#
2746:2adebf2bf59c |
| 31-Jan-2024 |
Andrei Zeliankou |
Avoiding arithmetic ops with NULL pointer in nxt_http_arguments_parse
Can be reproduced by test/test_variables.py::test_variables_dynamic_arguments with enabled UndefinedBehaviorSanitizer:
src/nxt_
Avoiding arithmetic ops with NULL pointer in nxt_http_arguments_parse
Can be reproduced by test/test_variables.py::test_variables_dynamic_arguments with enabled UndefinedBehaviorSanitizer:
src/nxt_http_request.c:961:17: runtime error: applying zero offset to null pointer #0 0x1050d95a4 in nxt_http_arguments_parse nxt_http_request.c:961 #1 0x105102bf8 in nxt_http_var_arg nxt_http_variables.c:621 #2 0x104f95d74 in nxt_var_interpreter nxt_var.c:507 #3 0x104f98c98 in nxt_tstr_query nxt_tstr.c:265 #4 0x1050abfd8 in nxt_router_access_log_writer nxt_router_access_log.c:194 #5 0x1050d81f4 in nxt_http_request_close_handler nxt_http_request.c:838 #6 0x104fcdc48 in nxt_event_engine_start nxt_event_engine.c:542 #7 0x104fba838 in nxt_thread_trampoline nxt_thread.c:126 #8 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) #9 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_request.c:961:17
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
show more ...
|
Revision tags: 1.32.0-1, 1.32.0 |
|
#
2625:a6b688c5757c |
| 23-Jan-2024 |
Zhidao HONG |
HTTP: enhanced access log with conditional filtering.
This feature allows users to specify conditions to control if access log should be recorded. The "if" option supports a string and JavaScript co
HTTP: enhanced access log with conditional filtering.
This feature allows users to specify conditions to control if access log should be recorded. The "if" option supports a string and JavaScript code. If its value is empty, 0, false, null, or undefined, the logs will not be recorded. And the '!' as a prefix inverses the condition.
Example 1: Only log requests that sent a session cookie.
{ "access_log": { "if": "$cookie_session", "path": "..." } }
Example 2: Do not log health check requests.
{ "access_log": { "if": "`${uri == '/health' ? false : true}`", "path": "..." } }
Example 3: Only log requests when the time is before 22:00.
{ "access_log": { "if": "`${new Date().getHours() < 22}`", "path": "..." } }
or
{ "access_log": { "if": "!`${new Date().getHours() >= 22}`", "path": "..." } }
Closes: https://github.com/nginx/unit/issues/594
show more ...
|
#
2624:60a508df10ef |
| 23-Jan-2024 |
Zhidao HONG |
HTTP: refactored out nxt_http_request_access_log().
This is in preparation for adding conditional access logging. No functional changes.
|
Revision tags: 1.31.1-1, 1.31.1, 1.31.0-1, 1.31.0 |
|
#
2512:5e9e70378c1d |
| 09-Aug-2023 |
Zhidao HONG |
HTTP: controlling response headers support.
|
#
2511:f4e6a9834a2b |
| 09-Aug-2023 |
Zhidao HONG |
HTTP: stored matched action in nxt_http_request_t.
No functional changes.
|
Revision tags: 1.30.0-1, 1.30.0 |
|
#
2448:243735980417 |
| 20-Apr-2023 |
Zhidao HONG |
HTTP: added basic URI rewrite.
This commit introduced the basic URI rewrite. It allows users to change request URI. Note the "rewrite" option ignores the contained query if any and the query from th
HTTP: added basic URI rewrite.
This commit introduced the basic URI rewrite. It allows users to change request URI. Note the "rewrite" option ignores the contained query if any and the query from the request is preserverd. An example: "routes": [ { "match": { "uri": "/v1/test" }, "action": { "return": 200 } }, { "action": { "rewrite": "/v1$uri", "pass": "routes" } } ]
Reviewed-by: Alejandro Colomar <alx@nginx.com>
show more ...
|
#
2437:8973f763920b |
| 18-Mar-2023 |
Andrew Clayton |
Allow to remove the version string in HTTP responses.
