Pre GA removal ob components that will not be included:

Part 1: mod_noloris was superseded by mod_reqtimeout.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1201164 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 0 insertions, 493 deletions

diff --git a/modules/experimental/NWGNUnoloris b/modules/experimental/NWGNUnoloris
deleted file mode 100644
index d1a9a96c04..0000000000
--- a/modules/experimental/NWGNUnoloris
+++ /dev/null
@@ -1,256 +0,0 @@
-#
-# Declare the sub-directories to be built here
-#
-
-SUBDIRS = \
-	$(EOLIST)
-
-#
-# Get the 'head' of the build environment.  This includes default targets and
-# paths to tools
-#
-
-include $(AP_WORK)/build/NWGNUhead.inc
-
-#
-# build this level's files
-
-#
-# Make sure all needed macro's are defined
-#
-
-#
-# These directories will be at the beginning of the include list, followed by
-# INCDIRS
-#
-XINCDIRS	+= \
-			$(APR)/include \
-			$(APRUTIL)/include \
-			$(AP_WORK)/include \
-			$(NWOS) \
-			$(EOLIST)
-
-#
-# These flags will come after CFLAGS
-#
-XCFLAGS		+= \
-			$(EOLIST)
-
-#
-# These defines will come after DEFINES
-#
-XDEFINES	+= \
-			$(EOLIST)
-
-#
-# These flags will be added to the link.opt file
-#
-XLFLAGS		+= \
-			$(EOLIST)
-
-#
-# These values will be appended to the correct variables based on the value of
-# RELEASE
-#
-ifeq "$(RELEASE)" "debug"
-XINCDIRS	+= \
-			$(EOLIST)
-
-XCFLAGS		+= \
-			$(EOLIST)
-
-XDEFINES	+= \
-			$(EOLIST)
-
-XLFLAGS		+= \
-			$(EOLIST)
-endif
-
-ifeq "$(RELEASE)" "noopt"
-XINCDIRS	+= \
-			$(EOLIST)
-
-XCFLAGS		+= \
-			$(EOLIST)
-
-XDEFINES	+= \
-			$(EOLIST)
-
-XLFLAGS		+= \
-			$(EOLIST)
-endif
-
-ifeq "$(RELEASE)" "release"
-XINCDIRS	+= \
-			$(EOLIST)
-
-XCFLAGS		+= \
-			$(EOLIST)
-
-XDEFINES	+= \
-			$(EOLIST)
-
-XLFLAGS		+= \
-			$(EOLIST)
-endif
-
-#
-# These are used by the link target if an NLM is being generated
-# This is used by the link 'name' directive to name the nlm.  If left blank
-# TARGET_nlm (see below) will be used.
-#
-NLM_NAME	= noloris
-
-#
-# This is used by the link '-desc ' directive.
-# If left blank, NLM_NAME will be used.
-#
-NLM_DESCRIPTION	= Apache $(VERSION_STR) No-Slowloris Module
-
-#
-# This is used by the '-threadname' directive.  If left blank,
-# NLM_NAME Thread will be used.
-#
-NLM_THREAD_NAME	= $(NLM_NAME) Module
-
-#
-# If this is specified, it will override VERSION value in
-# $(AP_WORK)/build/NWGNUenvironment.inc
-#
-NLM_VERSION	=
-
-#
-# If this is specified, it will override the default of 64K
-#
-NLM_STACK_SIZE	= 8192
-
-
-#
-# If this is specified it will be used by the link '-entry' directive
-#
-NLM_ENTRY_SYM	=
-
-#
-# If this is specified it will be used by the link '-exit' directive
-#
-NLM_EXIT_SYM	=
-
-#
-# If this is specified it will be used by the link '-check' directive
-#
-NLM_CHECK_SYM	=
-
-#
-# If these are specified it will be used by the link '-flags' directive
-#
-NLM_FLAGS	=
-
-#
-# If this is specified it will be linked in with the XDCData option in the def
-# file instead of the default of $(NWOS)/apache.xdc.  XDCData can be disabled
-# by setting APACHE_UNIPROC in the environment
-#
-XDCDATA		=
-
-#
-# If there is an NLM target, put it here
-#
-TARGET_nlm = \
-	$(OBJDIR)/$(NLM_NAME).nlm \
-	$(EOLIST)
-
-#
-# If there is an LIB target, put it here
-#
-TARGET_lib = \
-	$(EOLIST)
-
-#
-# These are the OBJ files needed to create the NLM target above.
-# Paths must all use the '/' character
-#
-FILES_nlm_objs = \
-	$(OBJDIR)/mod_noloris.o \
-	$(EOLIST)
-
-#
-# These are the LIB files needed to create the NLM target above.
-# These will be added as a library command in the link.opt file.
-#
-FILES_nlm_libs = \
-	$(PRELUDE) \
-	$(EOLIST)
-
-#
-# These are the modules that the above NLM target depends on to load.
