This patch adds a configuration directive "ProxyRequireValidHTTPStatus".
When enabled, mod_proxy will require a valid HTTP status line from the
destination server and throw a 502 Bad Gateway error if it does not
get it. Basicaly, this disallows backasswards reponses.
Why would one want to do this? Well, I have a setup where my handler
is first attempting one proxy destination, and if that does not work,
it tries another. It works by discarding the output of any response
that isn't a 200 and then trying another gateway.
If the gateway doesn't return a valid HTTP 1.0 or better status line,
mod_proxy assumes a 200 OK response. In my environment, I control all
the gateway servers so I know that a working gateway will always give
me a real HTTP status line. If it doesn't, I want to consider it a
bad gateway and try another.
-adam
Index: mod_proxy.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/proxy/mod_proxy.c,v
retrieving revision 1.76
diff -u -r1.76 mod_proxy.c
--- mod_proxy.c 21 Mar 2002 12:05:45 -0000 1.76
+++ mod_proxy.c 30 Mar 2002 01:40:52 -0000
@@ -502,6 +502,7 @@
ps->preserve_host =0;
ps->timeout=0;
ps->timeout_set=0;
+ ps->require_valid_http_status=0;
return ps;
}
@@ -833,6 +834,16 @@
}
static const char *
+ set_require_valid_http_status(cmd_parms *parms, void *dummy, int flag)
+{
+ proxy_server_conf *psf =
+ ap_get_module_config(parms->server->module_config, &proxy_module);
+
+ psf->require_valid_http_status = flag;
+ return NULL;
+}
+
+static const char *
set_recv_buffer_size(cmd_parms *parms, void *dummy, const char *arg)
{
proxy_server_conf *psf =
@@ -1041,6 +1052,8 @@
AP_INIT_TAKE1("ProxyTimeout", set_proxy_timeout, NULL, RSRC_CONF,
"Set the timeout (in seconds) for a proxied connection. "
"This overrides the server timeout"),
+ AP_INIT_FLAG("ProxyRequireValidHTTPStatus", set_require_valid_http_status, NULL,
+RSRC_CONF,
+ "on if proxy should not accept reponses that don't give a valid HTTP 1.0 (or
+better) status line"),
{NULL}
};
Index: mod_proxy.h
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/proxy/mod_proxy.h,v
retrieving revision 1.76
diff -u -r1.76 mod_proxy.h
--- mod_proxy.h 13 Mar 2002 20:47:53 -0000 1.76
+++ mod_proxy.h 30 Mar 2002 01:40:52 -0000
@@ -196,6 +196,8 @@
int timeout;
int timeout_set;
+ int require_valid_http_status;
+
} proxy_server_conf;
typedef struct {
Index: proxy_http.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/proxy/proxy_http.c,v
retrieving revision 1.138
diff -u -r1.138 proxy_http.c
--- proxy_http.c 21 Mar 2002 12:05:45 -0000 1.138
+++ proxy_http.c 30 Mar 2002 01:40:52 -0000
@@ -730,6 +730,12 @@
p_conn->close += 1;
origin->keepalive = 0;
}
+ } else if (conf->require_valid_http_status) {
+ apr_socket_close(p_conn->sock);
+ backend->connection = NULL;
+ return ap_proxyerror(r, HTTP_BAD_GATEWAY,
+ apr_pstrcat(p, "Corrupt status line returned by remote "
+ "server: ", buffer, NULL));
} else {
/* an http/0.9 response */
backasswards = 1;
