; proxy_server_conf *conf = (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module); int i, len; struct proxy_alias *ent = (struct proxy_alias *)conf->aliases->elts; if (r->proxyreq != NOT_PROXY) { /* * someone has already set up the proxy, it was possibly ourselves in * proxy_detect */ return OK; } /* * XXX: since r->uri has been manipulated already we're not really * compliant with RFC1945 at this point. But this probably isn't an * issue because this is a hybrid proxy/origin server. */ for (i = 0; i < conf->aliases->nelts; i++) { len = alias_match(r->uri, ent[i].fake); if (len > 0) { r->filename = ap_pstrcat(r->pool, "proxy:", ent[i].real, r->uri + len, NULL); r->handler = "proxy-server"; r->proxyreq = PROXY_PASS; return OK; } } return DECLINED;}/* -------------------------------------------------------------- *//* Fixup the filename *//* * Canonicalise the URL */static int proxy_fixup(request_rec *r){ char *url, *p; if (r->proxyreq == NOT_PROXY || strncmp(r->filename, "proxy:", 6) != 0) return DECLINED; url = &r->filename[6];/* canonicalise each specific scheme */ if (strncasecmp(url, "http:", 5) == 0) return ap_proxy_http_canon(r, url + 5, "http", DEFAULT_HTTP_PORT); else if (strncasecmp(url, "ftp:", 4) == 0) return ap_proxy_ftp_canon(r, url + 4); p = strchr(url, ':'); if (p == NULL || p == url) return HTTP_BAD_REQUEST; return OK; /* otherwise; we've done the best we can */}static void proxy_init(server_rec *r, pool *p){ ap_proxy_garbage_init(r, p);}/* Send a redirection if the request contains a hostname which is not *//* fully qualified, i.e. doesn't have a domain name appended. Some proxy *//* servers like Netscape's allow this and access hosts from the local *//* domain in this case. I think it is better to redirect to a FQDN, since *//* these will later be found in the bookmarks files. *//* The "ProxyDomain" directive determines what domain will be appended */static int proxy_needsdomain(request_rec *r, const char *url, const char *domain){ char *nuri; const char *ref; /* We only want to worry about GETs */ if (r->proxyreq == NOT_PROXY || r->method_number != M_GET || !r->parsed_uri.hostname) return DECLINED; /* If host does contain a dot already, or it is "localhost", decline */ if (strchr(r->parsed_uri.hostname, '.') != NULL || strcasecmp(r->parsed_uri.hostname, "localhost") == 0) return DECLINED; /* host name has a dot already */ ref = ap_table_get(r->headers_in, "Referer"); /* Reassemble the request, but insert the domain after the host name */ /* Note that the domain name always starts with a dot */ r->parsed_uri.hostname = ap_pstrcat(r->pool, r->parsed_uri.hostname, domain, NULL); nuri = ap_unparse_uri_components(r->pool, &r->parsed_uri, UNP_REVEALPASSWORD); ap_table_set(r->headers_out, "Location", nuri); ap_log_rerror(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, r, "Domain missing: %s sent to %s%s%s", r->uri, ap_unparse_uri_components(r->pool, &r->parsed_uri, UNP_OMITUSERINFO), ref ? " from " : "", ref ? ref : ""); return HTTP_MOVED_PERMANENTLY;}/* -------------------------------------------------------------- *//* Invoke handler */static int proxy_handler(request_rec *r){ char *url, *scheme, *p; void *sconf = r->server->module_config; proxy_server_conf *conf = (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module); array_header *proxies = conf->proxies; struct proxy_remote *ents = (struct proxy_remote *) proxies->elts; int i, rc; cache_req *cr; int direct_connect = 0; const char *maxfwd_str; if (r->proxyreq == NOT_PROXY || strncmp(r->filename, "proxy:", 6) != 0) return DECLINED; if (r->method_number == M_TRACE && (maxfwd_str = ap_table_get(r->headers_in, "Max-Forwards")) != NULL) { long maxfwd = ap_strtol(maxfwd_str, NULL, 10); if (maxfwd < 1) { int access_status; r->proxyreq = NOT_PROXY; if ((access_status = ap_send_http_trace(r))) ap_die(access_status, r); else ap_finalize_request_protocol(r); return OK; } ap_table_setn(r->headers_in, "Max-Forwards", ap_psprintf(r->pool, "%ld", (maxfwd > 0) ? maxfwd - 1 : 0)); } if ((rc = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR))) return rc; if (r->method_number == M_TRACE) { core_server_config *coreconf = (core_server_config *) ap_get_module_config(r->server->module_config, &core_module); if (coreconf->trace_enable == AP_TRACE_DISABLE) { /* Allow "error-notes" string to be printed by ap_send_error_response() * Note; this goes nowhere, canned error response need an overhaul. */ ap_table_setn(r->notes, "error-notes", "TRACE forbidden by server configuration"); ap_table_setn(r->notes, "verbose-error-to", "*"); ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r, "proxy: TRACE forbidden by server configuration"); return HTTP_FORBIDDEN; } if (coreconf->trace_enable != AP_TRACE_EXTENDED && (r->read_length || r->read_chunked || r->remaining)) { /* Allow "error-notes" string to be printed by ap_send_error_response() * Note; this goes nowhere, canned error response need an overhaul. */ ap_table_setn(r->notes, "error-notes", "TRACE with request body is not allowed"); ap_table_setn(r->notes, "verbose-error-to", "*"); ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r, "proxy: TRACE with request body is not allowed"); return HTTP_REQUEST_ENTITY_TOO_LARGE; } } url = r->filename + 6; p = strchr(url, ':'); if (p == NULL) return HTTP_BAD_REQUEST; /* Try serve the request from the cache. If we succeed, we leave. */ rc = ap_proxy_cache_check(r, url, &conf->cache, &cr); if (rc != DECLINED) return rc; /* If the host doesn't have a domain name, add one and redirect. */ if (conf->domain != NULL) { rc = proxy_needsdomain(r, url, conf->domain); if (ap_is_HTTP_REDIRECT(rc)) return HTTP_MOVED_PERMANENTLY;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -