| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
This came from a suggestion by Andras Farkas to replace use of
XHTML self-closing tags.
ok cwen@ danj@ florian@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new "dark mode" for httpd(8) directory listings and error pages,
using the prefers-color-scheme css function. It uses the colorscheme already
used in OpenBSD project websites.
This version will only be displayed if the user's browser specifically sends
a "prefer darker themes if available" request.
Input from florian@, danj@ and clematis.
OK florian@, danj@ (on a previous version with the wrong background color)
|
| |
|
|
|
|
|
| |
configuration file.", but occasionally something else fit better; at the
same time, try to make the format for FILES more consistent;
original diff from clematis
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Sometimes you want to redirect a request to another site but maintaining
the same type of connection (http or https) as the original request.
Allow a $REQUEST_SCHEME variable to be used in redirect locations to
allow this, e.g.
location "/cgi-bin/foobar*" { block return 302 "$REQUEST_SCHEME://foobar.example.org$REQUEST_URI" }
|
| |
|
|
|
|
| |
under /var/www for FastCGI servers.
From Nazar Zhuk (nazar AT zhuk DOT online), thanks!
Ok benno
|
| |
|
|
|
|
|
|
|
|
|
|
| |
section in the config, by moving the code down where the Host: header
has been read and the correct server configuration selected.
Note that it may not be that useful to have this option per server,
because it is valid to send requests with different Host: headers over
the same tcp connection.
problem noted and diff from Tracey Emery, thanks!
ok florian@
|
| |
|
|
| |
found by Clemens Goessnitzer, ok and prodded by florian@
|
| |
|
|
| |
OK deraadt
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
was reached. This is not what other servers are doing, it leads to
ugly log messages and might confuse some clients.
benno@ analyzed that the correct behavior is (probably) to send a 408
when we are in the middle of receiving headers and time out there and
just close the connection in all other cases.
In particular, if a connection gets opened and no request is received
at all just close the connection. If a connection is set to keep-alive
and a request was handled and no further request is coming in just
close the connection. The later is the usual cause for spurious log
messages and client confusion.
Reported over the years by many.
Input, explanations and OK benno
|
| |
|
|
|
|
| |
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
| |
|
|
|
|
|
|
| |
Add a QUERY_STRING_ENC macro that is URL encoded.
Patch from Tim Baumgartner
ok reyk
|
| |
|
|
|
|
|
|
| |
instead of the rewritten path and query string.
Patch from Tim Baumgard, reminded by Mischa Peters.
ok benno, reyk
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
by including the contents of the X-Forwarded-For and X-Forwarded-Port
headers. If httpd(8) runs behind a proxy like relayd(8), this allows
tracking the origin of the requests. The format is compatible with
log analyzers such as GoAccess and Webalizer.
Patch from Bruno Flueckiger
ok benno, reyk
|
| |
|
|
|
|
|
|
| |
When not logging anything, do not open files in the first place.
This prevents startup failures on configurations where the log/ directory
is missing but logging is disabled anyway.
OK aja solene reyk
|
| |
|
|
|
|
|
| |
lack of documentation and original diff provided by alfred morgan;
benno helped me track down the applicable options;
ok benno
|
| |
|
|
|
|
|
| |
by alfred morgan, who wanted a tls example in the man page. florian noted
that they exist already in /etc/examples;
ok florian
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This commit extends the existing grammar by adding the param option
to the fastcgi directive: fastcgi param name value.
Example usage:
fastcgi param VAR1 hello
fastcgi param VAR2 world
With help and OK florian@
Rogue manpage bits, feel free to modify them.
|
| |
|
|
|
|
| |
larger types really is a range reduction...
Almost any cast to (unsigned) is a bug.
ok millert tb benno
|
| |
|
|
|
|
| |
in the same way as the http authenticated username is loged.
From Karel Gardas, gardask at gmail dot com, Thanks!
ok florian@
|
| |
|
|
|
|
|
| |
addition to UNIX domain sockets.
Prompted by a mail from Daniel Gracia ( paladdin AT gmail ) pointing out
that we are not documenting TCP support at all, thanks!
Prodding by and with jmc@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
available.
Assuming a httpd.conf based on /etc/examples/httpd.conf, httpd(8)
will only listen on port 80 and serve the acme-challenge directory
for acme-client(1).
