nginxtra 1.4.7.9 → 1.6.0.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/nginxtra +1 -1
- data/bin/nginxtra_rails +1 -1
- data/lib/nginxtra/version.rb +1 -1
- data/vendor/nginx/CHANGES +286 -19
- data/vendor/nginx/CHANGES.ru +296 -22
- data/vendor/nginx/auto/cc/clang +4 -3
- data/vendor/nginx/auto/cc/conf +23 -0
- data/vendor/nginx/auto/cc/msvc +1 -0
- data/vendor/nginx/auto/cc/name +1 -1
- data/vendor/nginx/auto/cc/owc +4 -4
- data/vendor/nginx/auto/cc/sunc +1 -1
- data/vendor/nginx/auto/endianness +2 -2
- data/vendor/nginx/auto/feature +1 -1
- data/vendor/nginx/auto/include +1 -1
- data/vendor/nginx/auto/lib/libatomic/make +3 -1
- data/vendor/nginx/auto/lib/openssl/conf +4 -0
- data/vendor/nginx/auto/lib/openssl/make +1 -1
- data/vendor/nginx/auto/lib/pcre/conf +5 -0
- data/vendor/nginx/auto/lib/pcre/make +11 -11
- data/vendor/nginx/auto/lib/pcre/makefile.bcc +4 -3
- data/vendor/nginx/auto/lib/pcre/makefile.msvc +2 -1
- data/vendor/nginx/auto/lib/pcre/makefile.owc +2 -1
- data/vendor/nginx/auto/lib/perl/make +1 -0
- data/vendor/nginx/auto/lib/test +1 -1
- data/vendor/nginx/auto/lib/zlib/make +22 -1
- data/vendor/nginx/auto/modules +8 -0
- data/vendor/nginx/auto/options +3 -0
- data/vendor/nginx/auto/os/darwin +1 -1
- data/vendor/nginx/auto/os/linux +32 -0
- data/vendor/nginx/auto/os/win32 +12 -1
- data/vendor/nginx/auto/sources +8 -2
- data/vendor/nginx/auto/types/sizeof +1 -1
- data/vendor/nginx/auto/types/typedef +1 -1
- data/vendor/nginx/auto/types/uintptr_t +1 -1
- data/vendor/nginx/auto/unix +13 -1
- data/vendor/nginx/conf/mime.types +11 -2
- data/vendor/nginx/conf/nginx.conf +3 -4
- data/vendor/nginx/contrib/README +6 -0
- data/vendor/nginx/contrib/vim/ftdetect/nginx.vim +4 -0
- data/vendor/nginx/contrib/vim/indent/nginx.vim +11 -0
- data/vendor/nginx/contrib/vim/syntax/nginx.vim +703 -0
- data/vendor/nginx/src/core/nginx.c +2 -7
- data/vendor/nginx/src/core/nginx.h +2 -2
- data/vendor/nginx/src/core/ngx_conf_file.c +8 -88
- data/vendor/nginx/src/core/ngx_conf_file.h +3 -3
- data/vendor/nginx/src/core/ngx_config.h +2 -2
- data/vendor/nginx/src/core/ngx_connection.c +100 -29
- data/vendor/nginx/src/core/ngx_connection.h +11 -0
- data/vendor/nginx/src/core/ngx_core.h +1 -0
- data/vendor/nginx/src/core/ngx_cycle.c +23 -99
- data/vendor/nginx/src/core/ngx_cycle.h +2 -0
- data/vendor/nginx/src/core/ngx_file.c +100 -8
- data/vendor/nginx/src/core/ngx_file.h +3 -0
- data/vendor/nginx/src/core/ngx_hash.c +6 -9
- data/vendor/nginx/src/core/ngx_inet.c +93 -5
- data/vendor/nginx/src/core/ngx_inet.h +4 -2
- data/vendor/nginx/src/core/ngx_list.c +1 -9
- data/vendor/nginx/src/core/ngx_log.c +132 -30
- data/vendor/nginx/src/core/ngx_log.h +5 -2
- data/vendor/nginx/src/core/ngx_open_file_cache.c +67 -1
- data/vendor/nginx/src/core/ngx_palloc.c +5 -2
- data/vendor/nginx/src/core/ngx_proxy_protocol.c +91 -0
- data/vendor/nginx/src/core/ngx_proxy_protocol.h +23 -0
- data/vendor/nginx/src/core/ngx_resolver.c +1080 -285
- data/vendor/nginx/src/core/ngx_resolver.h +33 -3
- data/vendor/nginx/src/core/ngx_slab.c +7 -2
- data/vendor/nginx/src/core/ngx_slab.h +2 -0
- data/vendor/nginx/src/core/ngx_string.c +78 -13
- data/vendor/nginx/src/core/ngx_string.h +2 -0
- data/vendor/nginx/src/event/modules/ngx_devpoll_module.c +2 -2
- data/vendor/nginx/src/event/modules/ngx_epoll_module.c +13 -5
- data/vendor/nginx/src/event/modules/ngx_select_module.c +1 -1
- data/vendor/nginx/src/event/modules/ngx_win32_select_module.c +2 -2
- data/vendor/nginx/src/event/ngx_event.c +0 -1
- data/vendor/nginx/src/event/ngx_event.h +7 -6
- data/vendor/nginx/src/event/ngx_event_accept.c +6 -4
- data/vendor/nginx/src/event/ngx_event_connect.c +2 -2
- data/vendor/nginx/src/event/ngx_event_openssl.c +304 -13
- data/vendor/nginx/src/event/ngx_event_openssl.h +20 -1
- data/vendor/nginx/src/event/ngx_event_openssl_stapling.c +35 -23
- data/vendor/nginx/src/event/ngx_event_pipe.c +15 -30
- data/vendor/nginx/src/http/modules/ngx_http_access_module.c +115 -35
- data/vendor/nginx/src/http/modules/ngx_http_auth_basic_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_auth_request_module.c +444 -0
- data/vendor/nginx/src/http/modules/ngx_http_autoindex_module.c +2 -1
- data/vendor/nginx/src/http/modules/ngx_http_charset_filter_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_dav_module.c +1 -3
- data/vendor/nginx/src/http/modules/ngx_http_fastcgi_module.c +251 -36
- data/vendor/nginx/src/http/modules/ngx_http_gunzip_filter_module.c +9 -5
- data/vendor/nginx/src/http/modules/ngx_http_gzip_filter_module.c +5 -3
- data/vendor/nginx/src/http/modules/ngx_http_gzip_static_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_headers_filter_module.c +4 -0
- data/vendor/nginx/src/http/modules/ngx_http_image_filter_module.c +8 -2
- data/vendor/nginx/src/http/modules/ngx_http_limit_req_module.c +5 -1
- data/vendor/nginx/src/http/modules/ngx_http_map_module.c +3 -3
