Upload folder using huggingface_hub

.dockerignore

@@ -0,0 +1,21 @@
+# Compiled binaries and generated documentation
+/target/
+
+# Profiling data
+/perf.data
+/perf.data.old
+/flamegraph.svg
+
+# Logs generated by the web server
+/access.log
+/error.log
+
+# OS-specific files
+.DS_Store
+Thumbs.db
+.Spotlight-V100
+.Trashes
+
+# Temporary files used by the editor
+*.swp
+*.swo

.gitattributes

@@ -33,3 +33,5 @@ saved_model/**/* filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
 *tfevents* filter=lfs diff=lfs merge=lfs -text
+ferron/assets/icon.ico filter=lfs diff=lfs merge=lfs -text
+ferron-passwd/assets/icon.ico filter=lfs diff=lfs merge=lfs -text

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "cargo" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/release.yml

@@ -0,0 +1,237 @@
+name: Release
+
+on:
+  push:
+    branches: [ "main" ]
+
+jobs:
+  release:
+    # Set the job to run on the platform specified by the matrix below
+    runs-on: ${{ matrix.runner }}
+ 
+    # Define the build matrix for cross-compilation
+    strategy:
+      matrix:
+        include:
+          - name: x86_64-unknown-linux-gnu
+            runner: ubuntu-latest
+            target: x86_64-unknown-linux-gnu
+            command: cross
+          - name: x86_64-unknown-linux-musl
+            runner: ubuntu-latest
+            target: x86_64-unknown-linux-musl
+            command: cross
+          - name: i686-unknown-linux-gnu
+            runner: ubuntu-latest
+            target: i686-unknown-linux-gnu
+            command: cross
+          - name: aarch64-unknown-linux-gnu
+            runner: ubuntu-latest
+            target: aarch64-unknown-linux-gnu
+            command: cross
+          - name: armv7-unknown-linux-gnueabihf
+            runner: ubuntu-latest
+            target: armv7-unknown-linux-gnueabihf
+            command: cross
+          - name: riscv64gc-unknown-linux-gnu
+            runner: ubuntu-latest
+            target: riscv64gc-unknown-linux-gnu
+            command: cross
+          - name: x86_64-unknown-freebsd
+            runner: ubuntu-latest
+            target: x86_64-unknown-freebsd
+            command: cross
+          - name: x86_64-pc-windows-msvc
+            runner: windows-latest
+            target: x86_64-pc-windows-msvc
+            command: cargo
+          - name: i686-pc-windows-msvc
+            runner: windows-latest
+            target: i686-pc-windows-msvc
+            command: cargo
+          - name: aarch64-pc-windows-msvc
+            runner: windows-latest
+            target: aarch64-pc-windows-msvc
+            command: cargo
+          - name: x86_64-apple-darwin
+            runner: macos-latest
+            target: x86_64-apple-darwin
+            command: cargo
+          - name: aarch64-apple-darwin
+            runner: macos-latest
+            target: aarch64-apple-darwin
+            command: cargo
+ 
+    # The steps to run for each matrix item
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: main
+          fetch-depth: 0
+ 
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: "${{ matrix.target }}"
+ 
+      - name: Setup cache
+        uses: Swatinem/rust-cache@v2
+
+      - name: Determine Ferron version
+        shell: bash
+        run: |
+          FERRON_VERSION_CARGO="$(cat ferron/Cargo.toml | grep -E '^version' | sed -E 's|.*"([0-9a-zA-Z.+-]+)"$|\1|g')"
+          FERRON_VERSION_GIT="$(git tag --sort=-committerdate | head -n 1 | sed s/[^0-9a-zA-Z.+-]//g)"
+          if [ "$FERRON_VERSION_CARGO" != "" ]; then
+            echo "Version determined from Cargo.toml file"
+            echo "FERRON_VERSION=$FERRON_VERSION_CARGO" >> $GITHUB_ENV
+          elif  [ "$FERRON_VERSION_GIT" != "" ]; then
+            echo "Version determined from the Git tag"
+            echo "FERRON_VERSION=$FERRON_VERSION_GIT" >> $GITHUB_ENV
+          else
+            echo "Can't determine the server version!" 2>&1
+            exit 1
+          fi
+
+      - name: Install Cross
+        if: matrix.command == 'cross'
+        shell: bash
+        run: |
+          curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash
+          cargo binstall --no-confirm cross
+
+      - name: Build binaries
+        run: "${{ matrix.command }} build --verbose --locked --release --target ${{ matrix.target }}"
+
+      - name: Prepare for packaging
+        shell: bash
+        run: |
+          mkdir release
+          find target/${{ matrix.target }}/release -mindepth 1 -maxdepth 1 -type f ! -name "*.*" -o -name "*.exe" -o -name "*.dll" -o -name "*.dylib" -o -name "*.so" | sed -E "s|(.*)|cp -a \1 release|" | bash
+          cp -a ferron-release.yaml release/ferron.yaml
+          cp -a wwwroot release
+
+      - name: Create a release ZIP archive
+        uses: thedoctor0/zip-release@0.7.5
+        with:
+          type: "zip"
+          filename: "../ferron.zip"
+          directory: "release"
+
+      - name: Set up SSH
+        uses: LuisEnMarroquin/setup-ssh-action@v2.0.5
+        with:
+          ORIGIN: ${{ secrets.SSH_HOSTNAME }}
+          SSHKEY: ${{ secrets.SSH_KEY }}
+          NAME: ferron-servers
+          PORT: ${{ secrets.SSH_PORT }}
+          USER: ${{ secrets.SSH_USERNAME }}
+
+      - name: Release Ferron on Ferron's servers
+        shell: bash
+        run: |
+          ssh ferron-servers "mkdir -p ferron/${{ env.FERRON_VERSION }} || true"
+          scp ferron.zip ferron-servers:ferron/${{ env.FERRON_VERSION }}/ferron-${{ env.FERRON_VERSION }}-${{ matrix.target }}.zip
+
+          # The "move-ferron-archive" is a custom command that moves the ZIP archive to be served by the download server
+          ssh ferron-servers "sudo move-ferron-archive ${{ env.FERRON_VERSION }} ${{ matrix.target }}"
+
+  docs:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: main
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Setup cache
+        uses: Swatinem/rust-cache@v2
+
+      - name: Generate the Rust crate documentation
+        run: "cargo doc --verbose --locked --release"
+
+      - name: Create the documentation ZIP archive
+        uses: thedoctor0/zip-release@0.7.5
+        with:
+          type: "zip"
+          filename: "../../ferron-rustdocs.zip"
+          directory: "target/doc"
+      
+      - name: Set up SSH
+        uses: LuisEnMarroquin/setup-ssh-action@v2.0.5
+        with:
+          ORIGIN: ${{ secrets.SSH_HOSTNAME }}
+          SSHKEY: ${{ secrets.SSH_KEY }}
+          NAME: ferron-servers
+          PORT: ${{ secrets.SSH_PORT }}
+          USER: ${{ secrets.SSH_USERNAME }}
+
+      - name: Deploy the documentation
+        shell: bash
+        run: |
+          scp ferron-rustdocs.zip ferron-servers:.
+
+          # The "deploy-ferron-rustdocs" is a custom command that deploys the Ferron's Rust crate documentation
+          ssh ferron-servers "sudo deploy-ferron-rustdocs ferron-rustdocs.zip && rm ferron-rustdocs.zip"
+
+  docker:
+    runs-on: ubuntu-latest
+    
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+      id-token: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: main
+          fetch-depth: 0
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Determine Ferron version
+        shell: bash
+        run: |
+          FERRON_VERSION_CARGO="$(cat ferron/Cargo.toml | grep -E '^version' | sed -E 's|.*"([0-9a-zA-Z.+-]+)"$|\1|g')"
+          FERRON_VERSION_GIT="$(git tag --sort=-committerdate | head -n 1 | sed s/[^0-9a-zA-Z.+-]//g)"
+          if [ "$FERRON_VERSION_CARGO" != "" ]; then
+            echo "Version determined from Cargo.toml file"
+            echo "FERRON_VERSION=$FERRON_VERSION_CARGO" >> $GITHUB_ENV
+          elif  [ "$FERRON_VERSION_GIT" != "" ]; then
+            echo "Version determined from the Git tag"
+            echo "FERRON_VERSION=$FERRON_VERSION_GIT" >> $GITHUB_ENV
+          else
+            echo "Can't determine the server version!" 2>&1
+            exit 1
+          fi
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: "ferronserver/ferron:${{ env.FERRON_VERSION }},ferronserver/ferron:latest"
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: index.docker.io/ferronserver/ferron
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true

.github/workflows/rust.yml

@@ -0,0 +1,37 @@
+name: Rust
+
+on:
+  push:
+    branches: [ "develop" ]
+  pull_request:
+    branches: [ "develop" ]
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - uses: Swatinem/rust-cache@v2
+    - name: Build
+      run: cargo build --verbose
+    - name: Run tests
+      run: cargo test --workspace --verbose
+
+  check:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: dtolnay/rust-toolchain@stable
+      with:
+        components: clippy, rustfmt
+    - uses: Swatinem/rust-cache@v2
+    - name: rustfmt
+      run: cargo fmt --all -- --check
+    - name: clippy
+      run: cargo clippy --workspace -- -D warnings
+

.gitignore

@@ -0,0 +1,21 @@
+# Compiled binaries and generated documentation
+/target/
+
+# Profiling data
+/perf.data
+/perf.data.old
+/flamegraph.svg
+
+# Logs generated by the web server
+/access.log
+/error.log
+
+# OS-specific files
+.DS_Store
+Thumbs.db
+.Spotlight-V100
+.Trashes
+
+# Temporary files used by the editor
+*.swp
+*.swo

.rusty-hook.toml

@@ -0,0 +1,5 @@
+[hooks]
+pre-commit = "cargo clippy --fix --all-targets --allow-staged && cargo fmt && git add -A"
+
+[logging]
+verbose = true

CODE_OF_CONDUCT.md

@@ -0,0 +1,5 @@
+# Contributor Code of Conduct
+
+This project adheres to No Code of Conduct.  We are all adults.  We accept anyone's contributions.  Nothing else matters.
+
+For more information please visit the [No Code of Conduct](https://nocodeofconduct.com) homepage.

CONTRIBUTING.md

@@ -0,0 +1,3 @@
+# Contribution guidelines
+
+_See [contribution page on Ferron's website](https://www.ferronweb.org/contribute)_

Cargo.toml

@@ -0,0 +1,18 @@
+[workspace]
+members = [
+    "ferron",
+    "ferron-passwd",
+]
+resolver = "2"
+
+[workspace.dependencies]
+yaml-rust2 = "0.10.0"
+password-auth = { version = "1.0.0", features = ["argon2", "pbkdf2", "scrypt"] }
+rusty-hook = "0.11.2"
+mimalloc = "0.1.45"
+
+[profile.release]
+strip = true
+lto = true
+codegen-units = 1
+panic = "abort"

Dockerfile

@@ -0,0 +1,40 @@
+# Use the official Rust image as a build stage
+FROM rust as builder
+
+# Set the working directory
+WORKDIR /usr/src/ferron
+
+# Copy the source code
+COPY . .
+
+# Build the actual application
+RUN cargo build --release
+
+# Use a Devuan base image for the final image
+FROM devuan/devuan
+
+# Copy the compiled binaries from the builder stage
+COPY --from=builder /usr/src/ferron/target/release/ferron /usr/sbin/ferron
+COPY --from=builder /usr/src/ferron/target/release/ferron-passwd /usr/sbin/ferron-passwd
+
+# Copy the web server configuration
+COPY ferron-docker.yaml /etc/ferron.yaml
+
+# Copy the web root contents
+RUN mkdir -p /var/www/ferron
+COPY wwwroot/* /var/www/ferron
+
+# Create a directory where Ferron logs are stored
+RUN mkdir -p /var/log/ferron
+
+# Create a "ferron" user and grant the permissions for the log directory and the webroot to that user
+RUN useradd -d /nonexistent -s /usr/sbin/nologin -r ferron && chown -hR ferron:ferron /var/www/ferron && chown -hR ferron:ferron /var/log/ferron
+
+# Expose the port 80 (used for HTTP)
+EXPOSE 80
+
+# Switch to "ferron" user
+USER ferron
+
+# Set the command to run the binary
+CMD ["/usr/sbin/ferron", "-c", "/etc/ferron.yaml"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Ferron
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1,10 +1,64 @@
----
-title: Web
-emoji: ⚡
-colorFrom: yellow
-colorTo: pink
-sdk: docker
-pinned: false
----
-
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+<p align="center">
+  <a href="https://www.ferronweb.org" target="_blank">
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="logo-dark.png">
+      <img alt="Ferron logo" src="logo.png" width="256">
+    </picture>
+  </a>
+</p>
+<p align="center">
+  <b>Ferron</b> - a fast, memory-safe web server written in Rust
+</p>
+<p align="center">
+  <a href="https://www.ferronweb.org/docs" target="_blank"><img alt="Static Badge" src="https://img.shields.io/badge/Documentation-orange"></a>
+  <a href="https://www.ferronweb.org" target="_blank"><img alt="Website" src="https://img.shields.io/website?url=https%3A%2F%2Fwww.ferronweb.org"></a>
+  <a href="https://x.com/ferron_web" target="_blank"><img alt="X (formerly Twitter) Follow" src="https://img.shields.io/twitter/follow/ferron_web"></a>
+  <a href="https://hub.docker.com/r/ferronserver/ferron" target="_blank"><img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/ferronserver/ferron"></a>
+  <a href="https://github.com/ferronweb/ferron" target="_blank"><img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/ferronweb/ferron"></a>
+</p>
+
+* * *
+
+## Features
+
+- **High performance** - built with Rust’s async capabilities for optimal speed.
+- **Memory-safe** - built with Rust, which is a programming language offering memory safety.
+- **Extensibility** - modular architecture for easy customization.
+- **Secure** - focus on robust security practices and safe concurrency.
+
+## Components
+
+Ferron consists of multiple components:
+
+- **`ferron`**: The main web server.
+- **`ferron-passwd`**: A tool for generating user entries with hashed passwords, which can be copied into the web server's configuration file.
+
+## Building Ferron from source
+
+You can clone the repository and explore the existing code:
+
+```sh
+git clone https://github.com/ferronweb/ferron.git
+cd ferron
+```
+
+You can then build and run the web server using Cargo:
+
+```sh
+cargo build -r
+cargo run -r --bin ferron
+```
+
+You can also use [Ferron Forge](https://github.com/ferronweb/ferron-forge) to build the web server. Ferron Forge outputs a ZIP archive that can be used by the Ferron installer.
+
+## Server configuration
+
+You can check the [Ferron documentation](https://www.ferronweb.org/docs/configuration) to see configuration properties used by Ferron.
+
+## Contributing
+
+See [Ferron contribution page](https://www.ferronweb.org/contribute) for details.
+
+## License
+
+Ferron is licensed under the MIT License. See `LICENSE` for details.

SECURITY.md

@@ -0,0 +1,40 @@
+# Ferron Security Policy
+
+## Overview
+Ferron is a fast, memory-safe web server written in Rust, designed for performance and security. This document outlines the security policies and procedures to ensure Ferron remains a secure and reliable software project.
+
+## Supported versions
+Ferron actively supports the latest stable release and provides security updates for the most recent minor versions. Users are encouraged to upgrade promptly to receive security patches.
+
+## Reporting security issues
+Security is a top priority for Ferron. If you discover a vulnerability, please report it responsibly by sending an email message to [security@ferronweb.org](mailto:security@ferronweb.org).
+
+We strongly discourage public disclosure of vulnerabilities before a fix is released.
+
+## Security best practices
+To maintain security, we follow these principles:
+
+- **Memory safety** - Ferron leverages Rust’s ownership model and borrow checker to eliminate memory-related vulnerabilities.
+- **Minimal attack surface** - features are enabled only as needed, reducing exposure to potential threats.
+- **Regular audits** - code is reviewed regularly, and dependencies are monitored for security vulnerabilities.
+- **Safe defaults** - Ferron has some insecure configuration disabled by default, like exposing the server version or directory listings.
+
+## Secure development process
+Ferron follows industry best practices to maintain a secure development lifecycle:
+
+1. **Code review** - all changes undergo peer review with security checks.
+2. **Dependency management** - regularly check and update dependencies to patch known vulnerabilities.
+3. **Responsible disclosure** - work with the security community to resolve issues before public disclosure.
+
+## Handling security incidents
+In the event of a security breach or vulnerability:
+
+1. **Triage** - assess and prioritize the issue based on severity.
+2. **Mitigation** - develop and test a fix.
+3. **Advisory** - issue a security advisory with mitigation steps and fixed versions.
+4. **Update users** - notify users via release notes and security mailing lists.
+
+## Contact information
+For any security concerns, contact us at [security@ferronweb.org](mailto:security@ferronweb.org). Stay updated on security patches via [our website](https://www.ferronweb.org).
+
+By following this policy, we ensure Ferron remains a secure and trustworthy web server for all users.

ferron-docker.yaml

@@ -0,0 +1,4 @@
+global:
+  wwwroot: /var/www/ferron
+  logFilePath: /var/log/ferron/access.log
+  errorLogFilePath: /var/log/ferron/error.log

ferron-passwd/Cargo.toml

@@ -0,0 +1,20 @@
+[package]
+name = "ferron-passwd"
+version = "1.0.0"
+edition = "2021"
+
+[package.metadata.winresource]
+ProductName = "Ferron password utility"
+
+[dependencies]
+clap = { version = "4.5.28", features = ["derive"] }
+password-auth.workspace = true
+rpassword = "7.4.0"
+yaml-rust2.workspace = true
+mimalloc = { workspace = true }
+
+[dev-dependencies]
+rusty-hook = { workspace = true }
+
+[build-dependencies]
+winresource = "0.1.19"

ferron-passwd/build.rs

@@ -0,0 +1,13 @@
+use {
+  std::{env, io},
+  winresource::WindowsResource,
+};
+
+fn main() -> io::Result<()> {
+  if env::var_os("CARGO_CFG_WINDOWS").is_some() {
+    WindowsResource::new()
+      .set_icon("assets/icon.ico")
+      .compile()?;
+  }
+  Ok(())
+}

ferron-passwd/src/main.rs

@@ -0,0 +1,65 @@
+use clap::Parser;
+use mimalloc::MiMalloc;
+use password_auth::generate_hash;
+use rpassword::prompt_password;
+use std::process;
+use yaml_rust2::{yaml, Yaml, YamlEmitter};
+
+#[global_allocator]
+static GLOBAL: MiMalloc = MiMalloc;
+
+/// A password tool for Ferron
+#[derive(Parser, Debug)]
+#[command(version, about, long_about = None)]
+struct Args {
+  /// The username, for which you want to generate an user entry
+  #[arg()]
+  username: String,
+}
+
+fn main() {
+  let args = Args::parse();
+
+  let password = match prompt_password("Password: ") {
+    Ok(pass) => pass,
+    Err(e) => {
+      eprintln!("Error reading password: {}", e);
+      process::exit(1);
+    }
+  };
+  let password2 = match prompt_password("Confirm password: ") {
+    Ok(pass) => pass,
+    Err(e) => {
+      eprintln!("Error reading password confirmation: {}", e);
+      process::exit(1);
+    }
+  };
+
+  if password != password2 {
+    eprintln!("Passwords don't match!");
+    process::exit(1);
+  }
+
+  let password_hash = generate_hash(password);
+
+  let mut yaml_user_hashmap = yaml::Hash::new();
+  yaml_user_hashmap.insert(
+    Yaml::String("name".to_string()),
+    Yaml::String(args.username),
+  );
+  yaml_user_hashmap.insert(
+    Yaml::String("pass".to_string()),
+    Yaml::String(password_hash),
+  );
+
+  let yaml_data = Yaml::Array(vec![Yaml::Hash(yaml_user_hashmap)]);
+
+  let mut output = String::new();
+  if let Err(e) = YamlEmitter::new(&mut output).dump(&yaml_data) {
+    eprintln!("Error generating YAML output: {}", e);
+    process::exit(1);
+  }
+
+  println!("Copy the user object below into \"users\" property of either global configuration or a virtual host in the \"ferron.yaml\" file. Remember about the indentation in the server configuration.");
+  println!("{}", output);
+}

ferron-release.yaml

@@ -0,0 +1,2 @@
+global:
+  wwwroot: wwwroot

ferron.yaml

@@ -0,0 +1,11 @@
+# Global server configuration
+global:
+  port: 8080
+  logFilePath: access.log
+  errorLogFilePath: error.log
+  loadModules:
+   - cgi
+  wwwroot: wwwroot # Replace "wwwroot" with desired webroot
+  enableDirectoryListing: true
+  cgiScriptExtensions:
+   - .php # Necessary to be able to execute PHP scripts via PHP-CGI

ferron/Cargo.toml

@@ -0,0 +1,80 @@
+[package]
+name = "ferron"
+version = "1.0.0"
+edition = "2021"
+
+[package.metadata.winresource]
+ProductName = "Ferron"
+
+[dependencies]
+hyper = { version = "1.6.0", features = ["full"] }
+tokio = { version = "1.44.2", features = ["full"] }
+http-body-util = "0.1.0"
+hyper-util = { version = "0.1", features = ["full"] }
+tokio-util = { version = "0.7.13", features = ["io"] }
+rustls = { version = "0.23.24", default-features = false, features = ["tls12", "std", "ring"] }
+rustls-acme = { version = "0.13.0", default-features = false, features = ["tls12", "ring"] }
+tokio-rustls = { version = "0.26.1", default-features = false, features = ["tls12", "ring"] }
+rustls-pki-types = "1.11.0"
+rustls-pemfile = "2.2.0"
+yaml-rust2 = { workspace = true }
+anyhow = "1.0.98"
+futures-util = "0.3.31"
+chrono = "0.4.39"
+async-trait = "0.1.86"
+rustls-native-certs = "0.8.1"
+ocsp-stapler = { version = "0.4.4", default-features = false }
+clap = { version = "4.5.28", features = ["derive"] }
+fancy-regex = "0.14.0"
+password-auth = { workspace = true }
+base64 = "0.22.1"
+sha2 = "0.10.8"
+new_mime_guess = "4.0.4"
+async-compression = { version = "0.4.18", features = ["tokio", "gzip", "brotli", "deflate", "zstd"] }
+urlencoding = "2.1.3"
+async-channel = "2.3.1"
+mimalloc = { workspace = true }
+cache_control = { git = "https://github.com/DorianNiemiecSVRJS/rust-cache-control.git", optional = true } # Temporarily replaced with a fork
+itertools = { version = "0.14.0", optional = true }
+rand = "0.9.0"
+memmem = { version = "0.1.1", optional = true }
+httparse = { version = "1.10.0", optional = true }
+pin-project-lite = "0.2.16"
+hashlink = "0.10.0"
+glob = "0.3.2"
+hyper-tungstenite = "0.17.0"
+tokio-tungstenite = { version = "0.26.2", features = ["rustls-tls-native-roots"] }
+http = "1.2.0"
+pyo3 = { version = "0.24.1", optional = true, features = ["anyhow", "auto-initialize"] }
+futures-lite = "2.6.0"
+nix = { version = "0.30.0", optional = true, features = ["process", "signal"] }
+interprocess = { version = "2.2.3", features = ["tokio"], optional = true }
+serde = { version = "1.0.219", optional = true, features = ["derive"] }
+serde_bytes = { version = "0.11.17", optional = true }
+postcard = { version = "1.1.1", optional = true, default-features = false, features = ["use-std"] }
+bytes = { version = "1.10.1", optional = true }
+pyo3-async-runtimes = { version = "0.24.0", optional = true, features = ["tokio", "tokio-runtime"] }
+h3 = "0.0.7"
+h3-quinn = "0.0.9"
+quinn = "0.11.7"
+
+[dev-dependencies]
+tokio-test = "0.4.4"
+rusty-hook = { workspace = true }
+
+[features]
+default = ["cache", "cgi", "fauth", "fcgi", "fproxy", "rproxy", "scgi"]
+asgi = ["pyo3", "pyo3-async-runtimes"]
+cache = ["cache_control", "itertools"]
+cgi = ["httparse", "memmem"]
+example = []
+fauth = []
+fcgi = ["httparse", "memmem"]
+fproxy = []
+rproxy = []
+scgi = ["httparse", "memmem"]
+wsgi = ["pyo3"]
+wsgid = ["pyo3", "nix", "interprocess", "itertools", "serde", "serde_bytes", "postcard", "hashlink/serde", "hashlink/serde_impl", "bytes"]
+
+[build-dependencies]
+winresource = "0.1.19"

ferron/build.rs

@@ -0,0 +1,13 @@
+use {
+  std::{env, io},
+  winresource::WindowsResource,
+};
+
+fn main() -> io::Result<()> {
+  if env::var_os("CARGO_CFG_WINDOWS").is_some() {
+    WindowsResource::new()
+      .set_icon("assets/icon.ico")
+      .compile()?;
+  }
+  Ok(())
+}

ferron/src/common/log.rs

@@ -0,0 +1,32 @@
+/// Represents a log message with its content and error status.
+pub struct LogMessage {
+  is_error: bool,
+  message: String,
+}
+
+impl LogMessage {
+  /// Creates a new `LogMessage` instance.
+  ///
+  /// # Parameters
+  ///
+  /// - `message`: The content of the log message.
+  /// - `is_error`: A boolean indicating whether the message is an error (`true`) or not (`false`).
+  ///
+  /// # Returns
+  ///
+  /// A `LogMessage` object containing the specified message and error status.
+  pub fn new(message: String, is_error: bool) -> Self {
+    Self { is_error, message }
+  }
+
+  /// Consumes the `LogMessage` and returns its components.
+  ///
+  /// # Returns
+  ///
+  /// A tuple containing:
+  /// - `String`: The content of the log message.
+  /// - `bool`: A boolean indicating whether the message is an error.
+  pub fn get_message(self) -> (String, bool) {
+    (self.message, self.is_error)
+  }
+}

ferron/src/common/mod.rs

@@ -0,0 +1,593 @@
+#![allow(dead_code)]
+
+use std::{error::Error, future::Future, net::SocketAddr, pin::Pin};
+
+use async_channel::Sender;
+use async_trait::async_trait;
+use http_body_util::combinators::BoxBody;
+use hyper::{body::Bytes, upgrade::Upgraded, HeaderMap, Request, Response, StatusCode, Uri};
+use hyper_tungstenite::HyperWebsocket;
+use tokio::runtime::Handle;
+use yaml_rust2::Yaml;
+
+#[path = "log.rs"]
+mod log;
+#[path = "with_runtime.rs"]
+mod with_runtime;
+
+/// Contains information about a network socket, including remote and local addresses,
+/// and whether the connection is encrypted.
+pub struct SocketData {
+  /// The remote address of the socket.
+  pub remote_addr: SocketAddr,
+  /// The local address of the socket.
+  pub local_addr: SocketAddr,
+  /// Indicates if the connection is encrypted.
+  pub encrypted: bool,
+}
+
+impl SocketData {
+  /// Creates a new `SocketData` instance.
+  ///
+  /// # Parameters
+  ///
+  /// - `remote_addr`: The remote address of the socket.
+  /// - `local_addr`: The local address of the socket.
+  /// - `encrypted`: A boolean indicating if the connection is encrypted.
+  ///
+  /// # Returns
+  ///
+  /// A new `SocketData` instance with the provided parameters.
+  pub fn new(remote_addr: SocketAddr, local_addr: SocketAddr, encrypted: bool) -> Self {
+    Self {
+      remote_addr,
+      local_addr,
+      encrypted,
+    }
+  }
+}
+
+/// Represents a log message. This is a type alias for `crate::log::LogMessage`.
+pub type LogMessage = log::LogMessage;
+
+/// Represents the server configuration object. This is a type alias for `Yaml` from the `yaml_rust2` crate.
+pub type ServerConfig = Yaml;
+
+/// Represents the HTTP request from Hyper.
+pub type HyperRequest = Request<BoxBody<Bytes, std::io::Error>>;
+
+/// Represents the HTTP response from Hyper.
+pub type HyperResponse = Response<BoxBody<Bytes, std::io::Error>>;
+
+/// Represents the upgraded HTTP connection from Hyper.
+pub type HyperUpgraded = Upgraded;
+
+/// A wrapper that ensures a function is executed within a specific runtime context.
+/// This is a type alias for `crate::with_runtime::WithRuntime<F>`.
+pub type WithRuntime<F> = with_runtime::WithRuntime<F>;
+
+/// Contains data related to an HTTP request, including the original Hyper request
+/// and optional authentication user information.
+pub struct RequestData {
+  hyper_request: HyperRequest,
+  auth_user: Option<String>,
+  original_url: Option<Uri>,
+}
+
+impl RequestData {
+  /// Creates a new `RequestData` instance.
+  ///
+  /// # Parameters
+  ///
+  /// - `hyper_request`: The original Hyper `Request` object.
+  /// - `auth_user`: An optional string representing the authenticated user.
+  ///
+  /// # Returns
+  ///
+  /// A new `RequestData` instance with the provided parameters.
+  pub fn new(
+    hyper_request: HyperRequest,
+    auth_user: Option<String>,
+    original_url: Option<Uri>,
+  ) -> Self {
+    Self {
+      hyper_request,
+      auth_user,
+      original_url,
+    }
+  }
+
+  /// Sets the authenticated user for the request.
+  ///
+  /// # Parameters
+  ///
+  /// - `auth_user`: A string representing the authenticated user.
+  pub fn set_auth_user(&mut self, auth_user: String) {
+    self.auth_user = Some(auth_user);
+  }
+
+  /// Retrieves the authenticated user associated with the request, if any.
+  ///
+  /// # Returns
+  ///
+  /// An `Option` containing a reference to the authenticated user's string, or `None` if not set.
+  pub fn get_auth_user(&self) -> Option<&str> {
+    match &self.auth_user {
+      Some(auth_user) => Some(auth_user),
+      None => None,
+    }
+  }
+
+  /// Sets the original URL (before URL rewriting) for the request.
+  ///
+  /// # Parameters
+  ///
+  /// - `original_url`: An `Uri` object representing the original request URL before rewriting.
+  pub fn set_original_url(&mut self, original_url: Uri) {
+    self.original_url = Some(original_url);
+  }
+
+  /// Retrieves the original URL (before URL rewriting) associated with the request, if any.
+  ///
+  /// # Returns
+  ///
+  /// An `Option` containing a reference to the `Uri` object representing the original request URL before rewriting, or `None` if not set.
+  pub fn get_original_url(&self) -> Option<&Uri> {
+    match &self.original_url {
+      Some(original_url) => Some(original_url),
+      None => None,
+    }
+  }
+
+  /// Provides a reference to the underlying Hyper `Request` object.
+  ///
+  /// # Returns
+  ///
+  /// A reference to the `HyperRequest` object.
+  pub fn get_hyper_request(&self) -> &HyperRequest {
+    &self.hyper_request
+  }
+
+  /// Provides a mutable reference to the underlying Hyper `Request` object.
+  ///
+  /// # Returns
+  ///
+  /// A mutable reference to the `HyperRequest` object.
+  pub fn get_mut_hyper_request(&mut self) -> &mut HyperRequest {
+    &mut self.hyper_request
+  }
+
+  /// Consumes the `RequestData` instance and returns its components.
+  ///
+  /// # Returns
+  ///
+  /// A tuple containing the `HyperRequest` object, an optional authenticated user string, and an optional `Uri` object representing the original request URL before rewriting.
+  pub fn into_parts(self) -> (HyperRequest, Option<String>, Option<Uri>) {
+    (self.hyper_request, self.auth_user, self.original_url)
+  }
+}
+
+/// Facilitates logging of error messages through a provided logger sender.
+pub struct ErrorLogger {
+  logger: Option<Sender<LogMessage>>,
+}
+
+impl ErrorLogger {
+  /// Creates a new `ErrorLogger` instance.
+  ///
+  /// # Parameters
+  ///
+  /// - `logger`: A `Sender<LogMessage>` used for sending log messages.
+  ///
+  /// # Returns
+  ///
+  /// A new `ErrorLogger` instance associated with the provided logger.
+  pub fn new(logger: Sender<LogMessage>) -> Self {
+    Self {
+      logger: Some(logger),
+    }
+  }
+
+  /// Creates a new `ErrorLogger` instance without any underlying logger.
+  ///
+  /// # Returns
+  ///
+  /// A new `ErrorLogger` instance not associated with any logger.
+  pub fn without_logger() -> Self {
+    Self { logger: None }
+  }
+
+  /// Logs an error message asynchronously.
+  ///
+  /// # Parameters
+  ///
+  /// - `message`: A string slice containing the error message to be logged.
+  ///
+  /// # Examples
+  ///
+  /// ```
+  /// # use crate::ferron_common::ErrorLogger;
+  /// # #[tokio::main]
+  /// # async fn main() {
+  /// let (tx, mut rx) = async_channel::bounded(100);
+  /// let logger = ErrorLogger::new(tx);
+  /// logger.log("An error occurred").await;
+  /// # }
+  /// ```
+  pub async fn log(&self, message: &str) {
+    if let Some(logger) = &self.logger {
+      logger
+        .send(LogMessage::new(String::from(message), true))
+        .await
+        .unwrap_or_default();
+    }
+  }
+}
+
+impl Clone for ErrorLogger {
+  /// Clone a `ErrorLogger`.
+  ///
+  /// # Returns
+  ///
+  /// A cloned `ErrorLogger` instance
+  fn clone(&self) -> Self {
+    Self {
+      logger: self.logger.clone(),
+    }
+  }
+}
+
+/// Holds data related to an HTTP response, including the original request,
+/// optional authentication user information, and the response details.
+pub struct ResponseData {
+  request: Option<HyperRequest>,
+  auth_user: Option<String>,
+  original_url: Option<Uri>,
+  response: Option<Response<BoxBody<Bytes, std::io::Error>>>,
+  response_status: Option<StatusCode>,
+  response_headers: Option<HeaderMap>,
+  new_remote_address: Option<SocketAddr>,
+  parallel_fn: Option<Pin<Box<dyn Future<Output = ()> + Send>>>,
+}
+
+impl ResponseData {
+  /// Initiates the building process for a `ResponseData` instance using a `RequestData` object.
+  ///
+  /// # Parameters
+  ///
+  /// - `request`: A `RequestData` instance containing the original request and authentication information.
+  ///
+  /// # Returns
+  ///
+  /// A `ResponseDataBuilder` initialized with the provided request data.
+  pub fn builder(request: RequestData) -> ResponseDataBuilder {
+    let (request, auth_user, original_url) = request.into_parts();
+
+    ResponseDataBuilder {
+      request: Some(request),
+      auth_user,
+      original_url,
+      response: None,
+      response_status: None,
+      response_headers: None,
+      new_remote_address: None,
+      parallel_fn: None,
+    }
+  }
+
+  /// Initiates the building process for a `ResponseData` instance without a `RequestData` object.
+  ///
+  /// # Returns
+  ///
+  /// A `ResponseDataBuilder` initialized without any request data.
+  pub fn builder_without_request() -> ResponseDataBuilder {
+    ResponseDataBuilder {
+      request: None,
+      auth_user: None,
+      original_url: None,
+      response: None,
+      response_status: None,
+      response_headers: None,
+      new_remote_address: None,
+      parallel_fn: None,
+    }
+  }
+
+  /// Consumes the `ResponseData` instance and returns its components.
+  ///
+  /// # Returns
+  ///
+  /// A tuple containing:
+  /// - The optional original `HyperRequest` object.
+  /// - An optional authenticated user string.
+  /// - An optional `Uri` object representing the original request URL (before rewriting)
+  /// - An optional `Response` object encapsulated in a `BoxBody` with `Bytes` and `std::io::Error`.
+  /// - An optional HTTP `StatusCode`.
+  /// - An optional `HeaderMap` containing the HTTP headers.
+  /// - An optional `SocketAddr` containing the client's new IP address and port.
+  /// - An optional `Future` with `()` output that would be executed in parallel.
+  #[allow(clippy::type_complexity)]
+  pub fn into_parts(
+    self,
+  ) -> (
+    Option<HyperRequest>,
+    Option<String>,
+    Option<Uri>,
+    Option<Response<BoxBody<Bytes, std::io::Error>>>,
+    Option<StatusCode>,
+    Option<HeaderMap>,
+    Option<SocketAddr>,
+    Option<Pin<Box<dyn Future<Output = ()> + Send>>>,
+  ) {
+    (
+      self.request,
+      self.auth_user,
+      self.original_url,
+      self.response,
+      self.response_status,
+      self.response_headers,
+      self.new_remote_address,
+      self.parallel_fn,
+    )
+  }
+}
+
+pub struct ResponseDataBuilder {
+  request: Option<HyperRequest>,
+  auth_user: Option<String>,
+  original_url: Option<Uri>,
+  response: Option<Response<BoxBody<Bytes, std::io::Error>>>,
+  response_status: Option<StatusCode>,
+  response_headers: Option<HeaderMap>,
+  new_remote_address: Option<SocketAddr>,
+  parallel_fn: Option<Pin<Box<dyn Future<Output = ()> + Send>>>,
+}
+
+impl ResponseDataBuilder {
+  /// Sets the response for the `ResponseData`.
+  ///
+  /// # Parameters
+  ///
+  /// - `response`: A `Response` object encapsulated in a `BoxBody` with `Bytes` and `std::io::Error`.
+  ///
+  /// # Returns
+  ///
+  /// The updated `ResponseDataBuilder` instance with the specified response.
+  pub fn response(mut self, response: Response<BoxBody<Bytes, std::io::Error>>) -> Self {
+    self.response = Some(response);
+    self
+  }
+
+  /// Sets the status code for the `ResponseData`.
+  ///
+  /// # Parameters
+  ///
+  /// - `status`: A `StatusCode` representing the HTTP status code.
+  ///
+  /// # Returns
+  ///
+  /// The updated `ResponseDataBuilder` instance with the specified status code.
+  pub fn status(mut self, status: StatusCode) -> Self {
+    self.response_status = Some(status);
+    self
+  }
+
+  /// Sets the headers for the `ResponseData`.
+  ///
+  /// # Parameters
+  ///
+  /// - `headers`: A `HeaderMap` containing the HTTP headers.
+  ///
+  /// # Returns
+  ///
+  /// The updated `ResponseDataBuilder` instance with the specified headers.
+  pub fn headers(mut self, headers: HeaderMap) -> Self {
+    self.response_headers = Some(headers);
+    self
+  }
+
+  /// Sets the new client address for the `ResponseData`.
+  ///
+  /// # Parameters
+  ///
+  /// - `new_remote_address`: A `SocketAddr` containing the new client's IP address and port.
+  ///
+  /// # Returns
+  ///
+  /// The updated `ResponseDataBuilder` instance with the specified headers.
+  pub fn new_remote_address(mut self, new_remote_address: SocketAddr) -> Self {
+    self.new_remote_address = Some(new_remote_address);
+    self
+  }
+
+  /// Sets the function to be executed in parallel.
+  ///
+  /// # Parameters
+  ///
+  /// - `parallel_fn`: A `Future` with `()` output.
+  ///
+  /// # Returns
+  ///
+  /// The updated `ResponseDataBuilder` instance with the specified function to be executed in parallel.
+  pub fn parallel_fn(mut self, parallel_fn: impl Future<Output = ()> + Send + 'static) -> Self {
+    self.parallel_fn = Some(Box::pin(parallel_fn));
+    self
+  }
+
+  /// Builds the `ResponseData` instance.
+  ///
+  /// # Returns
+  ///
+  /// A `ResponseData` object containing the accumulated data from the builder.
+  pub fn build(self) -> ResponseData {
+    ResponseData {
+      request: self.request,
+      auth_user: self.auth_user,
+      original_url: self.original_url,
+      response: self.response,
+      response_status: self.response_status,
+      response_headers: self.response_headers,
+      new_remote_address: self.new_remote_address,
+      parallel_fn: self.parallel_fn,
+    }
+  }
+}
+
+/// Defines the interface for server module handlers, specifying how requests should be processed.
+#[async_trait]
+pub trait ServerModuleHandlers {
+  /// Handles an incoming request.
+  ///
+  /// # Parameters
+  ///
+  /// - `request`: A `RequestData` object containing the incoming request and associated data.
+  /// - `config`: A reference to the combined server configuration (`ServerConfig`). The combined configuration has properties in its root.
+  /// - `socket_data`: A reference to the `SocketData` containing socket-related information.
+  /// - `error_logger`: A reference to an `ErrorLogger` for logging errors.
+  ///
+  /// # Returns
+  ///
+  /// A `Result` containing a `ResponseData` object upon success, or a boxed `dyn Error` if an error occurs.
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>>;
+
+  /// Handles an incoming forward proxy request (not using CONNECT method).
+  ///
+  /// # Parameters
+  ///
+  /// - `request`: A `RequestData` object containing the incoming request and associated data.
+  /// - `config`: A reference to the combined server configuration (`ServerConfig`). The combined configuration has properties in its root.
+  /// - `socket_data`: A reference to the `SocketData` containing socket-related information.
+  /// - `error_logger`: A reference to an `ErrorLogger` for logging errors.
+  ///
+  /// # Returns
+  ///
+  /// A `Result` containing a `ResponseData` object upon success, or a boxed `dyn Error` if an error occurs.
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>>;
+
+  /// Modifies an outgoing response before it is sent to the client.
+  ///
+  /// This function allows for inspection and modification of the response generated by the server
+  /// or other handlers. Implementers can use this to add, remove, or alter headers, change the
+  /// status code, or modify the body of the response as needed.
+  ///
+  /// # Parameters
+  ///
+  /// - `response`: A `HyperResponse` object representing the outgoing HTTP response.
+  ///
+  /// # Returns
+  ///
+  /// A `Result` containing the potentially modified `HyperResponse` object upon success, or a boxed
+  /// `dyn Error` if an error occurs during processing.
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>>;
+
+  /// Modifies an outgoing response for forward proxy requests (not using CONNECT method) before it is sent to the client.
+  ///
+  /// This function allows for inspection and modification of the response generated by the server
+  /// or other handlers. Implementers can use this to add, remove, or alter headers, change the
+  /// status code, or modify the body of the response as needed.
+  ///
+  /// # Parameters
+  ///
+  /// - `response`: A `HyperResponse` object representing the outgoing HTTP response.
+  ///
+  /// # Returns
+  ///
+  /// A `Result` containing the potentially modified `HyperResponse` object upon success, or a boxed
+  /// `dyn Error` if an error occurs during processing.
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>>;
+
+  /// Handles an incoming forward proxy request (using CONNECT method).
+  ///
+  /// # Parameters
+  ///
+  /// - `upgraded_request`: A `HyperUpgraded` object containing the upgraded HTTP connection.
+  /// - `connect_address`: A reference to a string containing the address and port number of the destination server (for example "example.com:443").
+  /// - `config`: A reference to the combined server configuration (`ServerConfig`). The combined configuration has properties in its root.
+  /// - `socket_data`: A reference to the `SocketData` containing socket-related information.
+  /// - `error_logger`: A reference to an `ErrorLogger` for logging errors.
+  ///
+  /// # Returns
+  ///
+  /// A `Result` containing an empty value upon success, or a boxed `dyn Error` if an error occurs.
+  async fn connect_proxy_request_handler(
+    &mut self,
+    upgraded_request: HyperUpgraded,
+    connect_address: &str,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>>;
+
+  /// Checks if the module is a forward proxy module utilizing CONNECT method.
+  ///
+  /// # Returns
+  ///
+  /// `true` if the module is a forward proxy module utlilzing CONNECT method, or `false` otherwise.
+  fn does_connect_proxy_requests(&mut self) -> bool;
+
+  /// Handles an incoming WebSocket request.
+  ///
+  /// # Parameters
+  ///
+  /// - `websocket`: A `HyperWebsocket` object containing a future that resolves to a WebSocket stream.
+  /// - `uri`: A `hyper::Uri` object containig the HTTP request URI.
+  /// - `config`: A reference to the combined server configuration (`ServerConfig`). The combined configuration has properties in its root.
+  /// - `socket_data`: A reference to the `SocketData` containing socket-related information.
+  /// - `error_logger`: A reference to an `ErrorLogger` for logging errors.
+  ///
+  /// # Returns
+  ///
+  /// A `Result` containing an empty value upon success, or a boxed `dyn Error` if an error occurs.
+  async fn websocket_request_handler(
+    &mut self,
+    websocket: HyperWebsocket,
+    uri: &hyper::Uri,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>>;
+
+  /// Checks if the module is a module supporting WebSocket requests.
+  ///
+  /// # Parameters
+  ///
+  /// - `config`: A reference to the combined server configuration (`ServerConfig`). The combined configuration has properties in its root.
+  /// - `socket_data`: A reference to the `SocketData` containing socket-related information.
+  ///
+  /// # Returns
+  ///
+  /// `true` if the module is a module supporting WebSocket requests, or `false` otherwise.
+  fn does_websocket_requests(&mut self, config: &ServerConfig, socket_data: &SocketData) -> bool;
+}
+
+/// Represents a server module that can provide handlers for processing requests.
+pub trait ServerModule {
+  /// Retrieves the handlers associated with the server module.
+  ///
+  /// # Parameters
+  ///
+  /// - `handle`: A `Handle` to the Tokio runtime.
+  ///
+  /// # Returns
+  ///
+  /// A boxed object implementing `ServerModuleHandlers` that can be sent across threads.
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send>;
+}

ferron/src/common/with_runtime.rs

@@ -0,0 +1,56 @@
+use pin_project_lite::pin_project;
+use std::{
+  future::Future,
+  pin::Pin,
+  task::{Context, Poll},
+};
+use tokio::runtime::Handle;
+
+pin_project! {
+    /// A future that executes within a specific Tokio runtime.
+    ///
+    /// This struct ensures that the wrapped future (`fut`) is polled within the context of the provided Tokio runtime handle (`runtime`).
+    pub struct WithRuntime<F> {
+        runtime: Handle,
+        #[pin]
+        fut: F,
+    }
+}
+
+impl<F> WithRuntime<F> {
+  /// Creates a new `WithRuntime` instance.
+  ///
+  /// # Parameters
+  ///
+  /// - `runtime`: A `Handle` to the Tokio runtime in which the future should be executed.
+  /// - `fut`: The future to be executed within the specified runtime.
+  ///
+  /// # Returns
+  ///
+  /// A `WithRuntime` object encapsulating the provided runtime handle and future.
+  pub fn new(runtime: Handle, fut: F) -> Self {
+    Self { runtime, fut }
+  }
+}
+
+impl<F> Future for WithRuntime<F>
+where
+  F: Future,
+{
+  type Output = F::Output;
+
+  /// Polls the wrapped future within the context of the specified Tokio runtime.
+  ///
+  /// # Parameters
+  ///
+  /// - `ctx`: The current task context.
+  ///
+  /// # Returns
+  ///
+  /// A `Poll` indicating the state of the wrapped future (`Pending` or `Ready`).
+  fn poll(self: Pin<&mut Self>, ctx: &mut Context<'_>) -> Poll<Self::Output> {
+    let this = self.project();
+    let _guard = this.runtime.enter();
+    this.fut.poll(ctx)
+  }
+}

