Revision tags: 1.32.0-1, 1.32.0, 1.31.1-1, 1.31.1, 1.31.0-1, 1.31.0 |
|
#
2512:5e9e70378c1d |
| 09-Aug-2023 |
Zhidao HONG |
HTTP: controlling response headers support.
|
#
2511:f4e6a9834a2b |
| 09-Aug-2023 |
Zhidao HONG |
HTTP: stored matched action in nxt_http_request_t.
No functional changes.
|
Revision tags: 1.30.0-1, 1.30.0 |
|
#
2448:243735980417 |
| 20-Apr-2023 |
Zhidao HONG |
HTTP: added basic URI rewrite.
This commit introduced the basic URI rewrite. It allows users to change request URI. Note the "rewrite" option ignores the contained query if any and the query from th
HTTP: added basic URI rewrite.
This commit introduced the basic URI rewrite. It allows users to change request URI. Note the "rewrite" option ignores the contained query if any and the query from the request is preserverd. An example: "routes": [ { "match": { "uri": "/v1/test" }, "action": { "return": 200 } }, { "action": { "rewrite": "/v1$uri", "pass": "routes" } } ]
Reviewed-by: Alejandro Colomar <alx@nginx.com>
show more ...
|
#
2430:50ce7e6977b6 |
| 31-Mar-2023 |
Alejandro Colomar |
HTTP: optimizing $request_line.
Don't reconstruct a new string for the $request_line from the parsed method, target, and HTTP version, but rather keep a pointer to the original memory where the requ
HTTP: optimizing $request_line.
Don't reconstruct a new string for the $request_line from the parsed method, target, and HTTP version, but rather keep a pointer to the original memory where the request line was received.
This will be necessary for implementing URI rewrites, since we want to log the original request line, and not one constructed from the rewritten target.
This implementation changes behavior (only for invalid requests) in the following way:
Previous behavior was to log as many tokens from the request line as were parsed validly, thus:
Request -> access log ; error log
"GET / HTTP/1.1" -> "GET / HTTP/1.1" OK ; = "GET / HTTP/1.1" -> "GET / HTTP/1.1" [1] ; = "GET / HTTP/2.1" -> "GET / HTTP/2.1" OK ; = "GET / HTTP/1." -> "GET / HTTP/1." [2] ; "GET / HTTP/1. [null]" "GET / food" -> "GET / food" [2] ; "GET / food [null]" "GET / / HTTP/1.1" -> "GET / / HTTP/1.1" [2] ; = "GET / / HTTP/1.1" -> "GET / / HTTP/1.1" [2] ; = "GET food HTTP/1.1" -> "GET" ; "GET [null] [null]" "OPTIONS * HTTP/1.1" -> "OPTIONS" [3] ; "OPTIONS [null] [null]" "FOOBAR baz HTTP/1.1"-> "FOOBAR" ; "FOOBAR [null] [null]" "FOOBAR / HTTP/1.1" -> "FOOBAR / HTTP/1.1" ; = "get / HTTP/1.1" -> "-" ; " [null] [null]" "" -> "-" ; " [null] [null]"
This behavior was rather inconsistent. We have several options to go forward with this patch:
- NGINX behavior.
Log the entire request line, up to '\r' | '\n', even if it was invalid.
This is the most informative alternative. However, RFC-complying requests will probably not send invalid requests.
This information would be interesting to users where debugging requests constructed manually via netcat(1) or a similar tool, or maybe for debugging a client, are important. It might be interesting to support this in the future if our users are interested; for now, since this approach requires looping over invalid requests twice, that's an overhead that we better avoid.
- Previous Unit behavior
This is relatively fast (almost as fast as the next alternative, the one we chose), but the implementation is ugly, in that we need to perform the same operation in many places around the code.
If we want performance, probably the next alternative is better; if we want to be informative, then the first one is better (maybe in combination with the third one too).
- Chosen behavior
Only logging request lines when the request is valid. For any invalid request, or even unsupported ones, the request line will be logged as "-". Thus:
Request -> access log [4]
"GET / HTTP/1.1" -> "GET / HTTP/1.1" OK "GET / HTTP/1.1" -> "GET / HTTP/1.1" [1] "GET / HTTP/2.1" -> "-" [3] "GET / HTTP/1." -> "-" "GET / food" -> "-" "GET / / HTTP/1.1" -> "GET / / HTTP/1.1" [2] "GET / / HTTP/1.1" -> "GET / / HTTP/1.1" [2] "GET food HTTP/1.1" -> "-" "OPTIONS * HTTP/1.1" -> "-" "FOOBAR baz HTTP/1.1"-> "-" "FOOBAR / HTTP/1.1" -> "FOOBAR / HTTP/1.1" "get / HTTP/1.1" -> "-" "" -> "-"
This is less informative than previous behavior, but considering how inconsistent it was, and that RFC-complying agents will probably not send us such requests, we're ready to lose that information in the log. This is of course the fastest and simplest implementation we can get.