- data/vendor/nginx/src/http/modules/ngx_http_memcached_module.c +21 -10
- data/vendor/nginx/src/http/modules/ngx_http_mp4_module.c +669 -197
- data/vendor/nginx/src/http/modules/ngx_http_proxy_module.c +93 -60
- data/vendor/nginx/src/http/modules/ngx_http_range_filter_module.c +13 -6
- data/vendor/nginx/src/http/modules/ngx_http_realip_module.c +20 -1
- data/vendor/nginx/src/http/modules/ngx_http_referer_module.c +132 -74
- data/vendor/nginx/src/http/modules/ngx_http_scgi_module.c +18 -12
- data/vendor/nginx/src/http/modules/ngx_http_ssi_filter_module.c +22 -20
- data/vendor/nginx/src/http/modules/ngx_http_ssl_module.c +121 -3
- data/vendor/nginx/src/http/modules/ngx_http_ssl_module.h +5 -0
- data/vendor/nginx/src/http/modules/ngx_http_stub_status_module.c +3 -0
- data/vendor/nginx/src/http/modules/ngx_http_sub_filter_module.c +123 -91
- data/vendor/nginx/src/http/modules/ngx_http_upstream_ip_hash_module.c +29 -19
- data/vendor/nginx/src/http/modules/ngx_http_upstream_keepalive_module.c +2 -5
- data/vendor/nginx/src/http/modules/ngx_http_uwsgi_module.c +215 -19
- data/vendor/nginx/src/http/modules/ngx_http_xslt_filter_module.c +32 -6
- data/vendor/nginx/src/http/modules/perl/nginx.xs +4 -7
- data/vendor/nginx/src/http/modules/perl/ngx_http_perl_module.c +2 -2
- data/vendor/nginx/src/http/ngx_http.c +17 -7
- data/vendor/nginx/src/http/ngx_http_cache.h +4 -2
- data/vendor/nginx/src/http/ngx_http_copy_filter_module.c +4 -2
- data/vendor/nginx/src/http/ngx_http_core_module.c +63 -50
- data/vendor/nginx/src/http/ngx_http_core_module.h +5 -0
- data/vendor/nginx/src/http/ngx_http_file_cache.c +115 -3
- data/vendor/nginx/src/http/ngx_http_header_filter_module.c +9 -6
- data/vendor/nginx/src/http/ngx_http_parse.c +88 -10
- data/vendor/nginx/src/http/ngx_http_postpone_filter_module.c +2 -4
- data/vendor/nginx/src/http/ngx_http_request.c +116 -8
- data/vendor/nginx/src/http/ngx_http_request.h +5 -1
- data/vendor/nginx/src/http/ngx_http_request_body.c +7 -7
- data/vendor/nginx/src/http/ngx_http_script.c +6 -5
- data/vendor/nginx/src/http/ngx_http_spdy.c +889 -271
- data/vendor/nginx/src/http/ngx_http_spdy.h +51 -28
- data/vendor/nginx/src/http/ngx_http_spdy_filter_module.c +382 -167
- data/vendor/nginx/src/http/ngx_http_spdy_module.c +65 -8
- data/vendor/nginx/src/http/ngx_http_spdy_module.h +5 -0
- data/vendor/nginx/src/http/ngx_http_special_response.c +1 -1
- data/vendor/nginx/src/http/ngx_http_upstream.c +290 -114
- data/vendor/nginx/src/http/ngx_http_upstream.h +9 -5
- data/vendor/nginx/src/http/ngx_http_upstream_round_robin.c +32 -24
- data/vendor/nginx/src/http/ngx_http_variables.c +40 -6
- data/vendor/nginx/src/http/ngx_http_write_filter_module.c +12 -5
- data/vendor/nginx/src/mail/ngx_mail.c +4 -2
- data/vendor/nginx/src/mail/ngx_mail.h +2 -0
- data/vendor/nginx/src/mail/ngx_mail_auth_http_module.c +0 -1
- data/vendor/nginx/src/mail/ngx_mail_core_module.c +2 -1
- data/vendor/nginx/src/mail/ngx_mail_handler.c +17 -4
- data/vendor/nginx/src/mail/ngx_mail_parse.c +32 -2
- data/vendor/nginx/src/mail/ngx_mail_proxy_module.c +54 -7
- data/vendor/nginx/src/mail/ngx_mail_smtp_handler.c +50 -78
- data/vendor/nginx/src/mail/ngx_mail_ssl_module.c +48 -11
- data/vendor/nginx/src/mail/ngx_mail_ssl_module.h +3 -0
- data/vendor/nginx/src/os/unix/ngx_channel.c +3 -1
- data/vendor/nginx/src/os/unix/ngx_darwin_config.h +1 -0
- data/vendor/nginx/src/os/unix/ngx_darwin_init.c +1 -1
- data/vendor/nginx/src/os/unix/ngx_darwin_sendfile_chain.c +14 -16
- data/vendor/nginx/src/os/unix/ngx_errno.h +3 -0
- data/vendor/nginx/src/os/unix/ngx_files.h +10 -16
- data/vendor/nginx/src/os/unix/ngx_freebsd_config.h +6 -0
- data/vendor/nginx/src/os/unix/ngx_freebsd_init.c +1 -1
- data/vendor/nginx/src/os/unix/ngx_freebsd_rfork_thread.c +1 -1
- data/vendor/nginx/src/os/unix/ngx_freebsd_rfork_thread.h +2 -2
- data/vendor/nginx/src/os/unix/ngx_freebsd_sendfile_chain.c +17 -19
- data/vendor/nginx/src/os/unix/ngx_linux_config.h +8 -2
- data/vendor/nginx/src/os/unix/ngx_linux_sendfile_chain.c +20 -22
- data/vendor/nginx/src/os/unix/ngx_posix_config.h +1 -0
- data/vendor/nginx/src/os/unix/ngx_process.c +5 -0
- data/vendor/nginx/src/os/unix/ngx_process_cycle.c +15 -3
- data/vendor/nginx/src/os/unix/ngx_readv_chain.c +2 -1
- data/vendor/nginx/src/os/unix/ngx_recv.c +4 -1
- data/vendor/nginx/src/os/unix/ngx_solaris_config.h +1 -0
- data/vendor/nginx/src/os/unix/ngx_solaris_sendfilev_chain.c +14 -16
- metadata +8 -2
@@ -76,6 +76,12 @@ typedef struct {
|
|
76
76
|
|
77
77
|
ngx_uint_t headers_hash_max_size;
|
78
78
|
ngx_uint_t headers_hash_bucket_size;
|
79
|
+
|
80
|
+
#if (NGX_HTTP_SSL)
|
81
|
+
ngx_uint_t ssl;
|
82
|
+
ngx_uint_t ssl_protocols;
|
83
|
+
ngx_str_t ssl_ciphers;
|
84
|
+
#endif
|
79
85
|
} ngx_http_proxy_loc_conf_t;
|
80
86
|
|
81
87
|
|
@@ -178,6 +184,7 @@ static ngx_conf_bitmask_t ngx_http_proxy_next_upstream_masks[] = {