Normally Unit responds to HTTP requests by including a header like
Server: Unit/1.30.0
however it can sometimes be beneficial to withhold th
Allow to remove the version string in HTTP responses.
Normally Unit responds to HTTP requests by including a header like
Server: Unit/1.30.0
however it can sometimes be beneficial to withhold the version information and in this case just respond with
Server: Unit
This patch adds a new "settings.http" boolean option called server_version, which defaults to true, in which case the full version information is sent. However this can be set to false, e.g
"settings": { "http": { "server_version": false } },
in which case Unit responds without the version information as the latter example above shows.
Link: <https://www.ietf.org/rfc/rfc9110.html#section-10.2.4> Closes: <https://github.com/nginx/unit/issues/158> Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
show more ...
|
Revision tags: 1.29.1-1, 1.29.1 |
|
#
2345:5c9cb7e205d3 |
| 30-Jan-2023 |
Zhidao HONG |
NJS: adding the missing vm destruction.
This commit fixed the njs memory leak happened in the config validation, updating and http requests.
|
#
2318:6f198d76ee62 |
| 30-Jan-2023 |
Zhidao HONG |
NJS: adding the missing vm destruction.
This commit fixed the njs memory leak happened in the config validation, updating and http requests.
|
Revision tags: 1.29.0-1, 1.29.0 |
|
#
2247:baa6b9879267 |
| 20-Nov-2022 |
Zhidao HONG |
Basic njs support.
|
#
2246:5f4056478375 |
| 20-Nov-2022 |
Zhidao HONG |
Var: separating nxt_tstr_t from nxt_var_t.
It's for the introduction of njs support. For each option that supports native variable and JS template literals introduced next, it's unified as template
Var: separating nxt_tstr_t from nxt_var_t.
It's for the introduction of njs support. For each option that supports native variable and JS template literals introduced next, it's unified as template string.
No functional changes.
show more ...
|
#
2214:49d502e96cec |
| 12-Oct-2022 |
Zhidao HONG |
HTTP: added a $request_time variable.
|
#
2203:6b6b979e8214 |
| 18-Sep-2022 |
Zhidao HONG |
HTTP: fixed cookie parsing.
The fixing supports the cookie value with the '=' character.
This is related to #756 PR on Github. Thanks to changxiaocui.
|
Revision tags: 1.28.0-1, 1.28.0 |
|
#
2186:47d365005fab |
| 29-Aug-2022 |
Zhidao HONG |
Status: added requests count.
|
#
2166:64a3527f65ad |
| 28-Jul-2022 |
Zhidao HONG |
Log: customizable access log format.
|
#
2147:7bf58b1b18c4 |
| 13-Jul-2022 |
Zhidao HONG |
Var: dynamic variables support.
This commit adds the variables $arg_NAME, $header_NAME, and $cookie_NAME.
|
#
2139:99d792169ffb |
| 16-Jun-2022 |
Andrew Clayton |
Constified numerous function parameters.
As was pointed out by the cppcheck[0] static code analysis utility we can mark numerous function parameters as 'const'. This acts as a hint to the compiler a
Constified numerous function parameters.
As was pointed out by the cppcheck[0] static code analysis utility we can mark numerous function parameters as 'const'. This acts as a hint to the compiler about our intentions and the compiler will tell us when we deviate from them.
[0]: https://cppcheck.sourceforge.io/
show more ...
|
#
2133:46433e3cef45 |
| 20-Jun-2022 |
Zhidao HONG |
Router: forwared header replacement.
|
#
2132:34d63ed988dc |
| 20-Jun-2022 |
Zhidao HONG |
Router: introduced nxt_http_forward_t.