ferron/src/main.rs

@@ -0,0 +1,478 @@
+// Import server module from "server.rs"
+#[path = "server.rs"]
+mod ferron_server;
+
+// Import request handler module from "request_handler.rs"
+#[path = "request_handler.rs"]
+mod ferron_request_handler;
+
+// Import resources from "res" directory
+#[path = "res"]
+mod ferron_res {
+  pub mod server_software;
+}
+
+// Import common modules from "common" directory
+#[path = "common/mod.rs"]
+mod ferron_common;
+
+// Import utility modules from "util" directory
+#[path = "util"]
+mod ferron_util {
+  pub mod anti_xss;
+  #[cfg(feature = "asgi")]
+  pub mod asgi_messages;
+  #[cfg(feature = "asgi")]
+  pub mod asgi_structs;
+  #[cfg(any(feature = "cgi", feature = "scgi", feature = "fcgi"))]
+  pub mod cgi_response;
+  pub mod combine_config;
+  #[cfg(any(feature = "cgi", feature = "scgi", feature = "fcgi"))]
+  pub mod copy_move;
+  pub mod error_pages;
+  #[cfg(feature = "fcgi")]
+  pub mod fcgi_decoder;
+  #[cfg(feature = "fcgi")]
+  pub mod fcgi_encoder;
+  #[cfg(feature = "fcgi")]
+  pub mod fcgi_name_value_pair;
+  #[cfg(feature = "fcgi")]
+  pub mod fcgi_record;
+  pub mod generate_directory_listing;
+  pub mod ip_blocklist;
+  pub mod ip_match;
+  pub mod load_config;
+  pub mod load_tls;
+  pub mod match_hostname;
+  pub mod match_location;
+  #[cfg(any(feature = "rproxy", feature = "fauth"))]
+  pub mod no_server_verifier;
+  pub mod non_standard_code_structs;
+  #[cfg(all(unix, feature = "wsgid"))]
+  pub mod preforked_process_pool;
+  #[cfg(feature = "fcgi")]
+  pub mod read_to_end_move;
+  pub mod sizify;
+  pub mod sni;
+  #[cfg(feature = "fcgi")]
+  pub mod split_stream_by_map;
+  pub mod ttl_cache;
+  pub mod url_rewrite_structs;
+  pub mod url_sanitizer;
+  pub mod validate_config;
+  #[cfg(feature = "wsgi")]
+  pub mod wsgi_error_stream;
+  #[cfg(feature = "wsgi")]
+  pub mod wsgi_input_stream;
+  #[cfg(any(feature = "wsgi", feature = "wsgid"))]
+  pub mod wsgi_load_application;
+  #[cfg(feature = "wsgi")]
+  pub mod wsgi_structs;
+  #[cfg(feature = "wsgid")]
+  pub mod wsgid_body_reader;
+  #[cfg(feature = "wsgid")]
+  pub mod wsgid_error_stream;
+  #[cfg(feature = "wsgid")]
+  pub mod wsgid_input_stream;
+  #[cfg(feature = "wsgid")]
+  pub mod wsgid_message_structs;
+  #[cfg(feature = "wsgid")]
+  pub mod wsgid_structs;
+}
+
+// Import project modules from "modules" directory
+#[path = "modules"]
+mod ferron_modules {
+  pub mod blocklist;
+  pub mod default_handler_checks;
+  pub mod non_standard_codes;
+  pub mod redirect_trailing_slashes;
+  pub mod redirects;
+  pub mod static_file_serving;
+  pub mod url_rewrite;
+  pub mod x_forwarded_for;
+}
+
+// Import optional project modules from "modules" directory
+#[path = "optional_modules"]
+mod ferron_optional_modules {
+  #[cfg(feature = "asgi")]
+  pub mod asgi;
+  #[cfg(feature = "cache")]
+  pub mod cache;
+  #[cfg(feature = "cgi")]
+  pub mod cgi;
+  #[cfg(feature = "example")]
+  pub mod example;
+  #[cfg(feature = "fauth")]
+  pub mod fauth;
+  #[cfg(feature = "fcgi")]
+  pub mod fcgi;
+  #[cfg(feature = "fproxy")]
+  pub mod fproxy;
+  #[cfg(feature = "rproxy")]
+  pub mod rproxy;
+  #[cfg(feature = "scgi")]
+  pub mod scgi;
+  #[cfg(feature = "wsgi")]
+  pub mod wsgi;
+  #[cfg(feature = "wsgid")]
+  pub mod wsgid;
+}
+
+// Standard library imports
+use std::sync::Arc;
+use std::{error::Error, path::PathBuf};
+
+// External crate imports
+use clap::Parser;
+use ferron_server::start_server;
+use ferron_util::load_config::load_config;
+use mimalloc::MiMalloc;
+
+// Set the global allocator to use mimalloc for performance optimization
+#[global_allocator]
+static GLOBAL: MiMalloc = MiMalloc;
+
+// Struct for command-line arguments
+/// A fast, memory-safe web server written in Rust
+#[derive(Parser, Debug)]
+#[command(name = "Ferron")]
+#[command(version, about, long_about = None)]
+struct Args {
+  /// The path to the server configuration file
+  #[arg(short, long, default_value_t = String::from("./ferron.yaml"))]
+  config: String,
+}
+
+// Function to execute before starting the server
+#[allow(clippy::type_complexity)]
+fn before_starting_server(
+  args: &Args,
+  first_start: bool,
+) -> Result<bool, Box<dyn Error + Send + Sync>> {
+  // Load the configuration
+  let yaml_config = load_config(PathBuf::from(args.config.clone()))?;
+
+  let mut module_error = None;
+  let mut module_libs = Vec::new();
+
+  // Load external modules defined in the configuration file
+  if let Some(modules) = yaml_config["global"]["loadModules"].as_vec() {
+    for module_name_yaml in modules.iter() {
+      if let Some(module_name) = module_name_yaml.as_str() {
+        module_libs.push(String::from(module_name));
+      }
+    }
+  }
+
+  let mut external_modules = Vec::new();
+  #[allow(unused_mut)]
+  let mut modules_optional_builtin = Vec::new();
+  // Iterate over loaded module libraries and initialize them
+  for module_name in module_libs.iter() {
+    match module_name as &str {
+      #[cfg(feature = "rproxy")]
+      "rproxy" => {
+        external_modules.push(
+          match ferron_optional_modules::rproxy::server_module_init(&yaml_config) {
+            Ok(module) => module,
+            Err(err) => {
+              module_error = Some(anyhow::anyhow!(
+                "Cannot initialize optional built-in module \"{}\": {}",
+                module_name,
+                err
+              ));
+              break;
+            }
+          },
+        );
+
+        modules_optional_builtin.push(module_name.clone());
+      }
+      #[cfg(feature = "fproxy")]
+      "fproxy" => {
+        external_modules.push(
+          match ferron_optional_modules::fproxy::server_module_init(&yaml_config) {
+            Ok(module) => module,
+            Err(err) => {
+              module_error = Some(anyhow::anyhow!(
+                "Cannot initialize optional built-in module \"{}\": {}",
+                module_name,
+                err
+              ));
+              break;
+            }
+          },
+        );
+
+        modules_optional_builtin.push(module_name.clone());
+      }
+      #[cfg(feature = "cache")]
+      "cache" => {
+        external_modules.push(
+          match ferron_optional_modules::cache::server_module_init(&yaml_config) {
+            Ok(module) => module,
+            Err(err) => {
+              module_error = Some(anyhow::anyhow!(
+                "Cannot initialize optional built-in module \"{}\": {}",
+                module_name,
+                err
+              ));
+              break;
+            }
+          },
+        );
+
+        modules_optional_builtin.push(module_name.clone());
+      }
+      #[cfg(feature = "cgi")]
+      "cgi" => {
+        external_modules.push(
+          match ferron_optional_modules::cgi::server_module_init(&yaml_config) {
+            Ok(module) => module,
+            Err(err) => {
+              module_error = Some(anyhow::anyhow!(
+                "Cannot initialize optional built-in module \"{}\": {}",
+                module_name,
+                err
+              ));
+              break;
+            }
+          },
+        );
+
+        modules_optional_builtin.push(module_name.clone());
+      }
+      #[cfg(feature = "scgi")]
+      "scgi" => {
+        external_modules.push(
+          match ferron_optional_modules::scgi::server_module_init(&yaml_config) {
+            Ok(module) => module,
+            Err(err) => {
+              module_error = Some(anyhow::anyhow!(
+                "Cannot initialize optional built-in module \"{}\": {}",
+                module_name,
+                err
+              ));
+              break;
+            }
+          },
+        );
+
+        modules_optional_builtin.push(module_name.clone());
+      }
+      #[cfg(feature = "fcgi")]
+      "fcgi" => {
+        external_modules.push(
+          match ferron_optional_modules::fcgi::server_module_init(&yaml_config) {
+            Ok(module) => module,
+            Err(err) => {
+              module_error = Some(anyhow::anyhow!(
+                "Cannot initialize optional built-in module \"{}\": {}",
+                module_name,
+                err
+              ));
+              break;
+            }
+          },
+        );
+
+        modules_optional_builtin.push(module_name.clone());
+      }
+      #[cfg(feature = "fauth")]
+      "fauth" => {
+        external_modules.push(
+          match ferron_optional_modules::fauth::server_module_init(&yaml_config) {
+            Ok(module) => module,
+            Err(err) => {
+              module_error = Some(anyhow::anyhow!(
+                "Cannot initialize optional built-in module \"{}\": {}",
+                module_name,
+                err
+              ));
+              break;
+            }
+          },
+        );
+
+        modules_optional_builtin.push(module_name.clone());
+      }
+      #[cfg(feature = "example")]
+      "example" => {
+        external_modules.push(
+          match ferron_optional_modules::example::server_module_init(&yaml_config) {
+            Ok(module) => module,
+            Err(err) => {
+              module_error = Some(anyhow::anyhow!(
+                "Cannot initialize optional built-in module \"{}\": {}",
+                module_name,
+                err
+              ));
+              break;
+            }
+          },
+        );
+
+        modules_optional_builtin.push(module_name.clone());
+      }
+      #[cfg(feature = "wsgi")]
+      "wsgi" => {
+        external_modules.push(
+          match ferron_optional_modules::wsgi::server_module_init(&yaml_config) {
+            Ok(module) => module,
+            Err(err) => {
+              module_error = Some(anyhow::anyhow!(
+                "Cannot initialize optional built-in module \"{}\": {}",
+                module_name,
+                err
+              ));
+              break;
+            }
+          },
+        );
+
+        modules_optional_builtin.push(module_name.clone());
+      }
+      #[cfg(feature = "wsgid")]
+      "wsgid" => {
+        external_modules.push(
+          match ferron_optional_modules::wsgid::server_module_init(&yaml_config) {
+            Ok(module) => module,
+            Err(err) => {
+              module_error = Some(anyhow::anyhow!(
+                "Cannot initialize optional built-in module \"{}\": {}",
+                module_name,
+                err
+              ));
+              break;
+            }
+          },
+        );
+
+        modules_optional_builtin.push(module_name.clone());
+      }
+      #[cfg(feature = "asgi")]
+      "asgi" => {
+        external_modules.push(
+          match ferron_optional_modules::asgi::server_module_init(&yaml_config) {
+            Ok(module) => module,
+            Err(err) => {
+              module_error = Some(anyhow::anyhow!(
+                "Cannot initialize optional built-in module \"{}\": {}",
+                module_name,
+                err
+              ));
+              break;
+            }
+          },
+        );
+
+        modules_optional_builtin.push(module_name.clone());
+      }
+      _ => {
+        module_error = Some(anyhow::anyhow!(
+          "The optional built-in module \"{}\" doesn't exist",
+          module_name
+        ));
+        break;
+      }
+    }
+  }
+
+  // Add modules (both built-in and loaded)
+  let mut modules = Vec::new();
+  match ferron_modules::x_forwarded_for::server_module_init() {
+    Ok(module) => modules.push(module),
+    Err(err) => {
+      if module_error.is_none() {
+        module_error = Some(anyhow::anyhow!("Cannot load a built-in module: {}", err));
+      }
+    }
+  };
+  match ferron_modules::redirects::server_module_init() {
+    Ok(module) => modules.push(module),
+    Err(err) => {
+      if module_error.is_none() {
+        module_error = Some(anyhow::anyhow!("Cannot load a built-in module: {}", err));
+      }
+    }
+  };
+  match ferron_modules::blocklist::server_module_init(&yaml_config) {
+    Ok(module) => modules.push(module),
+    Err(err) => {
+      if module_error.is_none() {
+        module_error = Some(anyhow::anyhow!("Cannot load a built-in module: {}", err));
+      }
+    }
+  };
+  match ferron_modules::url_rewrite::server_module_init(&yaml_config) {
+    Ok(module) => modules.push(module),
+    Err(err) => {
+      if module_error.is_none() {
+        module_error = Some(anyhow::anyhow!("Cannot load a built-in module: {}", err));
+      }
+    }
+  };
+  match ferron_modules::non_standard_codes::server_module_init(&yaml_config) {
+    Ok(module) => modules.push(module),
+    Err(err) => {
+      if module_error.is_none() {
+        module_error = Some(anyhow::anyhow!("Cannot load a built-in module: {}", err));
+      }
+    }
+  };
+  match ferron_modules::redirect_trailing_slashes::server_module_init() {
+    Ok(module) => modules.push(module),
+    Err(err) => {
+      if module_error.is_none() {
+        module_error = Some(anyhow::anyhow!("Cannot load a built-in module: {}", err));
+      }
+    }
+  };
+  modules.append(&mut external_modules);
+  match ferron_modules::default_handler_checks::server_module_init() {
+    Ok(module) => modules.push(module),
+    Err(err) => {
+      if module_error.is_none() {
+        module_error = Some(anyhow::anyhow!("Cannot load a built-in module: {}", err));
+      }
+    }
+  };
+  match ferron_modules::static_file_serving::server_module_init() {
+    Ok(module) => modules.push(module),
+    Err(err) => {
+      if module_error.is_none() {
+        module_error = Some(anyhow::anyhow!("Cannot load a built-in module: {}", err));
+      }
+    }
+  };
+
+  // Start the server with configuration and loaded modules
+  start_server(
+    Arc::new(yaml_config),
+    modules,
+    module_error,
+    modules_optional_builtin,
+    first_start,
+  )
+}
+
+// Entry point of the application
+fn main() {
+  let args = &Args::parse(); // Parse command-line arguments
+  let mut first_start = true;
+  loop {
+    match before_starting_server(args, first_start) {
+      Ok(false) => break,
+      Ok(true) => {
+        first_start = false;
+        println!("Reloading the server configuration...");
+      }
+      Err(err) => {
+        eprintln!("FATAL ERROR: {}", err);
+        std::process::exit(1);
+      }
+    }
+  }
+}

ferron/src/modules/blocklist.rs

@@ -0,0 +1,135 @@
+use std::error::Error;
+use std::sync::Arc;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperResponse, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperUpgraded, WithRuntime};
+use async_trait::async_trait;
+use hyper::StatusCode;
+use hyper_tungstenite::HyperWebsocket;
+use tokio::runtime::Handle;
+
+use crate::ferron_util::ip_blocklist::IpBlockList;
+
+struct BlockListModule {
+  blocklist: Arc<IpBlockList>,
+}
+
+pub fn server_module_init(
+  config: &ServerConfig,
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  let blocklist_vec = match config["global"]["blocklist"].as_vec() {
+    Some(blocklist_vec) => blocklist_vec,
+    None => &Vec::new(),
+  };
+
+  let mut blocklist_str_vec = Vec::new();
+  for blocked_yaml in blocklist_vec.iter() {
+    if let Some(blocked) = blocked_yaml.as_str() {
+      blocklist_str_vec.push(blocked);
+    }
+  }
+
+  let mut blocklist = IpBlockList::new();
+  blocklist.load_from_vec(blocklist_str_vec);
+
+  Ok(Box::new(BlockListModule::new(Arc::new(blocklist))))
+}
+
+impl BlockListModule {
+  fn new(blocklist: Arc<IpBlockList>) -> Self {
+    Self { blocklist }
+  }
+}
+
+impl ServerModule for BlockListModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(BlockListModuleHandlers {
+      blocklist: self.blocklist.clone(),
+      handle,
+    })
+  }
+}
+struct BlockListModuleHandlers {
+  blocklist: Arc<IpBlockList>,
+  handle: Handle,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for BlockListModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      if self.blocklist.is_blocked(socket_data.remote_addr.ip()) {
+        return Ok(
+          ResponseData::builder(request)
+            .status(StatusCode::FORBIDDEN)
+            .build(),
+        );
+      }
+      Ok(ResponseData::builder(request).build())
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}

ferron/src/modules/default_handler_checks.rs

@@ -0,0 +1,134 @@
+use std::error::Error;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperResponse, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperUpgraded, WithRuntime};
+use async_trait::async_trait;
+use http_body_util::{BodyExt, Empty};
+use hyper::header::HeaderValue;
+use hyper::{header, HeaderMap, Method, Response, StatusCode};
+use hyper_tungstenite::HyperWebsocket;
+use tokio::runtime::Handle;
+
+struct DefaultHandlerChecksModule;
+
+pub fn server_module_init(
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  Ok(Box::new(DefaultHandlerChecksModule::new()))
+}
+
+impl DefaultHandlerChecksModule {
+  fn new() -> Self {
+    Self
+  }
+}
+
+impl ServerModule for DefaultHandlerChecksModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(DefaultHandlerChecksModuleHandlers { handle })
+  }
+}
+struct DefaultHandlerChecksModuleHandlers {
+  handle: Handle,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for DefaultHandlerChecksModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      match request.get_hyper_request().method() {
+        &Method::OPTIONS => Ok(
+          ResponseData::builder(request)
+            .response(
+              Response::builder()
+                .status(StatusCode::NO_CONTENT)
+                .header(header::ALLOW, "GET, POST, HEAD, OPTIONS")
+                .body(Empty::new().map_err(|e| match e {}).boxed())
+                .unwrap_or_default(),
+            )
+            .build(),
+        ),
+        &Method::GET | &Method::POST | &Method::HEAD => Ok(ResponseData::builder(request).build()),
+        _ => {
+          let mut header_map = HeaderMap::new();
+          if let Ok(header_value) = HeaderValue::from_str("GET, POST, HEAD, OPTIONS") {
+            header_map.insert(header::ALLOW, header_value);
+          };
+          Ok(
+            ResponseData::builder(request)
+              .status(StatusCode::METHOD_NOT_ALLOWED)
+              .headers(header_map)
+              .build(),
+          )
+        }
+      }
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(
+      ResponseData::builder(request)
+        .status(StatusCode::NOT_IMPLEMENTED)
+        .build(),
+    )
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}

ferron/src/modules/non_standard_codes.rs

@@ -0,0 +1,537 @@
+use std::error::Error;
+use std::sync::Arc;
+use std::time::Duration;
+
+use crate::ferron_util::ip_blocklist::IpBlockList;
+use crate::ferron_util::ip_match::ip_match;
+use crate::ferron_util::match_hostname::match_hostname;
+use crate::ferron_util::match_location::match_location;
+use crate::ferron_util::non_standard_code_structs::{
+  NonStandardCode, NonStandardCodesLocationWrap, NonStandardCodesWrap,
+};
+use crate::ferron_util::ttl_cache::TtlCache;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperResponse, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperUpgraded, WithRuntime};
+use async_trait::async_trait;
+use base64::{engine::general_purpose, Engine};
+use fancy_regex::RegexBuilder;
+use http_body_util::{BodyExt, Empty};
+use hyper::header::HeaderValue;
+use hyper::{header, HeaderMap, Response, StatusCode};
+use hyper_tungstenite::HyperWebsocket;
+use password_auth::verify_password;
+use tokio::runtime::Handle;
+use tokio::sync::RwLock;
+use yaml_rust2::Yaml;
+
+fn non_standard_codes_config_init(
+  non_standard_codes_list: &[Yaml],
+) -> Result<Vec<NonStandardCode>, anyhow::Error> {
+  let non_standard_codes_list_iter = non_standard_codes_list.iter();
+  let mut non_standard_codes_list_vec = Vec::new();
+  for non_standard_codes_list_entry in non_standard_codes_list_iter {
+    let status_code: u16 = match non_standard_codes_list_entry["scode"].as_i64() {
+      Some(scode) => scode.try_into()?,
+      None => {
+        return Err(anyhow::anyhow!(
+          "Non-standard codes must include a status code"
+        ));
+      }
+    };
+    let regex = match non_standard_codes_list_entry["regex"].as_str() {
+      Some(regex_str) => match RegexBuilder::new(regex_str)
+        .case_insensitive(cfg!(windows))
+        .build()
+      {
+        Ok(regex) => Some(regex),
+        Err(err) => {
+          return Err(anyhow::anyhow!(
+            "Invalid non-standard code regular expression: {}",
+            err.to_string()
+          ));
+        }
+      },
+      None => None,
+    };
+    let url = non_standard_codes_list_entry["url"]
+      .as_str()
+      .map(|s| s.to_string());
+
+    if regex.is_none() && url.is_none() {
+      return Err(anyhow::anyhow!(
+        "Non-standard codes must either include URL or a matching regular expression"
+      ));
+    }
+
+    let location = non_standard_codes_list_entry["location"]
+      .as_str()
+      .map(|s| s.to_string());
+    let realm = non_standard_codes_list_entry["realm"]
+      .as_str()
+      .map(|s| s.to_string());
+    let disable_brute_force_protection = non_standard_codes_list_entry["disableBruteProtection"]
+      .as_bool()
+      .unwrap_or(false);
+    let user_list = match non_standard_codes_list_entry["userList"].as_vec() {
+      Some(userlist) => {
+        let mut new_userlist = Vec::new();
+        for user_yaml in userlist.iter() {
+          if let Some(user) = user_yaml.as_str() {
+            new_userlist.push(user.to_string());
+          }
+        }
+        Some(new_userlist)
+      }
+      None => None,
+    };
+    let users = match non_standard_codes_list_entry["users"].as_vec() {
+      Some(users_vec) => {
+        let mut users_str_vec = Vec::new();
+        for user_yaml in users_vec.iter() {
+          if let Some(user) = user_yaml.as_str() {
+            users_str_vec.push(user);
+          }
+        }
+
+        let mut users_init = IpBlockList::new();
+        users_init.load_from_vec(users_str_vec);
+        Some(users_init)
+      }
+      None => None,
+    };
+    non_standard_codes_list_vec.push(NonStandardCode::new(
+      status_code,
+      url,
+      regex,
+      location,
+      realm,
+      disable_brute_force_protection,
+      user_list,
+      users,
+    ));
+  }
+
+  Ok(non_standard_codes_list_vec)
+}
+
+pub fn server_module_init(
+  config: &ServerConfig,
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  let mut global_non_standard_codes_list = Vec::new();
+  let mut host_non_standard_codes_lists = Vec::new();
+  if let Some(non_standard_codes_list_yaml) = config["global"]["nonStandardCodes"].as_vec() {
+    global_non_standard_codes_list = non_standard_codes_config_init(non_standard_codes_list_yaml)?;
+  }
+
+  if let Some(hosts) = config["hosts"].as_vec() {
+    for host_yaml in hosts.iter() {
+      let domain = host_yaml["domain"].as_str().map(String::from);
+      let ip = host_yaml["ip"].as_str().map(String::from);
+      let mut locations = Vec::new();
+      if let Some(locations_yaml) = host_yaml["locations"].as_vec() {
+        for location_yaml in locations_yaml.iter() {
+          if let Some(path_str) = location_yaml["path"].as_str() {
+            let path = String::from(path_str);
+            if let Some(non_standard_codes_list_yaml) = location_yaml["nonStandardCodes"].as_vec() {
+              locations.push(NonStandardCodesLocationWrap::new(
+                path,
+                non_standard_codes_config_init(non_standard_codes_list_yaml)?,
+              ));
+            }
+          }
+        }
+      }
+      if let Some(non_standard_codes_list_yaml) = host_yaml["nonStandardCodes"].as_vec() {
+        host_non_standard_codes_lists.push(NonStandardCodesWrap::new(
+          domain,
+          ip,
+          non_standard_codes_config_init(non_standard_codes_list_yaml)?,
+          locations,
+        ));
+      } else if !locations.is_empty() {
+        host_non_standard_codes_lists.push(NonStandardCodesWrap::new(
+          domain,
+          ip,
+          Vec::new(),
+          locations,
+        ));
+      }
+    }
+  }
+
+  Ok(Box::new(NonStandardCodesModule::new(
+    Arc::new(global_non_standard_codes_list),
+    Arc::new(host_non_standard_codes_lists),
+    Arc::new(RwLock::new(TtlCache::new(Duration::new(300, 0)))),
+  )))
+}
+
+struct NonStandardCodesModule {
+  global_non_standard_codes_list: Arc<Vec<NonStandardCode>>,
+  host_non_standard_codes_lists: Arc<Vec<NonStandardCodesWrap>>,
+  brute_force_db: Arc<RwLock<TtlCache<String, u8>>>,
+}
+
+impl NonStandardCodesModule {
+  fn new(
+    global_non_standard_codes_list: Arc<Vec<NonStandardCode>>,
+    host_non_standard_codes_lists: Arc<Vec<NonStandardCodesWrap>>,
+    brute_force_db: Arc<RwLock<TtlCache<String, u8>>>,
+  ) -> Self {
+    Self {
+      global_non_standard_codes_list,
+      host_non_standard_codes_lists,
+      brute_force_db,
+    }
+  }
+}
+
+impl ServerModule for NonStandardCodesModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(NonStandardCodesModuleHandlers {
+      global_non_standard_codes_list: self.global_non_standard_codes_list.clone(),
+      host_non_standard_codes_lists: self.host_non_standard_codes_lists.clone(),
+      brute_force_db: self.brute_force_db.clone(),
+      handle,
+    })
+  }
+}
+
+fn parse_basic_auth(auth_str: &str) -> Option<(String, String)> {
+  if let Some(base64_credentials) = auth_str.strip_prefix("Basic ") {
+    if let Ok(decoded) = general_purpose::STANDARD.decode(base64_credentials) {
+      if let Ok(decoded_str) = std::str::from_utf8(&decoded) {
+        let parts: Vec<&str> = decoded_str.splitn(2, ':').collect();
+        if parts.len() == 2 {
+          return Some((parts[0].to_string(), parts[1].to_string()));
+        }
+      }
+    }
+  }
+  None
+}
+
+struct NonStandardCodesModuleHandlers {
+  global_non_standard_codes_list: Arc<Vec<NonStandardCode>>,
+  host_non_standard_codes_lists: Arc<Vec<NonStandardCodesWrap>>,
+  brute_force_db: Arc<RwLock<TtlCache<String, u8>>>,
+  handle: Handle,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for NonStandardCodesModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      let hyper_request = request.get_hyper_request();
+      let global_non_standard_codes_list = self.global_non_standard_codes_list.iter();
+      let empty_vector = Vec::new();
+      let another_empty_vector = Vec::new();
+      let mut host_non_standard_codes_list = empty_vector.iter();
+      let mut location_non_standard_codes_list = another_empty_vector.iter();
+
+      // Should have used a HashMap instead of iterating over an array for better performance...
+      for host_non_standard_codes_list_wrap in self.host_non_standard_codes_lists.iter() {
+        if match_hostname(
+          match &host_non_standard_codes_list_wrap.domain {
+            Some(value) => Some(value as &str),
+            None => None,
+          },
+          match hyper_request.headers().get(header::HOST) {
+            Some(value) => value.to_str().ok(),
+            None => None,
+          },
+        ) && match &host_non_standard_codes_list_wrap.ip {
+          Some(value) => ip_match(value as &str, socket_data.remote_addr.ip()),
+          None => true,
+        } {
+          host_non_standard_codes_list =
+            host_non_standard_codes_list_wrap.non_standard_codes.iter();
+          if let Ok(path_decoded) = urlencoding::decode(
+            request
+              .get_original_url()
+              .unwrap_or(request.get_hyper_request().uri())
+              .path(),
+          ) {
+            for location_wrap in host_non_standard_codes_list_wrap.locations.iter() {
+              if match_location(&location_wrap.path, &path_decoded) {
+                location_non_standard_codes_list = location_wrap.non_standard_codes.iter();
+                break;
+              }
+            }
+          }
+          break;
+        }
+      }
+
+      let combined_non_standard_codes_list = global_non_standard_codes_list
+        .chain(host_non_standard_codes_list)
+        .chain(location_non_standard_codes_list);
+
+      let request_url = format!(
+        "{}{}",
+        hyper_request.uri().path(),
+        match hyper_request.uri().query() {
+          Some(query) => format!("?{}", query),
+          None => String::from(""),
+        }
+      );
+
+      let mut auth_user = None;
+
+      for non_standard_code in combined_non_standard_codes_list {
+        let mut redirect_url = None;
+        let mut url_matched = false;
+
+        if let Some(users) = &non_standard_code.users {
+          if !users.is_blocked(socket_data.remote_addr.ip()) {
+            // Don't process this non-standard code
+            continue;
+          }
+        }
+
+        if let Some(regex) = &non_standard_code.regex {
+          let regex_match_option = regex.find(&request_url)?;
+          if let Some(regex_match) = regex_match_option {
+            url_matched = true;
+            if non_standard_code.status_code == 301
+              || non_standard_code.status_code == 302
+              || non_standard_code.status_code == 307
+              || non_standard_code.status_code == 308
+            {
+              let matched_text = regex_match.as_str();
+              if let Some(location) = &non_standard_code.location {
+                redirect_url = Some(regex.replace(matched_text, location).to_string());
+              }
+            }
+          }
+        }
+
+        if !url_matched {
+          if let Some(url) = &non_standard_code.url {
+            if url == hyper_request.uri().path() {
+              url_matched = true;
+              if non_standard_code.status_code == 301
+                || non_standard_code.status_code == 302
+                || non_standard_code.status_code == 307
+                || non_standard_code.status_code == 308
+              {
+                if let Some(location) = &non_standard_code.location {
+                  redirect_url = Some(format!(
+                    "{}{}",
+                    location,
+                    match hyper_request.uri().query() {
+                      Some(query) => format!("?{}", query),
+                      None => String::from(""),
+                    }
+                  ));
+                }
+              }
+            }
+          }
+        }
+
+        if url_matched {
+          match non_standard_code.status_code {
+            301 | 302 | 307 | 308 => {
+              return Ok(
+                ResponseData::builder(request)
+                  .response(
+                    Response::builder()
+                      .status(StatusCode::from_u16(non_standard_code.status_code)?)
+                      .header(header::LOCATION, redirect_url.unwrap_or(request_url))
+                      .body(Empty::new().map_err(|e| match e {}).boxed())?,
+                  )
+                  .build(),
+              );
+            }
+            401 => {
+              let brute_force_db_key = socket_data.remote_addr.ip().to_string();
+              if !non_standard_code.disable_brute_force_protection {
+                let rwlock_read = self.brute_force_db.read().await;
+                let current_attempts = rwlock_read.get(&brute_force_db_key).unwrap_or(0);
+                if current_attempts >= 10 {
+                  error_logger
+                    .log(&format!(
+                      "Too many failed authorization attempts for client \"{}\"",
+                      socket_data.remote_addr.ip()
+                    ))
+                    .await;
+
+                  return Ok(
+                    ResponseData::builder(request)
+                      .status(StatusCode::TOO_MANY_REQUESTS)
+                      .build(),
+                  );
+                }
+              }
+              let mut header_map = HeaderMap::new();
+              header_map.insert(
+                header::WWW_AUTHENTICATE,
+                HeaderValue::from_str(&format!(
+                  "Basic realm=\"{}\", charset=\"UTF-8\"",
+                  non_standard_code
+                    .realm
+                    .clone()
+                    .unwrap_or("Ferron HTTP Basic Authorization".to_string())
+                    .replace("\\", "\\\\")
+                    .replace("\"", "\\\"")
+                ))?,
+              );
+
+              if let Some(authorization_header_value) =
+                hyper_request.headers().get(header::AUTHORIZATION)
+              {
+                let authorization_str = match authorization_header_value.to_str() {
+                  Ok(str) => str,
+                  Err(_) => {
+                    return Ok(
+                      ResponseData::builder(request)
+                        .status(StatusCode::BAD_REQUEST)
+                        .build(),
+                    );
+                  }
+                };
+
+                if let Some((username, password)) = parse_basic_auth(authorization_str) {
+                  if let Some(users_vec_yaml) = config["users"].as_vec() {
+                    let mut authorized_user = None;
+                    for user_yaml in users_vec_yaml {
+                      if let Some(username_db) = user_yaml["name"].as_str() {
+                        if username_db != username {
+                          continue;
+                        }
+                        if let Some(user_list) = &non_standard_code.user_list {
+                          if !user_list.contains(&username) {
+                            continue;
+                          }
+                        }
+                        if let Some(password_hash_db) = user_yaml["pass"].as_str() {
+                          let password_cloned = password.clone();
+                          let password_hash_db_cloned = password_hash_db.to_string();
+                          // Offload verifying the hash into a separate blocking thread.
+                          let password_valid = tokio::task::spawn_blocking(move || {
+                            verify_password(password_cloned, &password_hash_db_cloned).is_ok()
+                          })
+                          .await?;
+                          if password_valid {
+                            authorized_user = Some(&username);
+                            break;
+                          }
+                        }
+                      }
+                    }
+                    if let Some(authorized_user) = authorized_user {
+                      auth_user = Some(authorized_user.to_owned());
+                      continue;
+                    }
+                  }
+
+                  if !non_standard_code.disable_brute_force_protection {
+                    let mut rwlock_write = self.brute_force_db.write().await;
+                    rwlock_write.cleanup();
+                    let current_attempts = rwlock_write.get(&brute_force_db_key).unwrap_or(0);
+                    rwlock_write.insert(brute_force_db_key, current_attempts + 1);
+                  }
+
+                  error_logger
+                    .log(&format!(
+                      "Authorization failed for user \"{}\" and client \"{}\"",
+                      username,
+                      socket_data.remote_addr.ip()
+                    ))
+                    .await;
+                }
+              }
+
+              return Ok(
+                ResponseData::builder(request)
+                  .status(StatusCode::UNAUTHORIZED)
+                  .headers(header_map)
+                  .build(),
+              );
+            }
+            _ => {
+              return Ok(
+                ResponseData::builder(request)
+                  .status(StatusCode::from_u16(non_standard_code.status_code)?)
+                  .build(),
+              )
+            }
+          }
+        }
+      }
+
+      if auth_user.is_some() {
+        let (hyper_request, _, original_url) = request.into_parts();
+        Ok(ResponseData::builder(RequestData::new(hyper_request, auth_user, original_url)).build())
+      } else {
+        Ok(ResponseData::builder(request).build())
+      }
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}

ferron/src/modules/redirect_trailing_slashes.rs

@@ -0,0 +1,235 @@
+use std::error::Error;
+use std::path::Path;
+use std::sync::Arc;
+use std::time::Duration;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperResponse, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperUpgraded, WithRuntime};
+use async_trait::async_trait;
+use http_body_util::{BodyExt, Empty};
+use hyper::{header, Response, StatusCode};
+use hyper_tungstenite::HyperWebsocket;
+use tokio::fs;
+use tokio::runtime::Handle;
+use tokio::sync::RwLock;
+
+use crate::ferron_util::ttl_cache::TtlCache;
+
+pub fn server_module_init(
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  let cache = Arc::new(RwLock::new(TtlCache::new(Duration::from_millis(100))));
+  Ok(Box::new(RedirectTrailingSlashesModule::new(cache)))
+}
+
+struct RedirectTrailingSlashesModule {
+  cache: Arc<RwLock<TtlCache<String, bool>>>,
+}
+
+impl RedirectTrailingSlashesModule {
+  fn new(cache: Arc<RwLock<TtlCache<String, bool>>>) -> Self {
+    Self { cache }
+  }
+}
+
+impl ServerModule for RedirectTrailingSlashesModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(RedirectTrailingSlashesModuleHandlers {
+      cache: self.cache.clone(),
+      handle,
+    })
+  }
+}
+
+struct RedirectTrailingSlashesModuleHandlers {
+  cache: Arc<RwLock<TtlCache<String, bool>>>,
+  handle: Handle,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for RedirectTrailingSlashesModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      if config["disableTrailingSlashRedirects"].as_bool() != Some(true) {
+        if let Some(wwwroot) = config["wwwroot"].as_str() {
+          let hyper_request = request.get_hyper_request();
+
+          let request_path = hyper_request.uri().path();
+          let request_query = hyper_request.uri().query();
+          let mut request_path_bytes = request_path.bytes();
+          if request_path_bytes.len() < 1 || request_path_bytes.nth(0) != Some(b'/') {
+            return Ok(
+              ResponseData::builder(request)
+                .status(StatusCode::BAD_REQUEST)
+                .build(),
+            );
+          }
+
+          match request_path_bytes.last() {
+            Some(b'/') | None => {
+              return Ok(ResponseData::builder(request).build());
+            }
+            _ => {
+              let cache_key = format!(
+                "{}{}{}",
+                match config["ip"].as_str() {
+                  Some(ip) => format!("{}-", ip),
+                  None => String::from(""),
+                },
+                match config["domain"].as_str() {
+                  Some(domain) => format!("{}-", domain),
+                  None => String::from(""),
+                },
+                request_path
+              );
+
+              let read_rwlock = self.cache.read().await;
+              if let Some(is_directory) = read_rwlock.get(&cache_key) {
+                drop(read_rwlock);
+                if is_directory {
+                  let new_request_uri = format!(
+                    "{}/{}",
+                    request_path,
+                    match request_query {
+                      Some(query) => format!("?{}", query),
+                      None => String::from(""),
+                    }
+                  );
+                  return Ok(
+                    ResponseData::builder(request)
+                      .response(
+                        Response::builder()
+                          .status(StatusCode::MOVED_PERMANENTLY)
+                          .header(header::LOCATION, new_request_uri)
+                          .body(Empty::new().map_err(|e| match e {}).boxed())?,
+                      )
+                      .build(),
+                  );
+                }
+              } else {
+                drop(read_rwlock);
+
+                let path = Path::new(wwwroot);
+                let mut relative_path = &request_path[1..];
+                while relative_path.as_bytes().first().copied() == Some(b'/') {
+                  relative_path = &relative_path[1..];
+                }
+
+                let decoded_relative_path = match urlencoding::decode(relative_path) {
+                  Ok(path) => path.to_string(),
+                  Err(_) => {
+                    return Ok(
+                      ResponseData::builder(request)
+                        .status(StatusCode::BAD_REQUEST)
+                        .build(),
+                    );
+                  }
+                };
+
+                let joined_pathbuf = path.join(decoded_relative_path);
+
+                match fs::metadata(joined_pathbuf).await {
+                  Ok(metadata) => {
+                    let is_directory = metadata.is_dir();
+                    let mut write_rwlock = self.cache.write().await;
+                    write_rwlock.cleanup();
+                    write_rwlock.insert(cache_key, is_directory);
+                    if is_directory {
+                      let new_request_uri = format!(
+                        "{}/{}",
+                        request_path,
+                        match request_query {
+                          Some(query) => format!("?{}", query),
+                          None => String::from(""),
+                        }
+                      );
+                      return Ok(
+                        ResponseData::builder(request)
+                          .response(
+                            Response::builder()
+                              .status(StatusCode::MOVED_PERMANENTLY)
+                              .header(header::LOCATION, new_request_uri)
+                              .body(Empty::new().map_err(|e| match e {}).boxed())?,
+                          )
+                          .build(),
+                      );
+                    }
+                  }
+                  Err(_) => {
+                    let mut write_rwlock = self.cache.write().await;
+                    write_rwlock.cleanup();
+                    write_rwlock.insert(cache_key, false);
+                  }
+                }
+              }
+            }
+          };
+        }
+      }
+      Ok(ResponseData::builder(request).build())
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}

ferron/src/modules/redirects.rs

@@ -0,0 +1,245 @@
+use std::error::Error;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperResponse, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperUpgraded, WithRuntime};
+use async_trait::async_trait;
+use http_body_util::{BodyExt, Empty};
+use hyper::{header, Response, StatusCode, Uri};
+use hyper_tungstenite::HyperWebsocket;
+use tokio::runtime::Handle;
+
+struct RedirectsModule;
+
+pub fn server_module_init(
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  Ok(Box::new(RedirectsModule::new()))
+}
+
+impl RedirectsModule {
+  fn new() -> Self {
+    Self
+  }
+}
+
+impl ServerModule for RedirectsModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(RedirectsModuleHandlers { handle })
+  }
+}
+struct RedirectsModuleHandlers {
+  handle: Handle,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for RedirectsModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      let hyper_request = request.get_hyper_request();
+
+      if config["secure"].as_bool() == Some(true)
+        && !socket_data.encrypted
+        && config["disableNonEncryptedServer"].as_bool() != Some(true)
+        && config["disableToHTTPSRedirect"].as_bool() != Some(true)
+      {
+        let host_header_option = hyper_request.headers().get(header::HOST);
+        let host_header = match host_header_option {
+          Some(header_data) => header_data.to_str()?,
+          None => {
+            return Ok(
+              ResponseData::builder(request)
+                .status(StatusCode::BAD_REQUEST)
+                .build(),
+            )
+          }
+        };
+
+        let path_and_query_option = hyper_request.uri().path_and_query();
+        let path_and_query = match path_and_query_option {
+          Some(path_and_query) => path_and_query.to_string(),
+          None => {
+            return Ok(
+              ResponseData::builder(request)
+                .status(StatusCode::BAD_REQUEST)
+                .build(),
+            )
+          }
+        };
+
+        let mut parts: Vec<&str> = host_header.split(':').collect();
+
+        if parts.len() > 1
+          && !(parts[0].starts_with('[')
+            && parts
+              .last()
+              .map(|part| part.ends_with(']'))
+              .unwrap_or(false))
+        {
+          parts.pop();
+        }
+
+        let host_name = parts.join(":");
+
+        let new_uri = Uri::builder()
+          .scheme("https")
+          .authority(match config["sport"].as_i64() {
+            None | Some(443) => host_name,
+            Some(port) => format!("{}:{}", host_name, port),
+          })
+          .path_and_query(path_and_query)
+          .build()?;
+
+        return Ok(
+          ResponseData::builder(request)
+            .response(
+              Response::builder()
+                .status(StatusCode::MOVED_PERMANENTLY)
+                .header(header::LOCATION, new_uri.to_string())
+                .body(Empty::new().map_err(|e| match e {}).boxed())?,
+            )
+            .build(),
+        );
+      }
+
+      let domain_yaml = &config["domain"];
+      let domain = domain_yaml.as_str();
+
+      if let Some(domain) = domain {
+        if config["wwwredirect"].as_bool() == Some(true) {
+          // Even more code rewritten from SVR.JS...
+          if let Some(host_header_value) = hyper_request.headers().get(header::HOST) {
+            let host_header = host_header_value.to_str()?;
+
+            let path_and_query_option = hyper_request.uri().path_and_query();
+            let path_and_query = match path_and_query_option {
+              Some(path_and_query) => path_and_query.to_string(),
+              None => {
+                return Ok(
+                  ResponseData::builder(request)
+                    .status(StatusCode::BAD_REQUEST)
+                    .build(),
+                )
+              }
+            };
+
+            let mut parts: Vec<&str> = host_header.split(':').collect();
+            let mut host_port: Option<&str> = None;
+
+            if parts.len() > 1
+              && !(parts[0].starts_with('[')
+                && parts
+                  .last()
+                  .map(|part| part.ends_with(']'))
+                  .unwrap_or(false))
+            {
+              host_port = parts.pop();
+            }
+
+            let host_name = parts.join(":");
+
+            if host_name == domain && !host_name.starts_with("www.") {
+              let new_uri = Uri::builder()
+                .scheme(match socket_data.encrypted {
+                  true => "https",
+                  false => "http",
+                })
+                .authority(match host_port {
+                  Some(port) => format!("www.{}:{}", host_name, port),
+                  None => host_name,
+                })
+                .path_and_query(path_and_query)
+                .build()?;
+
+              return Ok(
+                ResponseData::builder(request)
+                  .response(
+                    Response::builder()
+                      .status(StatusCode::MOVED_PERMANENTLY)
+                      .header(header::LOCATION, new_uri.to_string())
+                      .body(Empty::new().map_err(|e| match e {}).boxed())?,
+                  )
+                  .build(),
+              );
+            }
+          }
+        }
+      }
+
+      Ok(ResponseData::builder(request).build())
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    if config["secure"].as_bool() == Some(true)
+      && !socket_data.encrypted
+      && config["disableNonEncryptedServer"].as_bool() != Some(true)
+      && config["disableToHTTPSRedirect"].as_bool() != Some(true)
+    {
+      return Ok(
+        ResponseData::builder(request)
+          .status(StatusCode::NOT_IMPLEMENTED)
+          .build(),
+      );
+    }
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}