|
|
178
184
|
{ ngx_string("http_502"), NGX_HTTP_UPSTREAM_FT_HTTP_502 },
|
179
185
|
{ ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 },
|
180
186
|
{ ngx_string("http_504"), NGX_HTTP_UPSTREAM_FT_HTTP_504 },
|
187
|
+
{ ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 },
|
181
188
|
{ ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 },
|
182
189
|
{ ngx_string("updating"), NGX_HTTP_UPSTREAM_FT_UPDATING },
|
183
190
|
{ ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF },
|
@@ -185,6 +192,20 @@ static ngx_conf_bitmask_t ngx_http_proxy_next_upstream_masks[] = {
|
|
185
192
|
};
|
186
193
|
|
187
194
|
|
195
|
+
#if (NGX_HTTP_SSL)
|
196
|
+
|
197
|
+
static ngx_conf_bitmask_t ngx_http_proxy_ssl_protocols[] = {
|
198
|
+
{ ngx_string("SSLv2"), NGX_SSL_SSLv2 },
|
199
|
+
{ ngx_string("SSLv3"), NGX_SSL_SSLv3 },
|
200
|
+
{ ngx_string("TLSv1"), NGX_SSL_TLSv1 },
|
201
|
+
{ ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
|
202
|
+
{ ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
|
203
|
+
{ ngx_null_string, 0 }
|
204
|
+
};
|
205
|
+
|
206
|
+
#endif
|
207
|
+
|
208
|
+
|
188
209
|
static ngx_conf_enum_t ngx_http_proxy_http_version[] = {
|
189
210
|
{ ngx_string("1.0"), NGX_HTTP_VERSION_10 },
|
190
211
|
{ ngx_string("1.1"), NGX_HTTP_VERSION_11 },
|
@@ -444,6 +465,13 @@ static ngx_command_t ngx_http_proxy_commands[] = {
|
|
444
465
|
offsetof(ngx_http_proxy_loc_conf_t, upstream.cache_lock_timeout),
|
445
466
|
NULL },
|
446
467
|
|
468
|
+
{ ngx_string("proxy_cache_revalidate"),
|
469
|
+
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
|
470
|
+
ngx_conf_set_flag_slot,
|
471
|
+
NGX_HTTP_LOC_CONF_OFFSET,
|
472
|
+
offsetof(ngx_http_proxy_loc_conf_t, upstream.cache_revalidate),
|
473
|
+
NULL },
|
474
|
+
|
447
475
|
#endif
|
448
476
|
|
449
477
|
{ ngx_string("proxy_temp_path"),
|
@@ -511,6 +539,20 @@ static ngx_command_t ngx_http_proxy_commands[] = {
|
|
511
539
|
offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_session_reuse),
|
512
540
|
NULL },
|
513
541
|
|
542
|
+
{ ngx_string("proxy_ssl_protocols"),
|
543
|
+
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
|
544
|
+
ngx_conf_set_bitmask_slot,
|
545
|
+
NGX_HTTP_LOC_CONF_OFFSET,
|
546
|
+
offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols),
|
547
|
+
&ngx_http_proxy_ssl_protocols },
|
548
|
+
|
549
|
+
{ ngx_string("proxy_ssl_ciphers"),
|
550
|
+
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
|
551
|
+
ngx_conf_set_str_slot,
|
552
|
+
NGX_HTTP_LOC_CONF_OFFSET,
|
553
|
+
offsetof(ngx_http_proxy_loc_conf_t, ssl_ciphers),
|
554
|
+
NULL },
|
555
|
+
|
514
556
|
#endif
|
515
557
|
|
516
558
|
ngx_null_command
|
@@ -587,7 +629,8 @@ static ngx_keyval_t ngx_http_proxy_cache_headers[] = {
|
|
587
629
|
{ ngx_string("Keep-Alive"), ngx_string("") },
|
588
630
|
{ ngx_string("Expect"), ngx_string("") },
|
589
631
|
{ ngx_string("Upgrade"), ngx_string("") },
|
590
|
-
{ ngx_string("If-Modified-Since"),
|
632
|
+
{ ngx_string("If-Modified-Since"),
|
633
|
+
ngx_string("$upstream_cache_last_modified") },
|
591
634
|
{ ngx_string("If-Unmodified-Since"), ngx_string("") },
|
592
635
|
{ ngx_string("If-None-Match"), ngx_string("") },
|
593
636
|
{ ngx_string("If-Match"), ngx_string("") },
|
@@ -993,6 +1036,8 @@ ngx_http_proxy_create_request(ngx_http_request_t *r)
|
|
993
1036
|
|
994
1037
|
len += uri_len;
|
995
1038
|
|
1039
|
+
ngx_memzero(&le, sizeof(ngx_http_script_engine_t));
|
1040
|
+
|
996
1041
|
ngx_http_script_flush_no_cacheable_variables(r, plcf->flushes);
|
997
1042
|
|
998
1043
|
if (plcf->body_set_len) {
|
@@ -1317,7 +1362,7 @@ ngx_http_proxy_process_status_line(ngx_http_request_t *r)
|
|
1317
1362
|
return NGX_OK;
|
1318
1363
|
}
|
1319
1364
|
|
1320
|
-
if (u->state) {
|
1365
|
+
if (u->state && u->state->status == 0) {
|
1321
1366
|
u->state->status = ctx->status.code;
|
1322
1367
|
}
|
1323
1368
|
|
@@ -1539,7 +1584,7 @@ ngx_http_proxy_input_filter_init(void *data)
|
|
1539
1584
|
u->pipe->length = 3; /* "0" LF LF */
|
1540
1585
|
|
1541
1586
|
u->input_filter = ngx_http_proxy_non_buffered_chunked_filter;
|
1542
|
-
u->length =
|
1587
|
+
u->length = 1;
|
1543
1588
|
|
1544
1589
|
} else if (u->headers_in.content_length_n == 0) {
|
1545
1590
|
/* empty body: special case as filter won't be called */
|
@@ -1570,19 +1615,13 @@ ngx_http_proxy_copy_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
|
|
1570
1615
|
return NGX_OK;
|
1571
1616
|
}
|
1572
1617
|
|
1573
|
-
|
1574
|
-
|
1575
|
-
|
1576
|
-
p->free = cl->next;
|
1577
|
-
ngx_free_chain(p->pool, cl);
|
1578
|
-
|
1579
|
-
} else {
|
1580
|
-
b = ngx_alloc_buf(p->pool);
|
1581
|
-
if (b == NULL) {
|
1582
|
-
return NGX_ERROR;
|
1583
|
-
}
|
1618
|
+
cl = ngx_chain_get_free_buf(p->pool, &p->free);
|
1619
|
+
if (cl == NULL) {
|
1620
|
+
return NGX_ERROR;
|
1584
1621
|
}
|
