Revision 20

Date:
2010/04/29 14:44:01
Author:
ahitrov@rambler.ru
Revision Log:
Дистрибутивы и модули
Files:

Legend:

 
Added
 
Removed
 
Modified

  • cnddist/db-3.1.17.mp_region.patch

     
    1 --- mp_region_old.c Fri Dec 29 16:26:15 2000
    2 +++ mp_region.c Fri Dec 29 16:26:13 2000
    3 @@ -160,7 +160,7 @@
    4 dbenv->mp_handle = dbmp;
    5 return (0);
    6
    7 -err: if (dbmp->reginfo[0].addr != NULL) {
    8 +err: if (dbmp->reginfo && dbmp->reginfo[0].addr != NULL) {
    9 if (F_ISSET(dbmp->reginfo, REGION_CREATE))
    10 for (i = 0; i < dbmp->nreg; ++i)
    11 if (dbmp->reginfo[i].id != REG_ID_INVALID)

  • cnddist/limit_ip.patch.1.1

     
    1 limit_ip.patch ��� apache_1.3.14
    2
    3 ��������� ��� ���������������� ���������:
    4
    5 MaxServersPerIP - ������������� ������������ ���������� ��������,
    6 ������������� � ������ IP
    7 MaxServersPerIPRead - ������������� ������������ ���������� ��������
    8 � ������ IP, ������� ��������� � ��������� ������
    9
    10 ������������ �� ���� ������ ���������� ����
    11 http_patch � http://www.shutoff.spb.ru/apache_patch.html
    12 ��������� ������� ������ � ������������ �������� � apache_1.3.14
    13
    14 ����������� ���:
    15 patch -d apache_1.3.14 -l -p1 < limit_ip.patch
    16
    17 diff -ur apache_1.3.9rusPL28.20/src/include/http_conf_globals.h apache_1.3.9rusPL28.20-patch/src/include/http_conf_globals.h
    18 --- apache_1.3.9rusPL28.20/src/include/http_conf_globals.h Sat Aug 21 02:44:56 1999
    19 +++ apache_1.3.9rusPL28.20-patch/src/include/http_conf_globals.h Tue Sep 21 17:34:52 1999
    20 @@ -86,6 +86,8 @@
    21 extern int ap_daemons_limit;
    22 extern MODULE_VAR_EXPORT int ap_suexec_enabled;
    23 extern int ap_listenbacklog;
    24 +extern int ap_daemons_max_by_ip;
    25 +extern int ap_daemons_max_by_ip_read;
    26 extern int ap_dump_settings;
    27 extern API_VAR_EXPORT int ap_extended_status;
    28
    29 diff -ur apache_1.3.9rusPL28.20/src/include/http_main.h apache_1.3.9rusPL28.20-patch/src/include/http_main.h
    30 --- apache_1.3.9rusPL28.20/src/include/http_main.h Thu Jan 14 12:39:26 1999
    31 +++ apache_1.3.9rusPL28.20-patch/src/include/http_main.h Tue Sep 21 17:34:53 1999
    32 @@ -127,6 +127,9 @@
    33 unsigned int ap_set_callback_and_alarm(void (*fn) (int), int x);
    34 API_EXPORT(int) ap_check_alarm(void);
    35
    36 +void update_child_status_remote_ip (int, conn_rec *);
    37 +int count_connections (conn_rec *, int);
    38 +
    39 #ifndef NO_OTHER_CHILD
    40 /*
    41 * register an other_child -- a child which the main loop keeps track of
    42 diff -ur apache_1.3.9rusPL28.20/src/include/httpd.h apache_1.3.9rusPL28.20-patch/src/include/httpd.h
    43 --- apache_1.3.9rusPL28.20/src/include/httpd.h Thu Sep 2 22:59:02 1999
    44 +++ apache_1.3.9rusPL28.20-patch/src/include/httpd.h Tue Sep 21 17:34:53 1999
    45 @@ -297,6 +297,12 @@
    46 #define DEFAULT_MIN_FREE_DAEMON 5
    47 #endif
    48
    49 +/* Define default limits for MaxDaemons serving a single address */
    50 +
    51 +#define DEFAULT_MAX_DAEMONS_BY_IP 150
    52 +#define DEFAULT_MAX_DAEMONS_BY_IP_READ 75
    53 +#define LIMIT_CONNECTIONS_BY_IP_ERROR HTTP_SERVICE_UNAVAILABLE
    54 +
    55 /* Limit on the total --- clients will be locked out if more servers than
    56 * this are needed. It is intended solely to keep the server from crashing
    57 * when things get out of hand.
    58 diff -ur apache_1.3.9rusPL28.20/src/include/scoreboard.h apache_1.3.9rusPL28.20-patch/src/include/scoreboard.h
    59 --- apache_1.3.9rusPL28.20/src/include/scoreboard.h Sat Aug 21 02:45:00 1999
    60 +++ apache_1.3.9rusPL28.20-patch/src/include/scoreboard.h Tue Sep 21 17:34:53 1999
    61 @@ -159,6 +159,7 @@
    62 char request[64]; /* We just want an idea... */
    63 server_rec *vhostrec; /* What virtual host is being accessed? */
    64 /* SEE ABOVE FOR SAFE USAGE! */
    65 + unsigned long remoteip;
    66 } short_score;
    67
    68 typedef struct {
    69 diff -ur apache_1.3.9rusPL28.20/src/main/http_config.c apache_1.3.9rusPL28.20-patch/src/main/http_config.c
    70 --- apache_1.3.9rusPL28.20/src/main/http_config.c Sat Aug 21 02:45:03 1999
    71 +++ apache_1.3.9rusPL28.20-patch/src/main/http_config.c Tue Sep 21 17:34:53 1999
    72 @@ -1399,6 +1399,8 @@
    73 ap_daemons_to_start = DEFAULT_START_DAEMON;
    74 ap_daemons_min_free = DEFAULT_MIN_FREE_DAEMON;
    75 ap_daemons_max_free = DEFAULT_MAX_FREE_DAEMON;
    76 + ap_daemons_max_by_ip = DEFAULT_MAX_DAEMONS_BY_IP;
    77 + ap_daemons_max_by_ip_read = DEFAULT_MAX_DAEMONS_BY_IP_READ;
    78 ap_daemons_limit = HARD_SERVER_LIMIT;
    79 ap_pid_fname = DEFAULT_PIDLOG;
    80 ap_scoreboard_fname = DEFAULT_SCOREBOARD;
    81 diff -ur apache_1.3.9rusPL28.20/src/main/http_core.c apache_1.3.9rusPL28.20-patch/src/main/http_core.c
    82 --- apache_1.3.9rusPL28.20/src/main/http_core.c Sat Aug 21 02:45:03 1999
    83 +++ apache_1.3.9rusPL28.20-patch/src/main/http_core.c Tue Sep 21 17:34:53 1999
    84 @@ -2182,6 +2182,16 @@
    85 return NULL;
    86 }
    87
    88 +const char * set_max_servers_by_ip (cmd_parms *cmd, void *dummy, char *arg) {
    89 + ap_daemons_max_by_ip = atoi (arg);
    90 + return NULL;
    91 +}
    92 +
    93 +const char * set_max_servers_by_ip_read (cmd_parms *cmd,void *dummy,char *arg) {
    94 + ap_daemons_max_by_ip_read = atoi (arg);
    95 + return NULL;
    96 +}
    97 +
    98 static const char *set_min_free_servers(cmd_parms *cmd, void *dummy, char *arg)
    99 {
    100 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
    101 @@ -2852,6 +2862,10 @@
    102 "Maximum number of idle children" },
    103 { "MaxServers", set_max_free_servers, NULL, RSRC_CONF, TAKE1,
    104 "Deprecated equivalent to MaxSpareServers" },
    105 +{ "MaxServersPerIP", set_max_servers_by_ip, NULL, RSRC_CONF, TAKE1,
    106 + "Maximum number of connections from a single IP address" },
    107 +{ "MaxServersPerIPRead", set_max_servers_by_ip_read, NULL, RSRC_CONF, TAKE1,
    108 + "Maximum number of connection from a single IP address in read state at any time." },
    109 { "ServersSafetyLimit", set_server_limit, NULL, RSRC_CONF, TAKE1,
    110 "Deprecated equivalent to MaxClients" },
    111 { "MaxClients", set_server_limit, NULL, RSRC_CONF, TAKE1,
    112 diff -ur apache_1.3.9rusPL28.20/src/main/http_main.c apache_1.3.9rusPL28.20-patch/src/main/http_main.c
    113 --- apache_1.3.9rusPL28.20/src/main/http_main.c Sat Aug 21 02:45:05 1999
    114 +++ apache_1.3.9rusPL28.20-patch/src/main/http_main.c Tue Sep 21 17:37:07 1999
    115 @@ -249,6 +249,8 @@
    116 API_VAR_EXPORT int ap_daemons_to_start=0;
    117 API_VAR_EXPORT int ap_daemons_min_free=0;
    118 API_VAR_EXPORT int ap_daemons_max_free=0;
    119 +API_VAR_EXPORT int ap_daemons_max_by_ip;
    120 +API_VAR_EXPORT int ap_daemons_max_by_ip_read;
    121 API_VAR_EXPORT int ap_daemons_limit=0;
    122 time_t ap_restart_time=0;
    123 API_VAR_EXPORT int ap_suexec_enabled = 0;
    124 @@ -2183,6 +2185,38 @@
    125 return old_status;
    126 }
    127
    128 +void update_child_status_remote_ip (int child_num, conn_rec * current_conn)
    129 +{
    130 + int slot_size;
    131 + short_score new_score_rec;
    132 +
    133 + if (child_num < 0) { return; }
    134 +
    135 +printf("update ip %u\n", current_conn->remote_addr.sin_addr.s_addr);
    136 +
    137 + ap_sync_scoreboard_image();
    138 + new_score_rec = ap_scoreboard_image->servers[child_num];
    139 +
    140 + slot_size = sizeof(new_score_rec.remoteip) - 1;
    141 +
    142 + if (current_conn)
    143 + {
    144 + new_score_rec.remoteip = current_conn->remote_addr.sin_addr.s_addr;
    145 + }
    146 + else
    147 + {
    148 + new_score_rec.remoteip = 0;
    149 + }
    150 +#if defined(HAVE_MMAP) || defined(HAVE_SHMGET)
    151 + memcpy(&ap_scoreboard_image->servers[child_num], &new_score_rec, sizeof new_score_rec);
    152 +#else
    153 + lseek (scoreboard_fd, (long)child_num * sizeof(short_score), 0);
    154 + force_write (scoreboard_fd, (char*)&new_score_rec, sizeof(short_score));
    155 +#endif
    156 +
    157 + ap_sync_scoreboard_image();
    158 +}
    159 +
    160 static void update_scoreboard_global(void)
    161 {
    162 #ifdef SCOREBOARD_FILE
    163 @@ -2193,6 +2227,26 @@
    164 #endif
    165 }
    166
    167 +int count_connections (conn_rec * current_conn, int state)
    168 +{
    169 + unsigned long remote_ip = current_conn->remote_addr.sin_addr.s_addr;
    170 + int res = 0, i;
    171 +
    172 + for (i = 0; i < HARD_SERVER_LIMIT; i++)
    173 + {
    174 + if ((ap_scoreboard_image->servers[i].status == SERVER_DEAD) ||
    175 + (state > 0 && ap_scoreboard_image->servers[i].status != state))
    176 + {
    177 + continue;