We've chosen to implement this alternative in this patch. Since we modified the behavior, this patch also changes the affected tests.
[1]: Multiple successive spaces as a token delimiter is allowed by the RFC, but it is discouraged, and considered a security risk. It is currently supported by Unit, but we will probably drop support for it in the future.
[2]: Unit currently supports spaces in the request-target. This is a violation of the relevant RFC (linked below), and will be fixed in the future, and consider those targets as invalid, returning a 400 (Bad Request), and thus the log lines with the previous inconsistent behavior would be changed.
[3]: Not yet supported.
[4]: In the error log, regarding the "log_routes" conditional logging of the request line, we only need to log the request line if it was valid. It doesn't make sense to log "" or "-" in case that the request was invalid, since this is only useful for understanding decisions of the router. In this case, the access log is more appropriate, which shows that the request was invalid, and a 400 was returned. When the request line is valid, it is printed in the error log exactly as in the access log.
Link: <https://datatracker.ietf.org/doc/html/rfc9112#section-3> Suggested-by: Liam Crilly <liam@nginx.com> Reviewed-by: Zhidao Hong <z.hong@f5.com> Cc: Timo Stark <t.stark@nginx.com> Cc: Andrei Zeliankou <zelenkov@nginx.com> Cc: Andrew Clayton <a.clayton@nginx.com> Cc: Artem Konev <a.konev@f5.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
show more ...
|
#
2381:a68b5f5bf46c |
| 26-Jan-2023 |
Alejandro Colomar |
HTTP: added route logging.
- Configuration: added "/config/settings/http/log_route".
Type: bool Default: false
This adds configurability to the error log. It allows enabling and disa
HTTP: added route logging.
- Configuration: added "/config/settings/http/log_route".
Type: bool Default: false
This adds configurability to the error log. It allows enabling and disabling logs related to how the router performs selection of the routes.
- HTTP: logging request line.
Log level: [notice]
The request line is essential to understand which logs correspond to which request when reading the logs.
- HTTP: logging route that's been discarded.
Log level: [info]
- HTTP: logging route whose action is selected.
Log level: [notice]
- HTTP: logging when "fallback" action is taken.
Log level: [notice]
Closes: <https://github.com/nginx/unit/issues/758> Link: <https://github.com/nginx/unit/pull/824> Link: <https://github.com/nginx/unit/pull/839> Suggested-by: Timo Stark <t.stark@nginx.com> Suggested-by: Mark L Wood-Patrick <mwoodpatrick@gmail.com> Suggested-by: Liam Crilly <liam@nginx.com> Tested-by: Liam Crilly <liam@nginx.com> Acked-by: Artem Konev <a.konev@f5.com> Cc: Andrew Clayton <a.clayton@nginx.com> Cc: Andrei Zeliankou <zelenkov@nginx.com> Reviewed-by: Zhidao Hong <z.hong@f5.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
show more ...
|
Revision tags: 1.29.1-1, 1.29.1, 1.29.0-1, 1.29.0 |
|
#
2247:baa6b9879267 |
| 20-Nov-2022 |
Zhidao HONG |
Basic njs support.
|
#
2246:5f4056478375 |
| 20-Nov-2022 |
Zhidao HONG |
Var: separating nxt_tstr_t from nxt_var_t.
It's for the introduction of njs support. For each option that supports native variable and JS template literals introduced next, it's unified as template
Var: separating nxt_tstr_t from nxt_var_t.
It's for the introduction of njs support. For each option that supports native variable and JS template literals introduced next, it's unified as template string.
No functional changes.
show more ...
|
#
2214:49d502e96cec |
| 12-Oct-2022 |
Zhidao HONG |
HTTP: added a $request_time variable.
|
Revision tags: 1.28.0-1, 1.28.0 |
|
#
2147:7bf58b1b18c4 |
| 13-Jul-2022 |
Zhidao HONG |
Var: dynamic variables support.
