Provide means to encode redirect and rewrite backreference substitutions
In addition to $1 and %1, the following modifiers are now supported,
followed by the number for the backreference, e.g. ${esc:1}
${noesc:...} no escaping
${esc:...} escape all non-alphanumeric - . _ ~ incl double-escape %
${escape:...} escape all non-alphanumeric - . _ ~ incl double-escape %
${escnde:...} escape all non-alphanumeric - . _ ~ but no double-esc %
${tolower:...}
${toupper:...}
%{noesc:...}
%{esc:...}
%{escape:...}
%{escnde:...}
%{tolower:...}
%{toupper:...}
Provide means to substitute URI parts without needing a regex match
(and can be preceded by encoding modifier,
e.g. ${tolower:url.authority})
${url.scheme}
${url.authority}
${url.port}
${url.path}
${url.query}
${qsa} appends query string, if not empty
x-ref:
"[PATCH] mod_redirect: Add support for url-encoding backreferences, map %%n->%n, $$n->$n"
https://redmine.lighttpd.net/issues/443
"Need for URL encoding in mod_redirect and possibly mod_rewrite"
https://redmine.lighttpd.net/issues/911
handle CGI partial write of first response header
e.g. gSoap stdsoap2.c might inefficiently write "Status" to response
pipe and lighttpd might read that prior to the backend writing the
subsequent ": " which marks "Status:" as a response header.
x-ref:
https://redmine.lighttpd.net/boards/2/topics/8028
enable server.log-request-header-on-error when either
server.log-request-handling or server.log-request-header
are enabled in the global scope.
server.log-request-header-on-error is a global directive since it must
be set prior to parsing of request, and errors parsing request might
otherwise occur before lighttpd config conditions are parsed and set
(i.e. based on the parsed request headers)
x-ref:
"Log error if Host name is illegal (e.g. contains an underscore)"
https://redmine.lighttpd.net/issues/2885
server.http-parseopts = ( ... ) URL normalization options
Note: *not applied* to CONNECT method
Note: In a future release, URL normalization likely enabled by default
(normalize URL, reject control chars, remove . and .. path segments)
To prepare for this change, lighttpd.conf configurations should
explicitly select desired behavior by enabling or disabling:
server.http-parseopts = ( "url-normalize" => "enable", ... )
server.http-parseopts = ( "url-normalize" => "disable" )
x-ref:
"lighttpd ... compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data."
https://www.cvedetails.com/cve/CVE-2008-4359/
"Rewrite/redirect rules and URL encoding"
https://redmine.lighttpd.net/issues/1720
unit tests for request processing
collect existing request processing tests from Perl tests/*.t
(test_request.c runs *much* more quickly than Perl tests/*.t)
It is not necessary to test every single value of 3 chars for confidence
in the tests. 256^256^256 is a bit overkill (and much more time
consuming than other tests)
Improve handling of Sec-WebSocket-Protocol: binary, base64 for RFC6455.
When client sends Sec-WebSocket-Protocol in request header, client
may expect Sec-WebSocket-Protocol response. mod_wstunnel is basic
tunnel endpoint and supports "binary" and "text" modes for RFC6455,
conventionally requested by client browsers as "binary" or "base64"
provide standard types in first.h instead of base.h
provide lighttpd types in base_decls.h instead of settings.h
reduce headers exposed by headers for core data structures
do not expose <pcre.h> or <stdlib.h> in headers
move stat_cache_entry to stat_cache.h
reduce use of "server.h" and "base.h" in headers
fdevent_accept_listenfd() now always returns fd O_NONBLOCK O_CLOEXEC
for consistency, rather than setting elsewhere in connection_accepted()
Handle older Linux 2.6 kernels which might have accept4() in glibc,
but return ENOSYS, as accept4() was not added until Linux kernel 2.6.28.
fix segfault in reverse url-path mapping of Set-Cookie sent from backend
when proxy.header = ( "map-urlpath" => ( ... ) ) is used and there are
multiple Set-Cookie response headers with path= attributes which need to
be reverse mapped.
(thx ganto)
x-ref:
"Segfault with proxy-header map-urlpath"
https://redmine.lighttpd.net/issues/2879
fix rare race condition from backends with server.stream-response-body=2
(thx abelbeck)
x-ref:
"fastcgi and stream-response-body=2 hangs on last chunk"
https://redmine.lighttpd.net/issues/2878
Allowing explicit IPs to be rejected might be useful in situations
where an internal network is to be allowed by CIDR mask, but there are
a small number of untrusted hosts on the network, e.g. hosts behind a
NAT to which some external ports are forwarded.
CIDR masks must be marked "trust", or else are ignored with a warning.
x-ref:
"RFE: mod_extforward CIDR support"
https://redmine.lighttpd.net/issues/2860
Although removal of AM_PROG_CC_C_O in f107bac8 requires automake 1.14
to provide the same functionality in AC_PROG_CC, any widely used,
modern compiler supports cc -c -o. Reducing the minimum required
automake version avoids the current need for Centos 7 maintainers
to patch configure.ac in order to build binary packages.
re-enable overloaded backends when server.max-worker is non-zero
(thx jens-maus)
x-ref:
"mod_proxy not re-enabling proxy with 1.4.48" (multiple workers)
https://redmine.lighttpd.net/boards/2/topics/7906