ferron/src/modules/static_file_serving.rs

@@ -0,0 +1,928 @@
+use std::error::Error;
+use std::fmt::Write;
+use std::io::SeekFrom;
+use std::path::{Path, PathBuf};
+use std::str::FromStr;
+use std::sync::Arc;
+use std::time::Duration;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperResponse, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperUpgraded, WithRuntime};
+use async_compression::tokio::bufread::{BrotliEncoder, DeflateEncoder, GzipEncoder, ZstdEncoder};
+use async_compression::zstd::CParameter;
+use async_compression::Level;
+use async_trait::async_trait;
+use chrono::offset::Local;
+use chrono::DateTime;
+use futures_util::TryStreamExt;
+use hashlink::LruCache;
+use http::HeaderValue;
+use http_body_util::{BodyExt, Empty, Full, StreamBody};
+use hyper::body::Bytes;
+use hyper::{body::Frame, Response, StatusCode};
+use hyper::{header, HeaderMap, Method};
+use hyper_tungstenite::HyperWebsocket;
+use sha2::{Digest, Sha256};
+use tokio::fs;
+use tokio::io::{AsyncReadExt, AsyncSeekExt, BufReader};
+use tokio::runtime::Handle;
+use tokio::sync::RwLock;
+use tokio_util::io::ReaderStream;
+
+use crate::ferron_util::generate_directory_listing::generate_directory_listing;
+use crate::ferron_util::ttl_cache::TtlCache;
+
+pub fn server_module_init(
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  let pathbuf_cache = Arc::new(RwLock::new(TtlCache::new(Duration::from_millis(100))));
+  let etag_cache = Arc::new(RwLock::new(LruCache::new(1000)));
+  Ok(Box::new(StaticFileServingModule::new(
+    pathbuf_cache,
+    etag_cache,
+  )))
+}
+
+struct StaticFileServingModule {
+  pathbuf_cache: Arc<RwLock<TtlCache<String, PathBuf>>>,
+  etag_cache: Arc<RwLock<LruCache<String, String>>>,
+}
+
+impl StaticFileServingModule {
+  fn new(
+    pathbuf_cache: Arc<RwLock<TtlCache<String, PathBuf>>>,
+    etag_cache: Arc<RwLock<LruCache<String, String>>>,
+  ) -> Self {
+    Self {
+      pathbuf_cache,
+      etag_cache,
+    }
+  }
+}
+
+impl ServerModule for StaticFileServingModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(StaticFileServingModuleHandlers {
+      pathbuf_cache: self.pathbuf_cache.clone(),
+      etag_cache: self.etag_cache.clone(),
+      handle,
+    })
+  }
+}
+struct StaticFileServingModuleHandlers {
+  pathbuf_cache: Arc<RwLock<TtlCache<String, PathBuf>>>,
+  etag_cache: Arc<RwLock<LruCache<String, String>>>,
+  handle: Handle,
+}
+
+fn parse_range_header(range_str: &str, default_end: u64) -> Option<(u64, u64)> {
+  if let Some(range_part) = range_str.strip_prefix("bytes=") {
+    let parts: Vec<&str> = range_part.split('-').collect();
+    if parts.len() == 2 {
+      if parts[0].is_empty() {
+        if let Ok(end) = u64::from_str(parts[1]) {
+          return Some((default_end - end + 1, default_end));
+        }
+      } else if parts[1].is_empty() {
+        if let Ok(start) = u64::from_str(parts[0]) {
+          return Some((start, default_end));
+        }
+      } else if !parts[0].is_empty() && !parts[1].is_empty() {
+        if let (Ok(start), Ok(end)) = (u64::from_str(parts[0]), u64::from_str(parts[1])) {
+          return Some((start, end));
+        }
+      }
+    }
+  }
+  None
+}
+
+fn extract_etag_inner(input: &str) -> Option<String> {
+  // Remove the surrounding double quotes
+  let trimmed = input.trim_matches('"');
+
+  // Split the string at the hyphen and take the first part
+  let parts: Vec<&str> = trimmed.split('-').collect();
+  if parts.is_empty() {
+    None
+  } else {
+    Some(parts[0].to_string())
+  }
+}
+
+#[async_trait]
+impl ServerModuleHandlers for StaticFileServingModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      if let Some(wwwroot) = config["wwwroot"].as_str() {
+        let hyper_request = request.get_hyper_request();
+        let request_path = hyper_request.uri().path();
+        let mut request_path_bytes = request_path.bytes();
+        if request_path_bytes.len() < 1 || request_path_bytes.nth(0) != Some(b'/') {
+          return Ok(
+            ResponseData::builder(request)
+              .status(StatusCode::BAD_REQUEST)
+              .build(),
+          );
+        }
+
+        let original_request_path = request
+          .get_original_url()
+          .map_or(request_path, |u| u.path());
+
+        let cache_key = format!(
+          "{}{}{}",
+          match config["ip"].as_str() {
+            Some(ip) => format!("{}-", ip),
+            None => String::from(""),
+          },
+          match config["domain"].as_str() {
+            Some(domain) => format!("{}-", domain),
+            None => String::from(""),
+          },
+          request_path
+        );
+
+        let rwlock_read = self.pathbuf_cache.read().await;
+        let joined_pathbuf_option = rwlock_read.get(&cache_key);
+        drop(rwlock_read);
+
+        let joined_pathbuf_cached = joined_pathbuf_option.is_some();
+        let mut joined_pathbuf = match joined_pathbuf_option {
+          Some(joined_pathbuf) => joined_pathbuf,
+          None => {
+            let path = Path::new(wwwroot);
+            let mut relative_path = &request_path[1..];
+            while relative_path.as_bytes().first().copied() == Some(b'/') {
+              relative_path = &relative_path[1..];
+            }
+
+            let decoded_relative_path = match urlencoding::decode(relative_path) {
+              Ok(path) => path.to_string(),
+              Err(_) => {
+                return Ok(
+                  ResponseData::builder(request)
+                    .status(StatusCode::BAD_REQUEST)
+                    .build(),
+                );
+              }
+            };
+
+            path.join(decoded_relative_path)
+          }
+        };
+
+        match fs::metadata(&joined_pathbuf).await {
+          Ok(mut metadata) => {
+            if !joined_pathbuf_cached {
+              if metadata.is_dir() {
+                let indexes = vec!["index.html", "index.htm", "index.xhtml"];
+                for index in indexes {
+                  let temp_joined_pathbuf = joined_pathbuf.join(index);
+                  match fs::metadata(&temp_joined_pathbuf).await {
+                    Ok(temp_metadata) => {
+                      if temp_metadata.is_file() {
+                        metadata = temp_metadata;
+                        joined_pathbuf = temp_joined_pathbuf;
+                        break;
+                      }
+                    }
+                    Err(err) => match err.kind() {
+                      tokio::io::ErrorKind::NotFound | tokio::io::ErrorKind::NotADirectory => {
+                        continue;
+                      }
+                      tokio::io::ErrorKind::PermissionDenied => {
+                        return Ok(
+                          ResponseData::builder(request)
+                            .status(StatusCode::FORBIDDEN)
+                            .build(),
+                        );
+                      }
+                      _ => Err(err)?,
+                    },
+                  };
+                }
+              }
+              let mut rwlock_write = self.pathbuf_cache.write().await;
+              rwlock_write.cleanup();
+              rwlock_write.insert(cache_key, joined_pathbuf.clone());
+              drop(rwlock_write);
+            }
+
+            if metadata.is_file() {
+              // Check if compression is possible at all
+              let mut compression_possible = false;
+
+              if config["enableCompression"].as_bool() != Some(false) {
+                // A hard-coded list of non-compressible file extension
+                let non_compressible_file_extensions = vec![
+                  "7z",
+                  "air",
+                  "amlx",
+                  "apk",
+                  "apng",
+                  "appinstaller",
+                  "appx",
+                  "appxbundle",
+                  "arj",
+                  "au",
+                  "avif",
+                  "bdoc",
+                  "boz",
+                  "br",
+                  "bz",
+                  "bz2",
+                  "caf",
+                  "class",
+                  "doc",
+                  "docx",
+                  "dot",
+                  "dvi",
+                  "ear",
+                  "epub",
+                  "flv",
+                  "gdoc",
+                  "gif",
+                  "gsheet",
+                  "gslides",
+                  "gz",
+                  "iges",
+                  "igs",
+                  "jar",
+                  "jnlp",
+                  "jp2",
+                  "jpe",
+                  "jpeg",
+                  "jpf",
+                  "jpg",
+                  "jpg2",
+                  "jpgm",
+                  "jpm",
+                  "jpx",
+                  "kmz",
+                  "latex",
+                  "m1v",
+                  "m2a",
+                  "m2v",
+                  "m3a",
+                  "m4a",
+                  "mesh",
+                  "mk3d",
+                  "mks",
+                  "mkv",
+                  "mov",
+                  "mp2",
+                  "mp2a",
+                  "mp3",
+                  "mp4",
+                  "mp4a",
+                  "mp4v",
+                  "mpe",
+                  "mpeg",
+                  "mpg",
+                  "mpg4",
+                  "mpga",
+                  "msg",
+                  "msh",
+                  "msix",
+                  "msixbundle",
+                  "odg",
+                  "odp",
+                  "ods",
+                  "odt",
+                  "oga",
+                  "ogg",
+                  "ogv",
+                  "ogx",
+                  "opus",
+                  "p12",
+                  "pdf",
+                  "pfx",
+                  "pgp",
+                  "pkpass",
+                  "png",
+                  "pot",
+                  "pps",
+                  "ppt",
+                  "pptx",
+                  "qt",
+                  "ser",
+                  "silo",
+                  "sit",
+                  "snd",
+                  "spx",
+                  "stpxz",
+                  "stpz",
+                  "swf",
+                  "tif",
+                  "tiff",
+                  "ubj",
+                  "usdz",
+                  "vbox-extpack",
+                  "vrml",
+                  "war",
+                  "wav",
+                  "weba",
+                  "webm",
+                  "wmv",
+                  "wrl",
+                  "x3dbz",
+                  "x3dvz",
+                  "xla",
+                  "xlc",
+                  "xlm",
+                  "xls",
+                  "xlsx",
+                  "xlt",
+                  "xlw",
+                  "xpi",
+                  "xps",
+                  "zip",
+                  "zst",
+                ];
+                let file_extension = joined_pathbuf
+                  .extension()
+                  .map_or_else(|| "".to_string(), |ext| ext.to_string_lossy().to_string());
+                let file_extension_compressible =
+                  !non_compressible_file_extensions.contains(&(&file_extension as &str));
+
+                if metadata.len() > 256 && file_extension_compressible {
+                  compression_possible = true;
+                }
+              }
+
+              let vary;
+
+              // Handle ETags
+              let mut etag_option = None;
+              if config["enableETag"].as_bool() != Some(false) {
+                let etag_cache_key = format!(
+                  "{}-{}-{}",
+                  joined_pathbuf.to_string_lossy(),
+                  metadata.len(),
+                  match metadata.modified() {
+                    Ok(mtime) => {
+                      let datetime: DateTime<Local> = mtime.into();
+                      datetime.format("%Y-%m-%d %H:%M:%S").to_string()
+                    }
+                    Err(_) => String::from(""),
+                  }
+                );
+                let rwlock_read = self.etag_cache.read().await;
+                // Had to use "peek", since "get" would mutate the LRU cache
+                let etag_locked_option = rwlock_read.peek(&etag_cache_key).cloned();
+                drop(rwlock_read);
+                let etag = match etag_locked_option {
+                  Some(etag) => etag,
+                  None => {
+                    let etag_cache_key_clone = etag_cache_key.clone();
+                    let etag = tokio::task::spawn_blocking(move || {
+                      let mut hasher = Sha256::new();
+                      hasher.update(etag_cache_key_clone);
+                      hasher
+                        .finalize()
+                        .iter()
+                        .fold(String::new(), |mut output, b| {
+                          let _ = write!(output, "{b:02x}");
+                          output
+                        })
+                    })
+                    .await?;
+
+                    let mut rwlock_write = self.etag_cache.write().await;
+                    rwlock_write.insert(etag_cache_key, etag.clone());
+                    drop(rwlock_write);
+
+                    etag
+                  }
+                };
+
+                vary = if compression_possible {
+                  "Accept-Encoding, If-Match, If-None-Match, Range"
+                } else {
+                  "If-Match, If-None-Match, Range"
+                };
+
+                if let Some(if_none_match_value) =
+                  hyper_request.headers().get(header::IF_NONE_MATCH)
+                {
+                  match if_none_match_value.to_str() {
+                    Ok(if_none_match) => {
+                      if let Some(etag_extracted) = extract_etag_inner(if_none_match) {
+                        if etag_extracted == etag {
+                          let etag_original = if_none_match.to_string();
+                          return Ok(
+                            ResponseData::builder(request)
+                              .response(
+                                Response::builder()
+                                  .status(StatusCode::NOT_MODIFIED)
+                                  .header(header::ETAG, etag_original)
+                                  .header(header::VARY, vary)
+                                  .body(Empty::new().map_err(|e| match e {}).boxed())?,
+                              )
+                              .build(),
+                          );
+                        }
+                      }
+                    }
+                    Err(_) => {
+                      let mut header_map = HeaderMap::new();
+                      if let Ok(vary) = HeaderValue::from_str(vary) {
+                        header_map.insert(header::VARY, vary);
+                      }
+                      return Ok(
+                        ResponseData::builder(request)
+                          .status(StatusCode::BAD_REQUEST)
+                          .headers(header_map)
+                          .build(),
+                      );
+                    }
+                  }
+                }
+
+                if let Some(if_match_value) = hyper_request.headers().get(header::IF_MATCH) {
+                  match if_match_value.to_str() {
+                    Ok(if_match) => {
+                      if if_match != "*" {
+                        if let Some(etag_extracted) = extract_etag_inner(if_match) {
+                          if etag_extracted != etag {
+                            let mut header_map = HeaderMap::new();
+                            header_map.insert(header::ETAG, if_match_value.clone());
+                            if let Ok(vary) = HeaderValue::from_str(vary) {
+                              header_map.insert(header::VARY, vary);
+                            }
+                            return Ok(
+                              ResponseData::builder(request)
+                                .status(StatusCode::PRECONDITION_FAILED)
+                                .headers(header_map)
+                                .build(),
+                            );
+                          }
+                        }
+                      }
+                    }
+                    Err(_) => {
+                      let mut header_map = HeaderMap::new();
+                      if let Ok(vary) = HeaderValue::from_str(vary) {
+                        header_map.insert(header::VARY, vary);
+                      }
+                      return Ok(
+                        ResponseData::builder(request)
+                          .status(StatusCode::BAD_REQUEST)
+                          .headers(header_map)
+                          .build(),
+                      );
+                    }
+                  }
+                }
+                etag_option = Some(etag);
+              } else {
+                vary = if compression_possible {
+                  "Accept-Encoding, Range"
+                } else {
+                  "Range"
+                };
+              }
+
+              let content_type_option = new_mime_guess::from_path(&joined_pathbuf)
+                .first()
+                .map(|mime_type| mime_type.to_string());
+
+              let range_header = match hyper_request.headers().get(header::RANGE) {
+                Some(value) => match value.to_str() {
+                  Ok(value) => Some(value),
+                  Err(_) => {
+                    let mut header_map = HeaderMap::new();
+                    if let Ok(vary) = HeaderValue::from_str(vary) {
+                      header_map.insert(header::VARY, vary);
+                    }
+                    return Ok(
+                      ResponseData::builder(request)
+                        .status(StatusCode::BAD_REQUEST)
+                        .headers(header_map)
+                        .build(),
+                    );
+                  }
+                },
+                None => None,
+              };
+
+              if let Some(range_header) = range_header {
+                let file_length = metadata.len();
+                if file_length == 0 {
+                  let mut header_map = HeaderMap::new();
+                  if let Ok(vary) = HeaderValue::from_str(vary) {
+                    header_map.insert(header::VARY, vary);
+                  }
+                  return Ok(
+                    ResponseData::builder(request)
+                      .status(StatusCode::RANGE_NOT_SATISFIABLE)
+                      .headers(header_map)
+                      .build(),
+                  );
+                }
+                if let Some((range_begin, range_end)) =
+                  parse_range_header(range_header, file_length - 1)
+                {
+                  if range_end > file_length - 1
+                    || range_begin > file_length - 1
+                    || range_begin > range_end
+                  {
+                    let mut header_map = HeaderMap::new();
+                    if let Ok(vary) = HeaderValue::from_str(vary) {
+                      header_map.insert(header::VARY, vary);
+                    }
+                    return Ok(
+                      ResponseData::builder(request)
+                        .status(StatusCode::RANGE_NOT_SATISFIABLE)
+                        .headers(header_map)
+                        .build(),
+                    );
+                  }
+
+                  let request_method = hyper_request.method();
+                  let content_length = range_end - range_begin + 1;
+
+                  // Build response
+                  let mut response_builder = Response::builder()
+                    .status(StatusCode::PARTIAL_CONTENT)
+                    .header(header::CONTENT_LENGTH, content_length)
+                    .header(
+                      header::CONTENT_RANGE,
+                      format!("bytes {}-{}/{}", range_begin, range_end, file_length),
+                    );
+
+                  if let Some(etag) = etag_option {
+                    response_builder = response_builder.header(header::ETAG, etag);
+                  }
+
+                  if let Some(content_type) = content_type_option {
+                    response_builder = response_builder.header(header::CONTENT_TYPE, content_type);
+                  }
+
+                  response_builder = response_builder.header(header::VARY, vary);
+
+                  let response = match request_method {
+                    &Method::HEAD => {
+                      response_builder.body(Empty::new().map_err(|e| match e {}).boxed())?
+                    }
+                    _ => {
+                      // Open file for reading
+                      let mut file = match fs::File::open(joined_pathbuf).await {
+                        Ok(file) => file,
+                        Err(err) => match err.kind() {
+                          tokio::io::ErrorKind::NotFound | tokio::io::ErrorKind::NotADirectory => {
+                            return Ok(
+                              ResponseData::builder(request)
+                                .status(StatusCode::NOT_FOUND)
+                                .build(),
+                            );
+                          }
+                          tokio::io::ErrorKind::PermissionDenied => {
+                            return Ok(
+                              ResponseData::builder(request)
+                                .status(StatusCode::FORBIDDEN)
+                                .build(),
+                            );
+                          }
+                          _ => Err(err)?,
+                        },
+                      };
+
+                      // Seek and limit the file reader
+                      file.seek(SeekFrom::Start(range_begin)).await?;
+                      let file_limited = file.take(content_length);
+
+                      // Use BufReader for better performance.
+                      let file_bufreader = BufReader::with_capacity(12800, file_limited);
+
+                      // Construct a boxed body
+                      let reader_stream = ReaderStream::new(file_bufreader);
+                      let stream_body = StreamBody::new(reader_stream.map_ok(Frame::data));
+                      let boxed_body = stream_body.boxed();
+
+                      response_builder.body(boxed_body)?
+                    }
+                  };
+
+                  return Ok(ResponseData::builder(request).response(response).build());
+                } else {
+                  let mut header_map = HeaderMap::new();
+                  if let Ok(vary) = HeaderValue::from_str(vary) {
+                    header_map.insert(header::VARY, vary);
+                  }
+
+                  return Ok(
+                    ResponseData::builder(request)
+                      .status(StatusCode::RANGE_NOT_SATISFIABLE)
+                      .headers(header_map)
+                      .build(),
+                  );
+                }
+              } else {
+                let mut use_gzip = false;
+                let mut use_deflate = false;
+                let mut use_brotli = false;
+                let mut use_zstd = false;
+
+                if compression_possible {
+                  let user_agent = match hyper_request.headers().get(header::USER_AGENT) {
+                    Some(user_agent_value) => user_agent_value.to_str().unwrap_or_default(),
+                    None => "",
+                  };
+
+                  // Some web browsers have broken HTTP compression handling
+                  let is_netscape_4_broken_html_compression = user_agent.starts_with("Mozilla/4.");
+                  let is_netscape_4_broken_compression = match user_agent.strip_prefix("Mozilla/4.")
+                  {
+                    Some(stripped_user_agent) => matches!(
+                      stripped_user_agent.chars().nth(0),
+                      Some('6') | Some('7') | Some('8')
+                    ),
+                    None => false,
+                  };
+                  let is_w3m_broken_html_compression = user_agent.starts_with("w3m/");
+                  if !(content_type_option == Some("text/html".to_string())
+                    && (is_netscape_4_broken_html_compression || is_w3m_broken_html_compression))
+                    && !is_netscape_4_broken_compression
+                  {
+                    let accept_encoding = match hyper_request.headers().get(header::ACCEPT_ENCODING)
+                    {
+                      Some(header_value) => header_value.to_str().unwrap_or_default(),
+                      None => "",
+                    };
+
+                    // Checking the Accept-Encoding header naively...
+                    if accept_encoding.contains("br") {
+                      use_brotli = true;
+                    } else if accept_encoding.contains("zstd") {
+                      use_zstd = true;
+                    } else if accept_encoding.contains("deflate") {
+                      use_deflate = true;
+                    } else if accept_encoding.contains("gzip") {
+                      use_gzip = true;
+                    }
+                  }
+                }
+
+                let request_method = hyper_request.method();
+                let content_length = metadata.len();
+
+                // Build response
+                let mut response_builder = Response::builder()
+                  .status(StatusCode::OK)
+                  .header(header::ACCEPT_RANGES, "bytes");
+
+                if let Some(etag) = etag_option {
+                  if use_brotli {
+                    response_builder =
+                      response_builder.header(header::ETAG, format!("\"{}-br\"", etag));
+                  } else if use_zstd {
+                    response_builder =
+                      response_builder.header(header::ETAG, format!("\"{}-zstd\"", etag));
+                  } else if use_deflate {
+                    response_builder =
+                      response_builder.header(header::ETAG, format!("\"{}-deflate\"", etag));
+                  } else if use_gzip {
+                    response_builder =
+                      response_builder.header(header::ETAG, format!("\"{}-gzip\"", etag));
+                  } else {
+                    response_builder =
+                      response_builder.header(header::ETAG, format!("\"{}\"", etag));
+                  }
+                }
+
+                response_builder = response_builder.header(header::VARY, vary);
+
+                if let Some(content_type) = content_type_option {
+                  response_builder = response_builder.header(header::CONTENT_TYPE, content_type);
+                }
+
+                if use_brotli {
+                  response_builder = response_builder.header(header::CONTENT_ENCODING, "br");
+                } else if use_zstd {
+                  response_builder = response_builder.header(header::CONTENT_ENCODING, "zstd");
+                } else if use_deflate {
+                  response_builder = response_builder.header(header::CONTENT_ENCODING, "deflate");
+                } else if use_gzip {
+                  response_builder = response_builder.header(header::CONTENT_ENCODING, "gzip");
+                } else {
+                  // Content-Length header + HTTP compression = broken HTTP responses!
+                  response_builder =
+                    response_builder.header(header::CONTENT_LENGTH, content_length);
+                }
+
+                let response = match request_method {
+                  &Method::HEAD => {
+                    response_builder.body(Empty::new().map_err(|e| match e {}).boxed())?
+                  }
+                  _ => {
+                    // Open file for reading
+                    let file = match fs::File::open(joined_pathbuf).await {
+                      Ok(file) => file,
+                      Err(err) => match err.kind() {
+                        tokio::io::ErrorKind::NotFound | tokio::io::ErrorKind::NotADirectory => {
+                          return Ok(
+                            ResponseData::builder(request)
+                              .status(StatusCode::NOT_FOUND)
+                              .build(),
+                          );
+                        }
+                        tokio::io::ErrorKind::PermissionDenied => {
+                          return Ok(
+                            ResponseData::builder(request)
+                              .status(StatusCode::FORBIDDEN)
+                              .build(),
+                          );
+                        }
+                        _ => Err(err)?,
+                      },
+                    };
+
+                    // Use BufReader for better performance.
+                    let file_bufreader = BufReader::with_capacity(12800, file);
+
+                    // Construct a boxed body
+                    let boxed_body = if use_brotli {
+                      // Brotli compression quality of 4
+                      let reader_stream = ReaderStream::new(BrotliEncoder::with_quality(
+                        file_bufreader,
+                        Level::Precise(4),
+                      ));
+                      let stream_body = StreamBody::new(reader_stream.map_ok(Frame::data));
+                      stream_body.boxed()
+                    } else if use_zstd {
+                      // Limit the Zstandard window size to 128K (2^17 bytes) to support many HTTP clients
+                      let reader_stream = ReaderStream::new(ZstdEncoder::with_quality_and_params(
+                        file_bufreader,
+                        Level::Default,
+                        &[CParameter::window_log(17)],
+                      ));
+                      let stream_body = StreamBody::new(reader_stream.map_ok(Frame::data));
+                      stream_body.boxed()
+                    } else if use_deflate {
+                      let reader_stream = ReaderStream::new(DeflateEncoder::new(file_bufreader));
+                      let stream_body = StreamBody::new(reader_stream.map_ok(Frame::data));
+                      stream_body.boxed()
+                    } else if use_gzip {
+                      let reader_stream = ReaderStream::new(GzipEncoder::new(file_bufreader));
+                      let stream_body = StreamBody::new(reader_stream.map_ok(Frame::data));
+                      stream_body.boxed()
+                    } else {
+                      let reader_stream = ReaderStream::new(file_bufreader);
+                      let stream_body = StreamBody::new(reader_stream.map_ok(Frame::data));
+                      stream_body.boxed()
+                    };
+
+                    response_builder.body(boxed_body)?
+                  }
+                };
+
+                return Ok(ResponseData::builder(request).response(response).build());
+              }
+            } else if metadata.is_dir() {
+              if config["enableDirectoryListing"].as_bool() == Some(true) {
+                let joined_maindesc_pathbuf = joined_pathbuf.join(".maindesc");
+                let directory = match fs::read_dir(joined_pathbuf).await {
+                  Ok(directory) => directory,
+                  Err(err) => match err.kind() {
+                    tokio::io::ErrorKind::NotFound => {
+                      return Ok(
+                        ResponseData::builder(request)
+                          .status(StatusCode::NOT_FOUND)
+                          .build(),
+                      );
+                    }
+                    tokio::io::ErrorKind::PermissionDenied => {
+                      return Ok(
+                        ResponseData::builder(request)
+                          .status(StatusCode::FORBIDDEN)
+                          .build(),
+                      );
+                    }
+                    _ => Err(err)?,
+                  },
+                };
+
+                let description = (fs::read_to_string(joined_maindesc_pathbuf).await).ok();
+
+                let directory_listing_html =
+                  generate_directory_listing(directory, original_request_path, description).await?;
+                let content_length: Option<u64> = directory_listing_html.len().try_into().ok();
+
+                let mut response_builder = Response::builder().status(StatusCode::OK);
+
+                if let Some(content_length) = content_length {
+                  response_builder = response_builder.header(header::CONTENT_LENGTH, content_length)
+                }
+                response_builder = response_builder.header(header::CONTENT_TYPE, "text/html");
+
+                let response = response_builder.body(
+                  Full::new(Bytes::from(directory_listing_html))
+                    .map_err(|e| match e {})
+                    .boxed(),
+                )?;
+
+                return Ok(ResponseData::builder(request).response(response).build());
+              } else {
+                return Ok(
+                  ResponseData::builder(request)
+                    .status(StatusCode::FORBIDDEN)
+                    .build(),
+                );
+              }
+            } else {
+              return Ok(
+                ResponseData::builder(request)
+                  .status(StatusCode::NOT_IMPLEMENTED)
+                  .build(),
+              );
+            }
+          }
+          Err(err) => match err.kind() {
+            tokio::io::ErrorKind::NotFound | tokio::io::ErrorKind::NotADirectory => {
+              return Ok(
+                ResponseData::builder(request)
+                  .status(StatusCode::NOT_FOUND)
+                  .build(),
+              );
+            }
+            tokio::io::ErrorKind::PermissionDenied => {
+              return Ok(
+                ResponseData::builder(request)
+                  .status(StatusCode::FORBIDDEN)
+                  .build(),
+              );
+            }
+            _ => Err(err)?,
+          },
+        }
+      }
+
+      Ok(ResponseData::builder(request).build())
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}

ferron/src/modules/url_rewrite.rs

@@ -0,0 +1,350 @@
+use std::error::Error;
+use std::path::Path;
+use std::sync::Arc;
+
+use crate::ferron_util::ip_match::ip_match;
+use crate::ferron_util::match_hostname::match_hostname;
+use crate::ferron_util::match_location::match_location;
+use crate::ferron_util::url_rewrite_structs::{
+  UrlRewriteMapEntry, UrlRewriteMapLocationWrap, UrlRewriteMapWrap,
+};
+
+use crate::ferron_common::{
+  ErrorLogger, HyperResponse, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperUpgraded, WithRuntime};
+use async_trait::async_trait;
+use fancy_regex::RegexBuilder;
+use hyper::{header, Request, StatusCode};
+use hyper_tungstenite::HyperWebsocket;
+use tokio::fs;
+use tokio::runtime::Handle;
+use yaml_rust2::Yaml;
+
+fn url_rewrite_config_init(rewrite_map: &[Yaml]) -> Result<Vec<UrlRewriteMapEntry>, anyhow::Error> {
+  let rewrite_map_iter = rewrite_map.iter();
+  let mut rewrite_map_vec = Vec::new();
+  for rewrite_map_entry in rewrite_map_iter {
+    let regex_str = match rewrite_map_entry["regex"].as_str() {
+      Some(regex_str) => regex_str,
+      None => return Err(anyhow::anyhow!("Invalid URL rewrite regular expression")),
+    };
+    let regex = match RegexBuilder::new(regex_str)
+      .case_insensitive(cfg!(windows))
+      .build()
+    {
+      Ok(regex) => regex,
+      Err(err) => {
+        return Err(anyhow::anyhow!(
+          "Invalid URL rewrite regular expression: {}",
+          err.to_string()
+        ))
+      }
+    };
+    let replacement = match rewrite_map_entry["replacement"].as_str() {
+      Some(replacement) => String::from(replacement),
+      None => return Err(anyhow::anyhow!("URL rewrite rules must have replacements")),
+    };
+    let is_not_file = rewrite_map_entry["isNotFile"].as_bool().unwrap_or(false);
+    let is_not_directory = rewrite_map_entry["isNotDirectory"]
+      .as_bool()
+      .unwrap_or(false);
+    let last = rewrite_map_entry["last"].as_bool().unwrap_or_default();
+    let allow_double_slashes = rewrite_map_entry["allowDoubleSlashes"]
+      .as_bool()
+      .unwrap_or(false);
+    rewrite_map_vec.push(UrlRewriteMapEntry::new(
+      regex,
+      replacement,
+      is_not_directory,
+      is_not_file,
+      last,
+      allow_double_slashes,
+    ));
+  }
+
+  Ok(rewrite_map_vec)
+}
+
+pub fn server_module_init(
+  config: &ServerConfig,
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  let mut global_url_rewrite_map = Vec::new();
+  let mut host_url_rewrite_maps = Vec::new();
+  if let Some(rewrite_map_yaml) = config["global"]["rewriteMap"].as_vec() {
+    global_url_rewrite_map = url_rewrite_config_init(rewrite_map_yaml)?;
+  }
+
+  if let Some(hosts) = config["hosts"].as_vec() {
+    for host_yaml in hosts.iter() {
+      let domain = host_yaml["domain"].as_str().map(String::from);
+      let ip = host_yaml["ip"].as_str().map(String::from);
+      let mut locations = Vec::new();
+      if let Some(locations_yaml) = host_yaml["locations"].as_vec() {
+        for location_yaml in locations_yaml.iter() {
+          if let Some(path_str) = location_yaml["path"].as_str() {
+            let path = String::from(path_str);
+            if let Some(rewrite_map_yaml) = location_yaml["rewriteMap"].as_vec() {
+              locations.push(UrlRewriteMapLocationWrap::new(
+                path,
+                url_rewrite_config_init(rewrite_map_yaml)?,
+              ));
+            }
+          }
+        }
+      }
+      if let Some(rewrite_map_yaml) = host_yaml["rewriteMap"].as_vec() {
+        host_url_rewrite_maps.push(UrlRewriteMapWrap::new(
+          domain,
+          ip,
+          url_rewrite_config_init(rewrite_map_yaml)?,
+          locations,
+        ));
+      } else if !locations.is_empty() {
+        host_url_rewrite_maps.push(UrlRewriteMapWrap::new(domain, ip, Vec::new(), locations));
+      }
+    }
+  }
+
+  Ok(Box::new(UrlRewriteModule::new(
+    Arc::new(global_url_rewrite_map),
+    Arc::new(host_url_rewrite_maps),
+  )))
+}
+
+struct UrlRewriteModule {
+  global_url_rewrite_map: Arc<Vec<UrlRewriteMapEntry>>,
+  host_url_rewrite_maps: Arc<Vec<UrlRewriteMapWrap>>,
+}
+
+impl UrlRewriteModule {
+  fn new(
+    global_url_rewrite_map: Arc<Vec<UrlRewriteMapEntry>>,
+    host_url_rewrite_maps: Arc<Vec<UrlRewriteMapWrap>>,
+  ) -> Self {
+    Self {
+      global_url_rewrite_map,
+      host_url_rewrite_maps,
+    }
+  }
+}
+
+impl ServerModule for UrlRewriteModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(UrlRewriteModuleHandlers {
+      global_url_rewrite_map: self.global_url_rewrite_map.clone(),
+      host_url_rewrite_maps: self.host_url_rewrite_maps.clone(),
+      handle,
+    })
+  }
+}
+struct UrlRewriteModuleHandlers {
+  global_url_rewrite_map: Arc<Vec<UrlRewriteMapEntry>>,
+  host_url_rewrite_maps: Arc<Vec<UrlRewriteMapWrap>>,
+  handle: Handle,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for UrlRewriteModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      let hyper_request = request.get_hyper_request();
+      let global_url_rewrite_map = self.global_url_rewrite_map.iter();
+      let empty_vector = Vec::new();
+      let another_empty_vector = Vec::new();
+      let mut host_url_rewrite_map = empty_vector.iter();
+      let mut location_url_rewrite_map = another_empty_vector.iter();
+
+      // Should have used a HashMap instead of iterating over an array for better performance...
+      for host_url_rewrite_map_wrap in self.host_url_rewrite_maps.iter() {
+        if match_hostname(
+          match &host_url_rewrite_map_wrap.domain {
+            Some(value) => Some(value as &str),
+            None => None,
+          },
+          match hyper_request.headers().get(header::HOST) {
+            Some(value) => value.to_str().ok(),
+            None => None,
+          },
+        ) && match &host_url_rewrite_map_wrap.ip {
+          Some(value) => ip_match(value as &str, socket_data.remote_addr.ip()),
+          None => true,
+        } {
+          host_url_rewrite_map = host_url_rewrite_map_wrap.rewrite_map.iter();
+          if let Ok(path_decoded) = urlencoding::decode(
+            request
+              .get_original_url()
+              .unwrap_or(request.get_hyper_request().uri())
+              .path(),
+          ) {
+            for location_wrap in host_url_rewrite_map_wrap.locations.iter() {
+              if match_location(&location_wrap.path, &path_decoded) {
+                location_url_rewrite_map = location_wrap.rewrite_map.iter();
+                break;
+              }
+            }
+          }
+          break;
+        }
+      }
+
+      let combined_url_rewrite_map = global_url_rewrite_map
+        .chain(host_url_rewrite_map)
+        .chain(location_url_rewrite_map);
+
+      let original_url = format!(
+        "{}{}",
+        hyper_request.uri().path(),
+        match hyper_request.uri().query() {
+          Some(query) => format!("?{}", query),
+          None => String::from(""),
+        }
+      );
+      let mut rewritten_url = original_url.clone();
+
+      let mut rewritten_url_bytes = rewritten_url.bytes();
+      if rewritten_url_bytes.len() < 1 || rewritten_url_bytes.nth(0) != Some(b'/') {
+        return Ok(
+          ResponseData::builder(request)
+            .status(StatusCode::BAD_REQUEST)
+            .build(),
+        );
+      }
+
+      for url_rewrite_map_entry in combined_url_rewrite_map {
+        // Check if it's a file or a directory according to the rewrite map configuration
+        if url_rewrite_map_entry.is_not_directory || url_rewrite_map_entry.is_not_file {
+          if let Some(wwwroot) = config["wwwroot"].as_str() {
+            let path = Path::new(wwwroot);
+            let mut relative_path = &rewritten_url[1..];
+            while relative_path.as_bytes().first().copied() == Some(b'/') {
+              relative_path = &relative_path[1..];
+            }
+            let relative_path_split: Vec<&str> = relative_path.split("?").collect();
+            if !relative_path_split.is_empty() {
+              relative_path = relative_path_split[0];
+            }
+            let joined_pathbuf = path.join(relative_path);
+            if let Ok(metadata) = fs::metadata(joined_pathbuf).await {
+              if (url_rewrite_map_entry.is_not_file && metadata.is_file())
+                || (url_rewrite_map_entry.is_not_directory && metadata.is_dir())
+              {
+                continue;
+              }
+            }
+          }
+        }
+
+        if !url_rewrite_map_entry.allow_double_slashes {
+          while rewritten_url.contains("//") {
+            rewritten_url = rewritten_url.replace("//", "/");
+          }
+        }
+
+        // Actual URL rewriting
+        let old_rewritten_url = rewritten_url;
+        rewritten_url = url_rewrite_map_entry
+          .regex
+          .replace(&old_rewritten_url, &url_rewrite_map_entry.replacement)
+          .to_string();
+
+        let mut rewritten_url_bytes = rewritten_url.bytes();
+        if rewritten_url_bytes.len() < 1 || rewritten_url_bytes.nth(0) != Some(b'/') {
+          return Ok(
+            ResponseData::builder(request)
+              .status(StatusCode::BAD_REQUEST)
+              .build(),
+          );
+        }
+
+        if url_rewrite_map_entry.last && old_rewritten_url != rewritten_url {
+          break;
+        }
+      }
+
+      if rewritten_url == original_url {
+        Ok(ResponseData::builder(request).build())
+      } else {
+        if config["enableRewriteLogging"].as_bool() == Some(true) {
+          error_logger
+            .log(&format!(
+              "URL rewritten from \"{}\" to \"{}\"",
+              original_url, rewritten_url
+            ))
+            .await;
+        }
+        let (hyper_request, auth_user, _) = request.into_parts();
+        let (mut parts, body) = hyper_request.into_parts();
+        let original_url = parts.uri.clone();
+        let mut url_parts = parts.uri.into_parts();
+        url_parts.path_and_query = Some(rewritten_url.parse()?);
+        parts.uri = hyper::Uri::from_parts(url_parts)?;
+        let hyper_request = Request::from_parts(parts, body);
+        let request = RequestData::new(hyper_request, auth_user, Some(original_url));
+        Ok(ResponseData::builder(request).build())
+      }
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}

ferron/src/modules/x_forwarded_for.rs

@@ -0,0 +1,144 @@
+use std::error::Error;
+use std::net::{IpAddr, SocketAddr};
+
+use crate::ferron_common::{
+  ErrorLogger, HyperResponse, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperUpgraded, WithRuntime};
+use async_trait::async_trait;
+use hyper::StatusCode;
+use hyper_tungstenite::HyperWebsocket;
+use tokio::runtime::Handle;
+
+struct XForwardedForModule;
+
+pub fn server_module_init(
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  Ok(Box::new(XForwardedForModule::new()))
+}
+
+impl XForwardedForModule {
+  fn new() -> Self {
+    Self
+  }
+}
+
+impl ServerModule for XForwardedForModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(XForwardedForModuleHandlers { handle })
+  }
+}
+struct XForwardedForModuleHandlers {
+  handle: Handle,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for XForwardedForModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      if config["enableIPSpoofing"].as_bool() == Some(true) {
+        let hyper_request = request.get_hyper_request();
+
+        if let Some(x_forwarded_for_value) = hyper_request.headers().get("x-forwarded-for") {
+          let x_forwarded_for = x_forwarded_for_value.to_str()?;
+
+          let prepared_remote_ip_str = match x_forwarded_for.split(",").nth(0) {
+            Some(ip_address_str) => ip_address_str.replace(" ", ""),
+            None => {
+              return Ok(
+                ResponseData::builder(request)
+                  .status(StatusCode::BAD_REQUEST)
+                  .build(),
+              );
+            }
+          };
+
+          let prepared_remote_ip: IpAddr = match prepared_remote_ip_str.parse() {
+            Ok(ip_address) => ip_address,
+            Err(_) => {
+              return Ok(
+                ResponseData::builder(request)
+                  .status(StatusCode::BAD_REQUEST)
+                  .build(),
+              );
+            }
+          };
+
+          let new_socket_addr = SocketAddr::new(prepared_remote_ip, socket_data.remote_addr.port());
+
+          return Ok(
+            ResponseData::builder(request)
+              .new_remote_address(new_socket_addr)
+              .build(),
+          );
+        }
+
+        return Ok(ResponseData::builder(request).build());
+      }
+
+      Ok(ResponseData::builder(request).build())
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}

