flag high precision ts for %T after parsing %{xxx}T config
x-ref:
"%D and %{UNIT}T of mod_accesslog do not work as expected"
https://redmine.lighttpd.net/issues/2807
This patch fixes the build issue introduced with when code has been
shared in commit a448886485.
http-header-glue.c: In function 'http_cgi_headers':
http-header-glue.c:1555:39: error: 'b2' undeclared (first use in this function)
http-header-glue.c:1555:39: note: each undeclared identifier is reported only once for each function it appears in
github: closes #79
shared code to get mimetype string via longest extension match
(attempts to match file basename, then longest ext, then "")
Note: this is a behavior change from simple suffix match
if there are 16 or more entries in mimetypes.assign
To enable "Forwarded", must enable which params to include.
The recommended set is "for" and "proto" unless other params
are required and proper security precautions have been taken.
proxy.forwarded = ( "for" => 1,
"proto" => 1,
#"host" => 1,
#"by" => 1,
#"remote_user" => 1,
)
See https://tools.ietf.org/html/rfc7239 for info about "Forwarded"
x-ref:
"Forwarded HTTP Extension"
https://tools.ietf.org/html/rfc7239
"Forward authenticated user to proxied requests"
https://redmine.lighttpd.net/issues/2703
enable with, e.g.:
extforward.headers = ( "Forwarded" )
or
extforward.headers = ( "Forwarded", "X-Forwarded-For" )
or
extforward.headers = ( "Forwarded", "X-Forwarded-For", "Forwarded-For" )
The default remains:
extforward.headers = ( "X-Forwarded-For", "Forwarded-For" )
Support for "Forwarded" is not enabled by default since intermediate
proxies might not be aware of Forwarded, and might therefore pass
spoofed Forwarded header received from client.
extforward.params = ( # overwrite "Host" with Forwarded value
#"host" => 1
# set REMOTE_USER with Forwarded value
#"remote_user" => 1
)
Note: be cautious configuring trusted proxies if enabling these options
since Forwarded header may be spoofed and passed along indescriminantly
by proxies which do not handle Forwarded.
To remove "Forwarded" from incoming requests, do not enable these
options and instead use mod_setenv to clear the request header:
setenv.set-request-header = ( "Forwarded" => "" )
Other proxy-related headers which admin might evaluate to keep or clear:
setenv.set-request-header = ( "X-Forwarded-For" => "",
"X-Forwarded-By" => "",
"X-Forwarded-Server" => "",
"X-Origin-IP" => "",
"Via" => "",
#...
)
x-ref:
"Forwarded HTTP Extension"
https://tools.ietf.org/html/rfc7239
"Forward authenticated user to proxied requests"
https://redmine.lighttpd.net/issues/2703
lighttpd appends the request "Host" to the non-standard header "X-Host"
when acting as a reverse proxy. This patch additionally appends "Host"
to the non-standard header "X-Forwarded-Host" to match the convention in
some other web servers
x-ref:
"mod_proxy should send the X-Forwarded-Host header to the proxied server"
https://redmine.lighttpd.net/issues/418
apply diff from commit:2eaf42d0 made to mod_fastcgi.c back in 2009
(change is being made for (a bit more) consistency between the modules
as mod_scgi.c was forked from mod_fastcgi.c a very long time ago, as
well as to remove call to sleep for 10ms (usleep(10000) from mod_scgi)
x-ref:
"fastcgi incomplete header might crash lighty"
https://redmine.lighttpd.net/issues/2096
If lighttpd.conf is invalid, some modules may not have initialized their
per-context config structures, but will have their free-functions
called, which should not be run on uninitialized per-context configs.
x-ref:
"Segfault with simple-vhost.debug = "enable""
https://redmine.lighttpd.net/issues/2798
Gaël PORTAY