The workflow to get a certificate then becomes
acme-client -vAD example.com && rcctl reload httpd
Without the need to edit the httpd.conf yet again. Once the cert
is in place and httpd is reloaded it starts to serve on port 443.
Idea, tweaks & OK deraadt, OK benno
|
| |
|
|
|
|
| |
Very patiently pointed out repeatedly by Tracey Emery ( tracey AT
traceyemery.net ), thanks!
OK benno
|
| |
|
|
| |
from Hiltjo Posthuma (hiltjo(at)codemadness.org)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
| |
|
|
| |
ok florian@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
date: 2018/10/01 19:24:09; author: benno; state: Exp; lines: +7 -1;
commitid: 0O8fyHPNvPd8rvYU;
Only send 408 Timeout responses when we have seen at least part of a
request. Without a request, just close the connection when we hit
request timeout.
Prompted by a bug report from Nikola Kolev, thanks.
ok reyk@ and some suggestions from claudio@ and bluhm@
Mark Patruck (mark AT wrapped DOT cx) found a problem with it, thanks
for the report.
ok reyk@ bluhm@ sthen@ deraadt@
|
| |
|
|
|
|
|
| |
request. Without a request, just close the connection when we hit
request timeout.
Prompted by a bug report from Nikola Kolev, thanks.
ok reyk@ and some suggestions from claudio@ and bluhm@
|
| |
|
|
|
|
|
| |
proc_init(). As a consequence httpd(8) and relayd(8) child processes
did not detach from the terminal anymore. Dup /dev/null to the
stdio file descriptors in the children.
OK benno@
|
| |
|
|
|
|
|
|
| |
RFC 7230 states that a server MUST NOT do so.
At least relayd chokes on this.
Pointed out & diff by Carlin Bingham (cb AT walcyrge.org), thanks!
OK benno
|
| |
|
|
| |
"looks good" gilles@ halex@
|
| |
|
|
|
|
|
| |
for example now it can hold the recommended cipher list from the mozilla
ssl config generator rather than failing with a "ciphers too long" error.
ok benno@ sthen@ tb@
|
| |
|
|
|
|
|
|
| |
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.
ok henning@
|
| |
|
|
|
|
|
|
|
| |
calloc or strdup), we just need to log that we ran out of memory in a
particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For example:
location match "/page/(%d+)/.*" {
request rewrite "/static/index.php?id=%1&$QUERY_STRING"
}
Requested by many.
Ok benno@
|
| |
|
|
|
|
|
| |
use a more general text for the sections, and avoid the catchup issue
that was trying to document how many there were;
ok benno rob
|
| |
|
|
| |
Found by Mischa Peters, thanks
|
| |
|
|
|
|
|
|
| |
Reported by Hidvegi Gabor gaborca websivision hu
Fix found by anton@
OK anton@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
"root strip" was semantically incorrect and did cause some confusion
as it never stripped the root but the client's request path.
Discussed with many. Heads up: this is a grammar change that also
affects acme-client(1) configurations (see current.html).
OK claudio@
|
| |
|
|
|
|
|
|
|
|
| |
This fixes a bug in the macros and log file handler that
double-encoded the query. This does not change FCGI as it was already
handling the query correctly.
Additional verification of the QUERY_STRING should be implemented as well.
OK claudio@
|
| |
|
|
| |
Spotted by benno@
|
| |
|
|
|
|
| |
Thanks to otto@ for the initial diff.
OK benno@
|
| |
|
|
|
|
| |
Otherwise the default port for http or https may used depending on
uninitialized memory. Fixes regress on i386.
OK reyk@
|
| |
|
|
| |
Pointed out by jmc@
|
| |
|
|
|
|
|
|
| |
From Jack Burton <jack at saosce dot com dot au> - thanks!
Also tested by Jan Klemkow <j.klemkow at wemelug dot de>.
ok beck@ reyk@
|
| |
|
|
| |
No functional change, but it makes it easier to deal with the grammar.
|
| | |
|
| | |
|
bentley
cwen
jmc
sthen
florian
benno
deraadt
tb
reyk
kn
pirofti
guenther
sashan
bluhm
miko
jasper
krw
denis
jsing