    178 + }
    179 + if (ap_scoreboard_image->servers[i].remoteip == remote_ip)
    180 + {
    181 + res++;
    182 + }
    183 + }
    184 + return res;
    185 +}
    186 +
    187 void ap_time_process_request(int child_num, int status)
    188 {
    189 short_score *ss;
    190 @@ -4021,12 +4075,15 @@
    191 * until no requests are left or we decide to close.
    192 */
    193
    194 - while ((r = ap_read_request(current_conn)) != NULL) {
    195 + for (;;){
    196 + if (ap_daemons_max_by_ip || ap_daemons_max_by_ip_read)
    197 + update_child_status_remote_ip (my_child_num, (conn_rec *)current_conn);
    198 +
    199 + if ((r = ap_read_request(current_conn)) == NULL) break;
    200
    201 /* read_request_line has already done a
    202 * signal (SIGUSR1, SIG_IGN);
    203 */
    204 -
    205 (void) ap_update_child_status(my_child_num, SERVER_BUSY_WRITE, r);
    206
    207 /* process the request if it was read without error */
    208 @@ -5248,6 +5305,9 @@
    209 * until no requests are left or we decide to close.
    210 */
    211 - while ((r = ap_read_request(current_conn)) != NULL) {
    212 + for (;;){
    213 + if (daemons_max_by_ip || daemons_max_by_ip_read)
    214 + update_child_status_remote_ip (child_num, (conn_rec *)current_conn);
    215 + if ((r = ap_read_request(current_conn)) == NULL) break;
    216 (void) ap_update_child_status(child_num, SERVER_BUSY_WRITE, r);
    217
    218 if (r->status == HTTP_OK)
    219 @@ -5273,6 +5333,10 @@
    220 * client has ACKed our FIN and/or has stopped sending us data.
    221 */
    222 ap_kill_cleanups_for_socket(ptrans, csd);
    223 +
    224 + if (daemons_max_by_ip || daemons_max_by_ip_read)
    225 + update_child_status_remote_ip (child_num, (conn_rec *)NULL);
    226 +
    227
    228 #ifdef NO_LINGCLOSE
    229 ap_bclose(conn_io); /* just close it */
    230 diff -ur apache_1.3.9rusPL28.20/src/main/http_protocol.c apache_1.3.9rusPL28.20-patch/src/main/http_protocol.c
    231 --- apache_1.3.9rusPL28.20/src/main/http_protocol.c Thu Sep 2 22:59:02 1999
    232 +++ apache_1.3.9rusPL28.20-patch/src/main/http_protocol.c Tue Sep 21 17:34:55 1999
    233 @@ -73,6 +73,15 @@
    234 #include "http_log.h" /* For errors detected in basic auth common
    235 * support code... */
    236 #include "util_date.h" /* For parseHTTPdate and BAD_DATE */
    237 +
    238 +#include "scoreboard.h" /* for limiting connections by IP */
    239 +#ifndef LONG_STRING_LEN
    240 +#define LONG_STRING_LEN 2048
    241 +#endif /* LONG_STRING_LEN */
    242 +extern int ap_daemons_max_by_ip;
    243 +extern int ap_daemons_max_by_ip_read;
    244 +extern void ap_die();
    245 +
    246 #include <stdarg.h>
    247 #include "http_conf_globals.h"
    248
    249 @@ -935,6 +944,8 @@
    250 pool *p;
    251 const char *expect;
    252 int access_status;
    253 + int current_connections;
    254 + char *reject_state = NULL;
    255
    256 p = ap_make_sub_pool(conn->pool);
    257 r = ap_pcalloc(p, sizeof(request_rec));
    258 @@ -966,6 +977,33 @@
    259 r->read_length = 0;
    260 r->read_body = REQUEST_NO_BODY;
    261
    262 + if (ap_daemons_max_by_ip && ((current_connections = count_connections(conn,0))
    263 + > ap_daemons_max_by_ip))
    264 + {
    265 + r->request_time=time(NULL);
    266 + reject_state = "total";
    267 + }
    268 + else if (ap_daemons_max_by_ip_read &&
    269 + ((current_connections = count_connections(conn,SERVER_BUSY_READ))
    270 + > ap_daemons_max_by_ip_read))
    271 + {
    272 + reject_state = "read state";
    273 + }
    274 + if (reject_state) {
    275 + r->status = HTTP_OK;
    276 + r->request_time = time(NULL);
    277 + r->proto_num = 1000; /* or something */
    278 + r->assbackwards = 0; /* who knows... */
    279 + r->protocol = "HTTP/1.0"; /* just not empty */
    280 + r->the_request = NULL;
    281 + r->method = NULL;
    282 + r->method_number = M_INVALID;
    283 + ap_die(LIMIT_CONNECTIONS_BY_IP_ERROR, r);
    284 + ap_log_transaction(r);
    285 + ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, conn->server, "Client at %s for %s with %d %s current connections", conn->remote_ip, conn->server->server_hostname, current_connections, reject_state);
    286 + return NULL;
    287 + }
    288 +
    289 r->status = HTTP_REQUEST_TIME_OUT; /* Until we get a request */
    290 r->the_request = NULL;
    291

