github graygnuorg/pound v4.23
Version 4.23
on GitHub

7 hours ago

Important bugfix

A bug in SendFile special backend allowed for reading files outside of the configured directory. This is fixed.

Compilation

The early pthread_cancel probe hack is no longer used. Consequently, the --disable-pthread-cancel-probe configure option is gone.

Handling of errors during service selection

In previous versions, if service selection failed due to an error (e.g. because a non-existing backreference was used, a run-time error in a Lua function occurred, or the like), that service would be skipped as if its conditions returned false, and the next one would be tried. This could lead to selecting an improper service in case of error.

Starting from this version, any error occurring during service selection causes pound to return internal server error (500).

File descriptor usage

At startup, pound closes all inherited file descriptors numerically greater than 2. If this is undesirable for some reason, use the -Wno-close-extra-fds command line option.

Capacity of the incoming connection queue (used when all workers become busy) is computed so as to prevent the program from running out of file descriptors. It can also be set explicitly, using the ConnectionQueueSize configuration file statement.

Configuration constants

The new Constant statement defines a configuration constant for use in string expansions and Lua code. A constant is a string value identified by a unique name. The Constant statement can appear in top-level, listener, and service scopes. The syntax is: 

  Constant "NAME" "VALUE"

or 

  Constant "NAME" OPTIONS

where OPTIONS are:

  • -file FILE
    Read the constant value from the file FILE at startup.
  • -filewatch FILE
    Read the constant value from the file FILE, and monitor it for changes during the runtime.
  • -trim
    Trim off the trailing whitespace from the obtained value.

Constants can be used in string expansions (using the %[const NAME] accessor), and in Lua code (using the http:const(NAME) method). Refer to the Pound Manual, for a detailed discussion with examples.

Tunnels

A tunnel passes an opaque stream of bytes between the client and backend. It is defined in configuration file using the following construct: 

  Tunnel [ "ID" ]
      Address IPADDR
      Port PORT
      Backend
          Address IPADDR
          Port PORT
      End
  End

Naturally, only one backend is allowed. Similarly to other listeners, the Address/Port pair in the Tunnel section can be replaced with a single SocketFrom statement. The following statements are allowed in the
Backend subsection: Timeout, ConnTO, Disabled.

Runtime log level control

The poundctl command can be used to inspect log level settings or to change them without restarting pound*.

  • poundctl log [/]
    Show global log level.
  • poundctl log /L
    Show log level for the listener L.
  • poundctl log /[L] F
    Set log level F. If argument is /, the global log level is set. Otherwise, log level for the listener L is set.
  • poundctl log -d /L
    Clears log level setting for the listener L. As a result, the listener will use global log level.
  • poundctl log -d [/]
    Set global log level to null.

Lua: access to the originator IP

Two new fields are available in the http table:

  • http.rmt_ip
    Request originator IP address (as string).
  • http.fwd_ip
    Request originator IP address (as string), determined using the X-Forwarded-For (or similar) header. If the request bears no such header or if the TrustedIP list is not declared, this is equivalent to http.rmt_ip.
Check out latest releases or
releases around graygnuorg/pound v4.23

Don't miss a new pound release

NewReleases is sending notifications on new releases.

Get notifications