View | Details | Raw Unified | Return to bug 54517
Collapse All | Expand All

(-)docs/manual/mod/mod_proxy.xml (+9 lines)
Lines 1015-1020 Link Here
1015
        set to <code>Off</code>.
1015
        set to <code>Off</code>.
1016
        Available with Apache HTTP Server 2.2.23 and later.
1016
        Available with Apache HTTP Server 2.2.23 and later.
1017
    </td></tr>
1017
    </td></tr>
1018
    <tr><td>failonbadgateway</td>
1019
        <td>Off</td>
1020
	<td>If set to <code>On</code>, forces a backend worker into error state
1021
	if there's a communication failure with it (eg: timeout, invalid status
1022
	line, etc.).  Worker recovery behaves the same as other worker errors.
1023
	Defaults to <code>Off</code> to retain the original behaviour of
1024
	returning a <code>HTTP_BAD_GATEWAY</code> response to the client.
1025
	Available with Apache HTTP Server 2.2.24 and later.
1026
    </td></tr>
1018
    
1027
    
1019
    </table>
1028
    </table>
1020
    <p>A sample balancer setup</p>
1029
    <p>A sample balancer setup</p>
(-)CHANGES (+4 lines)
Lines 4-9 Link Here
4
  *) mod_ssl: Add new directive SSLCompression to disable TLS-level
4
  *) mod_ssl: Add new directive SSLCompression to disable TLS-level
5
     compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
5
     compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
6
6
7
  *) mod_proxy: Add the failonbadgateway parameter that determines if a
8
     communications error with a backend should result in that backend being
9
     marked as in error. [Brian Kroth]
10
7
Changes with Apache 2.2.23
11
Changes with Apache 2.2.23
8
12
9
  *) SECURITY: CVE-2012-0883 (cve.mitre.org)
13
  *) SECURITY: CVE-2012-0883 (cve.mitre.org)
(-)modules/proxy/proxy_util.c (+1 lines)
Lines 1315-1320 Link Here
1315
    (*balancer)->workers = apr_array_make(p, 5, sizeof(proxy_worker));
1315
    (*balancer)->workers = apr_array_make(p, 5, sizeof(proxy_worker));
1316
1316
1317
    (*balancer)->forcerecovery = 1;
1317
    (*balancer)->forcerecovery = 1;
1318
    (*balancer)->failonbadgateway = 0;
1318
    /* XXX Is this a right place to create mutex */
1319
    /* XXX Is this a right place to create mutex */
1319
#if APR_HAS_THREADS
1320
#if APR_HAS_THREADS
1320
    if (apr_thread_mutex_create(&((*balancer)->mutex),
1321
    if (apr_thread_mutex_create(&((*balancer)->mutex),
(-)modules/proxy/mod_proxy.c (+36 lines)
Lines 395-400 Link Here
395
        else
395
        else
396
            return "forcerecovery must be On|Off";
396
            return "forcerecovery must be On|Off";
397
    }
397
    }
398
    else if (!strcasecmp(key, "failonbadgateway")) {
399
        if (!strcasecmp(val, "on"))
400
            balancer->failonbadgateway = 1;
401
        else if (!strcasecmp(val, "off"))
402
            balancer->failonbadgateway = 0;
403
        else
404
            return "failonbadgateway must be On|Off";
405
    }
398
    else {
406
    else {
399
        return "unknown Balancer parameter";
407
        return "unknown Balancer parameter";
400
    }
408
    }
Lines 1053-1058 Link Here
1053
                worker->s->error_time = apr_time_now();
1061
                worker->s->error_time = apr_time_now();
1054
            }
1062
            }
1055
        }
1063
        }
1064
        else if (access_status == HTTP_BAD_GATEWAY) {
1065
            /* Backend had a communications error (eg: timeout, protocol
1066
             * violation, etc.)
1067
             *
1068
             * This is provided for the case where the backend connects (or
1069
             * keep-alives are in use), but fails to respond in a timely manner
1070
             * or is having some other sort of difficulties that prevent it
1071
             * from returning useful data.  In that case, we may wish to no
1072
             * longer use that backend.  It should be noted that failonstatus
1073
             * doesn't cover this case since here the backend may return no
1074
             * status line or a corrupt one resulting in nothing to match on.
1075
             *
1076
             * This could instead be implemented, for instance, in
1077
             * mod_proxy_http.c:ap_proxy_http_process_response():1412, but this
1078
             * is a bit more general and should apply to all backend
1079
             * communication failures (at least from what I've seen looking
1080
             * through the code).
1081
             *
1082
             * DONE: Make this behavior dependent upon a configuration setting
1083
             * for the balacner (eg: failonbadgateway).
1084
             * 2013-02-01
1085
             * bpkroth
1086
             */
1087
            if (balancer && balancer->failonbadgateway) {
1088
                worker->s->status |= PROXY_WORKER_IN_ERROR;
1089
                worker->s->error_time = apr_time_now();
1090
            }
1091
        }
1056
        else {
1092
        else {
1057
            /* Unrecoverable error.
1093
            /* Unrecoverable error.
1058
             * Return the origin status code to the client.
1094
             * Return the origin status code to the client.
(-)modules/proxy/mod_proxy.h (+1 lines)
Lines 389-394 Link Here
389
389
390
    apr_array_header_t *errstatuses; /* statuses to force members into error */
390
    apr_array_header_t *errstatuses; /* statuses to force members into error */
391
    int forcerecovery; /* Force recovery if all workers are in error state */
391
    int forcerecovery; /* Force recovery if all workers are in error state */
392
    int failonbadgateway; /* Force members into error on communications failure */
392
};
393
};
393
394
394
struct proxy_balancer_method {
395
struct proxy_balancer_method {
(-)include/ap_mmn.h (-1 / +2 lines)
Lines 149-154 Link Here
149
 * 20051115.29 (2.2.21) add max_ranges to core_dir_config
149
 * 20051115.29 (2.2.21) add max_ranges to core_dir_config
150
 * 20051115.30 (2.2.21) add ap_set_accept_ranges()
150
 * 20051115.30 (2.2.21) add ap_set_accept_ranges()
151
 * 20051115.31 (2.2.23) Add forcerecovery to proxy_balancer_shared struct
151
 * 20051115.31 (2.2.23) Add forcerecovery to proxy_balancer_shared struct
152
 * 20051115.32 (2.2.24) Add failonbadgateway to proxy_balancer_shared struct
152
 */
153
 */
153
154
154
#define MODULE_MAGIC_COOKIE 0x41503232UL /* "AP22" */
155
#define MODULE_MAGIC_COOKIE 0x41503232UL /* "AP22" */
Lines 156-162 Link Here
156
#ifndef MODULE_MAGIC_NUMBER_MAJOR
157
#ifndef MODULE_MAGIC_NUMBER_MAJOR
157
#define MODULE_MAGIC_NUMBER_MAJOR 20051115
158
#define MODULE_MAGIC_NUMBER_MAJOR 20051115
158
#endif
159
#endif
159
#define MODULE_MAGIC_NUMBER_MINOR 31                    /* 0...n */
160
#define MODULE_MAGIC_NUMBER_MINOR 32                    /* 0...n */
160
161
161
/**
162
/**
162
 * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
163
 * Determine if the server's current MODULE_MAGIC_NUMBER is at least a

Return to bug 54517