From: Nick Kew <niq@apache.org>
Date: Sun, 7 Oct 2007 14:14:32 +0000 (+0000)
Subject: Backport r581117
X-Git-Tag: 2.2.7~338
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea7b09b8c0a4214c78431b289f0d2e91d60f08c3;p=thirdparty%2Fapache%2Fhttpd.git

Backport r581117
Default to NOT setting Max-Forwards in violation of RFC2616
PR 16137


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@582635 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 07fa8e19db4..e98bf38eca2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,11 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.2.7
 
+  *) mod_proxy: Don't by default violate RFC2616 by setting
+     Max-Forwards when the client didn't send it to us.
+     Leave that as a configuration option.
+     PR 16137 [Nick Kew]
+
   *) scoreboard: improve error message on apr_shm_create failure
      PR 40037 [Nick Kew]
 
diff --git a/STATUS b/STATUS
index 7f17d9d5336..f98c4173067 100644
--- a/STATUS
+++ b/STATUS
@@ -79,15 +79,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * mod_proxy: Don't by default violate RFC2616 by setting
-     Max-Forwards when the client didn't send it to us.
-     PR 16137
-     http://svn.apache.org/viewvc?view=rev&revision=581117 (code)
-     http://svn.apache.org/viewvc?view=rev&revision=581253 (docs)
-     +1: niq, rpluem, trawick (who assumes that the "/2.3" in "default
-         behaviour changed in 2.2.7/2.3" will be stripped from trunk 
-         and 2.2.x as part of the backport operation)
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 
diff --git a/docs/manual/mod/mod_proxy.xml b/docs/manual/mod/mod_proxy.xml
index 2cc767dc856..4eca8e0ad6a 100644
--- a/docs/manual/mod/mod_proxy.xml
+++ b/docs/manual/mod/mod_proxy.xml
@@ -1080,20 +1080,29 @@ connections</description>
 <description>Maximium number of proxies that a request can be forwarded
 through</description>
 <syntax>ProxyMaxForwards <var>number</var></syntax>
-<default>ProxyMaxForwards 10</default>
+<default>ProxyMaxForwards -1</default>
 <contextlist><context>server config</context><context>virtual host</context>
 </contextlist>
-<compatibility>Available in Apache 2.0 and later</compatibility>
+<compatibility>Available in Apache 2.0 and later;
+	default behaviour changed in 2.2.7</compatibility>
 
 <usage>
     <p>The <directive>ProxyMaxForwards</directive> directive specifies the
     maximum number of proxies through which a request may pass, if there's no
-    <code>Max-Forwards</code> header supplied with the request. This is
-    set to prevent infinite proxy loops, or a DoS attack.</p>
+    <code>Max-Forwards</code> header supplied with the request. This may
+    be set to prevent infinite proxy loops, or a DoS attack.</p>
 
     <example><title>Example</title>
       ProxyMaxForwards 15
     </example>
+
+    <p>Note that setting <directive>ProxyMaxForwards</directive> is a
+    violation of the HTTP/1.1 protocol (RFC2616), which forbids a Proxy
+    setting <code>Max-Forwards</code> if the Client didn't set it.
+    Earlier Apache versions would always set it.  A negative
+    <directive>ProxyMaxForwards</directive> value, including the
+    default -1, gives you protocol-compliant behaviour, but may
+    leave you open to loops.</p>
 </usage>
 </directivesynopsis>
 
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index 33fb60d8fa2..7a1aa14e922 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -692,8 +692,10 @@ static int proxy_handler(request_rec *r)
         /* set configured max-forwards */
         maxfwd = conf->maxfwd;
     }
-    apr_table_set(r->headers_in, "Max-Forwards",
-                  apr_psprintf(r->pool, "%ld", (maxfwd > 0) ? maxfwd : 0));
+    if (maxfwd > 0) {
+        apr_table_set(r->headers_in, "Max-Forwards",
+                      apr_psprintf(r->pool, "%ld", (maxfwd > 0) ? maxfwd : 0));
+    }
 
     if (r->method_number == M_TRACE) {
         core_server_config *coreconf = (core_server_config *)
@@ -1440,9 +1442,6 @@ static const char *
     proxy_server_conf *psf =
     ap_get_module_config(parms->server->module_config, &proxy_module);
     long s = atol(arg);
-    if (s < 0) {
-        return "ProxyMaxForwards must be greater or equal to zero..";
-    }
 
     psf->maxfwd = s;
     psf->maxfwd_set = 1;
diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
index f2c89747887..0f25caaff98 100644
--- a/modules/proxy/mod_proxy.h
+++ b/modules/proxy/mod_proxy.h
@@ -94,7 +94,10 @@ enum enctype {
 #endif /*APR_CHARSET_EBCDIC*/
 
 /* default Max-Forwards header setting */
-#define DEFAULT_MAX_FORWARDS    10
+/* Set this to -1, which complies with RFC2616 by not setting
+ * max-forwards if the client didn't send it to us.
+ */
+#define DEFAULT_MAX_FORWARDS    -1
 
 /* static information about a remote proxy */
 struct proxy_remote {