From 93e322346460664c3f8454e81d3d9a1cafc9b8d7 Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Tue, 17 May 2022 18:17:44 +0000 Subject: [PATCH] Merge r from trunk: Submitted by: icing, rpluem, ylavic Reviewed by: jim Github: closes #317 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1901009 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 91 +++++++++-------- STATUS | 5 - changes-entries/md_acme_failover.txt | 7 -- .../mod_proxy_log_backend_port.txt | 2 - modules/http2/h2_mplx.c | 99 ------------------- modules/http2/h2_version.h | 2 +- 6 files changed, 50 insertions(+), 156 deletions(-) delete mode 100644 changes-entries/md_acme_failover.txt delete mode 100644 changes-entries/mod_proxy_log_backend_port.txt diff --git a/CHANGES b/CHANGES index 92af09bc0b7..a8ef8240ef2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,13 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.54 + *) mod_http2: removing unscheduling of ongonig tasks when + connection shows potential abuse by a client. This proved + counter-productive and the abuse detection can false flag + requests using server-side-events. + Fixes . + [Stefan Eissing] + *) Implement full auto status ("key: value" type status output). Especially not only status summary counts for certificates and OCSP stapling but also lists. Auto status format is similar to @@ -686,7 +693,7 @@ Changes with Apache 2.4.47 *) mod_ssl: Improve the coalescing filter to buffer into larger TLS records, and avoid revealing the HTTP header size via TLS record boundaries (for common response generators). - [Joe Orton, Ruediger Pluem] + [Joe Orton, Ruediger Pluem] *) mod_proxy_hcheck: Don't pile up health checks if the previous one did not finish before hcinterval. PR 63010. [Yann Ylavic] @@ -707,7 +714,7 @@ Changes with Apache 2.4.47 allowing for (non-)Upgrade negotiation with the origin server. [Yann Ylavic] - *) mod_proxy: Allow ProxyErrorOverride to be restricted to specific status + *) mod_proxy: Allow ProxyErrorOverride to be restricted to specific status codes. PR63628. [Martin Drößler ] *) core: Add ReadBufferSize, FlushMaxThreshold and FlushMaxPipelined @@ -740,7 +747,7 @@ Changes with Apache 2.4.47 *) mod_rewrite: Extend the [CO] (cookie) flag of RewriteRule to accept a SameSite attribute. [Eric Covener] - *) mod_proxy: Add proxy check_trans hook. This allows proxy + *) mod_proxy: Add proxy check_trans hook. This allows proxy modules to decline request handling at early stage. *) mod_proxy_wstunnel: Decline requests without an Upgrade @@ -795,10 +802,10 @@ Changes with Apache 2.4.44 *) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard protocol limit). [Yann Ylavic] - *) mod_http2: - Fixes : + *) mod_http2: + Fixes : "LimitRequestFields 0" now disables the limit, as documented. - Fixes : + Fixes : Do not count repeated headers with same name against the field count limit. The are merged internally, as if sent in a single HTTP/1 line. [Stefan Eissing] @@ -865,7 +872,7 @@ Changes with Apache 2.4.42 *) mod_proxy_http: Fix the forwarding of requests with content body when a balancer member is unavailable; the retry on the next member was issued - with an empty body (regression introduced in 2.4.41). PR63891. + with an empty body (regression introduced in 2.4.41). PR63891. [Yann Ylavic] *) core: Use a temporary file when writing the pid file, avoiding @@ -883,7 +890,7 @@ Changes with Apache 2.4.42 *) mod_authz_groupfile: Drop AH01666 from loglevel "error" to "info". PR64172. - *) mod_usertrack: Add CookieSameSite, CookieHTTPOnly, and CookieSecure + *) mod_usertrack: Add CookieSameSite, CookieHTTPOnly, and CookieSecure to allow customization of the usertrack cookie. PR64077. [Prashant Keshvani , Eric Covener] @@ -922,7 +929,7 @@ Changes with Apache 2.4.42 allow for use in and sections. If all possible variations lead to the configuration you wanted in the first place, is another matter. [Michael Kaufmann , Timothe Litt (@tlhackque), - Michal Karm Babacek (@Karm), Stefan Eissing (@icing)] + Michal Karm Babacek (@Karm), Stefan Eissing (@icing)] *) test: Added continuous testing with Travis CI. This tests various scenarios on Ubuntu with the full test suite. @@ -951,18 +958,18 @@ Changes with Apache 2.4.42 r:notes_table, r:subprocess_env_table as read-only native table alternatives that can be iterated over. [Eric Covener] - *) mod_http2: Fixed rare cases where a h2 worker could deadlock the main connection. + *) mod_http2: Fixed rare cases where a h2 worker could deadlock the main connection. [Yann Ylavic, Stefan