Revision 20
Date:
2010/04/29 14:44:01
Author:
ahitrov@rambler.ru
Revision Log:
Дистрибутивы и модули
Files:
Legend:
Added
Removed
Modified
cnddist/db-3.1.17.mp_region.patch
1
--- mp_region_old.c Fri Dec 29 16:26:15 2000
2
+++ mp_region.c Fri Dec 29 16:26:13 2000
3
@@ -160,7 +160,7 @@
4
dbenv->mp_handle = dbmp;
5
return (0);
6
7
-err: if (dbmp->reginfo[0].addr != NULL) {
8
+err: if (dbmp->reginfo && dbmp->reginfo[0].addr != NULL) {
9
if (F_ISSET(dbmp->reginfo, REGION_CREATE))
10
for (i = 0; i < dbmp->nreg; ++i)
11
if (dbmp->reginfo[i].id != REG_ID_INVALID)
cnddist/limit_ip.patch.1.1
1
limit_ip.patch ��� apache_1.3.14
2
3
��������� ��� ���������������� ���������:
4
5
MaxServersPerIP - ������������� ������������ ���������� ��������,
6
������������� � ������ IP
7
MaxServersPerIPRead - ������������� ������������ ���������� ��������
8
� ������ IP, ������� ��������� � ��������� ������
9
10
������������ �� ���� ������ ���������� ����
11
http_patch � http://www.shutoff.spb.ru/apache_patch.html
12
��������� ������� ������ � ������������ �������� � apache_1.3.14
13
14
����������� ���:
15
patch -d apache_1.3.14 -l -p1 < limit_ip.patch
16
17
diff -ur apache_1.3.9rusPL28.20/src/include/http_conf_globals.h apache_1.3.9rusPL28.20-patch/src/include/http_conf_globals.h
18
--- apache_1.3.9rusPL28.20/src/include/http_conf_globals.h Sat Aug 21 02:44:56 1999
19
+++ apache_1.3.9rusPL28.20-patch/src/include/http_conf_globals.h Tue Sep 21 17:34:52 1999
20
@@ -86,6 +86,8 @@
21
extern int ap_daemons_limit;
22
extern MODULE_VAR_EXPORT int ap_suexec_enabled;
23
extern int ap_listenbacklog;
24
+extern int ap_daemons_max_by_ip;
25
+extern int ap_daemons_max_by_ip_read;
26
extern int ap_dump_settings;
27
extern API_VAR_EXPORT int ap_extended_status;
28
29
diff -ur apache_1.3.9rusPL28.20/src/include/http_main.h apache_1.3.9rusPL28.20-patch/src/include/http_main.h
30
--- apache_1.3.9rusPL28.20/src/include/http_main.h Thu Jan 14 12:39:26 1999
31
+++ apache_1.3.9rusPL28.20-patch/src/include/http_main.h Tue Sep 21 17:34:53 1999
32
@@ -127,6 +127,9 @@
33
unsigned int ap_set_callback_and_alarm(void (*fn) (int), int x);
34
API_EXPORT(int) ap_check_alarm(void);
35
36
+void update_child_status_remote_ip (int, conn_rec *);
37
+int count_connections (conn_rec *, int);
38
+
39
#ifndef NO_OTHER_CHILD
40
/*
41
* register an other_child -- a child which the main loop keeps track of
42
diff -ur apache_1.3.9rusPL28.20/src/include/httpd.h apache_1.3.9rusPL28.20-patch/src/include/httpd.h
43
--- apache_1.3.9rusPL28.20/src/include/httpd.h Thu Sep 2 22:59:02 1999
44
+++ apache_1.3.9rusPL28.20-patch/src/include/httpd.h Tue Sep 21 17:34:53 1999
45
@@ -297,6 +297,12 @@
46
#define DEFAULT_MIN_FREE_DAEMON 5
47
#endif
48
49
+/* Define default limits for MaxDaemons serving a single address */
50
+
51
+#define DEFAULT_MAX_DAEMONS_BY_IP 150
52
+#define DEFAULT_MAX_DAEMONS_BY_IP_READ 75
53
+#define LIMIT_CONNECTIONS_BY_IP_ERROR HTTP_SERVICE_UNAVAILABLE
54
+
55
/* Limit on the total --- clients will be locked out if more servers than
56
* this are needed. It is intended solely to keep the server from crashing
57
* when things get out of hand.