  • cnddist/limit_ip.patch.1.2

     
    1 limit_ip.patch ��� apache_1.3.14
    2
    3 ��������� ��� ���������������� ���������:
    4
    5 MaxServersPerIP - ������������� ������������ ���������� ��������,
    6 ������������� � ������ IP
    7 MaxServersPerIPRead - ������������� ������������ ���������� ��������
    8 � ������ IP, ������� ��������� � ��������� ������
    9
    10 ������������ �� ���� ������ ���������� ����
    11 http_patch � http://www.shutoff.spb.ru/apache_patch.html
    12 ��������� ������� ������ � ������������ �������� � apache_1.3.14
    13
    14 ����������� ���:
    15 patch -d apache_1.3.14 -l -p1 < limit_ip.patch
    16
    17 diff -ur apache_1.3.9rusPL28.20/src/include/http_conf_globals.h apache_1.3.9rusPL28.20-patch/src/include/http_conf_globals.h
    18 --- apache_1.3.9rusPL28.20/src/include/http_conf_globals.h Sat Aug 21 02:44:56 1999
    19 +++ apache_1.3.9rusPL28.20-patch/src/include/http_conf_globals.h Tue Sep 21 17:34:52 1999
    20 @@ -86,6 +86,8 @@
    21 extern int ap_daemons_limit;
    22 extern MODULE_VAR_EXPORT int ap_suexec_enabled;
    23 extern int ap_listenbacklog;
    24 +extern int ap_daemons_max_by_ip;
    25 +extern int ap_daemons_max_by_ip_read;
    26 extern int ap_dump_settings;
    27 extern API_VAR_EXPORT int ap_extended_status;
    28
    29 diff -ur apache_1.3.9rusPL28.20/src/include/http_main.h apache_1.3.9rusPL28.20-patch/src/include/http_main.h
    30 --- apache_1.3.9rusPL28.20/src/include/http_main.h Thu Jan 14 12:39:26 1999
    31 +++ apache_1.3.9rusPL28.20-patch/src/include/http_main.h Tue Sep 21 17:34:53 1999
    32 @@ -127,6 +127,9 @@
    33 unsigned int ap_set_callback_and_alarm(void (*fn) (int), int x);
    34 API_EXPORT(int) ap_check_alarm(void);
    35
    36 +void update_child_status_remote_ip (int, conn_rec *);
    37 +int count_connections (conn_rec *, int);
    38 +
    39 #ifndef NO_OTHER_CHILD
    40 /*
    41 * register an other_child -- a child which the main loop keeps track of
    42 diff -ur apache_1.3.9rusPL28.20/src/include/httpd.h apache_1.3.9rusPL28.20-patch/src/include/httpd.h
    43 --- apache_1.3.9rusPL28.20/src/include/httpd.h Thu Sep 2 22:59:02 1999
    44 +++ apache_1.3.9rusPL28.20-patch/src/include/httpd.h Tue Sep 21 17:34:53 1999
    45 @@ -297,6 +297,12 @@
    46 #define DEFAULT_MIN_FREE_DAEMON 5
    47 #endif
    48
    49 +/* Define default limits for MaxDaemons serving a single address */
    50 +
    51 +#define DEFAULT_MAX_DAEMONS_BY_IP 150
    52 +#define DEFAULT_MAX_DAEMONS_BY_IP_READ 75
    53 +#define LIMIT_CONNECTIONS_BY_IP_ERROR HTTP_SERVICE_UNAVAILABLE
    54 +
    55 /* Limit on the total --- clients will be locked out if more servers than
    56 * this are needed. It is intended solely to keep the server from crashing
    57 * when things get out of hand.
    58 diff -ur apache_1.3.9rusPL28.20/src/include/scoreboard.h apache_1.3.9rusPL28.20-patch/src/include/scoreboard.h
    59 --- apache_1.3.9rusPL28.20/src/include/scoreboard.h Sat Aug 21 02:45:00 1999
    60 +++ apache_1.3.9rusPL28.20-patch/src/include/scoreboard.h Tue Sep 21 17:34:53 1999
    61 @@ -159,9 +159,11 @@
    62 char request[64]; /* We just want an idea... */
    63 server_rec *vhostrec; /* What virtual host is being accessed? */
    64 /* SEE ABOVE FOR SAFE USAGE! */
    65 #ifdef MOD_DEFLATE_IDLE
    66 int deflate;
    67 #endif
    68 +
    69 + unsigned long remoteip;
    70 } short_score;
    71
    72 typedef struct {
    73 diff -ur apache_1.3.9rusPL28.20/src/main/http_config.c apache_1.3.9rusPL28.20-patch/src/main/http_config.c
    74 --- apache_1.3.9rusPL28.20/src/main/http_config.c Sat Aug 21 02:45:03 1999
    75 +++ apache_1.3.9rusPL28.20-patch/src/main/http_config.c Tue Sep 21 17:34:53 1999
    76 @@ -1399,6 +1399,8 @@
    77 ap_daemons_to_start = DEFAULT_START_DAEMON;
    78 ap_daemons_min_free = DEFAULT_MIN_FREE_DAEMON;
    79 ap_daemons_max_free = DEFAULT_MAX_FREE_DAEMON;
    80 + ap_daemons_max_by_ip = DEFAULT_MAX_DAEMONS_BY_IP;
    81 + ap_daemons_max_by_ip_read = DEFAULT_MAX_DAEMONS_BY_IP_READ;
    82 ap_daemons_limit = HARD_SERVER_LIMIT;
    83 ap_pid_fname = DEFAULT_PIDLOG;
    84 ap_scoreboard_fname = DEFAULT_SCOREBOARD;