-# These will be added as a module command in the link.opt file.
-#
-FILES_nlm_modules = \
-	aprlib \
-	libc \
-	$(EOLIST)
-
-#
-# If the nlm has a msg file, put it's path here
-#
-FILE_nlm_msg =
-
-#
-# If the nlm has a hlp file put it's path here
-#
-FILE_nlm_hlp =
-
-#
-# If this is specified, it will override $(NWOS)\copyright.txt.
-#
-FILE_nlm_copyright =
-
-#
-# Any additional imports go here
-#
-FILES_nlm_Ximports = \
-	@aprlib.imp \
-	@httpd.imp \
-	@libc.imp \
-	$(EOLIST)
-
-#
-# Any symbols exported to here
-#
-FILES_nlm_exports = \
-	noloris_module \
-	$(EOLIST)
-
-#
-# These are the OBJ files needed to create the LIB target above.
-# Paths must all use the '/' character
-#
-FILES_lib_objs = \
-	$(EOLIST)
-
-#
-# implement targets and dependancies (leave this section alone)
-#
-
-libs :: $(OBJDIR) $(TARGET_lib)
-
-nlms :: libs $(TARGET_nlm)
-
-#
-# Updated this target to create necessary directories and copy files to the
-# correct place.  (See $(AP_WORK)/build/NWGNUhead.inc for examples)
-#
-install :: nlms FORCE
-
-#
-# Any specialized rules here
-#
-
-#
-# Include the 'tail' makefile that has targets that depend on variables defined
-# in this makefile
-#
-
-include $(APBUILD)/NWGNUtail.inc
-
-
diff --git a/modules/experimental/mod_noloris.c b/modules/experimental/mod_noloris.c
deleted file mode 100644
index d541e6a3a3..0000000000
--- a/modules/experimental/mod_noloris.c
+++ /dev/null
@@ -1,237 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-
-/* The use of the scoreboard in this module is based on a similar
- * but simpler module, mod_antiloris by Kees Monshouwer, from
- * ftp://ftp.monshouwer.eu/pub/linux/mod_antiloris/
- * Note the FIXME that affects both modules.
- *
- * The major difference is that mod_antiloris checks the scoreboard
- * on every request.  This implies a per-request overhead that grows
- * with the scoreboard, and gets very expensive on a big server.
- * On the other hand, this module (mod_noloris) may be slower to
- * react to a DoS attack, and in the case of a very small server
- * it might be too late.
- *
- * Author's untested instinct: mod_antiloris will suit servers with
- * Prefork MPM and low traffic.  A server with a threaded MPM
- * (or possibly a big prefork server with lots of memory) should
- * raise MaxClients and use mod_noloris.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_connection.h"
-#include "http_log.h"
-#include "mpm_common.h"
-#include "ap_mpm.h"
-#include "apr_hash.h"
-#include "scoreboard.h"
-
-module AP_MODULE_DECLARE_DATA noloris_module;
-
-#define ADDR_MAX_SIZE 48
-
-static unsigned int default_max_connections;
-static apr_hash_t *trusted;
-static apr_interval_time_t recheck_time;
-static apr_shm_t *shm;
-static apr_size_t shm_size;
-static int server_limit;
-static int thread_limit;
-
-static int noloris_conn(conn_rec *conn)
-{
-    struct { int child_num; int thread_num; } *sbh = conn->sbh;
-
-    char *shm_rec;
-    if (shm == NULL) {
-        return DECLINED;  /* we're disabled */
-    }
-
-    /* check the IP is not banned */
-    shm_rec = apr_shm_baseaddr_get(shm);
-    while (shm_rec[0] != '\0') {
-        if (!strcmp(shm_rec, conn->remote_ip)) {
-            apr_socket_t *csd = ap_get_conn_socket(conn);
-            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn,
-                          "Dropping connection from banned IP %s",
-                          conn->remote_ip);
-            apr_socket_close(csd);
-
-            return DONE;
-        }
-        shm_rec += ADDR_MAX_SIZE;
-    }
-
-    /* store this client IP for the monitor to pick up */
-
-    ap_update_child_status_from_conn(conn->sbh, SERVER_READY, conn);
-
-    return DECLINED;
-}
-static int noloris_monitor(apr_pool_t *pool, server_rec *s)
-{
-    static apr_hash_t *connections = NULL;
-    static apr_time_t last_check = 0;
-    static int *totals;
-
-    int i, j;
-    int *n;
-    int index = 0;
-    apr_hash_index_t *hi;
-    char *ip;
-    apr_time_t time_now;
-    char *shm_rec;
-    worker_score *ws;
-
-    /* do nothing if disabled */
-    if (shm == NULL) {
-        return 0;
-    }
-
-    /* skip check if it's not due yet */
-    time_now = apr_time_now();
-    if (time_now - last_check < recheck_time) {
-        return 0;
-    }
-    last_check = time_now;
-
-    /* alloc lots of stuff at start, so we don't leak memory per-call */
-    if (connections == NULL) {
-        connections = apr_hash_make(pool);
-        totals = apr_palloc(pool, server_limit*thread_limit);
-        ip = apr_palloc(pool, ADDR_MAX_SIZE);
-    }
-
-    /* Get a per-client count of connections in READ state */
-    for (i = 0; i < server_limit; ++i) {
-        for (j = 0; j < thread_limit; ++j) {
-            ws = ap_get_scoreboard_worker_from_indexes(i, j);
-            if (ws->status == SERVER_BUSY_READ) {
-                n = apr_hash_get(connections, ws->client, APR_HASH_KEY_STRING);
-                if (n == NULL) {
-                    n = totals + index++ ;
-                    *n = 0;
-                }
-                ++*n;
-                apr_hash_set(connections, ws->client, APR_HASH_KEY_STRING, n);
-            }
-        }
-    }
-
-    /* reset shm before writing to it.
