summaryrefslogtreecommitdiffstats
path: root/usr.sbin/httpd/server_http.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Return "400 Bad Request" instead of "500 Internal Server Error" forreyk2015-01-061-3/+5
| | | | | | unknown/invalid HTTP requests. From Fabian Raetz at gmail
* add new url stripping option:chrisz2015-01-041-1/+16
| | | | | | | | | | strip number Strip number path components from the beginning of the request URI before looking up the stripped-down URI at the document root. reviewed with much patience and OK by reyk@
* Use the HTML5 doctype for error and auto index pages because it isreyk2015-01-011-3/+2
| | | | | | | | shorter, newer, and the recommendation. From James Jerkins. Exclude the charset for now because it is not explicitly handled by httpd. OK validator.w3.org (This document was successfully checked as HTML5!)
* Stop pulling in <arpa/inet.h> or <arpa/nameser.h> when unnecessary.guenther2014-12-211-2/+1
| | | | | | *Do* pull it in when in_{port,addr}_h is needed and <netinet/in.h> isn't. ok reyk@
* Do not send an error body in a HEAD request answer.florian2014-12-081-17/+25
| | | | | From Bertrand Janin (b at janin dot com), thanks! OK reyk@
* stop viral header propagation. none of this code uses sys/hash.htedu2014-12-041-2/+1
| | | | from Max Fillinger
* Remove unnecessary netinet/in_systm.h include.lteo2014-10-251-2/+1
| | | | ok millert@
* URL-decode the request path.reyk2014-10-221-1/+2
| | | | | Tested by ajacoutot@ and others OK doug@
* Rework the error message a little bit: Do not send details of thereyk2014-10-211-10/+14
| | | | | | | | | error. Traditionally, web servers responsed with the request path on 40x errors which could be abused to inject JavaScript etc. Instead of sanitizing the path, we just don't reprint it. Also modify the style a little bit but keep Comic Sans. With input from Jonas Lindemann and doug@
* whitespace spotted while studying the codederaadt2014-09-291-3/+3
|
* Make the HTTP version mandatory and abort if it is missing in the request.reyk2014-09-151-6/+8
|
* Handle different possible variations of the Host header (eg.reyk2014-09-101-6/+65
| | | | | | | | | | www.example.com, www.example.com:80, [2001:db8::1], [2001:db8::1]:80). The port is optional and is typically used on non-default ports. If the server name is a plain IPv6 address, it is commonly specified in square brackets. Makes ajacoutot@ happy OK florian@
* Add various RFC-based WebDAV methods to the list of accepted HTTP methods.reyk2014-09-051-6/+29
| | | | | | This fixes (Fast)CGI-based WebDAV and CalDAV (calendar) servers with httpd. ok benno@ stsp@
* Remove a limitation that only allowed to specify a server name once.reyk2014-09-051-1/+13
| | | | | | | | | The key has been changed to server name + address + port and now it is possible to use the same server name for multiple servers with different addresses, eg. http://www.example.com and https://www.example.com/. OK doug@ florian@
* Use two instead of one http descriptor for request and response.reyk2014-08-291-30/+48
| | | | OK chrisz@
* Add Last-Modified: HTTP header.chrisz2014-08-211-12/+18
| | | | OK reyk@
* When opening directories, re-match the location after the index filereyk2014-08-081-10/+23
| | | | | | | has been appended. This allows to use a fastcgi target as the default index, for example index.php. OK florian@
* Allow to serve emtpy (0 bytes) files.reyk2014-08-081-4/+4
| | | | | Found by jasper@ OK florian@
* Limit the body size in client requests (eg. POST data) to 1M by default;reyk2014-08-061-1/+7
| | | | | | add a configuration option to change the limit. ok florian@
* http POST supportflorian2014-08-061-10/+11
| | | | with & OK reyk@
* Add braces. Style-only change.reyk2014-08-061-3/+3
|
* Add configuration options for the most-important connection limits:reyk2014-08-051-2/+2
| | | | | | max requests (per connection) and timeout. We don't want to add too many button, and there are good defaults, but these ones are kind of mandatory.
* Limit the number of (Keep-Alive) requests per connection to 100.reyk2014-08-051-1/+4
| | | | (Same default as in nginx and Apache).