1585
1622
|
|
1623
|
+
b = cl->buf;
|
1624
|
+
|
1586
1625
|
ngx_memcpy(b, buf, sizeof(ngx_buf_t));
|
1587
1626
|
b->shadow = buf;
|
1588
1627
|
b->tag = p->tag;
|
@@ -1590,14 +1629,6 @@ ngx_http_proxy_copy_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
|
|
1590
1629
|
b->recycled = 1;
|
1591
1630
|
buf->shadow = b;
|
1592
1631
|
|
1593
|
-
cl = ngx_alloc_chain_link(p->pool);
|
1594
|
-
if (cl == NULL) {
|
1595
|
-
return NGX_ERROR;
|
1596
|
-
}
|
1597
|
-
|
1598
|
-
cl->buf = b;
|
1599
|
-
cl->next = NULL;
|
1600
|
-
|
1601
1632
|
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, p->log, 0, "input buf #%d", b->num);
|
1602
1633
|
|
1603
1634
|
if (p->in) {
|
@@ -1662,19 +1693,13 @@ ngx_http_proxy_chunked_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
|
|
1662
1693
|
|
1663
1694
|
/* a chunk has been parsed successfully */
|
1664
1695
|
|
1665
|
-
|
1666
|
-
|
1667
|
-
|
1668
|
-
p->free = cl->next;
|
1669
|
-
ngx_free_chain(p->pool, cl);
|
1670
|
-
|
1671
|
-
} else {
|
1672
|
-
b = ngx_alloc_buf(p->pool);
|
1673
|
-
if (b == NULL) {
|
1674
|
-
return NGX_ERROR;
|
1675
|
-
}
|
1696
|
+
cl = ngx_chain_get_free_buf(p->pool, &p->free);
|
1697
|
+
if (cl == NULL) {
|
1698
|
+
return NGX_ERROR;
|
1676
1699
|
}
|
1677
1700
|
|
1701
|
+
b = cl->buf;
|
1702
|
+
|
1678
1703
|
ngx_memzero(b, sizeof(ngx_buf_t));
|
1679
1704
|
|
1680
1705
|
b->pos = buf->pos;
|
@@ -1687,14 +1712,6 @@ ngx_http_proxy_chunked_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
|
|
1687
1712
|
*prev = b;
|
1688
1713
|
prev = &b->shadow;
|
1689
1714
|
|
1690
|
-
cl = ngx_alloc_chain_link(p->pool);
|
1691
|
-
if (cl == NULL) {
|
1692
|
-
return NGX_ERROR;
|
1693
|
-
}
|
1694
|
-
|
1695
|
-
cl->buf = b;
|
1696
|
-
cl->next = NULL;
|
1697
|
-
|
1698
1715
|
if (p->in) {
|
1699
1716
|
*p->last_in = cl;
|
1700
1717
|
} else {
|
@@ -1709,7 +1726,7 @@ ngx_http_proxy_chunked_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
|
|
1709
1726
|
|
1710
1727
|
if (buf->last - buf->pos >= ctx->chunked.size) {
|
1711
1728
|
|
1712
|
-
buf->pos += ctx->chunked.size;
|
1729
|
+
buf->pos += (size_t) ctx->chunked.size;
|
1713
1730
|
b->last = buf->pos;
|
1714
1731
|
ctx->chunked.size = 0;
|
1715
1732
|
|
@@ -1872,7 +1889,7 @@ ngx_http_proxy_non_buffered_chunked_filter(void *data, ssize_t bytes)
|
|
1872
1889
|
b->tag = u->output.tag;
|
1873
1890
|
|
1874
1891
|
if (buf->last - buf->pos >= ctx->chunked.size) {
|
1875
|
-
buf->pos += ctx->chunked.size;
|
1892
|
+
buf->pos += (size_t) ctx->chunked.size;
|
1876
1893
|
b->last = buf->pos;
|
1877
1894
|
ctx->chunked.size = 0;
|
1878
1895
|
|
@@ -2077,7 +2094,7 @@ ngx_http_proxy_internal_body_length_variable(ngx_http_request_t *r,
|
|
2077
2094
|
v->no_cacheable = 0;
|
2078
2095
|
v->not_found = 0;
|
2079
2096
|
|
2080
|
-
v->data = ngx_pnalloc(r->
|
2097
|
+
v->data = ngx_pnalloc(r->pool, NGX_OFF_T_LEN);
|
2081
2098
|
|
2082
2099
|
if (v->data == NULL) {
|
2083
2100
|
return NGX_ERROR;
|
@@ -2383,6 +2400,9 @@ ngx_http_proxy_create_loc_conf(ngx_conf_t *cf)
|
|
2383
2400
|
* conf->body_set = NULL;
|
2384
2401
|
* conf->body_source = { 0, NULL };
|
2385
2402
|
* conf->redirects = NULL;
|
2403
|
+
* conf->ssl = 0;
|
2404
|
+
* conf->ssl_protocols = 0;
|
2405
|
+
* conf->ssl_ciphers = { 0, NULL };
|
2386
2406
|
*/
|
2387
2407
|
|
2388
2408
|
conf->upstream.store = NGX_CONF_UNSET;
|
@@ -2414,6 +2434,7 @@ ngx_http_proxy_create_loc_conf(ngx_conf_t *cf)
|
|
2414
2434
|
conf->upstream.cache_valid = NGX_CONF_UNSET_PTR;
|
2415
2435
|
conf->upstream.cache_lock = NGX_CONF_UNSET;
|
2416
2436
|
conf->upstream.cache_lock_timeout = NGX_CONF_UNSET_MSEC;
|
2437
|
+
conf->upstream.cache_revalidate = NGX_CONF_UNSET;
|
2417
2438
|
#endif
|
2418
2439
|
|
2419
2440
|
conf->upstream.hide_headers = NGX_CONF_UNSET_PTR;
|
@@ -2657,12 +2678,6 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
2657
2678
|
ngx_conf_merge_ptr_value(conf->upstream.no_cache,
|
2658
2679
|
prev->upstream.no_cache, NULL);
|
2659
2680
|
|
2660
|
-
if (conf->upstream.no_cache && conf->upstream.cache_bypass == NULL) {
|
2661
|
-
ngx_log_error(NGX_LOG_WARN, cf->log, 0,
|
2662
|
-
"\"proxy_no_cache\" functionality has been changed in 0.8.46, "
|
2663
|
-
"now it should be used together with \"proxy_cache_bypass\"");
|
2664
|
-
}
|
2665
|
-
|
2666
2681
|
ngx_conf_merge_ptr_value(conf->upstream.cache_valid,
|
2667
2682
|
prev->upstream.cache_valid, NULL);
|
2668
2683
|
|
@@ -2676,6 +2691,9 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
2676
2691
|
ngx_conf_merge_msec_value(conf->upstream.cache_lock_timeout,
|
2677
2692
|
prev->upstream.cache_lock_timeout, 5000);
|
2678
2693
|
|
2694
|
+
ngx_conf_merge_value(conf->upstream.cache_revalidate,
|
2695
|
+
prev->upstream.cache_revalidate, 0);
|
2696
|
+
|
2679
2697
|
#endif
|
2680
2698
|
|
2681
2699
|
ngx_conf_merge_str_value(conf->method, prev->method, "");
|
