1. 22 Feb, 2017 3 commits
    • Matthew Holt's avatar
      06873175
    • Matthew Holt's avatar
      httpserver: Disable default timeouts (closes #1464) · f49e0c9b
      Matthew Holt authored
      Timeouts are important for mitigating slowloris, yes. But after a number
      of complaints and seeing that default timeouts are a sore point of
      confusion, we're disabling them now. However, the code that sets
      default timeouts remains intact; the defaults are just the zero value.
      
      While Caddy aims to be secure by default, Caddy also aims to serve a
      worldwide audience. Even my own internet here in Utah is poor at times,
      with bad WiFi signal, causing some connections to take over 10s to
      be established. Many use the Internet while commuting on slower
      connection speeds. Latency across country borders is another concern.
      
      As such, disabling default timeouts will serve a greater population of
      users than enabling them, as slowloris is easy to mitigate and does
      not seem to be reported often (I've only seen it once). It's also very
      difficult sometimes to distinguish slowloris from genuine slow networks.
      That decision is best left to the site owner for now.
      f49e0c9b
    • Matthew Holt's avatar
  2. 21 Feb, 2017 2 commits
  3. 20 Feb, 2017 3 commits
  4. 19 Feb, 2017 1 commit
  5. 18 Feb, 2017 4 commits
  6. 17 Feb, 2017 7 commits
    • Kurt Jung's avatar
      basicauth: Store name of authenticated user (#1426) · 977a3c32
      Kurt Jung authored
      * Store name of authenticated user in basicauth for use by upstream middleware such as fastcgi and cgi.
      
      * Use request context to transfer name of authorized user from basicauth to upstream middleware. Test retrieval of name from context.
      
      * Remove development code that was inadvertently left in place
      
      * Use keys of type httpserver.CtxKey to access Context values
      977a3c32
    • Matt Holt's avatar
      Detect HTTPS interception (#1430) · 82cbd7a9
      Matt Holt authored
      * WIP: Implement HTTPS interception detection by Durumeric, et. al.
      
      Special thanks to @FiloSottile for guidance with the custom listener.
      
      * Add {{.IsMITM}} context action and {mitm} placeholder
      
      * Improve MITM detection heuristics for Firefox and Edge
      
      * Add tests for MITM detection heuristics
      
      * Improve Safari heuristics for interception detection
      
      * Read ClientHello during first Read() instead of during Accept()
      
      As far as I can tell, reading the ClientHello during Accept() prevents
      new connections from being accepted during the read. Since Read() should
      be called in its own goroutine, this keeps Accept() non-blocking.
      
      * Clean up MITM detection handler; make possible to close connection
      
      * Use standard lib cipher suite values when possible
      
      * Improve Edge heuristics and test cases
      
      * Refactor MITM checking logic; add some debug statements for now
      
      * Fix bug in MITM heuristic tests and actual heuristic code
      
      * Fix gofmt
      
      * Remove debug statements; preparing for merge
      82cbd7a9
    • Mateusz Gajewski's avatar
      HTTP/2 push support (golang 1.8) (#1215) · cdf7cf5c
      Mateusz Gajewski authored
      * WIP
      
      * HTTP2/Push for golang 1.8
      
      * Push plugin completed for review
      
      * Correct build tag
      
      * Move push plugin position
      
      * Add build tags to tests
      
      * Gofmt that code
      
      * Add header/method validations
      
      * Load push plugin
      
      * Fixes for wrapping writers
      
      * Push after delivering file
      
      * Fixes, review changes
      
      * Remove build tags, support new syntax
      
      * Fix spelling
      
      * gofmt -s -w .
      
      * Gogland time
      
      * Add interface guards
      
      * gofmt
      
      * After review fixes
      cdf7cf5c
    • elcore's avatar
      Add support for ChaCha20-Poly1305 (#1443) · 57900782
      elcore authored
      57900782
    • Matt Holt's avatar
      Merge pull request #1378 from tw4452852/1362 · e50de809
      Matt Holt authored
      proxy: handle encoded path in URL
      e50de809
    • Tw's avatar
      proxy: handle encoded path in URL · c37481cc
      Tw authored
      fix issue #1362
      Signed-off-by: default avatarTw <tw19881113@gmail.com>
      c37481cc
    • elcore's avatar
      Implement curve X25519 (Golang 1.8) (#1376) · 91ff7343
      elcore authored
      * Implement curve X25519
      
      * caddytls: Added a default curves list
      
      * caddytls: Improve tests
      91ff7343
  7. 16 Feb, 2017 9 commits
  8. 15 Feb, 2017 1 commit
    • Augusto Roman's avatar
      Fix data race for max connection limiting in proxy directive. (#1438) · 463c9d9d
      Augusto Roman authored
      * Fix data race for max connection limiting in proxy directive.
      
      The Conns and Unhealthy fields are updated concurrently across all active
      requests.  Because of this, they must use atomic operations for reads and
      writes.
      
      Prior to this change, Conns was incremented atomically, but read unsafely.
      Unhealthly was updated & read unsafely.  The new test
      TestReverseProxyMaxConnLimit exposes this race when run with -race.
      
      Switching to atomic operations makes the race detector happy.
      
      * oops, remove leftover dead code.
      463c9d9d
  9. 14 Feb, 2017 4 commits
  10. 13 Feb, 2017 2 commits
  11. 11 Feb, 2017 2 commits
  12. 08 Feb, 2017 2 commits
    • Julian V. Modesto's avatar
      Roll all logs by default (#1379) · ce7d3db1
      Julian V. Modesto authored
      * Use new subdirectives and flatten rolling config
      
      * Set default rotate config
      
      * Set default rolling config (hopefully) errwhere
      
      * Make private
      
      * Flatten errors directive and remove c.IncrNest()
      
      * Don't skip first error log roller subdirective we see
      
      * Remove hadBlock
      
      * Try lumberjack import
      
      * Unname import
      ce7d3db1
    • Mateusz Gajewski's avatar
      Feature #1246 - Remote syslog (#1301) · f32eed19
      Mateusz Gajewski authored
      * Remote syslog
      
      * golint
      
      * Initialize mutex
      f32eed19