src - OpenBSD base system

Age	Commit message (Collapse)	Author
2014-10-22	URL-decode the request path.	Reyk Floeter
	Tested by ajacoutot@ and others OK doug@
2014-10-21	Rework the error message a little bit: Do not send details of the	Reyk Floeter
	error. Traditionally, web servers responsed with the request path on 40x errors which could be abused to inject JavaScript etc. Instead of sanitizing the path, we just don't reprint it. Also modify the style a little bit but keep Comic Sans. With input from Jonas Lindemann and doug@
2014-09-29	whitespace spotted while studying the code	Theo de Raadt

2014-09-15	Make the HTTP version mandatory and abort if it is missing in the request.	Reyk Floeter

2014-09-10	Handle different possible variations of the Host header (eg.	Reyk Floeter
	www.example.com, www.example.com:80, [2001:db8::1], [2001:db8::1]:80). The port is optional and is typically used on non-default ports. If the server name is a plain IPv6 address, it is commonly specified in square brackets. Makes ajacoutot@ happy OK florian@
2014-09-05	Add various RFC-based WebDAV methods to the list of accepted HTTP methods.	Reyk Floeter
	This fixes (Fast)CGI-based WebDAV and CalDAV (calendar) servers with httpd. ok benno@ stsp@
2014-09-05	Remove a limitation that only allowed to specify a server name once.	Reyk Floeter
	The key has been changed to server name + address + port and now it is possible to use the same server name for multiple servers with different addresses, eg. http://www.example.com and https://www.example.com/. OK doug@ florian@
2014-08-29	Use two instead of one http descriptor for request and response.	Reyk Floeter
	OK chrisz@
2014-08-21	Add Last-Modified: HTTP header.	Christopher Zimmermann
	OK reyk@
2014-08-08	When opening directories, re-match the location after the index file	Reyk Floeter
	has been appended. This allows to use a fastcgi target as the default index, for example index.php. OK florian@
2014-08-08	Allow to serve emtpy (0 bytes) files.	Reyk Floeter
	Found by jasper@ OK florian@
2014-08-06	Limit the body size in client requests (eg. POST data) to 1M by default;	Reyk Floeter
	add a configuration option to change the limit. ok florian@
2014-08-06	http POST support	Florian Obser
	with & OK reyk@
2014-08-06	Add braces. Style-only change.	Reyk Floeter

2014-08-05	Add configuration options for the most-important connection limits:	Reyk Floeter
	max requests (per connection) and timeout. We don't want to add too many button, and there are good defaults, but these ones are kind of mandatory.
2014-08-05	Limit the number of (Keep-Alive) requests per connection to 100.	Reyk Floeter
	(Same default as in nginx and Apache).
2014-08-05	retire blink because this is serious software now; ok beck	Theo de Raadt

2014-08-04	httpd doesn't support SSL/TLS yet, remove the remaining bits.	Reyk Floeter
	The secrect plan is to add it later using the ressl wrapper library.
2014-08-04	whitespace	Theo de Raadt

2014-08-03	Also write log messages, like 404 Not Found, on error. This is a bit	Reyk Floeter
	tricky because we couldn't guarantee a sane state after server_response_http() so fail hard afterwards and close the connection. ok doug@
2014-08-03	Allocate http_host instead of carrying a buffer in the descriptor.	Reyk Floeter

2014-08-03	Dynamically pass HTTP request headers as protocol-specific HTTP_* CGI	Reyk Floeter
	meta-variables. ok florian@
2014-08-03	Add function to iterate all headers. No functional change.	Reyk Floeter

2014-08-03	Add another log mode "connection" for a relayd(8)-style log entry after	Reyk Floeter
	each connection, not every request. The code was already there and enabled on debug, I just turned it into an alternative log format.
2014-08-03	Prefer getnameinfo() with NI_NUMERICHOST over inet_ntop because it is also	Reyk Floeter
	aware of the IPv6 scope Id. We already have a function print_host() that uses getnameinfo, so no need for the inet_ntop cases. Confirmed by florian@
2014-08-02	Locations now inherit access log settings from the server.	doug
	Add log to the server flags. input/"Looks ok" reyk@
2014-08-01	Use the log buffer to defer the logging until the connection is closed	Reyk Floeter
	or the request completed. Turn the old log message into a debug message. ok doug@
2014-08-01	Add common and combined access logging to httpd.	doug
	ok reyk@
2014-07-31	Only write the HTTP header for the first fastcgi chunk.	Reyk Floeter

2014-07-31	some fastcgi improvements:	Reyk Floeter
	- DPRINTF instead of log_info for internal debugging. - submit QUERY_STRING, if it exists - use a proper function to create an HTTP header. - use server_file_error() to detect EOF and fastcgi stream errors. - disable keep-alive/persist for now until we have a reliable way to get the content length from the cgi response or support chunked encoding. "Cool, jep" florian@
2014-07-31	Add a configuration variable "fastcgi" to enable it per server or location.	Reyk Floeter

2014-07-31	Put in first stab at fastcgi. Very early work in progress. Putting it	Florian Obser
	in now so that we can quickly work on it in tree. Requested by reyk@. deraadt@ is OK with this according to reyk@.
2014-07-30	Make "location" work with name-based virtual servers.	Reyk Floeter

2014-07-30	Add "location" keyword to specify path-specific configuration in	Reyk Floeter
	servers, for example auto index for a sub-directory only. Internally, a "location" is just a special type of a "virtual" server.
2014-07-25	Reset the default Host for each request	Reyk Floeter

2014-07-25	It is recommended to use a URL in the Location header of 3xx	Reyk Floeter
	responses. To accomplish this, add some semantics to retrieve the server host name of a connection: either IP, IP:PORT (if not 80) or [IP6]:PORT, or Host value (if valid).
2014-07-25	Append mandatory Date header to each response.	Reyk Floeter

2014-07-25	New HTTP/1.1 RFC 7231 prefers IMF-fixdate from RFC 5322.	Reyk Floeter

2014-07-25	Canonicalize the request path once without the docroot and prepend the	Reyk Floeter
	docroot only only when it's needed. Suggested by deraadt@.
2014-07-25	Add support for "virtual hosts" aka. server blocks aka. multiple	Reyk Floeter
	servers with the same or "overlapping" IP address but a different name. ok beck@
2014-07-25	Split server and server_config.	Reyk Floeter

2014-07-25	Rename a field, needed later, no functional change.	Reyk Floeter

2014-07-24	Plug a memleak by correctly free'ing the HTTP descriptor that contains	Reyk Floeter
	all the headers etc. of a connection.
2014-07-23	First attempt at verifying the request path and the access	Reyk Floeter
	permissions. We also have to redirect with 301 if a directory name was requested without the trailing slash.
2014-07-17	Move comment about strcasecmp() to a more suitable spot.	Stefan Sperling
	ok reyk benno
2014-07-16	Implement file descriptor accounting. The concept was taken from	Reyk Floeter
	relayd but had to be adjusted for httpd. It now handles single-pass HTTP connections, persistent connections with multiple requests, and body-less HEAD requests. With input from benno@
2014-07-14	Track Connection: Keep-Alive	Reyk Floeter

2014-07-14	first step towards keep-alive/persistent connections support	Reyk Floeter

2014-07-13	Remove a debug message	Reyk Floeter

2014-07-13	Add support for media types (aka. MIME types): the types section is	Reyk Floeter
	compatible to nginx' mime.types file which can be included directly. If not present, use a few built-in defaults for html, css, txt, jpeg, gif, png, and js.