Eissing] - *) mod_lua: Accept nil assignments to the exposed tables (r.subprocess_env, - r.headers_out, etc) to remove the key from the table. PR63971. + *) mod_lua: Accept nil assignments to the exposed tables (r.subprocess_env, + r.headers_out, etc) to remove the key from the table. PR63971. [Eric Covener] *) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the - ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct` + ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct` always `on`, regardless of configuration. Found and reported by and - . [Stefan Eissing] + . [Stefan Eissing] *) mod_http2: Multiple field length violations in the same request no longer cause several log entries to be written. [@mkauf] @@ -972,7 +979,7 @@ Changes with Apache 2.4.42 *) mod_proxy_html, mod_xml2enc: Fix build issues with macOS due to r1864469 [Jim Jagielski] - + *) mod_authn_socache: Increase the maximum length of strings that can be cached by the module from 100 to 256. PR 62149 [] @@ -986,7 +993,7 @@ Changes with Apache 2.4.42 *) mod_deflate, mod_brotli: honor "Accept-Encoding: foo;q=0" as per RFC 7231; which means 'foo' is "not acceptable". PR 58158 [Chistophe Jaillet] - *) mod_md v2.2.3: + *) mod_md v2.2.3: - Configuring MDCAChallenges replaces any previous existing challenge configuration. It had been additive before which was not the intended behaviour. [@mkauf] - Fixing order of ACME challenges used when nothing else configured. Code now behaves as @@ -1009,7 +1016,7 @@ Changes with Apache 2.4.42 locations or formats. [Stefan Eissing] - *) mod_proxy_balancer: Fix case-sensitive referer check related to CSRF/XSS + *) mod_proxy_balancer: Fix case-sensitive referer check related to CSRF/XSS protection. PR 63688. [Armin Abfalterer ] Changes with Apache 2.4.41 @@ -1045,7 +1052,7 @@ Changes with Apache 2.4.41 leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. [Stefan Eissing] - *) mod_proxy_balancer: Improve balancer-manager protection against + *) mod_proxy_balancer: Improve balancer-manager protection against XSS/XSRF attacks from trusted users. [Joe Orton, Niels Heinen ] @@ -1061,7 +1068,7 @@ Changes with Apache 2.4.41 Changes with Apache 2.4.40 - *) core, mod_rewrite: Set PCRE_DOTALL by default. Revert via + *) core, mod_rewrite: Set PCRE_DOTALL by default. Revert via RegexDefaultOptions -DOTALL [Yann Ylavic] *) core: Remove request details from built-in error documents [Eric Covener] @@ -1093,13 +1100,13 @@ Changes with Apache 2.4.40 other modules want to provide those. Falls back to own implementation with same behaviour as before. [Stefan Eissing] - + *) mod_md: new features - protocol - supports the ACMEv2 protocol. It is the default and will be used on the next certificate renewal, unless another "MDCertificateAuthority" is configured - ACMEv2 endpoints use the GET via empty POST way of accessing resources, see - announcement by Let's Encrypt: + announcement by Let's Encrypt: https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380 - challenges - new challenge method 'tls-alpn-01' implemented @@ -1211,41 +1218,41 @@ Changes with Apache 2.4.39 *) core: new configuration option 'MergeSlashes on|off' that controls handling of multiple, consecutive slash ('/') characters in the path component of the request URL. [Eric Covener] - + *) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED. - Fixed. [Michael Kaufmann] + Fixed. [Michael Kaufmann] - *) mod_http2: new configuration directive: `H2Padding numbits` to control + *) mod_http2: new configuration directive: `H2Padding numbits` to control padding of HTTP/2 payload frames. 'numbits' is a number from 0-8, controlling the range of padding bytes added to a frame. The actual number added is chosen randomly per frame. This applies to HEADERS, DATA and PUSH_PROMISE - frames equally. The default continues to be 0, e.g. no padding. [Stefan Eissing] - + frames equally. The default continues to be 0, e.g. no padding. [Stefan Eissing] + *) mod_http2: ripping out all the h2_req_engine internal features now that mod_proxy_http2 has no more need for it. Optional functions are still declared but no longer implemented. While previous mod_proxy_http2 will work with this, it is recommended to run the matching versions of both modules. [Stefan Eissing] - + *) mod_proxy_http2: changed mod_proxy_http2 implementation and fixed several bugs which resolve PR63170. The proxy module does now a single h2 request on the (reused) connection and returns. [Stefan Eissing] - - *) mod_http2/mod_proxy_http2: proxy_http2 checks