This allows admin to configure if response is collected in entirety
prior to sending data to client
For compatibility with existing configs, default is existing behavior:
buffer entire response prior to sending data to client
The following are config options, though not all implemented yet
// default: buffer entire request body before connecting to backend
server.stream-request-body = 0
// stream request body to backend; buffer to temp files
server.stream-request-body = 1
// stream request body to backend; minimal buffering might block upload
server.stream-request-body = 2
// default: buffer entire response body before sending to client
server.stream-request-body = 0
// stream response body to client; buffer to temp files
server.stream-request-body = 1
// stream response body to client; minimal buffering might block backend
server.stream-request-body = 2
x-ref:
"fastcgi, cgi, flush, php5 problem."
https://redmine.lighttpd.net/issues/949
"Reimplement upload (POST) handling to match apache/zeus/thttpd/boa functionality"
https://redmine.lighttpd.net/issues/376
BSD accept() filters
server.bsd-accept-filter = "" (default)
server.bsd-accept-filter = "httpready"
server.bsd-accept-filter = "dataready"
Note: this is a behavior change from prior versions.
The default is now no additional accept() filter, whereas prior
versions unconditionally enabled "httpready" accept() filter
Additionally, server.defer-accept (Linux) is inherited from global scope
into $SERVER["socket"] blocks
github: closes #65
server.http-parseopt-header-strict = "enable"
server.http-parseopt-host-strict = "enable" (implies host-normalize)
server.http-parseopt-host-normalize = "disable"
defaults retain current behavior, which is strict header parsing
and strict host parsing, with enhancement to normalize IPv4 address
and port number strings.
For lighttpd tests, these need to be enabled (and are by default)
For marginally faster HTTP header parsing for benchmarks, disable these.
To allow
- underscores in hostname
- hypen ('-') at beginning of hostname
- all-numeric TLDs
server.http-parseopt-host-strict = "disable"
x-ref:
"lighttpd doesn't allow underscores in host names"
https://redmine.lighttpd.net/issues/551
"hyphen in hostname"
https://redmine.lighttpd.net/issues/1086
"a numeric tld"
https://redmine.lighttpd.net/issues/1184
"Numeric tld's"
https://redmine.lighttpd.net/issues/2143
"Bad Request"
https://redmine.lighttpd.net/issues/2258
"400 Bad Request when using Numeric TLDs"
https://redmine.lighttpd.net/issues/2281
To allow a variety of numerical formats to be converted to IP addresses
server.http-parseopt-host-strict = "disable"
server.http-parseopt-host-normalize = "enable"
x-ref:
"URL encoding leads to "400 - Bad Request""
https://redmine.lighttpd.net/issues/946
"400 Bad Request when using IP's numeric value ("ip2long()")"
https://redmine.lighttpd.net/issues/1330
To allow most 8-bit and 7-bit chars in headers
server.http-parseopt-header-strict = "disable" (not recommended)
x-ref:
"Russian letters not alowed?"
https://redmine.lighttpd.net/issues/602
"header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error"
https://redmine.lighttpd.net/issues/1016
libressl defines SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 as 0x0
(thx Christian Heckendorf)
libressl matches ERR_remove_thread_state() signature from openssl 1.0.2
(libressl pretends that libressl is openssl version 2.0.0,
but openssl 1.1.0 changes signature of ERR_remove_thread_state())
libressl does not yet provide compatibility interfaces for the new
prototypes introduced in openssl 1.1.0, including
DH_set0_pqg() and DH_set_length()
remove OPENSSL_NO_KRB5 from build config (added in 5fab991b in 2005)
(define USE_OPENSSL_KERBEROS if required)
(Note: OPENSSL_NO_KRB5 removed in openssl 1.1.0)
server.error-handler preserves HTTP status error code when error page
is static, and allows dynamic handlers to change HTTP status code
when error page is provided by dynamic handler. server.error-handler
intercepts all HTTP status codes >= 400 except when the content is
generated by a dynamic handler (cgi, ssi, fastcgi, scgi, proxy, lua).
The request method is unconditionally changed to GET for the request
to service the error handler, and the original request method is
later restored (for logging purposes). request body from the
original request, if present, is discarded.
server.error-handler is somewhat similar to server.error-handler-404,
but server.error-handler-404 is now deprecated, intercepts only 404
and 403 HTTP status codes, and returns 200 OK for static error pages,
a source of confusion for some admins. On the other hand, the new
server.error-handler, when set, will intercept all HTTP status error
codes >= 400. server.error-handler takes precedence over
server.error-handler-404 when both are set.
NOTE: a major difference between server.error-handler and the
now-deprecated server.error-handler-404 is that the values of the
non-standard CGI environment variables REQUEST_URI and REDIRECT_URI
have been swapped. Since REDIRECT_STATUS is the original HTTP
status code, REDIRECT_URI is now the original request, and REQUEST_URI
is the current request (e.g. the URI/URL to the error handler).
The prior behavior -- which reversed REQUEST_URI and REDIRECT_URI values
from those described above -- is preserved for server.error-handler-404.