@@ -2698,6 +2716,18 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
2698
2716
|
#if (NGX_HTTP_SSL)
|
2699
2717
|
ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
|
2700
2718
|
prev->upstream.ssl_session_reuse, 1);
|
2719
|
+
|
2720
|
+
ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols,
|
2721
|
+
(NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3
|
2722
|
+
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
|
2723
|
+
|NGX_SSL_TLSv1_2));
|
2724
|
+
|
2725
|
+
ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
|
2726
|
+
"DEFAULT");
|
2727
|
+
|
2728
|
+
if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) {
|
2729
|
+
return NGX_CONF_ERROR;
|
2730
|
+
}
|
2701
2731
|
#endif
|
2702
2732
|
|
2703
2733
|
ngx_conf_merge_value(conf->redirect, prev->redirect, 1);
|
@@ -3143,9 +3173,7 @@ ngx_http_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
3143
3173
|
}
|
3144
3174
|
|
3145
3175
|
#if (NGX_HTTP_SSL)
|
3146
|
-
|
3147
|
-
return NGX_CONF_ERROR;
|
3148
|
-
}
|
3176
|
+
plcf->ssl = 1;
|
3149
3177
|
#endif
|
3150
3178
|
|
3151
3179
|
return NGX_CONF_OK;
|
@@ -3158,9 +3186,7 @@ ngx_http_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
3158
3186
|
} else if (ngx_strncasecmp(url->data, (u_char *) "https://", 8) == 0) {
|
3159
3187
|
|
3160
3188
|
#if (NGX_HTTP_SSL)
|
3161
|
-
|
3162
|
-
return NGX_CONF_ERROR;
|
3163
|
-
}
|
3189
|
+
plcf->ssl = 1;
|
3164
3190
|
|
3165
3191
|
add = 8;
|
3166
3192
|
port = 443;
|
@@ -3742,15 +3768,22 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
|
|
3742
3768
|
|
3743
3769
|
plcf->upstream.ssl->log = cf->log;
|
3744
3770
|
|
3745
|
-
if (ngx_ssl_create(plcf->upstream.ssl,
|
3746
|
-
NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1
|
3747
|
-
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2,
|
3748
|
-
NULL)
|
3771
|
+
if (ngx_ssl_create(plcf->upstream.ssl, plcf->ssl_protocols, NULL)
|
3749
3772
|
!= NGX_OK)
|
3750
3773
|
{
|
3751
3774
|
return NGX_ERROR;
|
3752
3775
|
}
|
3753
3776
|
|
3777
|
+
if (SSL_CTX_set_cipher_list(plcf->upstream.ssl->ctx,
|
3778
|
+
(const char *) plcf->ssl_ciphers.data)
|
3779
|
+
== 0)
|
3780
|
+
{
|
3781
|
+
ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
|
3782
|
+
"SSL_CTX_set_cipher_list(\"%V\") failed",
|
3783
|
+
&plcf->ssl_ciphers);
|
3784
|
+
return NGX_ERROR;
|
3785
|
+
}
|
3786
|
+
|
3754
3787
|
cln = ngx_pool_cleanup_add(cf->pool, 0);
|
3755
3788
|
if (cln == NULL) {
|
3756
3789
|
return NGX_ERROR;
|
@@ -22,7 +22,7 @@
|
|
22
22
|
* ... data ...
|
23
23
|
*
|
24
24
|
*
|
25
|
-
* the
|
25
|
+
* the multipart format:
|
26
26
|
*
|
27
27
|
* "HTTP/1.0 206 Partial Content" CRLF
|
28
28
|
* ... header ...
|
@@ -148,6 +148,7 @@ ngx_http_range_header_filter(ngx_http_request_t *r)
|
|
148
148
|
{
|
149
149
|
time_t if_range_time;
|
150
150
|
ngx_str_t *if_range, *etag;
|
151
|
+
ngx_uint_t ranges;
|
151
152
|
ngx_http_core_loc_conf_t *clcf;
|
152
153
|
ngx_http_range_filter_ctx_t *ctx;
|
153
154
|
|
@@ -227,7 +228,9 @@ parse:
|
|
227
228
|
return NGX_ERROR;
|
228
229
|
}
|
229
230
|
|
230
|
-
|
231
|
+
ranges = r->single_range ? 1 : clcf->max_ranges;
|
232
|
+
|
233
|
+
switch (ngx_http_range_parse(r, ctx, ranges)) {
|
231
234
|
|
232
235
|
case NGX_OK:
|
233
236
|
ngx_http_set_ctx(r, ctx, ngx_http_range_body_filter_module);
|
@@ -432,7 +435,9 @@ ngx_http_range_multipart_header(ngx_http_request_t *r,
|
|
432
435
|
+ r->headers_out.content_type.len
|
433
436
|
+ sizeof(CRLF "Content-Range: bytes ") - 1;
|
434
437
|
|
435
|
-
if (r->headers_out.
|
438
|
+
if (r->headers_out.content_type_len == r->headers_out.content_type.len
|
439
|
+
&& r->headers_out.charset.len)
|
440
|
+
{
|
436
441
|
len += sizeof("; charset=") - 1 + r->headers_out.charset.len;
|
437
442
|
}
|
438
443
|
|
@@ -451,7 +456,9 @@ ngx_http_range_multipart_header(ngx_http_request_t *r,
|
|
451
456
|
* "Content-Range: bytes "
|
452
457
|
*/
|
453
458
|
|
454
|
-
if (r->headers_out.
|
459
|
+
if (r->headers_out.content_type_len == r->headers_out.content_type.len
|
460
|
+
&& r->headers_out.charset.len)
|
461
|
+
{
|
455
462
|
ctx->boundary_header.len = ngx_sprintf(ctx->boundary_header.data,
|
456
463
|
CRLF "--%0muA" CRLF
|
457
464
|
"Content-Type: %V; charset=%V" CRLF
|
@@ -461,8 +468,6 @@ ngx_http_range_multipart_header(ngx_http_request_t *r,
|
|
461
468
|
&r->headers_out.charset)
|
462
469
|
- ctx->boundary_header.data;
|
463
470
|
|
464
|
-
r->headers_out.charset.len = 0;
|
465
|
-
|
466
471
|
} else if (r->headers_out.content_type.len) {
|
467
472
|
ctx->boundary_header.len = ngx_sprintf(ctx->boundary_header.data,
|
468
473
|
CRLF "--%0muA" CRLF
|
@@ -501,6 +506,8 @@ ngx_http_range_multipart_header(ngx_http_request_t *r,
|
|
501
506
|
|
502
507
|
r->headers_out.content_type_len = r->headers_out.content_type.len;
|
503
508
|
|
509
|
+
r->headers_out.charset.len = 0;
|
510
|
+
|
504
511
|
