summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_http.h (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2023-08-09HTTP: controlling response headers support.Zhidao HONG1-0/+6
2023-08-09HTTP: stored matched action in nxt_http_request_t.Zhidao HONG1-2/+2
No functional changes.
2023-04-20HTTP: added basic URI rewrite.Zhidao HONG1-0/+7
This commit introduced the basic URI rewrite. It allows users to change request URI. Note the "rewrite" option ignores the contained query if any and the query from the request is preserverd. An example: "routes": [ { "match": { "uri": "/v1/test" }, "action": { "return": 200 } }, { "action": { "rewrite": "/v1$uri", "pass": "routes" } } ] Reviewed-by: Alejandro Colomar <alx@nginx.com>
2023-04-12HTTP: optimizing $request_line.Alejandro Colomar1-0/+1
Don't reconstruct a new string for the $request_line from the parsed method, target, and HTTP version, but rather keep a pointer to the original memory where the request line was received. This will be necessary for implementing URI rewrites, since we want to log the original request line, and not one constructed from the rewritten target. This implementation changes behavior (only for invalid requests) in the following way: Previous behavior was to log as many tokens from the request line as were parsed validly, thus: Request -> access log ; error log "GET / HTTP/1.1" -> "GET / HTTP/1.1" OK ; = "GET / HTTP/1.1" -> "GET / HTTP/1.1" [1] ; = "GET / HTTP/2.1" -> "GET / HTTP/2.1" OK ; = "GET / HTTP/1." -> "GET / HTTP/1." [2] ; "GET / HTTP/1. [null]" "GET / food" -> "GET / food" [2] ; "GET / food [null]" "GET / / HTTP/1.1" -> "GET / / HTTP/1.1" [2] ; = "GET / / HTTP/1.1" -> "GET / / HTTP/1.1" [2] ; = "GET food HTTP/1.1" -> "GET" ; "GET [null] [null]" "OPTIONS * HTTP/1.1" -> "OPTIONS" [3] ; "OPTIONS [null] [null]" "FOOBAR baz HTTP/1.1"-> "FOOBAR" ; "FOOBAR [null] [null]" "FOOBAR / HTTP/1.1" -> "FOOBAR / HTTP/1.1" ; = "get / HTTP/1.1" -> "-" ; " [null] [null]" "" -> "-" ; " [null] [null]" This behavior was rather inconsistent. We have several options to go forward with this patch: - NGINX behavior. Log the entire request line, up to '\r' | '\n', even if it was invalid. This is the most informative alternative. However, RFC-complying requests will probably not send invalid requests. This information would be interesting to users where debugging requests constructed manually via netcat(1) or a similar tool, or maybe for debugging a client, are important. It might be interesting to support this in the future if our users are interested; for now, since this approach requires looping over invalid requests twice, that's an overhead that we better avoid. - Previous Unit behavior This is relatively fast (almost as fast as the next alternative, the one we chose), but the implementation is ugly, in that we need to perform the same operation in many places around the code. If we want performance, probably the next alternative is better; if we want to be informative, then the first one is better (maybe in combination with the third one too). - Chosen behavior Only logging request lines when the request is valid. For any invalid request, or even unsupported ones, the request line will be logged as "-". Thus: Request -> access log [4] "GET / HTTP/1.1" -> "GET / HTTP/1.1" OK "GET / HTTP/1.1" -> "GET / HTTP/1.1" [1] "GET / HTTP/2.1" -> "-" [3] "GET / HTTP/1." -> "-" "GET / food" -> "-" "GET / / HTTP/1.1" -> "GET / / HTTP/1.1" [2] "GET / / HTTP/1.1" -> "GET / / HTTP/1.1" [2] "GET food HTTP/1.1" -> "-" "OPTIONS * HTTP/1.1" -> "-" "FOOBAR baz HTTP/1.1"-> "-" "FOOBAR / HTTP/1.1" -> "FOOBAR / HTTP/1.1" "get / HTTP/1.1" -> "-" "" -> "-" This is less informative than previous behavior, but considering how inconsistent it was, and that RFC-complying agents will probably not send us such requests, we're ready to lose that information in the log. This is of course the fastest and simplest implementation we can get. We've chosen to implement this alternative in this patch. Since we modified the behavior, this patch also changes the affected tests. [1]: Multiple successive spaces as a token delimiter is allowed by the RFC, but it is discouraged, and considered a security risk. It is currently supported by Unit, but we will probably drop support for it in the future. [2]: Unit currently supports spaces in the request-target. This is a violation of the relevant RFC (linked below), and will be fixed in the future, and consider those targets as invalid, returning