correct master connection aborted status + + *) mod_http2/mod_proxy_http2: proxy_http2 checks correct master connection aborted status to trigger immediate shutdown of backend connections. This is now always signalled - by mod_http2 when the the session is being released. + by mod_http2 when the the session is being released. proxy_http2 now only sends a PING frame to the backend when there is not already one in flight. [Stefan Eissing] - *) mod_proxy_http2: fixed an issue where a proxy_http2 handler entered an infinite - loop when encountering certain errors on the backend connection. + *) mod_proxy_http2: fixed an issue where a proxy_http2 handler entered an infinite + loop when encountering certain errors on the backend connection. See . [Stefan Eissing] - *) mod_http2: Configuration directives H2Push and H2Upgrade can now be specified per + *) mod_http2: Configuration directives H2Push and H2Upgrade can now be specified per Location/Directory, e.g. disabling PUSH for a specific set of resources. [Stefan Eissing] *) mod_http2: HEAD requests to some module such as mod_cgid caused the stream to - terminate improperly and cause a HTTP/2 PROTOCOL_ERROR. + terminate improperly and cause a HTTP/2 PROTOCOL_ERROR. Fixes . [Michael Kaufmann] *) http: Fix possible empty response with mod_ratelimit for HEAD requests. @@ -1293,13 +1300,13 @@ Changes with Apache 2.4.38 *) mod_negotiation: Treat LanguagePriority as case-insensitive to match AddLanguage behavior and HTTP specification. PR 39730 [Christophe Jaillet] - + *) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges have been fixed. [Michael Kaufmann, Stefan Eissing] - + *) mod_setenvif: We can have expressions that become true if a regex pattern in the expression does NOT match. In this case val is NULL - and we should just set the value for the environment variable + and we should just set the value for the environment variable like in the pattern case. [Ruediger Pluem] *) mod_session: Always decode session attributes early. [Hank Ibell] @@ -1308,7 +1315,7 @@ Changes with Apache 2.4.38 multiple environment variables are specified in a directive. [Hank Ibell] *) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when - this type of map is present in the configuration. PR62311. + this type of map is present in the configuration. PR62311. [Hank Ibell ] *) mod_dav: Fix invalid Location header when a resource is created by @@ -1332,7 +1339,7 @@ Changes with Apache 2.4.38 *) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative redirects, subsequent ProxyPassReverse statements, whether they are relative or absolute, may fail. PR 60408. [Peter Haworth ] - + *) mod_lua: Now marked as a stable module [https://s.apache.org/Xnh1] Changes with Apache 2.4.37 @@ -1361,9 +1368,9 @@ Changes with Apache 2.4.36 [Eric Covener] *) mod_http2: adding defensive code for stream EOS handling, in case the request handler - missed to signal it the normal way (eos buckets). Addresses github issues + missed to signal it the normal way (eos buckets). Addresses github issues https://github.com/icing/mod_h2/issues/164, https://github.com/icing/mod_h2/issues/167 - and https://github.com/icing/mod_h2/issues/170. [Stefan Eissing] + and https://github.com/icing/mod_h2/issues/170. [Stefan Eissing] *) ab: Add client certificate support. PR 55774. [Graham Leggett] @@ -1441,7 +1448,7 @@ Changes with Apache 2.4.35 *) mod_watchdog: Correct some log messages. [Rainer Jung] *) mod_md: When the last domain name from an MD is moved to another one, - that now empty MD gets moved to the store archive. PR 62572. + that now empty MD gets moved to the store archive. PR 62572. [Stefan Eissing] *) mod_ssl: Fix merging of SSLOCSPOverrideResponder. [Jeff Trawick, diff --git a/STATUS b/STATUS index a962ef4b7ac..79b6c44bdf9 100644 --- a/STATUS +++ b/STATUS @@ -163,11 +163,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: ylavic: I think "extra" should be an apr_size_t. icing: added r1899905 with the proposed changes and assertions. - *) mod_http2: remove unscheduling of ongoing tasks when client - behaviour triggers mood change. Fixes https://github.com/icing/mod_h2/issues/231 - Trunk version of patch: n.a. - 2.4.x patch: https://github.com/apache/httpd/pull/317.diff - +1: icing, rpluem, ylavic PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/changes-entries/md_acme_failover.txt b/changes-entries/md_acme_failover.txt deleted file mode 100644 index bb1999c9a95..00000000000 --- a/changes-entries/md_acme_failover.txt +++ /dev/null @@ -1,7 +0,0 @@ - *) mod_md: the `MDCertificateAuthority` directive can take more than one URL/name of - an ACME CA. This gives a failover for renewals when several consecutive attempts - to get a certificate failed. - A new directive was added: `MDRetryDelay` sets the delay of retries. - A new directive was added: `MDRetryFailover` sets the number of errored - attempts before an alternate CA is selected for certificate renewals. - [Stefan Eissing] diff --git a/changes-entries/mod_proxy_log_backend_port.txt b/changes-entries/mod_proxy_log_backend_port.txt deleted file mode 100644 index 0a96679e23b..00000000000 --- a/changes-entries/mod_proxy_log_backend_port.