ferron/src/optional_modules/asgi.rs

@@ -0,0 +1,1476 @@
+// WARNING: We have measured this module on our computers, and found it to be slower than Uvicorn (with 1 worker),
+//          with FastAPI application, vanilla ASGI application is found out to be faster than Uvicorn (with 1 worker).
+//          It might be more performant to just use Ferron as a reverse proxy for Uvicorn (or any other ASGI server).
+
+use std::error::Error;
+use std::ffi::CString;
+use std::path::{Path, PathBuf};
+use std::str::FromStr;
+use std::sync::atomic::{AtomicBool, Ordering};
+use std::sync::Arc;
+use std::thread;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperUpgraded, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperResponse, WithRuntime};
+use crate::ferron_util::asgi_messages::{
+  asgi_event_to_outgoing_struct, incoming_struct_to_asgi_event, AsgiHttpBody, AsgiHttpInitData,
+  AsgiInitData, AsgiWebsocketClose, AsgiWebsocketInitData, AsgiWebsocketMessage,
+  IncomingAsgiMessage, IncomingAsgiMessageInner, OutgoingAsgiMessage, OutgoingAsgiMessageInner,
+};
+use crate::ferron_util::asgi_structs::{AsgiApplicationLocationWrap, AsgiApplicationWrap};
+use crate::ferron_util::ip_match::ip_match;
+use crate::ferron_util::match_hostname::match_hostname;
+use crate::ferron_util::match_location::match_location;
+use async_channel::{Receiver, Sender};
+use async_trait::async_trait;
+use futures_util::{SinkExt, StreamExt};
+use http::{HeaderMap, HeaderName, HeaderValue, Response, Version};
+use http_body_util::{BodyExt, StreamBody};
+use hyper::body::{Bytes, Frame};
+use hyper::{header, StatusCode};
+use hyper_tungstenite::HyperWebsocket;
+use pyo3::exceptions::{PyIOError, PyOSError, PyRuntimeError, PyTypeError};
+use pyo3::prelude::*;
+use pyo3::types::{PyCFunction, PyDict, PyList, PyTuple, PyType};
+use tokio::fs;
+use tokio::runtime::{Handle, Runtime};
+use tokio::sync::Mutex;
+use tokio_tungstenite::tungstenite::protocol::CloseFrame;
+use tokio_tungstenite::tungstenite::Message;
+use tokio_util::sync::CancellationToken;
+
+type AsgiChannelResult =
+  Result<(Sender<IncomingAsgiMessage>, Receiver<OutgoingAsgiMessage>), anyhow::Error>;
+type AsgiEventLoopCommunication = Vec<(Sender<()>, Receiver<AsgiChannelResult>)>;
+
+async fn asgi_application_fn(
+  asgi_application: Arc<Py<PyAny>>,
+  tx: Sender<OutgoingAsgiMessage>,
+  rx: Receiver<IncomingAsgiMessage>,
+) {
+  let init_message = match rx.recv().await {
+    Ok(IncomingAsgiMessage::Init(message)) => message,
+    Err(err) => {
+      tx.send(OutgoingAsgiMessage::Error(PyErr::new::<PyIOError, _>(
+        err.to_string(),
+      )))
+      .await
+      .unwrap_or_default();
+      return;
+    }
+    _ => {
+      tx.send(OutgoingAsgiMessage::Error(PyErr::new::<PyIOError, _>(
+        "Unexpected message received",
+      )))
+      .await
+      .unwrap_or_default();
+      return;
+    }
+  };
+  let tx_clone = tx.clone();
+  let rx_clone = rx.clone();
+  match Python::with_gil(move |py| -> PyResult<_> {
+    let tx_clone = tx_clone.clone();
+    let rx_clone = rx_clone.clone();
+
+    let scope = PyDict::new(py);
+    let scope_asgi = PyDict::new(py);
+
+    match init_message {
+      AsgiInitData::Lifespan => {
+        scope.set_item("type", "lifespan")?;
+        scope_asgi.set_item("version", "3.0")?;
+      }
+      AsgiInitData::Http(http_init_data) => {
+        let path = http_init_data.hyper_request_parts.uri.path().to_owned();
+        let query_string = http_init_data
+          .hyper_request_parts
+          .uri
+          .query()
+          .unwrap_or("")
+          .to_owned();
+        let original_request_uri = http_init_data
+          .original_request_uri
+          .unwrap_or(http_init_data.hyper_request_parts.uri);
+        scope.set_item("type", "http")?;
+        scope_asgi.set_item("version", "2.5")?;
+        scope.set_item(
+          "http_version",
+          match http_init_data.hyper_request_parts.version {
+            Version::HTTP_09 => "1.0", // ASGI doesn't support HTTP/0.9
+            Version::HTTP_10 => "1.0",
+            Version::HTTP_11 => "1.1",
+            Version::HTTP_2 => "2",
+            Version::HTTP_3 => "2", // ASGI doesn't support HTTP/3
+            _ => "1.1",             // Some other HTTP versions, of course...
+          },
+        )?;
+        scope.set_item(
+          "method",
+          http_init_data.hyper_request_parts.method.to_string(),
+        )?;
+        scope.set_item(
+          "scheme",
+          if http_init_data.socket_data.encrypted {
+            "https"
+          } else {
+            "http"
+          },
+        )?;
+        scope.set_item("path", urlencoding::decode(&path)?)?;
+        scope.set_item("raw_path", original_request_uri.to_string().as_bytes())?;
+        scope.set_item("query_string", query_string.as_bytes())?;
+        if let Ok(script_path) = http_init_data
+          .execute_pathbuf
+          .as_path()
+          .strip_prefix(http_init_data.wwwroot)
+        {
+          scope.set_item(
+            "root_path",
+            format!(
+              "/{}",
+              match cfg!(windows) {
+                true => script_path.to_string_lossy().to_string().replace("\\", "/"),
+                false => script_path.to_string_lossy().to_string(),
+              }
+            ),
+          )?;
+        }
+        let headers = PyList::empty(py);
+        for (header_name, header_value) in http_init_data.hyper_request_parts.headers.iter() {
+          let header_name = header_name.as_str().as_bytes();
+          let header_value = header_value.as_bytes();
+          if !header_name.is_empty() && header_name[0] != b':' {
+            headers.append(PyTuple::new(py, [header_name, header_value].into_iter())?)?;
+          }
+        }
+        scope.set_item("headers", headers)?;
+        scope.set_item(
+          "client",
+          (
+            http_init_data
+              .socket_data
+              .remote_addr
+              .ip()
+              .to_canonical()
+              .to_string(),
+            http_init_data.socket_data.remote_addr.port(),
+          ),
+        )?;
+        scope.set_item(
+          "server",
+          (
+            http_init_data
+              .socket_data
+              .local_addr
+              .ip()
+              .to_canonical()
+              .to_string(),
+            http_init_data.socket_data.local_addr.port(),
+          ),
+        )?;
+      }
+      AsgiInitData::Websocket(websocket_init_data) => {
+        let path = websocket_init_data.uri.path().to_owned();
+        let query_string = websocket_init_data.uri.query().unwrap_or("").to_owned();
+        let original_request_uri = websocket_init_data.uri;
+        scope.set_item("type", "websocket")?;
+        scope_asgi.set_item("version", "2.5")?;
+        scope.set_item(
+          "http_version",
+          "1.1", // WebSocket is supported only on HTTP/1.1 in Ferron
+        )?;
+        scope.set_item(
+          "scheme",
+          if websocket_init_data.socket_data.encrypted {
+            "wss"
+          } else {
+            "ws"
+          },
+        )?;
+        scope.set_item("path", urlencoding::decode(&path)?)?;
+        scope.set_item("raw_path", original_request_uri.to_string().as_bytes())?;
+        scope.set_item("query_string", query_string.as_bytes())?;
+        if let Ok(script_path) = websocket_init_data
+          .execute_pathbuf
+          .as_path()
+          .strip_prefix(websocket_init_data.wwwroot)
+        {
+          scope.set_item(
+            "root_path",
+            format!(
+              "/{}",
+              match cfg!(windows) {
+                true => script_path.to_string_lossy().to_string().replace("\\", "/"),
+                false => script_path.to_string_lossy().to_string(),
+              }
+            ),
+          )?;
+        }
+        // Ferron doesn't send original request headers (before WebSocket upgrade) to WebSocket request handlers
+        scope.set_item("headers", PyList::empty(py))?;
+        scope.set_item(
+          "client",
+          (
+            websocket_init_data
+              .socket_data
+              .remote_addr
+              .ip()
+              .to_canonical()
+              .to_string(),
+            websocket_init_data.socket_data.remote_addr.port(),
+          ),
+        )?;
+        scope.set_item(
+          "server",
+          (
+            websocket_init_data
+              .socket_data
+              .local_addr
+              .ip()
+              .to_canonical()
+              .to_string(),
+            websocket_init_data.socket_data.local_addr.port(),
+          ),
+        )?;
+        scope.set_item("subprotocols", PyList::empty(py))?;
+      }
+    };
+
+    scope_asgi.set_item("spec_version", "1.0")?;
+    scope.set_item("asgi", scope_asgi)?;
+    let scope_extensions = PyDict::new(py);
+    scope_extensions.set_item("http.response.trailers", PyDict::new(py))?;
+    scope.set_item("extensions", scope_extensions)?;
+
+    let client_disconnected = Arc::new(AtomicBool::new(false));
+    let client_disconnected_clone = client_disconnected.clone();
+
+    let receive = PyCFunction::new_closure(
+      py,
+      None,
+      None,
+      move |args: &Bound<'_, PyTuple>, _: Option<&Bound<'_, PyDict>>| -> PyResult<_> {
+        let rx = rx_clone.clone();
+        let client_disconnected = client_disconnected.clone();
+        Ok(
+          pyo3_async_runtimes::tokio::future_into_py(args.py(), async move {
+            if client_disconnected.load(Ordering::Relaxed) {
+              Err(PyErr::new::<PyOSError, _>("Client disconnected"))
+            } else {
+              let message = rx
+                .recv()
+                .await
+                .map_err(|e| PyErr::new::<PyOSError, _>(e.to_string()))?;
+              match message {
+                IncomingAsgiMessage::Init(_) => Err(PyErr::new::<PyOSError, _>(
+                  "Unexpected ASGI initialization message",
+                )),
+                IncomingAsgiMessage::Message(message) => {
+                  if let IncomingAsgiMessageInner::HttpDisconnect = &message {
+                    client_disconnected.store(true, Ordering::Relaxed);
+                  }
+                  incoming_struct_to_asgi_event(message)
+                }
+              }
+            }
+          })?
+          .unbind(),
+        )
+      },
+    )?;
+    let send = PyCFunction::new_closure(
+      py,
+      None,
+      None,
+      move |args: &Bound<'_, PyTuple>, _: Option<&Bound<'_, PyDict>>| -> PyResult<_> {
+        let event = args.get_item(0)?.downcast::<PyDict>()?.clone();
+        let message = asgi_event_to_outgoing_struct(event)?;
+        let tx = tx_clone.clone();
+        let client_disconnected = client_disconnected_clone.clone();
+        Ok(
+          pyo3_async_runtimes::tokio::future_into_py(args.py(), async move {
+            if client_disconnected.load(Ordering::Relaxed) {
+              Err(PyErr::new::<PyOSError, _>("Client disconnected"))
+            } else {
+              tx.send(OutgoingAsgiMessage::Message(message))
+                .await
+                .map_err(|e| PyErr::new::<PyOSError, _>(e.to_string()))?;
+              Ok(())
+            }
+          })?
+          .unbind(),
+        )
+      },
+    )?;
+
+    let asgi_coroutine =
+      match asgi_application.call(py, (scope.clone(), receive.clone(), send.clone()), None) {
+        Ok(coroutine) => coroutine,
+        Err(err) => {
+          if !err.get_type(py).is(&PyType::new::<PyTypeError>(py)) {
+            return Err(err);
+          } else {
+            asgi_application
+              .call(py, (scope,), None)?
+              .call(py, (receive, send), None)?
+          }
+        }
+      };
+
+    pyo3_async_runtimes::tokio::into_future(asgi_coroutine.into_bound(py))
+  }) {
+    Err(err) => tx
+      .send(OutgoingAsgiMessage::Error(PyErr::new::<PyRuntimeError, _>(
+        err.to_string(),
+      )))
+      .await
+      .unwrap_or_default(),
+    Ok(asgi_future) => match asgi_future.await {
+      Err(err) => tx
+        .send(OutgoingAsgiMessage::Error(err))
+        .await
+        .unwrap_or_default(),
+      Ok(_) => tx
+        .send(OutgoingAsgiMessage::Finished)
+        .await
+        .unwrap_or_default(),
+    },
+  }
+}
+
+async fn asgi_lifetime_init_fn(asgi_applications: Vec<Arc<Py<PyAny>>>) -> Vec<AsgiChannelResult> {
+  let mut results = Vec::new();
+  for asgi_application in asgi_applications {
+    results.push(
+      async {
+        let (tx, rx_task) = async_channel::unbounded::<IncomingAsgiMessage>();
+        let (tx_task, rx) = async_channel::unbounded::<OutgoingAsgiMessage>();
+        if let Ok(locals) = Python::with_gil(pyo3_async_runtimes::tokio::get_current_locals) {
+          tokio::spawn(pyo3_async_runtimes::tokio::scope(
+            locals,
+            asgi_application_fn(asgi_application, tx_task, rx_task),
+          ));
+          tx.send(IncomingAsgiMessage::Init(AsgiInitData::Lifespan))
+            .await
+            .map_err(|e| anyhow::anyhow!(e.to_string()))?;
+          Ok((tx, rx))
+        } else {
+          Err(anyhow::anyhow!("Cannot obtain task locals"))
+        }
+      }
+      .await,
+    );
+  }
+  results
+}
+
+async fn asgi_event_loop_fn(
+  asgi_application: Arc<Py<PyAny>>,
+  tx: Sender<AsgiChannelResult>,
+  rx: Receiver<()>,
+) {
+  loop {
+    if rx.recv().await.is_err() {
+      continue;
+    }
+
+    let (tx_send, rx_task) = async_channel::unbounded::<IncomingAsgiMessage>();
+    let (tx_task, rx_send) = async_channel::unbounded::<OutgoingAsgiMessage>();
+    let asgi_application_cloned = asgi_application.clone();
+    if let Ok(locals) = Python::with_gil(pyo3_async_runtimes::tokio::get_current_locals) {
+      tokio::spawn(pyo3_async_runtimes::tokio::scope(
+        locals,
+        asgi_application_fn(asgi_application_cloned, tx_task, rx_task),
+      ));
+      tx.send(Ok((tx_send, rx_send))).await.unwrap_or_default();
+    }
+  }
+}
+
+async fn asgi_init_event_loop_fn(
+  cancel_token: CancellationToken,
+  asgi_applications: Vec<Arc<Py<PyAny>>>,
+  mut channels: Vec<(Sender<AsgiChannelResult>, Receiver<()>)>,
+) {
+  Python::with_gil(|py| {
+    // Try installing `uvloop`, when it fails, use `asyncio` fallback instead.
+    if let Ok(uvloop) = py.import("uvloop") {
+      let _ = uvloop.call_method0("install");
+    }
+
+    pyo3_async_runtimes::tokio::run::<_, ()>(py, async move {
+      let asgi_lifetime_channels = asgi_lifetime_init_fn(asgi_applications.clone()).await;
+      for asgi_lifetime_channel_result in &asgi_lifetime_channels {
+        if let Ok((tx, rx)) = asgi_lifetime_channel_result.as_ref() {
+          tx.send(IncomingAsgiMessage::Message(
+            IncomingAsgiMessageInner::LifespanStartup,
+          ))
+          .await
+          .unwrap_or_default();
+          loop {
+            match rx.recv().await {
+              Ok(OutgoingAsgiMessage::Message(
+                OutgoingAsgiMessageInner::LifespanStartupComplete,
+              ))
+              | Ok(OutgoingAsgiMessage::Message(
+                OutgoingAsgiMessageInner::LifespanStartupFailed(_),
+              ))
+              | Ok(OutgoingAsgiMessage::Finished)
+              | Ok(OutgoingAsgiMessage::Error(_))
+              | Err(_) => break,
+              _ => (),
+            }
+          }
+        }
+      }
+      let init_closure = async move {
+        let mut channels_len = channels.len();
+        if let Some((tx_last, rx_last)) = channels.pop() {
+          channels_len -= 1;
+          let last_channel_id = channels_len;
+          for (tx, rx) in channels {
+            channels_len -= 1;
+            if let Ok(locals) = Python::with_gil(pyo3_async_runtimes::tokio::get_current_locals) {
+              tokio::spawn(pyo3_async_runtimes::tokio::scope(
+                locals,
+                asgi_event_loop_fn(asgi_applications[channels_len].clone(), tx, rx),
+              ));
+            }
+          }
+
+          if let Ok(locals) = Python::with_gil(pyo3_async_runtimes::tokio::get_current_locals) {
+            tokio::spawn(pyo3_async_runtimes::tokio::scope(
+              locals,
+              asgi_event_loop_fn(asgi_applications[last_channel_id].clone(), tx_last, rx_last),
+            ))
+            .await
+            .unwrap_or_default();
+          }
+        }
+      };
+      tokio::select! {
+        _ = cancel_token.cancelled() => {}
+        _ = init_closure => {}
+      }
+      for asgi_lifetime_channel_result in &asgi_lifetime_channels {
+        if let Ok((tx, rx)) = asgi_lifetime_channel_result.as_ref() {
+          tx.send(IncomingAsgiMessage::Message(
+            IncomingAsgiMessageInner::LifespanShutdown,
+          ))
+          .await
+          .unwrap_or_default();
+          loop {
+            match rx.recv().await {
+              Ok(OutgoingAsgiMessage::Message(
+                OutgoingAsgiMessageInner::LifespanShutdownComplete,
+              ))
+              | Ok(OutgoingAsgiMessage::Message(
+                OutgoingAsgiMessageInner::LifespanShutdownFailed(_),
+              ))
+              | Ok(OutgoingAsgiMessage::Finished)
+              | Ok(OutgoingAsgiMessage::Error(_))
+              | Err(_) => break,
+              _ => (),
+            }
+          }
+        }
+      }
+      Ok(())
+    })
+  })
+  .unwrap_or_default();
+}
+
+pub fn load_asgi_application(
+  file_path: &Path,
+  clear_sys_path: bool,
+) -> Result<Py<PyAny>, Box<dyn Error + Send + Sync>> {
+  let script_dirname = file_path
+    .parent()
+    .map(|path| path.to_string_lossy().to_string());
+  let script_name = file_path.to_string_lossy().to_string();
+  let script_name_cstring = CString::from_str(&script_name)?;
+  let module_name = script_name
+    .strip_suffix(".py")
+    .unwrap_or(&script_name)
+    .to_lowercase()
+    .chars()
+    .map(|c| if c.is_lowercase() { '_' } else { c })
+    .collect::<String>();
+  let module_name_cstring = CString::from_str(&module_name)?;
+  let script_data = std::fs::read_to_string(file_path)?;
+  let script_data_cstring = CString::from_str(&script_data)?;
+  let asgi_application = Python::with_gil(move |py| -> PyResult<Py<PyAny>> {
+    let mut sys_path_old = None;
+    if let Some(script_dirname) = script_dirname {
+      if let Ok(sys_module) = PyModule::import(py, "sys") {
+        if let Ok(sys_path_any) = sys_module.getattr("path") {
+          if let Ok(sys_path) = sys_path_any.downcast::<PyList>() {
+            let sys_path = sys_path.clone();
+            sys_path_old = sys_path.extract::<Vec<String>>().ok();
+            sys_path.insert(0, script_dirname).unwrap_or_default();
+          }
+        }
+      }
+    }
+    let asgi_application = PyModule::from_code(
+      py,
+      &script_data_cstring,
+      &script_name_cstring,
+      &module_name_cstring,
+    )?
+    .getattr("application")?
+    .unbind();
+    if clear_sys_path {
+      if let Some(sys_path) = sys_path_old {
+        if let Ok(sys_module) = PyModule::import(py, "sys") {
+          sys_module.setattr("path", sys_path).unwrap_or_default();
+        }
+      }
+    }
+    Ok(asgi_application)
+  })?;
+  Ok(asgi_application)
+}
+
+pub fn server_module_init(
+  config: &ServerConfig,
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  let mut asgi_applications = Vec::new();
+  let mut global_asgi_application_id = None;
+  let mut host_asgi_application_ids = Vec::new();
+  let clear_sys_path = config["global"]["asgiClearModuleImportPath"]
+    .as_bool()
+    .unwrap_or(false);
+  if let Some(asgi_application_path) = config["global"]["asgiApplicationPath"].as_str() {
+    let asgi_application_id = asgi_applications.len();
+    asgi_applications.push(Arc::new(load_asgi_application(
+      PathBuf::from_str(asgi_application_path)?.as_path(),
+      clear_sys_path,
+    )?));
+    global_asgi_application_id = Some(asgi_application_id);
+  }
+  let global_asgi_path = config["global"]["asgiPath"].as_str().map(|s| s.to_string());
+
+  if let Some(hosts) = config["hosts"].as_vec() {
+    for host_yaml in hosts.iter() {
+      let domain = host_yaml["domain"].as_str().map(String::from);
+      let ip = host_yaml["ip"].as_str().map(String::from);
+      let mut locations = Vec::new();
+      if let Some(locations_yaml) = host_yaml["locations"].as_vec() {
+        for location_yaml in locations_yaml.iter() {
+          if let Some(path_str) = location_yaml["path"].as_str() {
+            let path = String::from(path_str);
+            if let Some(asgi_application_path) = location_yaml["asgiApplicationPath"].as_str() {
+              let asgi_application_id = asgi_applications.len();
+              asgi_applications.push(Arc::new(load_asgi_application(
+                PathBuf::from_str(asgi_application_path)?.as_path(),
+                clear_sys_path,
+              )?));
+
+              locations.push(AsgiApplicationLocationWrap::new(
+                path,
+                asgi_application_id,
+                asgi_application_path.to_string(),
+                location_yaml["asgiPath"].as_str().map(|s| s.to_string()),
+              ));
+            }
+          }
+        }
+      }
+      if let Some(asgi_application_path) = host_yaml["asgiApplicationPath"].as_str() {
+        let asgi_application_id = asgi_applications.len();
+        asgi_applications.push(Arc::new(load_asgi_application(
+          PathBuf::from_str(asgi_application_path)?.as_path(),
+          clear_sys_path,
+        )?));
+        host_asgi_application_ids.push(AsgiApplicationWrap::new(
+          domain,
+          ip,
+          Some(asgi_application_id),
+          Some(asgi_application_path.to_string()),
+          host_yaml["asgiPath"].as_str().map(|s| s.to_string()),
+          locations,
+        ));
+      } else if !locations.is_empty() {
+        host_asgi_application_ids.push(AsgiApplicationWrap::new(
+          domain,
+          ip,
+          None,
+          None,
+          host_yaml["asgiPath"].as_str().map(|s| s.to_string()),
+          locations,
+        ));
+      }
+    }
+  }
+
+  let cancel_token: CancellationToken = CancellationToken::new();
+  let cancel_token_thread = cancel_token.clone();
+  let mut asgi_event_loop_communication = Vec::new();
+  let mut asgi_event_loop_communication_thread = Vec::new();
+
+  for _ in 0..asgi_applications.len() {
+    let (tx, rx_thread) = async_channel::unbounded::<()>();
+    let (tx_thread, rx) = async_channel::unbounded::<AsgiChannelResult>();
+    asgi_event_loop_communication.push((tx, rx));
+    asgi_event_loop_communication_thread.push((tx_thread, rx_thread));
+  }
+
+  let available_parallelism = thread::available_parallelism()?.get();
+
+  // Initialize a single-threaded (due to Python's GIL) Tokio runtime to be used as an intermediary event loop for asynchronous Python
+  let mut runtime_builder = tokio::runtime::Builder::new_multi_thread();
+  runtime_builder
+    .worker_threads(1)
+    .enable_all()
+    .thread_name("python-async-pool");
+  pyo3_async_runtimes::tokio::init(runtime_builder);
+
+  // Create and spawn a task in the Tokio runtime for ASGI
+  let runtime = tokio::runtime::Builder::new_multi_thread()
+    .worker_threads(match available_parallelism / 2 {
+      0 => 1,
+      non_zero => non_zero,
+    })
+    .enable_all()
+    .thread_name("asgi-pool")
+    .build()?;
+
+  runtime.spawn(asgi_init_event_loop_fn(
+    cancel_token_thread,
+    asgi_applications,
+    asgi_event_loop_communication_thread,
+  ));
+
+  Ok(Box::new(AsgiModule::new(
+    global_asgi_application_id,
+    global_asgi_path,
+    Arc::new(host_asgi_application_ids),
+    cancel_token,
+    asgi_event_loop_communication,
+    runtime,
+  )))
+}
+
+struct AsgiModule {
+  global_asgi_application_id: Option<usize>,
+  global_asgi_path: Option<String>,
+  host_asgi_application_ids: Arc<Vec<AsgiApplicationWrap>>,
+  cancel_token: CancellationToken,
+  asgi_event_loop_communication: AsgiEventLoopCommunication,
+  #[allow(dead_code)]
+  runtime: Runtime,
+}
+
+impl AsgiModule {
+  fn new(
+    global_asgi_application_id: Option<usize>,
+    global_asgi_path: Option<String>,
+    host_asgi_application_ids: Arc<Vec<AsgiApplicationWrap>>,
+    cancel_token: CancellationToken,
+    asgi_event_loop_communication: AsgiEventLoopCommunication,
+    runtime: Runtime,
+  ) -> Self {
+    AsgiModule {
+      global_asgi_application_id,
+      global_asgi_path,
+      host_asgi_application_ids,
+      cancel_token,
+      asgi_event_loop_communication,
+      runtime,
+    }
+  }
+}
+
+impl ServerModule for AsgiModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(AsgiModuleHandlers {
+      global_asgi_application_id: self.global_asgi_application_id,
+      global_asgi_path: self.global_asgi_path.clone(),
+      host_asgi_application_ids: self.host_asgi_application_ids.clone(),
+      asgi_event_loop_communication: self.asgi_event_loop_communication.clone(),
+      handle,
+    })
+  }
+}
+
+impl Drop for AsgiModule {
+  fn drop(&mut self) {
+    self.cancel_token.cancel();
+  }
+}
+
+struct AsgiModuleHandlers {
+  global_asgi_application_id: Option<usize>,
+  global_asgi_path: Option<String>,
+  host_asgi_application_ids: Arc<Vec<AsgiApplicationWrap>>,
+  asgi_event_loop_communication: AsgiEventLoopCommunication,
+  handle: Handle,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for AsgiModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      let hyper_request = request.get_hyper_request();
+
+      // Use .take() instead of .clone(), since the values in Options will only be used once.
+      let mut asgi_application_id = self.global_asgi_application_id.take();
+      let mut asgi_path = self.global_asgi_path.take();
+
+      // Should have used a HashMap instead of iterating over an array for better performance...
+      for host_asgi_application_wrap in self.host_asgi_application_ids.iter() {
+        if match_hostname(
+          match &host_asgi_application_wrap.domain {
+            Some(value) => Some(value as &str),
+            None => None,
+          },
+          match hyper_request.headers().get(header::HOST) {
+            Some(value) => value.to_str().ok(),
+            None => None,
+          },
+        ) && match &host_asgi_application_wrap.ip {
+          Some(value) => ip_match(value as &str, socket_data.remote_addr.ip()),
+          None => true,
+        } {
+          asgi_application_id = host_asgi_application_wrap.asgi_application_id;
+          asgi_path = host_asgi_application_wrap.asgi_path.clone();
+          if let Ok(path_decoded) = urlencoding::decode(
+            request
+              .get_original_url()
+              .unwrap_or(request.get_hyper_request().uri())
+              .path(),
+          ) {
+            for location_wrap in host_asgi_application_wrap.locations.iter() {
+              if match_location(&location_wrap.path, &path_decoded) {
+                asgi_application_id = Some(location_wrap.asgi_application_id);
+                asgi_path = location_wrap.asgi_path.clone();
+                break;
+              }
+            }
+          }
+          break;
+        }
+      }
+
+      let request_path = hyper_request.uri().path();
+      let mut request_path_bytes = request_path.bytes();
+      if request_path_bytes.len() < 1 || request_path_bytes.nth(0) != Some(b'/') {
+        return Ok(
+          ResponseData::builder(request)
+            .status(StatusCode::BAD_REQUEST)
+            .build(),
+        );
+      }
+
+      if let Some(asgi_application_id) = asgi_application_id {
+        let asgi_path = asgi_path.unwrap_or("/".to_string());
+        let mut canonical_asgi_path: &str = &asgi_path;
+        if canonical_asgi_path.bytes().last() == Some(b'/') {
+          canonical_asgi_path = &canonical_asgi_path[..(canonical_asgi_path.len() - 1)];
+        }
+
+        let request_path_with_slashes = match request_path == canonical_asgi_path {
+          true => format!("{}/", request_path),
+          false => request_path.to_string(),
+        };
+        if let Some(stripped_request_path) =
+          request_path_with_slashes.strip_prefix(canonical_asgi_path)
+        {
+          let wwwroot_yaml = &config["wwwroot"];
+          let wwwroot = wwwroot_yaml.as_str().unwrap_or("/nonexistent");
+
+          let wwwroot_unknown = PathBuf::from(wwwroot);
+          let wwwroot_pathbuf = match wwwroot_unknown.as_path().is_absolute() {
+            true => wwwroot_unknown,
+            false => match fs::canonicalize(&wwwroot_unknown).await {
+              Ok(pathbuf) => pathbuf,
+              Err(_) => wwwroot_unknown,
+            },
+          };
+          let wwwroot = wwwroot_pathbuf.as_path();
+
+          let mut relative_path = &request_path[1..];
+          while relative_path.as_bytes().first().copied() == Some(b'/') {
+            relative_path = &relative_path[1..];
+          }
+
+          let decoded_relative_path = match urlencoding::decode(relative_path) {
+            Ok(path) => path.to_string(),
+            Err(_) => {
+              return Ok(
+                ResponseData::builder(request)
+                  .status(StatusCode::BAD_REQUEST)
+                  .build(),
+              );
+            }
+          };
+
+          let joined_pathbuf = wwwroot.join(decoded_relative_path);
+          let execute_pathbuf = joined_pathbuf;
+          let execute_path_info = stripped_request_path
+            .strip_prefix("/")
+            .map(|s| s.to_string());
+
+          let (tx, rx) = {
+            let (tx, rx) = &self.asgi_event_loop_communication[asgi_application_id];
+            tx.send(()).await?;
+            rx.recv().await??
+          };
+
+          return execute_asgi(
+            request,
+            socket_data,
+            error_logger,
+            wwwroot,
+            execute_pathbuf,
+            execute_path_info,
+            config["serverAdministratorEmail"].as_str(),
+            tx,
+            rx,
+          )
+          .await;
+        }
+      }
+      Ok(ResponseData::builder(request).build())
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    websocket: HyperWebsocket,
+    uri: &hyper::Uri,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      // Use .take() instead of .clone(), since the values in Options will only be used once.
+      let mut asgi_application_id = self.global_asgi_application_id.take();
+      let mut asgi_path = self.global_asgi_path.take();
+
+      // Should have used a HashMap instead of iterating over an array for better performance...
+      for host_asgi_application_wrap in self.host_asgi_application_ids.iter() {
+        // Workaround for Ferron not providing the domain name for WebSocket connections
+        let config_test_domain = host_asgi_application_wrap
+          .domain
+          .as_ref()
+          .map(|value| value as &str);
+        let obtained_domain = config["domain"].as_str();
+        if config_test_domain == obtained_domain
+          && config["asgiApplicationPath"].as_str()
+            == host_asgi_application_wrap.asgi_application_path.as_deref()
+          && match &host_asgi_application_wrap.ip {
+            Some(value) => ip_match(value as &str, socket_data.remote_addr.ip()),
+            None => true,
+          }
+        {
+          asgi_application_id = host_asgi_application_wrap.asgi_application_id;
+          asgi_path = host_asgi_application_wrap.asgi_path.clone();
+          if let Ok(path_decoded) = urlencoding::decode(uri.path()) {
+            for location_wrap in host_asgi_application_wrap.locations.iter() {
+              if match_location(&location_wrap.path, &path_decoded) {
+                asgi_application_id = Some(location_wrap.asgi_application_id);
+                asgi_path = location_wrap.asgi_path.clone();
+                break;
+              }
+            }
+          }
+          break;
+        }
+      }
+
+      let request_path = uri.path();
+      let mut request_path_bytes = request_path.bytes();
+      if request_path_bytes.len() < 1 || request_path_bytes.nth(0) != Some(b'/') {
+        return Ok(());
+      }
+
+      if let Some(asgi_application_id) = asgi_application_id {
+        let asgi_path = asgi_path.unwrap_or("/".to_string());
+        let mut canonical_asgi_path: &str = &asgi_path;
+        if canonical_asgi_path.bytes().last() == Some(b'/') {
+          canonical_asgi_path = &canonical_asgi_path[..(canonical_asgi_path.len() - 1)];
+        }
+
+        let request_path_with_slashes = match request_path == canonical_asgi_path {
+          true => format!("{}/", request_path),
+          false => request_path.to_string(),
+        };
+        if let Some(stripped_request_path) =
+          request_path_with_slashes.strip_prefix(canonical_asgi_path)
+        {
+          let wwwroot_yaml = &config["wwwroot"];
+          let wwwroot = wwwroot_yaml.as_str().unwrap_or("/nonexistent");
+
+          let wwwroot_unknown = PathBuf::from(wwwroot);
+          let wwwroot_pathbuf = match wwwroot_unknown.as_path().is_absolute() {
+            true => wwwroot_unknown,
+            false => match fs::canonicalize(&wwwroot_unknown).await {
+              Ok(pathbuf) => pathbuf,
+              Err(_) => wwwroot_unknown,
+            },
+          };
+          let wwwroot = wwwroot_pathbuf.as_path();
+
+          let mut relative_path = &request_path[1..];
+          while relative_path.as_bytes().first().copied() == Some(b'/') {
+            relative_path = &relative_path[1..];
+          }
+
+          let decoded_relative_path = match urlencoding::decode(relative_path) {
+            Ok(path) => path.to_string(),
+            Err(_) => {
+              return Ok(());
+            }
+          };
+
+          let joined_pathbuf = wwwroot.join(decoded_relative_path);
+          let execute_pathbuf = joined_pathbuf;
+          let execute_path_info = stripped_request_path
+            .strip_prefix("/")
+            .map(|s| s.to_string());
+
+          let (tx, rx) = {
+            let (tx, rx) = &self.asgi_event_loop_communication[asgi_application_id];
+            tx.send(()).await?;
+            rx.recv().await??
+          };
+
+          return execute_asgi_websocket(
+            websocket,
+            uri,
+            socket_data,
+            error_logger,
+            wwwroot,
+            execute_pathbuf,
+            execute_path_info,
+            config["serverAdministratorEmail"].as_str(),
+            tx,
+            rx,
+          )
+          .await;
+        }
+      }
+      Ok(())
+    })
+    .await
+  }
+
+  fn does_websocket_requests(&mut self, config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    config["asgiApplicationPath"].as_str().is_some()
+  }
+}
+
+#[allow(clippy::too_many_arguments)]
+async fn execute_asgi(
+  request: RequestData,
+  socket_data: &SocketData,
+  error_logger: &ErrorLogger,
+  wwwroot: &Path,
+  execute_pathbuf: PathBuf,
+  _path_info: Option<String>,
+  _server_administrator_email: Option<&str>,
+  asgi_tx: Sender<IncomingAsgiMessage>,
+  asgi_rx: Receiver<OutgoingAsgiMessage>,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let (hyper_request, _, original_request_uri) = request.into_parts();
+  let (hyper_request_parts, request_body) = hyper_request.into_parts();
+  asgi_tx
+    .send(IncomingAsgiMessage::Init(AsgiInitData::Http(
+      AsgiHttpInitData {
+        hyper_request_parts,
+        original_request_uri,
+        socket_data: SocketData {
+          remote_addr: socket_data.remote_addr,
+          local_addr: socket_data.local_addr,
+          encrypted: socket_data.encrypted,
+        },
+        error_logger: error_logger.clone(),
+        wwwroot: wwwroot.to_path_buf(),
+        execute_pathbuf,
+      },
+    )))
+    .await?;
+
+  let mut request_body_stream = request_body.into_data_stream();
+  let asgi_tx_clone = asgi_tx.clone();
+
+  tokio::spawn(async move {
+    loop {
+      match request_body_stream.next().await {
+        Some(Ok(data)) => asgi_tx_clone
+          .send(IncomingAsgiMessage::Message(
+            IncomingAsgiMessageInner::HttpRequest(AsgiHttpBody {
+              body: data.to_vec(),
+              more_body: true,
+            }),
+          ))
+          .await
+          .unwrap_or_default(),
+        Some(Err(_)) => {
+          asgi_tx_clone
+            .send(IncomingAsgiMessage::Message(
+              IncomingAsgiMessageInner::HttpDisconnect,
+            ))
+            .await
+            .unwrap_or_default();
+        }
+        None => {
+          asgi_tx_clone
+            .send(IncomingAsgiMessage::Message(
+              IncomingAsgiMessageInner::HttpRequest(AsgiHttpBody {
+                body: b"".to_vec(),
+                more_body: false,
+              }),
+            ))
+            .await
+            .unwrap_or_default();
+          break;
+        }
+      }
+    }
+  });
+
+  let asgi_http_response_start;
+
+  loop {
+    match asgi_rx.recv().await? {
+      OutgoingAsgiMessage::Finished => Err(anyhow::anyhow!(
+        "ASGI application returned before sending the HTTP response start event"
+      ))?,
+      OutgoingAsgiMessage::Error(err) => Err(err)?,
+      OutgoingAsgiMessage::Message(OutgoingAsgiMessageInner::HttpResponseStart(
+        http_response_start,
+      )) => {
+        asgi_http_response_start = http_response_start;
+        break;
+      }
+      _ => (),
+    }
+  }
+
+  let response_body_stream = futures_util::stream::unfold(
+    (asgi_tx, asgi_rx, false),
+    move |(asgi_tx, asgi_rx, request_end)| {
+      let has_trailers = asgi_http_response_start.trailers;
+      async move {
+        if request_end {
+          asgi_tx
+            .send(IncomingAsgiMessage::Message(
+              IncomingAsgiMessageInner::HttpDisconnect,
+            ))
+            .await
+            .unwrap_or_default();
+          return None;
+        }
+        loop {
+          match asgi_rx.recv().await {
+            Err(err) => {
+              return Some((
+                Err(std::io::Error::other(err.to_string())),
+                (asgi_tx, asgi_rx, false),
+              ))
+            }
+            Ok(OutgoingAsgiMessage::Finished) => return None,
+            Ok(OutgoingAsgiMessage::Error(err)) => {
+              return Some((
+                Err(std::io::Error::other(err.to_string())),
+                (asgi_tx, asgi_rx, false),
+              ))
+            }
+            Ok(OutgoingAsgiMessage::Message(OutgoingAsgiMessageInner::HttpResponseBody(
+              http_response_body,
+            ))) => {
+              if !http_response_body.more_body {
+                if http_response_body.body.is_empty() {
+                  if !has_trailers {
+                    asgi_tx
+                      .send(IncomingAsgiMessage::Message(
+                        IncomingAsgiMessageInner::HttpDisconnect,
+                      ))
+                      .await
+                      .unwrap_or_default();
+                    return None;
+                  }
+                } else {
+                  return Some((
+                    Ok(Frame::data(Bytes::from(http_response_body.body))),
+                    (asgi_tx, asgi_rx, !has_trailers),
+                  ));
+                }
+              } else if !http_response_body.body.is_empty() {
+                return Some((
+                  Ok(Frame::data(Bytes::from(http_response_body.body))),
+                  (asgi_tx, asgi_rx, false),
+                ));
+              }
+            }
+            Ok(OutgoingAsgiMessage::Message(OutgoingAsgiMessageInner::HttpResponseTrailers(
+              http_response_trailers,
+            ))) => {
+              if !http_response_trailers.more_trailers {
+                if http_response_trailers.headers.is_empty() {
+                  asgi_tx
+                    .send(IncomingAsgiMessage::Message(
+                      IncomingAsgiMessageInner::HttpDisconnect,
+                    ))
+                    .await
+                    .unwrap_or_default();
+                  return None;
+                } else {
+                  match async {
+                    let mut headers = HeaderMap::new();
+                    for (header_name, header_value) in http_response_trailers.headers {
+                      if !header_name.is_empty() && header_name[0] != b':' {
+                        headers.append(
+                          HeaderName::from_bytes(&header_name)?,
+                          HeaderValue::from_bytes(&header_value)?,
+                        );
+                      }
+                    }
+                    Ok::<_, Box<dyn Error + Send + Sync>>(headers)
+                  }
+                  .await
+                  {
+                    Ok(headers) => {
+                      return Some((Ok(Frame::trailers(headers)), (asgi_tx, asgi_rx, true)))
+                    }
+                    Err(err) => {
+                      return Some((
+                        Err(std::io::Error::other(err.to_string())),
+                        (asgi_tx, asgi_rx, false),
+                      ))
+                    }
+                  }
+                }
+              } else if !http_response_trailers.headers.is_empty() {
+                match async {
+                  let mut headers = HeaderMap::new();
+                  for (header_name, header_value) in http_response_trailers.headers {
+                    if !header_name.is_empty() && header_name[0] != b':' {
+                      headers.append(
+                        HeaderName::from_bytes(&header_name)?,
+                        HeaderValue::from_bytes(&header_value)?,
+                      );
+                    }
+                  }
+                  Ok::<_, Box<dyn Error + Send + Sync>>(headers)
+                }
+                .await
+                {
+                  Ok(headers) => {
+                    return Some((Ok(Frame::trailers(headers)), (asgi_tx, asgi_rx, true)))
+                  }
+                  Err(err) => {
+                    return Some((
+                      Err(std::io::Error::other(err.to_string())),
+                      (asgi_tx, asgi_rx, false),
+                    ))
+                  }
+                }
+              }
+            }
+            _ => (),
+          }
+        }
+      }
+    },
+  );
+  let response_body = BodyExt::boxed(StreamBody::new(response_body_stream));
+
+  let mut hyper_response = Response::new(response_body);
+  *hyper_response.status_mut() = StatusCode::from_u16(asgi_http_response_start.status)?;
+  let headers = hyper_response.headers_mut();
+  for (header_name, header_value) in asgi_http_response_start.headers {
+    if !header_name.is_empty() && header_name[0] != b':' {
+      headers.append(
+        HeaderName::from_bytes(&header_name)?,
+        HeaderValue::from_bytes(&header_value)?,
+      );
+    }
+  }
+
+  Ok(
+    ResponseData::builder_without_request()
+      .response(hyper_response)
+      .build(),
+  )
+}
+
+#[allow(clippy::too_many_arguments)]
+async fn execute_asgi_websocket(
+  websocket: HyperWebsocket,
+  uri: &hyper::Uri,
+  socket_data: &SocketData,
+  error_logger: &ErrorLogger,
+  wwwroot: &Path,
+  execute_pathbuf: PathBuf,
+  _path_info: Option<String>,
+  _server_administrator_email: Option<&str>,
+  asgi_tx: Sender<IncomingAsgiMessage>,
+  asgi_rx: Receiver<OutgoingAsgiMessage>,
+) -> Result<(), Box<dyn Error + Send + Sync>> {
+  asgi_tx
+    .send(IncomingAsgiMessage::Init(AsgiInitData::Websocket(
+      AsgiWebsocketInitData {
+        uri: uri.to_owned(),
+        socket_data: SocketData {
+          remote_addr: socket_data.remote_addr,
+          local_addr: socket_data.local_addr,
+          encrypted: socket_data.encrypted,
+        },
+        error_logger: error_logger.clone(),
+        wwwroot: wwwroot.to_path_buf(),
+        execute_pathbuf,
+      },
+    )))
+    .await?;
+
+  asgi_tx
+    .send(IncomingAsgiMessage::Message(
+      IncomingAsgiMessageInner::WebsocketConnect,
+    ))
+    .await?;
+
+  let client_bi_stream;
+  loop {
+    match asgi_rx.recv().await? {
+      OutgoingAsgiMessage::Finished => Err(anyhow::anyhow!(
+        "ASGI application returned before sending the WebSocket accept event"
+      ))?,
+      OutgoingAsgiMessage::Error(err) => Err(err)?,
+      OutgoingAsgiMessage::Message(OutgoingAsgiMessageInner::WebsocketAccept(_)) => {
+        client_bi_stream = websocket.await?;
+        break;
+      }
+      OutgoingAsgiMessage::Message(OutgoingAsgiMessageInner::WebsocketClose(_)) => {
+        asgi_tx
+          .send(IncomingAsgiMessage::Message(
+            IncomingAsgiMessageInner::WebsocketDisconnect(AsgiWebsocketClose {
+              code: 1005,
+              reason: "ASGI application closed the WebSocket connection before accepting it"
+                .to_string(),
+            }),
+          ))
+          .await
+          .unwrap_or_default();
+      }
+      _ => (),
+    }
+  }
+
+  let (client_sink, mut client_stream) = client_bi_stream.split();
+
+  let client_disconnected_mutex = Arc::new(Mutex::new(AtomicBool::new(false)));
+  let client_disconnected_mutex_clone = client_disconnected_mutex.clone();
+
+  let asgi_tx_clone = asgi_tx.clone();
+  let (ping, pong) = async_channel::unbounded();
+
+  tokio::spawn(async move {
+    while let Some(websocket_frame) = client_stream.next().await {
+      match websocket_frame {
+        Err(_) => {
+          let client_disconnected = client_disconnected_mutex_clone.lock().await;
+          if !client_disconnected.load(Ordering::Relaxed) {
+            client_disconnected.store(true, Ordering::Relaxed);
+            asgi_tx_clone
+              .send(IncomingAsgiMessage::Message(
+                IncomingAsgiMessageInner::WebsocketDisconnect(AsgiWebsocketClose {
+                  code: 1005,
+                  reason: "Error while receiving WebSocket data".to_string(),
+                }),
+              ))
+              .await
+              .unwrap_or_default();
+          }
+        }
+        Ok(Message::Ping(message)) => {
+          ping.send(message).await.unwrap_or_default();
+        }
+        Ok(Message::Binary(message)) => {
+          asgi_tx_clone
+            .send(IncomingAsgiMessage::Message(
+              IncomingAsgiMessageInner::WebsocketReceive(AsgiWebsocketMessage {
+                bytes: Some(message.to_vec()),
+                text: None,
+              }),
+            ))
+            .await
+            .unwrap_or_default();
+        }
+        Ok(Message::Text(message)) => {
+          asgi_tx_clone
+            .send(IncomingAsgiMessage::Message(
+              IncomingAsgiMessageInner::WebsocketReceive(AsgiWebsocketMessage {
+                bytes: None,
+                text: Some(message.to_string()),
+              }),
+            ))
+            .await
+            .unwrap_or_default();
+        }
+        Ok(Message::Close(close_frame)) => {
+          let client_disconnected = client_disconnected_mutex_clone.lock().await;
+          if !client_disconnected.load(Ordering::Relaxed) {
+            client_disconnected.store(true, Ordering::Relaxed);
+            client_disconnected_mutex_clone
+              .lock()
+              .await
+              .store(true, Ordering::Relaxed);
+            let (status_code, message) = if let Some(close_frame) = close_frame {
+              (close_frame.code.into(), close_frame.reason.to_string())
+            } else {
+              (
+                1005,
+                "Websocket connection closed for unknown reason".to_string(),
+              )
+            };
+            asgi_tx_clone
+              .send(IncomingAsgiMessage::Message(
+                IncomingAsgiMessageInner::WebsocketDisconnect(AsgiWebsocketClose {
+                  code: status_code,
+                  reason: message,
+                }),
+              ))
+              .await
+              .unwrap_or_default();
+          }
+        }
+        _ => (),
+      }
+    }
+  });
+
+  let client_sink_mutex = Arc::new(Mutex::new(client_sink));
+  let client_sink_mutex_cloned = client_sink_mutex.clone();
+
+  tokio::spawn(async move {
+    while let Ok(message) = pong.recv().await {
+      if client_sink_mutex_cloned
+        .lock()
+        .await
+        .send(Message::Pong(message))
+        .await
+        .is_err()
+      {
+        break;
+      }
+    }
+  });
+
+  loop {
+    match asgi_rx.recv().await? {
+      OutgoingAsgiMessage::Finished => Err(anyhow::anyhow!(
+        "ASGI application returned before sending the WebSocket accept event"
+      ))?,
+      OutgoingAsgiMessage::Error(err) => Err(err)?,
+      OutgoingAsgiMessage::Message(OutgoingAsgiMessageInner::WebsocketSend(websocket_message)) => {
+        let frame_option = if let Some(bytes) = websocket_message.bytes {
+          Some(Message::binary(bytes))
+        } else {
+          websocket_message.text.map(Message::text)
+        };
+        if let Some(frame) = frame_option {
+          let mut client_sink = client_sink_mutex.lock().await;
+          if let Err(err) = client_sink.send(frame).await {
+            drop(client_sink);
+            let client_disconnected = client_disconnected_mutex.lock().await;
+            if !client_disconnected.load(Ordering::Relaxed) {
+              client_disconnected.store(true, Ordering::Relaxed);
+              asgi_tx
+                .send(IncomingAsgiMessage::Message(
+                  IncomingAsgiMessageInner::WebsocketDisconnect(AsgiWebsocketClose {
+                    code: 1005,
+                    reason: "Error while sending WebSocket data".to_string(),
+                  }),
+                ))
+                .await
+                .unwrap_or_default();
+            }
+            Err(err)?;
+          }
+        }
+      }
+      OutgoingAsgiMessage::Message(OutgoingAsgiMessageInner::WebsocketClose(websocket_close)) => {
+        let client_disconnected = client_disconnected_mutex.lock().await;
+        if !client_disconnected.load(Ordering::Relaxed) {
+          client_disconnected.store(true, Ordering::Relaxed);
+          asgi_tx
+            .send(IncomingAsgiMessage::Message(
+              IncomingAsgiMessageInner::WebsocketDisconnect(AsgiWebsocketClose {
+                code: websocket_close.code,
+                reason: websocket_close.reason.clone(),
+              }),
+            ))
+            .await
+            .unwrap_or_default();
+        }
+        let mut client_sink = client_sink_mutex.lock().await;
+        client_sink
+          .send(Message::Close(Some(CloseFrame {
+            code: websocket_close.code.into(),
+            reason: websocket_close.reason.into(),
+          })))
+          .await?;
+        client_sink.close().await.unwrap_or_default();
+        break;
+      }
+      _ => (),
+    }
+  }
+
+  Ok(())
+}

ferron/src/optional_modules/cache.rs

@@ -0,0 +1,525 @@
+use std::collections::HashMap;
+use std::error::Error;
+use std::hash::RandomState;
+use std::sync::Arc;
+use std::time::{Duration, Instant};
+
+use crate::ferron_common::{
+  ErrorLogger, HyperUpgraded, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperResponse, WithRuntime};
+use async_trait::async_trait;
+use cache_control::{Cachability, CacheControl};
+use futures_util::{StreamExt, TryStreamExt};
+use hashlink::LinkedHashMap;
+use http_body_util::{BodyExt, Full, StreamBody};
+use hyper::body::{Bytes, Frame};
+use hyper::header::HeaderValue;
+use hyper::{header, HeaderMap, Method, Response, StatusCode};
+use hyper_tungstenite::HyperWebsocket;
+use itertools::Itertools;
+use tokio::runtime::Handle;
+use tokio::sync::RwLock;
+
+const CACHE_HEADER_NAME: &str = "X-Ferron-Cache";
+const DEFAULT_MAX_AGE: u64 = 300;
+
+pub fn server_module_init(
+  config: &ServerConfig,
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  let maximum_cache_entries = config["global"]["maximumCacheEntries"]
+    .as_i64()
+    .map(|v| v as usize);
+
+  Ok(Box::new(CacheModule::new(
+    Arc::new(RwLock::new(LinkedHashMap::with_hasher(RandomState::new()))),
+    Arc::new(RwLock::new(HashMap::new())),
+    maximum_cache_entries,
+  )))
+}
+
+#[allow(clippy::type_complexity)]
+struct CacheModule {
+  cache: Arc<
+    RwLock<
+      LinkedHashMap<
+        String,
+        (
+          StatusCode,
+          HeaderMap,
+          Vec<u8>,
+          Instant,
+          Option<CacheControl>,
+        ),
+        RandomState,
+      >,
+    >,
+  >,
+  vary_cache: Arc<RwLock<HashMap<String, Vec<String>>>>,
+  maximum_cache_entries: Option<usize>,
+}
+
+impl CacheModule {
+  #[allow(clippy::type_complexity)]
+  fn new(
+    cache: Arc<
+      RwLock<
+        LinkedHashMap<
+          String,
+          (
+            StatusCode,
+            HeaderMap,
+            Vec<u8>,
+            Instant,
+            Option<CacheControl>,
+          ),
+          RandomState,
+        >,
+      >,
+    >,
+    vary_cache: Arc<RwLock<HashMap<String, Vec<String>>>>,
+    maximum_cache_entries: Option<usize>,
+  ) -> Self {
+    Self {
+      cache,
+      vary_cache,
+      maximum_cache_entries,
+    }
+  }
+}
+
+impl ServerModule for CacheModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(CacheModuleHandlers {
+      cache: self.cache.clone(),
+      vary_cache: self.vary_cache.clone(),
+      maximum_cache_entries: self.maximum_cache_entries,
+      cache_vary_headers_configured: Vec::new(),
+      cache_ignore_headers_configured: Vec::new(),
+      maximum_cached_response_size: None,
+      cache_key: None,
+      request_headers: HeaderMap::new(),
+      has_authorization: false,
+      cached: false,
+      no_store: false,
+      handle,
+    })
+  }
+}
+
+#[allow(clippy::type_complexity)]
+struct CacheModuleHandlers {
+  handle: Handle,
+  cache: Arc<
+    RwLock<
+      LinkedHashMap<
+        String,
+        (
+          StatusCode,
+          HeaderMap,
+          Vec<u8>,
+          Instant,
+          Option<CacheControl>,
+        ),
+        RandomState,
+      >,
+    >,
+  >,
+  vary_cache: Arc<RwLock<HashMap<String, Vec<String>>>>,
+  maximum_cache_entries: Option<usize>,
+  cache_vary_headers_configured: Vec<String>,
+  cache_ignore_headers_configured: Vec<String>,
+  maximum_cached_response_size: Option<u64>,
+  cache_key: Option<String>,
+  request_headers: HeaderMap<HeaderValue>,
+  has_authorization: bool,
+  cached: bool,
+  no_store: bool,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for CacheModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      self.cache_vary_headers_configured = match config["cacheVaryHeaders"].as_vec() {
+        Some(vector) => {
+          let mut new_vector = Vec::new();
+          for yaml_value in vector.iter() {
+            if let Some(str_value) = yaml_value.as_str() {
+              new_vector.push(str_value.to_string());
+            }
+          }
+          new_vector
+        }
+        None => Vec::new(),
+      };
+      self.cache_ignore_headers_configured = match config["cacheIgnoreHeaders"].as_vec() {
+        Some(vector) => {
+          let mut new_vector = Vec::new();
+          for yaml_value in vector.iter() {
+            if let Some(str_value) = yaml_value.as_str() {
+              new_vector.push(str_value.to_string());
+            }
+          }
+          new_vector
+        }
+        None => Vec::new(),
+      };
+      self.maximum_cached_response_size = config["maximumCachedResponseSize"]
+        .as_i64()
+        .map(|f| f as u64);
+
+      let hyper_request = request.get_hyper_request();
+      let cache_key = format!(
+        "{} {}{}{}{}",
+        hyper_request.method().as_str(),
+        match socket_data.encrypted {
+          false => "http://",
+          true => "https://",
+        },
+        match hyper_request.headers().get(header::HOST) {
+          Some(host) => String::from_utf8_lossy(host.as_bytes()).into_owned(),
+          None => "".to_string(),
+        },
+        hyper_request.uri().path(),
+        match hyper_request.uri().query() {
+          Some(query) => format!("?{}", query),
+          None => "".to_string(),
+        }
+      );
+
+      let request_cache_control = match hyper_request.headers().get(header::CACHE_CONTROL) {
+        Some(value) => CacheControl::from_value(&String::from_utf8_lossy(value.as_bytes())),
+        None => None,
+      };
+
+      let mut no_store = false;
+      let mut no_cache = false;
+
+      if let Some(request_cache_control) = request_cache_control {
+        no_store = request_cache_control.no_store;
+        if let Some(cachability) = request_cache_control.cachability {
+          if cachability == Cachability::NoCache {
+            no_cache = true;
+          }
+        }
+      }
+
+      match hyper_request.method() {
+        &Method::GET | &Method::HEAD => (),
+        _ => {
+          no_store = true;
+        }
+      };
+
+      if no_store {
+        self.no_store = true;
+        return Ok(ResponseData::builder(request).build());
+      }
+
+      if !no_cache {
+        let rwlock_read = self.vary_cache.read().await;
+        let processed_vary = rwlock_read.get(&cache_key);
+        if let Some(processed_vary) = processed_vary {
+          let cache_key_with_vary = format!(
+            "{}\n{}",
+            &cache_key,
+            processed_vary
+              .iter()
+              .map(|header_name| {
+                match hyper_request.headers().get(header_name) {
+                  Some(header_value) => format!(
+                    "{}: {}",
+                    header_name,
+                    String::from_utf8_lossy(header_value.as_bytes()).into_owned()
+                  ),
+                  None => "".to_string(),
+                }
+              })
+              .collect::<Vec<String>>()
+              .join("\n")
+          );
+
+          drop(rwlock_read);
+
+          let rwlock_read = self.cache.read().await;
+          let cached_entry_option = rwlock_read.get(&cache_key_with_vary);
+
+          if let Some((status_code, headers, body, timestamp, response_cache_control)) =
+            cached_entry_option
+          {
+            let max_age = match response_cache_control {
+              Some(response_cache_control) => match response_cache_control.s_max_age {
+                Some(s_max_age) => Some(s_max_age),
+                None => response_cache_control.max_age,
+              },
+              None => None,
+            };
+
+            let mut cached = true;
+
+            if timestamp.elapsed() > max_age.unwrap_or(Duration::from_secs(DEFAULT_MAX_AGE)) {
+              cached = false;
+            }
+
+            if cached {
+              self.cached = true;
+              let mut hyper_response_builder = Response::builder().status(status_code);
+              for (header_name, header_value) in headers.iter() {
+                hyper_response_builder = hyper_response_builder.header(header_name, header_value);
+              }
+              let hyper_response = hyper_response_builder.body(
+                Full::new(Bytes::from(body.clone()))
+                  .map_err(|e| match e {})
+                  .boxed(),
+              )?;
+              return Ok(
+                ResponseData::builder(request)
+                  .response(hyper_response)
+                  .build(),
+              );
+            } else {
+              drop(rwlock_read);
+            }
+          }
+        } else {
+          drop(rwlock_read);
+        }
+      }
+
+      self.request_headers = hyper_request.headers().clone();
+      self.cache_key = Some(cache_key);
+      self.has_authorization = hyper_request.headers().contains_key(header::AUTHORIZATION);
+
+      Ok(ResponseData::builder(request).build())
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    mut response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      if self.no_store {
+        response
+          .headers_mut()
+          .insert(CACHE_HEADER_NAME, HeaderValue::from_str("BYPASS")?);
+        Ok(response)
+      } else if self.cached {
+        response
+          .headers_mut()
+          .insert(CACHE_HEADER_NAME, HeaderValue::from_str("HIT")?);
+        Ok(response)
+      } else if let Some(cache_key) = &self.cache_key {
+        let (mut response_parts, mut response_body) = response.into_parts();
+        let response_cache_control = match response_parts.headers.get(header::CACHE_CONTROL) {
+          Some(value) => CacheControl::from_value(&String::from_utf8_lossy(value.as_bytes())),
+          None => None,
+        };
+
+        let should_cache_response = match &response_cache_control {
+          Some(response_cache_control) => {
+            let is_private = response_cache_control.cachability == Some(Cachability::Private);
+            let is_public = response_cache_control.cachability == Some(Cachability::Public);
+
+            !response_cache_control.no_store
+              && !is_private
+              && (is_public
+                || (!self.has_authorization
+                  && (response_cache_control.max_age.is_some()
+                    || response_cache_control.s_max_age.is_some())))
+          }
+          None => false,
+        };
+
+        if should_cache_response {
+          let mut response_body_buffer = Vec::new();
+          let mut maximum_cached_response_size_exceeded = false;
+
+          while let Some(frame) = response_body.frame().await {
+            let frame_unwrapped = frame?;
+            if frame_unwrapped.is_data() {
+              if let Some(bytes) = frame_unwrapped.data_ref() {
+                response_body_buffer.extend_from_slice(bytes);
+                if let Some(maximum_cached_response_size) = self.maximum_cached_response_size {
+                  if response_body_buffer.len() as u64 > maximum_cached_response_size {
+                    maximum_cached_response_size_exceeded = true;
+                    break;
+                  }
+                }
+              }
+            }
+          }
+
+          if maximum_cached_response_size_exceeded {
+            let cached_stream =
+              futures_util::stream::once(async move { Ok(Bytes::from(response_body_buffer)) });
+            let response_stream = response_body.into_data_stream();
+            let chained_stream = cached_stream.chain(response_stream);
+            let stream_body = StreamBody::new(chained_stream.map_ok(Frame::data));
+            let response_body = BodyExt::boxed(stream_body);
+            response_parts
+              .headers
+              .insert(CACHE_HEADER_NAME, HeaderValue::from_str("MISS")?);
+            let response = Response::from_parts(response_parts, response_body);
+            Ok(response)
+          } else {
+            let mut response_vary = match response_parts.headers.get(header::VARY) {
+              Some(value) => String::from_utf8_lossy(value.as_bytes())
+                .split(",")
+                .map(|s| s.trim().to_owned())
+                .collect(),
+              None => Vec::new(),
+            };
+
+            let mut processed_vary_orig = self.cache_vary_headers_configured.clone();
+            processed_vary_orig.append(&mut response_vary);
+
+            let processed_vary = processed_vary_orig
+              .iter()
+              .unique()
+              .map(|s| s.to_owned())
+              .collect::<Vec<String>>();
+
+            if !processed_vary.contains(&"*".to_string()) {
+              let cache_key_with_vary = format!(
+                "{}\n{}",
+                &cache_key,
+                processed_vary
+                  .iter()
+                  .map(|header_name| {
+                    match self.request_headers.get(header_name) {
+                      Some(header_value) => format!(
+                        "{}: {}",
+                        header_name,
+                        String::from_utf8_lossy(header_value.as_bytes()).into_owned()
+                      ),
+                      None => "".to_string(),
+                    }
+                  })
+                  .collect::<Vec<String>>()
+                  .join("\n")
+              );
+
+              let mut rwlock_write = self.vary_cache.write().await;
+              rwlock_write.insert(cache_key.clone(), processed_vary);
+              drop(rwlock_write);
+
+              let mut written_headers = response_parts.headers.clone();
+              for header in self.cache_ignore_headers_configured.iter() {
+                while written_headers.remove(header).is_some() {}
+              }
+
+              let mut rwlock_write = self.cache.write().await;
+              rwlock_write.retain(|_, (_, _, _, timestamp, response_cache_control)| {
+                let max_age = match response_cache_control {
+                  Some(response_cache_control) => match response_cache_control.s_max_age {
+                    Some(s_max_age) => Some(s_max_age),
+                    None => response_cache_control.max_age,
+                  },
+                  None => None,
+                };
+
+                timestamp.elapsed() <= max_age.unwrap_or(Duration::from_secs(DEFAULT_MAX_AGE))
+              });
+
+              if let Some(maximum_cache_entries) = self.maximum_cache_entries {
+                // Remove a value at the front of the list
+                while !rwlock_write.is_empty() && rwlock_write.len() >= maximum_cache_entries {
+                  rwlock_write.pop_front();
+                }
+              }
+
+              // This inserts a value at the back of the list
+              rwlock_write.insert(
+                cache_key_with_vary,
+                (
+                  response_parts.status,
+                  written_headers,
+                  response_body_buffer.clone(),
+                  Instant::now(),
+                  response_cache_control,
+                ),
+              );
+              drop(rwlock_write);
+            }
+
+            let cached_stream =
+              futures_util::stream::once(async move { Ok(Bytes::from(response_body_buffer)) });
+            let stream_body = StreamBody::new(cached_stream.map_ok(Frame::data));
+            let response_body = BodyExt::boxed(stream_body);
+            response_parts
+              .headers
+              .insert(CACHE_HEADER_NAME, HeaderValue::from_str("MISS")?);
+            let response = Response::from_parts(response_parts, response_body);
+            Ok(response)
+          }
+        } else {
+          response_parts
+            .headers
+            .insert(CACHE_HEADER_NAME, HeaderValue::from_str("MISS")?);
+          let response = Response::from_parts(response_parts, response_body);
+          Ok(response)
+        }
+      } else {
+        Ok(response)
+      }
+    })
+    .await
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}

