AgeCommit message (Collapse)AuthorFilesLines
2017-10-01[mod_csrf] module to aid against csrf attackspersonal/stbuehler/mod-csrfStefan B├╝hler7-0/+667
2017-09-30[mod_wstunnel] fix NULL ptr derefGlenn Strauss1-1/+3
fix NULL ptr deref if wstunnel.server configured inside a conditional and not in global scope (thx nicorac) x-ref: ""
2017-09-27[core] fix triggered assert on HTTP chunked input (fixes #2822)Glenn Strauss1-0/+1
(thx AlxT) x-ref: "Segmentation fault on HTTP chunked input"
2017-09-23[core] disable Nagle if streaming to backendGlenn Strauss1-0/+10
disable Nagle algorithm if streaming to backend and content-length is unknown at the point where lighttpd is about to begin sending data to backend
2017-09-23[core] make strftime_cache_get() 16-element cacheGlenn Strauss1-9/+5
Prior code was effectively a 1-element cache after the initial fill of the array since only the first element was replaced after the initial fill. New code does round-robin replacement. (whether or not #define FILE_CACHE_MAX 16 is appropriately sized here is a question for another day)
2017-09-23[core] fdevent setsockopt() helper functionsGlenn Strauss4-14/+23
fdevent_set_tcp_nodelay() fdevent_set_so_reuseaddr()
2017-09-21[mod_wstunnel] fix config parsing bugGlenn Strauss1-2/+3
fix logic inversion when validating values in (thx nicorac) x-ref: ""
2017-09-20[core] adjust li_rand_pseudo* interfacesGlenn Strauss4-6/+12
2017-09-10[mod_webdav] check HAVE_UUID for -luuidGlenn Strauss1-1/+2
check HAVE_UUID for -luuid in order to detect more pedantic cases, e.g. when -luuid is not installed under Cygwin, even if devel headers are present (<uuid/uuid.h>)
2017-09-10[mod_cgi] omit cgi_handle_fdevent after proc exitGlenn Strauss1-5/+1
Omit calling cgi_handle_fdevent() after CGI process exit. Another (sub)process may be holding pipe fd open and might write response instead of the initial CGI process.
2017-09-10[mod_cgi] add FDEVENT_IN upon CGI exitGlenn Strauss1-1/+1
add FDEVENT_IN in addition to FDEVENT_HUP when triggering cgi_handle_fdevent() after the CGI process exits. (This helps improve reliability when running tests under Cygwin)
2017-09-10[mod_openssl]"disable" for streamGlenn Strauss1-1/+3
set default = "disable" for streaming when = 1 or 2 is set in the global scope It is still recommended that embedded and other low-memory systems explicitly set = "disable" in the global scope (regardless of setting) On the other hand, for systems which enable to non-zero value, and for which sufficient memory is available, then = "enable" is recommended and should be explicitly set in the global or $SERVER["socket"] configuration blocks in lighttpd.conf x-ref: "https POST requests buffered in RAM since v1.4.41?"
2017-09-10[mod_rrdtool] handle_trigger returns HANDLER_GO_ONGlenn Strauss1-4/+4
handle_trigger should return HANDLER_GO_ON even on error, since we want other trigger funcs from other modules to be able to perform periodic maintenance
2017-09-10[core] SIGCHLD handle_waitpid hook for modulesGlenn Strauss14-218/+336
centralize most waitpid() handling in core server, with hooks for modules to be informed of pid and status when a process exits. This enables faster discovery (and restart) of exited processes, and also allows for lighttpd to manage backend processes in the parent (master) process when server.max-worker > 0.