58
diff -ur apache_1.3.9rusPL28.20/src/include/scoreboard.h apache_1.3.9rusPL28.20-patch/src/include/scoreboard.h
59
--- apache_1.3.9rusPL28.20/src/include/scoreboard.h Sat Aug 21 02:45:00 1999
60
+++ apache_1.3.9rusPL28.20-patch/src/include/scoreboard.h Tue Sep 21 17:34:53 1999
61
@@ -159,6 +159,7 @@
62
char request[64]; /* We just want an idea... */
63
server_rec *vhostrec; /* What virtual host is being accessed? */
64
/* SEE ABOVE FOR SAFE USAGE! */
65
+ unsigned long remoteip;
66
} short_score;
67
68
typedef struct {
69
diff -ur apache_1.3.9rusPL28.20/src/main/http_config.c apache_1.3.9rusPL28.20-patch/src/main/http_config.c
70
--- apache_1.3.9rusPL28.20/src/main/http_config.c Sat Aug 21 02:45:03 1999
71
+++ apache_1.3.9rusPL28.20-patch/src/main/http_config.c Tue Sep 21 17:34:53 1999
72
@@ -1399,6 +1399,8 @@
73
ap_daemons_to_start = DEFAULT_START_DAEMON;
74
ap_daemons_min_free = DEFAULT_MIN_FREE_DAEMON;
75
ap_daemons_max_free = DEFAULT_MAX_FREE_DAEMON;
76
+ ap_daemons_max_by_ip = DEFAULT_MAX_DAEMONS_BY_IP;
77
+ ap_daemons_max_by_ip_read = DEFAULT_MAX_DAEMONS_BY_IP_READ;
78
ap_daemons_limit = HARD_SERVER_LIMIT;
79
ap_pid_fname = DEFAULT_PIDLOG;
80
ap_scoreboard_fname = DEFAULT_SCOREBOARD;
81
diff -ur apache_1.3.9rusPL28.20/src/main/http_core.c apache_1.3.9rusPL28.20-patch/src/main/http_core.c
82
--- apache_1.3.9rusPL28.20/src/main/http_core.c Sat Aug 21 02:45:03 1999
83
+++ apache_1.3.9rusPL28.20-patch/src/main/http_core.c Tue Sep 21 17:34:53 1999
84
@@ -2182,6 +2182,16 @@
85
return NULL;
86
}
87
88
+const char * set_max_servers_by_ip (cmd_parms *cmd, void *dummy, char *arg) {
89
+ ap_daemons_max_by_ip = atoi (arg);
90
+ return NULL;
91
+}
92
+
93
+const char * set_max_servers_by_ip_read (cmd_parms *cmd,void *dummy,char *arg) {
94
+ ap_daemons_max_by_ip_read = atoi (arg);
95
+ return NULL;
96
+}
97
+
98
static const char *set_min_free_servers(cmd_parms *cmd, void *dummy, char *arg)
99
{
100
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
101
@@ -2852,6 +2862,10 @@
102
"Maximum number of idle children" },
103
{ "MaxServers", set_max_free_servers, NULL, RSRC_CONF, TAKE1,
104
"Deprecated equivalent to MaxSpareServers" },
105
+{ "MaxServersPerIP", set_max_servers_by_ip, NULL, RSRC_CONF, TAKE1,
106
+ "Maximum number of connections from a single IP address" },
107
+{ "MaxServersPerIPRead", set_max_servers_by_ip_read, NULL, RSRC_CONF, TAKE1,
108
+ "Maximum number of connection from a single IP address in read state at any time." },
109
{ "ServersSafetyLimit", set_server_limit, NULL, RSRC_CONF, TAKE1,
110
"Deprecated equivalent to MaxClients" },
111
{ "MaxClients", set_server_limit, NULL, RSRC_CONF, TAKE1,
112
diff -ur apache_1.3.9rusPL28.20/src/main/http_main.c apache_1.3.9rusPL28.20-patch/src/main/http_main.c
113
--- apache_1.3.9rusPL28.20/src/main/http_main.c Sat Aug 21 02:45:05 1999
114
+++ apache_1.3.9rusPL28.20-patch/src/main/http_main.c Tue Sep 21 17:37:07 1999
115
@@ -249,6 +249,8 @@
116
API_VAR_EXPORT int ap_daemons_to_start=0;
117
API_VAR_EXPORT int ap_daemons_min_free=0;
118
API_VAR_EXPORT int ap_daemons_max_free=0;
119
+API_VAR_EXPORT int ap_daemons_max_by_ip;
120
+API_VAR_EXPORT int ap_daemons_max_by_ip_read;
121
API_VAR_EXPORT int ap_daemons_limit=0;
122
time_t ap_restart_time=0;
123
API_VAR_EXPORT int ap_suexec_enabled = 0;
124
@@ -2183,6 +2185,38 @@
125
return old_status;
126
}
127
128
+void update_child_status_remote_ip (int child_num, conn_rec * current_conn)
129
+{
130
+ int slot_size;
131
+ short_score new_score_rec;
132
+
133
+ if (child_num < 0) { return; }
134
+
135
+printf("update ip %u\n", current_conn->remote_addr.sin_addr.s_addr);
136
+
137
+ ap_sync_scoreboard_image();
138
+ new_score_rec = ap_scoreboard_image->servers[child_num];
139
+
140
+ slot_size = sizeof(new_score_rec.remoteip) - 1;