/* the size of the last boundary CRLF "--0123456789--" CRLF */
|
505
512
|
|
506
513
|
len = sizeof(CRLF "--") - 1 + NGX_ATOMIC_T_LEN + sizeof("--" CRLF) - 1;
|
@@ -13,6 +13,7 @@
|
|
13
13
|
#define NGX_HTTP_REALIP_XREALIP 0
|
14
14
|
#define NGX_HTTP_REALIP_XFWD 1
|
15
15
|
#define NGX_HTTP_REALIP_HEADER 2
|
16
|
+
#define NGX_HTTP_REALIP_PROXY 3
|
16
17
|
|
17
18
|
|
18
19
|
typedef struct {
|
@@ -156,6 +157,18 @@ ngx_http_realip_handler(ngx_http_request_t *r)
|
|
156
157
|
|
157
158
|
break;
|
158
159
|
|
160
|
+
case NGX_HTTP_REALIP_PROXY:
|
161
|
+
|
162
|
+
value = &r->connection->proxy_protocol_addr;
|
163
|
+
|
164
|
+
if (value->len == 0) {
|
165
|
+
return NGX_DECLINED;
|
166
|
+
}
|
167
|
+
|
168
|
+
xfwd = NULL;
|
169
|
+
|
170
|
+
break;
|
171
|
+
|
159
172
|
default: /* NGX_HTTP_REALIP_HEADER */
|
160
173
|
|
161
174
|
part = &r->headers_in.headers.part;
|
@@ -230,7 +243,8 @@ ngx_http_realip_set_addr(ngx_http_request_t *r, ngx_addr_t *addr)
|
|
230
243
|
|
231
244
|
c = r->connection;
|
232
245
|
|
233
|
-
len = ngx_sock_ntop(addr->sockaddr,
|
246
|
+
len = ngx_sock_ntop(addr->sockaddr, addr->socklen, text,
|
247
|
+
NGX_SOCKADDR_STRLEN, 0);
|
234
248
|
if (len == 0) {
|
235
249
|
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
236
250
|
}
|
@@ -342,6 +356,11 @@ ngx_http_realip(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
342
356
|
return NGX_CONF_OK;
|
343
357
|
}
|
344
358
|
|
359
|
+
if (ngx_strcmp(value[1].data, "proxy_protocol") == 0) {
|
360
|
+
rlcf->type = NGX_HTTP_REALIP_PROXY;
|
361
|
+
return NGX_CONF_OK;
|
362
|
+
}
|
363
|
+
|
345
364
|
rlcf->type = NGX_HTTP_REALIP_HEADER;
|
346
365
|
rlcf->hash = ngx_hash_strlow(value[1].data, value[1].data, value[1].len);
|
347
366
|
rlcf->header = value[1];
|
@@ -12,22 +12,18 @@
|
|
12
12
|
|
13
13
|
#define NGX_HTTP_REFERER_NO_URI_PART ((void *) 4)
|
14
14
|
|
15
|
-
#if !(NGX_PCRE)
|
16
|
-
|
17
|
-
#define ngx_regex_t void
|
18
|
-
|
19
|
-
#endif
|
20
|
-
|
21
15
|
|
22
16
|
typedef struct {
|
23
17
|
ngx_hash_combined_t hash;
|
24
18
|
|
25
19
|
#if (NGX_PCRE)
|
26
20
|
ngx_array_t *regex;
|
21
|
+
ngx_array_t *server_name_regex;
|
27
22
|
#endif
|
28
23
|
|
29
24
|
ngx_flag_t no_referer;
|
30
25
|
ngx_flag_t blocked_referer;
|
26
|
+
ngx_flag_t server_names;
|
31
27
|
|
32
28
|
ngx_hash_keys_arrays_t *keys;
|
33
29
|
|
@@ -41,10 +37,14 @@ static char * ngx_http_referer_merge_conf(ngx_conf_t *cf, void *parent,
|
|
41
37
|
void *child);
|
42
38
|
static char *ngx_http_valid_referers(ngx_conf_t *cf, ngx_command_t *cmd,
|
43
39
|
void *conf);
|
44
|
-
static
|
45
|
-
ngx_str_t *value, ngx_str_t *uri);
|
46
|
-
static
|
47
|
-
ngx_http_referer_conf_t *rlcf, ngx_str_t *name
|
40
|
+
static ngx_int_t ngx_http_add_referer(ngx_conf_t *cf,
|
41
|
+
ngx_hash_keys_arrays_t *keys, ngx_str_t *value, ngx_str_t *uri);
|
42
|
+
static ngx_int_t ngx_http_add_regex_referer(ngx_conf_t *cf,
|
43
|
+
ngx_http_referer_conf_t *rlcf, ngx_str_t *name);
|
44
|
+
#if (NGX_PCRE)
|
45
|
+
static ngx_int_t ngx_http_add_regex_server_name(ngx_conf_t *cf,
|
46
|
+
ngx_http_referer_conf_t *rlcf, ngx_http_regex_t *regex);
|
47
|
+
#endif
|
48
48
|
static int ngx_libc_cdecl ngx_http_cmp_referer_wildcards(const void *one,
|
49
49
|
const void *two);
|
50
50
|
|
@@ -117,6 +117,10 @@ ngx_http_referer_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v,
|
|
117
117
|
ngx_uint_t i, key;
|
118
118
|
ngx_http_referer_conf_t *rlcf;
|
119
119
|
u_char buf[256];
|
120
|
+
#if (NGX_PCRE)
|
121
|
+
ngx_int_t rc;
|
122
|
+
ngx_str_t referer;
|
123
|
+
#endif
|
120
124
|
|
121
125
|
rlcf = ngx_http_get_module_loc_conf(r, ngx_http_referer_module);
|
122
126
|
|
@@ -125,6 +129,7 @@ ngx_http_referer_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v,
|
|
125
129
|
&& rlcf->hash.wc_tail == NULL
|
126
130
|
#if (NGX_PCRE)
|
127
131
|
&& rlcf->regex == NULL
|
132
|
+
&& rlcf->server_name_regex == NULL
|
128
133
|
#endif
|
129
134
|
)
|
130
135
|
{
|
@@ -147,10 +152,12 @@ ngx_http_referer_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v,
|
|
147
152
|
|
148
153
|
if (ngx_strncasecmp(ref, (u_char *) "http://", 7) == 0) {
|
149
154
|
ref += 7;
|
155
|
+
len -= 7;
|
150
156
|
goto valid_scheme;
|
151
157
|
|
152
158
|
} else if (ngx_strncasecmp(ref, (u_char *) "https://", 8) == 0) {
|
153
159
|
ref += 8;
|
160
|
+
len -= 8;
|
154
161
|
goto valid_scheme;
|
155
162
|
}
|
156
163
|
}
|
@@ -171,12 +178,12 @@ valid_scheme:
|
|
171
178
|
break;
|
172
179
|
}
|
173
180
|
|
174
|
-
buf[i] = ngx_tolower(*p);
|
175
|
-
key = ngx_hash(key, buf[i++]);
|
176
|
-
|
177
181
|
if (i == 256) {
|
178
182
|
goto invalid;
|
179
183
|
}
|
184
|
+
|
185
|
+
buf[i] = ngx_tolower(*p);
|
186
|
+
key = ngx_hash(key, buf[i++]);
|
180
187
|
}
|
181
188
|
|
182
189
|
uri = ngx_hash_find_combined(&rlcf->hash, key, buf, p - ref);
|
@@ -187,11 +194,26 @@ valid_scheme:
|
|
187
194
|
|
188
195
|
