summaryrefslogtreecommitdiff
path: root/usr.sbin/httpd/server_http.c
AgeCommit message (Expand)Author
2015-10-13Plug a leak.Sunil Nimmagadda
2015-10-13Pass unsigned chars to ctype functions.Reyk Floeter
2015-09-07Fix a regression that was introduced with server.c r1.64: Do NOT freeReyk Floeter
2015-08-21The WebDAV MOVE method was not included in the switch statementReyk Floeter
2015-08-20Change httpd(8) to use C99-style fixed-width integers (uintN_t insteadReyk Floeter
2015-07-31repair hsts header output, wrong format strings caused brokenSebastian Benoit
2015-07-29backout the previous: it broke wordpress somehow.Reyk Floeter
2015-07-29Read fcgi response records until we have the whole http header and canFlorian Obser
2015-07-23The realm in authenticate directive of config file isn't escaped for '"' char.Sebastien Marie
2015-07-19For the completeness of HSTS, add the non-standard preload option.Reyk Floeter
2015-07-18Allow to change the default media type globally or per-location,Reyk Floeter
2015-07-18Implement HTTP Strict Transport Security (HSTS).Florian Obser
2015-07-16spacingReyk Floeter
2015-07-15Escape the message in server_log() as well.Reyk Floeter
2015-07-15For some values like the User-Agent, use vis(3) instead of url_encode().Reyk Floeter
2015-07-15Simplify the error path of the previous commit: by using ret = -1 byReyk Floeter
2015-07-15httpd don't sanitize variables before putting them in logs. It is possible forsemarie
2015-06-23escape the matched substrings before using it in expansion.semarie
2015-06-23Add initial support for pattern matching using Lua's pattern matching code.Reyk Floeter
2015-06-22After the last change, we also have to url_encode $SERVER_NAME andReyk Floeter
2015-06-21When encoding the Location url, only encode the query and pathReyk Floeter
2015-05-20Use off_t instead of size_t to pass file size and print it using %lld whenMark Kettenis
2015-05-03Implement byte ranges.Florian Obser
2015-04-18Regis Leroy reported that httpd does not strictly accept CRLF forJonathan Gray
2015-04-09Revert previous as this breaks stuff.Florian Obser
2015-04-08Do not silently accept multiple Content-Length headers.Florian Obser
2015-02-23Allow to specify CGI variables as macros in redirection strings, eg.Reyk Floeter
2015-02-08spacingReyk Floeter
2015-02-07spacingReyk Floeter
2015-02-07Add support for blocking, dropping, and redirecting requests.Reyk Floeter
2015-02-06Fix log options in locations.Reyk Floeter
2015-02-05Fix potential NULL pointer dereference.Reyk Floeter
2015-01-21httpd is based on relayd and had included many headers that are onlyReyk Floeter
2015-01-19Log the remote user in the access.log.Florian Obser
2015-01-19s/clt_fcgi_remote_user/clt_remote_user/Florian Obser
2015-01-19Decouple auth parameters from struct server_config into struct auth.Reyk Floeter
2015-01-18First stab at implementing basic auth.Florian Obser
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2015-01-13bump copyright yearReyk Floeter
2015-01-06I missed one goto abort instead of free(line).Reyk Floeter
2015-01-06Instead of calling free(line) in each error case, call it once in fail:.Reyk Floeter
2015-01-06Return "400 Bad Request" instead of "500 Internal Server Error" forReyk Floeter
2015-01-04add new url stripping option:Christopher Zimmermann
2015-01-01Use the HTML5 doctype for error and auto index pages because it isReyk Floeter
2014-12-21Stop pulling in <arpa/inet.h> or <arpa/nameser.h> when unnecessary.Philip Guenther
2014-12-08Do not send an error body in a HEAD request answer.Florian Obser
2014-12-04stop viral header propagation. none of this code uses sys/hash.hTed Unangst
2014-10-25Remove unnecessary netinet/in_systm.h include.Lawrence Teo
2014-10-22URL-decode the request path.Reyk Floeter
2014-10-21Rework the error message a little bit: Do not send details of theReyk Floeter