This commit adds the variables $arg_NAME, $header_NAME, and $cookie_NAME.
|
#
2139:99d792169ffb |
| 16-Jun-2022 |
Andrew Clayton |
Constified numerous function parameters.
As was pointed out by the cppcheck[0] static code analysis utility we can mark numerous function parameters as 'const'. This acts as a hint to the compiler a
Constified numerous function parameters.
As was pointed out by the cppcheck[0] static code analysis utility we can mark numerous function parameters as 'const'. This acts as a hint to the compiler about our intentions and the compiler will tell us when we deviate from them.
[0]: https://cppcheck.sourceforge.io/
show more ...
|
#
2133:46433e3cef45 |
| 20-Jun-2022 |
Zhidao HONG |
Router: forwared header replacement.
|
#
2132:34d63ed988dc |
| 20-Jun-2022 |
Zhidao HONG |
Router: introduced nxt_http_forward_t.
This makes the replacement of forwarded request header like client_ip and protocol more generic. It's a prerequirement for protocol replacement.
No functional
Router: introduced nxt_http_forward_t.
This makes the replacement of forwarded request header like client_ip and protocol more generic. It's a prerequirement for protocol replacement.
No functional changes.
show more ...
|
#
2123:36000da0aa5b |
| 19-May-2022 |
Zhidao HONG |
HTTP: generalized uri encoding.
No functional changes.
|
Revision tags: 1.27.0-1, 1.27.0 |
|
#
2108:6e059f15e713 |
| 09-Dec-2021 |
Alejandro Colomar |
Static: supporting new "index" option.
This supports a new option "index" that configures a custom index file name to be served when a directory is requested. This initial support only allows a sin
Static: supporting new "index" option.
This supports a new option "index" that configures a custom index file name to be served when a directory is requested. This initial support only allows a single fixed string. An example:
{ "share": "/www/data/static/$uri", "index": "lookatthis.htm" }
When <example.com/foo/bar/> is requested, </www/data/static/foo/bar/lookatthis.html> is served.
Default is "index.html".
===
nxt_conf_validator.c:
Accept "index" as a member of "share", and make sure it's a string.
===
I tried this feature in my own computer, where I tried the following:
- Setting "index" to "lookatthis.htm", and check that the correct file is being served (check both a different name and a different extension). - Not setting "index", and check that <index.html> is being served. - Settind "index" to an array of strings, and check that the configuration fails:
{ "error": "Invalid configuration.", "detail": "The \"index\" value must be a string, but not an array." }
show more ...
|
#
2104:2ae3c205fcad |
| 18-May-2022 |
Zhidao HONG |
HTTP: generalized argument and cookie parsing.
No functional changes.
|
#
2098:9a890f0c56aa |
| 09-Apr-2022 |
Alejandro Colomar |
Supporting empty Location URIs.
An empty string in Location was being handled specially by not sending a Location header. This may occur after variable resolution, so we need to consider this scena
Supporting empty Location URIs.
An empty string in Location was being handled specially by not sending a Location header. This may occur after variable resolution, so we need to consider this scenario.
The obsolete RFC 2616 defined the Location header as consisting of an absolute URI <https://www.rfc-editor.org/rfc/rfc2616#section-14.30>, which cannot be an empty string. However, the current RFC 7231 allows the Location to be a relative URI <https://www.rfc-editor.org/rfc/rfc7231#section-7.1.2>, and a relative URI may be an empty string <https://stackoverflow.com/a/43338457>.
Due to these considerations, this patch allows sending an empty Location header without handling this case specially. This behavior will probably be more straightforward to users, too. It also simplifies the code, which is now more readable, fast, and conformant to the current RFC. We're skipping an allocation at request time in a common case such as "action": {"return": 404}
show more ...
|
#
2078:0996dd223cdd |
| 18-Dec-2021 |
Alejandro Colomar |
Fixed indentation.
Some lines (incorrectly) had an indentation of 3 or 5, or 7 or 9, or 11 or 13, or 15 or 17 spaces instead of 4, 8, 12, or 16. Fix them.
Found with:
$ find src -type f | xargs g
Fixed indentation.
Some lines (incorrectly) had an indentation of 3 or 5, or 7 or 9, or 11 or 13, or 15 or 17 spaces instead of 4, 8, 12, or 16. Fix them.