#if (NGX_PCRE)
|
189
196
|
|
190
|
-
if (rlcf->
|
191
|
-
|
192
|
-
|
197
|
+
if (rlcf->server_name_regex) {
|
198
|
+
referer.len = p - ref;
|
199
|
+
referer.data = buf;
|
200
|
+
|
201
|
+
rc = ngx_regex_exec_array(rlcf->server_name_regex, &referer,
|
202
|
+
r->connection->log);
|
203
|
+
|
204
|
+
if (rc == NGX_OK) {
|
205
|
+
goto valid;
|
206
|
+
}
|
207
|
+
|
208
|
+
if (rc == NGX_ERROR) {
|
209
|
+
return rc;
|
210
|
+
}
|
211
|
+
|
212
|
+
/* NGX_DECLINED */
|
213
|
+
}
|
193
214
|
|
194
|
-
|
215
|
+
if (rlcf->regex) {
|
216
|
+
referer.len = len;
|
195
217
|
referer.data = ref;
|
196
218
|
|
197
219
|
rc = ngx_regex_exec_array(rlcf->regex, &referer, r->connection->log);
|
@@ -251,8 +273,17 @@ ngx_http_referer_create_conf(ngx_conf_t *cf)
|
|
251
273
|
return NULL;
|
252
274
|
}
|
253
275
|
|
276
|
+
/*
|
277
|
+
* set by ngx_pcalloc():
|
278
|
+
*
|
279
|
+
* conf->hash = { NULL };
|
280
|
+
* conf->server_names = 0;
|
281
|
+
* conf->keys = NULL;
|
282
|
+
*/
|
283
|
+
|
254
284
|
#if (NGX_PCRE)
|
255
285
|
conf->regex = NGX_CONF_UNSET_PTR;
|
286
|
+
conf->server_name_regex = NGX_CONF_UNSET_PTR;
|
256
287
|
#endif
|
257
288
|
|
258
289
|
conf->no_referer = NGX_CONF_UNSET;
|
@@ -270,13 +301,18 @@ ngx_http_referer_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
270
301
|
ngx_http_referer_conf_t *prev = parent;
|
271
302
|
ngx_http_referer_conf_t *conf = child;
|
272
303
|
|
273
|
-
|
304
|
+
ngx_uint_t n;
|
305
|
+
ngx_hash_init_t hash;
|
306
|
+
ngx_http_server_name_t *sn;
|
307
|
+
ngx_http_core_srv_conf_t *cscf;
|
274
308
|
|
275
309
|
if (conf->keys == NULL) {
|
276
310
|
conf->hash = prev->hash;
|
277
311
|
|
278
312
|
#if (NGX_PCRE)
|
279
313
|
ngx_conf_merge_ptr_value(conf->regex, prev->regex, NULL);
|
314
|
+
ngx_conf_merge_ptr_value(conf->server_name_regex,
|
315
|
+
prev->server_name_regex, NULL);
|
280
316
|
#endif
|
281
317
|
ngx_conf_merge_value(conf->no_referer, prev->no_referer, 0);
|
282
318
|
ngx_conf_merge_value(conf->blocked_referer, prev->blocked_referer, 0);
|
@@ -288,6 +324,33 @@ ngx_http_referer_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
288
324
|
return NGX_CONF_OK;
|
289
325
|
}
|
290
326
|
|
327
|
+
if (conf->server_names == 1) {
|
328
|
+
cscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_core_module);
|
329
|
+
|
330
|
+
sn = cscf->server_names.elts;
|
331
|
+
for (n = 0; n < cscf->server_names.nelts; n++) {
|
332
|
+
|
333
|
+
#if (NGX_PCRE)
|
334
|
+
if (sn[n].regex) {
|
335
|
+
|
336
|
+
if (ngx_http_add_regex_server_name(cf, conf, sn[n].regex)
|
337
|
+
!= NGX_OK)
|
338
|
+
{
|
339
|
+
return NGX_CONF_ERROR;
|
340
|
+
}
|
341
|
+
|
342
|
+
continue;
|
343
|
+
}
|
344
|
+
#endif
|
345
|
+
|
346
|
+
if (ngx_http_add_referer(cf, conf->keys, &sn[n].name, NULL)
|
347
|
+
!= NGX_OK)
|
348
|
+
{
|
349
|
+
return NGX_CONF_ERROR;
|
350
|
+
}
|
351
|
+
}
|
352
|
+
}
|
353
|
+
|
291
354
|
if ((conf->no_referer == 1 || conf->blocked_referer == 1)
|
292
355
|
&& conf->keys->keys.nelts == 0
|
293
356
|
&& conf->keys->dns_wc_head.nelts == 0
|
@@ -366,6 +429,8 @@ ngx_http_referer_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
366
429
|
|
367
430
|
#if (NGX_PCRE)
|
368
431
|
ngx_conf_merge_ptr_value(conf->regex, prev->regex, NULL);
|
432
|
+
ngx_conf_merge_ptr_value(conf->server_name_regex, prev->server_name_regex,
|
433
|
+
NULL);
|
369
434
|
#endif
|
370
435
|
|
371
436
|
if (conf->no_referer == NGX_CONF_UNSET) {
|
@@ -389,15 +454,12 @@ ngx_http_valid_referers(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
389
454
|
|
390
455
|
u_char *p;
|
391
456
|
ngx_str_t *value, uri, name;
|
392
|
-
ngx_uint_t i
|
457
|
+
ngx_uint_t i;
|
393
458
|
ngx_http_variable_t *var;
|
394
|
-
ngx_http_server_name_t *sn;
|
395
|
-
ngx_http_core_srv_conf_t *cscf;
|
396
459
|
|
397
460
|
ngx_str_set(&name, "invalid_referer");
|
398
461
|
|
399
|
-
var = ngx_http_add_variable(cf, &name,
|
400
|
-
NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOHASH);
|
462
|
+
var = ngx_http_add_variable(cf, &name, NGX_HTTP_VAR_CHANGEABLE);
|
401
463
|
if (var == NULL) {
|
402
464
|
return NGX_CONF_ERROR;
|
403
465
|
}
|
@@ -437,48 +499,21 @@ ngx_http_valid_referers(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
437
499
|
continue;
|
438
500
|
}
|
439
501
|
|
440
|
-
ngx_str_null(&uri);
|
441
|
-
|
442
502
|
if (ngx_strcmp(value[i].data, "server_names") == 0) {
|
443
|
-
|
444
|
-
cscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_core_module);
|
445
|
-
|
446
|
-
sn = cscf->server_names.elts;
|
447
|
-
for (n = 0; n < cscf->server_names.nelts; n++) {
|
448
|
-
|
449
|
-
#if (NGX_PCRE)
|
450
|
-
if (sn[n].regex) {
|
451
|
-
|
452
|
-
if (ngx_http_add_regex_referer(cf, rlcf, &sn[n].name,
|
453
|
-
sn[n].regex->regex)
|
454
|
-
!= NGX_OK)
|
455
|
-
{
|
456
|
-
return NGX_CONF_ERROR;
|
457
|
-
}
|
458
|
-
|
459
|
-
continue;
|
460
|
-
}
|
461
|
-
#endif