a 400 (Bad Request), and thus the log lines with the previous inconsistent behavior would be changed. [3]: Not yet supported. [4]: In the error log, regarding the "log_routes" conditional logging of the request line, we only need to log the request line if it was valid. It doesn't make sense to log "" or "-" in case that the request was invalid, since this is only useful for understanding decisions of the router. In this case, the access log is more appropriate, which shows that the request was invalid, and a 400 was returned. When the request line is valid, it is printed in the error log exactly as in the access log. Link: <https://datatracker.ietf.org/doc/html/rfc9112#section-3> Suggested-by: Liam Crilly <liam@nginx.com> Reviewed-by: Zhidao Hong <z.hong@f5.com> Cc: Timo Stark <t.stark@nginx.com> Cc: Andrei Zeliankou <zelenkov@nginx.com> Cc: Andrew Clayton <a.clayton@nginx.com> Cc: Artem Konev <a.konev@f5.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
2023-03-21HTTP: added route logging.Alejandro Colomar1-0/+2
- Configuration: added "/config/settings/http/log_route". Type: bool Default: false This adds configurability to the error log. It allows enabling and disabling logs related to how the router performs selection of the routes. - HTTP: logging request line. Log level: [notice] The request line is essential to understand which logs correspond to which request when reading the logs. - HTTP: logging route that's been discarded. Log level: [info] - HTTP: logging route whose action is selected. Log level: [notice] - HTTP: logging when "fallback" action is taken. Log level: [notice] Closes: <https://github.com/nginx/unit/issues/758> Link: <https://github.com/nginx/unit/pull/824> Link: <https://github.com/nginx/unit/pull/839> Suggested-by: Timo Stark <t.stark@nginx.com> Suggested-by: Mark L Wood-Patrick <mwoodpatrick@gmail.com> Suggested-by: Liam Crilly <liam@nginx.com> Tested-by: Liam Crilly <liam@nginx.com> Acked-by: Artem Konev <a.konev@f5.com> Cc: Andrew Clayton <a.clayton@nginx.com> Cc: Andrei Zeliankou <zelenkov@nginx.com> Reviewed-by: Zhidao Hong <z.hong@f5.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
2022-11-20Basic njs support.Zhidao HONG1-1/+1
2022-11-20Var: separating nxt_tstr_t from nxt_var_t.Zhidao HONG1-2/+3
It's for the introduction of njs support. For each option that supports native variable and JS template literals introduced next, it's unified as template string. No functional changes.
2022-10-12HTTP: added a $request_time variable.Zhidao HONG1-0/+2
2022-07-14Var: dynamic variables support.Zhidao HONG1-2/+5
This commit adds the variables $arg_NAME, $header_NAME, and $cookie_NAME.
2022-06-22Constified numerous function parameters.Andrew Clayton1-2/+3
As was pointed out by the cppcheck[0] static code analysis utility we can mark numerous function parameters as 'const'. This acts as a hint to the compiler about our intentions and the compiler will tell us when we deviate from them. [0]: https://cppcheck.sourceforge.io/
2022-06-20Router: forwared header replacement.Zhidao HONG1-1/+2
2022-06-20Router: introduced nxt_http_forward_t.Zhidao HONG1-2/+7
This makes the replacement of forwarded request header like client_ip and protocol more generic. It's a prerequirement for protocol replacement. No functional changes.
2022-05-19HTTP: generalized uri encoding.Zhidao HONG1-0/+10
No functional changes.
2022-05-30Static: supporting new "index" option.Alejandro Colomar1-0/+1
This supports a new option "index" that configures a custom index file name to be served when a directory is requested. This initial support only allows a single fixed string. An example: { "share": "/www/data/static/$uri", "index": "lookatthis.htm" } When <example.com/foo/bar/> is requested, </www/data/static/foo/bar/lookatthis.html> is served. Default is "index.html". === nxt_conf_validator.c: Accept "index" as a member of "share", and make sure it's a string. === I tried this feature in my own computer, where I tried the following: - Setting "index" to "lookatthis.htm", and check that the correct file is being served (check both a different name and a different extension). - Not setting "index", and check that <index.html> is being served. - Settind "index" to an array of strings, and check that the configuration fails: { "error": "Invalid configuration.", "detail": "The \"index\" value must be a string, but not an array." }
2022-05-18HTTP: generalized argument and cookie parsing.Zhidao HONG1-0/+12
No functional changes.
