You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by wr...@apache.org on 2009/07/24 20:54:39 UTC

svn commit: r797603 - /httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c

Author: wrowe
Date: Fri Jul 24 18:54:39 2009
New Revision: 797603

URL: http://svn.apache.org/viewvc?rev=797603&view=rev
Log:
Remove hop by hop headers and set Connection: close to convince
all fastcgi consumers that they are not responsible for the various
processing which httpd has already performed, internally.

Modified:
    httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c

Modified: httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c
URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c?rev=797603&r1=797602&r2=797603&view=diff
==============================================================================
--- httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c (original)
+++ httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c Fri Jul 24 18:54:39 2009
@@ -207,6 +207,17 @@
     ap_add_cgi_vars(r);
     fcgid_add_cgi_vars(r);
 
+    /* Remove hop-by-hop headers handled by http
+     */
+    apr_table_unset(r->subprocess_env, "HTTP_KEEP_ALIVE");
+    apr_table_unset(r->subprocess_env, "HTTP_TE");
+    apr_table_unset(r->subprocess_env, "HTTP_TRAILER");
+    apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING");
+    apr_table_unset(r->subprocess_env, "HTTP_UPGRADE");
+
+    /* Connection hop-by-hop header to prevent the CGI from hanging */
+    apr_table_set(r->subprocess_env, "HTTP_CONNECTION", "close");
+
     /* Insert output filter */
     ap_add_output_filter_handle(fcgid_filter_handle, NULL, r,
                                 r->connection);
@@ -260,12 +271,22 @@
     apr_table_setn(r->subprocess_env, "REMOTE_PASSWD", password);
     apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHENTICATOR");
 
-    /* Remove some environment variables */
-    /* The Web server does not send CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, and SCRIPT_NAME headers */
+    /* Drop the variables CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED,
+     * SCRIPT_NAME and most Hop-By-Hop headers - EXCEPT we will pass
+     * PROXY_AUTH to allow CGI to perform proxy auth for httpd
+     */
     apr_table_unset(r->subprocess_env, "CONTENT_LENGTH");
     apr_table_unset(r->subprocess_env, "PATH_INFO");
     apr_table_unset(r->subprocess_env, "PATH_TRANSLATED");
     apr_table_unset(r->subprocess_env, "SCRIPT_NAME");
+    apr_table_unset(r->subprocess_env, "HTTP_KEEP_ALIVE");
+    apr_table_unset(r->subprocess_env, "HTTP_TE");
+    apr_table_unset(r->subprocess_env, "HTTP_TRAILER");
+    apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING");
+    apr_table_unset(r->subprocess_env, "HTTP_UPGRADE");
+
+    /* Connection hop-by-hop header to prevent the CGI from hanging */
+    apr_table_set(r->subprocess_env, "HTTP_CONNECTION", "close");
 
     /* Handle the request */
     res =
@@ -340,12 +361,22 @@
     fcgid_add_cgi_vars(r);
     apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHORIZER");
 
-    /* Remove some environment variables */
-    /* The Web server does not send CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, and SCRIPT_NAME headers */
+    /* Drop the variables CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED,
+     * SCRIPT_NAME and most Hop-By-Hop headers - EXCEPT we will pass
+     * PROXY_AUTH to allow CGI to perform proxy auth for httpd
+     */
     apr_table_unset(r->subprocess_env, "CONTENT_LENGTH");
     apr_table_unset(r->subprocess_env, "PATH_INFO");
     apr_table_unset(r->subprocess_env, "PATH_TRANSLATED");
     apr_table_unset(r->subprocess_env, "SCRIPT_NAME");
+    apr_table_unset(r->subprocess_env, "HTTP_KEEP_ALIVE");
+    apr_table_unset(r->subprocess_env, "HTTP_TE");
+    apr_table_unset(r->subprocess_env, "HTTP_TRAILER");
+    apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING");
+    apr_table_unset(r->subprocess_env, "HTTP_UPGRADE");
+
+    /* Connection hop-by-hop header to prevent the CGI from hanging */
+    apr_table_set(r->subprocess_env, "HTTP_CONNECTION", "close");
 
     /* Handle the request */
     res =
@@ -421,12 +452,22 @@
     apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE",
                    "ACCESS_CHECKER");
 
-    /* Remove some environment variables */
-    /* The Web server does not send CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, and SCRIPT_NAME headers */
+    /* Drop the variables CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED,
+     * SCRIPT_NAME and most Hop-By-Hop headers - EXCEPT we will pass
+     * PROXY_AUTH to allow CGI to perform proxy auth for httpd
+     */
     apr_table_unset(r->subprocess_env, "CONTENT_LENGTH");
     apr_table_unset(r->subprocess_env, "PATH_INFO");
     apr_table_unset(r->subprocess_env, "PATH_TRANSLATED");
     apr_table_unset(r->subprocess_env, "SCRIPT_NAME");
+    apr_table_unset(r->subprocess_env, "HTTP_KEEP_ALIVE");
+    apr_table_unset(r->subprocess_env, "HTTP_TE");
+    apr_table_unset(r->subprocess_env, "HTTP_TRAILER");
+    apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING");
+    apr_table_unset(r->subprocess_env, "HTTP_UPGRADE");
+
+    /* Connection hop-by-hop header to prevent the CGI from hanging */
+    apr_table_set(r->subprocess_env, "HTTP_CONNECTION", "close");
 