This makes the replacement of forwarded request header like client_ip and protocol more generic. It's a prerequirement for protocol replacement.
No functional
Router: introduced nxt_http_forward_t.
This makes the replacement of forwarded request header like client_ip and protocol more generic. It's a prerequirement for protocol replacement.
No functional changes.
show more ...
|
#
2123:36000da0aa5b |
| 19-May-2022 |
Zhidao HONG |
HTTP: generalized uri encoding.
No functional changes.
|
Revision tags: 1.27.0-1, 1.27.0 |
|
#
2104:2ae3c205fcad |
| 18-May-2022 |
Zhidao HONG |
HTTP: generalized argument and cookie parsing.
No functional changes.
|
Revision tags: 1.26.1-1, 1.26.1, 1.26.0-1, 1.26.0 |
|
#
1954:8f18a05d4c58 |
| 07-Sep-2021 |
Zhidao HONG |
Router: refactored variable pass.
Since the "pass" option supports both strings and variables, a generic nxt_var_t structure can be used in the configuration phase, and the "name" field in actions i
Router: refactored variable pass.
Since the "pass" option supports both strings and variables, a generic nxt_var_t structure can be used in the configuration phase, and the "name" field in actions is redundant.
No functional changes.
show more ...
|
Revision tags: 1.25.0-1, 1.25.0 |
|
#
1936:953434450ea9 |
| 12-Aug-2021 |
Oisin Canty |
Router: client IP address replacement.
This commit introduces the replacement of the client address based on the value of a specified HTTP header. This is intended for use when Unit is placed behin
Router: client IP address replacement.
This commit introduces the replacement of the client address based on the value of a specified HTTP header. This is intended for use when Unit is placed behind a reverse proxy like nginx or a CDN.
You must specify the source addresses of the trusted proxies. This can be accomplished with any valid IP pattern supported by Unit's match block:
["10.0.0.1", "10.4.0.0/16", "!192.168.1.1"]
The feature is configured per listener.
The client address replacement functionality only operates when there is a source IP match and the specified header is present. Typically this would be an 'X-Forwarded-For' header.
{ "listeners": { "127.0.0.1:8080": { "client_ip": { "header": "X-Forwarded-For", "source": [ "10.0.0.0/8" ] }, "pass": "applications/my_app" }, } }
If a request occurs and Unit receives a header like below:
"X-Forwarded-For: 84.123.23.23"
By default, Unit trusts the last rightmost IP in the header, so REMOTE_ADDR will be set to 84.123.23.23 if the connection originated from 10.0.0.0/8.
If Unit runs behind consecutive reverse proxies and receives a header similar to the following:
"X-Forwarded-For: 84.123.23.23, 10.0.0.254"
You will need to enable "recursive" checking, which walks the header from last address to first and chooses the first non-trusted address it finds.
{ "listeners": { "127.0.0.1:8080": { "client_ip": { "header": "X-Forwarded-For", "source": [ "10.0.0.0/8" ] "recursive": true, }, "pass": "applications/my_app" }, } }
If a connection from 10.0.0.0/8 occurs, the chain is walked. Here, 10.0.0.254 is also a trusted address so the client address will be replaced with 84.123.23.23.
If all IP addresses in the header are trusted, the client address is set to the first address in the header:
If 10.0.0.0/8 is trusted and "X-Forwarded-For: 10.0.0.3, 10.0.0.2, 10.0.0.1", the client address will be replaced with 10.0.0.3.
show more ...
|
#
1925:b8a2ac618950 |
| 24-Jul-2021 |
Zhidao HONG |
Router: split nxt_http_app_conf_t from nxt_http_action_t.
No functional changes.
|
Revision tags: 1.24.0-1, 1.24.0 |
|
#
1854:aebe76640568 |
| 22-Apr-2021 |
Zhidao HONG |
Router: grouped app and share fields in nxt_http_action_t.
This is a prerequisite for further introduction of openat2() features. No functional changes.
|