2022-05-16Supporting empty Location URIs.Alejandro Colomar1-1/+1
An empty string in Location was being handled specially by not sending a Location header. This may occur after variable resolution, so we need to consider this scenario. The obsolete RFC 2616 defined the Location header as consisting of an absolute URI <https://www.rfc-editor.org/rfc/rfc2616#section-14.30>, which cannot be an empty string. However, the current RFC 7231 allows the Location to be a relative URI <https://www.rfc-editor.org/rfc/rfc7231#section-7.1.2>, and a relative URI may be an empty string <https://stackoverflow.com/a/43338457>. Due to these considerations, this patch allows sending an empty Location header without handling this case specially. This behavior will probably be more straightforward to users, too. It also simplifies the code, which is now more readable, fast, and conformant to the current RFC. We're skipping an allocation at request time in a common case such as "action": {"return": 404}
2022-04-26Fixed indentation.Alejandro Colomar1-7/+7
Some lines (incorrectly) had an indentation of 3 or 5, or 7 or 9, or 11 or 13, or 15 or 17 spaces instead of 4, 8, 12, or 16. Fix them. Found with: $ find src -type f | xargs grep -n '^ [^ ]'; $ find src -type f | xargs grep -n '^ [^ *]'; $ find src -type f | xargs grep -n '^ [^ ]'; $ find src -type f | xargs grep -n '^ [^ *]'; $ find src -type f | xargs grep -n '^ [^ +]'; $ find src -type f | xargs grep -n '^ [^ *+]'; $ find src -type f | xargs grep -n '^ [^ +]'; $ find src -type f | xargs grep -n '^ [^ *+]';
2021-11-05Router: matching query string support.Zhidao HONG1-0/+1
The "query" option matches decoded arguments, including plus ('+') to space (' '). Like "uri", it can be a string or an array of strings.
2021-09-07Router: refactored variable pass.Zhidao HONG1-2/+2
Since the "pass" option supports both strings and variables, a generic nxt_var_t structure can be used in the configuration phase, and the "name" field in actions is redundant. No functional changes.
2021-08-12Router: client IP address replacement.Oisin Canty1-2/+15
This commit introduces the replacement of the client address based on the value of a specified HTTP header. This is intended for use when Unit is placed behind a reverse proxy like nginx or a CDN. You must specify the source addresses of the trusted proxies. This can be accomplished with any valid IP pattern supported by Unit's match block: ["10.0.0.1", "10.4.0.0/16", "!192.168.1.1"] The feature is configured per listener. The client address replacement functionality only operates when there is a source IP match and the specified header is present. Typically this would be an 'X-Forwarded-For' header. { "listeners": { "127.0.0.1:8080": { "client_ip": { "header": "X-Forwarded-For", "source": [ "10.0.0.0/8" ] }, "pass": "applications/my_app" }, } } If a request occurs and Unit receives a header like below: "X-Forwarded-For: 84.123.23.23" By default, Unit trusts the last rightmost IP in the header, so REMOTE_ADDR will be set to 84.123.23.23 if the connection originated from 10.0.0.0/8. If Unit runs behind consecutive reverse proxies and receives a header similar to the following: "X-Forwarded-For: 84.123.23.23, 10.0.0.254" You will need to enable "recursive" checking, which walks the header from last address to first and chooses the first non-trusted address it finds. { "listeners": { "127.0.0.1:8080": { "client_ip": { "header": "X-Forwarded-For", "source": [ "10.0.0.0/8" ] "recursive": true, }, "pass": "applications/my_app" }, } } If a connection from 10.0.0.0/8 occurs, the chain is walked. Here, 10.0.0.254 is also a trusted address so the client address will be replaced with 84.123.23.23. If all IP addresses in the header are trusted, the client address is set to the first address in the header: If 10.0.0.0/8 is trusted and "X-Forwarded-For: 10.0.0.3, 10.0.0.2, 10.0.0.1", the client address will be replaced with 10.0.0.3.
2021-07-24Router: split nxt_http_app_conf_t from nxt_http_action_t.Zhidao HONG1-5/+0
No functional changes.
2021-07-26Router: renamed nxt_http_proxy_create() as nxt_http_proxy_init().Zhidao HONG1-2/+2
No functional changes.
2021-07-23Router: split nxt_http_static_conf_t from nxt_http_action_t.Zhidao HONG1-15/+12
No functional changes.
2021-05-24Router: split nxt_http_return_conf_t from nxt_http_action_t.Zhidao HONG1-3/+17
No functional changes.
