| Age | Commit message (Collapse) | Author |
|---|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
Add a QUERY_STRING_ENC macro that is URL encoded.
Patch from Tim Baumgartner
ok reyk
|
|
instead of the rewritten path and query string.
Patch from Tim Baumgard, reminded by Mischa Peters.
ok benno, reyk
|
|
|
|
by including the contents of the X-Forwarded-For and X-Forwarded-Port
headers. If httpd(8) runs behind a proxy like relayd(8), this allows
tracking the origin of the requests. The format is compatible with
log analyzers such as GoAccess and Webalizer.
Patch from Bruno Flueckiger
ok benno, reyk
|
|
When not logging anything, do not open files in the first place.
This prevents startup failures on configurations where the log/ directory
is missing but logging is disabled anyway.
OK aja solene reyk
|
|
lack of documentation and original diff provided by alfred morgan;
benno helped me track down the applicable options;
ok benno
|
|
thread
by alfred morgan, who wanted a tls example in the man page. florian noted
that they exist already in /etc/examples;
ok florian
|
|
This commit extends the existing grammar by adding the param option
to the fastcgi directive: fastcgi param name value.
Example usage:
fastcgi param VAR1 hello
fastcgi param VAR2 world
With help and OK florian@
Rogue manpage bits, feel free to modify them.
|
|
larger types really is a range reduction...
Almost any cast to (unsigned) is a bug.
ok millert tb benno
|
|
in the same way as the http authenticated username is loged.
From Karel Gardas, gardask at gmail dot com, Thanks!
ok florian@
|
|
addition to UNIX domain sockets.
Prompted by a mail from Daniel Gracia ( paladdin AT gmail ) pointing out
that we are not documenting TCP support at all, thanks!
Prodding by and with jmc@
|
|
available.
Assuming a httpd.conf based on /etc/examples/httpd.conf, httpd(8)
will only listen on port 80 and serve the acme-challenge directory
for acme-client(1).
The workflow to get a certificate then becomes
acme-client -vAD example.com && rcctl reload httpd
Without the need to edit the httpd.conf yet again. Once the cert
is in place and httpd is reloaded it starts to serve on port 443.
Idea, tweaks & OK deraadt, OK benno
|
|
Very patiently pointed out repeatedly by Tracey Emery ( tracey AT
traceyemery.net ), thanks!
OK benno
|
|
from Hiltjo Posthuma (hiltjo(at)codemadness.org)
|
|
(and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
|
ok florian@
|
|
date: 2018/10/01 19:24:09; author: benno; state: Exp; lines: +7 -1;
commitid: 0O8fyHPNvPd8rvYU;
Only send 408 Timeout responses when we have seen at least part of a
request. Without a request, just close the connection when we hit
request timeout.
Prompted by a bug report from Nikola Kolev, thanks.
ok reyk@ and some suggestions from claudio@ and bluhm@
Mark Patruck (mark AT wrapped DOT cx) found a problem with it, thanks
for the report.
ok reyk@ bluhm@ sthen@ deraadt@
|
|
request. Without a request, just close the connection when we hit
request timeout.
Prompted by a bug report from Nikola Kolev, thanks.
ok reyk@ and some suggestions from claudio@ and bluhm@
|
|
proc_init(). As a consequence httpd(8) and relayd(8) child processes
did not detach from the terminal anymore. Dup /dev/null to the
stdio file descriptors in the children.
OK benno@
|
|
RFC 7230 states that a server MUST NOT do so.
At least relayd chokes on this.
Pointed out & diff by Carlin Bingham (cb AT walcyrge.org), thanks!
OK benno
|
|
"looks good" gilles@ halex@
|
|
for example now it can hold the recommended cipher list from the mozilla
ssl config generator rather than failing with a "ciphers too long" error.
ok benno@ sthen@ tb@
|
|
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.
ok henning@
|
|
calloc or strdup), we just need to log that we ran out of memory in a
particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
|
For example:
location match "/page/(%d+)/.*" {
request rewrite "/static/index.php?id=%1&$QUERY_STRING"
}
Requested by many.
Ok benno@
|
|
use a more general text for the sections, and avoid the catchup issue
that was trying to document how many there were;
ok benno rob
|
|
Found by Mischa Peters, thanks
|
|
Reported by Hidvegi Gabor gaborca websivision hu
Fix found by anton@
OK anton@
|
|
|
|
"root strip" was semantically incorrect and did cause some confusion
as it never stripped the root but the client's request path.
Discussed with many. Heads up: this is a grammar change that also
affects acme-client(1) configurations (see current.html).
OK claudio@
|
|
This fixes a bug in the macros and log file handler that
double-encoded the query. This does not change FCGI as it was already
handling the query correctly.
Additional verification of the QUERY_STRING should be implemented as well.
OK claudio@
|
|
Spotted by benno@
|
|
Thanks to otto@ for the initial diff.
OK benno@
|
|
Otherwise the default port for http or https may used depending on
uninitialized memory. Fixes regress on i386.
OK reyk@
|
|
Pointed out by jmc@
|
|
From Jack Burton <jack at saosce dot com dot au> - thanks!
Also tested by Jan Klemkow <j.klemkow at wemelug dot de>.
ok beck@ reyk@
|
|
No functional change, but it makes it easier to deal with the grammar.
|
|
|
|
|
|
OK florian@ jmc@
|
|
ok benno@
|
|
"listen on * port 80".
While here accept up to 16 addresses from DNS or interface groups.
requested by & "lovely" deraadt@
OK kn@
|
|
connection and eventually stop answering queries because of file
descriptor starvation.
Problem reported by, minimal testcase provided and testing by trondd
_AT_ kagu-tsuchi.com, thanks!
Testing Nick Holland and millert
OK deraadt
|
|
the terminating NUL.
Do not use it for a "small string" or a "probably short path". Replace
it with new defines or PATH_MAX.
It also makes the life easier for people auditing the tree for real
usage of NAME_MAX.
OK deraadt, benno
|
|
that the path to "file" is not relative to the chroot;
|
|
|
|
ok sthen@ phessler@
|
|
This allows something external (like ocspcheck) to disable the stapling
deliberatly if it can not retreive a valid staple by truncating the
staple file to indicate "do not provide a staple", while the file not
existin will still be treated as a configuration error
ok claudio@ florian@, and prompted by @jsing
|
|
|