Found with:
$ find src -type f | xargs grep -n '^ [^ ]'; $ find src -type f | xargs grep -n '^ [^ *]'; $ find src -type f | xargs grep -n '^ [^ ]'; $ find src -type f | xargs grep -n '^ [^ *]'; $ find src -type f | xargs grep -n '^ [^ +]'; $ find src -type f | xargs grep -n '^ [^ *+]'; $ find src -type f | xargs grep -n '^ [^ +]'; $ find src -type f | xargs grep -n '^ [^ *+]';
show more ...
|
Revision tags: 1.26.1-1, 1.26.1, 1.26.0-1, 1.26.0 |
|
#
1991:61155eb41a96 |
| 05-Nov-2021 |
Zhidao HONG |
Router: matching query string support.
The "query" option matches decoded arguments, including plus ('+') to space (' '). Like "uri", it can be a string or an array of strings.
|
#
1954:8f18a05d4c58 |
| 07-Sep-2021 |
Zhidao HONG |
Router: refactored variable pass.
Since the "pass" option supports both strings and variables, a generic nxt_var_t structure can be used in the configuration phase, and the "name" field in actions i
Router: refactored variable pass.
Since the "pass" option supports both strings and variables, a generic nxt_var_t structure can be used in the configuration phase, and the "name" field in actions is redundant.
No functional changes.
show more ...
|
Revision tags: 1.25.0-1, 1.25.0 |
|
#
1936:953434450ea9 |
| 12-Aug-2021 |
Oisin Canty |
Router: client IP address replacement.
This commit introduces the replacement of the client address based on the value of a specified HTTP header. This is intended for use when Unit is placed behin
Router: client IP address replacement.
This commit introduces the replacement of the client address based on the value of a specified HTTP header. This is intended for use when Unit is placed behind a reverse proxy like nginx or a CDN.
You must specify the source addresses of the trusted proxies. This can be accomplished with any valid IP pattern supported by Unit's match block:
["10.0.0.1", "10.4.0.0/16", "!192.168.1.1"]
The feature is configured per listener.
The client address replacement functionality only operates when there is a source IP match and the specified header is present. Typically this would be an 'X-Forwarded-For' header.
{ "listeners": { "127.0.0.1:8080": { "client_ip": { "header": "X-Forwarded-For", "source": [ "10.0.0.0/8" ] }, "pass": "applications/my_app" }, } }
If a request occurs and Unit receives a header like below:
"X-Forwarded-For: 84.123.23.23"
By default, Unit trusts the last rightmost IP in the header, so REMOTE_ADDR will be set to 84.123.23.23 if the connection originated from 10.0.0.0/8.
If Unit runs behind consecutive reverse proxies and receives a header similar to the following:
"X-Forwarded-For: 84.123.23.23, 10.0.0.254"
You will need to enable "recursive" checking, which walks the header from last address to first and chooses the first non-trusted address it finds.
{ "listeners": { "127.0.0.1:8080": { "client_ip": { "header": "X-Forwarded-For", "source": [ "10.0.0.0/8" ] "recursive": true, }, "pass": "applications/my_app" }, } }
If a connection from 10.0.0.0/8 occurs, the chain is walked. Here, 10.0.0.254 is also a trusted address so the client address will be replaced with 84.123.23.23.
If all IP addresses in the header are trusted, the client address is set to the first address in the header:
If 10.0.0.0/8 is trusted and "X-Forwarded-For: 10.0.0.3, 10.0.0.2, 10.0.0.1", the client address will be replaced with 10.0.0.3.
show more ...
|
#
1925:b8a2ac618950 |
| 24-Jul-2021 |
Zhidao HONG |
Router: split nxt_http_app_conf_t from nxt_http_action_t.
No functional changes.
|
#
1924:96d090de7534 |
| 26-Jul-2021 |
Zhidao HONG |
Router: renamed nxt_http_proxy_create() as nxt_http_proxy_init().
No functional changes.
|
#
1923:9f268a8a1a2f |
| 23-Jul-2021 |
Zhidao HONG |
Router: split nxt_http_static_conf_t from nxt_http_action_t.
No functional changes.
|
#
1903:f17827e75e25 |
| 24-May-2021 |
Zhidao HONG |
Router: split nxt_http_return_conf_t from nxt_http_action_t.
No functional changes.
|
Revision tags: 1.24.0-1, 1.24.0 |
|
#
1859:970f9f72c29d |
| 06-May-2021 |
Oisin Canty |
Static: implemented MIME filtering
|