2021-05-06Static: implemented MIME filteringOisin Canty1-1/+5
2021-04-29Static: support for openat2() features.Zhidao HONG1-0/+2
Support for chrooting, rejecting symlinks, and rejecting crossing mounting points on a per-request basis during static file serving.
2021-04-22Router: grouped app and share fields in nxt_http_action_t.Zhidao HONG1-3/+9
This is a prerequisite for further introduction of openat2() features. No functional changes.
2020-12-08PHP: populating PHP_AUTH_* server variables.Valentin Bartenev1-0/+1
This closes #498 issue on GitHub.
2020-11-17Router: matching regular expressions support.Axel Duch1-0/+6
2020-08-13Basic variables support.Valentin Bartenev1-4/+8
2020-08-12Responding with error in case of first process start failure.Max Romanov1-0/+4
After shared application port introducing, request queue in router was removed and requests may stuck forever waiting for another process start.
2020-06-23Upstream chunked transfer encoding support.Igor Sysoev1-1/+0
2020-05-14PHP: implemented "targets" option.Valentin Bartenev1-0/+2
This allows to specify multiple subsequent targets inside PHP applications. For example: { "listeners": { "*:80": { "pass": "routes" } }, "routes": [ { "match": { "uri": "/info" }, "action": { "pass": "applications/my_app/phpinfo" } }, { "match": { "uri": "/hello" }, "action": { "pass": "applications/my_app/hello" } }, { "action": { "pass": "applications/my_app/rest" } } ], "applications": { "my_app": { "type": "php", "targets": { "phpinfo": { "script": "phpinfo.php", "root": "/www/data/admin", }, "hello": { "script": "hello.php", "root": "/www/data/test", }, "rest": { "root": "/www/data/example.com", "index": "index.php" }, } } } }
2020-05-14Configuration: URI encoding in the "pass" option.Valentin Bartenev1-1/+4
This is useful to escape "/" in path fragments. For example, in order to reference the application named "foo/bar": { "pass": "applications/foo%2Fbar" }
2020-04-16Using malloc/free for the http fields hash.Max Romanov1-3/+3
This is required due to lack of a graceful shutdown: there is a small gap between the runtime's memory pool release and router process's exit. Thus, a worker thread may start processing a request between these two operations, which may result in an http fields hash access and subsequent crash. To simplify issue reproduction, it makes sense to add a 2 sec sleep before exit() in nxt_runtime_exit().
2020-03-21Implemented "location" option for "return" action.Valentin Bartenev1-0/+2
This allows to specify redirects: { "action": { "return": 301, "location": "https://www.example.com/" } }
2020-03-27Implemented "return" action.Valentin Bartenev1-0/+7
The "return" action can be used to immediately generate a simple HTTP response with an arbitrary status: { "action": { "return": 404 } } This is especially useful for denying access to specific resources.
2020-03-19Completing request header buffers to avoid memory leak.Max Romanov1-1/+2
Before this fix, only persistent connection request buffers were completed. This issue was introduced in dc403927ab0b.
2020-03-06Round robin upstream added.Igor Sysoev1-3/+15
2020-03-03Added a "fallback" option to be used with the "share" action.Valentin Bartenev1-0/+1
It allows proceeding to another action if a file isn't available. An example: { "share": "/data/www/", "fallback": { "pass": "applications/php" } } In the example above, an attempt is made first to serve a request with a file from the "/data/www/" directory. If there's no such file, the request is passed to the "php" application. Fallback actions may be nested: { "share": "/data/www/", "fallback": { "share": "/data/cache/", "fallback": { "proxy": "http://127.0.0.1:9000" } } }
2019-11-14Processing inconsistent proxied response length.Igor Sysoev1-0/+2
Keepalive connection is disabled if upstream response length differs from specified in the "Content-Length" field value.
2019-11-14Initial proxy support.Igor Sysoev1-2/+39
2019-11-14Using request task.Igor Sysoev1-0/+1
2019-11-14Replacing pass with action.Igor Sysoev1-10/+10
2019-09-19Basic support for serving static files.Valentin Bartenev1-0/+29
2019-08-26Adding body handler to nxt_http_request_header_send().Igor Sysoev1-2/+4
2019-08-20Introducing websocket support in router and libunit.Max Romanov1-0/+28
2019-08-06nxt_h1proto_t definition was moved to h1proto implementation.Igor Sysoev1-19/+1
2019-08-06Refactored HTTP protocol callback table.Igor Sysoev1-22/+19
2019-07-24Added routing based on request scheme.Axel Duch1-2/+0
Scheme matches exact string “http” or “https”.