2017-09-10[core] attempt to quiet compiler warning in LEDEGlenn Strauss1-1/+2
2017-08-12[core] attempt to quiet coverity false positivesGlenn Strauss5-22/+31
2017-08-12[core] attempt to quiet coverity false positivesGlenn Strauss10-26/+56
2017-08-12[mod_fastcgi] fix return when streaming min bufferGlenn Strauss1-1/+1
fix incorrect return value when = 2
2017-08-12[mod_cgi] fix bug to properly exec interpreterGlenn Strauss1-1/+1
fix bug to properly exec interpreter when cgi handler is set (thx stbuehler)
2017-08-10[mod_accesslog] flush access logs every 4 secondsGlenn Strauss1-3/+20
2017-08-08[core] workaround for AIX mmap defineGlenn Strauss1-0/+4
AIX might #define mmap mmap64 and this conflicts with .mmap member of struct chunk in chunk.h x-ref: ".mmap in chunk.c on AIX 5.2"
2017-08-06[mod_extforward] PROXY proto and SSL_CLIENT_VERIFYGlenn Strauss1-7/+8
Use config directive extforward.hap-PROXY-ssl-client-verify = "enable" to enable setting SSL_CLIENT_VERIFY, REMOTE_USER, and AUTH_TYPE using information provided by HAProxy PROXY protocol.
2017-08-06[core] warn if backend server config contains '_'Glenn Strauss1-0/+8
(detect a common config typo)
2017-08-03[core] set socket perms after bind, before listenGlenn Strauss1-5/+5
(it is still recommended to create sockets in protected directories) x-ref: "Feature request: add server config for setting permissions on Unix domain socket"
2017-07-30[core] base_decls.h to quiet compiler warningsGlenn Strauss6-25/+29
quiet compiler warning for -Wtypedef-redefinition (redefinition of typedef is a C11 feature)
2017-07-30[core] add missing #includeGlenn Strauss2-0/+4
(quiet compiler warning)
2017-07-30[core] fix invalid sizeof() identified by coverityGlenn Strauss2-2/+6
and quiet other coverity warnings
2017-07-30[mod_cgi] add missing #includeGlenn Strauss1-0/+1
2017-07-30[mod_extforward] typo in commentGlenn Strauss1-1/+1
2017-07-29[core] remove fdevent fcntl_set hookGlenn Strauss3-15/+3
(could have been removed in 2010 with commit 38f2d1dd which removed fdevent_linux_rtsig.c)
2017-07-29[core] set one-shot mode fd O_NONBLOCK, FD_CLOEXECGlenn Strauss1-0/+3
(thx citaylor) x-ref:
2017-07-28[mod_dirlisting] treat README and HEADER as paths (fixes #2818)Glenn Strauss1-8/+16
Treat README and HEADER as filepaths. If absolute path, take as-is. If relative path, then take relative to directory physical path. This extends and feature to take a filename, which was introduced in lighttpd 1.4.43 x-ref: "Custom HEADER and README filepaths in mod_dirlisting are treated as relative paths instead of absolute paths when file name starts with '/'"
2017-07-27[core] forward SIGHUP only to lighttpd workersGlenn Strauss1-37/+6
(do not propagate SIGHUP to entire lighttpd process group, which might include other processes such as CGI, rrdtool, piped loggers, ...)
