📄 mod_proxy.c
字号:
if (r->proxyreq) {
/* someone has already set up the proxy, it was possibly ourselves
* in proxy_detect
*/
return OK;
}
#ifndef FIX_15207
/* XXX: since r->uri has been manipulated already we're not really
* compliant with RFC1945 at this point. But this probably isn't
* an issue because this is a hybrid proxy/origin server.
*/
for (i = 0; i < conf->aliases->nelts; i++) {
len = alias_match(r->uri, ent[i].fake);
if (len > 0) {
if ((ent[i].real[0] == '!') && (ent[i].real[1] == 0)) {
return DECLINED;
}
r->filename = apr_pstrcat(r->pool, "proxy:", ent[i].real,
r->uri + len, NULL);
r->handler = "proxy-server";
r->proxyreq = PROXYREQ_REVERSE;
return OK;
}
}
#endif
return DECLINED;
}
static int proxy_walk(request_rec *r)
{
proxy_server_conf *sconf = ap_get_module_config(r->server->module_config,
&proxy_module);
ap_conf_vector_t *per_dir_defaults = r->server->lookup_defaults;
ap_conf_vector_t **sec_proxy = (ap_conf_vector_t **) sconf->sec_proxy->elts;
ap_conf_vector_t *entry_config;
proxy_dir_conf *entry_proxy;
int num_sec = sconf->sec_proxy->nelts;
/* XXX: shouldn't we use URI here? Canonicalize it first?
* Pass over "proxy:" prefix
*/
const char *proxyname = r->filename + 6;
int j;
for (j = 0; j < num_sec; ++j)
{
entry_config = sec_proxy[j];
entry_proxy = ap_get_module_config(entry_config, &proxy_module);
/* XXX: What about case insensitive matching ???
* Compare regex, fnmatch or string as appropriate
* If the entry doesn't relate, then continue
*/
if (entry_proxy->r
? ap_regexec(entry_proxy->r, proxyname, 0, NULL, 0)
: (entry_proxy->p_is_fnmatch
? apr_fnmatch(entry_proxy->p, proxyname, 0)
: strncmp(proxyname, entry_proxy->p,
strlen(entry_proxy->p)))) {
continue;
}
per_dir_defaults = ap_merge_per_dir_configs(r->pool, per_dir_defaults,
entry_config);
}
r->per_dir_config = per_dir_defaults;
return OK;
}
static int proxy_map_location(request_rec *r)
{
int access_status;
if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
return DECLINED;
/* Don't let the core or mod_http map_to_storage hooks handle this,
* We don't need directory/file_walk, and we want to TRACE on our own.
*/
if ((access_status = proxy_walk(r))) {
ap_die(access_status, r);
return access_status;
}
return OK;
}
#ifndef FIX_15207
/* -------------------------------------------------------------- */
/* Fixup the filename */
/*
* Canonicalise the URL
*/
static int proxy_fixup(request_rec *r)
{
char *url, *p;
int access_status;
if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
return DECLINED;
#ifdef FIX_15207
/* We definitely shouldn't canonicalize a proxy_pass.
* But should we really canonicalize a STD_PROXY??? -- Fahree
*/
if (r->proxyreq == PROXYREQ_REVERSE) {
return OK;
}
#endif
/* XXX: Shouldn't we try this before we run the proxy_walk? */
url = &r->filename[6];
/* canonicalise each specific scheme */
if ((access_status = proxy_run_canon_handler(r, url))) {
return access_status;
}
p = strchr(url, ':');
if (p == NULL || p == url)
return HTTP_BAD_REQUEST;
return OK; /* otherwise; we've done the best we can */
}
#endif
/* Send a redirection if the request contains a hostname which is not */
/* fully qualified, i.e. doesn't have a domain name appended. Some proxy */
/* servers like Netscape's allow this and access hosts from the local */
/* domain in this case. I think it is better to redirect to a FQDN, since */
/* these will later be found in the bookmarks files. */
/* The "ProxyDomain" directive determines what domain will be appended */
static int proxy_needsdomain(request_rec *r, const char *url, const char *domain)
{
char *nuri;
const char *ref;
/* We only want to worry about GETs */
if (!r->proxyreq || r->method_number != M_GET || !r->parsed_uri.hostname)
return DECLINED;
/* If host does contain a dot already, or it is "localhost", decline */
if (strchr(r->parsed_uri.hostname, '.') != NULL
|| strcasecmp(r->parsed_uri.hostname, "localhost") == 0)
return DECLINED; /* host name has a dot already */
ref = apr_table_get(r->headers_in, "Referer");
/* Reassemble the request, but insert the domain after the host name */
/* Note that the domain name always starts with a dot */
r->parsed_uri.hostname = apr_pstrcat(r->pool, r->parsed_uri.hostname,
domain, NULL);
nuri = apr_uri_unparse(r->pool,
&r->parsed_uri,
APR_URI_UNP_REVEALPASSWORD);
apr_table_set(r->headers_out, "Location", nuri);
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Domain missing: %s sent to %s%s%s", r->uri,
apr_uri_unparse(r->pool, &r->parsed_uri,
APR_URI_UNP_OMITUSERINFO),
ref ? " from " : "", ref ? ref : "");
return HTTP_MOVED_PERMANENTLY;
}
/* -------------------------------------------------------------- */
/* Invoke handler */
static int proxy_handler(request_rec *r)
{
char *url, *scheme, *p;
const char *p2;
void *sconf = r->server->module_config;
proxy_server_conf *conf = (proxy_server_conf *)
ap_get_module_config(sconf, &proxy_module);
apr_array_header_t *proxies = conf->proxies;
struct proxy_remote *ents = (struct proxy_remote *) proxies->elts;
int i, rc, access_status;