141
+
142
+ if (current_conn)
143
+ {
144
+ new_score_rec.remoteip = current_conn->remote_addr.sin_addr.s_addr;
145
+ }
146
+ else
147
+ {
148
+ new_score_rec.remoteip = 0;
149
+ }
150
+#if defined(HAVE_MMAP) || defined(HAVE_SHMGET)
151
+ memcpy(&ap_scoreboard_image->servers[child_num], &new_score_rec, sizeof new_score_rec);
152
+#else
153
+ lseek (scoreboard_fd, (long)child_num * sizeof(short_score), 0);
154
+ force_write (scoreboard_fd, (char*)&new_score_rec, sizeof(short_score));
155
+#endif
156
+
157
+ ap_sync_scoreboard_image();
158
+}
159
+
160
static void update_scoreboard_global(void)
161
{
162
#ifdef SCOREBOARD_FILE
163
@@ -2193,6 +2227,26 @@
164
#endif
165
}
166
167
+int count_connections (conn_rec * current_conn, int state)
168
+{
169
+ unsigned long remote_ip = current_conn->remote_addr.sin_addr.s_addr;
170
+ int res = 0, i;
171
+
172
+ for (i = 0; i < HARD_SERVER_LIMIT; i++)
173
+ {
174
+ if ((ap_scoreboard_image->servers[i].status == SERVER_DEAD) ||
175
+ (state > 0 && ap_scoreboard_image->servers[i].status != state))
176
+ {
177
+ continue;
178
+ }
179
+ if (ap_scoreboard_image->servers[i].remoteip == remote_ip)
180
+ {
181
+ res++;
182
+ }
183
+ }
184
+ return res;
185
+}
186
+
187
void ap_time_process_request(int child_num, int status)
188
{
189
short_score *ss;
190
@@ -4021,12 +4075,15 @@
191
* until no requests are left or we decide to close.
192
*/
193
194
- while ((r = ap_read_request(current_conn)) != NULL) {
195
+ for (;;){
196
+ if (ap_daemons_max_by_ip || ap_daemons_max_by_ip_read)
197
+ update_child_status_remote_ip (my_child_num, (conn_rec *)current_conn);
198
+
199
+ if ((r = ap_read_request(current_conn)) == NULL) break;
200
201
/* read_request_line has already done a
202
* signal (SIGUSR1, SIG_IGN);
203
*/
204
-
205
(void) ap_update_child_status(my_child_num, SERVER_BUSY_WRITE, r);
206
207
/* process the request if it was read without error */
208
@@ -5248,6 +5305,9 @@
209
* until no requests are left or we decide to close.
210
*/
211
- while ((r = ap_read_request(current_conn)) != NULL) {
212
+ for (;;){
213
+ if (daemons_max_by_ip || daemons_max_by_ip_read)
214
+ update_child_status_remote_ip (child_num, (conn_rec *)current_conn);
215
+ if ((r = ap_read_request(current_conn)) == NULL) break;
216
(void) ap_update_child_status(child_num, SERVER_BUSY_WRITE, r);
217
218
if (r->status == HTTP_OK)
219
@@ -5273,6 +5333,10 @@
220
* client has ACKed our FIN and/or has stopped sending us data.
221
*/
222
ap_kill_cleanups_for_socket(ptrans, csd);
223
+
224
+ if (daemons_max_by_ip || daemons_max_by_ip_read)
225
+ update_child_status_remote_ip (child_num, (conn_rec *)NULL);
226
+
227
228
#ifdef NO_LINGCLOSE
229
ap_bclose(conn_io); /* just close it */
230
diff -ur apache_1.3.9rusPL28.20/src/main/http_protocol.c apache_1.3.9rusPL28.20-patch/src/main/http_protocol.c
231
--- apache_1.3.9rusPL28.20/src/main/http_protocol.c Thu Sep 2 22:59:02 1999
232
+++ apache_1.3.9rusPL28.20-patch/src/main/http_protocol.c Tue Sep 21 17:34:55 1999
233
@@ -73,6 +73,15 @@
234
#include "http_log.h" /* For errors detected in basic auth common
235
* support code... */
236
#include "util_date.h" /* For parseHTTPdate and BAD_DATE */
237
+
238
+#include "scoreboard.h" /* for limiting connections by IP */
239
+#ifndef LONG_STRING_LEN
240
+#define LONG_STRING_LEN 2048
241
+#endif /* LONG_STRING_LEN */
242
+extern int ap_daemons_max_by_ip;
243
+extern int ap_daemons_max_by_ip_read;
244
+extern void ap_die();
245
+
246
#include <stdarg.h>
247
#include "http_conf_globals.h"
248
249
@@ -935,6 +944,8 @@
250
pool *p;
251
const char *expect;
252
int access_status;
253
+ int current_connections;
254
+ char *reject_state = NULL;
255
256
p = ap_make_sub_pool(conn->pool);
257
r = ap_pcalloc(p, sizeof(request_rec));
258
@@ -966,6 +977,33 @@