ferron/src/optional_modules/cgi.rs

@@ -0,0 +1,859 @@
+// CGI handler code inspired by SVR.JS's RedBrick mod, translated from JavaScript to Rust.
+use std::collections::HashMap;
+use std::error::Error;
+use std::path::{Path, PathBuf};
+use std::process::Stdio;
+use std::sync::Arc;
+use std::time::Duration;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperRequest, HyperResponse, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperUpgraded, WithRuntime};
+use async_trait::async_trait;
+use futures_util::TryStreamExt;
+use hashlink::LinkedHashMap;
+use http_body_util::{BodyExt, StreamBody};
+use httparse::EMPTY_HEADER;
+use hyper::body::Frame;
+use hyper::{header, Response, StatusCode};
+use hyper_tungstenite::HyperWebsocket;
+use tokio::fs;
+use tokio::io::AsyncReadExt;
+use tokio::process::Command;
+use tokio::runtime::Handle;
+use tokio::sync::RwLock;
+use tokio_util::io::{ReaderStream, StreamReader};
+
+use crate::ferron_res::server_software::SERVER_SOFTWARE;
+use crate::ferron_util::cgi_response::CgiResponse;
+use crate::ferron_util::copy_move::Copier;
+use crate::ferron_util::ttl_cache::TtlCache;
+
+pub fn server_module_init(
+  _config: &ServerConfig,
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  let cache = Arc::new(RwLock::new(TtlCache::new(Duration::from_millis(100))));
+  Ok(Box::new(CgiModule::new(cache)))
+}
+
+#[allow(clippy::type_complexity)]
+struct CgiModule {
+  path_cache: Arc<RwLock<TtlCache<String, (Option<PathBuf>, Option<String>)>>>,
+}
+
+impl CgiModule {
+  #[allow(clippy::type_complexity)]
+  fn new(path_cache: Arc<RwLock<TtlCache<String, (Option<PathBuf>, Option<String>)>>>) -> Self {
+    Self { path_cache }
+  }
+}
+
+impl ServerModule for CgiModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(CgiModuleHandlers {
+      path_cache: self.path_cache.clone(),
+      handle,
+    })
+  }
+}
+
+#[allow(clippy::type_complexity)]
+struct CgiModuleHandlers {
+  handle: Handle,
+  path_cache: Arc<RwLock<TtlCache<String, (Option<PathBuf>, Option<String>)>>>,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for CgiModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      let mut cgi_script_exts = Vec::new();
+
+      let cgi_script_exts_yaml = &config["cgiScriptExtensions"];
+      if let Some(cgi_script_exts_obtained) = cgi_script_exts_yaml.as_vec() {
+        for cgi_script_ext_yaml in cgi_script_exts_obtained.iter() {
+          if let Some(cgi_script_ext) = cgi_script_ext_yaml.as_str() {
+            cgi_script_exts.push(cgi_script_ext);
+          }
+        }
+      }
+
+      if let Some(wwwroot) = config["wwwroot"].as_str() {
+        let hyper_request = request.get_hyper_request();
+
+        let request_path = hyper_request.uri().path();
+        let mut request_path_bytes = request_path.bytes();
+        if request_path_bytes.len() < 1 || request_path_bytes.nth(0) != Some(b'/') {
+          return Ok(
+            ResponseData::builder(request)
+              .status(StatusCode::BAD_REQUEST)
+              .build(),
+          );
+        }
+
+        let cache_key = format!(
+          "{}{}{}",
+          match config["ip"].as_str() {
+            Some(ip) => format!("{}-", ip),
+            None => String::from(""),
+          },
+          match config["domain"].as_str() {
+            Some(domain) => format!("{}-", domain),
+            None => String::from(""),
+          },
+          request_path
+        );
+
+        let wwwroot_unknown = PathBuf::from(wwwroot);
+        let wwwroot_pathbuf = match wwwroot_unknown.as_path().is_absolute() {
+          true => wwwroot_unknown,
+          false => match fs::canonicalize(&wwwroot_unknown).await {
+            Ok(pathbuf) => pathbuf,
+            Err(_) => wwwroot_unknown,
+          },
+        };
+        let wwwroot = wwwroot_pathbuf.as_path();
+
+        let read_rwlock = self.path_cache.read().await;
+        let (execute_pathbuf, execute_path_info) = match read_rwlock.get(&cache_key) {
+          Some(data) => {
+            drop(read_rwlock);
+            data
+          }
+          None => {
+            drop(read_rwlock);
+            let mut relative_path = &request_path[1..];
+            while relative_path.as_bytes().first().copied() == Some(b'/') {
+              relative_path = &relative_path[1..];
+            }
+
+            let decoded_relative_path = match urlencoding::decode(relative_path) {
+              Ok(path) => path.to_string(),
+              Err(_) => {
+                return Ok(
+                  ResponseData::builder(request)
+                    .status(StatusCode::BAD_REQUEST)
+                    .build(),
+                );
+              }
+            };
+
+            let joined_pathbuf = wwwroot.join(decoded_relative_path);
+            let mut execute_pathbuf: Option<PathBuf> = None;
+            let mut execute_path_info: Option<String> = None;
+
+            match fs::metadata(&joined_pathbuf).await {
+              Ok(metadata) => {
+                if metadata.is_file() {
+                  let mut request_path_normalized = match cfg!(windows) {
+                    true => request_path.to_lowercase(),
+                    false => request_path.to_string(),
+                  };
+                  while request_path_normalized.contains("//") {
+                    request_path_normalized = request_path_normalized.replace("//", "/");
+                  }
+                  if request_path_normalized == "/cgi-bin"
+                    || request_path_normalized.starts_with("/cgi-bin/")
+                  {
+                    execute_pathbuf = Some(joined_pathbuf);
+                  } else {
+                    let contained_extension = joined_pathbuf
+                      .extension()
+                      .map(|a| format!(".{}", a.to_string_lossy()));
+                    if let Some(contained_extension) = contained_extension {
+                      if cgi_script_exts.contains(&(&contained_extension as &str)) {
+                        execute_pathbuf = Some(joined_pathbuf);
+                      }
+                    }
+                  }
+                } else if metadata.is_dir() {
+                  let indexes = vec!["index.php", "index.cgi"];
+                  for index in indexes {
+                    let temp_joined_pathbuf = joined_pathbuf.join(index);
+                    match fs::metadata(&temp_joined_pathbuf).await {
+                      Ok(temp_metadata) => {
+                        if temp_metadata.is_file() {
+                          let request_path_normalized = match cfg!(windows) {
+                            true => request_path.to_lowercase(),
+                            false => request_path.to_string(),
+                          };
+                          if request_path_normalized == "/cgi-bin"
+                            || request_path_normalized.starts_with("/cgi-bin/")
+                          {
+                            execute_pathbuf = Some(temp_joined_pathbuf);
+                            break;
+                          } else {
+                            let contained_extension = temp_joined_pathbuf
+                              .extension()
+                              .map(|a| format!(".{}", a.to_string_lossy()));
+                            if let Some(contained_extension) = contained_extension {
+                              if cgi_script_exts.contains(&(&contained_extension as &str)) {
+                                execute_pathbuf = Some(temp_joined_pathbuf);
+                                break;
+                              }
+                            }
+                          }
+                        }
+                      }
+                      Err(_) => continue,
+                    };
+                  }
+                }
+              }
+              Err(err) => {
+                if err.kind() == tokio::io::ErrorKind::NotADirectory {
+                  // TODO: find a file
+                  let mut temp_pathbuf = joined_pathbuf.clone();
+                  loop {
+                    if !temp_pathbuf.pop() {
+                      break;
+                    }
+                    match fs::metadata(&temp_pathbuf).await {
+                      Ok(metadata) => {
+                        if metadata.is_file() {
+                          let temp_path = temp_pathbuf.as_path();
+                          if !temp_path.starts_with(wwwroot) {
+                            // Traversed above the webroot, so ignore that.
+                            break;
+                          }
+                          let path_info = match joined_pathbuf.as_path().strip_prefix(temp_path) {
+                            Ok(path) => {
+                              let path = path.to_string_lossy().to_string();
+                              Some(match cfg!(windows) {
+                                true => path.replace("\\", "/"),
+                                false => path,
+                              })
+                            }
+                            Err(_) => None,
+                          };
+                          let mut request_path_normalized = match cfg!(windows) {
+                            true => request_path.to_lowercase(),
+                            false => request_path.to_string(),
+                          };
+                          while request_path_normalized.contains("//") {
+                            request_path_normalized = request_path_normalized.replace("//", "/");
+                          }
+                          if request_path_normalized == "/cgi-bin"
+                            || request_path_normalized.starts_with("/cgi-bin/")
+                          {
+                            execute_pathbuf = Some(temp_pathbuf);
+                            execute_path_info = path_info;
+                            break;
+                          } else {
+                            let contained_extension = temp_pathbuf
+                              .extension()
+                              .map(|a| format!(".{}", a.to_string_lossy()));
+                            if let Some(contained_extension) = contained_extension {
+                              if cgi_script_exts.contains(&(&contained_extension as &str)) {
+                                execute_pathbuf = Some(temp_pathbuf);
+                                execute_path_info = path_info;
+                                break;
+                              }
+                            }
+                          }
+                        } else {
+                          break;
+                        }
+                      }
+                      Err(err) => match err.kind() {
+                        tokio::io::ErrorKind::NotADirectory => (),
+                        _ => break,
+                      },
+                    };
+                  }
+                }
+              }
+            };
+            let data = (execute_pathbuf, execute_path_info);
+
+            let mut write_rwlock = self.path_cache.write().await;
+            write_rwlock.cleanup();
+            write_rwlock.insert(cache_key, data.clone());
+            drop(write_rwlock);
+            data
+          }
+        };
+
+        if let Some(execute_pathbuf) = execute_pathbuf {
+          let mut cgi_interpreters = HashMap::new();
+          cgi_interpreters.insert(".pl".to_string(), vec!["perl".to_string()]);
+          cgi_interpreters.insert(".py".to_string(), vec!["python".to_string()]);
+          cgi_interpreters.insert(".sh".to_string(), vec!["bash".to_string()]);
+          cgi_interpreters.insert(".ksh".to_string(), vec!["ksh".to_string()]);
+          cgi_interpreters.insert(".csh".to_string(), vec!["csh".to_string()]);
+          cgi_interpreters.insert(".rb".to_string(), vec!["ruby".to_string()]);
+          cgi_interpreters.insert(".php".to_string(), vec!["php-cgi".to_string()]);
+          if cfg!(windows) {
+            cgi_interpreters.insert(".exe".to_string(), vec![]);
+            cgi_interpreters.insert(
+              ".bat".to_string(),
+              vec!["cmd".to_string(), "/c".to_string()],
+            );
+            cgi_interpreters.insert(".vbs".to_string(), vec!["cscript".to_string()]);
+          }
+
+          let cgi_interpreters_yaml = &config["cgiScriptInterpreters"];
+          if let Some(cgi_interpreters_hashmap) = cgi_interpreters_yaml.as_hash() {
+            for (key_yaml, value_yaml) in cgi_interpreters_hashmap.iter() {
+              if let Some(key) = key_yaml.as_str() {
+                if value_yaml.is_null() {
+                  cgi_interpreters.remove(key);
+                } else if let Some(value) = value_yaml.as_vec() {
+                  let mut params = Vec::new();
+                  for param_yaml in value.iter() {
+                    if let Some(param) = param_yaml.as_str() {
+                      params.push(param.to_string());
+                    }
+                  }
+                  cgi_interpreters.insert(key.to_string(), params);
+                }
+              }
+            }
+          }
+
+          return execute_cgi_with_environment_variables(
+            request,
+            socket_data,
+            error_logger,
+            wwwroot,
+            execute_pathbuf,
+            execute_path_info,
+            config["serverAdministratorEmail"].as_str(),
+            cgi_interpreters,
+          )
+          .await;
+        }
+      }
+
+      Ok(ResponseData::builder(request).build())
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}
+
+#[allow(clippy::too_many_arguments)]
+async fn execute_cgi_with_environment_variables(
+  request: RequestData,
+  socket_data: &SocketData,
+  error_logger: &ErrorLogger,
+  wwwroot: &Path,
+  execute_pathbuf: PathBuf,
+  path_info: Option<String>,
+  server_administrator_email: Option<&str>,
+  cgi_interpreters: HashMap<String, Vec<String>>,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let mut environment_variables: LinkedHashMap<String, String> = LinkedHashMap::new();
+
+  let hyper_request = request.get_hyper_request();
+  let original_request_uri = request.get_original_url().unwrap_or(hyper_request.uri());
+
+  if let Some(auth_user) = request.get_auth_user() {
+    if let Some(authorization) = hyper_request.headers().get(header::AUTHORIZATION) {
+      let authorization_value = String::from_utf8_lossy(authorization.as_bytes()).to_string();
+      let mut authorization_value_split = authorization_value.split(" ");
+      if let Some(authorization_type) = authorization_value_split.next() {
+        environment_variables.insert("AUTH_TYPE".to_string(), authorization_type.to_string());
+      }
+    }
+    environment_variables.insert("REMOTE_USER".to_string(), auth_user.to_string());
+  }
+
+  environment_variables.insert(
+    "QUERY_STRING".to_string(),
+    match hyper_request.uri().query() {
+      Some(query) => query.to_string(),
+      None => "".to_string(),
+    },
+  );
+
+  environment_variables.insert("SERVER_SOFTWARE".to_string(), SERVER_SOFTWARE.to_string());
+  environment_variables.insert(
+    "SERVER_PROTOCOL".to_string(),
+    match hyper_request.version() {
+      hyper::Version::HTTP_09 => "HTTP/0.9".to_string(),
+      hyper::Version::HTTP_10 => "HTTP/1.0".to_string(),
+      hyper::Version::HTTP_11 => "HTTP/1.1".to_string(),
+      hyper::Version::HTTP_2 => "HTTP/2.0".to_string(),
+      hyper::Version::HTTP_3 => "HTTP/3.0".to_string(),
+      _ => "HTTP/Unknown".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "SERVER_PORT".to_string(),
+    socket_data.local_addr.port().to_string(),
+  );
+  environment_variables.insert(
+    "SERVER_ADDR".to_string(),
+    socket_data.local_addr.ip().to_canonical().to_string(),
+  );
+  if let Some(server_administrator_email) = server_administrator_email {
+    environment_variables.insert(
+      "SERVER_ADMIN".to_string(),
+      server_administrator_email.to_string(),
+    );
+  }
+  if let Some(host) = hyper_request.headers().get(header::HOST) {
+    environment_variables.insert(
+      "SERVER_NAME".to_string(),
+      String::from_utf8_lossy(host.as_bytes()).to_string(),
+    );
+  }
+
+  environment_variables.insert(
+    "DOCUMENT_ROOT".to_string(),
+    wwwroot.to_string_lossy().to_string(),
+  );
+  environment_variables.insert(
+    "PATH_INFO".to_string(),
+    match &path_info {
+      Some(path_info) => format!("/{}", path_info),
+      None => "".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "PATH_TRANSLATED".to_string(),
+    match &path_info {
+      Some(path_info) => {
+        let mut path_translated = execute_pathbuf.clone();
+        path_translated.push(path_info);
+        path_translated.to_string_lossy().to_string()
+      }
+      None => "".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "REQUEST_METHOD".to_string(),
+    hyper_request.method().to_string(),
+  );
+  environment_variables.insert("GATEWAY_INTERFACE".to_string(), "CGI/1.1".to_string());
+  environment_variables.insert(
+    "REQUEST_URI".to_string(),
+    format!(
+      "{}{}",
+      original_request_uri.path(),
+      match original_request_uri.query() {
+        Some(query) => format!("?{}", query),
+        None => String::from(""),
+      }
+    ),
+  );
+
+  environment_variables.insert(
+    "REMOTE_PORT".to_string(),
+    socket_data.remote_addr.port().to_string(),
+  );
+  environment_variables.insert(
+    "REMOTE_ADDR".to_string(),
+    socket_data.remote_addr.ip().to_canonical().to_string(),
+  );
+
+  environment_variables.insert(
+    "SCRIPT_FILENAME".to_string(),
+    execute_pathbuf.to_string_lossy().to_string(),
+  );
+  if let Ok(script_path) = execute_pathbuf.as_path().strip_prefix(wwwroot) {
+    environment_variables.insert(
+      "SCRIPT_NAME".to_string(),
+      format!(
+        "/{}",
+        match cfg!(windows) {
+          true => script_path.to_string_lossy().to_string().replace("\\", "/"),
+          false => script_path.to_string_lossy().to_string(),
+        }
+      ),
+    );
+  }
+
+  if socket_data.encrypted {
+    environment_variables.insert("HTTPS".to_string(), "ON".to_string());
+  }
+
+  for (header_name, header_value) in hyper_request.headers().iter() {
+    let env_header_name = match *header_name {
+      header::CONTENT_LENGTH => "CONTENT_LENGTH".to_string(),
+      header::CONTENT_TYPE => "CONTENT_TYPE".to_string(),
+      _ => {
+        let mut result = String::new();
+
+        result.push_str("HTTP_");
+
+        for c in header_name.as_str().to_uppercase().chars() {
+          if c.is_alphanumeric() {
+            result.push(c);
+          } else {
+            result.push('_');
+          }
+        }
+
+        result
+      }
+    };
+    if environment_variables.contains_key(&env_header_name) {
+      let value = environment_variables.get_mut(&env_header_name);
+      if let Some(value) = value {
+        if env_header_name == "HTTP_COOKIE" {
+          value.push_str("; ");
+        } else {
+          // See https://stackoverflow.com/a/1801191
+          value.push_str(", ");
+        }
+        value.push_str(String::from_utf8_lossy(header_value.as_bytes()).as_ref());
+      } else {
+        environment_variables.insert(
+          env_header_name,
+          String::from_utf8_lossy(header_value.as_bytes()).to_string(),
+        );
+      }
+    } else {
+      environment_variables.insert(
+        env_header_name,
+        String::from_utf8_lossy(header_value.as_bytes()).to_string(),
+      );
+    }
+  }
+
+  let (hyper_request, _, _) = request.into_parts();
+
+  execute_cgi(
+    hyper_request,
+    error_logger,
+    execute_pathbuf,
+    cgi_interpreters,
+    environment_variables,
+  )
+  .await
+}
+
+async fn execute_cgi(
+  hyper_request: HyperRequest,
+  error_logger: &ErrorLogger,
+  execute_pathbuf: PathBuf,
+  cgi_interpreters: HashMap<String, Vec<String>>,
+  environment_variables: LinkedHashMap<String, String>,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let (_, body) = hyper_request.into_parts();
+
+  let executable_params = match get_executable(&execute_pathbuf).await {
+    Ok(params) => params,
+    Err(err) => {
+      let contained_extension = execute_pathbuf
+        .extension()
+        .map(|a| format!(".{}", a.to_string_lossy()));
+      if let Some(contained_extension) = contained_extension {
+        if let Some(params_init) = cgi_interpreters.get(&contained_extension) {
+          let mut params: Vec<String> = params_init.iter().map(|s| s.to_owned()).collect();
+          params.push(execute_pathbuf.to_string_lossy().to_string());
+          params
+        } else {
+          Err(err)?
+        }
+      } else {
+        Err(err)?
+      }
+    }
+  };
+
+  let mut executable_params_iter = executable_params.iter();
+
+  let mut command = Command::new(match executable_params_iter.next() {
+    Some(executable_name) => executable_name,
+    None => Err(anyhow::anyhow!("Cannot determine the executable"))?,
+  });
+
+  // Set standard I/O to be piped
+  command.stdin(Stdio::piped());
+  command.stdout(Stdio::piped());
+  command.stderr(Stdio::piped());
+
+  for param in executable_params_iter {
+    command.arg(param);
+  }
+
+  command.envs(environment_variables);
+
+  let mut execute_dir_pathbuf = execute_pathbuf.clone();
+  execute_dir_pathbuf.pop();
+  command.current_dir(execute_dir_pathbuf);
+
+  let mut child = command.spawn()?;
+
+  let cgi_stdin_reader = StreamReader::new(body.into_data_stream().map_err(std::io::Error::other));
+
+  let stdin = match child.stdin.take() {
+    Some(stdin) => stdin,
+    None => Err(anyhow::anyhow!(
+      "The CGI process doesn't have standard input"
+    ))?,
+  };
+  let stdout = match child.stdout.take() {
+    Some(stdout) => stdout,
+    None => Err(anyhow::anyhow!(
+      "The CGI process doesn't have standard output"
+    ))?,
+  };
+  let stderr = child.stderr.take();
+
+  let mut cgi_response = CgiResponse::new(stdout);
+
+  let stdin_copy_future = Copier::new(cgi_stdin_reader, stdin).copy();
+  let mut stdin_copy_future_pinned = Box::pin(stdin_copy_future);
+
+  let mut headers = [EMPTY_HEADER; 128];
+
+  let mut early_stdin_copied = false;
+
+  // Needed to wrap this in another scope to prevent errors with multiple mutable borrows.
+  {
+    let mut head_obtained = false;
+    let stdout_parse_future = cgi_response.get_head();
+    tokio::pin!(stdout_parse_future);
+
+    // Cannot use a loop with tokio::select, since stdin_copy_future_pinned being constantly ready will make the web server stop responding to HTTP requests
+    tokio::select! {
+      biased;
+
+      obtained_head = &mut stdout_parse_future => {
+        let obtained_head = obtained_head?;
+        if !obtained_head.is_empty() {
+          httparse::parse_headers(obtained_head, &mut headers)?;
+        }
+        head_obtained = true;
+      },
+      result = &mut stdin_copy_future_pinned => {
+        early_stdin_copied = true;
+        result?;
+      }
+    }
+
+    if !head_obtained {
+      // Kept it same as in the tokio::select macro
+      let obtained_head = stdout_parse_future.await?;
+      if !obtained_head.is_empty() {
+        httparse::parse_headers(obtained_head, &mut headers)?;
+      }
+    }
+  }
+
+  let mut response_builder = Response::builder();
+  let mut status_code = 200;
+  for header in headers {
+    if header == EMPTY_HEADER {
+      break;
+    }
+    let mut is_status_header = false;
+    match &header.name.to_lowercase() as &str {
+      "location" => {
+        if !(300..=399).contains(&status_code) {
+          status_code = 302;
+        }
+      }
+      "status" => {
+        is_status_header = true;
+        let header_value_cow = String::from_utf8_lossy(header.value);
+        let mut split_status = header_value_cow.split(" ");
+        let first_part = split_status.next();
+        if let Some(first_part) = first_part {
+          if first_part.starts_with("HTTP/") {
+            let second_part = split_status.next();
+            if let Some(second_part) = second_part {
+              if let Ok(parsed_status_code) = second_part.parse::<u16>() {
+                status_code = parsed_status_code;
+              }
+            }
+          } else if let Ok(parsed_status_code) = first_part.parse::<u16>() {
+            status_code = parsed_status_code;
+          }
+        }
+      }
+      _ => (),
+    }
+    if !is_status_header {
+      response_builder = response_builder.header(header.name, header.value);
+    }
+  }
+
+  response_builder = response_builder.status(status_code);
+
+  let reader_stream = ReaderStream::new(cgi_response);
+  let stream_body = StreamBody::new(reader_stream.map_ok(Frame::data));
+  let boxed_body = stream_body.boxed();
+
+  let response = response_builder.body(boxed_body)?;
+
+  if let Some(exit_code) = child.try_wait()? {
+    if !exit_code.success() {
+      if let Some(mut stderr) = stderr {
+        let mut stderr_string = String::new();
+        stderr
+          .read_to_string(&mut stderr_string)
+          .await
+          .unwrap_or_default();
+        let stderr_string_trimmed = stderr_string.trim();
+        if !stderr_string_trimmed.is_empty() {
+          error_logger
+            .log(&format!("There were CGI errors: {}", stderr_string_trimmed))
+            .await;
+        }
+      }
+      return Ok(
+        ResponseData::builder_without_request()
+          .status(StatusCode::INTERNAL_SERVER_ERROR)
+          .build(),
+      );
+    }
+  }
+
+  let error_logger = error_logger.clone();
+
+  Ok(
+    ResponseData::builder_without_request()
+      .response(response)
+      .parallel_fn(async move {
+        if !early_stdin_copied {
+          stdin_copy_future_pinned.await.unwrap_or_default();
+        }
+
+        if let Some(mut stderr) = stderr {
+          let mut stderr_string = String::new();
+          stderr
+            .read_to_string(&mut stderr_string)
+            .await
+            .unwrap_or_default();
+          let stderr_string_trimmed = stderr_string.trim();
+          if !stderr_string_trimmed.is_empty() {
+            error_logger
+              .log(&format!("There were CGI errors: {}", stderr_string_trimmed))
+              .await;
+          }
+        }
+      })
+      .build(),
+  )
+}
+
+#[allow(dead_code)]
+#[cfg(unix)]
+async fn get_executable(
+  execute_pathbuf: &PathBuf,
+) -> Result<Vec<String>, Box<dyn Error + Send + Sync>> {
+  use std::os::unix::fs::PermissionsExt;
+
+  let metadata = fs::metadata(&execute_pathbuf).await?;
+  let permissions = metadata.permissions();
+  let is_executable = permissions.mode() & 0o111 != 0;
+
+  if !is_executable {
+    Err(anyhow::anyhow!("The CGI program is not executable"))?
+  }
+
+  let executable_params_vector = vec![execute_pathbuf.to_string_lossy().to_string()];
+  Ok(executable_params_vector)
+}
+
+#[allow(dead_code)]
+#[cfg(not(unix))]
+async fn get_executable(
+  execute_pathbuf: &PathBuf,
+) -> Result<Vec<String>, Box<dyn Error + Send + Sync>> {
+  use tokio::io::{AsyncBufReadExt, AsyncSeekExt, BufReader};
+
+  let mut magic_signature_buffer = [0u8; 2];
+  let mut open_file = fs::File::open(&execute_pathbuf).await?;
+  if open_file
+    .read_exact(&mut magic_signature_buffer)
+    .await
+    .is_err()
+  {
+    Err(anyhow::anyhow!("Failed to read the CGI program signature"))?
+  }
+
+  match &magic_signature_buffer {
+    b"PE" => {
+      // Windows executables
+      let executable_params_vector = vec![execute_pathbuf.to_string_lossy().to_string()];
+      Ok(executable_params_vector)
+    }
+    b"#!" => {
+      // Scripts with a shebang line
+      open_file.rewind().await?;
+      let mut buffered_file = BufReader::new(open_file);
+      let mut shebang_line = String::new();
+      buffered_file.read_line(&mut shebang_line).await?;
+
+      let mut command_begin: Vec<String> = (&shebang_line[2..])
+        .replace("\r", "")
+        .replace("\n", "")
+        .split(" ")
+        .map(|s| s.to_owned())
+        .collect();
+      command_begin.push(execute_pathbuf.to_string_lossy().to_string());
+      Ok(command_begin)
+    }
+    _ => {
+      // It's not executable
+      Err(anyhow::anyhow!("The CGI program is not executable"))?
+    }
+  }
+}

ferron/src/optional_modules/example.rs

@@ -0,0 +1,143 @@
+use std::error::Error;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperUpgraded, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperResponse, WithRuntime};
+use async_trait::async_trait;
+use http_body_util::{BodyExt, Full};
+use hyper::Response;
+use hyper_tungstenite::HyperWebsocket;
+use tokio::runtime::Handle;
+
+// Define a struct for the module implementation
+struct ExampleModule;
+
+/// Initializes the server module and returns an instance of `ExampleModule`.
+pub fn server_module_init(
+  _config: &ServerConfig, // This is YAML configuration parsed as-is.
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  Ok(Box::new(ExampleModule::new()))
+}
+
+impl ExampleModule {
+  /// Creates a new instance of `ExampleModule`.
+  fn new() -> Self {
+    ExampleModule
+  }
+}
+
+/// Implements the `ServerModule` trait for `ExampleModule`.
+impl ServerModule for ExampleModule {
+  /// Returns an instance of `ExampleModuleHandlers` to handle HTTP requests.
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(ExampleModuleHandlers { handle })
+  }
+}
+
+// Define a struct to handle HTTP requests
+struct ExampleModuleHandlers {
+  handle: Handle,
+}
+
+/// Implements the `ServerModuleHandlers` trait for `ExampleModuleHandlers`.
+#[async_trait]
+impl ServerModuleHandlers for ExampleModuleHandlers {
+  /// Handles incoming HTTP requests.
+  /// If the request path is `/hello`, it responds with "Hello World!".
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      if request.get_hyper_request().uri().path() == "/hello" {
+        Ok(
+          ResponseData::builder(request)
+            .response(
+              Response::builder().body(
+                Full::new("Hello World!".into())
+                  .map_err(|e| match e {})
+                  .boxed(),
+              )?,
+            )
+            .build(),
+        )
+      } else {
+        Ok(ResponseData::builder(request).build())
+      }
+    })
+    .await
+  }
+
+  /// Handles non-CONNECT proxy requests (not used in this module).
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    // No proxy request handling needed.
+    Ok(ResponseData::builder(request).build())
+  }
+
+  /// Modifies outgoing responses (not used in this module).
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    // No response modification needed.
+    Ok(response)
+  }
+
+  /// Modifies outgoing proxy responses (not used in this module).
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    // No proxy response modification needed.
+    Ok(response)
+  }
+
+  /// Handles CONNECT proxy requests (not used in this module).
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    // No proxy request handling needed.
+    Ok(())
+  }
+
+  /// Checks if the module is a forward proxy module utilizing CONNECT method.
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    // This is not a forward proxy module utilizing CONNECT method
+    false
+  }
+
+  /// Handles WebSocket requests (not used in this module).
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    // No proxy request handling needed.
+    Ok(())
+  }
+
+  /// Checks if the module supports WebSocket connections.
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    // This module doesn't support WebSocket connections.
+    false
+  }
+}

ferron/src/optional_modules/fauth.rs

@@ -0,0 +1,572 @@
+// The "fauth" module is derived from the "rproxy" module, and inspired by Traefik's ForwardAuth middleware.
+
+use std::collections::HashMap;
+use std::error::Error;
+use std::str::FromStr;
+use std::sync::Arc;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperUpgraded, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperResponse, WithRuntime};
+use async_trait::async_trait;
+use http_body_util::combinators::BoxBody;
+use http_body_util::{BodyExt, Empty};
+use hyper::body::Bytes;
+use hyper::client::conn::http1::SendRequest;
+use hyper::header::HeaderName;
+use hyper::{header, Method, Request, StatusCode, Uri};
+use hyper_tungstenite::HyperWebsocket;
+use hyper_util::rt::TokioIo;
+use rustls::pki_types::ServerName;
+use rustls::RootCertStore;
+use rustls_native_certs::load_native_certs;
+use tokio::io::{AsyncRead, AsyncWrite};
+use tokio::net::TcpStream;
+use tokio::runtime::Handle;
+use tokio::sync::RwLock;
+use tokio_rustls::TlsConnector;
+
+const DEFAULT_CONCURRENT_CONNECTIONS_PER_HOST: u32 = 32;
+
+pub fn server_module_init(
+  _config: &ServerConfig,
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  let mut roots: RootCertStore = RootCertStore::empty();
+  let certs_result = load_native_certs();
+  if !certs_result.errors.is_empty() {
+    Err(anyhow::anyhow!(format!(
+      "Couldn't load the native certificate store: {}",
+      certs_result.errors[0]
+    )))?
+  }
+  let certs = certs_result.certs;
+
+  for cert in certs {
+    match roots.add(cert) {
+      Ok(_) => (),
+      Err(err) => Err(anyhow::anyhow!(format!(
+        "Couldn't add a certificate to the certificate store: {}",
+        err
+      )))?,
+    }
+  }
+
+  let mut connections_vec = Vec::new();
+  for _ in 0..DEFAULT_CONCURRENT_CONNECTIONS_PER_HOST {
+    connections_vec.push(RwLock::new(HashMap::new()));
+  }
+  Ok(Box::new(ForwardedAuthenticationModule::new(
+    Arc::new(roots),
+    Arc::new(connections_vec),
+  )))
+}
+
+#[allow(clippy::type_complexity)]
+struct ForwardedAuthenticationModule {
+  roots: Arc<RootCertStore>,
+  connections: Arc<Vec<RwLock<HashMap<String, SendRequest<BoxBody<Bytes, hyper::Error>>>>>>,
+}
+
+impl ForwardedAuthenticationModule {
+  #[allow(clippy::type_complexity)]
+  fn new(
+    roots: Arc<RootCertStore>,
+    connections: Arc<Vec<RwLock<HashMap<String, SendRequest<BoxBody<Bytes, hyper::Error>>>>>>,
+  ) -> Self {
+    Self { roots, connections }
+  }
+}
+
+impl ServerModule for ForwardedAuthenticationModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(ForwardedAuthenticationModuleHandlers {
+      roots: self.roots.clone(),
+      connections: self.connections.clone(),
+      handle,
+    })
+  }
+}
+
+#[allow(clippy::type_complexity)]
+struct ForwardedAuthenticationModuleHandlers {
+  handle: Handle,
+  roots: Arc<RootCertStore>,
+  connections: Arc<Vec<RwLock<HashMap<String, SendRequest<BoxBody<Bytes, hyper::Error>>>>>>,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for ForwardedAuthenticationModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      let mut auth_to = None;
+
+      if let Some(auth_to_str) = config["authTo"].as_str() {
+        auth_to = Some(auth_to_str.to_string());
+      }
+
+      let forwarded_auth_copy_headers = match config["forwardedAuthCopyHeaders"].as_vec() {
+        Some(vector) => {
+          let mut new_vector = Vec::new();
+          for yaml_value in vector.iter() {
+            if let Some(str_value) = yaml_value.as_str() {
+              new_vector.push(str_value.to_string());
+            }
+          }
+          new_vector
+        }
+        None => Vec::new(),
+      };
+
+      if let Some(auth_to) = auth_to {
+        let (hyper_request, auth_user, original_url) = request.into_parts();
+        let (hyper_request_parts, request_body) = hyper_request.into_parts();
+
+        let auth_request_url = auth_to.parse::<hyper::Uri>()?;
+        let scheme_str = auth_request_url.scheme_str();
+        let mut encrypted = false;
+
+        match scheme_str {
+          Some("http") => {
+            encrypted = false;
+          }
+          Some("https") => {
+            encrypted = true;
+          }
+          _ => Err(anyhow::anyhow!(
+            "Only HTTP and HTTPS reverse proxy URLs are supported."
+          ))?,
+        };
+
+        let host = match auth_request_url.host() {
+          Some(host) => host,
+          None => Err(anyhow::anyhow!(
+            "The reverse proxy URL doesn't include the host"
+          ))?,
+        };
+
+        let port = auth_request_url.port_u16().unwrap_or(match scheme_str {
+          Some("http") => 80,
+          Some("https") => 443,
+          _ => 80,
+        });
+
+        let addr = format!("{}:{}", host, port);
+        let authority = auth_request_url.authority().cloned();
+
+        let hyper_request_path = hyper_request_parts.uri.path();
+
+        let path_and_query = format!(
+          "{}{}",
+          hyper_request_path,
+          match hyper_request_parts.uri.query() {
+            Some(query) => format!("?{}", query),
+            None => "".to_string(),
+          }
+        );
+
+        let mut auth_hyper_request_parts = hyper_request_parts.clone();
+
+        auth_hyper_request_parts.uri = Uri::from_str(&format!(
+          "{}{}",
+          auth_request_url.path(),
+          match auth_request_url.query() {
+            Some(query) => format!("?{}", query),
+            None => "".to_string(),
+          }
+        ))?;
+
+        let original_host = hyper_request_parts.headers.get(header::HOST).cloned();
+
+        // Host header for host identification
+        match authority {
+          Some(authority) => {
+            auth_hyper_request_parts
+              .headers
+              .insert(header::HOST, authority.to_string().parse()?);
+          }
+          None => {
+            auth_hyper_request_parts.headers.remove(header::HOST);
+          }
+        }
+
+        // Connection header to enable HTTP/1.1 keep-alive
+        auth_hyper_request_parts
+          .headers
+          .insert(header::CONNECTION, "keep-alive".parse()?);
+
+        // X-Forwarded-* headers to send the client's data to a forwarded authentication server
+        auth_hyper_request_parts.headers.insert(
+          "x-forwarded-for",
+          socket_data
+            .remote_addr
+            .ip()
+            .to_canonical()
+            .to_string()
+            .parse()?,
+        );
+
+        if socket_data.encrypted {
+          auth_hyper_request_parts
+            .headers
+            .insert("x-forwarded-proto", "https".parse()?);
+        } else {
+          auth_hyper_request_parts
+            .headers
+            .insert("x-forwarded-proto", "http".parse()?);
+        }
+
+        if let Some(original_host) = original_host {
+          auth_hyper_request_parts
+            .headers
+            .insert("x-forwarded-host", original_host);
+        }
+
+        auth_hyper_request_parts
+          .headers
+          .insert("x-forwarded-uri", path_and_query.parse()?);
+
+        auth_hyper_request_parts.headers.insert(
+          "x-forwarded-method",
+          hyper_request_parts.method.as_str().parse()?,
+        );
+
+        auth_hyper_request_parts.method = Method::GET;
+
+        let auth_request = Request::from_parts(
+          auth_hyper_request_parts,
+          Empty::new().map_err(|e| match e {}).boxed(),
+        );
+        let original_hyper_request = Request::from_parts(hyper_request_parts, request_body);
+        let original_request = RequestData::new(original_hyper_request, auth_user, original_url);
+
+        let connections = &self.connections[rand::random_range(..self.connections.len())];
+
+        let rwlock_read = connections.read().await;
+        let sender_read_option = rwlock_read.get(&addr);
+
+        if let Some(sender_read) = sender_read_option {
+          if !sender_read.is_closed() {
+            drop(rwlock_read);
+            let mut rwlock_write = connections.write().await;
+            let sender_option = rwlock_write.get_mut(&addr);
+
+            if let Some(sender) = sender_option {
+              if !sender.is_closed() {
+                let result = http_forwarded_auth_kept_alive(
+                  sender,
+                  auth_request,
+                  error_logger,
+                  original_request,
+                  forwarded_auth_copy_headers,
+                )
+                .await;
+                drop(rwlock_write);
+                return result;
+              } else {
+                drop(rwlock_write);
+              }
+            } else {
+              drop(rwlock_write);
+            }
+          } else {
+            drop(rwlock_read);
+          }
+        } else {
+          drop(rwlock_read);
+        }
+
+        let stream = match TcpStream::connect(&addr).await {
+          Ok(stream) => stream,
+          Err(err) => {
+            match err.kind() {
+              tokio::io::ErrorKind::ConnectionRefused
+              | tokio::io::ErrorKind::NotFound
+              | tokio::io::ErrorKind::HostUnreachable => {
+                error_logger
+                  .log(&format!("Service unavailable: {}", err))
+                  .await;
+                return Ok(
+                  ResponseData::builder_without_request()
+                    .status(StatusCode::SERVICE_UNAVAILABLE)
+                    .build(),
+                );
+              }
+              tokio::io::ErrorKind::TimedOut => {
+                error_logger.log(&format!("Gateway timeout: {}", err)).await;
+                return Ok(
+                  ResponseData::builder_without_request()
+                    .status(StatusCode::GATEWAY_TIMEOUT)
+                    .build(),
+                );
+              }
+              _ => {
+                error_logger.log(&format!("Bad gateway: {}", err)).await;
+                return Ok(
+                  ResponseData::builder_without_request()
+                    .status(StatusCode::BAD_GATEWAY)
+                    .build(),
+                );
+              }
+            };
+          }
+        };
+
+        match stream.set_nodelay(true) {
+          Ok(_) => (),
+          Err(err) => {
+            error_logger.log(&format!("Bad gateway: {}", err)).await;
+            return Ok(
+              ResponseData::builder_without_request()
+                .status(StatusCode::BAD_GATEWAY)
+                .build(),
+            );
+          }
+        };
+
+        if !encrypted {
+          http_forwarded_auth(
+            connections,
+            addr,
+            stream,
+            auth_request,
+            error_logger,
+            original_request,
+            forwarded_auth_copy_headers,
+          )
+          .await
+        } else {
+          let tls_client_config = rustls::ClientConfig::builder()
+            .with_root_certificates(self.roots.clone())
+            .with_no_client_auth();
+          let connector = TlsConnector::from(Arc::new(tls_client_config));
+          let domain = ServerName::try_from(host)?.to_owned();
+
+          let tls_stream = match connector.connect(domain, stream).await {
+            Ok(stream) => stream,
+            Err(err) => {
+              error_logger.log(&format!("Bad gateway: {}", err)).await;
+              return Ok(
+                ResponseData::builder_without_request()
+                  .status(StatusCode::BAD_GATEWAY)
+                  .build(),
+              );
+            }
+          };
+
+          http_forwarded_auth(
+            connections,
+            addr,
+            tls_stream,
+            auth_request,
+            error_logger,
+            original_request,
+            forwarded_auth_copy_headers,
+          )
+          .await
+        }
+      } else {
+        Ok(ResponseData::builder(request).build())
+      }
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}
+
+async fn http_forwarded_auth(
+  connections: &RwLock<HashMap<String, SendRequest<BoxBody<Bytes, hyper::Error>>>>,
+  connect_addr: String,
+  stream: impl AsyncRead + AsyncWrite + Send + Unpin + 'static,
+  proxy_request: Request<BoxBody<Bytes, hyper::Error>>,
+  error_logger: &ErrorLogger,
+  mut original_request: RequestData,
+  forwarded_auth_copy_headers: Vec<String>,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let io = TokioIo::new(stream);
+
+  let (mut sender, conn) = match hyper::client::conn::http1::handshake(io).await {
+    Ok(data) => data,
+    Err(err) => {
+      error_logger.log(&format!("Bad gateway: {}", err)).await;
+      return Ok(
+        ResponseData::builder_without_request()
+          .status(StatusCode::BAD_GATEWAY)
+          .build(),
+      );
+    }
+  };
+
+  let send_request = sender.send_request(proxy_request);
+
+  let mut pinned_conn = Box::pin(conn);
+  tokio::pin!(send_request);
+
+  let response;
+
+  loop {
+    tokio::select! {
+      biased;
+
+       proxy_response = &mut send_request => {
+        let proxy_response = match proxy_response {
+          Ok(response) => response,
+          Err(err) => {
+            error_logger.log(&format!("Bad gateway: {}", err)).await;
+            return Ok(ResponseData::builder_without_request().status(StatusCode::BAD_GATEWAY).build());
+          }
+        };
+
+        if proxy_response.status().is_success() {
+          if !forwarded_auth_copy_headers.is_empty() {
+            let response_headers = proxy_response.headers();
+            let request_headers = original_request.get_mut_hyper_request().headers_mut();
+            for forwarded_auth_copy_header_string in forwarded_auth_copy_headers.iter() {
+              let forwarded_auth_copy_header= HeaderName::from_str(forwarded_auth_copy_header_string)?;
+              if response_headers.contains_key(&forwarded_auth_copy_header) {
+                while request_headers.remove(&forwarded_auth_copy_header).is_some() {}
+                for header_value in response_headers.get_all(&forwarded_auth_copy_header).iter() {
+                  request_headers.append(&forwarded_auth_copy_header, header_value.clone());
+                }
+              }
+            }
+          }
+          response = ResponseData::builder(original_request).build();
+        } else {
+          response = ResponseData::builder_without_request()
+          .response(proxy_response.map(|b| {
+            b.map_err(|e| std::io::Error::other(e.to_string()))
+              .boxed()
+          }))
+          .parallel_fn(async move {
+            pinned_conn.await.unwrap_or_default();
+          })
+          .build();
+
+        }
+
+        break;
+      },
+      state = &mut pinned_conn => {
+        if state.is_err() {
+          error_logger.log("Bad gateway: incomplete response").await;
+          return Ok(ResponseData::builder_without_request().status(StatusCode::BAD_GATEWAY).build());
+        }
+      },
+    };
+  }
+
+  if !sender.is_closed() {
+    let mut rwlock_write = connections.write().await;
+    rwlock_write.insert(connect_addr, sender);
+    drop(rwlock_write);
+  }
+
+  Ok(response)
+}
+
+async fn http_forwarded_auth_kept_alive(
+  sender: &mut SendRequest<BoxBody<Bytes, hyper::Error>>,
+  proxy_request: Request<BoxBody<Bytes, hyper::Error>>,
+  error_logger: &ErrorLogger,
+  mut original_request: RequestData,
+  forwarded_auth_copy_headers: Vec<String>,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let proxy_response = match sender.send_request(proxy_request).await {
+    Ok(response) => response,
+    Err(err) => {
+      error_logger.log(&format!("Bad gateway: {}", err)).await;
+      return Ok(
+        ResponseData::builder_without_request()
+          .status(StatusCode::BAD_GATEWAY)
+          .build(),
+      );
+    }
+  };
+
+  let response = if proxy_response.status().is_success() {
+    if !forwarded_auth_copy_headers.is_empty() {
+      let response_headers = proxy_response.headers();
+      let request_headers = original_request.get_mut_hyper_request().headers_mut();
+      for forwarded_auth_copy_header_string in forwarded_auth_copy_headers.iter() {
+        let forwarded_auth_copy_header = HeaderName::from_str(forwarded_auth_copy_header_string)?;
+        if response_headers.contains_key(&forwarded_auth_copy_header) {
+          while request_headers
+            .remove(&forwarded_auth_copy_header)
+            .is_some()
+          {}
+          for header_value in response_headers.get_all(&forwarded_auth_copy_header).iter() {
+            request_headers.append(&forwarded_auth_copy_header, header_value.clone());
+          }
+        }
+      }
+    }
+    ResponseData::builder(original_request).build()
+  } else {
+    ResponseData::builder_without_request()
+      .response(proxy_response.map(|b| b.map_err(|e| std::io::Error::other(e.to_string())).boxed()))
+      .build()
+  };
+
+  Ok(response)
+}

