Hello,
We are using nginx-1.6 in a production environment for caching data
from multiple remote origins.
To improve our data distribution over the network we thought that using
IP DiffServ/ToS to traffic shape by backend would be useful.
We developed a small patch for the nginx core to mark packets. Because
the nginx workers don't seem to have CAP_NET_ADMIN privileges we are
using the TOS field instead of socket marks. This patch only marks
client packets and not upstream/backend packets.
Besides that, we added an X-Accel-ClassID header so that the
upstream/backend itself can choose the class id to use.
Do you find this an interesting feature to add to the nginx core? How
can we proceed and submit a patch?
Thanks,
Dani
--
Dani Bento
Direção de Internet e Tecnologia
DTS/DVS
tlm: +351 91 429 72 81
dani(a)telecom.pt
# HG changeset patch
# User Piotr Sikora <piotr(a)cloudflare.com>
# Date 1418870862 28800
# Wed Dec 17 18:47:42 2014 -0800
# Node ID ab0442e232ce098438943a77422d8a04cc5b6790
# Parent 99751fe3bc3b285801b434f7f707d87fa42b093e
Add strict Host validation.
According to RFC3986, Host is a sequence of printable ASCII characters,
with the exception of: space, ", #, /, <, >, ?, @, \, ^, `, {, | and }.
Signed-off-by: Piotr Sikora <piotr(a)cloudflare.com>
diff -r 99751fe3bc3b -r ab0442e232ce src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Fri Dec 12 20:25:42 2014 +0300
+++ b/src/http/ngx_http_request.c Wed Dec 17 18:47:42 2014 -0800
@@ -1955,12 +1955,25 @@ ngx_http_validate_host(ngx_str_t *host,
}
break;
- case '\0':
+ case ' ':
+ case '"':
+ case '#':
+ case '/':
+ case '<':
+ case '>':
+ case '?':
+ case '@':
+ case '\\':
+ case '^':
+ case '`':
+ case '{':
+ case '|':
+ case '}':
return NGX_DECLINED;
default:
- if (ngx_path_separator(ch)) {
+ if (ch < 0x20 || ch > 0x7e) {
return NGX_DECLINED;
}
hi,
i understand that NGX_AGAIN is returned when a chain could not be send
because more data cannot be buffered on that socket.
I need to understand the following: in my case, when i receive a request, i
start a timer every 10ms and send out some data, then i create a new timer
every10ms until i decide to finish sending out data (video frames).
But if in some triggered callback by the timer the
ngx_http_output_filter(..) returns NGX_AGAIN *i assume* NginX will send
that chain as soon as the socket becomes available again. But after that
happens, how can i restore my timer cycle ?
thnks.
J.Z.
304 handling for non-spdy requests is exactly same as that of 204 handling
(Reference : ngx_http_header_filter_module.c::ngx_http_header_filter()).
SPDY requests too should be handled same way.
Handle 204/304 response for SPDY requests in same way as the same way that
are handled for non-SPDY requests
---
.../src/http/ngx_http_spdy_filter_module.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git
a/service/proxy/nginx-1.6.2/src/http/ngx_http_spdy_filter_module.c
b/service/proxy/nginx-1.6.2/src/http/ngx_http_spdy_filter_module.c
index a31ad1f..8f975f5 100644
--- a/service/proxy/nginx-1.6.2/src/http/ngx_http_spdy_filter_module.c
+++ b/service/proxy/nginx-1.6.2/src/http/ngx_http_spdy_filter_module.c
@@ -147,10 +147,10 @@ ngx_http_spdy_header_filter(ngx_http_request_t *r)
break;
case NGX_HTTP_NOT_MODIFIED:
- r->header_only = 1;
- break;
-
case NGX_HTTP_NO_CONTENT:
+ /* take same action for "NGX_HTTP_NOT_MODIFIED" as that for
+ "NGX_HTTP_NO_CONTENT" */
r->header_only = 1;
ngx_str_null(&r->headers_out.content_type);