259
r->read_length = 0;
260
r->read_body = REQUEST_NO_BODY;
261
262
+ if (ap_daemons_max_by_ip && ((current_connections = count_connections(conn,0))
263
+ > ap_daemons_max_by_ip))
264
+ {
265
+ r->request_time=time(NULL);
266
+ reject_state = "total";
267
+ }
268
+ else if (ap_daemons_max_by_ip_read &&
269
+ ((current_connections = count_connections(conn,SERVER_BUSY_READ))
270
+ > ap_daemons_max_by_ip_read))
271
+ {
272
+ reject_state = "read state";
273
+ }
274
+ if (reject_state) {
275
+ r->status = HTTP_OK;
276
+ r->request_time = time(NULL);
277
+ r->proto_num = 1000; /* or something */
278
+ r->assbackwards = 0; /* who knows... */
279
+ r->protocol = "HTTP/1.0"; /* just not empty */
280
+ r->the_request = NULL;
281
+ r->method = NULL;
282
+ r->method_number = M_INVALID;
283
+ ap_die(LIMIT_CONNECTIONS_BY_IP_ERROR, r);
284
+ ap_log_transaction(r);
285
+ ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, conn->server, "Client at %s for %s with %d %s current connections", conn->remote_ip, conn->server->server_hostname, current_connections, reject_state);
286
+ return NULL;
287
+ }
288
+
289
r->status = HTTP_REQUEST_TIME_OUT; /* Until we get a request */
290
r->the_request = NULL;
291
cnddist/limit_ip.patch.1.2
1
limit_ip.patch ��� apache_1.3.14
2
3
��������� ��� ���������������� ���������:
4
5
MaxServersPerIP - ������������� ������������ ���������� ��������,
6
������������� � ������ IP
7
MaxServersPerIPRead - ������������� ������������ ���������� ��������
8
� ������ IP, ������� ��������� � ��������� ������
9
10
������������ �� ���� ������ ���������� ����
11
http_patch � http://www.shutoff.spb.ru/apache_patch.html
12
��������� ������� ������ � ������������ �������� � apache_1.3.14
13
14
����������� ���:
15
patch -d apache_1.3.14 -l -p1 < limit_ip.patch
16
17
diff -ur apache_1.3.9rusPL28.20/src/include/http_conf_globals.h apache_1.3.9rusPL28.20-patch/src/include/http_conf_globals.h
18
--- apache_1.3.9rusPL28.20/src/include/http_conf_globals.h Sat Aug 21 02:44:56 1999
19
+++ apache_1.3.9rusPL28.20-patch/src/include/http_conf_globals.h Tue Sep 21 17:34:52 1999
20
@@ -86,6 +86,8 @@
21
extern int ap_daemons_limit;
22
extern MODULE_VAR_EXPORT int ap_suexec_enabled;
23
extern int ap_listenbacklog;
24
+extern int ap_daemons_max_by_ip;
25
+extern int ap_daemons_max_by_ip_read;
26
extern int ap_dump_settings;
27
extern API_VAR_EXPORT int ap_extended_status;
28
29
diff -ur apache_1.3.9rusPL28.20/src/include/http_main.h apache_1.3.9rusPL28.20-patch/src/include/http_main.h
30
--- apache_1.3.9rusPL28.20/src/include/http_main.h Thu Jan 14 12:39:26 1999
31
+++ apache_1.3.9rusPL28.20-patch/src/include/http_main.h Tue Sep 21 17:34:53 1999
32
@@ -127,6 +127,9 @@
33
unsigned int ap_set_callback_and_alarm(void (*fn) (int), int x);
34
API_EXPORT(int) ap_check_alarm(void);
35
36
+void update_child_status_remote_ip (int, conn_rec *);
37
+int count_connections (conn_rec *, int);
38
+
39
#ifndef NO_OTHER_CHILD
40
/*
41
* register an other_child -- a child which the main loop keeps track of
42
diff -ur apache_1.3.9rusPL28.20/src/include/httpd.h apache_1.3.9rusPL28.20-patch/src/include/httpd.h
43
--- apache_1.3.9rusPL28.20/src/include/httpd.h Thu Sep 2 22:59:02 1999
44
+++ apache_1.3.9rusPL28.20-patch/src/include/httpd.h Tue Sep 21 17:34:53 1999
45
@@ -297,6 +297,12 @@
46
#define DEFAULT_MIN_FREE_DAEMON 5
47
#endif
48
49
+/* Define default limits for MaxDaemons serving a single address */
50
+
51
+#define DEFAULT_MAX_DAEMONS_BY_IP 150
52
+#define DEFAULT_MAX_DAEMONS_BY_IP_READ 75
53
+#define LIMIT_CONNECTIONS_BY_IP_ERROR HTTP_SERVICE_UNAVAILABLE
54
+
55
/* Limit on the total --- clients will be locked out if more servers than
56
* this are needed. It is intended solely to keep the server from crashing
57
* when things get out of hand.