ferron/src/optional_modules/fcgi.rs

@@ -0,0 +1,964 @@
+// FastCGI handler code inspired by SVR.JS's GreenRhombus mod, translated from JavaScript to Rust.
+// Based on the "cgi" and "scgi" module
+use std::env;
+use std::error::Error;
+use std::path::{Path, PathBuf};
+use std::sync::Arc;
+use std::time::Duration;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperRequest, HyperResponse, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperUpgraded, WithRuntime};
+use async_trait::async_trait;
+use futures_util::future::Either;
+use futures_util::TryStreamExt;
+use hashlink::LinkedHashMap;
+use http_body_util::{BodyExt, StreamBody};
+use httparse::EMPTY_HEADER;
+use hyper::body::{Bytes, Frame};
+use hyper::{header, Response, StatusCode};
+use hyper_tungstenite::HyperWebsocket;
+use tokio::fs;
+use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt};
+use tokio::net::TcpStream;
+use tokio::runtime::Handle;
+use tokio::sync::RwLock;
+use tokio_util::codec::{FramedRead, FramedWrite};
+use tokio_util::io::{ReaderStream, SinkWriter, StreamReader};
+
+use crate::ferron_res::server_software::SERVER_SOFTWARE;
+use crate::ferron_util::cgi_response::CgiResponse;
+use crate::ferron_util::copy_move::Copier;
+use crate::ferron_util::fcgi_decoder::{FcgiDecodedData, FcgiDecoder};
+use crate::ferron_util::fcgi_encoder::FcgiEncoder;
+use crate::ferron_util::fcgi_name_value_pair::construct_fastcgi_name_value_pair;
+use crate::ferron_util::fcgi_record::construct_fastcgi_record;
+use crate::ferron_util::read_to_end_move::ReadToEndFuture;
+use crate::ferron_util::split_stream_by_map::SplitStreamByMapExt;
+use crate::ferron_util::ttl_cache::TtlCache;
+
+pub fn server_module_init(
+  _config: &ServerConfig,
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  let cache = Arc::new(RwLock::new(TtlCache::new(Duration::from_millis(100))));
+  Ok(Box::new(FcgiModule::new(cache)))
+}
+
+#[allow(clippy::type_complexity)]
+struct FcgiModule {
+  path_cache: Arc<RwLock<TtlCache<String, (Option<PathBuf>, Option<String>)>>>,
+}
+
+impl FcgiModule {
+  #[allow(clippy::type_complexity)]
+  fn new(path_cache: Arc<RwLock<TtlCache<String, (Option<PathBuf>, Option<String>)>>>) -> Self {
+    Self { path_cache }
+  }
+}
+
+impl ServerModule for FcgiModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(FcgiModuleHandlers {
+      path_cache: self.path_cache.clone(),
+      handle,
+    })
+  }
+}
+
+#[allow(clippy::type_complexity)]
+struct FcgiModuleHandlers {
+  handle: Handle,
+  path_cache: Arc<RwLock<TtlCache<String, (Option<PathBuf>, Option<String>)>>>,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for FcgiModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      let mut fastcgi_script_exts = Vec::new();
+
+      let fastcgi_script_exts_yaml = &config["fcgiScriptExtensions"];
+      if let Some(fastcgi_script_exts_obtained) = fastcgi_script_exts_yaml.as_vec() {
+        for fastcgi_script_ext_yaml in fastcgi_script_exts_obtained.iter() {
+          if let Some(fastcgi_script_ext) = fastcgi_script_ext_yaml.as_str() {
+            fastcgi_script_exts.push(fastcgi_script_ext);
+          }
+        }
+      }
+
+      let mut fastcgi_to = "tcp://localhost:4000/";
+      let fastcgi_to_yaml = &config["fcgiTo"];
+      if let Some(fastcgi_to_obtained) = fastcgi_to_yaml.as_str() {
+        fastcgi_to = fastcgi_to_obtained;
+      }
+
+      let mut fastcgi_path = None;
+      if let Some(fastcgi_path_obtained) = config["fcgiPath"].as_str() {
+        fastcgi_path = Some(fastcgi_path_obtained.to_string());
+      }
+
+      let hyper_request = request.get_hyper_request();
+
+      let request_path = hyper_request.uri().path();
+      let mut request_path_bytes = request_path.bytes();
+      if request_path_bytes.len() < 1 || request_path_bytes.nth(0) != Some(b'/') {
+        return Ok(
+          ResponseData::builder(request)
+            .status(StatusCode::BAD_REQUEST)
+            .build(),
+        );
+      }
+
+      let mut execute_pathbuf = None;
+      let mut execute_path_info = None;
+      let mut wwwroot_detected = None;
+
+      if let Some(fastcgi_path) = fastcgi_path {
+        let mut canonical_fastcgi_path: &str = &fastcgi_path;
+        if canonical_fastcgi_path.bytes().last() == Some(b'/') {
+          canonical_fastcgi_path = &canonical_fastcgi_path[..(canonical_fastcgi_path.len() - 1)];
+        }
+
+        let request_path_with_slashes = match request_path == canonical_fastcgi_path {
+          true => format!("{}/", request_path),
+          false => request_path.to_string(),
+        };
+        if let Some(stripped_request_path) =
+          request_path_with_slashes.strip_prefix(canonical_fastcgi_path)
+        {
+          let wwwroot_yaml = &config["wwwroot"];
+          let wwwroot = wwwroot_yaml.as_str().unwrap_or("/nonexistent");
+
+          let wwwroot_unknown = PathBuf::from(wwwroot);
+          let wwwroot_pathbuf = match wwwroot_unknown.as_path().is_absolute() {
+            true => wwwroot_unknown,
+            false => match fs::canonicalize(&wwwroot_unknown).await {
+              Ok(pathbuf) => pathbuf,
+              Err(_) => wwwroot_unknown,
+            },
+          };
+          wwwroot_detected = Some(wwwroot_pathbuf.clone());
+          let wwwroot = wwwroot_pathbuf.as_path();
+
+          let mut relative_path = &request_path[1..];
+          while relative_path.as_bytes().first().copied() == Some(b'/') {
+            relative_path = &relative_path[1..];
+          }
+
+          let decoded_relative_path = match urlencoding::decode(relative_path) {
+            Ok(path) => path.to_string(),
+            Err(_) => {
+              return Ok(
+                ResponseData::builder(request)
+                  .status(StatusCode::BAD_REQUEST)
+                  .build(),
+              );
+            }
+          };
+
+          let joined_pathbuf = wwwroot.join(decoded_relative_path);
+          execute_pathbuf = Some(joined_pathbuf);
+          execute_path_info = stripped_request_path
+            .strip_prefix("/")
+            .map(|s| s.to_string());
+        }
+      }
+
+      if execute_pathbuf.is_none() {
+        if let Some(wwwroot) = config["wwwroot"].as_str() {
+          let cache_key = format!(
+            "{}{}{}",
+            match config["ip"].as_str() {
+              Some(ip) => format!("{}-", ip),
+              None => String::from(""),
+            },
+            match config["domain"].as_str() {
+              Some(domain) => format!("{}-", domain),
+              None => String::from(""),
+            },
+            request_path
+          );
+
+          let wwwroot_unknown = PathBuf::from(wwwroot);
+          let wwwroot_pathbuf = match wwwroot_unknown.as_path().is_absolute() {
+            true => wwwroot_unknown,
+            false => match fs::canonicalize(&wwwroot_unknown).await {
+              Ok(pathbuf) => pathbuf,
+              Err(_) => wwwroot_unknown,
+            },
+          };
+          wwwroot_detected = Some(wwwroot_pathbuf.clone());
+          let wwwroot = wwwroot_pathbuf.as_path();
+
+          let read_rwlock = self.path_cache.read().await;
+          let (execute_pathbuf_got, execute_path_info_got) = match read_rwlock.get(&cache_key) {
+            Some(data) => {
+              drop(read_rwlock);
+              data
+            }
+            None => {
+              drop(read_rwlock);
+              let mut relative_path = &request_path[1..];
+              while relative_path.as_bytes().first().copied() == Some(b'/') {
+                relative_path = &relative_path[1..];
+              }
+
+              let decoded_relative_path = match urlencoding::decode(relative_path) {
+                Ok(path) => path.to_string(),
+                Err(_) => {
+                  return Ok(
+                    ResponseData::builder(request)
+                      .status(StatusCode::BAD_REQUEST)
+                      .build(),
+                  );
+                }
+              };
+
+              let joined_pathbuf = wwwroot.join(decoded_relative_path);
+              let mut execute_pathbuf: Option<PathBuf> = None;
+              let mut execute_path_info: Option<String> = None;
+
+              match fs::metadata(&joined_pathbuf).await {
+                Ok(metadata) => {
+                  if metadata.is_file() {
+                    let contained_extension = joined_pathbuf
+                      .extension()
+                      .map(|a| format!(".{}", a.to_string_lossy()));
+                    if let Some(contained_extension) = contained_extension {
+                      if fastcgi_script_exts.contains(&(&contained_extension as &str)) {
+                        execute_pathbuf = Some(joined_pathbuf);
+                      }
+                    }
+                  } else if metadata.is_dir() {
+                    let indexes = vec!["index.php", "index.cgi"];
+                    for index in indexes {
+                      let temp_joined_pathbuf = joined_pathbuf.join(index);
+                      match fs::metadata(&temp_joined_pathbuf).await {
+                        Ok(temp_metadata) => {
+                          if temp_metadata.is_file() {
+                            let contained_extension = temp_joined_pathbuf
+                              .extension()
+                              .map(|a| format!(".{}", a.to_string_lossy()));
+                            if let Some(contained_extension) = contained_extension {
+                              if fastcgi_script_exts.contains(&(&contained_extension as &str)) {
+                                execute_pathbuf = Some(temp_joined_pathbuf);
+                                break;
+                              }
+                            }
+                          }
+                        }
+                        Err(_) => continue,
+                      };
+                    }
+                  }
+                }
+                Err(err) => {
+                  if err.kind() == tokio::io::ErrorKind::NotADirectory {
+                    // TODO: find a file
+                    let mut temp_pathbuf = joined_pathbuf.clone();
+                    loop {
+                      if !temp_pathbuf.pop() {
+                        break;
+                      }
+                      match fs::metadata(&temp_pathbuf).await {
+                        Ok(metadata) => {
+                          if metadata.is_file() {
+                            let temp_path = temp_pathbuf.as_path();
+                            if !temp_path.starts_with(wwwroot) {
+                              // Traversed above the webroot, so ignore that.
+                              break;
+                            }
+                            let path_info = match joined_pathbuf.as_path().strip_prefix(temp_path) {
+                              Ok(path) => {
+                                let path = path.to_string_lossy().to_string();
+                                Some(match cfg!(windows) {
+                                  true => path.replace("\\", "/"),
+                                  false => path,
+                                })
+                              }
+                              Err(_) => None,
+                            };
+                            let mut request_path_normalized = match cfg!(windows) {
+                              true => request_path.to_lowercase(),
+                              false => request_path.to_string(),
+                            };
+                            while request_path_normalized.contains("//") {
+                              request_path_normalized = request_path_normalized.replace("//", "/");
+                            }
+                            if request_path_normalized == "/cgi-bin"
+                              || request_path_normalized.starts_with("/cgi-bin/")
+                            {
+                              execute_pathbuf = Some(temp_pathbuf);
+                              execute_path_info = path_info;
+                              break;
+                            } else {
+                              let contained_extension = temp_pathbuf
+                                .extension()
+                                .map(|a| format!(".{}", a.to_string_lossy()));
+                              if let Some(contained_extension) = contained_extension {
+                                if fastcgi_script_exts.contains(&(&contained_extension as &str)) {
+                                  execute_pathbuf = Some(temp_pathbuf);
+                                  execute_path_info = path_info;
+                                  break;
+                                }
+                              }
+                            }
+                          } else {
+                            break;
+                          }
+                        }
+                        Err(err) => match err.kind() {
+                          tokio::io::ErrorKind::NotADirectory => (),
+                          _ => break,
+                        },
+                      };
+                    }
+                  }
+                }
+              };
+              let data = (execute_pathbuf, execute_path_info);
+
+              let mut write_rwlock = self.path_cache.write().await;
+              write_rwlock.cleanup();
+              write_rwlock.insert(cache_key, data.clone());
+              drop(write_rwlock);
+              data
+            }
+          };
+
+          execute_pathbuf = execute_pathbuf_got;
+          execute_path_info = execute_path_info_got;
+        }
+      }
+
+      if let Some(execute_pathbuf) = execute_pathbuf {
+        if let Some(wwwroot_detected) = wwwroot_detected {
+          return execute_fastcgi_with_environment_variables(
+            request,
+            socket_data,
+            error_logger,
+            wwwroot_detected.as_path(),
+            execute_pathbuf,
+            execute_path_info,
+            config["serverAdministratorEmail"].as_str(),
+            fastcgi_to,
+          )
+          .await;
+        }
+      }
+
+      Ok(ResponseData::builder(request).build())
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}
+
+#[allow(clippy::too_many_arguments)]
+async fn execute_fastcgi_with_environment_variables(
+  request: RequestData,
+  socket_data: &SocketData,
+  error_logger: &ErrorLogger,
+  wwwroot: &Path,
+  execute_pathbuf: PathBuf,
+  path_info: Option<String>,
+  server_administrator_email: Option<&str>,
+  fastcgi_to: &str,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let mut environment_variables: LinkedHashMap<String, String> = LinkedHashMap::new();
+
+  let hyper_request = request.get_hyper_request();
+  let original_request_uri = request.get_original_url().unwrap_or(hyper_request.uri());
+
+  if let Some(auth_user) = request.get_auth_user() {
+    if let Some(authorization) = hyper_request.headers().get(header::AUTHORIZATION) {
+      let authorization_value = String::from_utf8_lossy(authorization.as_bytes()).to_string();
+      let mut authorization_value_split = authorization_value.split(" ");
+      if let Some(authorization_type) = authorization_value_split.next() {
+        environment_variables.insert("AUTH_TYPE".to_string(), authorization_type.to_string());
+      }
+    }
+    environment_variables.insert("REMOTE_USER".to_string(), auth_user.to_string());
+  }
+
+  environment_variables.insert(
+    "QUERY_STRING".to_string(),
+    match hyper_request.uri().query() {
+      Some(query) => query.to_string(),
+      None => "".to_string(),
+    },
+  );
+
+  environment_variables.insert("SERVER_SOFTWARE".to_string(), SERVER_SOFTWARE.to_string());
+  environment_variables.insert(
+    "SERVER_PROTOCOL".to_string(),
+    match hyper_request.version() {
+      hyper::Version::HTTP_09 => "HTTP/0.9".to_string(),
+      hyper::Version::HTTP_10 => "HTTP/1.0".to_string(),
+      hyper::Version::HTTP_11 => "HTTP/1.1".to_string(),
+      hyper::Version::HTTP_2 => "HTTP/2.0".to_string(),
+      hyper::Version::HTTP_3 => "HTTP/3.0".to_string(),
+      _ => "HTTP/Unknown".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "SERVER_PORT".to_string(),
+    socket_data.local_addr.port().to_string(),
+  );
+  environment_variables.insert(
+    "SERVER_ADDR".to_string(),
+    socket_data.local_addr.ip().to_canonical().to_string(),
+  );
+  if let Some(server_administrator_email) = server_administrator_email {
+    environment_variables.insert(
+      "SERVER_ADMIN".to_string(),
+      server_administrator_email.to_string(),
+    );
+  }
+  if let Some(host) = hyper_request.headers().get(header::HOST) {
+    environment_variables.insert(
+      "SERVER_NAME".to_string(),
+      String::from_utf8_lossy(host.as_bytes()).to_string(),
+    );
+  }
+
+  environment_variables.insert(
+    "DOCUMENT_ROOT".to_string(),
+    wwwroot.to_string_lossy().to_string(),
+  );
+  environment_variables.insert(
+    "PATH_INFO".to_string(),
+    match &path_info {
+      Some(path_info) => format!("/{}", path_info),
+      None => "".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "PATH_TRANSLATED".to_string(),
+    match &path_info {
+      Some(path_info) => {
+        let mut path_translated = execute_pathbuf.clone();
+        path_translated.push(path_info);
+        path_translated.to_string_lossy().to_string()
+      }
+      None => "".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "REQUEST_METHOD".to_string(),
+    hyper_request.method().to_string(),
+  );
+  environment_variables.insert("GATEWAY_INTERFACE".to_string(), "CGI/1.1".to_string());
+  environment_variables.insert(
+    "REQUEST_URI".to_string(),
+    format!(
+      "{}{}",
+      original_request_uri.path(),
+      match original_request_uri.query() {
+        Some(query) => format!("?{}", query),
+        None => String::from(""),
+      }
+    ),
+  );
+
+  environment_variables.insert(
+    "REMOTE_PORT".to_string(),
+    socket_data.remote_addr.port().to_string(),
+  );
+  environment_variables.insert(
+    "REMOTE_ADDR".to_string(),
+    socket_data.remote_addr.ip().to_canonical().to_string(),
+  );
+
+  environment_variables.insert(
+    "SCRIPT_FILENAME".to_string(),
+    execute_pathbuf.to_string_lossy().to_string(),
+  );
+  if let Ok(script_path) = execute_pathbuf.as_path().strip_prefix(wwwroot) {
+    environment_variables.insert(
+      "SCRIPT_NAME".to_string(),
+      format!(
+        "/{}",
+        match cfg!(windows) {
+          true => script_path.to_string_lossy().to_string().replace("\\", "/"),
+          false => script_path.to_string_lossy().to_string(),
+        }
+      ),
+    );
+  }
+
+  if socket_data.encrypted {
+    environment_variables.insert("HTTPS".to_string(), "ON".to_string());
+  }
+
+  let mut content_length_set = false;
+  for (header_name, header_value) in hyper_request.headers().iter() {
+    let env_header_name = match *header_name {
+      header::CONTENT_LENGTH => {
+        content_length_set = true;
+        "CONTENT_LENGTH".to_string()
+      }
+      header::CONTENT_TYPE => "CONTENT_TYPE".to_string(),
+      _ => {
+        let mut result = String::new();
+
+        result.push_str("HTTP_");
+
+        for c in header_name.as_str().to_uppercase().chars() {
+          if c.is_alphanumeric() {
+            result.push(c);
+          } else {
+            result.push('_');
+          }
+        }
+
+        result
+      }
+    };
+    if environment_variables.contains_key(&env_header_name) {
+      let value = environment_variables.get_mut(&env_header_name);
+      if let Some(value) = value {
+        if env_header_name == "HTTP_COOKIE" {
+          value.push_str("; ");
+        } else {
+          // See https://stackoverflow.com/a/1801191
+          value.push_str(", ");
+        }
+        value.push_str(String::from_utf8_lossy(header_value.as_bytes()).as_ref());
+      } else {
+        environment_variables.insert(
+          env_header_name,
+          String::from_utf8_lossy(header_value.as_bytes()).to_string(),
+        );
+      }
+    } else {
+      environment_variables.insert(
+        env_header_name,
+        String::from_utf8_lossy(header_value.as_bytes()).to_string(),
+      );
+    }
+  }
+
+  if !content_length_set {
+    environment_variables.insert("CONTENT_LENGTH".to_string(), "0".to_string());
+  }
+
+  let (hyper_request, _, _) = request.into_parts();
+
+  execute_fastcgi(
+    hyper_request,
+    error_logger,
+    fastcgi_to,
+    environment_variables,
+  )
+  .await
+}
+
+async fn execute_fastcgi(
+  hyper_request: HyperRequest,
+  error_logger: &ErrorLogger,
+  fastcgi_to: &str,
+  mut environment_variables: LinkedHashMap<String, String>,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let (_, body) = hyper_request.into_parts();
+
+  // Insert other environment variables
+  for (key, value) in env::vars_os() {
+    let key_string = key.to_string_lossy().to_string();
+    let value_string = value.to_string_lossy().to_string();
+    environment_variables
+      .entry(key_string)
+      .or_insert(value_string);
+  }
+
+  let fastcgi_to_fixed = if let Some(stripped) = fastcgi_to.strip_prefix("unix:///") {
+    // hyper::Uri fails to parse a string if there is an empty authority, so add an "ignore" authority to Unix socket URLs
+    &format!("unix://ignore/{}", stripped)
+  } else {
+    fastcgi_to
+  };
+
+  let fastcgi_to_url = fastcgi_to_fixed.parse::<hyper::Uri>()?;
+  let scheme_str = fastcgi_to_url.scheme_str();
+
+  let (socket_reader, mut socket_writer) = match scheme_str {
+    Some("tcp") => {
+      let host = match fastcgi_to_url.host() {
+        Some(host) => host,
+        None => Err(anyhow::anyhow!("The FastCGI URL doesn't include the host"))?,
+      };
+
+      let port = match fastcgi_to_url.port_u16() {
+        Some(port) => port,
+        None => Err(anyhow::anyhow!("The FastCGI URL doesn't include the port"))?,
+      };
+
+      let addr = format!("{}:{}", host, port);
+
+      match connect_tcp(&addr).await {
+        Ok(data) => data,
+        Err(err) => match err.kind() {
+          tokio::io::ErrorKind::ConnectionRefused
+          | tokio::io::ErrorKind::NotFound
+          | tokio::io::ErrorKind::HostUnreachable => {
+            error_logger
+              .log(&format!("Service unavailable: {}", err))
+              .await;
+            return Ok(
+              ResponseData::builder_without_request()
+                .status(StatusCode::SERVICE_UNAVAILABLE)
+                .build(),
+            );
+          }
+          _ => Err(err)?,
+        },
+      }
+    }
+    Some("unix") => {
+      let path = fastcgi_to_url.path();
+      match connect_unix(path).await {
+        Ok(data) => data,
+        Err(err) => match err.kind() {
+          tokio::io::ErrorKind::ConnectionRefused
+          | tokio::io::ErrorKind::NotFound
+          | tokio::io::ErrorKind::HostUnreachable => {
+            error_logger
+              .log(&format!("Service unavailable: {}", err))
+              .await;
+            return Ok(
+              ResponseData::builder_without_request()
+                .status(StatusCode::SERVICE_UNAVAILABLE)
+                .build(),
+            );
+          }
+          _ => Err(err)?,
+        },
+      }
+    }
+    _ => Err(anyhow::anyhow!(
+      "Only HTTP and HTTPS reverse proxy URLs are supported."
+    ))?,
+  };
+
+  // Construct and send BEGIN_REQUEST record
+  // Use the responder role and don't use keep-alive
+  let begin_request_packet = construct_fastcgi_record(1, 1, &[0, 1, 0, 0, 0, 0, 0, 0]);
+  socket_writer.write_all(&begin_request_packet).await?;
+
+  // Construct and send PARAMS records
+  let mut environment_variables_to_wrap = Vec::new();
+  for (key, value) in environment_variables.iter() {
+    let mut environment_variable =
+      construct_fastcgi_name_value_pair(key.as_bytes(), value.as_bytes());
+    environment_variables_to_wrap.append(&mut environment_variable);
+  }
+  if !environment_variables_to_wrap.is_empty() {
+    let mut offset = 0;
+    while offset < environment_variables_to_wrap.len() {
+      let chunk_size = std::cmp::min(65536, environment_variables_to_wrap.len() - offset);
+      let chunk = &environment_variables_to_wrap[offset..offset + chunk_size];
+
+      // Record type 4 means PARAMS
+      let params_packet = construct_fastcgi_record(4, 1, chunk);
+      socket_writer.write_all(&params_packet).await?;
+
+      offset += chunk_size;
+    }
+  }
+
+  let params_packet_terminating = construct_fastcgi_record(4, 1, &[]);
+  socket_writer.write_all(&params_packet_terminating).await?;
+
+  let cgi_stdin_reader = StreamReader::new(body.into_data_stream().map_err(std::io::Error::other));
+
+  // Emulated standard input, standard output, and standard error
+  type EitherStream = Either<Result<Bytes, std::io::Error>, Result<Bytes, std::io::Error>>;
+  let stdin = SinkWriter::new(FramedWrite::new(socket_writer, FcgiEncoder::new()));
+  let stdout_and_stderr = FramedRead::new(socket_reader, FcgiDecoder::new());
+  let (stdout_stream, stderr_stream) = stdout_and_stderr.split_by_map(|item| match item {
+    Ok(FcgiDecodedData::Stdout(bytes)) => EitherStream::Left(Ok(bytes)),
+    Ok(FcgiDecodedData::Stderr(bytes)) => EitherStream::Right(Ok(bytes)),
+    Err(err) => EitherStream::Left(Err(err)),
+  });
+  let stdout = StreamReader::new(stdout_stream);
+  let stderr = StreamReader::new(stderr_stream);
+
+  let mut cgi_response = CgiResponse::new(stdout);
+
+  let stdin_copy_future = Copier::with_zero_packet_writing(cgi_stdin_reader, stdin).copy();
+  let mut stdin_copy_future_pinned = Box::pin(stdin_copy_future);
+
+  let stderr_read_future = ReadToEndFuture::new(stderr);
+  let mut stderr_read_future_pinned = Box::pin(stderr_read_future);
+
+  let mut headers = [EMPTY_HEADER; 128];
+
+  let mut early_stdin_copied = false;
+
+  // Needed to wrap this in another scope to prevent errors with multiple mutable borrows.
+  {
+    let mut head_obtained = false;
+    let stdout_parse_future = cgi_response.get_head();
+    tokio::pin!(stdout_parse_future);
+
+    // Cannot use a loop with tokio::select, since stdin_copy_future_pinned being constantly ready will make the web server stop responding to HTTP requests
+    tokio::select! {
+      biased;
+
+      result = &mut stdin_copy_future_pinned => {
+        early_stdin_copied = true;
+        result?;
+      },
+      obtained_head = &mut stdout_parse_future => {
+        let obtained_head = obtained_head?;
+        if !obtained_head.is_empty() {
+          httparse::parse_headers(obtained_head, &mut headers)?;
+        }
+        head_obtained = true;
+      },
+      result = &mut stderr_read_future_pinned => {
+        let stderr_vec = result?;
+          let stderr_string = String::from_utf8_lossy(stderr_vec.as_slice()).to_string();
+          if !stderr_string.is_empty() {
+            error_logger
+              .log(&format!("There were CGI errors: {}", stderr_string))
+              .await;
+          }
+        return Ok(
+          ResponseData::builder_without_request()
+            .status(StatusCode::INTERNAL_SERVER_ERROR)
+            .build(),
+        );
+      },
+    }
+
+    if !head_obtained {
+      // Kept it same as in the tokio::select macro
+      tokio::select! {
+        biased;
+
+        result = &mut stderr_read_future_pinned => {
+          let stderr_vec = result?;
+            let stderr_string = String::from_utf8_lossy(stderr_vec.as_slice()).to_string();
+            if !stderr_string.is_empty() {
+              error_logger
+                .log(&format!("There were FastCGI errors: {}", stderr_string))
+                .await;
+            }
+          return Ok(
+            ResponseData::builder_without_request()
+              .status(StatusCode::INTERNAL_SERVER_ERROR)
+              .build(),
+          );
+        },
+        obtained_head = &mut stdout_parse_future => {
+          let obtained_head = obtained_head?;
+          if !obtained_head.is_empty() {
+            httparse::parse_headers(obtained_head, &mut headers)?;
+          }
+        }
+      }
+    }
+  }
+
+  let mut response_builder = Response::builder();
+  let mut status_code = 200;
+  for header in headers {
+    if header == EMPTY_HEADER {
+      break;
+    }
+    let mut is_status_header = false;
+    match &header.name.to_lowercase() as &str {
+      "location" => {
+        if !(300..=399).contains(&status_code) {
+          status_code = 302;
+        }
+      }
+      "status" => {
+        is_status_header = true;
+        let header_value_cow = String::from_utf8_lossy(header.value);
+        let mut split_status = header_value_cow.split(" ");
+        let first_part = split_status.next();
+        if let Some(first_part) = first_part {
+          if first_part.starts_with("HTTP/") {
+            let second_part = split_status.next();
+            if let Some(second_part) = second_part {
+              if let Ok(parsed_status_code) = second_part.parse::<u16>() {
+                status_code = parsed_status_code;
+              }
+            }
+          } else if let Ok(parsed_status_code) = first_part.parse::<u16>() {
+            status_code = parsed_status_code;
+          }
+        }
+      }
+      _ => (),
+    }
+    if !is_status_header {
+      response_builder = response_builder.header(header.name, header.value);
+    }
+  }
+
+  response_builder = response_builder.status(status_code);
+
+  let reader_stream = ReaderStream::new(cgi_response);
+  let stream_body = StreamBody::new(reader_stream.map_ok(Frame::data));
+  let boxed_body = stream_body.boxed();
+
+  let response = response_builder.body(boxed_body)?;
+
+  let error_logger = error_logger.clone();
+
+  Ok(
+    ResponseData::builder_without_request()
+      .response(response)
+      .parallel_fn(async move {
+        let mut stdin_copied = early_stdin_copied;
+
+        if !stdin_copied {
+          tokio::select! {
+            biased;
+
+            _ = &mut stdin_copy_future_pinned => {
+              stdin_copied = true;
+            },
+            result = &mut stderr_read_future_pinned => {
+              let stderr_vec = result.unwrap_or(vec![]);
+              let stderr_string = String::from_utf8_lossy(stderr_vec.as_slice()).to_string();
+              if !stderr_string.is_empty() {
+                error_logger
+                  .log(&format!("There were FastCGI errors: {}", stderr_string))
+                  .await;
+              }
+            },
+          }
+        }
+
+        if stdin_copied {
+          let stderr_vec = stderr_read_future_pinned.await.unwrap_or(vec![]);
+          let stderr_string = String::from_utf8_lossy(stderr_vec.as_slice()).to_string();
+          if !stderr_string.is_empty() {
+            error_logger
+              .log(&format!("There were FastCGI errors: {}", stderr_string))
+              .await;
+          }
+        } else {
+          stdin_copy_future_pinned.await.unwrap_or_default();
+        }
+      })
+      .build(),
+  )
+}
+
+async fn connect_tcp(
+  addr: &str,
+) -> Result<
+  (
+    Box<dyn AsyncRead + Send + Sync + Unpin>,
+    Box<dyn AsyncWrite + Send + Sync + Unpin>,
+  ),
+  tokio::io::Error,
+> {
+  let socket = TcpStream::connect(addr).await?;
+  socket.set_nodelay(true)?;
+
+  let (socket_reader_set, socket_writer_set) = tokio::io::split(socket);
+  Ok((Box::new(socket_reader_set), Box::new(socket_writer_set)))
+}
+
+#[allow(dead_code)]
+#[cfg(unix)]
+async fn connect_unix(
+  path: &str,
+) -> Result<
+  (
+    Box<dyn AsyncRead + Send + Sync + Unpin>,
+    Box<dyn AsyncWrite + Send + Sync + Unpin>,
+  ),
+  tokio::io::Error,
+> {
+  use tokio::net::UnixStream;
+
+  let socket = UnixStream::connect(path).await?;
+
+  let (socket_reader_set, socket_writer_set) = tokio::io::split(socket);
+  Ok((Box::new(socket_reader_set), Box::new(socket_writer_set)))
+}
+
+#[allow(dead_code)]
+#[cfg(not(unix))]
+async fn connect_unix(
+  _path: &str,
+) -> Result<
+  (
+    Box<dyn AsyncRead + Send + Sync + Unpin>,
+    Box<dyn AsyncWrite + Send + Sync + Unpin>,
+  ),
+  tokio::io::Error,
+> {
+  Err(tokio::io::Error::new(
+    tokio::io::ErrorKind::Unsupported,
+    "Unix sockets are not supports on non-Unix platforms.",
+  ))
+}

ferron/src/optional_modules/fproxy.rs

@@ -0,0 +1,301 @@
+use std::error::Error;
+use std::str::FromStr;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperUpgraded, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperResponse, WithRuntime};
+use async_trait::async_trait;
+use http_body_util::combinators::BoxBody;
+use http_body_util::BodyExt;
+use hyper::body::Bytes;
+use hyper::{header, Request, StatusCode, Uri};
+use hyper_tungstenite::HyperWebsocket;
+use hyper_util::rt::TokioIo;
+use tokio::io::{AsyncRead, AsyncWrite};
+use tokio::net::TcpStream;
+use tokio::runtime::Handle;
+
+pub fn server_module_init(
+  _config: &ServerConfig,
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  Ok(Box::new(ForwardProxyModule::new()))
+}
+
+struct ForwardProxyModule;
+
+impl ForwardProxyModule {
+  fn new() -> Self {
+    Self
+  }
+}
+
+impl ServerModule for ForwardProxyModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(ForwardProxyModuleHandlers { handle })
+  }
+}
+
+struct ForwardProxyModuleHandlers {
+  handle: Handle,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for ForwardProxyModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      // Code taken from reverse proxy module
+      let (hyper_request, _auth_user, _original_url) = request.into_parts();
+      let (mut hyper_request_parts, request_body) = hyper_request.into_parts();
+
+      match hyper_request_parts.uri.scheme_str() {
+        Some("http") | None => (),
+        _ => {
+          return Ok(
+            ResponseData::builder_without_request()
+              .status(StatusCode::BAD_REQUEST)
+              .build(),
+          );
+        }
+      };
+
+      let host = match hyper_request_parts.uri.host() {
+        Some(host) => host,
+        None => {
+          return Ok(
+            ResponseData::builder_without_request()
+              .status(StatusCode::BAD_REQUEST)
+              .build(),
+          );
+        }
+      };
+
+      let port = hyper_request_parts.uri.port_u16().unwrap_or(80);
+
+      let addr = format!("{}:{}", host, port);
+      let stream = match TcpStream::connect(addr).await {
+        Ok(stream) => stream,
+        Err(err) => {
+          match err.kind() {
+            tokio::io::ErrorKind::ConnectionRefused
+            | tokio::io::ErrorKind::NotFound
+            | tokio::io::ErrorKind::HostUnreachable => {
+              error_logger
+                .log(&format!("Service unavailable: {}", err))
+                .await;
+              return Ok(
+                ResponseData::builder_without_request()
+                  .status(StatusCode::SERVICE_UNAVAILABLE)
+                  .build(),
+              );
+            }
+            tokio::io::ErrorKind::TimedOut => {
+              error_logger.log(&format!("Gateway timeout: {}", err)).await;
+              return Ok(
+                ResponseData::builder_without_request()
+                  .status(StatusCode::GATEWAY_TIMEOUT)
+                  .build(),
+              );
+            }
+            _ => {
+              error_logger.log(&format!("Bad gateway: {}", err)).await;
+              return Ok(
+                ResponseData::builder_without_request()
+                  .status(StatusCode::BAD_GATEWAY)
+                  .build(),
+              );
+            }
+          };
+        }
+      };
+
+      match stream.set_nodelay(true) {
+        Ok(_) => (),
+        Err(err) => {
+          error_logger.log(&format!("Bad gateway: {}", err)).await;
+          return Ok(
+            ResponseData::builder_without_request()
+              .status(StatusCode::BAD_GATEWAY)
+              .build(),
+          );
+        }
+      };
+
+      let hyper_request_path = hyper_request_parts.uri.path();
+
+      hyper_request_parts.uri = Uri::from_str(&format!(
+        "{}{}",
+        hyper_request_path,
+        match hyper_request_parts.uri.query() {
+          Some(query) => format!("?{}", query),
+          None => "".to_string(),
+        }
+      ))?;
+
+      // Connection header to disable HTTP/1.1 keep-alive
+      hyper_request_parts
+        .headers
+        .insert(header::CONNECTION, "close".parse()?);
+
+      let proxy_request = Request::from_parts(hyper_request_parts, request_body);
+
+      http_proxy(stream, proxy_request, error_logger).await
+    })
+    .await
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    upgraded_request: HyperUpgraded,
+    connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      let mut stream = match TcpStream::connect(connect_address).await {
+        Ok(stream) => stream,
+        Err(err) => {
+          error_logger
+            .log(&format!("Cannot connect to the remote server: {}", err))
+            .await;
+          return Ok(());
+        }
+      };
+      match stream.set_nodelay(true) {
+        Ok(_) => (),
+        Err(err) => {
+          error_logger
+            .log(&format!(
+              "Cannot disable Nagle algorithm when connecting to the remote server: {}",
+              err
+            ))
+            .await;
+          return Ok(());
+        }
+      };
+
+      let mut upgraded = TokioIo::new(upgraded_request);
+
+      tokio::io::copy_bidirectional(&mut upgraded, &mut stream)
+        .await
+        .unwrap_or_default();
+
+      Ok(())
+    })
+    .await
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    true
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}
+
+async fn http_proxy(
+  stream: impl AsyncRead + AsyncWrite + Send + Unpin + 'static,
+  proxy_request: Request<BoxBody<Bytes, std::io::Error>>,
+  error_logger: &ErrorLogger,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let io = TokioIo::new(stream);
+
+  let (mut sender, conn) = match hyper::client::conn::http1::handshake(io).await {
+    Ok(data) => data,
+    Err(err) => {
+      error_logger.log(&format!("Bad gateway: {}", err)).await;
+      return Ok(
+        ResponseData::builder_without_request()
+          .status(StatusCode::BAD_GATEWAY)
+          .build(),
+      );
+    }
+  };
+
+  let send_request = sender.send_request(proxy_request);
+
+  let mut pinned_conn = Box::pin(conn);
+  tokio::pin!(send_request);
+
+  let response;
+
+  loop {
+    tokio::select! {
+      biased;
+
+       proxy_response = &mut send_request => {
+        let proxy_response = match proxy_response {
+          Ok(response) => response,
+          Err(err) => {
+            error_logger.log(&format!("Bad gateway: {}", err)).await;
+            return Ok(ResponseData::builder_without_request().status(StatusCode::BAD_GATEWAY).build());
+          }
+        };
+
+        response = ResponseData::builder_without_request()
+                  .response(proxy_response.map(|b| {
+                    b.map_err(|e| std::io::Error::other(e.to_string()))
+                      .boxed()
+                  }))
+                  .parallel_fn(async move {
+                    pinned_conn.await.unwrap_or_default();
+                  })
+                  .build();
+
+        break;
+      },
+      state = &mut pinned_conn => {
+        if state.is_err() {
+          error_logger.log("Bad gateway: incomplete response").await;
+          return Ok(ResponseData::builder_without_request().status(StatusCode::BAD_GATEWAY).build());
+        }
+      },
+    };
+  }
+
+  Ok(response)
+}

ferron/src/optional_modules/rproxy.rs

@@ -0,0 +1,803 @@
+use std::collections::HashMap;
+use std::error::Error;
+use std::str::FromStr;
+use std::sync::Arc;
+use std::time::Duration;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperUpgraded, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperResponse, WithRuntime};
+use async_trait::async_trait;
+use futures_util::{SinkExt, StreamExt};
+use http::uri::{PathAndQuery, Scheme};
+use http_body_util::combinators::BoxBody;
+use http_body_util::BodyExt;
+use hyper::body::Bytes;
+use hyper::client::conn::http1::SendRequest;
+use hyper::{header, Request, StatusCode, Uri};
+use hyper_tungstenite::HyperWebsocket;
+use hyper_util::rt::TokioIo;
+use rustls::pki_types::ServerName;
+use rustls::RootCertStore;
+use rustls_native_certs::load_native_certs;
+use tokio::io::{AsyncRead, AsyncWrite};
+use tokio::net::TcpStream;
+use tokio::runtime::Handle;
+use tokio::sync::RwLock;
+use tokio_rustls::TlsConnector;
+use tokio_tungstenite::Connector;
+
+use crate::ferron_util::no_server_verifier::NoServerVerifier;
+use crate::ferron_util::ttl_cache::TtlCache;
+
+const DEFAULT_CONCURRENT_CONNECTIONS_PER_HOST: u32 = 32;
+
+pub fn server_module_init(
+  config: &ServerConfig,
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  let mut roots: RootCertStore = RootCertStore::empty();
+  let certs_result = load_native_certs();
+  if !certs_result.errors.is_empty() {
+    Err(anyhow::anyhow!(format!(
+      "Couldn't load the native certificate store: {}",
+      certs_result.errors[0]
+    )))?
+  }
+  let certs = certs_result.certs;
+
+  for cert in certs {
+    match roots.add(cert) {
+      Ok(_) => (),
+      Err(err) => Err(anyhow::anyhow!(format!(
+        "Couldn't add a certificate to the certificate store: {}",
+        err
+      )))?,
+    }
+  }
+
+  let mut connections_vec = Vec::new();
+  for _ in 0..DEFAULT_CONCURRENT_CONNECTIONS_PER_HOST {
+    connections_vec.push(RwLock::new(HashMap::new()));
+  }
+  Ok(Box::new(ReverseProxyModule::new(
+    Arc::new(roots),
+    Arc::new(connections_vec),
+    Arc::new(RwLock::new(TtlCache::new(Duration::from_millis(
+      config["global"]["loadBalancerHealthCheckWindow"]
+        .as_i64()
+        .unwrap_or(5000) as u64,
+    )))),
+  )))
+}
+
+#[allow(clippy::type_complexity)]
+struct ReverseProxyModule {
+  roots: Arc<RootCertStore>,
+  connections: Arc<Vec<RwLock<HashMap<String, SendRequest<BoxBody<Bytes, std::io::Error>>>>>>,
+  failed_backends: Arc<RwLock<TtlCache<String, u64>>>,
+}
+
+impl ReverseProxyModule {
+  #[allow(clippy::type_complexity)]
+  fn new(
+    roots: Arc<RootCertStore>,
+    connections: Arc<Vec<RwLock<HashMap<String, SendRequest<BoxBody<Bytes, std::io::Error>>>>>>,
+    failed_backends: Arc<RwLock<TtlCache<String, u64>>>,
+  ) -> Self {
+    Self {
+      roots,
+      connections,
+      failed_backends,
+    }
+  }
+}
+
+impl ServerModule for ReverseProxyModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(ReverseProxyModuleHandlers {
+      roots: self.roots.clone(),
+      connections: self.connections.clone(),
+      failed_backends: self.failed_backends.clone(),
+      handle,
+    })
+  }
+}
+
+#[allow(clippy::type_complexity)]
+struct ReverseProxyModuleHandlers {
+  handle: Handle,
+  roots: Arc<RootCertStore>,
+  connections: Arc<Vec<RwLock<HashMap<String, SendRequest<BoxBody<Bytes, std::io::Error>>>>>>,
+  failed_backends: Arc<RwLock<TtlCache<String, u64>>>,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for ReverseProxyModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      let enable_health_check = config["enableLoadBalancerHealthCheck"]
+        .as_bool()
+        .unwrap_or(false);
+      let health_check_max_fails = config["loadBalancerHealthCheckMaximumFails"]
+        .as_i64()
+        .unwrap_or(3) as u64;
+      let disable_certificate_verification = config["disableProxyCertificateVerification"]
+        .as_bool()
+        .unwrap_or(false);
+      if let Some(proxy_to) = determine_proxy_to(
+        config,
+        socket_data.encrypted,
+        &self.failed_backends,
+        enable_health_check,
+        health_check_max_fails,
+      )
+      .await
+      {
+        let (hyper_request, _auth_user, _original_url) = request.into_parts();
+        let (mut hyper_request_parts, request_body) = hyper_request.into_parts();
+
+        let proxy_request_url = proxy_to.parse::<hyper::Uri>()?;
+        let scheme_str = proxy_request_url.scheme_str();
+        let mut encrypted = false;
+
+        match scheme_str {
+          Some("http") => {
+            encrypted = false;
+          }
+          Some("https") => {
+            encrypted = true;
+          }
+          _ => Err(anyhow::anyhow!(
+            "Only HTTP and HTTPS reverse proxy URLs are supported."
+          ))?,
+        };
+
+        let host = match proxy_request_url.host() {
+          Some(host) => host,
+          None => Err(anyhow::anyhow!(
+            "The reverse proxy URL doesn't include the host"
+          ))?,
+        };
+
+        let port = proxy_request_url.port_u16().unwrap_or(match scheme_str {
+          Some("http") => 80,
+          Some("https") => 443,
+          _ => 80,
+        });
+
+        let addr = format!("{}:{}", host, port);
+        let authority = proxy_request_url.authority().cloned();
+
+        let hyper_request_path = hyper_request_parts.uri.path();
+
+        let path = match hyper_request_path.as_bytes().first() {
+          Some(b'/') => {
+            let mut proxy_request_path = proxy_request_url.path();
+            while proxy_request_path.as_bytes().last().copied() == Some(b'/') {
+              proxy_request_path = &proxy_request_path[..(proxy_request_path.len() - 1)];
+            }
+            format!("{}{}", proxy_request_path, hyper_request_path)
+          }
+          _ => hyper_request_path.to_string(),
+        };
+
+        hyper_request_parts.uri = Uri::from_str(&format!(
+          "{}{}",
+          path,
+          match hyper_request_parts.uri.query() {
+            Some(query) => format!("?{}", query),
+            None => "".to_string(),
+          }
+        ))?;
+
+        let original_host = hyper_request_parts.headers.get(header::HOST).cloned();
+
+        // Host header for host identification
+        match authority {
+          Some(authority) => {
+            hyper_request_parts
+              .headers
+              .insert(header::HOST, authority.to_string().parse()?);
+          }
+          None => {
+            hyper_request_parts.headers.remove(header::HOST);
+          }
+        }
+
+        // Connection header to enable HTTP/1.1 keep-alive
+        hyper_request_parts
+          .headers
+          .insert(header::CONNECTION, "keep-alive".parse()?);
+
+        // X-Forwarded-* headers to send the client's data to a server that's behind the reverse proxy
+        hyper_request_parts.headers.insert(
+          "x-forwarded-for",
+          socket_data
+            .remote_addr
+            .ip()
+            .to_canonical()
+            .to_string()
+            .parse()?,
+        );
+
+        if socket_data.encrypted {
+          hyper_request_parts
+            .headers
+            .insert("x-forwarded-proto", "https".parse()?);
+        } else {
+          hyper_request_parts
+            .headers
+            .insert("x-forwarded-proto", "http".parse()?);
+        }
+
+        if let Some(original_host) = original_host {
+          hyper_request_parts
+            .headers
+            .insert("x-forwarded-host", original_host);
+        }
+
+        let proxy_request = Request::from_parts(hyper_request_parts, request_body);
+
+        let connections = &self.connections[rand::random_range(..self.connections.len())];
+
+        let rwlock_read = connections.read().await;
+        let sender_read_option = rwlock_read.get(&addr);
+
+        if let Some(sender_read) = sender_read_option {
+          if !sender_read.is_closed() {
+            drop(rwlock_read);
+            let mut rwlock_write = connections.write().await;
+            let sender_option = rwlock_write.get_mut(&addr);
+
+            if let Some(sender) = sender_option {
+              if !sender.is_closed() {
+                let result = http_proxy_kept_alive(sender, proxy_request, error_logger).await;
+                drop(rwlock_write);
+                return result;
+              } else {
+                drop(rwlock_write);
+              }
+            } else {
+              drop(rwlock_write);
+            }
+          } else {
+            drop(rwlock_read);
+          }
+        } else {
+          drop(rwlock_read);
+        }
+
+        let stream = match TcpStream::connect(&addr).await {
+          Ok(stream) => stream,
+          Err(err) => {
+            if enable_health_check {
+              let mut failed_backends_write = self.failed_backends.write().await;
+              let proxy_to = proxy_to.clone();
+              let failed_attempts = failed_backends_write.get(&proxy_to);
+              failed_backends_write.insert(proxy_to, failed_attempts.map_or(1, |x| x + 1));
+            }
+            match err.kind() {
+              tokio::io::ErrorKind::ConnectionRefused
+              | tokio::io::ErrorKind::NotFound
+              | tokio::io::ErrorKind::HostUnreachable => {
+                error_logger
+                  .log(&format!("Service unavailable: {}", err))
+                  .await;
+                return Ok(
+                  ResponseData::builder_without_request()
+                    .status(StatusCode::SERVICE_UNAVAILABLE)
+                    .build(),
+                );
+              }
+              tokio::io::ErrorKind::TimedOut => {
+                error_logger.log(&format!("Gateway timeout: {}", err)).await;
+                return Ok(
+                  ResponseData::builder_without_request()
+                    .status(StatusCode::GATEWAY_TIMEOUT)
+                    .build(),
+                );
+              }
+              _ => {
+                error_logger.log(&format!("Bad gateway: {}", err)).await;
+                return Ok(
+                  ResponseData::builder_without_request()
+                    .status(StatusCode::BAD_GATEWAY)
+                    .build(),
+                );
+              }
+            };
+          }
+        };
+
+        match stream.set_nodelay(true) {
+          Ok(_) => (),
+          Err(err) => {
+            if enable_health_check {
+              let mut failed_backends_write = self.failed_backends.write().await;
+              let proxy_to = proxy_to.clone();
+              let failed_attempts = failed_backends_write.get(&proxy_to);
+              failed_backends_write.insert(proxy_to, failed_attempts.map_or(1, |x| x + 1));
+            }
+            error_logger.log(&format!("Bad gateway: {}", err)).await;
+            return Ok(
+              ResponseData::builder_without_request()
+                .status(StatusCode::BAD_GATEWAY)
+                .build(),
+            );
+          }
+        };
+
+        let failed_backends_option_borrowed = if enable_health_check {
+          Some(&*self.failed_backends)
+        } else {
+          None
+        };
+
+        if !encrypted {
+          http_proxy(
+            connections,
+            addr,
+            stream,
+            proxy_request,
+            error_logger,
+            proxy_to,
+            failed_backends_option_borrowed,
+          )
+          .await
+        } else {
+          let tls_client_config = (if disable_certificate_verification {
+            rustls::ClientConfig::builder()
+              .dangerous()
+              .with_custom_certificate_verifier(Arc::new(NoServerVerifier::new()))
+          } else {
+            rustls::ClientConfig::builder().with_root_certificates(self.roots.clone())
+          })
+          .with_no_client_auth();
+          let connector = TlsConnector::from(Arc::new(tls_client_config));
+          let domain = ServerName::try_from(host)?.to_owned();
+
+          let tls_stream = match connector.connect(domain, stream).await {
+            Ok(stream) => stream,
+            Err(err) => {
+              if enable_health_check {
+                let mut failed_backends_write = self.failed_backends.write().await;
+                let proxy_to = proxy_to.clone();
+                let failed_attempts = failed_backends_write.get(&proxy_to);
+                failed_backends_write.insert(proxy_to, failed_attempts.map_or(1, |x| x + 1));
+              }
+              error_logger.log(&format!("Bad gateway: {}", err)).await;
+              return Ok(
+                ResponseData::builder_without_request()
+                  .status(StatusCode::BAD_GATEWAY)
+                  .build(),
+              );
+            }
+          };
+
+          http_proxy(
+            connections,
+            addr,
+            tls_stream,
+            proxy_request,
+            error_logger,
+            proxy_to,
+            failed_backends_option_borrowed,
+          )
+          .await
+        }
+      } else {
+        Ok(ResponseData::builder(request).build())
+      }
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    websocket: HyperWebsocket,
+    uri: &hyper::Uri,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      let enable_health_check = config["enableLoadBalancerHealthCheck"]
+        .as_bool()
+        .unwrap_or(false);
+      let health_check_max_fails = config["loadBalancerHealthCheckMaximumFails"]
+        .as_i64()
+        .unwrap_or(3) as u64;
+
+      let disable_certificate_verification = config["disableProxyCertificateVerification"]
+        .as_bool()
+        .unwrap_or(false);
+      if let Some(proxy_to) = determine_proxy_to(
+        config,
+        socket_data.encrypted,
+        &self.failed_backends,
+        enable_health_check,
+        health_check_max_fails,
+      )
+      .await
+      {
+        let proxy_request_url = proxy_to.parse::<hyper::Uri>()?;
+        let scheme_str = proxy_request_url.scheme_str();
+        let mut encrypted = false;
+
+        match scheme_str {
+          Some("http") => {
+            encrypted = false;
+          }
+          Some("https") => {
+            encrypted = true;
+          }
+          _ => Err(anyhow::anyhow!(
+            "Only HTTP and HTTPS reverse proxy URLs are supported."
+          ))?,
+        };
+
+        let request_path = uri.path();
+
+        let path = match request_path.as_bytes().first() {
+          Some(b'/') => {
+            let mut proxy_request_path = proxy_request_url.path();
+            while proxy_request_path.as_bytes().last().copied() == Some(b'/') {
+              proxy_request_path = &proxy_request_path[..(proxy_request_path.len() - 1)];
+            }
+            format!("{}{}", proxy_request_path, request_path)
+          }
+          _ => request_path.to_string(),
+        };
+
+        let mut proxy_request_url_parts = proxy_request_url.into_parts();
+        proxy_request_url_parts.scheme = if encrypted {
+          Some(Scheme::from_str("wss")?)
+        } else {
+          Some(Scheme::from_str("ws")?)
+        };
+        match proxy_request_url_parts.path_and_query {
+          Some(path_and_query) => {
+            let path_and_query_string = match path_and_query.query() {
+              Some(query) => {
+                format!("{}?{}", path, query)
+              }
+              None => path,
+            };
+            proxy_request_url_parts.path_and_query =
+              Some(PathAndQuery::from_str(&path_and_query_string)?);
+          }
+          None => {
+            proxy_request_url_parts.path_and_query = Some(PathAndQuery::from_str(&path)?);
+          }
+        };
+
+        let proxy_request_url = hyper::Uri::from_parts(proxy_request_url_parts)?;
+
+        let connector = if !encrypted {
+          Connector::Plain
+        } else {
+          Connector::Rustls(Arc::new(
+            (if disable_certificate_verification {
+              rustls::ClientConfig::builder()
+                .dangerous()
+                .with_custom_certificate_verifier(Arc::new(NoServerVerifier::new()))
+            } else {
+              rustls::ClientConfig::builder().with_root_certificates(self.roots.clone())
+            })
+            .with_no_client_auth(),
+          ))
+        };
+
+        let client_bi_stream = websocket.await?;
+
+        let (proxy_bi_stream, _) = match tokio_tungstenite::connect_async_tls_with_config(
+          proxy_request_url,
+          None,
+          true,
+          Some(connector),
+        )
+        .await
+        {
+          Ok(data) => data,
+          Err(err) => {
+            error_logger
+              .log(&format!("Cannot connect to WebSocket server: {}", err))
+              .await;
+            return Ok(());
+          }
+        };
+
+        let (mut client_sink, mut client_stream) = client_bi_stream.split();
+        let (mut proxy_sink, mut proxy_stream) = proxy_bi_stream.split();
+
+        let client_to_proxy = async {
+          while let Some(Ok(value)) = client_stream.next().await {
+            if proxy_sink.send(value).await.is_err() {
+              break;
+            }
+          }
+        };
+
+        let proxy_to_client = async {
+          while let Some(Ok(value)) = proxy_stream.next().await {
+            if client_sink.send(value).await.is_err() {
+              break;
+            }
+          }
+        };
+
+        tokio::pin!(client_to_proxy);
+        tokio::pin!(proxy_to_client);
+
+        let client_to_proxy_first;
+        tokio::select! {
+          _ = &mut client_to_proxy => {
+            client_to_proxy_first = true;
+          }
+          _ = &mut proxy_to_client => {
+            client_to_proxy_first = false;
+          }
+        }
+
+        if client_to_proxy_first {
+          proxy_to_client.await;
+        } else {
+          client_to_proxy.await;
+        }
+      }
+
+      Ok(())
+    })
+    .await
+  }
+
+  fn does_websocket_requests(&mut self, config: &ServerConfig, socket_data: &SocketData) -> bool {
+    if socket_data.encrypted {
+      let secure_proxy_to = &config["secureProxyTo"];
+      if secure_proxy_to.as_vec().is_some() || secure_proxy_to.as_str().is_some() {
+        return true;
+      }
+    }
+
+    let proxy_to = &config["proxyTo"];
+    proxy_to.as_vec().is_some() || proxy_to.as_str().is_some()
+  }
+}
+
+async fn determine_proxy_to(
+  config: &ServerConfig,
+  encrypted: bool,
+  failed_backends: &RwLock<TtlCache<String, u64>>,
+  enable_health_check: bool,
+  health_check_max_fails: u64,
+) -> Option<String> {
+  let mut proxy_to = None;
+  // When the array is supplied with non-string values, the reverse proxy may have undesirable behavior
+  // The "proxyTo" and "secureProxyTo" are validated though.
+
+  if encrypted {
+    let secure_proxy_to_yaml = &config["secureProxyTo"];
+    if let Some(secure_proxy_to_vector) = secure_proxy_to_yaml.as_vec() {
+      if enable_health_check {
+        let mut secure_proxy_to_vector = secure_proxy_to_vector.clone();
+        loop {
+          if !secure_proxy_to_vector.is_empty() {
+            let index = rand::random_range(..secure_proxy_to_vector.len());
+            if let Some(secure_proxy_to) = secure_proxy_to_vector[index].as_str() {
+              proxy_to = Some(secure_proxy_to.to_string());
+              let failed_backends_read = failed_backends.read().await;
+              let failed_backend_fails =
+                match failed_backends_read.get(&secure_proxy_to.to_string()) {
+                  Some(fails) => fails,
+                  None => break,
+                };
+              if failed_backend_fails > health_check_max_fails {
+                secure_proxy_to_vector.remove(index);
+              } else {
+                break;
+              }
+            }
+          } else {
+            break;
+          }
+        }
+      } else if !secure_proxy_to_vector.is_empty() {
+        if let Some(secure_proxy_to) =
+          secure_proxy_to_vector[rand::random_range(..secure_proxy_to_vector.len())].as_str()
+        {
+          proxy_to = Some(secure_proxy_to.to_string());
+        }
+      }
+    } else if let Some(secure_proxy_to) = secure_proxy_to_yaml.as_str() {
+      proxy_to = Some(secure_proxy_to.to_string());
+    }
+  }
+
+  if proxy_to.is_none() {
+    let proxy_to_yaml = &config["proxyTo"];
+    if let Some(proxy_to_vector) = proxy_to_yaml.as_vec() {
+      if enable_health_check {
+        let mut proxy_to_vector = proxy_to_vector.clone();
+        loop {
+          if !proxy_to_vector.is_empty() {
+            let index = rand::random_range(..proxy_to_vector.len());
+            if let Some(proxy_to_str) = proxy_to_vector[index].as_str() {
+              proxy_to = Some(proxy_to_str.to_string());
+              let failed_backends_read = failed_backends.read().await;
+              let failed_backend_fails = match failed_backends_read.get(&proxy_to_str.to_string()) {
+                Some(fails) => fails,
+                None => break,
+              };
+              if failed_backend_fails > health_check_max_fails {
+                proxy_to_vector.remove(index);
+              } else {
+                break;
+              }
+            }
+          } else {
+            break;
+          }
+        }
+      } else if !proxy_to_vector.is_empty() {
+        if let Some(proxy_to_str) =
+          proxy_to_vector[rand::random_range(..proxy_to_vector.len())].as_str()
+        {
+          proxy_to = Some(proxy_to_str.to_string());
+        }
+      }
+    } else if let Some(proxy_to_str) = proxy_to_yaml.as_str() {
+      proxy_to = Some(proxy_to_str.to_string());
+    }
+  }
+
+  proxy_to
+}
+
+async fn http_proxy(
+  connections: &RwLock<HashMap<String, SendRequest<BoxBody<Bytes, std::io::Error>>>>,
+  connect_addr: String,
+  stream: impl AsyncRead + AsyncWrite + Send + Unpin + 'static,
+  proxy_request: Request<BoxBody<Bytes, std::io::Error>>,
+  error_logger: &ErrorLogger,
+  proxy_to: String,
+  failed_backends: Option<&tokio::sync::RwLock<TtlCache<std::string::String, u64>>>,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let io = TokioIo::new(stream);
+
+  let (mut sender, conn) = match hyper::client::conn::http1::handshake(io).await {
+    Ok(data) => data,
+    Err(err) => {
+      if let Some(failed_backends) = failed_backends {
+        let mut failed_backends_write = failed_backends.write().await;
+        let failed_attempts = failed_backends_write.get(&proxy_to);
+        failed_backends_write.insert(proxy_to, failed_attempts.map_or(1, |x| x + 1));
+      }
+      error_logger.log(&format!("Bad gateway: {}", err)).await;
+      return Ok(
+        ResponseData::builder_without_request()
+          .status(StatusCode::BAD_GATEWAY)
+          .build(),
+      );
+    }
+  };
+
+  let send_request = sender.send_request(proxy_request);
+
+  let mut pinned_conn = Box::pin(conn);
+  tokio::pin!(send_request);
+
+  let response;
+
+  loop {
+    tokio::select! {
+      biased;
+
+       proxy_response = &mut send_request => {
+        let proxy_response = match proxy_response {
+          Ok(response) => response,
+          Err(err) => {
+            error_logger.log(&format!("Bad gateway: {}", err)).await;
+            return Ok(ResponseData::builder_without_request().status(StatusCode::BAD_GATEWAY).build());
+          }
+        };
+
+        response = ResponseData::builder_without_request()
+                  .response(proxy_response.map(|b| {
+                    b.map_err(|e| std::io::Error::other(e.to_string()))
+                      .boxed()
+                  }))
+                  .parallel_fn(async move {
+                    pinned_conn.await.unwrap_or_default();
+                  })
+                  .build();
+
+        break;
+      },
+      state = &mut pinned_conn => {
+        if state.is_err() {
+          error_logger.log("Bad gateway: incomplete response").await;
+          return Ok(ResponseData::builder_without_request().status(StatusCode::BAD_GATEWAY).build());
+        }
+      },
+    };
+  }
+
+  if !sender.is_closed() {
+    let mut rwlock_write = connections.write().await;
+    rwlock_write.insert(connect_addr, sender);
+    drop(rwlock_write);
+  }
+
+  Ok(response)
+}
+
+async fn http_proxy_kept_alive(
+  sender: &mut SendRequest<BoxBody<Bytes, std::io::Error>>,
+  proxy_request: Request<BoxBody<Bytes, std::io::Error>>,
+  error_logger: &ErrorLogger,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let proxy_response = match sender.send_request(proxy_request).await {
+    Ok(response) => response,
+    Err(err) => {
+      error_logger.log(&format!("Bad gateway: {}", err)).await;
+      return Ok(
+        ResponseData::builder_without_request()
+          .status(StatusCode::BAD_GATEWAY)
+          .build(),
+      );
+    }
+  };
+
+  let response = ResponseData::builder_without_request()
+    .response(proxy_response.map(|b| b.map_err(|e| std::io::Error::other(e.to_string())).boxed()))
+    .build();
+
+  Ok(response)
+}