    85 diff -ur apache_1.3.9rusPL28.20/src/main/http_core.c apache_1.3.9rusPL28.20-patch/src/main/http_core.c
    86 --- apache_1.3.9rusPL28.20/src/main/http_core.c Sat Aug 21 02:45:03 1999
    87 +++ apache_1.3.9rusPL28.20-patch/src/main/http_core.c Tue Sep 21 17:34:53 1999
    88 @@ -2182,6 +2182,16 @@
    89 return NULL;
    90 }
    91
    92 +const char * set_max_servers_by_ip (cmd_parms *cmd, void *dummy, char *arg) {
    93 + ap_daemons_max_by_ip = atoi (arg);
    94 + return NULL;
    95 +}
    96 +
    97 +const char * set_max_servers_by_ip_read (cmd_parms *cmd,void *dummy,char *arg) {
    98 + ap_daemons_max_by_ip_read = atoi (arg);
    99 + return NULL;
    100 +}
    101 +
    102 static const char *set_min_free_servers(cmd_parms *cmd, void *dummy, char *arg)
    103 {
    104 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
    105 @@ -2852,6 +2862,10 @@
    106 "Maximum number of idle children" },
    107 { "MaxServers", set_max_free_servers, NULL, RSRC_CONF, TAKE1,
    108 "Deprecated equivalent to MaxSpareServers" },
    109 +{ "MaxServersPerIP", set_max_servers_by_ip, NULL, RSRC_CONF, TAKE1,
    110 + "Maximum number of connections from a single IP address" },
    111 +{ "MaxServersPerIPRead", set_max_servers_by_ip_read, NULL, RSRC_CONF, TAKE1,
    112 + "Maximum number of connection from a single IP address in read state at any time." },
    113 { "ServersSafetyLimit", set_server_limit, NULL, RSRC_CONF, TAKE1,
    114 "Deprecated equivalent to MaxClients" },
    115 { "MaxClients", set_server_limit, NULL, RSRC_CONF, TAKE1,
    116 diff -ur apache_1.3.9rusPL28.20/src/main/http_main.c apache_1.3.9rusPL28.20-patch/src/main/http_main.c
    117 --- apache_1.3.9rusPL28.20/src/main/http_main.c Sat Aug 21 02:45:05 1999
    118 +++ apache_1.3.9rusPL28.20-patch/src/main/http_main.c Tue Sep 21 17:37:07 1999
    119 @@ -249,6 +249,8 @@
    120 API_VAR_EXPORT int ap_daemons_to_start=0;
    121 API_VAR_EXPORT int ap_daemons_min_free=0;
    122 API_VAR_EXPORT int ap_daemons_max_free=0;
    123 +API_VAR_EXPORT int ap_daemons_max_by_ip;
    124 +API_VAR_EXPORT int ap_daemons_max_by_ip_read;
    125 API_VAR_EXPORT int ap_daemons_limit=0;
    126 time_t ap_restart_time=0;
    127 API_VAR_EXPORT int ap_suexec_enabled = 0;
    128 @@ -2183,6 +2185,38 @@
    129 return old_status;
    130 }
    131
    132 +void update_child_status_remote_ip (int child_num, conn_rec * current_conn)
    133 +{
    134 + int slot_size;
    135 + short_score new_score_rec;
    136 +
    137 + if (child_num < 0) { return; }
    138 +
    139 +printf("update ip %u\n", current_conn->remote_addr.sin_addr.s_addr);
    140 +
    141 + ap_sync_scoreboard_image();
    142 + new_score_rec = ap_scoreboard_image->servers[child_num];
    143 +
    144 + slot_size = sizeof(new_score_rec.remoteip) - 1;
    145 +
    146 + if (current_conn)
    147 + {
    148 + new_score_rec.remoteip = current_conn->remote_addr.sin_addr.s_addr;
    149 + }
    150 + else
    151 + {
    152 + new_score_rec.remoteip = 0;
    153 + }
    154 +#if defined(HAVE_MMAP) || defined(HAVE_SHMGET)
    155 + memcpy(&ap_scoreboard_image->servers[child_num], &new_score_rec, sizeof new_score_rec);
    156 +#else
    157 + lseek (scoreboard_fd, (long)child_num * sizeof(short_score), 0);
    158 + force_write (scoreboard_fd, (char*)&new_score_rec, sizeof(short_score));
    159 +#endif
    160 +
    161 + ap_sync_scoreboard_image();
    162 +}
    163 +
    164 static void update_scoreboard_global(void)
    165 {
    166 #ifdef SCOREBOARD_FILE
    167 @@ -2193,6 +2227,26 @@
    168 #endif
    169 }
    170
    171 +int count_connections (conn_rec * current_conn, int state)
    172 +{
    173 + unsigned long remote_ip = current_conn->remote_addr.sin_addr.s_addr;
    174 + int res = 0, i;
    175 +
    176 + for (i = 0; i < HARD_SERVER_LIMIT; i++)
    177 + {
    178 + if ((ap_scoreboard_image->servers[i].status == SERVER_DEAD) ||
    179 + (state > 0 && ap_scoreboard_image->servers[i].status != state))
    180 + {
    181 + continue;
    182 + }
    183 + if (ap_scoreboard_image->servers[i].remoteip == remote_ip)
    184 + {
    185 + res++;
    186 + }
    187 + }
    188 + return res;
    189 +}
    190 +