58
diff -ur apache_1.3.9rusPL28.20/src/include/scoreboard.h apache_1.3.9rusPL28.20-patch/src/include/scoreboard.h
59
--- apache_1.3.9rusPL28.20/src/include/scoreboard.h Sat Aug 21 02:45:00 1999
60
+++ apache_1.3.9rusPL28.20-patch/src/include/scoreboard.h Tue Sep 21 17:34:53 1999
61
@@ -159,9 +159,11 @@
62
char request[64]; /* We just want an idea... */
63
server_rec *vhostrec; /* What virtual host is being accessed? */
64
/* SEE ABOVE FOR SAFE USAGE! */
65
#ifdef MOD_DEFLATE_IDLE
66
int deflate;
67
#endif
68
+
69
+ unsigned long remoteip;
70
} short_score;
71
72
typedef struct {
73
diff -ur apache_1.3.9rusPL28.20/src/main/http_config.c apache_1.3.9rusPL28.20-patch/src/main/http_config.c
74
--- apache_1.3.9rusPL28.20/src/main/http_config.c Sat Aug 21 02:45:03 1999
75
+++ apache_1.3.9rusPL28.20-patch/src/main/http_config.c Tue Sep 21 17:34:53 1999
76
@@ -1399,6 +1399,8 @@
77
ap_daemons_to_start = DEFAULT_START_DAEMON;
78
ap_daemons_min_free = DEFAULT_MIN_FREE_DAEMON;
79
ap_daemons_max_free = DEFAULT_MAX_FREE_DAEMON;
80
+ ap_daemons_max_by_ip = DEFAULT_MAX_DAEMONS_BY_IP;
81
+ ap_daemons_max_by_ip_read = DEFAULT_MAX_DAEMONS_BY_IP_READ;
82
ap_daemons_limit = HARD_SERVER_LIMIT;
83
ap_pid_fname = DEFAULT_PIDLOG;
84
ap_scoreboard_fname = DEFAULT_SCOREBOARD;
85
diff -ur apache_1.3.9rusPL28.20/src/main/http_core.c apache_1.3.9rusPL28.20-patch/src/main/http_core.c
86
--- apache_1.3.9rusPL28.20/src/main/http_core.c Sat Aug 21 02:45:03 1999
87
+++ apache_1.3.9rusPL28.20-patch/src/main/http_core.c Tue Sep 21 17:34:53 1999
88
@@ -2182,6 +2182,16 @@
89
return NULL;
90
}
91
92
+const char * set_max_servers_by_ip (cmd_parms *cmd, void *dummy, char *arg) {
93
+ ap_daemons_max_by_ip = atoi (arg);
94
+ return NULL;
95
+}
96
+
97
+const char * set_max_servers_by_ip_read (cmd_parms *cmd,void *dummy,char *arg) {
98
+ ap_daemons_max_by_ip_read = atoi (arg);
99
+ return NULL;
100
+}
101
+
102
static const char *set_min_free_servers(cmd_parms *cmd, void *dummy, char *arg)
103
{
104
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
105
@@ -2852,6 +2862,10 @@
106
"Maximum number of idle children" },
107
{ "MaxServers", set_max_free_servers, NULL, RSRC_CONF, TAKE1,
108
"Deprecated equivalent to MaxSpareServers" },
109
+{ "MaxServersPerIP", set_max_servers_by_ip, NULL, RSRC_CONF, TAKE1,
110
+ "Maximum number of connections from a single IP address" },
111
+{ "MaxServersPerIPRead", set_max_servers_by_ip_read, NULL, RSRC_CONF, TAKE1,
112
+ "Maximum number of connection from a single IP address in read state at any time." },
113
{ "ServersSafetyLimit", set_server_limit, NULL, RSRC_CONF, TAKE1,
114
"Deprecated equivalent to MaxClients" },
115
{ "MaxClients", set_server_limit, NULL, RSRC_CONF, TAKE1,
116
diff -ur apache_1.3.9rusPL28.20/src/main/http_main.c apache_1.3.9rusPL28.20-patch/src/main/http_main.c
117
--- apache_1.3.9rusPL28.20/src/main/http_main.c Sat Aug 21 02:45:05 1999
118
+++ apache_1.3.9rusPL28.20-patch/src/main/http_main.c Tue Sep 21 17:37:07 1999
119
@@ -249,6 +249,8 @@
120
API_VAR_EXPORT int ap_daemons_to_start=0;
121
API_VAR_EXPORT int ap_daemons_min_free=0;
122
API_VAR_EXPORT int ap_daemons_max_free=0;
123
+API_VAR_EXPORT int ap_daemons_max_by_ip;
124
+API_VAR_EXPORT int ap_daemons_max_by_ip_read;
125
API_VAR_EXPORT int ap_daemons_limit=0;
126
time_t ap_restart_time=0;
127
API_VAR_EXPORT int ap_suexec_enabled = 0;
128
@@ -2183,6 +2185,38 @@
129
return old_status;
130
}
131
132
+void update_child_status_remote_ip (int child_num, conn_rec * current_conn)
133
+{
134
+ int slot_size;
135
+ short_score new_score_rec;
136
+
137
+ if (child_num < 0) { return; }
138
+
139
+printf("update ip %u\n", current_conn->remote_addr.sin_addr.s_addr);
140
+
141
+ ap_sync_scoreboard_image();
142
+ new_score_rec = ap_scoreboard_image->servers[child_num];
143
+
144
+ slot_size = sizeof(new_score_rec.remoteip) - 1;
145
+
146
+ if (current_conn)
147
+ {
148
+ new_score_rec.remoteip = current_conn->remote_addr.sin_addr.s_addr;
149
+ }
150
+ else
151
+ {
152
+ new_score_rec.remoteip = 0;
153
+ }
154
+#if defined(HAVE_MMAP) || defined(HAVE_SHMGET)
155