ferron/src/optional_modules/scgi.rs

@@ -0,0 +1,673 @@
+// SCGI handler code inspired by SVR.JS's OrangeCircle mod, translated from JavaScript to Rust.
+// Based on the "cgi" module
+use std::env;
+use std::error::Error;
+use std::path::{Path, PathBuf};
+
+use crate::ferron_common::{
+  ErrorLogger, HyperRequest, HyperResponse, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperUpgraded, WithRuntime};
+use async_trait::async_trait;
+use futures_util::TryStreamExt;
+use hashlink::LinkedHashMap;
+use http_body_util::{BodyExt, StreamBody};
+use httparse::EMPTY_HEADER;
+use hyper::body::Frame;
+use hyper::{header, Response, StatusCode};
+use hyper_tungstenite::HyperWebsocket;
+use tokio::fs;
+use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt};
+use tokio::net::TcpStream;
+use tokio::runtime::Handle;
+use tokio_util::io::{ReaderStream, StreamReader};
+
+use crate::ferron_res::server_software::SERVER_SOFTWARE;
+use crate::ferron_util::cgi_response::CgiResponse;
+use crate::ferron_util::copy_move::Copier;
+
+pub fn server_module_init(
+  _config: &ServerConfig,
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  Ok(Box::new(ScgiModule::new()))
+}
+
+struct ScgiModule;
+
+impl ScgiModule {
+  fn new() -> Self {
+    Self
+  }
+}
+
+impl ServerModule for ScgiModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(ScgiModuleHandlers { handle })
+  }
+}
+struct ScgiModuleHandlers {
+  handle: Handle,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for ScgiModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      let mut scgi_to = "tcp://localhost:4000/";
+      let scgi_to_yaml = &config["scgiTo"];
+      if let Some(scgi_to_obtained) = scgi_to_yaml.as_str() {
+        scgi_to = scgi_to_obtained;
+      }
+
+      let mut scgi_path = None;
+      if let Some(scgi_path_obtained) = config["scgiPath"].as_str() {
+        scgi_path = Some(scgi_path_obtained.to_string());
+      }
+
+      let hyper_request = request.get_hyper_request();
+
+      let request_path = hyper_request.uri().path();
+      let mut request_path_bytes = request_path.bytes();
+      if request_path_bytes.len() < 1 || request_path_bytes.nth(0) != Some(b'/') {
+        return Ok(
+          ResponseData::builder(request)
+            .status(StatusCode::BAD_REQUEST)
+            .build(),
+        );
+      }
+
+      if let Some(scgi_path) = scgi_path {
+        let mut canonical_scgi_path: &str = &scgi_path;
+        if canonical_scgi_path.bytes().last() == Some(b'/') {
+          canonical_scgi_path = &canonical_scgi_path[..(canonical_scgi_path.len() - 1)];
+        }
+
+        let request_path_with_slashes = match request_path == canonical_scgi_path {
+          true => format!("{}/", request_path),
+          false => request_path.to_string(),
+        };
+        if let Some(stripped_request_path) =
+          request_path_with_slashes.strip_prefix(canonical_scgi_path)
+        {
+          let wwwroot_yaml = &config["wwwroot"];
+          let wwwroot = wwwroot_yaml.as_str().unwrap_or("/nonexistent");
+
+          let wwwroot_unknown = PathBuf::from(wwwroot);
+          let wwwroot_pathbuf = match wwwroot_unknown.as_path().is_absolute() {
+            true => wwwroot_unknown,
+            false => match fs::canonicalize(&wwwroot_unknown).await {
+              Ok(pathbuf) => pathbuf,
+              Err(_) => wwwroot_unknown,
+            },
+          };
+          let wwwroot = wwwroot_pathbuf.as_path();
+
+          let mut relative_path = &request_path[1..];
+          while relative_path.as_bytes().first().copied() == Some(b'/') {
+            relative_path = &relative_path[1..];
+          }
+
+          let decoded_relative_path = match urlencoding::decode(relative_path) {
+            Ok(path) => path.to_string(),
+            Err(_) => {
+              return Ok(
+                ResponseData::builder(request)
+                  .status(StatusCode::BAD_REQUEST)
+                  .build(),
+              );
+            }
+          };
+
+          let joined_pathbuf = wwwroot.join(decoded_relative_path);
+          let execute_pathbuf = joined_pathbuf;
+          let execute_path_info = stripped_request_path
+            .strip_prefix("/")
+            .map(|s| s.to_string());
+
+          return execute_scgi_with_environment_variables(
+            request,
+            socket_data,
+            error_logger,
+            wwwroot,
+            execute_pathbuf,
+            execute_path_info,
+            config["serverAdministratorEmail"].as_str(),
+            scgi_to,
+          )
+          .await;
+        }
+      }
+      Ok(ResponseData::builder(request).build())
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}
+
+#[allow(clippy::too_many_arguments)]
+async fn execute_scgi_with_environment_variables(
+  request: RequestData,
+  socket_data: &SocketData,
+  error_logger: &ErrorLogger,
+  wwwroot: &Path,
+  execute_pathbuf: PathBuf,
+  path_info: Option<String>,
+  server_administrator_email: Option<&str>,
+  scgi_to: &str,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let mut environment_variables: LinkedHashMap<String, String> = LinkedHashMap::new();
+
+  let hyper_request = request.get_hyper_request();
+  let original_request_uri = request.get_original_url().unwrap_or(hyper_request.uri());
+
+  if let Some(auth_user) = request.get_auth_user() {
+    if let Some(authorization) = hyper_request.headers().get(header::AUTHORIZATION) {
+      let authorization_value = String::from_utf8_lossy(authorization.as_bytes()).to_string();
+      let mut authorization_value_split = authorization_value.split(" ");
+      if let Some(authorization_type) = authorization_value_split.next() {
+        environment_variables.insert("AUTH_TYPE".to_string(), authorization_type.to_string());
+      }
+    }
+    environment_variables.insert("REMOTE_USER".to_string(), auth_user.to_string());
+  }
+
+  environment_variables.insert(
+    "QUERY_STRING".to_string(),
+    match hyper_request.uri().query() {
+      Some(query) => query.to_string(),
+      None => "".to_string(),
+    },
+  );
+
+  environment_variables.insert("SERVER_SOFTWARE".to_string(), SERVER_SOFTWARE.to_string());
+  environment_variables.insert(
+    "SERVER_PROTOCOL".to_string(),
+    match hyper_request.version() {
+      hyper::Version::HTTP_09 => "HTTP/0.9".to_string(),
+      hyper::Version::HTTP_10 => "HTTP/1.0".to_string(),
+      hyper::Version::HTTP_11 => "HTTP/1.1".to_string(),
+      hyper::Version::HTTP_2 => "HTTP/2.0".to_string(),
+      hyper::Version::HTTP_3 => "HTTP/3.0".to_string(),
+      _ => "HTTP/Unknown".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "SERVER_PORT".to_string(),
+    socket_data.local_addr.port().to_string(),
+  );
+  environment_variables.insert(
+    "SERVER_ADDR".to_string(),
+    socket_data.local_addr.ip().to_canonical().to_string(),
+  );
+  if let Some(server_administrator_email) = server_administrator_email {
+    environment_variables.insert(
+      "SERVER_ADMIN".to_string(),
+      server_administrator_email.to_string(),
+    );
+  }
+  if let Some(host) = hyper_request.headers().get(header::HOST) {
+    environment_variables.insert(
+      "SERVER_NAME".to_string(),
+      String::from_utf8_lossy(host.as_bytes()).to_string(),
+    );
+  }
+
+  environment_variables.insert(
+    "DOCUMENT_ROOT".to_string(),
+    wwwroot.to_string_lossy().to_string(),
+  );
+  environment_variables.insert(
+    "PATH_INFO".to_string(),
+    match &path_info {
+      Some(path_info) => format!("/{}", path_info),
+      None => "".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "PATH_TRANSLATED".to_string(),
+    match &path_info {
+      Some(path_info) => {
+        let mut path_translated = execute_pathbuf.clone();
+        path_translated.push(path_info);
+        path_translated.to_string_lossy().to_string()
+      }
+      None => "".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "REQUEST_METHOD".to_string(),
+    hyper_request.method().to_string(),
+  );
+  environment_variables.insert("GATEWAY_INTERFACE".to_string(), "CGI/1.1".to_string());
+  environment_variables.insert("SCGI".to_string(), "1".to_string());
+  environment_variables.insert(
+    "REQUEST_URI".to_string(),
+    format!(
+      "{}{}",
+      original_request_uri.path(),
+      match original_request_uri.query() {
+        Some(query) => format!("?{}", query),
+        None => String::from(""),
+      }
+    ),
+  );
+
+  environment_variables.insert(
+    "REMOTE_PORT".to_string(),
+    socket_data.remote_addr.port().to_string(),
+  );
+  environment_variables.insert(
+    "REMOTE_ADDR".to_string(),
+    socket_data.remote_addr.ip().to_canonical().to_string(),
+  );
+
+  environment_variables.insert(
+    "SCRIPT_FILENAME".to_string(),
+    execute_pathbuf.to_string_lossy().to_string(),
+  );
+  if let Ok(script_path) = execute_pathbuf.as_path().strip_prefix(wwwroot) {
+    environment_variables.insert(
+      "SCRIPT_NAME".to_string(),
+      format!(
+        "/{}",
+        match cfg!(windows) {
+          true => script_path.to_string_lossy().to_string().replace("\\", "/"),
+          false => script_path.to_string_lossy().to_string(),
+        }
+      ),
+    );
+  }
+
+  if socket_data.encrypted {
+    environment_variables.insert("HTTPS".to_string(), "ON".to_string());
+  }
+
+  let mut content_length_set = false;
+  for (header_name, header_value) in hyper_request.headers().iter() {
+    let env_header_name = match *header_name {
+      header::CONTENT_LENGTH => {
+        content_length_set = true;
+        "CONTENT_LENGTH".to_string()
+      }
+      header::CONTENT_TYPE => "CONTENT_TYPE".to_string(),
+      _ => {
+        let mut result = String::new();
+
+        result.push_str("HTTP_");
+
+        for c in header_name.as_str().to_uppercase().chars() {
+          if c.is_alphanumeric() {
+            result.push(c);
+          } else {
+            result.push('_');
+          }
+        }
+
+        result
+      }
+    };
+    if environment_variables.contains_key(&env_header_name) {
+      let value = environment_variables.get_mut(&env_header_name);
+      if let Some(value) = value {
+        if env_header_name == "HTTP_COOKIE" {
+          value.push_str("; ");
+        } else {
+          // See https://stackoverflow.com/a/1801191
+          value.push_str(", ");
+        }
+        value.push_str(String::from_utf8_lossy(header_value.as_bytes()).as_ref());
+      } else {
+        environment_variables.insert(
+          env_header_name,
+          String::from_utf8_lossy(header_value.as_bytes()).to_string(),
+        );
+      }
+    } else {
+      environment_variables.insert(
+        env_header_name,
+        String::from_utf8_lossy(header_value.as_bytes()).to_string(),
+      );
+    }
+  }
+
+  if !content_length_set {
+    environment_variables.insert("CONTENT_LENGTH".to_string(), "0".to_string());
+  }
+
+  let (hyper_request, _, _) = request.into_parts();
+
+  execute_scgi(hyper_request, error_logger, scgi_to, environment_variables).await
+}
+
+async fn execute_scgi(
+  hyper_request: HyperRequest,
+  error_logger: &ErrorLogger,
+  scgi_to: &str,
+  mut environment_variables: LinkedHashMap<String, String>,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let (_, body) = hyper_request.into_parts();
+
+  // Insert other environment variables
+  for (key, value) in env::vars_os() {
+    let key_string = key.to_string_lossy().to_string();
+    let value_string = value.to_string_lossy().to_string();
+    environment_variables
+      .entry(key_string)
+      .or_insert(value_string);
+  }
+
+  let scgi_to_fixed = if let Some(stripped) = scgi_to.strip_prefix("unix:///") {
+    // hyper::Uri fails to parse a string if there is an empty authority, so add an "ignore" authority to Unix socket URLs
+    &format!("unix://ignore/{}", stripped)
+  } else {
+    scgi_to
+  };
+
+  let scgi_to_url = scgi_to_fixed.parse::<hyper::Uri>()?;
+  let scheme_str = scgi_to_url.scheme_str();
+
+  let (socket_reader, mut socket_writer) = match scheme_str {
+    Some("tcp") => {
+      let host = match scgi_to_url.host() {
+        Some(host) => host,
+        None => Err(anyhow::anyhow!("The SCGI URL doesn't include the host"))?,
+      };
+
+      let port = match scgi_to_url.port_u16() {
+        Some(port) => port,
+        None => Err(anyhow::anyhow!("The SCGI URL doesn't include the port"))?,
+      };
+
+      let addr = format!("{}:{}", host, port);
+
+      match connect_tcp(&addr).await {
+        Ok(data) => data,
+        Err(err) => match err.kind() {
+          tokio::io::ErrorKind::ConnectionRefused
+          | tokio::io::ErrorKind::NotFound
+          | tokio::io::ErrorKind::HostUnreachable => {
+            error_logger
+              .log(&format!("Service unavailable: {}", err))
+              .await;
+            return Ok(
+              ResponseData::builder_without_request()
+                .status(StatusCode::SERVICE_UNAVAILABLE)
+                .build(),
+            );
+          }
+          _ => Err(err)?,
+        },
+      }
+    }
+    Some("unix") => {
+      let path = scgi_to_url.path();
+      match connect_unix(path).await {
+        Ok(data) => data,
+        Err(err) => match err.kind() {
+          tokio::io::ErrorKind::ConnectionRefused
+          | tokio::io::ErrorKind::NotFound
+          | tokio::io::ErrorKind::HostUnreachable => {
+            error_logger
+              .log(&format!("Service unavailable: {}", err))
+              .await;
+            return Ok(
+              ResponseData::builder_without_request()
+                .status(StatusCode::SERVICE_UNAVAILABLE)
+                .build(),
+            );
+          }
+          _ => Err(err)?,
+        },
+      }
+    }
+    _ => Err(anyhow::anyhow!(
+      "Only HTTP and HTTPS reverse proxy URLs are supported."
+    ))?,
+  };
+
+  // Create environment variable netstring
+  let mut environment_variables_to_wrap = Vec::new();
+  for (key, value) in environment_variables.iter() {
+    let mut environment_variable = Vec::new();
+    environment_variable.extend_from_slice(key.as_bytes());
+    environment_variable.push(b'\0');
+    environment_variable.extend_from_slice(value.as_bytes());
+    environment_variable.push(b'\0');
+    if key == "CONTENT_LENGTH" {
+      environment_variable.append(&mut environment_variables_to_wrap);
+      environment_variables_to_wrap = environment_variable;
+    } else {
+      environment_variables_to_wrap.append(&mut environment_variable);
+    }
+  }
+
+  let environment_variables_to_wrap_length = environment_variables_to_wrap.len();
+  let mut environment_variables_netstring = Vec::new();
+  environment_variables_netstring
+    .extend_from_slice(environment_variables_to_wrap_length.to_string().as_bytes());
+  environment_variables_netstring.push(b':');
+  environment_variables_netstring.append(&mut environment_variables_to_wrap);
+  environment_variables_netstring.push(b',');
+
+  // Write environment variable netstring
+  socket_writer
+    .write_all(&environment_variables_netstring)
+    .await?;
+
+  let cgi_stdin_reader = StreamReader::new(body.into_data_stream().map_err(std::io::Error::other));
+
+  // Emulated standard input and standard output
+  // SCGI doesn't support standard error
+  let stdin = socket_writer;
+  let stdout = socket_reader;
+
+  let mut cgi_response = CgiResponse::new(stdout);
+
+  let stdin_copy_future = Copier::new(cgi_stdin_reader, stdin).copy();
+  let mut stdin_copy_future_pinned = Box::pin(stdin_copy_future);
+
+  let mut headers = [EMPTY_HEADER; 128];
+
+  let mut early_stdin_copied = false;
+
+  // Needed to wrap this in another scope to prevent errors with multiple mutable borrows.
+  {
+    let mut head_obtained = false;
+    let stdout_parse_future = cgi_response.get_head();
+    tokio::pin!(stdout_parse_future);
+
+    // Cannot use a loop with tokio::select, since stdin_copy_future_pinned being constantly ready will make the web server stop responding to HTTP requests
+    tokio::select! {
+      biased;
+
+      obtained_head = &mut stdout_parse_future => {
+        let obtained_head = obtained_head?;
+        if !obtained_head.is_empty() {
+          httparse::parse_headers(obtained_head, &mut headers)?;
+        }
+        head_obtained = true;
+      },
+      result = &mut stdin_copy_future_pinned => {
+        early_stdin_copied = true;
+        result?;
+      }
+    }
+
+    if !head_obtained {
+      // Kept it same as in the tokio::select macro
+      let obtained_head = stdout_parse_future.await?;
+      if !obtained_head.is_empty() {
+        httparse::parse_headers(obtained_head, &mut headers)?;
+      }
+    }
+  }
+
+  let mut response_builder = Response::builder();
+  let mut status_code = 200;
+  for header in headers {
+    if header == EMPTY_HEADER {
+      break;
+    }
+    let mut is_status_header = false;
+    match &header.name.to_lowercase() as &str {
+      "location" => {
+        if !(300..=399).contains(&status_code) {
+          status_code = 302;
+        }
+      }
+      "status" => {
+        is_status_header = true;
+        let header_value_cow = String::from_utf8_lossy(header.value);
+        let mut split_status = header_value_cow.split(" ");
+        let first_part = split_status.next();
+        if let Some(first_part) = first_part {
+          if first_part.starts_with("HTTP/") {
+            let second_part = split_status.next();
+            if let Some(second_part) = second_part {
+              if let Ok(parsed_status_code) = second_part.parse::<u16>() {
+                status_code = parsed_status_code;
+              }
+            }
+          } else if let Ok(parsed_status_code) = first_part.parse::<u16>() {
+            status_code = parsed_status_code;
+          }
+        }
+      }
+      _ => (),
+    }
+    if !is_status_header {
+      response_builder = response_builder.header(header.name, header.value);
+    }
+  }
+
+  response_builder = response_builder.status(status_code);
+
+  let reader_stream = ReaderStream::new(cgi_response);
+  let stream_body = StreamBody::new(reader_stream.map_ok(Frame::data));
+  let boxed_body = stream_body.boxed();
+
+  let response = response_builder.body(boxed_body)?;
+
+  Ok(
+    ResponseData::builder_without_request()
+      .response(response)
+      .parallel_fn(async move {
+        if !early_stdin_copied {
+          stdin_copy_future_pinned.await.unwrap_or_default();
+        }
+      })
+      .build(),
+  )
+}
+
+async fn connect_tcp(
+  addr: &str,
+) -> Result<
+  (
+    Box<dyn AsyncRead + Send + Sync + Unpin>,
+    Box<dyn AsyncWrite + Send + Sync + Unpin>,
+  ),
+  tokio::io::Error,
+> {
+  let socket = TcpStream::connect(addr).await?;
+  socket.set_nodelay(true)?;
+
+  let (socket_reader_set, socket_writer_set) = tokio::io::split(socket);
+  Ok((Box::new(socket_reader_set), Box::new(socket_writer_set)))
+}
+
+#[allow(dead_code)]
+#[cfg(unix)]
+async fn connect_unix(
+  path: &str,
+) -> Result<
+  (
+    Box<dyn AsyncRead + Send + Sync + Unpin>,
+    Box<dyn AsyncWrite + Send + Sync + Unpin>,
+  ),
+  tokio::io::Error,
+> {
+  use tokio::net::UnixStream;
+
+  let socket = UnixStream::connect(path).await?;
+
+  let (socket_reader_set, socket_writer_set) = tokio::io::split(socket);
+  Ok((Box::new(socket_reader_set), Box::new(socket_writer_set)))
+}
+
+#[allow(dead_code)]
+#[cfg(not(unix))]
+async fn connect_unix(
+  _path: &str,
+) -> Result<
+  (
+    Box<dyn AsyncRead + Send + Sync + Unpin>,
+    Box<dyn AsyncWrite + Send + Sync + Unpin>,
+  ),
+  tokio::io::Error,
+> {
+  Err(tokio::io::Error::new(
+    tokio::io::ErrorKind::Unsupported,
+    "Unix sockets are not supports on non-Unix platforms.",
+  ))
+}

ferron/src/optional_modules/wsgi.rs

@@ -0,0 +1,742 @@
+// This module would provide higher WSGI application performance,
+// if it used a process pool dedicated for WSGI applications (aka pre-fork model)
+// instead of spawning blocking threads in a Tokio runtime,
+// because of Python's GIL, which causes the WSGI application in current setup
+// to effectively run as single-threaded single-process.
+// Pre-forking a process pool isn't supported on Windows.
+
+use std::collections::HashMap;
+use std::error::Error;
+use std::path::{Path, PathBuf};
+use std::str::FromStr;
+use std::sync::Arc;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperRequest, HyperUpgraded, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperResponse, WithRuntime};
+use crate::ferron_res::server_software::SERVER_SOFTWARE;
+use crate::ferron_util::ip_match::ip_match;
+use crate::ferron_util::match_hostname::match_hostname;
+use crate::ferron_util::match_location::match_location;
+use crate::ferron_util::wsgi_error_stream::WsgiErrorStream;
+use crate::ferron_util::wsgi_input_stream::WsgiInputStream;
+use crate::ferron_util::wsgi_load_application::load_wsgi_application;
+use crate::ferron_util::wsgi_structs::{WsgiApplicationLocationWrap, WsgiApplicationWrap};
+use async_trait::async_trait;
+use futures_util::{StreamExt, TryStreamExt};
+use hashlink::LinkedHashMap;
+use http::{HeaderMap, HeaderName, HeaderValue, StatusCode};
+use http_body_util::{BodyExt, Empty, StreamBody};
+use hyper::body::{Bytes, Frame};
+use hyper::header;
+use hyper::Response;
+use hyper_tungstenite::HyperWebsocket;
+use pyo3::exceptions::{PyAssertionError, PyException};
+use pyo3::prelude::*;
+use pyo3::types::{PyAny, PyBool, PyCFunction, PyDict, PyIterator, PyString, PyTuple};
+use tokio::fs;
+use tokio::io::AsyncReadExt;
+use tokio::runtime::Handle;
+use tokio::sync::Mutex;
+use tokio_util::io::StreamReader;
+
+pub fn server_module_init(
+  config: &ServerConfig,
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  let mut global_wsgi_application = None;
+  let mut host_wsgi_applications = Vec::new();
+  let clear_sys_path = config["global"]["wsgiClearModuleImportPath"]
+    .as_bool()
+    .unwrap_or(false);
+  if let Some(wsgi_application_path) = config["global"]["wsgiApplicationPath"].as_str() {
+    global_wsgi_application = Some(Arc::new(load_wsgi_application(
+      PathBuf::from_str(wsgi_application_path)?.as_path(),
+      clear_sys_path,
+    )?));
+  }
+  let global_wsgi_path = config["global"]["wsgiPath"].as_str().map(|s| s.to_string());
+
+  if let Some(hosts) = config["hosts"].as_vec() {
+    for host_yaml in hosts.iter() {
+      let domain = host_yaml["domain"].as_str().map(String::from);
+      let ip = host_yaml["ip"].as_str().map(String::from);
+      let mut locations = Vec::new();
+      if let Some(locations_yaml) = host_yaml["locations"].as_vec() {
+        for location_yaml in locations_yaml.iter() {
+          if let Some(path_str) = location_yaml["path"].as_str() {
+            let path = String::from(path_str);
+            if let Some(wsgi_application_path) = location_yaml["wsgiApplicationPath"].as_str() {
+              locations.push(WsgiApplicationLocationWrap::new(
+                path,
+                Arc::new(load_wsgi_application(
+                  PathBuf::from_str(wsgi_application_path)?.as_path(),
+                  clear_sys_path,
+                )?),
+                location_yaml["wsgiPath"].as_str().map(|s| s.to_string()),
+              ));
+            }
+          }
+        }
+      }
+      if let Some(wsgi_application_path) = host_yaml["wsgiApplicationPath"].as_str() {
+        host_wsgi_applications.push(WsgiApplicationWrap::new(
+          domain,
+          ip,
+          Some(Arc::new(load_wsgi_application(
+            PathBuf::from_str(wsgi_application_path)?.as_path(),
+            clear_sys_path,
+          )?)),
+          host_yaml["wsgiPath"].as_str().map(|s| s.to_string()),
+          locations,
+        ));
+      } else if !locations.is_empty() {
+        host_wsgi_applications.push(WsgiApplicationWrap::new(
+          domain,
+          ip,
+          None,
+          host_yaml["wsgiPath"].as_str().map(|s| s.to_string()),
+          locations,
+        ));
+      }
+    }
+  }
+
+  Ok(Box::new(WsgiModule::new(
+    global_wsgi_application,
+    global_wsgi_path,
+    Arc::new(host_wsgi_applications),
+  )))
+}
+
+struct WsgiModule {
+  global_wsgi_application: Option<Arc<Py<PyAny>>>,
+  global_wsgi_path: Option<String>,
+  host_wsgi_applications: Arc<Vec<WsgiApplicationWrap>>,
+}
+
+impl WsgiModule {
+  fn new(
+    global_wsgi_application: Option<Arc<Py<PyAny>>>,
+    global_wsgi_path: Option<String>,
+    host_wsgi_applications: Arc<Vec<WsgiApplicationWrap>>,
+  ) -> Self {
+    Self {
+      global_wsgi_application,
+      global_wsgi_path,
+      host_wsgi_applications,
+    }
+  }
+}
+
+impl ServerModule for WsgiModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(WsgiModuleHandlers {
+      handle,
+      global_wsgi_application: self.global_wsgi_application.clone(),
+      global_wsgi_path: self.global_wsgi_path.clone(),
+      host_wsgi_applications: self.host_wsgi_applications.clone(),
+    })
+  }
+}
+
+struct WsgiModuleHandlers {
+  handle: Handle,
+  global_wsgi_application: Option<Arc<Py<PyAny>>>,
+  global_wsgi_path: Option<String>,
+  host_wsgi_applications: Arc<Vec<WsgiApplicationWrap>>,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for WsgiModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      let hyper_request = request.get_hyper_request();
+
+      // Use .take() instead of .clone(), since the values in Options will only be used once.
+      let mut wsgi_application = self.global_wsgi_application.take();
+      let mut wsgi_path = self.global_wsgi_path.take();
+
+      // Should have used a HashMap instead of iterating over an array for better performance...
+      for host_wsgi_application_wrap in self.host_wsgi_applications.iter() {
+        if match_hostname(
+          match &host_wsgi_application_wrap.domain {
+            Some(value) => Some(value as &str),
+            None => None,
+          },
+          match hyper_request.headers().get(header::HOST) {
+            Some(value) => value.to_str().ok(),
+            None => None,
+          },
+        ) && match &host_wsgi_application_wrap.ip {
+          Some(value) => ip_match(value as &str, socket_data.remote_addr.ip()),
+          None => true,
+        } {
+          wsgi_application = host_wsgi_application_wrap.wsgi_application.clone();
+          wsgi_path = host_wsgi_application_wrap.wsgi_path.clone();
+          if let Ok(path_decoded) = urlencoding::decode(
+            request
+              .get_original_url()
+              .unwrap_or(request.get_hyper_request().uri())
+              .path(),
+          ) {
+            for location_wrap in host_wsgi_application_wrap.locations.iter() {
+              if match_location(&location_wrap.path, &path_decoded) {
+                wsgi_application = Some(location_wrap.wsgi_application.clone());
+                wsgi_path = location_wrap.wsgi_path.clone();
+                break;
+              }
+            }
+          }
+          break;
+        }
+      }
+
+      let request_path = hyper_request.uri().path();
+      let mut request_path_bytes = request_path.bytes();
+      if request_path_bytes.len() < 1 || request_path_bytes.nth(0) != Some(b'/') {
+        return Ok(
+          ResponseData::builder(request)
+            .status(StatusCode::BAD_REQUEST)
+            .build(),
+        );
+      }
+
+      if let Some(wsgi_application) = wsgi_application {
+        let wsgi_path = wsgi_path.unwrap_or("/".to_string());
+        let mut canonical_wsgi_path: &str = &wsgi_path;
+        if canonical_wsgi_path.bytes().last() == Some(b'/') {
+          canonical_wsgi_path = &canonical_wsgi_path[..(canonical_wsgi_path.len() - 1)];
+        }
+
+        let request_path_with_slashes = match request_path == canonical_wsgi_path {
+          true => format!("{}/", request_path),
+          false => request_path.to_string(),
+        };
+        if let Some(stripped_request_path) =
+          request_path_with_slashes.strip_prefix(canonical_wsgi_path)
+        {
+          let wwwroot_yaml = &config["wwwroot"];
+          let wwwroot = wwwroot_yaml.as_str().unwrap_or("/nonexistent");
+
+          let wwwroot_unknown = PathBuf::from(wwwroot);
+          let wwwroot_pathbuf = match wwwroot_unknown.as_path().is_absolute() {
+            true => wwwroot_unknown,
+            false => match fs::canonicalize(&wwwroot_unknown).await {
+              Ok(pathbuf) => pathbuf,
+              Err(_) => wwwroot_unknown,
+            },
+          };
+          let wwwroot = wwwroot_pathbuf.as_path();
+
+          let mut relative_path = &request_path[1..];
+          while relative_path.as_bytes().first().copied() == Some(b'/') {
+            relative_path = &relative_path[1..];
+          }
+
+          let decoded_relative_path = match urlencoding::decode(relative_path) {
+            Ok(path) => path.to_string(),
+            Err(_) => {
+              return Ok(
+                ResponseData::builder(request)
+                  .status(StatusCode::BAD_REQUEST)
+                  .build(),
+              );
+            }
+          };
+
+          let joined_pathbuf = wwwroot.join(decoded_relative_path);
+          let execute_pathbuf = joined_pathbuf;
+          let execute_path_info = stripped_request_path
+            .strip_prefix("/")
+            .map(|s| s.to_string());
+
+          return execute_wsgi_with_environment_variables(
+            request,
+            socket_data,
+            error_logger,
+            wwwroot,
+            execute_pathbuf,
+            execute_path_info,
+            config["serverAdministratorEmail"].as_str(),
+            wsgi_application,
+          )
+          .await;
+        }
+      }
+      Ok(ResponseData::builder(request).build())
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}
+
+struct ResponseHead {
+  status: StatusCode,
+  headers: Option<HeaderMap>,
+  is_set: bool,
+  is_sent: bool,
+}
+
+impl ResponseHead {
+  fn new() -> Self {
+    Self {
+      status: StatusCode::OK,
+      headers: None,
+      is_set: false,
+      is_sent: false,
+    }
+  }
+}
+
+#[allow(clippy::too_many_arguments)]
+async fn execute_wsgi_with_environment_variables(
+  request: RequestData,
+  socket_data: &SocketData,
+  error_logger: &ErrorLogger,
+  wwwroot: &Path,
+  execute_pathbuf: PathBuf,
+  path_info: Option<String>,
+  server_administrator_email: Option<&str>,
+  wsgi_application: Arc<Py<PyAny>>,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let mut environment_variables: LinkedHashMap<String, String> = LinkedHashMap::new();
+
+  let hyper_request = request.get_hyper_request();
+  let original_request_uri = request.get_original_url().unwrap_or(hyper_request.uri());
+
+  if let Some(auth_user) = request.get_auth_user() {
+    if let Some(authorization) = hyper_request.headers().get(header::AUTHORIZATION) {
+      let authorization_value = String::from_utf8_lossy(authorization.as_bytes()).to_string();
+      let mut authorization_value_split = authorization_value.split(" ");
+      if let Some(authorization_type) = authorization_value_split.next() {
+        environment_variables.insert("AUTH_TYPE".to_string(), authorization_type.to_string());
+      }
+    }
+    environment_variables.insert("REMOTE_USER".to_string(), auth_user.to_string());
+  }
+
+  environment_variables.insert(
+    "QUERY_STRING".to_string(),
+    match hyper_request.uri().query() {
+      Some(query) => query.to_string(),
+      None => "".to_string(),
+    },
+  );
+
+  environment_variables.insert("SERVER_SOFTWARE".to_string(), SERVER_SOFTWARE.to_string());
+  environment_variables.insert(
+    "SERVER_PROTOCOL".to_string(),
+    match hyper_request.version() {
+      hyper::Version::HTTP_09 => "HTTP/0.9".to_string(),
+      hyper::Version::HTTP_10 => "HTTP/1.0".to_string(),
+      hyper::Version::HTTP_11 => "HTTP/1.1".to_string(),
+      hyper::Version::HTTP_2 => "HTTP/2.0".to_string(),
+      hyper::Version::HTTP_3 => "HTTP/3.0".to_string(),
+      _ => "HTTP/Unknown".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "SERVER_PORT".to_string(),
+    socket_data.local_addr.port().to_string(),
+  );
+  environment_variables.insert(
+    "SERVER_ADDR".to_string(),
+    socket_data.local_addr.ip().to_canonical().to_string(),
+  );
+  if let Some(server_administrator_email) = server_administrator_email {
+    environment_variables.insert(
+      "SERVER_ADMIN".to_string(),
+      server_administrator_email.to_string(),
+    );
+  }
+  if let Some(host) = hyper_request.headers().get(header::HOST) {
+    environment_variables.insert(
+      "SERVER_NAME".to_string(),
+      String::from_utf8_lossy(host.as_bytes()).to_string(),
+    );
+  }
+
+  environment_variables.insert(
+    "DOCUMENT_ROOT".to_string(),
+    wwwroot.to_string_lossy().to_string(),
+  );
+  environment_variables.insert(
+    "PATH_INFO".to_string(),
+    match &path_info {
+      Some(path_info) => format!("/{}", path_info),
+      None => "".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "PATH_TRANSLATED".to_string(),
+    match &path_info {
+      Some(path_info) => {
+        let mut path_translated = execute_pathbuf.clone();
+        path_translated.push(path_info);
+        path_translated.to_string_lossy().to_string()
+      }
+      None => "".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "REQUEST_METHOD".to_string(),
+    hyper_request.method().to_string(),
+  );
+  environment_variables.insert("GATEWAY_INTERFACE".to_string(), "CGI/1.1".to_string());
+  environment_variables.insert(
+    "REQUEST_URI".to_string(),
+    format!(
+      "{}{}",
+      original_request_uri.path(),
+      match original_request_uri.query() {
+        Some(query) => format!("?{}", query),
+        None => String::from(""),
+      }
+    ),
+  );
+
+  environment_variables.insert(
+    "REMOTE_PORT".to_string(),
+    socket_data.remote_addr.port().to_string(),
+  );
+  environment_variables.insert(
+    "REMOTE_ADDR".to_string(),
+    socket_data.remote_addr.ip().to_canonical().to_string(),
+  );
+
+  environment_variables.insert(
+    "SCRIPT_FILENAME".to_string(),
+    execute_pathbuf.to_string_lossy().to_string(),
+  );
+  if let Ok(script_path) = execute_pathbuf.as_path().strip_prefix(wwwroot) {
+    environment_variables.insert(
+      "SCRIPT_NAME".to_string(),
+      format!(
+        "/{}",
+        match cfg!(windows) {
+          true => script_path.to_string_lossy().to_string().replace("\\", "/"),
+          false => script_path.to_string_lossy().to_string(),
+        }
+      ),
+    );
+  }
+
+  if socket_data.encrypted {
+    environment_variables.insert("HTTPS".to_string(), "ON".to_string());
+  }
+
+  let mut content_length_set = false;
+  for (header_name, header_value) in hyper_request.headers().iter() {
+    let env_header_name = match *header_name {
+      header::CONTENT_LENGTH => {
+        content_length_set = true;
+        "CONTENT_LENGTH".to_string()
+      }
+      header::CONTENT_TYPE => "CONTENT_TYPE".to_string(),
+      _ => {
+        let mut result = String::new();
+
+        result.push_str("HTTP_");
+
+        for c in header_name.as_str().to_uppercase().chars() {
+          if c.is_alphanumeric() {
+            result.push(c);
+          } else {
+            result.push('_');
+          }
+        }
+
+        result
+      }
+    };
+    if environment_variables.contains_key(&env_header_name) {
+      let value = environment_variables.get_mut(&env_header_name);
+      if let Some(value) = value {
+        if env_header_name == "HTTP_COOKIE" {
+          value.push_str("; ");
+        } else {
+          // See https://stackoverflow.com/a/1801191
+          value.push_str(", ");
+        }
+        value.push_str(String::from_utf8_lossy(header_value.as_bytes()).as_ref());
+      } else {
+        environment_variables.insert(
+          env_header_name,
+          String::from_utf8_lossy(header_value.as_bytes()).to_string(),
+        );
+      }
+    } else {
+      environment_variables.insert(
+        env_header_name,
+        String::from_utf8_lossy(header_value.as_bytes()).to_string(),
+      );
+    }
+  }
+
+  if !content_length_set {
+    environment_variables.insert("CONTENT_LENGTH".to_string(), "0".to_string());
+  }
+
+  let (hyper_request, _, _) = request.into_parts();
+
+  execute_wsgi(
+    hyper_request,
+    error_logger,
+    wsgi_application,
+    environment_variables,
+  )
+  .await
+}
+
+async fn execute_wsgi(
+  hyper_request: HyperRequest,
+  error_logger: &ErrorLogger,
+  wsgi_application: Arc<Py<PyAny>>,
+  environment_variables: LinkedHashMap<String, String>,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let (_, body) = hyper_request.into_parts();
+  let body_reader = StreamReader::new(body.into_data_stream().map_err(std::io::Error::other));
+  let wsgi_head = Arc::new(Mutex::new(ResponseHead::new()));
+  let wsgi_head_clone = wsgi_head.clone();
+  let error_logger_owned = error_logger.to_owned();
+  let body_iterator = tokio::task::spawn_blocking(move || {
+    Python::with_gil(move |py| -> PyResult<Py<PyIterator>> {
+      let start_response = PyCFunction::new_closure(
+        py,
+        None,
+        None,
+        move |args: &Bound<'_, PyTuple>, kwargs: Option<&Bound<'_, PyDict>>| -> PyResult<_> {
+          let args_native = args.extract::<(String, Vec<(String, String)>)>()?;
+          let exc_info = kwargs.map_or(Ok(None), |kwargs| {
+            let exc_info = kwargs.get_item("exc_info");
+            if let Ok(Some(exc_info)) = exc_info {
+              if exc_info.is_none() {
+                Ok(None)
+              } else {
+                Ok(Some(exc_info))
+              }
+            } else {
+              exc_info
+            }
+          })?;
+          let mut wsgi_head_locked = wsgi_head_clone.blocking_lock();
+          if let Some(exc_info) = exc_info {
+            if wsgi_head_locked.is_sent {
+              let exc_info_tuple = exc_info.downcast::<PyTuple>()?;
+              let exc_info_exception = exc_info_tuple
+                .get_item(1)?
+                .getattr("with_traceback")?
+                .call((exc_info_tuple.get_item(2)?,), None)?
+                .downcast::<PyException>()?
+                .clone();
+              Err(exc_info_exception)?
+            }
+          } else if wsgi_head_locked.is_set {
+            Err(PyAssertionError::new_err("Headers already set"))?
+          }
+          let status_code_string_option = args_native.0.split(" ").next();
+          if let Some(status_code_string) = status_code_string_option {
+            wsgi_head_locked.status =
+              StatusCode::from_u16(status_code_string.parse()?).map_err(|e| anyhow::anyhow!(e))?;
+          } else {
+            Err(anyhow::anyhow!("Can't extract status code"))?;
+          }
+          let mut header_map = HeaderMap::new();
+          for header in args_native.1 {
+            header_map.append(
+              HeaderName::from_str(&header.0).map_err(|e| anyhow::anyhow!(e))?,
+              HeaderValue::from_str(&header.1).map_err(|e| anyhow::anyhow!(e))?,
+            );
+          }
+          wsgi_head_locked.headers = Some(header_map);
+          wsgi_head_locked.is_set = true;
+          Ok(())
+        },
+      )?;
+      let mut environment: HashMap<String, Bound<'_, PyAny>> = HashMap::new();
+      let is_https = environment_variables.contains_key("HTTPS");
+      let content_length = if let Some(content_length) = environment_variables.get("CONTENT_LENGTH")
+      {
+        content_length.parse::<u64>().ok()
+      } else {
+        None
+      };
+      for (environment_variable, environment_variable_value) in environment_variables {
+        environment.insert(
+          environment_variable,
+          PyString::new(py, &environment_variable_value).into_any(),
+        );
+      }
+      environment.insert(
+        "wsgi.version".to_string(),
+        PyTuple::new(py, [1, 0])?.into_any(),
+      );
+      environment.insert(
+        "wsgi.url_scheme".to_string(),
+        PyString::new(py, if is_https { "https" } else { "http" }).into_any(),
+      );
+      environment.insert(
+        "wsgi.input".to_string(),
+        (if let Some(content_length) = content_length {
+          WsgiInputStream::new(body_reader.take(content_length))
+        } else {
+          WsgiInputStream::new(body_reader)
+        })
+        .into_pyobject(py)?
+        .into_any(),
+      );
+      environment.insert(
+        "wsgi.errors".to_string(),
+        WsgiErrorStream::new(error_logger_owned)
+          .into_pyobject(py)?
+          .into_any(),
+      );
+      environment.insert(
+        "wsgi.multithread".to_string(),
+        PyBool::new(py, true).as_any().clone(),
+      );
+      environment.insert(
+        "wsgi.multiprocess".to_string(),
+        PyBool::new(py, false).as_any().clone(),
+      );
+      environment.insert(
+        "wsgi.run_once".to_string(),
+        PyBool::new(py, false).as_any().clone(),
+      );
+      let body_unknown = wsgi_application.call(py, (environment, start_response), None)?;
+      let body_iterator = body_unknown
+        .downcast_bound::<PyIterator>(py)?
+        .clone()
+        .unbind();
+      Ok(body_iterator)
+    })
+  })
+  .await??;
+
+  let wsgi_head_clone = wsgi_head.clone();
+  let mut response_stream =
+    futures_util::stream::unfold(Arc::new(body_iterator), move |body_iterator_arc| {
+      let wsgi_head_clone = wsgi_head_clone.clone();
+      Box::pin(async move {
+        let body_iterator_arc_clone = body_iterator_arc.clone();
+        let blocking_thread_result = tokio::task::spawn_blocking(move || {
+          Python::with_gil(|py| -> PyResult<Option<Bytes>> {
+            let mut body_iterator_bound = body_iterator_arc_clone.bind(py).clone();
+            if let Some(body_chunk) = body_iterator_bound.next() {
+              Ok(Some(Bytes::from(body_chunk?.extract::<Vec<u8>>()?)))
+            } else {
+              Ok(None)
+            }
+          })
+        })
+        .await;
+
+        match blocking_thread_result {
+          Err(error) => Some((Err(std::io::Error::other(error)), body_iterator_arc)),
+          Ok(Err(error)) => Some((Err(std::io::Error::other(error)), body_iterator_arc)),
+          Ok(Ok(None)) => None,
+          Ok(Ok(Some(chunk))) => {
+            let wsgi_head_locked = wsgi_head_clone.lock().await;
+            if !wsgi_head_locked.is_set {
+              Some((
+                Err(std::io::Error::other(
+                  "The \"start_response\" function hasn't been called.",
+                )),
+                body_iterator_arc,
+              ))
+            } else {
+              Some((Ok(chunk), body_iterator_arc))
+            }
+          }
+        }
+      })
+    });
+
+  let first_chunk = response_stream.next().await;
+  let response_body = if let Some(Err(first_chunk_error)) = first_chunk {
+    Err(first_chunk_error)?
+  } else if let Some(Ok(first_chunk)) = first_chunk {
+    let response_stream_first_item = futures_util::stream::once(async move { Ok(first_chunk) });
+    let response_stream_combined = response_stream_first_item.chain(response_stream);
+    let stream_body = StreamBody::new(response_stream_combined.map_ok(Frame::data));
+
+    BodyExt::boxed(stream_body)
+  } else {
+    BodyExt::boxed(Empty::new().map_err(|e| match e {}))
+  };
+
+  let mut wsgi_head_locked = wsgi_head.lock().await;
+  let mut hyper_response = Response::new(response_body);
+  *hyper_response.status_mut() = wsgi_head_locked.status;
+  if let Some(headers) = wsgi_head_locked.headers.take() {
+    *hyper_response.headers_mut() = headers;
+  }
+  wsgi_head_locked.is_sent = true;
+
+  Ok(
+    ResponseData::builder_without_request()
+      .response(hyper_response)
+      .build(),
+  )
+}