    191 void ap_time_process_request(int child_num, int status)
    192 {
    193 short_score *ss;
    194 @@ -4021,12 +4075,15 @@
    195 * until no requests are left or we decide to close.
    196 */
    197
    198 - while ((r = ap_read_request(current_conn)) != NULL) {
    199 + for (;;){
    200 + if (ap_daemons_max_by_ip || ap_daemons_max_by_ip_read)
    201 + update_child_status_remote_ip (my_child_num, (conn_rec *)current_conn);
    202 +
    203 + if ((r = ap_read_request(current_conn)) == NULL) break;
    204
    205 /* read_request_line has already done a
    206 * signal (SIGUSR1, SIG_IGN);
    207 */
    208 -
    209 (void) ap_update_child_status(my_child_num, SERVER_BUSY_WRITE, r);
    210
    211 /* process the request if it was read without error */
    212 @@ -5248,6 +5305,9 @@
    213 * until no requests are left or we decide to close.
    214 */
    215 - while ((r = ap_read_request(current_conn)) != NULL) {
    216 + for (;;){
    217 + if (daemons_max_by_ip || daemons_max_by_ip_read)
    218 + update_child_status_remote_ip (child_num, (conn_rec *)current_conn);
    219 + if ((r = ap_read_request(current_conn)) == NULL) break;
    220 (void) ap_update_child_status(child_num, SERVER_BUSY_WRITE, r);
    221
    222 if (r->status == HTTP_OK)
    223 @@ -5273,6 +5333,10 @@
    224 * client has ACKed our FIN and/or has stopped sending us data.
    225 */
    226 ap_kill_cleanups_for_socket(ptrans, csd);
    227 +
    228 + if (daemons_max_by_ip || daemons_max_by_ip_read)
    229 + update_child_status_remote_ip (child_num, (conn_rec *)NULL);
    230 +
    231
    232 #ifdef NO_LINGCLOSE
    233 ap_bclose(conn_io); /* just close it */
    234 diff -ur apache_1.3.9rusPL28.20/src/main/http_protocol.c apache_1.3.9rusPL28.20-patch/src/main/http_protocol.c
    235 --- apache_1.3.9rusPL28.20/src/main/http_protocol.c Thu Sep 2 22:59:02 1999
    236 +++ apache_1.3.9rusPL28.20-patch/src/main/http_protocol.c Tue Sep 21 17:34:55 1999
    237 @@ -73,6 +73,15 @@
    238 #include "http_log.h" /* For errors detected in basic auth common
    239 * support code... */
    240 #include "util_date.h" /* For parseHTTPdate and BAD_DATE */
    241 +
    242 +#include "scoreboard.h" /* for limiting connections by IP */
    243 +#ifndef LONG_STRING_LEN
    244 +#define LONG_STRING_LEN 2048
    245 +#endif /* LONG_STRING_LEN */
    246 +extern int ap_daemons_max_by_ip;
    247 +extern int ap_daemons_max_by_ip_read;
    248 +extern void ap_die();
    249 +
    250 #include <stdarg.h>
    251 #include "http_conf_globals.h"
    252
    253 @@ -935,6 +944,8 @@
    254 pool *p;
    255 const char *expect;
    256 int access_status;
    257 + int current_connections;
    258 + char *reject_state = NULL;
    259
    260 p = ap_make_sub_pool(conn->pool);
    261 r = ap_pcalloc(p, sizeof(request_rec));
    262 @@ -966,6 +977,33 @@
    263 r->read_length = 0;
    264 r->read_body = REQUEST_NO_BODY;
    265
    266 + if (ap_daemons_max_by_ip && ((current_connections = count_connections(conn,0))
    267 + > ap_daemons_max_by_ip))
    268 + {
    269 + r->request_time=time(NULL);
    270 + reject_state = "total";
    271 + }
    272 + else if (ap_daemons_max_by_ip_read &&
    273 + ((current_connections = count_connections(conn,SERVER_BUSY_READ))
    274 + > ap_daemons_max_by_ip_read))
    275 + {
    276 + reject_state = "read state";
    277 + }
    278 + if (reject_state) {
    279 + r->status = HTTP_OK;
    280 + r->request_time = time(NULL);
    281 + r->proto_num = 1000; /* or something */
    282 + r->assbackwards = 0; /* who knows... */
    283 + r->protocol = "HTTP/1.0"; /* just not empty */
    284 + r->the_request = NULL;
    285 + r->method = NULL;
    286 + r->method_number = M_INVALID;
    287 + ap_die(LIMIT_CONNECTIONS_BY_IP_ERROR, r);
    288 + ap_log_transaction(r);
    289 + ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, conn->server, "Client at %s for %s with %d %s current connections", conn->remote_ip, conn->server->server_hostname, current_connections, reject_state);
    290 + return NULL;
    291 + }
    292 +
    293 r->status = HTTP_REQUEST_TIME_OUT; /* Until we get a request */
    294 r->the_request = NULL;
    295