+ memcpy(&ap_scoreboard_image->servers[child_num], &new_score_rec, sizeof new_score_rec);
156
+#else
157
+ lseek (scoreboard_fd, (long)child_num * sizeof(short_score), 0);
158
+ force_write (scoreboard_fd, (char*)&new_score_rec, sizeof(short_score));
159
+#endif
160
+
161
+ ap_sync_scoreboard_image();
162
+}
163
+
164
static void update_scoreboard_global(void)
165
{
166
#ifdef SCOREBOARD_FILE
167
@@ -2193,6 +2227,26 @@
168
#endif
169
}
170
171
+int count_connections (conn_rec * current_conn, int state)
172
+{
173
+ unsigned long remote_ip = current_conn->remote_addr.sin_addr.s_addr;
174
+ int res = 0, i;
175
+
176
+ for (i = 0; i < HARD_SERVER_LIMIT; i++)
177
+ {
178
+ if ((ap_scoreboard_image->servers[i].status == SERVER_DEAD) ||
179
+ (state > 0 && ap_scoreboard_image->servers[i].status != state))
180
+ {
181
+ continue;
182
+ }
183
+ if (ap_scoreboard_image->servers[i].remoteip == remote_ip)
184
+ {
185
+ res++;
186
+ }
187
+ }
188
+ return res;
189
+}
190
+
191
void ap_time_process_request(int child_num, int status)
192
{
193
short_score *ss;
194
@@ -4021,12 +4075,15 @@
195
* until no requests are left or we decide to close.
196
*/
197
198
- while ((r = ap_read_request(current_conn)) != NULL) {
199
+ for (;;){
200
+ if (ap_daemons_max_by_ip || ap_daemons_max_by_ip_read)
201
+ update_child_status_remote_ip (my_child_num, (conn_rec *)current_conn);
202
+
203
+ if ((r = ap_read_request(current_conn)) == NULL) break;
204
205
/* read_request_line has already done a
206
* signal (SIGUSR1, SIG_IGN);
207
*/
208
-
209
(void) ap_update_child_status(my_child_num, SERVER_BUSY_WRITE, r);
210
211
/* process the request if it was read without error */
212
@@ -5248,6 +5305,9 @@
213
* until no requests are left or we decide to close.
214
*/
215
- while ((r = ap_read_request(current_conn)) != NULL) {
216
+ for (;;){
217
+ if (daemons_max_by_ip || daemons_max_by_ip_read)
218
+ update_child_status_remote_ip (child_num, (conn_rec *)current_conn);
219
+ if ((r = ap_read_request(current_conn)) == NULL) break;
220
(void) ap_update_child_status(child_num, SERVER_BUSY_WRITE, r);
221
222
if (r->status == HTTP_OK)
223
@@ -5273,6 +5333,10 @@
224
* client has ACKed our FIN and/or has stopped sending us data.
225
*/
226
ap_kill_cleanups_for_socket(ptrans, csd);
227
+
228
+ if (daemons_max_by_ip || daemons_max_by_ip_read)
229
+ update_child_status_remote_ip (child_num, (conn_rec *)NULL);
230
+
231
232
#ifdef NO_LINGCLOSE
233
ap_bclose(conn_io); /* just close it */
234
diff -ur apache_1.3.9rusPL28.20/src/main/http_protocol.c apache_1.3.9rusPL28.20-patch/src/main/http_protocol.c
235
--- apache_1.3.9rusPL28.20/src/main/http_protocol.c Thu Sep 2 22:59:02 1999
236
+++ apache_1.3.9rusPL28.20-patch/src/main/http_protocol.c Tue Sep 21 17:34:55 1999
237
@@ -73,6 +73,15 @@
238
#include "http_log.h" /* For errors detected in basic auth common
239
* support code... */
240
#include "util_date.h" /* For parseHTTPdate and BAD_DATE */
241
+
242
+#include "scoreboard.h" /* for limiting connections by IP */
243
+#ifndef LONG_STRING_LEN
244
+#define LONG_STRING_LEN 2048
245
+#endif /* LONG_STRING_LEN */
246
+extern int ap_daemons_max_by_ip;
247
+extern int ap_daemons_max_by_ip_read;
248
+extern void ap_die();
249
+
250
#include <stdarg.h>
251
#include "http_conf_globals.h"
252
253
@@ -935,6 +944,8 @@
254
pool *p;
255
const char *expect;
256
int access_status;
257
+ int current_connections;
258
+ char *reject_state = NULL;
259
260
p = ap_make_sub_pool(conn->pool);
261
r = ap_pcalloc(p, sizeof(request_rec));
262
@@ -966,6 +977,33 @@
263
r->read_length = 0;
264
r->read_body = REQUEST_NO_BODY;
265
266
+ if (ap_daemons_max_by_ip && ((current_connections = count_connections(conn,0))
267
+ > ap_daemons_max_by_ip))
268
+ {
269
+ r->request_time=time(NULL);
270
+ reject_state = "total";
271
+ }
272
+ else if (ap_daemons_max_by_ip_read &&
273
+ ((current_connections = count_connections(conn,SERVER_BUSY_READ))
274
+ > ap_daemons_max_by_ip_read))
275
+ {
276
+ reject_state = "read state";
277
+ }
278
+ if (reject_state) {
279
+ r->status = HTTP_OK;
280
+ r->request_time = time(NULL);
281