Additionally, REDIRECT_STATUS is now available to mod_magnet, which
continues to have access to request.uri and request.orig_uri.
See further discussion at https://redmine.lighttpd.net/issues/2702
and https://redmine.lighttpd.net/issues/1828
github: closes #36
See doc/config/lighttpd.conf for explanation of listen() backlog queue
Additionally, mod_fastcgi and mod_scgi backend servers can now also be
configured with separate listen-backlog settings per server
x-ref:
"add server.listen-backlog option instead of hard-coded value (128 * 8) for listen()"
https://redmine.lighttpd.net/issues/2116
"Don't disable backend when overloaded"
https://redmine.lighttpd.net/issues/1825
github:
Closes #50
For backwards compatibility with existing lighttpd configs, default is
mimetype.xattr-name = "Content-Type"
Those who wish to use the freedesktop.org definition of xattr mimetype
can set the following in the global lighttpd config:
mimetype.xattr-name = "user.mime_type"
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3131 152afb58-edef-0310-8abb-c4023f1b3aa9
lighttpd -t loads config file and performs syntax check
lighttpd -tt (new) performs preflight startup checks,
including loading and initializing modules, but skipping any
potentially destructive actions which might affect an already
running server (separate instance). These currently include:
- skipping pidfile modification
- skipping bind() to network sockets
- skipping open of error and access logs
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3130 152afb58-edef-0310-8abb-c4023f1b3aa9
- add new "skip" result to mark conditions that didn't actually get
evaluated to false but just skipped because the preconditions failed.
- add "local_result" for each cache entry to remember whether the
condition itself matched (not including the preconditions).
this can be reused after a cache reset if the condition itself was not
reset, but the preconditions were
- clear result of subtree (children and else-branches) when clearing a
condition cache
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3082 152afb58-edef-0310-8abb-c4023f1b3aa9
pull all ssl.ca-file values into all SSL_CTXs, but use only the local
ssl.ca-file for verify-client; correct SNI name is no requirement,
so enforcing verification for a subset of SNI names doesn't actually
protect those.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2913 152afb58-edef-0310-8abb-c4023f1b3aa9
if ssl.empty-fragments is set to enabled, but the openssl version used
to compile lighttpd doesn't support empty fragments, a warning is
displayed (it might still work).
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2891 152afb58-edef-0310-8abb-c4023f1b3aa9
con->conf.is_ssl got removed and replaced by:
* con->conf.ssl_enabled for the config var "ssl.engine" - it is only
used to determine which server-sockets should use ssl. (usually not
needed as it is mandatory and enough to set ssl.pemfile anyway)
* con->srv_socket->is_ssl to detect the actual ssl status of the
bound socket, which is the same as the ssl status of the connection
* con->uri.scheme for the actual $HTTP["scheme"] value, also used for
the CGI "HTTPS=ON" variable. This defaults to "https" if the
connection uses ssl, but can be changed for example by mod_extforward
if X-Forwarded-Proto: is set to either "http" or "https" (other values
are ignored right now)
Also removed the broken srv_socket->is_proxy_ssl as it was a connection
value in a server_socket struct...
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2887 152afb58-edef-0310-8abb-c4023f1b3aa9
* Remove ssl_error_want_reuse_buffer for SSL_read:
Although the manual states we have to use the same arguments in the
next call after SSL_ERROR_WANT_*, it has been running without this
in 1.5 for a long time now.
* As POST-data chunks get copied to the next queue, we reuse chunks
there as well.
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2710 152afb58-edef-0310-8abb-c4023f1b3aa9
* This patch may "break" some configs, if they do stupid things. Like setting
ssl.pemfile to a not existing file in a "non-socket/non-ssl" block.
Fix them! :)
From: Peter Colberg <peter@colberg.org>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2648 152afb58-edef-0310-8abb-c4023f1b3aa9
* The breakage-log simply replaces stderr (the old stderr is moved away if needed for errorlog),
and stderr isn't closed after forking.
It defaults to stderr if started with -n (no daemonize), otherwise it defaults to /dev/null.
It is _not_ reopened in log_error_cycle, as there may be many long running childs which have it
still open anyway. Use a pipe-logger with cycle-support if you need it.
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2550 152afb58-edef-0310-8abb-c4023f1b3aa9
$HTTP["url"] =~ "" { cgi.assign = ... } fails if there is a module
loaded which is called before uri_clean is set (mod_exforward,
mod_rewrite, ...)
- merged [1792], [1798], [1807], [1810], [1811] from trunk
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1942 152afb58-edef-0310-8abb-c4023f1b3aa9
etag.use-size to customize the generation of ETags for
static files. (fixes #1209) (patch by <Yusufg@gmail.com>)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1874 152afb58-edef-0310-8abb-c4023f1b3aa9
References to FAM stat cache engine should be conditional
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1664 152afb58-edef-0310-8abb-c4023f1b3aa9
Glenn Strauss
Stefan Bühler
Peter Colberg
Jan Kneschke