  • cnddist/mod_proxy_add_forward.c

     
    1 /* ====================================================================
    2 * The Apache Software License, Version 1.1
    3 *
    4 * Copyright (c) 2000 The Apache Software Foundation. All rights
    5 * reserved.
    6 *
    7 * Redistribution and use in source and binary forms, with or without
    8 * modification, are permitted provided that the following conditions
    9 * are met:
    10 *
    11 * 1. Redistributions of source code must retain the above copyright
    12 * notice, this list of conditions and the following disclaimer.
    13 *
    14 * 2. Redistributions in binary form must reproduce the above copyright
    15 * notice, this list of conditions and the following disclaimer in
    16 * the documentation and/or other materials provided with the
    17 * distribution.
    18 *
    19 * 3. The end-user documentation included with the redistribution,
    20 * if any, must include the following acknowledgment:
    21 * "This product includes software developed by the
    22 * Apache Software Foundation (http://www.apache.org/)."
    23 * Alternately, this acknowledgment may appear in the software itself,
    24 * if and wherever such third-party acknowledgments normally appear.
    25 *
    26 * 4. The names "Apache" and "Apache Software Foundation" must
    27 * not be used to endorse or promote products derived from this
    28 * software without prior written permission. For written
    29 * permission, please contact apache@apache.org.
    30 *
    31 * 5. Products derived from this software may not be called "Apache",
    32 * nor may "Apache" appear in their name, without prior written
    33 * permission of the Apache Software Foundation.
    34 *
    35 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
    36 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
    37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
    38 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
    39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
    41 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
    42 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
    43 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
    44 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
    45 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
    46 * SUCH DAMAGE.
    47 * ====================================================================
    48 *
    49 * This software consists of voluntary contributions made by many
    50 * individuals on behalf of the Apache Software Foundation. For more
    51 * information on the Apache Software Foundation, please see
    52 * <http://www.apache.org/>.
    53 *
    54 * Portions of this software are based upon public domain software
    55 * originally written at the National Center for Supercomputing Applications,
    56 * University of Illinois, Urbana-Champaign.
    57 */
    58
    59 /* proxy_add_forward module
    60 *
    61 * This module adds a 'X-Forwarded-For' header to outgoing
    62 * proxy requests like Squid does.
    63 *
    64 * You can then get the client ip back on the "proxied host" by
    65 * setting r->connection->remote_ip from this header.
    66 *
    67 * Ask Bjoern Hansen <ask@netcetera.dk>, October 1998
    68
    69 * Changes:
    70 *
    71 * April 12 2000: Changed the license to the ASF 1.1 license.
    72 *
    73 * April 12 2000: Made it so that we append our IP to an existing
    74 * "X-Forwarded-For" line instead of clobbering an
    75 * existing one. - <ahosey@systhug.com>
    76 *
    77 * June 8 1999: Added instructions on how to compile it into the
    78 * frontend apache
    79 *
    80 * April 12 1999: Changed the sample code so it doesn't confuse the