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) mod_proxy: Add backend port to log messages to - ease identification of involved service. diff --git a/modules/http2/h2_mplx.c b/modules/http2/h2_mplx.c index e02ad4e58b3..25e8e440846 100644 --- a/modules/http2/h2_mplx.c +++ b/modules/http2/h2_mplx.c @@ -861,102 +861,6 @@ void h2_mplx_s_task_done(h2_mplx *m, h2_task *task, h2_task **ptask) * h2_mplx DoS protection ******************************************************************************/ -static int m_timed_out_busy_iter(void *data, void *val) -{ - stream_iter_ctx *ctx = data; - h2_stream *stream = val; - if (h2_task_has_started(stream->task) && !stream->task->worker_done - && (ctx->now - stream->task->started_at) > stream->task->timeout) { - /* timed out stream occupying a worker, found */ - ctx->stream = stream; - return 0; - } - return 1; -} - -static h2_stream *m_get_timed_out_busy_stream(h2_mplx *m) -{ - stream_iter_ctx ctx; - ctx.m = m; - ctx.stream = NULL; - ctx.now = apr_time_now(); - h2_ihash_iter(m->streams, m_timed_out_busy_iter, &ctx); - return ctx.stream; -} - -static int m_latest_repeatable_unsubmitted_iter(void *data, void *val) -{ - stream_iter_ctx *ctx = data; - h2_stream *stream = val; - - if (!stream->task) goto leave; - if (!h2_task_has_started(stream->task) || stream->task->worker_done) goto leave; - if (h2_stream_is_ready(stream)) goto leave; - if (stream->task->redo) { - ++ctx->count; - goto leave; - } - if (h2_task_can_redo(stream->task)) { - /* this task occupies a worker, the response has not been submitted - * yet, not been cancelled and it is a repeatable request - * -> we could redo it later */ - if (!ctx->stream - || (ctx->stream->task->started_at < stream->task->started_at)) { - /* we did not have one or this one was started later */ - ctx->stream = stream; - } - } -leave: - return 1; -} - -static apr_status_t m_assess_task_to_throttle(h2_task **ptask, h2_mplx *m) -{ - stream_iter_ctx ctx; - - /* count the running tasks already marked for redo and get one that could - * be throttled */ - *ptask = NULL; - ctx.m = m; - ctx.stream = NULL; - ctx.count = 0; - h2_ihash_iter(m->streams, m_latest_repeatable_unsubmitted_iter, &ctx); - if (m->tasks_active - ctx.count > m->limit_active) { - /* we are above the limit of running tasks, accounting for the ones - * already throttled. */ - if (ctx.stream && ctx.stream->task) { - *ptask = ctx.stream->task; - return APR_EAGAIN; - } - /* above limit, be seeing no candidate for easy throttling */ - if (m_get_timed_out_busy_stream(m)) { - /* Too many busy workers, unable to cancel enough streams - * and with a busy, timed out stream, we tell the client - * to go away... */ - return APR_TIMEUP; - } - } - return APR_SUCCESS; -} - -static apr_status_t m_unschedule_slow_tasks(h2_mplx *m) -{ - h2_task *task; - apr_status_t rv; - - /* Try to get rid of streams that occupy workers. Look for safe requests - * that are repeatable. If none found, fail the connection. - */ - while (APR_EAGAIN == (rv = m_assess_task_to_throttle(&task, m))) { - ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, m->c, - "h2_mplx(%s): unschedule, resetting task for redo later", - task->id); - task->redo = 1; - h2_task_rst(task, H2_ERR_CANCEL); - } - return rv; -} - static apr_status_t s_mplx_be_happy(h2_mplx *m, h2_task *task) { apr_time_t now; @@ -1006,9 +910,6 @@ static apr_status_t m_be_annoyed(h2_mplx *m) m->id, m->limit_active); } - if (m->tasks_active > m->limit_active) { - status = m_unschedule_slow_tasks(m); - } return status; } diff --git a/modules/http2/h2_version.h b/modules/http2/h2_version.h index 7cb2d3511e8..d9d0bd25684 100644 --- a/modules/http2/h2_version.h +++ b/modules/http2/h2_version.h @@ -27,7 +27,7 @@ * @macro * Version number of the http2 module as c string */ -#define MOD_HTTP2_VERSION "1.15.26" +#define MOD_HTTP2_VERSION "1.15.28" /** * @macro -- 2.47.2