Adds a setting "access.suppress_path" to php-fpm pool configurations
which causes successful GET requests to the specified URIs to be
excluded from the access log. This is to reduce noise caused by
automated health checks.
Requests with response codes outwith the successful range 200 - 299,
requests made with query parameters and requests which have a
Content-Length other than 0 will ignore this setting as a security
precaution.
Closes GH-8174, #80428 [1]
[1] https://bugs.php.net/bug.php?id=80428
In a similar model as _safe_*alloc api but for the `userland` it guards
against overflow before (re)allocation, usage concealed in fpm for now.
Modern Linux and most of BSD already have it.
Closes#8871.
This issue might happen if there is change of the fcgi stream when
the buffer is full. Then the empty record is created which signals
end of stream which is incorrect.
The actual fix without a test was contributed by GitHub user @loveharmful
in GH-3198.
Temporarily store result of ini builder in ini_entries to avoid a leak
when main() exists prematurely. Technically ini_entries isn't released
either but ASAN doesn't consider unreleased memory referenced from
globals leaks.
On linux -1 means system administrator choosen default or kernel
default, this varies between kernel versions or distributions
it used to be 128 now it is 4096.
This change introduces subsequent kill of the process when idle process quit
(SIGQUIT) does not succeed. It can happen in some situations and means that FPM
is not able to scale down in dynamic pm. Using SIGKILL fixes the issue.
The fix introduces early locking of scoreboard when it is updated
which prevents the race condition causing an incorrect number of
active processes being set.
The deny_ptrace is a OS runtime setting and is off by default,
at least on workstations flavors (fedora) however it might be
different on production servers.
Mark Gallagher