* retire blink because this is serious software now; ok beckderaadt2014-08-051-10/+3
|
* httpd doesn't support SSL/TLS yet, remove the remaining bits.reyk2014-08-041-3/+1
| | | | The secrect plan is to add it later using the ressl wrapper library.
* whitespacederaadt2014-08-041-2/+2
|
* Also write log messages, like 404 Not Found, on error. This is a bitreyk2014-08-031-1/+4
| | | | | | | tricky because we couldn't guarantee a sane state after server_response_http() so fail hard afterwards and close the connection. ok doug@
* Allocate http_host instead of carrying a buffer in the descriptor.reyk2014-08-031-5/+13
|
* Dynamically pass HTTP request headers as protocol-specific HTTP_* CGIreyk2014-08-031-6/+7
| | | | | | meta-variables. ok florian@
* Add function to iterate all headers. No functional change.reyk2014-08-031-6/+6
|
* Add another log mode "connection" for a relayd(8)-style log entry afterreyk2014-08-031-3/+10
| | | | | each connection, not every request. The code was already there and enabled on debug, I just turned it into an alternative log format.
* Prefer getnameinfo() with NI_NUMERICHOST over inet_ntop because it is alsoreyk2014-08-031-11/+2
| | | | | aware of the IPv6 scope Id. We already have a function print_host() that uses getnameinfo, so no need for the inet_ntop cases. Confirmed by florian@
* Locations now inherit access log settings from the server.doug2014-08-021-13/+14
| | | | | | Add log to the server flags. input/"Looks ok" reyk@
* Use the log buffer to defer the logging until the connection is closedreyk2014-08-011-7/+12
| | | | | | or the request completed. Turn the old log message into a debug message. ok doug@
* Add common and combined access logging to httpd.doug2014-08-011-1/+90
| | | | ok reyk@
* Only write the HTTP header for the first fastcgi chunk.reyk2014-07-311-1/+2
|
* some fastcgi improvements:reyk2014-07-311-13/+4
| | | | | | | | | | | | - DPRINTF instead of log_info for internal debugging. - submit QUERY_STRING, if it exists - use a proper function to create an HTTP header. - use server_file_error() to detect EOF and fastcgi stream errors. - disable keep-alive/persist for now until we have a reliable way to get the content length from the cgi response or support chunked encoding. "Cool, jep" florian@
* Add a configuration variable "fastcgi" to enable it per server or location.reyk2014-07-311-9/+8
|
* Put in first stab at fastcgi. Very early work in progress. Putting itflorian2014-07-311-2/+6
| | | | | in now so that we can quickly work on it in tree. Requested by reyk@. deraadt@ is OK with this according to reyk@.
* Make "location" work with name-based virtual servers.reyk2014-07-301-7/+19
|
* Add "location" keyword to specify path-specific configuration inreyk2014-07-301-4/+8
| | | | | servers, for example auto index for a sub-directory only. Internally, a "location" is just a special type of a "virtual" server.
* Reset the default Host for each requestreyk2014-07-251-1/+3
|
* It is recommended to use a URL in the Location header of 3xxreyk2014-07-251-8/+56
| | | | | | responses. To accomplish this, add some semantics to retrieve the server host name of a connection: either IP, IP:PORT (if not 80) or [IP6]:PORT, or Host value (if valid).
* Append mandatory Date header to each response.reyk2014-07-251-7/+21
|
* New HTTP/1.1 RFC 7231 prefers IMF-fixdate from RFC 5322.reyk2014-07-251-7/+5
|
* Canonicalize the request path once without the docroot and prepend thereyk2014-07-251-2/+8
| | | | docroot only only when it's needed. Suggested by deraadt@.
* Add support for "virtual hosts" aka. server blocks aka. multiplereyk2014-07-251-1/+20
| | | | | | servers with the same or "overlapping" IP address but a different name. ok beck@
* Split server and server_config.reyk2014-07-251-4/+4
|
* Rename a field, needed later, no functional change.reyk2014-07-251-2/+2
|
* Plug a memleak by correctly free'ing the HTTP descriptor that containsreyk2014-07-241-1/+2
| | | | all the headers etc. of a connection.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.