+ r->proto_num = 1000; /* or something */
282
+ r->assbackwards = 0; /* who knows... */
283
+ r->protocol = "HTTP/1.0"; /* just not empty */
284
+ r->the_request = NULL;
285
+ r->method = NULL;
286
+ r->method_number = M_INVALID;
287
+ ap_die(LIMIT_CONNECTIONS_BY_IP_ERROR, r);
288
+ ap_log_transaction(r);
289
+ ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, conn->server, "Client at %s for %s with %d %s current connections", conn->remote_ip, conn->server->server_hostname, current_connections, reject_state);
290
+ return NULL;
291
+ }
292
+
293
r->status = HTTP_REQUEST_TIME_OUT; /* Until we get a request */
294
r->the_request = NULL;
295
cnddist/mod_proxy_add_forward.c
1
/* ====================================================================
2
* The Apache Software License, Version 1.1
3
*
4
* Copyright (c) 2000 The Apache Software Foundation. All rights
5
* reserved.
6
*
7
* Redistribution and use in source and binary forms, with or without
8
* modification, are permitted provided that the following conditions
9
* are met:
10
*
11
* 1. Redistributions of source code must retain the above copyright
12
* notice, this list of conditions and the following disclaimer.
13
*
14
* 2. Redistributions in binary form must reproduce the above copyright
15
* notice, this list of conditions and the following disclaimer in
16
* the documentation and/or other materials provided with the
17
* distribution.
18
*
19
* 3. The end-user documentation included with the redistribution,
20
* if any, must include the following acknowledgment:
21
* "This product includes software developed by the
22
* Apache Software Foundation (http://www.apache.org/)."
23
* Alternately, this acknowledgment may appear in the software itself,
24
* if and wherever such third-party acknowledgments normally appear.
25
*
26
* 4. The names "Apache" and "Apache Software Foundation" must
27
* not be used to endorse or promote products derived from this
28
* software without prior written permission. For written
29
* permission, please contact apache@apache.org.
30
*
31
* 5. Products derived from this software may not be called "Apache",
32
* nor may "Apache" appear in their name, without prior written
33
* permission of the Apache Software Foundation.
34
*
35
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
46
* SUCH DAMAGE.
47
* ====================================================================
48
*
49
* This software consists of voluntary contributions made by many
50
* individuals on behalf of the Apache Software Foundation. For more
51
* information on the Apache Software Foundation, please see
52
* <http://www.apache.org/>.
53
*
54
* Portions of this software are based upon public domain software
55
* originally written at the National Center for Supercomputing Applications,
56
* University of Illinois, Urbana-Champaign.
57
*/
58
59
/* proxy_add_forward module
60
*
61
* This module adds a 'X-Forwarded-For' header to outgoing
62
* proxy requests like Squid does.
63
*
64
* You can then get the client ip back on the "proxied host" by
65
* setting r->connection->remote_ip from this header.
66
*
67
* Ask Bjoern Hansen <ask@netcetera.dk>, October 1998
68
69
* Changes:
70
*
71
* April 12 2000: Changed the license to the ASF 1.1 license.
72
*
73
* April 12 2000: Made it so that we append our IP to an existing
74
* "X-Forwarded-For" line instead of clobbering an
75
* existing one. - <ahosey@systhug.com>
76
*
77
* June 8 1999: Added instructions on how to compile it into the
78
* frontend apache
79
*
80
* April 12 1999: Changed the sample code so it doesn't confuse the
81
* C compiler, ydkhr! Thanks to Mike Whitaker for
82
* noticing.
83
*
84
* March 1 1999: Added sample code on how to use the header with
85
* mod_perl
86
*
87
88
To use the module you have to compile it into the frontend part of
89
your server, I usually copy the module to apache-1.3/src/modules/extra/
90
and use APACI like:
91
92
./configure --prefix=/usr/local/apache \
93
--activate-module=src/modules/extra/mod_proxy_add_forward.c \
94
--enable-module=proxy_add_forward [... more apaci options ...]