|
462
|
-
|
463
|
-
if (ngx_http_add_referer(cf, rlcf->keys, &sn[n].name, &uri)
|
464
|
-
!= NGX_OK)
|
465
|
-
{
|
466
|
-
return NGX_CONF_ERROR;
|
467
|
-
}
|
468
|
-
}
|
469
|
-
|
503
|
+
rlcf->server_names = 1;
|
470
504
|
continue;
|
471
505
|
}
|
472
506
|
|
473
507
|
if (value[i].data[0] == '~') {
|
474
|
-
if (ngx_http_add_regex_referer(cf, rlcf, &value[i]
|
475
|
-
{
|
508
|
+
if (ngx_http_add_regex_referer(cf, rlcf, &value[i]) != NGX_OK) {
|
476
509
|
return NGX_CONF_ERROR;
|
477
510
|
}
|
478
511
|
|
479
512
|
continue;
|
480
513
|
}
|
481
514
|
|
515
|
+
ngx_str_null(&uri);
|
516
|
+
|
482
517
|
p = (u_char *) ngx_strchr(value[i].data, '/');
|
483
518
|
|
484
519
|
if (p) {
|
@@ -496,20 +531,20 @@ ngx_http_valid_referers(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
496
531
|
}
|
497
532
|
|
498
533
|
|
499
|
-
static
|
534
|
+
static ngx_int_t
|
500
535
|
ngx_http_add_referer(ngx_conf_t *cf, ngx_hash_keys_arrays_t *keys,
|
501
536
|
ngx_str_t *value, ngx_str_t *uri)
|
502
537
|
{
|
503
538
|
ngx_int_t rc;
|
504
539
|
ngx_str_t *u;
|
505
540
|
|
506
|
-
if (uri->len == 0) {
|
541
|
+
if (uri == NULL || uri->len == 0) {
|
507
542
|
u = NGX_HTTP_REFERER_NO_URI_PART;
|
508
543
|
|
509
544
|
} else {
|
510
545
|
u = ngx_palloc(cf->pool, sizeof(ngx_str_t));
|
511
546
|
if (u == NULL) {
|
512
|
-
return
|
547
|
+
return NGX_ERROR;
|
513
548
|
}
|
514
549
|
|
515
550
|
*u = *uri;
|
@@ -518,7 +553,7 @@ ngx_http_add_referer(ngx_conf_t *cf, ngx_hash_keys_arrays_t *keys,
|
|
518
553
|
rc = ngx_hash_add_key(keys, value, u, NGX_HASH_WILDCARD_KEY);
|
519
554
|
|
520
555
|
if (rc == NGX_OK) {
|
521
|
-
return
|
556
|
+
return NGX_OK;
|
522
557
|
}
|
523
558
|
|
524
559
|
if (rc == NGX_DECLINED) {
|
@@ -531,13 +566,13 @@ ngx_http_add_referer(ngx_conf_t *cf, ngx_hash_keys_arrays_t *keys,
|
|
531
566
|
"conflicting parameter \"%V\"", value);
|
532
567
|
}
|
533
568
|
|
534
|
-
return
|
569
|
+
return NGX_ERROR;
|
535
570
|
}
|
536
571
|
|
537
572
|
|
538
|
-
static
|
573
|
+
static ngx_int_t
|
539
574
|
ngx_http_add_regex_referer(ngx_conf_t *cf, ngx_http_referer_conf_t *rlcf,
|
540
|
-
ngx_str_t *name
|
575
|
+
ngx_str_t *name)
|
541
576
|
{
|
542
577
|
#if (NGX_PCRE)
|
543
578
|
ngx_regex_elt_t *re;
|
@@ -546,26 +581,19 @@ ngx_http_add_regex_referer(ngx_conf_t *cf, ngx_http_referer_conf_t *rlcf,
|
|
546
581
|
|
547
582
|
if (name->len == 1) {
|
548
583
|
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "empty regex in \"%V\"", name);
|
549
|
-
return
|
584
|
+
return NGX_ERROR;
|
550
585
|
}
|
551
586
|
|
552
587
|
if (rlcf->regex == NGX_CONF_UNSET_PTR) {
|
553
588
|
rlcf->regex = ngx_array_create(cf->pool, 2, sizeof(ngx_regex_elt_t));
|
554
589
|
if (rlcf->regex == NULL) {
|
555
|
-
return
|
590
|
+
return NGX_ERROR;
|
556
591
|
}
|
557
592
|
}
|
558
593
|
|
559
594
|
re = ngx_array_push(rlcf->regex);
|
560
595
|
if (re == NULL) {
|
561
|
-
return
|
562
|
-
}
|
563
|
-
|
564
|
-
if (regex) {
|
565
|
-
re->regex = regex;
|
566
|
-
re->name = name->data;
|
567
|
-
|
568
|
-
return NGX_CONF_OK;
|
596
|
+
return NGX_ERROR;
|
569
597
|
}
|
570
598
|
|
571
599
|
name->len--;
|
@@ -581,13 +609,13 @@ ngx_http_add_regex_referer(ngx_conf_t *cf, ngx_http_referer_conf_t *rlcf,
|
|
581
609
|
|
582
610
|
if (ngx_regex_compile(&rc) != NGX_OK) {
|
583
611
|
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "%V", &rc.err);
|
584
|
-
return
|
612
|
+
return NGX_ERROR;
|
585
613
|
}
|
586
614
|
|
587
615
|
re->regex = rc.regex;
|
588
616
|
re->name = name->data;
|
589
617
|
|
590
|
-
return
|
618
|
+
return NGX_OK;
|
591
619
|
|
592
620
|
#else
|
593
621
|
|
@@ -595,12 +623,42 @@ ngx_http_add_regex_referer(ngx_conf_t *cf, ngx_http_referer_conf_t *rlcf,
|
|
595
623
|
"the using of the regex \"%V\" requires PCRE library",
|
596
624
|
name);
|
597
625
|
|
598
|
-
return
|
626
|
+
return NGX_ERROR;
|
599
627
|
|
600
628
|
#endif
|
601
629
|
}
|
602
630
|
|
603
631
|
|
632
|
+
#if (NGX_PCRE)
|
633
|
+
|
634
|
+
static ngx_int_t
|
635
|
+
ngx_http_add_regex_server_name(ngx_conf_t *cf, ngx_http_referer_conf_t *rlcf,
|
636
|
+
ngx_http_regex_t *regex)
|
637
|
+
{
|
638
|
+
ngx_regex_elt_t *re;
|
639
|
+
|
640
|
+
if (rlcf->server_name_regex == NGX_CONF_UNSET_PTR) {
|
641
|
+
rlcf->server_name_regex = ngx_array_create(cf->pool, 2,
|
642
|
+
sizeof(ngx_regex_elt_t));
|
643
|
+
if (rlcf->server_name_regex == NULL) {
|
644
|
+
return NGX_ERROR;
|
645
|
+
}
|
646
|
+
}
|
647
|
+
|
648
|
+
re = ngx_array_push(rlcf->server_name_regex);
|
649
|
+
if (re == NULL) {
|
650
|
+
return NGX_ERROR;
|
651
|
+
}
|
652
|
+
|
653
|
+
re->regex = regex->regex;
|
654
|
+
re->name = regex->name.data;
|
655
|
+
|
656
|
+
return NGX_OK;
|
657
|
+
}
|
658
|
+
|
659
|
+
#endif
|
660
|
+
|
661
|
+
|
604
662
|
static int ngx_libc_cdecl
|
605
663
|
ngx_http_cmp_referer_wildcards(const void *one, const void *two)
|
606
664
|
{
|