View | Details | Raw Unified | Return to bug 61179
Collapse All | Expand All

(-)a/docs/manual/mod/mpm_common.xml (+22 lines)
Lines 659-664 Apache HTTP Server</a></seealso> Link Here
659
</usage>
659
</usage>
660
</directivesynopsis>
660
</directivesynopsis>
661
661
662
<directivesynopsis>
663
<name>TTLimit</name>
664
<description>Maximum TTL value which will be accepted</description>
665
<syntax>TTLimit <var>number</var></syntax>
666
<default>TTLimit 0</default>
667
<contextlist><context>server config</context></contextlist>
668
<modulelist><module>event</module><module>worker</module>
669
<module>prefork</module><module>mpm_winnt</module>
670
<module>mpm_netware</module><module>mpmt_os2</module>
671
</modulelist>
672
673
<usage>
674
    <p>Enabling this feature prevents attempts to bypass the frontend proxy layer.
675
    If set to a value larger than 0, it won't accept any requests if TTL is
676
    larger than specified.</p>
677
678
    <p>For example, if TTLimit is set to 1, then requests will be handled only
679
    from a local network. In other words, no more than one hop.
680
    </p>
681
</usage>
682
</directivesynopsis>
683
662
<directivesynopsis>
684
<directivesynopsis>
663
<name>ServerLimit</name>
685
<name>ServerLimit</name>
664
<description>Upper limit on configurable number of processes</description>
686
<description>Upper limit on configurable number of processes</description>
(-)a/include/ap_listen.h (+3 lines)
Lines 146-151 AP_DECLARE_NONSTD(int) ap_close_selected_listeners(ap_slave_t *); Link Here
146
 * LISTEN_COMMANDS in their command_rec table so that these functions are
146
 * LISTEN_COMMANDS in their command_rec table so that these functions are
147
 * called.
147
 * called.
148
 */
148
 */
149
AP_DECLARE_NONSTD(const char *) ap_set_ttl_limit(cmd_parms *cmd, void *dummy, const char *arg);
149
AP_DECLARE_NONSTD(const char *) ap_set_listenbacklog(cmd_parms *cmd, void *dummy, const char *arg);
150
AP_DECLARE_NONSTD(const char *) ap_set_listenbacklog(cmd_parms *cmd, void *dummy, const char *arg);
150
AP_DECLARE_NONSTD(const char *) ap_set_listencbratio(cmd_parms *cmd, void *dummy, const char *arg);
151
AP_DECLARE_NONSTD(const char *) ap_set_listencbratio(cmd_parms *cmd, void *dummy, const char *arg);
151
AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
152
AP_DECLARE_NONSTD(const char *) ap_set_listener(cmd_parms *cmd, void *dummy,
Lines 161-166 AP_DECLARE_NONSTD(const char *) ap_set_accept_errors_nonfatal(cmd_parms *cmd, Link Here
161
                                                           int flag);
162
                                                           int flag);
162
163
163
#define LISTEN_COMMANDS \
164
#define LISTEN_COMMANDS \
165
AP_INIT_TAKE1("TTLimit", ap_set_ttl_limit, NULL, RSRC_CONF, \
166
  "Maximum TTL value which will be accepted"), \
164
AP_INIT_TAKE1("ListenBacklog", ap_set_listenbacklog, NULL, RSRC_CONF, \
167
AP_INIT_TAKE1("ListenBacklog", ap_set_listenbacklog, NULL, RSRC_CONF, \
165
  "Maximum length of the queue of pending connections, as used by listen(2)"), \
168
  "Maximum length of the queue of pending connections, as used by listen(2)"), \
166
AP_INIT_TAKE1("ListenCoresBucketsRatio", ap_set_listencbratio, NULL, RSRC_CONF, \
169
AP_INIT_TAKE1("ListenCoresBucketsRatio", ap_set_listencbratio, NULL, RSRC_CONF, \
(-)a/server/listen.c (+36 lines)
Lines 63-68 AP_DECLARE_DATA int ap_have_so_reuseport = -1; Link Here
63
AP_DECLARE_DATA int ap_accept_errors_nonfatal = 0;
63
AP_DECLARE_DATA int ap_accept_errors_nonfatal = 0;
64
64
65
static ap_listen_rec *old_listeners;
65
static ap_listen_rec *old_listeners;
66
static int ap_ttl_limit;
66
static int ap_listenbacklog;
67
static int ap_listenbacklog;
67
static int ap_listencbratio;
68
static int ap_listencbratio;
68
static int send_buffer_size;
69
static int send_buffer_size;
Lines 215-220 static apr_status_t make_sock(apr_pool_t *p, ap_listen_rec *server, int do_bind_ Link Here
215
        }
216
        }
216
    }
217
    }
217
218
219
    if (ap_ttl_limit) {
220
        int thesock;
221
222
        apr_os_sock_get(&thesock, s);
223
        if (setsockopt(thesock, IPPROTO_IP, IP_TTL,
224
                       &ap_ttl_limit, sizeof(int)) < 0) {
225
            stat = apr_get_netos_error();
226
            ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, APLOGNO(02638)
227
                          "make_sock: for address %pI, apr_socket_opt_set: (IP_TTL)",
228
                          server->bind_addr);
229
            apr_socket_close(s);
230
            return stat;
231
        }
232
    }
233
218
#ifdef WIN32
234
#ifdef WIN32
219
    /* I seriously doubt that this would work on Unix; I have doubts that
235
    /* I seriously doubt that this would work on Unix; I have doubts that
220
     * it entirely solves the problem on Win32.  However, since setting
236
     * it entirely solves the problem on Win32.  However, since setting
Lines 989-994 AP_DECLARE(void) ap_listen_pre_config(void) Link Here
989
    ap_listen_buckets = NULL;
1005
    ap_listen_buckets = NULL;
990
    ap_num_listen_buckets = 0;
1006
    ap_num_listen_buckets = 0;
991
    ap_listenbacklog = DEFAULT_LISTENBACKLOG;
1007
    ap_listenbacklog = DEFAULT_LISTENBACKLOG;
1008
    ap_ttl_limit = 0;
992
    ap_listencbratio = 0;
1009
    ap_listencbratio = 0;
993
1010
994
    /* Check once whether or not SO_REUSEPORT is supported. */
1011
    /* Check once whether or not SO_REUSEPORT is supported. */
Lines 1178-1183 AP_DECLARE_NONSTD(const char *) ap_set_listenbacklog(cmd_parms *cmd, Link Here
1178
    return NULL;
1195
    return NULL;
1179
}
1196
}
1180
1197
1198
AP_DECLARE_NONSTD(const char *) ap_set_ttl_limit(cmd_parms *cmd,
1199
                                                 void *dummy,
1200
                                                 const char *arg)
1201
{
1202
    int b;
1203
    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
1204
1205
    if (err != NULL)
1206
        return err;
1207
1208
    b = atoi(arg);
1209
    if (b < 1 || b > 255)
1210
        return "TTLimit > 0 and TTLimit < 255";
1211
1212
    ap_ttl_limit = b;
1213
1214
    return NULL;
1215
}
1216
1181
AP_DECLARE_NONSTD(const char *) ap_set_listencbratio(cmd_parms *cmd,
1217
AP_DECLARE_NONSTD(const char *) ap_set_listencbratio(cmd_parms *cmd,
1182
                                                     void *dummy,
1218
                                                     void *dummy,
1183
                                                     const char *arg)
1219
                                                     const char *arg)

Return to bug 61179