     /* Handle the request */
     res =

Re: svn commit: r797603 - /httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

William A. Rowe, Jr. wrote:
> wrowe@apache.org wrote:
>> Author: wrowe
>> Date: Fri Jul 24 18:54:39 2009
>> New Revision: 797603
>>
>> URL: http://svn.apache.org/viewvc?rev=797603&view=rev
>> Log:
>> Remove hop by hop headers and set Connection: close to convince
>> all fastcgi consumers that they are not responsible for the various
>> processing which httpd has already performed, internally.
> 
> Folks, the patch inspires two questions;
> 
>> Modified: httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c
>> URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c?rev=797603&r1=797602&r2=797603&view=diff
>> ==============================================================================
>> --- httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c (original)
>> +++ httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c Fri Jul 24 18:54:39 2009
>> -    /* Remove some environment variables */
>> -    /* The Web server does not send CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, and SCRIPT_NAME headers */
>> +    /* Drop the variables CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED,
>> +     * SCRIPT_NAME and most Hop-By-Hop headers - EXCEPT we will pass
>> +     * PROXY_AUTH to allow CGI to perform proxy auth for httpd
>> +     */
> 
> Do we want Proxy-Auth* headers to be shared with a CGI application?
> If so, howso, and if not, why not?  Note this auth is hop-by-hop,
> and (in theory) httpd is both an endpoint, and a gateway to cgi which
> is allowed to do auth processing.
> 
>>      apr_table_unset(r->subprocess_env, "CONTENT_LENGTH");
>>      apr_table_unset(r->subprocess_env, "PATH_INFO");
>>      apr_table_unset(r->subprocess_env, "PATH_TRANSLATED");
>>      apr_table_unset(r->subprocess_env, "SCRIPT_NAME");
> 
> [these four above are not removed for the actual request _handler, but only
> when acting for the authn/authz mechanics.]
> 
>> +    apr_table_unset(r->subprocess_env, "HTTP_KEEP_ALIVE");
>> +    apr_table_unset(r->subprocess_env, "HTTP_TE");
>> +    apr_table_unset(r->subprocess_env, "HTTP_TRAILER");
>> +    apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING");
>> +    apr_table_unset(r->subprocess_env, "HTTP_UPGRADE");
> 
> None of the above should matter to the cgi; fastcgi protocol doesn't have
> a trailer mechanism for request bodies, so far as I'm aware.  The request
> body Transfer Encoding, any upgrade or keep_alives should be ignored, and
> 
>> +    /* Connection hop-by-hop header to prevent the CGI from hanging */
>> +    apr_table_set(r->subprocess_env, "HTTP_CONNECTION", "close");
> 
> we should let the fastcgi app context consider itself 'done' upon completion
> of one request.  I presume this is correct?

Thoughts?

Re: svn commit: r797603 - /httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

wrowe@apache.org wrote:
> Author: wrowe
> Date: Fri Jul 24 18:54:39 2009
> New Revision: 797603
> 
> URL: http://svn.apache.org/viewvc?rev=797603&view=rev
> Log:
> Remove hop by hop headers and set Connection: close to convince
> all fastcgi consumers that they are not responsible for the various
> processing which httpd has already performed, internally.

Folks, the patch inspires two questions;

> Modified: httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c
> URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c?rev=797603&r1=797602&r2=797603&view=diff
> ==============================================================================
> --- httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c (original)
> +++ httpd/mod_fcgid/trunk/mod_fcgid/mod_fcgid.c Fri Jul 24 18:54:39 2009
> -    /* Remove some environment variables */
> -    /* The Web server does not send CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, and SCRIPT_NAME headers */
> +    /* Drop the variables CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED,
> +     * SCRIPT_NAME and most Hop-By-Hop headers - EXCEPT we will pass
> +     * PROXY_AUTH to allow CGI to perform proxy auth for httpd
> +     */

Do we want Proxy-Auth* headers to be shared with a CGI application?
If so, howso, and if not, why not?  Note this auth is hop-by-hop,
and (in theory) httpd is both an endpoint, and a gateway to cgi which
is allowed to do auth processing.

>      apr_table_unset(r->subprocess_env, "CONTENT_LENGTH");
>      apr_table_unset(r->subprocess_env, "PATH_INFO");
>      apr_table_unset(r->subprocess_env, "PATH_TRANSLATED");
>      apr_table_unset(r->subprocess_env, "SCRIPT_NAME");

[these four above are not removed for the actual request _handler, but only
when acting for the authn/authz mechanics.]

> +    apr_table_unset(r->subprocess_env, "HTTP_KEEP_ALIVE");
> +    apr_table_unset(r->subprocess_env, "HTTP_TE");
> +    apr_table_unset(r->subprocess_env, "HTTP_TRAILER");
> +    apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING");
> +    apr_table_unset(r->subprocess_env, "HTTP_UPGRADE");

None of the above should matter to the cgi; fastcgi protocol doesn't have
a trailer mechanism for request bodies, so far as I'm aware.  The request
body Transfer Encoding, any upgrade or keep_alives should be ignored, and

> +    /* Connection hop-by-hop header to prevent the CGI from hanging */
> +    apr_table_set(r->subprocess_env, "HTTP_CONNECTION", "close");

we should let the fastcgi app context consider itself 'done' upon completion
of one request.  I presume this is correct?