github graygnuorg/pound v4.17
Version 4.17
on GitHub

one month ago

Tagging conditional statements

All conditional statements that match against a pattern can be tagged using the following option: 

   -tag "T"

where T is an arbitrary string. This tag can then be used to refer to a subexpression obtained as a result of matching, for example: 

   Path -tag "dir" -re "^/static(/.*)"
   Header -tag "type" "Content-Type:([^/]+)/([^;]+)"
   SetPath "/assets/$1(type).$2(type)$1(dir)"

Changes to the ACL statements

Two new forms of the ACL statements are provided:

  • ACL -file "NAME"
    Reads ACL from the file NAME. The file shall contain a list of CIDRs, one per input line. CIDRs need not be quoted. Empty lines and comments are allowed.
    The file is read once, at program startup.

  • ACL -filewatch "NAME"
    Same as above, but the file will be monitored for changes during the runtime. If a change is detected, the file will be rescanned
    and the ACL updated. To ensure file changes are noticed immediately, pound relies on filesystem monitoring API provided by
    the operating system - inotify on GNU/Linux systems and kqueue on BSD. On systems not supporting either interface, the file will be checked periodically. The interval between two successive checks is defined by the WatcherTTL global directive.

The corresponding new forms are implemented for all ACL statements, i.e.:

  • Named ACLs: 
    ACL "name" -file "filename"
ACL "name" -filewatch "filename"
  • Trusted IP lists: 
    TrustedIP -file "filename"
TrustedIP -filewatch "filename"

Use of -filewatch with request matching directives

In addition to ACL, the -filewatch flag discussed above can be used with the following request matching directives: Header, Path, Query, QueryParam, StringMatch, URL.

Changes to the BasicAuth statement

The statement takes an option: -filewatch or -file. The option -filewatch is the default (see above). The -file option can be used to disable file change monitoring.

Changes to the Header statement

New statement form is introduced: 

Header "FIELD" [OPTIONS] "VALUE"

In this form, pattern modification options apply to header value only, e.g. 

Header "Content-Type" -beg "text/"

New special backend: SendFile

This backend treats the path part of the request as local file name and sends back the contents of that file, if it exists. Default
content type is text/plain. Both parameters can be changed using request (for file name), and response (for content type) rewriting.

The syntax is: 

SendFile DIR

where DIR specifies the directory from which to serve files.

Error file contents

Error file supplied with Error, ErrorFile, or any ErrNNN directvie, can begin with HTTP headers. If so, these will be
sent along with the response, and the actual response contents will begin after the empty line that terminates the headers.

Error response rewriting

When a regular backend responds with an error, the content (body) of that response can be replaced with an arbitrary custom page. For this to work, the listener must define a custom page for the status code in question using the ErrorFile statement, and error response rewriting must be explicitly enabled. The latter is done with the following statement: 

RewriteErrors on

The statement can be used both in ListenHTTP (ListenHTTPS) and in Service blocks, the latter overriding the former.

Bugfixes

Improper pattern handling in patterns read from file

When using -file with one of the following pattern types: -exact, -beg, -end, -contain, only first pattern from the file was compiled using the requested pattern type. Remaining ones were treated as POSIX regular expressions.

Check out latest releases or
releases around graygnuorg/pound v4.17

Don't miss a new pound release

NewReleases is sending notifications on new releases.

Get notifications