int direct_connect = 0;
const char *str;
long maxfwd;
proxy_balancer *balancer = NULL;
proxy_worker *worker = NULL;
/* is this for us? */
if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
return DECLINED;
/* handle max-forwards / OPTIONS / TRACE */
if ((str = apr_table_get(r->headers_in, "Max-Forwards"))) {
maxfwd = strtol(str, NULL, 10);
if (maxfwd < 1) {
switch (r->method_number) {
case M_TRACE: {
int access_status;
r->proxyreq = PROXYREQ_NONE;
if ((access_status = ap_send_http_trace(r)))
ap_die(access_status, r);
else
ap_finalize_request_protocol(r);
return OK;
}
case M_OPTIONS: {
int access_status;
r->proxyreq = PROXYREQ_NONE;
if ((access_status = ap_send_http_options(r)))
ap_die(access_status, r);
else
ap_finalize_request_protocol(r);
return OK;
}
default: {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Max-Forwards has reached zero - proxy loop?");
}
}
}
maxfwd = (maxfwd > 0) ? maxfwd - 1 : 0;
}
else {
/* set configured max-forwards */
maxfwd = conf->maxfwd;
}
apr_table_set(r->headers_in, "Max-Forwards",
apr_psprintf(r->pool, "%ld", (maxfwd > 0) ? maxfwd : 0));
url = r->filename + 6;
p = strchr(url, ':');
if (p == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"proxy_handler no URL in %s", r->filename);
return HTTP_BAD_REQUEST;
}
/* If the host doesn't have a domain name, add one and redirect. */
if (conf->domain != NULL) {
rc = proxy_needsdomain(r, url, conf->domain);
if (ap_is_HTTP_REDIRECT(rc))
return HTTP_MOVED_PERMANENTLY;
}
*p = '\0';
scheme = apr_pstrdup(r->pool, url);
*p = ':';
/* Check URI's destination host against NoProxy hosts */
/* Bypass ProxyRemote server lookup if configured as NoProxy */
/* we only know how to handle communication to a proxy via http */
/*if (strcasecmp(scheme, "http") == 0) */
{
int ii;
struct dirconn_entry *list = (struct dirconn_entry *) conf->dirconn->elts;
for (direct_connect = ii = 0; ii < conf->dirconn->nelts && !direct_connect; ii++) {
direct_connect = list[ii].matcher(&list[ii], r);
}
#if DEBUGGING
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
(direct_connect) ? "NoProxy for %s" : "UseProxy for %s",
r->uri);
#endif
}
/* Try to obtain the most suitable worker */
access_status = ap_proxy_pre_request(&worker, &balancer, r, conf, &url);
if (access_status != OK)
return access_status;
/* firstly, try a proxy, unless a NoProxy directive is active */
if (!direct_connect) {
for (i = 0; i < proxies->nelts; i++) {
p2 = ap_strchr_c(ents[i].scheme, ':'); /* is it a partial URL? */
if (strcmp(ents[i].scheme, "*") == 0 ||
(ents[i].use_regex && ap_regexec(ents[i].regexp, url, 0,NULL, 0)) ||
(p2 == NULL && strcasecmp(scheme, ents[i].scheme) == 0) ||
(p2 != NULL &&
strncasecmp(url, ents[i].scheme, strlen(ents[i].scheme)) == 0)) {
/* handle the scheme */
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Trying to run scheme_handler against proxy");
access_status = proxy_run_scheme_handler(r, worker, conf, url, ents[i].hostname, ents[i].port);
/* an error or success */
if (access_status != DECLINED && access_status != HTTP_BAD_GATEWAY) {
goto cleanup;
}
/* we failed to talk to the upstream proxy */
}
}
}
/* otherwise, try it direct */
/* N.B. what if we're behind a firewall, where we must use a proxy or
* give up??
*/
/* handle the scheme */
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Trying to run scheme_handler");
access_status = proxy_run_scheme_handler(r, worker, conf, url, NULL, 0);
if (DECLINED == access_status) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
"proxy: No protocol handler was valid for the URL %s. "
"If you are using a DSO version of mod_proxy, make sure "
"the proxy submodules are included in the configuration "
"using LoadModule.", r->uri);
access_status = HTTP_FORBIDDEN;
goto cleanup;
}
cleanup:
if (balancer) {
int post_status = proxy_run_post_request(worker, balancer, r, conf);
if (post_status == DECLINED) {
post_status = OK; /* no post_request handler available */
/* TODO: reclycle direct worker */
}
}
return access_status;
}
/* -------------------------------------------------------------- */
/* Setup configurable data */
static void * create_proxy_config(apr_pool_t *p, server_rec *s)
{
proxy_server_conf *ps = apr_pcalloc(p, sizeof(proxy_server_conf));
ps->sec_proxy = apr_array_make(p, 10, sizeof(ap_conf_vector_t *));
ps->proxies = apr_array_make(p, 10, sizeof(struct proxy_remote));
ps->aliases = apr_array_make(p, 10, sizeof(struct proxy_alias));
ps->raliases = apr_array_make(p, 10, sizeof(struct proxy_alias));
ps->cookie_paths = apr_array_make(p, 10, sizeof(struct proxy_alias));
ps->cookie_domains = apr_array_make(p, 10, sizeof(struct proxy_alias));
ps->cookie_path_str = apr_strmatch_precompile(p, "path=", 0);
ps->cookie_domain_str = apr_strmatch_precompile(p, "domain=", 0);
ps->noproxies = apr_array_make(p, 10, sizeof(struct noproxy_entry));
ps->dirconn = apr_array_make(p, 10, sizeof(struct dirconn_entry));
ps->allowed_connect_ports = apr_array_make(p, 10, sizeof(int));
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -