This is mod_proxy.c in view mode; [Download] [Up]
/* ====================================================================
* Copyright (c) 1996,1997 The Apache Group. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* 4. The names "Apache Server" and "Apache Group" must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 5. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Group and was originally based
* on public domain software written at the National Center for
* Supercomputing Applications, University of Illinois, Urbana-Champaign.
* For more information on the Apache Group and the Apache HTTP server
* project, please see <http://www.apache.org/>.
*
*/
#include "mod_proxy.h"
#include "http_log.h"
/* Some WWW schemes and their default ports; this is basically /etc/services */
/* This will become global when the protocol abstraction comes */
static struct proxy_services defports[]={
{ "ftp", DEFAULT_FTP_PORT},
{ "gopher", DEFAULT_GOPHER_PORT},
{ "http", DEFAULT_PORT},
{ "nntp", DEFAULT_NNTP_PORT},
{ "wais", DEFAULT_WAIS_PORT},
{ "https", DEFAULT_HTTPS_PORT},
{ "snews", DEFAULT_SNEWS_PORT},
{ "prospero", DEFAULT_PROSPERO_PORT},
{ NULL, -1} /* unknown port */
};
/*
* A Web proxy module. Stages:
*
* translate_name: set filename to proxy:<URL>
* type_checker: set type to PROXY_MAGIC_TYPE if filename begins proxy:
* fix_ups: convert the URL stored in the filename to the
* canonical form.
* handler: handle proxy requests
*/
/* -------------------------------------------------------------- */
/* Translate the URL into a 'filename' */
static int
alias_match(char *uri, char *alias_fakename)
{
char *end_fakename = alias_fakename + strlen (alias_fakename);
char *aliasp = alias_fakename, *urip = uri;
while (aliasp < end_fakename)
{
if (*aliasp == '/')
{
/* any number of '/' in the alias matches any number in
* the supplied URI, but there must be at least one...
*/
if (*urip != '/') return 0;
while (*aliasp == '/') ++ aliasp;
while (*urip == '/') ++ urip;
}
else {
/* Other characters are compared literally */
if (*urip++ != *aliasp++) return 0;
}
}
/* Check last alias path component matched all the way */
if (aliasp[-1] != '/' && *urip != '\0' && *urip != '/')
return 0;
/* Return number of characters from URI which matched (may be
* greater than length of alias, since we may have matched
* doubled slashes)
*/
return urip - uri;
}
static int
proxy_trans(request_rec *r)
{
void *sconf = r->server->module_config;
proxy_server_conf *conf =
(proxy_server_conf *)get_module_config(sconf, &proxy_module);
if (r->proxyreq)
{
if (!conf->req) return DECLINED;
r->filename = pstrcat(r->pool, "proxy:", r->uri, NULL);
r->handler = "proxy-server";
return OK;
} else
{
int i, len;
struct proxy_alias *ent=(struct proxy_alias *)conf->aliases->elts;
for (i=0; i < conf->aliases->nelts; i++)
{
len = alias_match(r->uri, ent[i].fake);
if (len > 0)
{
r->filename = pstrcat(r->pool, "proxy:", ent[i].real,
r->uri + len, NULL);
r->handler = "proxy-server";
return OK;
}
}
return DECLINED;
}
}
/* -------------------------------------------------------------- */
/* Fixup the filename */
/*
* Canonicalise the URL
*/
static int
proxy_fixup(request_rec *r)
{
char *url, *p;
int i;
if (strncmp(r->filename, "proxy:", 6) != 0) return DECLINED;
url = &r->filename[6];
/* lowercase the scheme */
p = strchr(url, ':');
if (p == NULL || p == url) return BAD_REQUEST;
for (i=0; i != p - url; i++) url[i] = tolower(url[i]);
/* canonicalise each specific scheme */
if (strncmp(url, "http:", 5) == 0)
return proxy_http_canon(r, url+5, "http", DEFAULT_PORT);
else if (strncmp(url, "ftp:", 4) == 0)
return proxy_ftp_canon(r, url+4);
else return OK; /* otherwise; we've done the best we can */
}
void
proxy_init(server_rec *r, pool *p)
{
proxy_garbage_init(r, p);
}
/* Send a redirection if the request contains a hostname which is not */
/* fully qualified, i.e. doesn't have a domain name appended. Some proxy */
/* servers like Netscape's allow this and access hosts from the local */
/* domain in this case. I think it is better to redirect to a FQDN, since */
/* these will later be found in the bookmarks files. */
/* The "ProxyDomain" directive determines what domain will be appended */
int
proxy_needsdomain(request_rec *r, const char *url, const char *domain)
{
char *scheme = pstrdup (r->pool, url);
char *url_copy, *user = NULL, *password = NULL, *path, *err, *host;
int port = -1;
/* We only want to worry about GETs */
if (r->method_number != M_GET) return DECLINED;
/* Set url to the first char after "scheme://" */
if ((url_copy = strchr(scheme,':')) == NULL
|| url_copy[1] != '/' || url_copy[2] != '/')
return DECLINED;
*url_copy++ = '\0'; /* delimit scheme, make url_copy point to "//", which is what proxy_canon_netloc expects */
/* Save the path - it will be re-appended for the redirection later */
path = strchr(&url_copy[2], '/');
if (path != NULL)
++path; /* leading '/' will be overwritten by proxy_canon_netloc */
else
path = "";
/* Split request into user, password, host, port */
err = proxy_canon_netloc(r->pool, &url_copy, &user, &password, &host, &port);
if (err != NULL)
{
log_error(err, r->server);
return DECLINED;
}
/* If host does contain a dot already, or it is "localhost", decline */
if (strchr (host, '.') != NULL || strcasecmp(host, "localhost") == 0)
return DECLINED; /* host name has a dot already */
else
{
char *nuri;
char *ref = table_get(r->headers_in, "Referer");
char strport[10];
/* now, rebuild URL */
if (port == -1)
strcpy (strport, "");
else
ap_snprintf(strport, sizeof(strport), ":%d", port);
/* Reassemble the request, but insert the domain after the host name */
nuri = pstrcat(r->pool, scheme, "://", (user != NULL) ? user : "",
(password != NULL) ? ":" : "",
(password != NULL) ? password : "",
(user != NULL) ? "@" : "",
host, domain, strport, "/", path,
NULL);
table_set(r->headers_out, "Location", nuri);
log_error(pstrcat(r->pool, "Domain missing: ", r->uri, " sent to ", nuri,
ref ? " from " : NULL, ref, NULL), r->server);
return REDIRECT;
}
}
/* -------------------------------------------------------------- */
/* Invoke handler */
static int
proxy_handler(request_rec *r)
{
char *url, *scheme, *p;
void *sconf = r->server->module_config;
proxy_server_conf *conf =
(proxy_server_conf *)get_module_config(sconf, &proxy_module);
array_header *proxies=conf->proxies;
struct proxy_remote *ents=(struct proxy_remote *)proxies->elts;
int i, rc;
struct cache_req *cr;
int direct_connect = 0;
if (strncmp(r->filename, "proxy:", 6) != 0) return DECLINED;
if ((rc = setup_client_block(r, REQUEST_CHUNKED_ERROR)))
return rc;
url = r->filename + 6;
p = strchr(url, ':');
if (p == NULL) return BAD_REQUEST;
rc = proxy_cache_check(r, url, &conf->cache, &cr);
if (rc != DECLINED) return rc;
/* If the host doesn't have a domain name, add one and redirect. */
if (conf->domain != NULL
&& proxy_needsdomain(r, url, conf->domain) == REDIRECT)
return REDIRECT;
*p = '\0';
scheme = pstrdup(r->pool, url);
*p = ':';
/* Check URI's destination host against NoProxy hosts */
/* Bypass ProxyRemote server lookup if configured as NoProxy */
/* we only know how to handle communication to a proxy via http */
/*if (strcmp(scheme, "http") == 0)*/
{
int ii;
struct dirconn_entry *list=(struct dirconn_entry*)conf->dirconn->elts;
/* if (*++p == '/' && *++p == '/') */
for (direct_connect=ii=0; ii < conf->dirconn->nelts && !direct_connect; ii++)
{
direct_connect = list[ii].matcher (&list[ii], r);
/*log_error("URI and NoProxy:", r->server);*/
/*log_error(r->uri, r->server);*/
/*log_error(list[ii].name, r->server);*/
}
#if DEBUGGING
{
char msg[256];
sprintf (msg, (direct_connect)?"NoProxy for %s":"UseProxy for %s", r->uri);
log_error(msg, r->server);
}
#endif
}
/* firstly, try a proxy, unless a NoProxy directive is active */
if (!direct_connect)
for (i=0; i < proxies->nelts; i++)
{
p = strchr(ents[i].scheme, ':'); /* is it a partial URL? */
if (strcmp(ents[i].scheme, "*") == 0 ||
(p == NULL && strcmp(scheme, ents[i].scheme) == 0) ||
(p != NULL &&
strncmp(url, ents[i].scheme, strlen(ents[i].scheme)) == 0))
{
/* we only know how to handle communication to a proxy via http */
if (strcmp(ents[i].protocol, "http") == 0)
rc = proxy_http_handler(r, cr, url, ents[i].hostname,
ents[i].port);
else rc = DECLINED;
/* an error or success */
if (rc != DECLINED && rc != BAD_GATEWAY) return rc;
/* we failed to talk to the upstream proxy */
}
}
/* otherwise, try it direct */
/* N.B. what if we're behind a firewall, where we must use a proxy or
* give up??
*/
/* handle the scheme */
if (r->method_number == M_CONNECT)
return proxy_connect_handler(r, cr, url);
if (strcmp(scheme, "http") == 0)
return proxy_http_handler(r, cr, url, NULL, 0);
if (strcmp(scheme, "ftp") == 0)
return proxy_ftp_handler(r, cr, url);
else return NOT_IMPLEMENTED;
}
/* -------------------------------------------------------------- */
/* Setup configurable data */
static void *
create_proxy_config(pool *p, server_rec *s)
{
proxy_server_conf *ps = pcalloc(p, sizeof(proxy_server_conf));
ps->proxies = make_array(p, 10, sizeof(struct proxy_remote));
ps->aliases = make_array(p, 10, sizeof(struct proxy_alias));
ps->noproxies = make_array(p, 10, sizeof(struct noproxy_entry));
ps->dirconn = make_array(p, 10, sizeof(struct dirconn_entry));
ps->nocaches = make_array(p, 10, sizeof(struct nocache_entry));
ps->domain = NULL;
ps->req = 0;
ps->cache.root = NULL;
ps->cache.space = DEFAULT_CACHE_SPACE;
ps->cache.maxexpire = DEFAULT_CACHE_MAXEXPIRE;
ps->cache.defaultexpire = DEFAULT_CACHE_EXPIRE;
ps->cache.lmfactor = DEFAULT_CACHE_LMFACTOR;
ps->cache.gcinterval = -1;
/* at these levels, the cache can have 2^18 directories (256,000) */
ps->cache.dirlevels=3;
ps->cache.dirlength=1;
return ps;
}
static const char *
add_proxy(cmd_parms *cmd, void *dummy, char *f, char *r)
{
server_rec *s = cmd->server;
proxy_server_conf *conf =
(proxy_server_conf *)get_module_config(s->module_config,&proxy_module);
struct proxy_remote *new;
char *p, *q;
int port;
p = strchr(r, ':');
if (p == NULL || p[1] != '/' || p[2] != '/' || p[3] == '\0')
return "Bad syntax for a remote proxy server";
q = strchr(p + 3, ':');
if (q != NULL)
{
if (sscanf(q+1, "%u", &port) != 1 || port > 65535)
return "Bad syntax for a remote proxy server (bad port number)";
*q = '\0';
} else port = -1;
*p = '\0';
if (strchr(f, ':') == NULL) str_tolower(f); /* lowercase scheme */
str_tolower(p + 3); /* lowercase hostname */
if (port == -1)
{
int i;
for (i=0; defports[i].scheme != NULL; i++)
if (strcmp(defports[i].scheme, r) == 0) break;
port = defports[i].port;
}
new = push_array (conf->proxies);
new->scheme = f;
new->protocol = r;
new->hostname = p + 3;
new->port = port;
return NULL;
}
static const char *
add_pass(cmd_parms *cmd, void *dummy, char *f, char *r)
{
server_rec *s = cmd->server;
proxy_server_conf *conf =
(proxy_server_conf *)get_module_config(s->module_config,&proxy_module);
struct proxy_alias *new;
new = push_array (conf->aliases);
new->fake = f;
new->real = r;
return NULL;
}
static const char *
set_proxy_exclude(cmd_parms *parms, void *dummy, char *arg)
{
server_rec *s = parms->server;
proxy_server_conf *conf =
get_module_config (s->module_config, &proxy_module);
struct noproxy_entry *new;
struct noproxy_entry *list=(struct noproxy_entry*)conf->noproxies->elts;
struct hostent hp;
int found = 0;
int i;
/* Don't duplicate entries */
for (i=0; i < conf->noproxies->nelts; i++)
{
if (strcmp(arg, list[i].name) == 0)
found = 1;
}
if (!found)
{
new = push_array (conf->noproxies);
new->name = arg;
/* Don't do name lookups on things that aren't dotted */
if (strchr(arg, '.') != NULL && proxy_host2addr(new->name, &hp) == NULL)
memcpy(&new->addr, hp.h_addr, sizeof(struct in_addr));
else
new->addr.s_addr = 0;
}
return NULL;
}
/* Similar to set_proxy_exclude(), but defining directly connected hosts,
* which should never be accessed via the configured ProxyRemote servers
*/
static const char *
set_proxy_dirconn(cmd_parms *parms, void *dummy, char *arg)
{
server_rec *s = parms->server;
proxy_server_conf *conf =