95
96
You should also be able to compile and use this module as a
97
dynamically loaded module (DSO).
98
99
TMTOWTDI, but I usually make the 'backend' part of the system
100
something like the following:
101
102
in startup.pl:
103
104
sub My::ProxyRemoteAddr ($) {
105
my $r = shift;
106
107
# we'll only look at the X-Forwarded-For header if the requests
108
# comes from our proxy at localhost
109
return OK unless ($r->connection->remote_ip eq "127.0.0.1");
110
111
if (my ($ip) = $r->header_in('X-Forwarded-For') =~ /([^,\s]+)$/) {
112
$r->connection->remote_ip($ip);
113
}
114
115
return OK;
116
}
117
118
And in httpd.conf:
119
120
PerlPostReadRequestHandler My::ProxyRemoteAddr
121
122
*/
123
124
125
#include "httpd.h"
126
#include "http_config.h"
127
#include "http_core.h"
128
129
module MODULE_VAR_EXPORT proxy_add_forward_module;
130
131
static int add_forward_header(request_rec *r)
132
{
133
const char *oldvalue;
134
135
if (r->proxyreq) {
136
/* If there is an existing header, append our IP to that. */
137
if (oldvalue = ap_table_get(r->headers_in, "X-Forwarded-For")) {
138
ap_table_set(r->headers_in, "X-Forwarded-For",
139
ap_pstrcat(r->pool, oldvalue, ", ",
140
r->connection->remote_ip, NULL));
141
}
142
else {
143
ap_table_set(r->headers_in, "X-Forwarded-For",
144
r->connection->remote_ip);
145
}
146
return OK;
147
}
148
return DECLINED;
149
}
150
151
module MODULE_VAR_EXPORT proxy_add_forward_module = {
152
STANDARD_MODULE_STUFF,
153
NULL, /* initializer */
154
NULL, /* dir config creater */
155
NULL, /* dir merger --- default is to override */
156
NULL, /* server config */
157
NULL, /* merge server configs */
158
NULL, /* command table */
159
NULL, /* handlers */
160
NULL, /* filename translation */
161
NULL, /* check_user_id */
162
NULL, /* check auth */
163
NULL, /* check access */
164
NULL, /* type_checker */
165
add_forward_header, /* fixups */
166
NULL, /* logger */
167
NULL, /* header parser */
168
NULL, /* child_init */
169
NULL, /* child_exit */
170
NULL /* post read-request */
171
};
172
173
cnddist/mod_ssl-2.8.5-1.3.22.tar.gz.asc
1
-----BEGIN PGP MESSAGE-----
2
Version: 2.6.3ia
3
4
iQCVAwUAO8wqlQ5erwYmu0N9AQEAgAP+JVJ2ID8l7opmZ2XGbmmsKFmZt5D/VIJr
5
KMRgHo7NnL1/RQIKROKdEYqhGCfHTVSYbuQUWeOA3yyuHRjMz2KeW3zXmALK5/1x
6
MNHj1XjrDiwoWSaDL1MX/flNt5rUZM9gr/eP18yFGAfsYvXcLRWrL39TXAjW6wwg
7
IXc1P04s93U=
8
=BZPf
9
-----END PGP MESSAGE-----
cnddist/patch.apache.chunked
1
--- src/main/http_protocol.c Fri Jun 21 13:01:56 2002
2
+++ src/main/http_protocol.c Fri Jun 21 13:03:03 2002
3
@@ -2050,6 +2050,11 @@
4
5
len_to_read = get_chunk_size(buffer);
6
7
+ if (len_to_read < 0) {
8
+ r->connection->keepalive = -1;
9
+ return -1;
10
+ }
11
+
12
if (len_to_read == 0) { /* Last chunk indicated, get footers */
13
if (r->read_body == REQUEST_CHUNKED_DECHUNK) {
14
get_mime_headers(r);
Небольшая справка по веткам
cnddist – контейнер, в котором хранятся все дистрибутивы всех библиотек и программных пакетов, которые использовались при построении различных версий Contenido. Если какой-то библиотеки в данном хранилище нет, инсталлятор сделает попытку "подтянуть" ее с веба (например, с CPAN). Если библиотека слишком старая, есть очень большая вероятность, что ее там уже нет. Поэтому мы храним весь хлам от всех сборок. Если какой-то дистрибутив вдруг отсутствует в cnddist - напишите нам, мы положим его туда.
koi8 – отмирающая ветка, чей код, выдача и все внутренние библиотеки заточены на кодировку KOI8-R. Вносятся только те дополнения, которые касаются внешнего вида и функционала админки, баги ядра, обязательные обновления портов и мелочи, которые легко скопипастить. В дальнейшем планируется полная остановка поддержки по данной ветке.
utf8 – актуальная ветка, заточенная под UTF-8.
Внутри каждой ветки: core – исходники ядра; install – скрипт установки инсталляции; plugins – плагины; samples – "готовые к употреблению" проекты, которые можно поставить, запустить и посмотреть, как они работают.
