-*- coding: utf-8 -*-
Changes with Apache 2.2.7
+ *) mod_proxy: Don't by default violate RFC2616 by setting
+ Max-Forwards when the client didn't send it to us.
+ Leave that as a configuration option.
+ PR 16137 [Nick Kew]
+
*) scoreboard: improve error message on apr_shm_create failure
PR 40037 [Nick Kew]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_proxy: Don't by default violate RFC2616 by setting
- Max-Forwards when the client didn't send it to us.
- PR 16137
- http://svn.apache.org/viewvc?view=rev&revision=581117 (code)
- http://svn.apache.org/viewvc?view=rev&revision=581253 (docs)
- +1: niq, rpluem, trawick (who assumes that the "/2.3" in "default
- behaviour changed in 2.2.7/2.3" will be stripped from trunk
- and 2.2.x as part of the backport operation)
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
<description>Maximium number of proxies that a request can be forwarded
through</description>
<syntax>ProxyMaxForwards <var>number</var></syntax>
-<default>ProxyMaxForwards 10</default>
+<default>ProxyMaxForwards -1</default>
<contextlist><context>server config</context><context>virtual host</context>
</contextlist>
-<compatibility>Available in Apache 2.0 and later</compatibility>
+<compatibility>Available in Apache 2.0 and later;
+ default behaviour changed in 2.2.7</compatibility>
<usage>
<p>The <directive>ProxyMaxForwards</directive> directive specifies the
maximum number of proxies through which a request may pass, if there's no
- <code>Max-Forwards</code> header supplied with the request. This is
- set to prevent infinite proxy loops, or a DoS attack.</p>
+ <code>Max-Forwards</code> header supplied with the request. This may
+ be set to prevent infinite proxy loops, or a DoS attack.</p>
<example><title>Example</title>
ProxyMaxForwards 15
</example>
+
+ <p>Note that setting <directive>ProxyMaxForwards</directive> is a
+ violation of the HTTP/1.1 protocol (RFC2616), which forbids a Proxy
+ setting <code>Max-Forwards</code> if the Client didn't set it.
+ Earlier Apache versions would always set it. A negative
+ <directive>ProxyMaxForwards</directive> value, including the
+ default -1, gives you protocol-compliant behaviour, but may
+ leave you open to loops.</p>
</usage>
</directivesynopsis>
/* set configured max-forwards */
maxfwd = conf->maxfwd;
}
- apr_table_set(r->headers_in, "Max-Forwards",
- apr_psprintf(r->pool, "%ld", (maxfwd > 0) ? maxfwd : 0));
+ if (maxfwd > 0) {
+ apr_table_set(r->headers_in, "Max-Forwards",
+ apr_psprintf(r->pool, "%ld", (maxfwd > 0) ? maxfwd : 0));
+ }
if (r->method_number == M_TRACE) {
core_server_config *coreconf = (core_server_config *)
proxy_server_conf *psf =
ap_get_module_config(parms->server->module_config, &proxy_module);
long s = atol(arg);
- if (s < 0) {
- return "ProxyMaxForwards must be greater or equal to zero..";
- }
psf->maxfwd = s;
psf->maxfwd_set = 1;
#endif /*APR_CHARSET_EBCDIC*/
/* default Max-Forwards header setting */
-#define DEFAULT_MAX_FORWARDS 10
+/* Set this to -1, which complies with RFC2616 by not setting
+ * max-forwards if the client didn't send it to us.
+ */
+#define DEFAULT_MAX_FORWARDS -1
/* static information about a remote proxy */
struct proxy_remote {
projects / thirdparty / apache / httpd.git / commitdiff