get_module_config (s->module_config, &proxy_module);
struct dirconn_entry *New;
struct dirconn_entry *list=(struct dirconn_entry*)conf->dirconn->elts;
int found = 0;
int i;
/* Don't duplicate entries */
for (i=0; i < conf->dirconn->nelts; i++)
{
if (strcasecmp(arg, list[i].name) == 0)
found = 1;
}
if (!found)
{
New = push_array (conf->dirconn);
New->name = arg;
if (proxy_is_ipaddr(New))
{
#if DEBUGGING
fprintf(stderr,"Parsed addr %s\n", inet_ntoa(New->addr));
fprintf(stderr,"Parsed mask %s\n", inet_ntoa(New->mask));
#endif
}
else if (proxy_is_domainname(New))
{
str_tolower(New->name);
#if DEBUGGING
fprintf(stderr,"Parsed domain %s\n", New->name);
#endif
}
else if (proxy_is_hostname(New))
{
str_tolower(New->name);
#if DEBUGGING
fprintf(stderr,"Parsed host %s\n", New->name);
#endif
}
else
{
proxy_is_word(New);
#if DEBUGGING
fprintf(stderr,"Parsed word %s\n", New->name);
#endif
}
}
return NULL;
}
static const char *
set_proxy_domain(cmd_parms *parms, void *dummy, char *arg)
{
proxy_server_conf *psf =
get_module_config (parms->server->module_config, &proxy_module);
if (arg[0] != '.')
return "Domain name must start with a dot.";
psf->domain = arg;
return NULL;
}
static const char *
set_proxy_req(cmd_parms *parms, void *dummy, int flag)
{
proxy_server_conf *psf =
get_module_config (parms->server->module_config, &proxy_module);
psf->req = flag;
return NULL;
}
static const char *
set_cache_size(cmd_parms *parms, char *struct_ptr, char *arg)
{
proxy_server_conf *psf =
get_module_config (parms->server->module_config, &proxy_module);
int val;
if (sscanf(arg, "%d", &val) != 1) return "Value must be an integer";
psf->cache.space = val;
return NULL;
}
static const char *
set_cache_root(cmd_parms *parms, void *dummy, char *arg)
{
proxy_server_conf *psf =
get_module_config (parms->server->module_config, &proxy_module);
psf->cache.root = arg;
return NULL;
}
static const char *
set_cache_factor(cmd_parms *parms, void *dummy, char *arg)
{
proxy_server_conf *psf =
get_module_config (parms->server->module_config, &proxy_module);
double val;
if (sscanf(arg, "%lg", &val) != 1) return "Value must be a float";
psf->cache.lmfactor = val;
return NULL;
}
static const char *
set_cache_maxex(cmd_parms *parms, void *dummy, char *arg)
{
proxy_server_conf *psf =
get_module_config (parms->server->module_config, &proxy_module);
double val;
if (sscanf(arg, "%lg", &val) != 1) return "Value must be a float";
psf->cache.maxexpire = (int)(val * (double)SEC_ONE_HR);
return NULL;
}
static const char *
set_cache_defex(cmd_parms *parms, void *dummy, char *arg)
{
proxy_server_conf *psf =
get_module_config (parms->server->module_config, &proxy_module);
double val;
if (sscanf(arg, "%lg", &val) != 1) return "Value must be a float";
psf->cache.defaultexpire = (int)(val * (double)SEC_ONE_HR);
return NULL;
}
static const char *
set_cache_gcint(cmd_parms *parms, void *dummy, char *arg)
{
proxy_server_conf *psf =
get_module_config (parms->server->module_config, &proxy_module);
double val;
if (sscanf(arg, "%lg", &val) != 1) return "Value must be a float";
psf->cache.gcinterval = (int)(val * (double)SEC_ONE_HR);
return NULL;
}
static const char *
set_cache_dirlevels(cmd_parms *parms, char *struct_ptr, char *arg)
{
proxy_server_conf *psf =
get_module_config (parms->server->module_config, &proxy_module);
int val;
if (sscanf(arg, "%d", &val) != 1) return "Value must be an integer";
psf->cache.dirlevels = val;
return NULL;
}
static const char *
set_cache_dirlength(cmd_parms *parms, char *struct_ptr, char *arg)
{
proxy_server_conf *psf =
