Backport support for ModPagespeedDangerPermitFetchFromUnknownHosts.
diff --git a/src/net/instaweb/apache/apache_rewrite_driver_factory.cc b/src/net/instaweb/apache/apache_rewrite_driver_factory.cc
index 85d9127..9a11390 100644
--- a/src/net/instaweb/apache/apache_rewrite_driver_factory.cc
+++ b/src/net/instaweb/apache/apache_rewrite_driver_factory.cc
@@ -102,6 +102,7 @@
apache_html_parse_message_handler_(new ApacheMessageHandler(
server_rec_, version_, timer())),
html_rewrite_time_us_histogram_(NULL),
+ disable_loopback_routing_(false),
thread_counts_finalized_(false),
num_rewrite_threads_(-1),
num_expensive_rewrite_threads_(-1),
@@ -573,7 +574,8 @@
void ApacheRewriteDriverFactory::ApplyLoopbackFetchRouting(
ApacheResourceManager* manager, RewriteDriver* driver, request_rec* req) {
- if (!manager->config()->slurping_enabled() &&
+ if (!disable_loopback_routing_ &&
+ !manager->config()->slurping_enabled() &&
!manager->config()->test_proxy()) {
// Note the port here is our port, not from the request, since
// LoopbackRouteFetcher may decide we should be talking to ourselves.
diff --git a/src/net/instaweb/apache/apache_rewrite_driver_factory.h b/src/net/instaweb/apache/apache_rewrite_driver_factory.h
index 2a49ea1..e8cbc12 100644
--- a/src/net/instaweb/apache/apache_rewrite_driver_factory.h
+++ b/src/net/instaweb/apache/apache_rewrite_driver_factory.h
@@ -138,6 +138,14 @@
list_outstanding_urls_on_error_ = x;
}
+ bool disable_loopback_routing() const {
+ return disable_loopback_routing_;
+ }
+
+ void set_disable_loopback_routing(bool x) {
+ disable_loopback_routing_ = x;
+ }
+
// Finds a Cache for the file_cache_path in the config. If none exists,
// creates one, using all the other parameters in the ApacheConfig.
// Currently, no checking is done that the other parameters (e.g. cache
@@ -261,6 +269,10 @@
Histogram* html_rewrite_time_us_histogram_;
+ // If false (default) we will redirect all fetches to unknown hosts to
+ // localhost.
+ bool disable_loopback_routing_;
+
// true iff we ran through AutoDetectThreadCounts()
bool thread_counts_finalized_;
diff --git a/src/net/instaweb/apache/mod_instaweb.cc b/src/net/instaweb/apache/mod_instaweb.cc
index ac2c11f..aa486db 100644
--- a/src/net/instaweb/apache/mod_instaweb.cc
+++ b/src/net/instaweb/apache/mod_instaweb.cc
@@ -84,6 +84,12 @@
namespace net_instaweb {
namespace {
+
+// Passed to CheckGlobalOption
+enum VHostHandling {
+ kTolerateInVHost,
+ kErrorInVHost
+};
// TODO(sligocki): Separate options parsing from all the other stuff here.
// Instaweb directive names -- these must match
@@ -106,6 +112,8 @@
"ModPagespeedCssImageInlineMaxBytes";
const char* kModPagespeedCssInlineMaxBytes = "ModPagespeedCssInlineMaxBytes";
const char* kModPagespeedCssOutlineMinBytes = "ModPagespeedCssOutlineMinBytes";
+const char kModPagespeedDangerPermitFetchFromUnknownHosts[] =
+ "ModPagespeedDangerPermitFetchFromUnknownHosts";
const char* kModPagespeedDisableFilters = "ModPagespeedDisableFilters";
const char* kModPagespeedDisallow = "ModPagespeedDisallow";
const char* kModPagespeedDomain = "ModPagespeedDomain";
@@ -1015,6 +1023,29 @@
return config;
}
+// This should be called for global options to see if they were used properly.
+//
+// Returns NULL if successful, error string otherwise.
+static char* CheckGlobalOption(const cmd_parms* cmd,
+ VHostHandling mode,
+ MessageHandler* handler) {
+ if (cmd->server->is_virtual) {
+ char* vhost_error = apr_pstrcat(
+ cmd->pool, "Directive ", cmd->directive->directive,
+ " used inside a <VirtualHost> but applies globally.",
+ (mode == kTolerateInVHost ?
+ " Accepting for backwards compatibility. " :
+ NULL),
+ NULL);
+ if (mode == kErrorInVHost) {
+ return vhost_error;
+ } else {
+ handler->Message(kWarning, "%s", vhost_error);
+ }
+ }
+ return NULL;
+}
+
// Callback function that parses a single-argument directive. This is called
// by the Apache config parser.
static const char* ParseDirective(cmd_parms* cmd, void* data, const char* arg) {
@@ -1099,6 +1130,14 @@
ret = ParseIntOption(
manager, cmd,
&ApacheResourceManager::set_cache_flush_poll_interval_sec, arg);
+ } else if (StringCaseEqual(directive,
+ kModPagespeedDangerPermitFetchFromUnknownHosts)) {
+ ret = CheckGlobalOption(cmd, kErrorInVHost, handler);
+ if (ret == NULL) {
+ ret = ParseBoolOption(
+ factory, cmd,
+ &ApacheRewriteDriverFactory::set_disable_loopback_routing, arg);
+ }
} else if (StringCaseEqual(directive, kModPagespeedDisableFilters)) {
if (!options->DisableFiltersByCommaSeparatedList(arg, handler)) {
ret = "Failed to disable some filters.";
@@ -1331,6 +1370,9 @@
"does not begin with a slash."),
APACHE_CONFIG_OPTION(kModPagespeedCacheFlushPollIntervalSec,
"Number of seconds to wait between polling for cache-flush requests"),
+ APACHE_CONFIG_OPTION(kModPagespeedDangerPermitFetchFromUnknownHosts,
+ "Disable security checks that prohibit fetching from hostnames "
+ "mod_pagespeed does not know about"),
APACHE_CONFIG_OPTION(kModPagespeedFetcherTimeoutMs,
"Set internal fetcher timeout in milliseconds"),
APACHE_CONFIG_OPTION(kModPagespeedFetchProxy, "Set the fetch proxy"),
diff --git a/src/net/instaweb/public/VERSION b/src/net/instaweb/public/VERSION
index 6afa0b5..7c38d12 100644
--- a/src/net/instaweb/public/VERSION
+++ b/src/net/instaweb/public/VERSION
@@ -1,4 +1,4 @@
MAJOR=0
MINOR=10
BUILD=22
-PATCH=6
+PATCH=7