-     * We're only dealing with approx. counts, so we ignore the race condition
-     * with our prospective readers
-     */
-    shm_rec = apr_shm_baseaddr_get(shm);
-    memset(shm_rec, 0, shm_size);
-
-    /* Now check the hash for clients with too many connections in READ state */
-    for (hi = apr_hash_first(NULL, connections); hi; hi = apr_hash_next(hi)) {
-        apr_hash_this(hi, (const void**) &ip, NULL, (void**)&n);
-        if (*n >= default_max_connections) {
-            /* if this isn't a trusted proxy, we mark it as bad */
-            if (!apr_hash_get(trusted, ip, APR_HASH_KEY_STRING)) {
-                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
-                       "noloris: banning %s with %d connections in READ state",
-                       ip, *n);
-                strcpy(shm_rec, ip);
-                shm_rec += ADDR_MAX_SIZE;
-            }
-        }
-    }
-    apr_hash_clear(connections);
-    return 0;
-}
-static int noloris_post(apr_pool_t *pconf, apr_pool_t *ptmp, apr_pool_t *plog,
-                        server_rec *s)
-{
-    apr_status_t rv;
-    int max_bans = thread_limit * server_limit / default_max_connections;
-    shm_size = ADDR_MAX_SIZE * max_bans;
-
-    rv = apr_shm_create(&shm, shm_size, NULL, pconf);
-    if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
-                     "Failed to create shm segment; mod_noloris disabled");
-        apr_hash_clear(trusted);
-        shm = NULL;
-    }
-    return 0;
-}
-static int noloris_pre(apr_pool_t *pconf, apr_pool_t *ptmp, apr_pool_t *plog)
-{
-    ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit);
-    ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit);
-
-    /* set up default config stuff here */
-    trusted = apr_hash_make(pconf);
-    default_max_connections = 50;
-    recheck_time = apr_time_from_sec(10);
-    return 0;
-}
-static void noloris_hooks(apr_pool_t *p)
-{
-    ap_hook_process_connection(noloris_conn, NULL, NULL, APR_HOOK_FIRST);
-    ap_hook_pre_config(noloris_pre, NULL, NULL, APR_HOOK_MIDDLE);
-    ap_hook_post_config(noloris_post, NULL, NULL, APR_HOOK_MIDDLE);
-    ap_hook_monitor(noloris_monitor, NULL, NULL, APR_HOOK_MIDDLE);
-}
-static const char *noloris_trusted(cmd_parms *cmd, void *cfg, const char *val)
-{
-    const char* err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (!err) {
-        apr_hash_set(trusted, val, APR_HASH_KEY_STRING, &noloris_module);
-    }
-    return err;
-}
-static const char *noloris_recheck(cmd_parms *cmd, void *cfg, const char *val)
-{
-    const char* err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (!err) {
-        recheck_time = apr_time_from_sec(atoi(val));
-    }
-    return err;
-}
-static const char *noloris_max_conn(cmd_parms *cmd, void *cfg, const char *val)
-{
-    const char* err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (!err) {
-        default_max_connections = atoi(val);
-    }
-    return err;
-}
-static const command_rec noloris_cmds[] = {
-    AP_INIT_ITERATE("TrustedProxy", noloris_trusted, NULL, RSRC_CONF,
-                    "IP addresses from which to allow unlimited connections"),
-    AP_INIT_TAKE1("ClientRecheckTime", noloris_recheck, NULL, RSRC_CONF,
-                  "Time interval for rechecking client connection tables"),
-    AP_INIT_TAKE1("MaxClientConnections", noloris_max_conn, NULL, RSRC_CONF,
-            "Max connections in READ state to permit from an untrusted client"),
-    {NULL}
-};
-AP_DECLARE_MODULE(noloris) = {
-    STANDARD20_MODULE_STUFF,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    noloris_cmds,
-    noloris_hooks
-};