get_module_config (parms->server->module_config, &proxy_module);
int val;
if (sscanf(arg, "%d", &val) != 1) return "Value must be an integer";
psf->cache.dirlength = val;
return NULL;
}
static const char *
set_cache_exclude(cmd_parms *parms, void *dummy, char *arg)
{
server_rec *s = parms->server;
proxy_server_conf *conf =
get_module_config (s->module_config, &proxy_module);
struct nocache_entry *new;
struct nocache_entry *list=(struct nocache_entry*)conf->nocaches->elts;
struct hostent hp;
int found = 0;
int i;
/* Don't duplicate entries */
for (i=0; i < conf->nocaches->nelts; i++)
{
if (strcmp(arg, list[i].name) == 0)
found = 1;
}
if (!found)
{
new = push_array (conf->nocaches);
new->name = arg;
/* Don't do name lookups on things that aren't dotted */
if (strchr(arg, '.') != NULL && proxy_host2addr(new->name, &hp) == NULL)
memcpy(&new->addr, hp.h_addr, sizeof(struct in_addr));
else
new->addr.s_addr= 0;
}
return NULL;
}
static handler_rec proxy_handlers[] = {
{ "proxy-server", proxy_handler },
{ NULL }
};
static command_rec proxy_cmds[] = {
{ "ProxyRequests", set_proxy_req, NULL, RSRC_CONF, FLAG,
"on if the true proxy requests should be accepted"},
{ "ProxyRemote", add_proxy, NULL, RSRC_CONF, TAKE2,
"a scheme, partial URL or '*' and a proxy server"},
{ "ProxyPass", add_pass, NULL, RSRC_CONF, TAKE2,
"a virtual path and a URL"},
{ "ProxyBlock", set_proxy_exclude, NULL, RSRC_CONF, ITERATE,
"A list of names, hosts or domains to which the proxy will not connect" },
{ "NoProxy", set_proxy_dirconn, NULL, RSRC_CONF, ITERATE,
"A list of domains, hosts, or subnets to which the proxy will connect directly" },
{ "ProxyDomain", set_proxy_domain, NULL, RSRC_CONF, TAKE1,
"The default intranet domain name (in absence of a domain in the URL)" },
{ "CacheRoot", set_cache_root, NULL, RSRC_CONF, TAKE1,
"The directory to store cache files"},
{ "CacheSize", set_cache_size, NULL, RSRC_CONF, TAKE1,
"The maximum disk space used by the cache in Kb"},
{ "CacheMaxExpire", set_cache_maxex, NULL, RSRC_CONF, TAKE1,
"The maximum time in hours to cache a document"},
{ "CacheDefaultExpire", set_cache_defex, NULL, RSRC_CONF, TAKE1,
"The default time in hours to cache a document"},
{ "CacheLastModifiedFactor", set_cache_factor, NULL, RSRC_CONF, TAKE1,
"The factor used to estimate Expires date from LastModified date"},
{ "CacheGcInterval", set_cache_gcint, NULL, RSRC_CONF, TAKE1,
"The interval between garbage collections, in hours"},
{ "CacheDirLevels", set_cache_dirlevels, NULL, RSRC_CONF, TAKE1,
"The number of levels of subdirectories in the cache" },
{ "CacheDirLength", set_cache_dirlength, NULL, RSRC_CONF, TAKE1,
"The number of characters in subdirectory names" },
{ "NoCache", set_cache_exclude, NULL, RSRC_CONF, ITERATE,
"A list of names, hosts or domains for which caching is *not* provided" },
{ NULL }
};
module MODULE_VAR_EXPORT proxy_module = {
STANDARD_MODULE_STUFF,
proxy_init, /* initializer */
NULL, /* create per-directory config structure */
NULL, /* merge per-directory config structures */
create_proxy_config, /* create per-server config structure */
NULL, /* merge per-server config structures */
proxy_cmds, /* command table */
proxy_handlers, /* handlers */
proxy_trans, /* translate_handler */
NULL, /* check_user_id */
NULL, /* check auth */
NULL, /* check access */
NULL, /* type_checker */
proxy_fixup, /* pre-run fixups */
NULL, /* logger */
NULL, /* header parser */
NULL /* child_init */
};
These are the contents of the former NiCE NeXT User Group NeXTSTEP/OpenStep software archive, currently hosted by Netfuture.ch.