2017-07-25[mod_wstunnel] websocket tunnel to other protocolGlenn Strauss5-1/+1360
*experimental* decodes websockets and passes body back and forth from backend (body could be known protocol such as JSON, or any custom protocol) originally based off
2017-07-25[core] add public domain SHA1() if no cryptoGlenn Strauss6-10/+273
add public domain SHA1() if not linking with crypto lib obtained from * Originally written by Steve Reid <> * * Modified by Aaron D. Gifford <> * * NO COPYRIGHT - THIS IS 100% IN THE PUBLIC DOMAIN * * The original unmodified version is available at: *
2017-07-25[core] do not remove pid-file in test modeGlenn Strauss1-3/+4
do not remove pid-file in test mode (whether test passes or fails) (thx m4t)
2017-07-23[core] consistent behavior w/ and w/o SA_SIGINFOGlenn Strauss1-2/+21
and consistent open of
2017-07-23[mod_webdav] PROPFIND getetag attr must match GETGlenn Strauss2-0/+2
PROPFIND getetag attr must match Etag response header from GET request For consistency, make similar change in mod_ssi. (thx ethoms) x-ref: "mod_webdav: Etag in response differs between PROPFIND and GET"
2017-07-23[core] restart piped loggers if they exit (fixes #1393)Glenn Strauss4-18/+157
x-ref: "access log pipe writer should restart child process if it exits"
2017-07-23[core] reap lighttpd worker pids preciselyGlenn Strauss1-4/+20
do not start another lighttpd worker if some other child process exits (e.g. piped logger or dynamic backend fastcgi, scgi, proxy)
2017-07-23[core] fdevent_cycle_logger()Glenn Strauss4-24/+15
fdevent_cycle_logger() re-opens log files before closing existing fd
2017-07-23[doc] update READMEGlenn Strauss1-8/+3
remove RCSid tags authors are listed in AUTHORS file amend list of supported platforms (still incomplete) ...more changes are needed to update contents to current feature set
2017-07-23quell compiler warnings for -Wimplicit-fallthroughGlenn Strauss3-0/+3
2017-07-23[core] adaptive spawning for socket backend procs (fixes #1162)Glenn Strauss1-10/+30
*experimental* enable adaptive spawning for socket backend processes new feature will allow "min-procs" => "0" and will spawn a backend upon receipt of a request, if no backends are currently running. This may be useful on resource-limited systems where there is a seldom-used resource-intensive backend, such as home router configuration web pages. The first request may be slower as the backend is starting up, but then subsequent requests within "idle-timeout" will hit the (temporarily) persistent backend for faster responses. x-ref: "Adaptive spawning with min-procs=>0"
2017-07-23[core] resolve DNS at startup for socket backendsGlenn Strauss2-10/+53
resolve DNS at startup and use the first IP address returned by resolver Note: use of IP addresses is recommended instead of using DNS names. If DNS names are used, but DNS is slow or unavailable, then lighttpd will either appear to hang at startup or will fail to start up.
2017-07-23[core] store sockaddr for socket backend procsGlenn Strauss2-78/+68
store struct sockaddr for socket backend procs at startup
2017-07-23[core] spread load on socket backend procsGlenn Strauss2-9/+3
connection attempts in progress count towards proc load so that bursts of new connections do not all queue for current least busy proc (makes a difference only for local backends with more than one proc)
2017-07-23[core] shared code for socket backendsGlenn Strauss11-5720/+3015
common codebase for socket backends, based off mod_fastcgi with some features added for mod_proxy (mostly intended to reduce code duplication and enhance code isolation) mod_fastcgi and mod_scgi can now use fastcgi.balance and scgi.balance for similar behavior as proxy.balance, but the balancing is per-host and not per-proc. proxy.balance is also per-host and not per-proc. mod_proxy and mod_scgi can now use and, similar to mod_fastcgi behavior change (affects only mod_status): - statistics tags have been renamed from "fastcgi.*" to "gw.*" "fastcgi.backend.*" -> "gw.backend.*" "" -> "" ("fastcgi.requests" remains "fastcgi.requests") ("proxy.requests" is new) ("scgi.requests" is new) mod_scgi behavior change (likely minor): - removed scgi_proclist_sort_down() and scgi_proclist_sort_up(). procs now chosen based on load as measured by num socket connnections Note: modules using gw_backend.[ch] are currently still independent modules. If it had been written as a single module with fastcgi, scgi, proxy implementations, then there would have been a chance of breaking some existing user configurations where module ordering made a difference for which module handled a given request, though for most people, this would have made no difference. Details about mod_fastcgi code transformations: unsigned int debug -> int debug fastcgi_env member removed from plugin_config renamed "fcgi" and "fastcgi" to "gw", and "FCGI" to "GW" reorganize routines for high-level and lower-level interfaces some lower-level internal interfaces changed to use host,proc,debug args rather than knowing about higher-level (app) hctx and plugin_data tabs->spaces and reformatting
2017-07-15[mod_fastcgi,mod_scgi] use temp buffer for cgi_envGlenn Strauss2-25/+19
2017-07-15[mod_fastcgi,mod_scgi] parse bin_path at startupGlenn Strauss2-55/+52