    81 * C compiler, ydkhr! Thanks to Mike Whitaker for
    82 * noticing.
    83 *
    84 * March 1 1999: Added sample code on how to use the header with
    85 * mod_perl
    86 *
    87
    88 To use the module you have to compile it into the frontend part of
    89 your server, I usually copy the module to apache-1.3/src/modules/extra/
    90 and use APACI like:
    91
    92 ./configure --prefix=/usr/local/apache \
    93 --activate-module=src/modules/extra/mod_proxy_add_forward.c \
    94 --enable-module=proxy_add_forward [... more apaci options ...]
    95
    96 You should also be able to compile and use this module as a
    97 dynamically loaded module (DSO).
    98
    99 TMTOWTDI, but I usually make the 'backend' part of the system
    100 something like the following:
    101
    102 in startup.pl:
    103
    104 sub My::ProxyRemoteAddr ($) {
    105 my $r = shift;
    106
    107 # we'll only look at the X-Forwarded-For header if the requests
    108 # comes from our proxy at localhost
    109 return OK unless ($r->connection->remote_ip eq "127.0.0.1");
    110
    111 if (my ($ip) = $r->header_in('X-Forwarded-For') =~ /([^,\s]+)$/) {
    112 $r->connection->remote_ip($ip);
    113 }
    114
    115 return OK;
    116 }
    117
    118 And in httpd.conf:
    119
    120 PerlPostReadRequestHandler My::ProxyRemoteAddr
    121
    122 */
    123
    124
    125 #include "httpd.h"
    126 #include "http_config.h"
    127 #include "http_core.h"
    128
    129 module MODULE_VAR_EXPORT proxy_add_forward_module;
    130
    131 static int add_forward_header(request_rec *r)
    132 {
    133 const char *oldvalue;
    134
    135 if (r->proxyreq) {
    136 /* If there is an existing header, append our IP to that. */
    137 if (oldvalue = ap_table_get(r->headers_in, "X-Forwarded-For")) {
    138 ap_table_set(r->headers_in, "X-Forwarded-For",
    139 ap_pstrcat(r->pool, oldvalue, ", ",
    140 r->connection->remote_ip, NULL));
    141 }
    142 else {
    143 ap_table_set(r->headers_in, "X-Forwarded-For",
    144 r->connection->remote_ip);
    145 }
    146 return OK;
    147 }
    148 return DECLINED;
    149 }
    150
    151 module MODULE_VAR_EXPORT proxy_add_forward_module = {
    152 STANDARD_MODULE_STUFF,
    153 NULL, /* initializer */
    154 NULL, /* dir config creater */
    155 NULL, /* dir merger --- default is to override */
    156 NULL, /* server config */
    157 NULL, /* merge server configs */
    158 NULL, /* command table */
    159 NULL, /* handlers */
    160 NULL, /* filename translation */
    161 NULL, /* check_user_id */
    162 NULL, /* check auth */
    163 NULL, /* check access */
    164 NULL, /* type_checker */
    165 add_forward_header, /* fixups */
    166 NULL, /* logger */
    167 NULL, /* header parser */
    168 NULL, /* child_init */
    169 NULL, /* child_exit */
    170 NULL /* post read-request */
    171 };
    172
    173

  • cnddist/mod_ssl-2.8.5-1.3.22.tar.gz.asc

     
    1 -----BEGIN PGP MESSAGE-----
    2 Version: 2.6.3ia
    3
    4 iQCVAwUAO8wqlQ5erwYmu0N9AQEAgAP+JVJ2ID8l7opmZ2XGbmmsKFmZt5D/VIJr
    5 KMRgHo7NnL1/RQIKROKdEYqhGCfHTVSYbuQUWeOA3yyuHRjMz2KeW3zXmALK5/1x
    6 MNHj1XjrDiwoWSaDL1MX/flNt5rUZM9gr/eP18yFGAfsYvXcLRWrL39TXAjW6wwg
    7 IXc1P04s93U=
    8 =BZPf
    9 -----END PGP MESSAGE-----

  • cnddist/patch.apache.chunked

     
    1 --- src/main/http_protocol.c Fri Jun 21 13:01:56 2002
    2 +++ src/main/http_protocol.c Fri Jun 21 13:03:03 2002
    3 @@ -2050,6 +2050,11 @@
    4
    5 len_to_read = get_chunk_size(buffer);
    6
    7 + if (len_to_read < 0) {
    8 + r->connection->keepalive = -1;
    9 + return -1;
    10 + }
    11 +
    12 if (len_to_read == 0) { /* Last chunk indicated, get footers */
    13 if (r->read_body == REQUEST_CHUNKED_DECHUNK) {
    14 get_mime_headers(r);