ferron/src/optional_modules/wsgid.rs

@@ -0,0 +1,1035 @@
+#[cfg(not(unix))]
+compile_error!("This module is supported only on Unix and Unix-like systems.");
+
+use std::collections::HashMap;
+use std::error::Error;
+use std::io::{BufReader, Read};
+use std::path::{Path, PathBuf};
+use std::str::FromStr;
+use std::sync::Arc;
+use std::thread;
+
+use crate::ferron_common::{
+  ErrorLogger, HyperRequest, HyperUpgraded, RequestData, ResponseData, ServerConfig, ServerModule,
+  ServerModuleHandlers, SocketData,
+};
+use crate::ferron_common::{HyperResponse, WithRuntime};
+use crate::ferron_res::server_software::SERVER_SOFTWARE;
+use crate::ferron_util::ip_match::ip_match;
+use crate::ferron_util::match_hostname::match_hostname;
+use crate::ferron_util::match_location::match_location;
+use crate::ferron_util::preforked_process_pool::{
+  read_ipc_message, read_ipc_message_async, write_ipc_message, write_ipc_message_async,
+  PreforkedProcessPool,
+};
+use crate::ferron_util::wsgi_load_application::load_wsgi_application;
+use crate::ferron_util::wsgid_body_reader::WsgidBodyReader;
+use crate::ferron_util::wsgid_error_stream::WsgidErrorStream;
+use crate::ferron_util::wsgid_input_stream::WsgidInputStream;
+use crate::ferron_util::wsgid_message_structs::{
+  ProcessPoolToServerMessage, ServerToProcessPoolMessage,
+};
+use crate::ferron_util::wsgid_structs::{WsgidApplicationLocationWrap, WsgidApplicationWrap};
+use async_trait::async_trait;
+use futures_util::{StreamExt, TryStreamExt};
+use hashlink::LinkedHashMap;
+use http::{HeaderMap, HeaderName, HeaderValue, StatusCode};
+use http_body_util::{BodyExt, Empty, StreamBody};
+use hyper::body::{Bytes, Frame};
+use hyper::header;
+use hyper::Response;
+use hyper_tungstenite::HyperWebsocket;
+use interprocess::unnamed_pipe::{Recver, Sender};
+use pyo3::exceptions::{PyAssertionError, PyException};
+use pyo3::prelude::*;
+use pyo3::types::{PyBool, PyCFunction, PyDict, PyIterator, PyString, PyTuple};
+//use postcard::{DeOptions, SerOptions};
+use tokio::fs;
+use tokio::runtime::Handle;
+use tokio::sync::Mutex;
+
+struct ResponseHead {
+  status: u16,
+  headers: Option<LinkedHashMap<String, Vec<String>>>,
+  is_set: bool,
+  is_sent: bool,
+}
+
+impl ResponseHead {
+  fn new() -> Self {
+    Self {
+      status: 200,
+      headers: None,
+      is_set: false,
+      is_sent: false,
+    }
+  }
+}
+
+fn wsgi_pool_fn(tx: Sender, rx: Recver, wsgi_script_path: PathBuf) {
+  let wsgi_application_result: Result<Py<PyAny>, Box<dyn Error + Send + Sync>> =
+    load_wsgi_application(wsgi_script_path.as_path(), false);
+  let mut body_iterators = HashMap::new();
+  let mut application_id = 0;
+  let mut wsgi_head = Arc::new(Mutex::new(ResponseHead::new()));
+  let rx_mutex = Arc::new(Mutex::new(rx));
+  let tx_mutex = Arc::new(Mutex::new(tx));
+
+  loop {
+    let received_raw_message = match read_ipc_message(&mut rx_mutex.blocking_lock()) {
+      Ok(message) => message,
+      Err(_) => break,
+    };
+
+    let received_message =
+      match postcard::from_bytes::<ServerToProcessPoolMessage>(&received_raw_message) {
+        Ok(message) => message,
+        Err(_) => continue,
+      };
+
+    if let Some(error) = (|| -> Result<(), Box<dyn Error + Send + Sync>> {
+      let wsgi_application = wsgi_application_result
+        .as_ref()
+        .map_err(|x| anyhow::anyhow!(x.to_string()))?;
+      if let Some(environment_variables) = received_message.environment_variables {
+        wsgi_head = Arc::new(Mutex::new(ResponseHead::new()));
+        let wsgi_head_clone = wsgi_head.clone();
+        let tx_mutex_clone = tx_mutex.clone();
+        let rx_mutex_clone = rx_mutex.clone();
+        let body_iterator = Python::with_gil(move |py| -> PyResult<Py<PyIterator>> {
+          let start_response = PyCFunction::new_closure(
+            py,
+            None,
+            None,
+            move |args: &Bound<'_, PyTuple>, kwargs: Option<&Bound<'_, PyDict>>| -> PyResult<_> {
+              let args_native = args.extract::<(String, Vec<(String, String)>)>()?;
+              let exc_info = kwargs.map_or(Ok(None), |kwargs| {
+                let exc_info = kwargs.get_item("exc_info");
+                if let Ok(Some(exc_info)) = exc_info {
+                  if exc_info.is_none() {
+                    Ok(None)
+                  } else {
+                    Ok(Some(exc_info))
+                  }
+                } else {
+                  exc_info
+                }
+              })?;
+              let mut wsgi_head_locked = wsgi_head_clone.blocking_lock();
+              if let Some(exc_info) = exc_info {
+                if wsgi_head_locked.is_sent {
+                  let exc_info_tuple = exc_info.downcast::<PyTuple>()?;
+                  let exc_info_exception = exc_info_tuple
+                    .get_item(1)?
+                    .getattr("with_traceback")?
+                    .call((exc_info_tuple.get_item(2)?,), None)?
+                    .downcast::<PyException>()?
+                    .clone();
+                  Err(exc_info_exception)?
+                }
+              } else if wsgi_head_locked.is_set {
+                Err(PyAssertionError::new_err("Headers already set"))?
+              }
+              let status_code_string_option = args_native.0.split(" ").next();
+              if let Some(status_code_string) = status_code_string_option {
+                wsgi_head_locked.status = status_code_string
+                  .parse()
+                  .map_err(|e: std::num::ParseIntError| anyhow::anyhow!(e))?;
+              } else {
+                Err(anyhow::anyhow!("Can't extract status code"))?;
+              }
+              let mut header_map: LinkedHashMap<String, Vec<String>> = LinkedHashMap::new();
+              for header in args_native.1 {
+                let header_name = header.0.to_lowercase();
+                let header_value = header.1;
+                if let Some(header_values) = header_map.get_mut(&header_name) {
+                  header_values.push(header_value);
+                } else {
+                  header_map.insert(header_name, vec![header_value]);
+                }
+              }
+              wsgi_head_locked.headers = Some(header_map);
+              wsgi_head_locked.is_set = true;
+              Ok(())
+            },
+          )?;
+          let mut environment: HashMap<String, Bound<'_, PyAny>> = HashMap::new();
+          let is_https = environment_variables.contains_key("HTTPS");
+          let content_length =
+            if let Some(content_length) = environment_variables.get("CONTENT_LENGTH") {
+              content_length.parse::<u64>().ok()
+            } else {
+              None
+            };
+          for (environment_variable, environment_variable_value) in environment_variables {
+            environment.insert(
+              environment_variable,
+              PyString::new(py, &environment_variable_value).into_any(),
+            );
+          }
+          environment.insert(
+            "wsgi.version".to_string(),
+            PyTuple::new(py, [1, 0])?.into_any(),
+          );
+          environment.insert(
+            "wsgi.url_scheme".to_string(),
+            PyString::new(py, if is_https { "https" } else { "http" }).into_any(),
+          );
+          environment.insert(
+            "wsgi.input".to_string(),
+            (if let Some(content_length) = content_length {
+              WsgidInputStream::new(
+                BufReader::new(WsgidBodyReader::new(
+                  tx_mutex_clone.clone(),
+                  rx_mutex_clone.clone(),
+                ))
+                .take(content_length),
+              )
+            } else {
+              WsgidInputStream::new(BufReader::new(WsgidBodyReader::new(
+                tx_mutex_clone.clone(),
+                rx_mutex_clone.clone(),
+              )))
+            })
+            .into_pyobject(py)?
+            .into_any(),
+          );
+          environment.insert(
+            "wsgi.errors".to_string(),
+            WsgidErrorStream::new(tx_mutex_clone.clone())
+              .into_pyobject(py)?
+              .into_any(),
+          );
+          environment.insert(
+            "wsgi.multithread".to_string(),
+            PyBool::new(py, false).as_any().clone(),
+          );
+          environment.insert(
+            "wsgi.multiprocess".to_string(),
+            PyBool::new(py, true).as_any().clone(),
+          );
+          environment.insert(
+            "wsgi.run_once".to_string(),
+            PyBool::new(py, false).as_any().clone(),
+          );
+          let body_unknown = wsgi_application.call(py, (environment, start_response), None)?;
+          let body_iterator = body_unknown
+            .downcast_bound::<PyIterator>(py)?
+            .clone()
+            .unbind();
+          Ok(body_iterator)
+        })?;
+        let current_application_id = application_id;
+        body_iterators.insert(current_application_id, Arc::new(body_iterator));
+        application_id += 1;
+        write_ipc_message(
+          &mut tx_mutex.blocking_lock(),
+          &postcard::to_allocvec::<ProcessPoolToServerMessage>(&ProcessPoolToServerMessage {
+            application_id: Some(current_application_id),
+            status_code: None,
+            headers: None,
+            body_chunk: None,
+            error_log_line: None,
+            error_message: None,
+            requests_body_chunk: false,
+          })?,
+        )?
+      } else if received_message.requests_body_chunk {
+        if let Some(application_id) = received_message.application_id {
+          if let Some(body_iterator_arc) = body_iterators.get(&application_id) {
+            let wsgi_head_clone = wsgi_head.clone();
+            let body_iterator_arc_clone = body_iterator_arc.clone();
+            let body_chunk_result = Python::with_gil(|py| -> PyResult<Option<Vec<u8>>> {
+              let mut body_iterator_bound = body_iterator_arc_clone.bind(py).clone();
+              if let Some(body_chunk) = body_iterator_bound.next() {
+                Ok(Some(body_chunk?.extract::<Vec<u8>>()?))
+              } else {
+                Ok(None)
+              }
+            });
+
+            let body_chunk = (match body_chunk_result {
+              Err(error) => Err(std::io::Error::other(error)),
+              Ok(None) => Ok(None),
+              Ok(Some(chunk)) => {
+                let wsgi_head_locked = wsgi_head_clone.blocking_lock();
+                if !wsgi_head_locked.is_set {
+                  Err(std::io::Error::other(
+                    "The \"start_response\" function hasn't been called.",
+                  ))
+                } else {
+                  Ok(Some(chunk))
+                }
+              }
+            })?;
+
+            let status_code;
+            let headers;
+
+            let mut wsgi_head_locked = wsgi_head_clone.blocking_lock();
+            if wsgi_head_locked.is_sent {
+              status_code = None;
+              headers = None;
+            } else {
+              status_code = Some(wsgi_head_locked.status);
+              headers = wsgi_head_locked.headers.take();
+              wsgi_head_locked.is_sent = true;
+            }
+            drop(wsgi_head_locked);
+
+            if body_chunk.is_none() {
+              body_iterators.remove(&application_id);
+            }
+
+            write_ipc_message(
+              &mut tx_mutex.blocking_lock(),
+              &postcard::to_allocvec::<ProcessPoolToServerMessage>(&ProcessPoolToServerMessage {
+                application_id: None,
+                status_code,
+                headers,
+                body_chunk,
+                error_log_line: None,
+                error_message: None,
+                requests_body_chunk: false,
+              })?,
+            )?
+          } else {
+            Err(anyhow::anyhow!("The WSGI request wasn't initialized"))?
+          }
+        } else {
+          Err(anyhow::anyhow!("The WSGI request wasn't initialized"))?
+        }
+      }
+
+      Ok(())
+    })()
+    .err()
+    {
+      if write_ipc_message(
+        &mut tx_mutex.blocking_lock(),
+        &postcard::to_allocvec::<ProcessPoolToServerMessage>(&ProcessPoolToServerMessage {
+          application_id: None,
+          status_code: None,
+          headers: None,
+          body_chunk: None,
+          error_log_line: None,
+          error_message: Some(error.to_string()),
+          requests_body_chunk: false,
+        })
+        .unwrap_or_default(),
+      )
+      .is_err()
+      {
+        break;
+      }
+    }
+  }
+}
+
+fn init_wsgi_process_pool(
+  wsgi_script_path: PathBuf,
+) -> Result<PreforkedProcessPool, Box<dyn Error + Send + Sync>> {
+  let available_parallelism = thread::available_parallelism()?.get();
+  // Safety: The function depends on `nix::unistd::fork`, which is executed before any threads are spawned.
+  // The forking function is safe to call for single-threaded applications.
+  unsafe {
+    PreforkedProcessPool::new(available_parallelism, move |tx, rx| {
+      let wsgi_script_path_clone = wsgi_script_path.clone();
+      wsgi_pool_fn(tx, rx, wsgi_script_path_clone)
+    })
+  }
+}
+
+pub fn server_module_init(
+  config: &ServerConfig,
+) -> Result<Box<dyn ServerModule + Send + Sync>, Box<dyn Error + Send + Sync>> {
+  let mut global_wsgi_process_pool = None;
+  let mut host_wsgi_process_pools = Vec::new();
+  if let Some(wsgi_process_pool_path) = config["global"]["wsgidApplicationPath"].as_str() {
+    global_wsgi_process_pool = Some(Arc::new(init_wsgi_process_pool(PathBuf::from_str(
+      wsgi_process_pool_path,
+    )?)?));
+  }
+  let global_wsgi_path = config["global"]["wsgidPath"]
+    .as_str()
+    .map(|s| s.to_string());
+
+  if let Some(hosts) = config["hosts"].as_vec() {
+    for host_yaml in hosts.iter() {
+      let domain = host_yaml["domain"].as_str().map(String::from);
+      let ip = host_yaml["ip"].as_str().map(String::from);
+      let mut locations = Vec::new();
+      if let Some(locations_yaml) = host_yaml["locations"].as_vec() {
+        for location_yaml in locations_yaml.iter() {
+          if let Some(path_str) = location_yaml["path"].as_str() {
+            let path = String::from(path_str);
+            if let Some(wsgi_process_pool_path) = location_yaml["wsgidApplicationPath"].as_str() {
+              locations.push(WsgidApplicationLocationWrap::new(
+                path,
+                Arc::new(init_wsgi_process_pool(PathBuf::from_str(
+                  wsgi_process_pool_path,
+                )?)?),
+                location_yaml["wsgidPath"].as_str().map(|s| s.to_string()),
+              ));
+            }
+          }
+        }
+      }
+      if let Some(wsgi_process_pool_path) = host_yaml["wsgidApplicationPath"].as_str() {
+        host_wsgi_process_pools.push(WsgidApplicationWrap::new(
+          domain,
+          ip,
+          Some(Arc::new(init_wsgi_process_pool(PathBuf::from_str(
+            wsgi_process_pool_path,
+          )?)?)),
+          host_yaml["wsgiPath"].as_str().map(|s| s.to_string()),
+          locations,
+        ));
+      } else if !locations.is_empty() {
+        host_wsgi_process_pools.push(WsgidApplicationWrap::new(
+          domain,
+          ip,
+          None,
+          host_yaml["wsgiPath"].as_str().map(|s| s.to_string()),
+          locations,
+        ));
+      }
+    }
+  }
+
+  Ok(Box::new(WsgidModule::new(
+    global_wsgi_process_pool,
+    global_wsgi_path,
+    Arc::new(host_wsgi_process_pools),
+  )))
+}
+
+struct WsgidModule {
+  global_wsgi_process_pool: Option<Arc<PreforkedProcessPool>>,
+  global_wsgi_path: Option<String>,
+  host_wsgi_process_pools: Arc<Vec<WsgidApplicationWrap>>,
+}
+
+impl WsgidModule {
+  fn new(
+    global_wsgi_process_pool: Option<Arc<PreforkedProcessPool>>,
+    global_wsgi_path: Option<String>,
+    host_wsgi_process_pools: Arc<Vec<WsgidApplicationWrap>>,
+  ) -> Self {
+    Self {
+      global_wsgi_process_pool,
+      global_wsgi_path,
+      host_wsgi_process_pools,
+    }
+  }
+}
+
+impl ServerModule for WsgidModule {
+  fn get_handlers(&self, handle: Handle) -> Box<dyn ServerModuleHandlers + Send> {
+    Box::new(WsgidModuleHandlers {
+      handle,
+      global_wsgi_process_pool: self.global_wsgi_process_pool.clone(),
+      global_wsgi_path: self.global_wsgi_path.clone(),
+      host_wsgi_process_pools: self.host_wsgi_process_pools.clone(),
+    })
+  }
+}
+
+struct WsgidModuleHandlers {
+  handle: Handle,
+  global_wsgi_process_pool: Option<Arc<PreforkedProcessPool>>,
+  global_wsgi_path: Option<String>,
+  host_wsgi_process_pools: Arc<Vec<WsgidApplicationWrap>>,
+}
+
+#[async_trait]
+impl ServerModuleHandlers for WsgidModuleHandlers {
+  async fn request_handler(
+    &mut self,
+    request: RequestData,
+    config: &ServerConfig,
+    socket_data: &SocketData,
+    error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    WithRuntime::new(self.handle.clone(), async move {
+      let hyper_request = request.get_hyper_request();
+
+      // Use .take() instead of .clone(), since the values in Options will only be used once.
+      let mut wsgi_process_pool = self.global_wsgi_process_pool.take();
+      let mut wsgi_path = self.global_wsgi_path.take();
+
+      // Should have used a HashMap instead of iterating over an array for better performance...
+      for host_wsgi_process_pool_wrap in self.host_wsgi_process_pools.iter() {
+        if match_hostname(
+          match &host_wsgi_process_pool_wrap.domain {
+            Some(value) => Some(value as &str),
+            None => None,
+          },
+          match hyper_request.headers().get(header::HOST) {
+            Some(value) => value.to_str().ok(),
+            None => None,
+          },
+        ) && match &host_wsgi_process_pool_wrap.ip {
+          Some(value) => ip_match(value as &str, socket_data.remote_addr.ip()),
+          None => true,
+        } {
+          wsgi_process_pool = host_wsgi_process_pool_wrap.wsgi_process_pool.clone();
+          wsgi_path = host_wsgi_process_pool_wrap.wsgi_path.clone();
+          if let Ok(path_decoded) = urlencoding::decode(
+            request
+              .get_original_url()
+              .unwrap_or(request.get_hyper_request().uri())
+              .path(),
+          ) {
+            for location_wrap in host_wsgi_process_pool_wrap.locations.iter() {
+              if match_location(&location_wrap.path, &path_decoded) {
+                wsgi_process_pool = Some(location_wrap.wsgi_process_pool.clone());
+                wsgi_path = location_wrap.wsgi_path.clone();
+                break;
+              }
+            }
+          }
+          break;
+        }
+      }
+
+      let request_path = hyper_request.uri().path();
+      let mut request_path_bytes = request_path.bytes();
+      if request_path_bytes.len() < 1 || request_path_bytes.nth(0) != Some(b'/') {
+        return Ok(
+          ResponseData::builder(request)
+            .status(StatusCode::BAD_REQUEST)
+            .build(),
+        );
+      }
+
+      if let Some(wsgi_process_pool) = wsgi_process_pool {
+        let wsgi_path = wsgi_path.unwrap_or("/".to_string());
+        let mut canonical_wsgi_path: &str = &wsgi_path;
+        if canonical_wsgi_path.bytes().last() == Some(b'/') {
+          canonical_wsgi_path = &canonical_wsgi_path[..(canonical_wsgi_path.len() - 1)];
+        }
+
+        let request_path_with_slashes = match request_path == canonical_wsgi_path {
+          true => format!("{}/", request_path),
+          false => request_path.to_string(),
+        };
+        if let Some(stripped_request_path) =
+          request_path_with_slashes.strip_prefix(canonical_wsgi_path)
+        {
+          let wwwroot_yaml = &config["wwwroot"];
+          let wwwroot = wwwroot_yaml.as_str().unwrap_or("/nonexistent");
+
+          let wwwroot_unknown = PathBuf::from(wwwroot);
+          let wwwroot_pathbuf = match wwwroot_unknown.as_path().is_absolute() {
+            true => wwwroot_unknown,
+            false => match fs::canonicalize(&wwwroot_unknown).await {
+              Ok(pathbuf) => pathbuf,
+              Err(_) => wwwroot_unknown,
+            },
+          };
+          let wwwroot = wwwroot_pathbuf.as_path();
+
+          let mut relative_path = &request_path[1..];
+          while relative_path.as_bytes().first().copied() == Some(b'/') {
+            relative_path = &relative_path[1..];
+          }
+
+          let decoded_relative_path = match urlencoding::decode(relative_path) {
+            Ok(path) => path.to_string(),
+            Err(_) => {
+              return Ok(
+                ResponseData::builder(request)
+                  .status(StatusCode::BAD_REQUEST)
+                  .build(),
+              );
+            }
+          };
+
+          let joined_pathbuf = wwwroot.join(decoded_relative_path);
+          let execute_pathbuf = joined_pathbuf;
+          let execute_path_info = stripped_request_path
+            .strip_prefix("/")
+            .map(|s| s.to_string());
+
+          return execute_wsgi_with_environment_variables(
+            request,
+            socket_data,
+            error_logger,
+            wwwroot,
+            execute_pathbuf,
+            execute_path_info,
+            config["serverAdministratorEmail"].as_str(),
+            wsgi_process_pool,
+          )
+          .await;
+        }
+      }
+      Ok(ResponseData::builder(request).build())
+    })
+    .await
+  }
+
+  async fn proxy_request_handler(
+    &mut self,
+    request: RequestData,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+    Ok(ResponseData::builder(request).build())
+  }
+
+  async fn response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn proxy_response_modifying_handler(
+    &mut self,
+    response: HyperResponse,
+  ) -> Result<HyperResponse, Box<dyn Error + Send + Sync>> {
+    Ok(response)
+  }
+
+  async fn connect_proxy_request_handler(
+    &mut self,
+    _upgraded_request: HyperUpgraded,
+    _connect_address: &str,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_connect_proxy_requests(&mut self) -> bool {
+    false
+  }
+
+  async fn websocket_request_handler(
+    &mut self,
+    _websocket: HyperWebsocket,
+    _uri: &hyper::Uri,
+    _config: &ServerConfig,
+    _socket_data: &SocketData,
+    _error_logger: &ErrorLogger,
+  ) -> Result<(), Box<dyn Error + Send + Sync>> {
+    Ok(())
+  }
+
+  fn does_websocket_requests(&mut self, _config: &ServerConfig, _socket_data: &SocketData) -> bool {
+    false
+  }
+}
+
+struct ResponseHeadHyper {
+  status: StatusCode,
+  headers: Option<HeaderMap>,
+}
+
+impl ResponseHeadHyper {
+  fn new() -> Self {
+    Self {
+      status: StatusCode::OK,
+      headers: None,
+    }
+  }
+}
+
+#[allow(clippy::too_many_arguments)]
+async fn execute_wsgi_with_environment_variables(
+  request: RequestData,
+  socket_data: &SocketData,
+  error_logger: &ErrorLogger,
+  wwwroot: &Path,
+  execute_pathbuf: PathBuf,
+  path_info: Option<String>,
+  server_administrator_email: Option<&str>,
+  wsgi_process_pool: Arc<PreforkedProcessPool>,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let mut environment_variables: LinkedHashMap<String, String> = LinkedHashMap::new();
+
+  let hyper_request = request.get_hyper_request();
+  let original_request_uri = request.get_original_url().unwrap_or(hyper_request.uri());
+
+  if let Some(auth_user) = request.get_auth_user() {
+    if let Some(authorization) = hyper_request.headers().get(header::AUTHORIZATION) {
+      let authorization_value = String::from_utf8_lossy(authorization.as_bytes()).to_string();
+      let mut authorization_value_split = authorization_value.split(" ");
+      if let Some(authorization_type) = authorization_value_split.next() {
+        environment_variables.insert("AUTH_TYPE".to_string(), authorization_type.to_string());
+      }
+    }
+    environment_variables.insert("REMOTE_USER".to_string(), auth_user.to_string());
+  }
+
+  environment_variables.insert(
+    "QUERY_STRING".to_string(),
+    match hyper_request.uri().query() {
+      Some(query) => query.to_string(),
+      None => "".to_string(),
+    },
+  );
+
+  environment_variables.insert("SERVER_SOFTWARE".to_string(), SERVER_SOFTWARE.to_string());
+  environment_variables.insert(
+    "SERVER_PROTOCOL".to_string(),
+    match hyper_request.version() {
+      hyper::Version::HTTP_09 => "HTTP/0.9".to_string(),
+      hyper::Version::HTTP_10 => "HTTP/1.0".to_string(),
+      hyper::Version::HTTP_11 => "HTTP/1.1".to_string(),
+      hyper::Version::HTTP_2 => "HTTP/2.0".to_string(),
+      hyper::Version::HTTP_3 => "HTTP/3.0".to_string(),
+      _ => "HTTP/Unknown".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "SERVER_PORT".to_string(),
+    socket_data.local_addr.port().to_string(),
+  );
+  environment_variables.insert(
+    "SERVER_ADDR".to_string(),
+    socket_data.local_addr.ip().to_canonical().to_string(),
+  );
+  if let Some(server_administrator_email) = server_administrator_email {
+    environment_variables.insert(
+      "SERVER_ADMIN".to_string(),
+      server_administrator_email.to_string(),
+    );
+  }
+  if let Some(host) = hyper_request.headers().get(header::HOST) {
+    environment_variables.insert(
+      "SERVER_NAME".to_string(),
+      String::from_utf8_lossy(host.as_bytes()).to_string(),
+    );
+  }
+
+  environment_variables.insert(
+    "DOCUMENT_ROOT".to_string(),
+    wwwroot.to_string_lossy().to_string(),
+  );
+  environment_variables.insert(
+    "PATH_INFO".to_string(),
+    match &path_info {
+      Some(path_info) => format!("/{}", path_info),
+      None => "".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "PATH_TRANSLATED".to_string(),
+    match &path_info {
+      Some(path_info) => {
+        let mut path_translated = execute_pathbuf.clone();
+        path_translated.push(path_info);
+        path_translated.to_string_lossy().to_string()
+      }
+      None => "".to_string(),
+    },
+  );
+  environment_variables.insert(
+    "REQUEST_METHOD".to_string(),
+    hyper_request.method().to_string(),
+  );
+  environment_variables.insert("GATEWAY_INTERFACE".to_string(), "CGI/1.1".to_string());
+  environment_variables.insert(
+    "REQUEST_URI".to_string(),
+    format!(
+      "{}{}",
+      original_request_uri.path(),
+      match original_request_uri.query() {
+        Some(query) => format!("?{}", query),
+        None => String::from(""),
+      }
+    ),
+  );
+
+  environment_variables.insert(
+    "REMOTE_PORT".to_string(),
+    socket_data.remote_addr.port().to_string(),
+  );
+  environment_variables.insert(
+    "REMOTE_ADDR".to_string(),
+    socket_data.remote_addr.ip().to_canonical().to_string(),
+  );
+
+  environment_variables.insert(
+    "SCRIPT_FILENAME".to_string(),
+    execute_pathbuf.to_string_lossy().to_string(),
+  );
+  if let Ok(script_path) = execute_pathbuf.as_path().strip_prefix(wwwroot) {
+    environment_variables.insert(
+      "SCRIPT_NAME".to_string(),
+      format!(
+        "/{}",
+        match cfg!(windows) {
+          true => script_path.to_string_lossy().to_string().replace("\\", "/"),
+          false => script_path.to_string_lossy().to_string(),
+        }
+      ),
+    );
+  }
+
+  if socket_data.encrypted {
+    environment_variables.insert("HTTPS".to_string(), "ON".to_string());
+  }
+
+  let mut content_length_set = false;
+  for (header_name, header_value) in hyper_request.headers().iter() {
+    let env_header_name = match *header_name {
+      header::CONTENT_LENGTH => {
+        content_length_set = true;
+        "CONTENT_LENGTH".to_string()
+      }
+      header::CONTENT_TYPE => "CONTENT_TYPE".to_string(),
+      _ => {
+        let mut result = String::new();
+
+        result.push_str("HTTP_");
+
+        for c in header_name.as_str().to_uppercase().chars() {
+          if c.is_alphanumeric() {
+            result.push(c);
+          } else {
+            result.push('_');
+          }
+        }
+
+        result
+      }
+    };
+    if environment_variables.contains_key(&env_header_name) {
+      let value = environment_variables.get_mut(&env_header_name);
+      if let Some(value) = value {
+        if env_header_name == "HTTP_COOKIE" {
+          value.push_str("; ");
+        } else {
+          // See https://stackoverflow.com/a/1801191
+          value.push_str(", ");
+        }
+        value.push_str(String::from_utf8_lossy(header_value.as_bytes()).as_ref());
+      } else {
+        environment_variables.insert(
+          env_header_name,
+          String::from_utf8_lossy(header_value.as_bytes()).to_string(),
+        );
+      }
+    } else {
+      environment_variables.insert(
+        env_header_name,
+        String::from_utf8_lossy(header_value.as_bytes()).to_string(),
+      );
+    }
+  }
+
+  if !content_length_set {
+    environment_variables.insert("CONTENT_LENGTH".to_string(), "0".to_string());
+  }
+
+  let (hyper_request, _, _) = request.into_parts();
+
+  execute_wsgi(
+    hyper_request,
+    error_logger,
+    wsgi_process_pool,
+    environment_variables,
+  )
+  .await
+}
+
+async fn execute_wsgi(
+  hyper_request: HyperRequest,
+  error_logger: &ErrorLogger,
+  wsgi_process_pool: Arc<PreforkedProcessPool>,
+  environment_variables: LinkedHashMap<String, String>,
+) -> Result<ResponseData, Box<dyn Error + Send + Sync>> {
+  let ipc_mutex = wsgi_process_pool
+    .obtain_process_with_init_async_ipc()
+    .await?;
+  let (_, body) = hyper_request.into_parts();
+  let mut body_stream = body.into_data_stream().map_err(std::io::Error::other);
+  let application_id = {
+    let (tx, rx) = &mut *ipc_mutex.lock().await;
+    write_ipc_message_async(
+      tx,
+      &postcard::to_allocvec(&ServerToProcessPoolMessage {
+        application_id: None,
+        environment_variables: Some(environment_variables),
+        body_chunk: None,
+        body_error_message: None,
+        requests_body_chunk: false,
+      })?,
+    )
+    .await?;
+
+    let application_id;
+    loop {
+      let received_message =
+        postcard::from_bytes::<ProcessPoolToServerMessage>(&read_ipc_message_async(rx).await?)?;
+
+      if let Some(error_message) = received_message.error_message {
+        Err(anyhow::anyhow!(error_message))?
+      }
+
+      if let Some(application_id_obtained) = received_message.application_id {
+        application_id = application_id_obtained;
+        break;
+      }
+
+      if let Some(error_log_line) = received_message.error_log_line {
+        error_logger.log(&error_log_line).await;
+      } else if received_message.requests_body_chunk {
+        let body_chunk;
+        let body_error_message;
+        match body_stream.next().await {
+          None => {
+            body_chunk = None;
+            body_error_message = None;
+          }
+          Some(Err(err)) => {
+            body_chunk = None;
+            body_error_message = Some(err.to_string());
+          }
+          Some(Ok(chunk)) => {
+            body_chunk = Some(chunk.to_vec());
+            body_error_message = None;
+          }
+        };
+        write_ipc_message_async(
+          tx,
+          &postcard::to_allocvec(&ServerToProcessPoolMessage {
+            application_id: None,
+            environment_variables: None,
+            body_chunk,
+            body_error_message,
+            requests_body_chunk: false,
+          })?,
+        )
+        .await?;
+      }
+    }
+
+    application_id
+  };
+
+  let wsgi_head = Arc::new(Mutex::new(ResponseHeadHyper::new()));
+  let wsgi_head_clone = wsgi_head.clone();
+  let error_logger_arc = Arc::new(error_logger.clone());
+  let body_stream_mutex = Arc::new(Mutex::new(body_stream));
+  let mut response_stream = futures_util::stream::unfold(ipc_mutex, move |ipc_mutex| {
+    let wsgi_head_clone = wsgi_head_clone.clone();
+    let error_logger_arc_clone = error_logger_arc.clone();
+    let body_stream_mutex_clone = body_stream_mutex.clone();
+    Box::pin(async move {
+      let ipc_mutex_borrowed = &ipc_mutex;
+      let chunk_result: Result<Option<Bytes>, Box<dyn Error + Send + Sync>> = async {
+        let (tx, rx) = &mut *ipc_mutex_borrowed.lock().await;
+        write_ipc_message_async(
+          tx,
+          &postcard::to_allocvec(&ServerToProcessPoolMessage {
+            application_id: Some(application_id),
+            environment_variables: None,
+            body_chunk: None,
+            body_error_message: None,
+            requests_body_chunk: true,
+          })?,
+        )
+        .await?;
+
+        loop {
+          let received_message =
+            postcard::from_bytes::<ProcessPoolToServerMessage>(&read_ipc_message_async(rx).await?)?;
+
+          if let Some(error_message) = received_message.error_message {
+            Err(anyhow::anyhow!(error_message))?
+          } else if let Some(body_chunk) = received_message.body_chunk {
+            if let Some(status_code) = received_message.status_code {
+              let mut wsgi_head_locked = wsgi_head_clone.lock().await;
+              wsgi_head_locked.status = StatusCode::from_u16(status_code)?;
+              if let Some(headers) = received_message.headers {
+                let mut header_map = HeaderMap::new();
+                for (key, value) in headers {
+                  for value in value {
+                    header_map.append(
+                      HeaderName::from_str(&key)?,
+                      HeaderValue::from_bytes(value.as_bytes())?,
+                    );
+                  }
+                }
+                wsgi_head_locked.headers = Some(header_map);
+              }
+            }
+            return Ok(Some(Bytes::from(body_chunk)));
+          } else if let Some(error_log_line) = received_message.error_log_line {
+            error_logger_arc_clone.log(&error_log_line).await;
+          } else if received_message.requests_body_chunk {
+            let body_chunk;
+            let body_error_message;
+            match body_stream_mutex_clone.lock().await.next().await {
+              None => {
+                body_chunk = None;
+                body_error_message = None;
+              }
+              Some(Err(err)) => {
+                body_chunk = None;
+                body_error_message = Some(err.to_string());
+              }
+              Some(Ok(chunk)) => {
+                body_chunk = Some(chunk.to_vec());
+                body_error_message = None;
+              }
+            };
+            write_ipc_message_async(
+              tx,
+              &postcard::to_allocvec(&ServerToProcessPoolMessage {
+                application_id: None,
+                environment_variables: None,
+                body_chunk,
+                body_error_message,
+                requests_body_chunk: false,
+              })?,
+            )
+            .await?;
+          } else {
+            return Ok(None);
+          }
+        }
+      }
+      .await;
+
+      match chunk_result {
+        Err(error) => Some((Err(std::io::Error::other(error.to_string())), ipc_mutex)),
+        Ok(None) => None,
+        Ok(Some(chunk)) => Some((Ok(chunk), ipc_mutex)),
+      }
+    })
+  });
+
+  let first_chunk = response_stream.next().await;
+  let response_body = if let Some(Err(first_chunk_error)) = first_chunk {
+    Err(first_chunk_error)?
+  } else if let Some(Ok(first_chunk)) = first_chunk {
+    let response_stream_first_item = futures_util::stream::once(async move { Ok(first_chunk) });
+    let response_stream_combined = response_stream_first_item.chain(response_stream);
+    let stream_body = StreamBody::new(response_stream_combined.map_ok(Frame::data));
+
+    BodyExt::boxed(stream_body)
+  } else {
+    BodyExt::boxed(Empty::new().map_err(|e| match e {}))
+  };
+
+  let mut wsgi_head_locked = wsgi_head.lock().await;
+  let mut hyper_response = Response::new(response_body);
+  *hyper_response.status_mut() = wsgi_head_locked.status;
+  if let Some(headers) = wsgi_head_locked.headers.take() {
+    *hyper_response.headers_mut() = headers;
+  }
+
+  Ok(
+    ResponseData::builder_without_request()
+      .response(hyper_response)
+      .build(),
+  )
+}

ferron/src/request_handler.rs

@@ -0,0 +1,2211 @@
+use std::convert::Infallible;
+use std::net::{IpAddr, SocketAddr};
+use std::str::FromStr;
+use std::sync::Arc;
+use std::time::Duration;
+
+use crate::ferron_res::server_software::SERVER_SOFTWARE;
+use crate::ferron_util::combine_config::combine_config;
+use crate::ferron_util::error_pages::generate_default_error_page;
+use crate::ferron_util::url_sanitizer::sanitize_url;
+
+use crate::ferron_common::{
+  ErrorLogger, LogMessage, RequestData, ServerModuleHandlers, SocketData,
+};
+use async_channel::Sender;
+use chrono::prelude::*;
+use futures_util::TryStreamExt;
+use http::header::CONTENT_TYPE;
+use http_body_util::combinators::BoxBody;
+use http_body_util::{BodyExt, Empty, Full, StreamBody};
+use hyper::body::{Body, Bytes, Frame};
+use hyper::header::{self, HeaderName, HeaderValue};
+use hyper::{HeaderMap, Method, Request, Response, StatusCode};
+use hyper_tungstenite::is_upgrade_request;
+use rustls_acme::ResolvesServerCertAcme;
+use tokio::fs;
+use tokio::io::BufReader;
+use tokio::time::timeout;
+use tokio_util::io::ReaderStream;
+use yaml_rust2::Yaml;
+
+async fn generate_error_response(
+  status_code: StatusCode,
+  config: &Yaml,
+  headers: &Option<HeaderMap>,
+) -> Response<BoxBody<Bytes, std::io::Error>> {
+  let bare_body =
+    generate_default_error_page(status_code, config["serverAdministratorEmail"].as_str());
+  let mut content_length: Option<u64> = bare_body.len().try_into().ok();
+  let mut response_body = Full::new(Bytes::from(bare_body))
+    .map_err(|e| match e {})
+    .boxed();
+
+  if let Some(error_pages) = config["errorPages"].as_vec() {
+    for error_page_yaml in error_pages {
+      if let Some(page_status_code) = error_page_yaml["scode"].as_i64() {
+        let page_status_code = match StatusCode::from_u16(match page_status_code.try_into() {
+          Ok(status_code) => status_code,
+          Err(_) => continue,
+        }) {
+          Ok(status_code) => status_code,
+          Err(_) => continue,
+        };
+        if status_code != page_status_code {
+          continue;
+        }
+        if let Some(page_path) = error_page_yaml["path"].as_str() {
+          let file = fs::File::open(page_path).await;
+
+          let file = match file {
+            Ok(file) => file,
+            Err(_) => continue,
+          };
+
+          content_length = match file.metadata().await {
+            Ok(metadata) => Some(metadata.len()),
+            Err(_) => None,
+          };
+
+          // Use BufReader for better performance.
+          let reader_stream = ReaderStream::new(BufReader::with_capacity(12800, file));
+
+          let stream_body = StreamBody::new(reader_stream.map_ok(Frame::data));
+          let boxed_body = stream_body.boxed();
+
+          response_body = boxed_body;
+
+          break;
+        }
+      }
+    }
+  }
+
+  let mut response_builder = Response::builder().status(status_code);
+
+  if let Some(headers) = headers {
+    let headers_iter = headers.iter();
+    for (name, value) in headers_iter {
+      if name != header::CONTENT_TYPE && name != header::CONTENT_LENGTH {
+        response_builder = response_builder.header(name, value);
+      }
+    }
+  }
+
+  if let Some(content_length) = content_length {
+    response_builder = response_builder.header(header::CONTENT_LENGTH, content_length);
+  }
+  response_builder = response_builder.header(header::CONTENT_TYPE, "text/html");
+
+  response_builder.body(response_body).unwrap_or_default()
+}
+
+#[allow(clippy::too_many_arguments)]
+async fn log_combined(
+  logger: &Sender<LogMessage>,
+  client_ip: IpAddr,
+  auth_user: Option<String>,
+  method: String,
+  request_path: String,
+  protocol: String,
+  status_code: u16,
+  content_length: Option<u64>,
+  referrer: Option<String>,
+  user_agent: Option<String>,
+) {
+  let now: DateTime<Local> = Local::now();
+  let formatted_time = now.format("%d/%b/%Y:%H:%M:%S %z").to_string();
+  logger
+    .send(LogMessage::new(
+      format!(
+        "{} - {} [{}] \"{} {} {}\" {} {} {} {}",
+        client_ip,
+        match auth_user {
+          Some(auth_user) => auth_user,
+          None => String::from("-"),
+        },
+        formatted_time,
+        method,
+        request_path,
+        protocol,
+        status_code,
+        match content_length {
+          Some(content_length) => format!("{}", content_length),
+          None => String::from("-"),
+        },
+        match referrer {
+          Some(referrer) => format!(
+            "\"{}\"",
+            referrer.replace("\\", "\\\\").replace("\"", "\\\"")
+          ),
+          None => String::from("-"),
+        },
+        match user_agent {
+          Some(user_agent) => format!(
+            "\"{}\"",
+            user_agent.replace("\\", "\\\\").replace("\"", "\\\"")
+          ),
+          None => String::from("-"),
+        },
+      ),
+      false,
+    ))
+    .await
+    .unwrap_or_default();
+}
+
+#[allow(clippy::too_many_arguments)]
+async fn request_handler_wrapped(
+  mut request: Request<BoxBody<Bytes, std::io::Error>>,
+  remote_address: SocketAddr,
+  local_address: SocketAddr,
+  encrypted: bool,
+  config: Arc<Yaml>,
+  logger: Sender<LogMessage>,
+  handlers_vec: Vec<Box<dyn ServerModuleHandlers + Send>>,
+  acme_http01_resolver_option: Option<Arc<ResolvesServerCertAcme>>,
+  http3_alt_port: Option<u16>,
+) -> Result<Response<BoxBody<Bytes, std::io::Error>>, Infallible> {
+  let is_proxy_request = match request.version() {
+    hyper::Version::HTTP_2 | hyper::Version::HTTP_3 => {
+      request.method() == hyper::Method::CONNECT && request.uri().host().is_some()
+    }
+    _ => request.uri().host().is_some(),
+  };
+  let is_connect_proxy_request = request.method() == hyper::Method::CONNECT;
+
+  // Collect request data for logging
+  let log_method = String::from(request.method().as_str());
+  let log_request_path = match is_proxy_request {
+    true => request.uri().to_string(),
+    false => format!(
+      "{}{}",
+      request.uri().path(),
+      match request.uri().query() {
+        Some(query) => format!("?{}", query),
+        None => String::from(""),
+      }
+    ),
+  };
+  let log_protocol = String::from(match request.version() {
+    hyper::Version::HTTP_09 => "HTTP/0.9",
+    hyper::Version::HTTP_10 => "HTTP/1.0",
+    hyper::Version::HTTP_11 => "HTTP/1.1",
+    hyper::Version::HTTP_2 => "HTTP/2.0",
+    hyper::Version::HTTP_3 => "HTTP/3.0",
+    _ => "HTTP/Unknown",
+  });
+  let log_referrer = match request.headers().get(header::REFERER) {
+    Some(header_value) => match header_value.to_str() {
+      Ok(header_value) => Some(String::from(header_value)),
+      Err(_) => None,
+    },
+    None => None,
+  };
+  let log_user_agent = match request.headers().get(header::USER_AGENT) {
+    Some(header_value) => match header_value.to_str() {
+      Ok(header_value) => Some(String::from(header_value)),
+      Err(_) => None,
+    },
+    None => None,
+  };
+  let log_enabled = config["global"]["logFilePath"].as_str().is_some();
+  let error_log_enabled = config["global"]["errorLogFilePath"].as_str().is_some();
+
+  // Construct SocketData
+  let mut socket_data = SocketData::new(remote_address, local_address, encrypted);
+
+  match request.version() {
+    hyper::Version::HTTP_2 | hyper::Version::HTTP_3 => {
+      // Set "Host" request header for HTTP/2 and HTTP/3 connections
+      if let Some(authority) = request.uri().authority() {
+        let authority = authority.to_owned();
+        let headers = request.headers_mut();
+        if !headers.contains_key(header::HOST) {
+          if let Ok(authority_value) = HeaderValue::from_bytes(authority.as_str().as_bytes()) {
+            headers.append(header::HOST, authority_value);
+          }
+        }
+      }
+
+      // Normalize the Cookie header for HTTP/2 and HTTP/3
+      let mut cookie_normalized = String::new();
+      let mut cookie_set = false;
+      let headers = request.headers_mut();
+      for cookie in headers.get_all(header::COOKIE) {
+        if let Ok(cookie) = cookie.to_str() {
+          if cookie_set {
+            cookie_normalized.push_str("; ");
+          }
+          cookie_set = true;
+          cookie_normalized.push_str(cookie);
+        }
+      }
+      if cookie_set {
+        if let Ok(cookie_value) = HeaderValue::from_bytes(cookie_normalized.as_bytes()) {
+          headers.insert(header::COOKIE, cookie_value);
+        }
+      }
+    }
+    _ => (),
+  }
+
+  let host_header_option = request.headers().get(header::HOST);
+  if let Some(header_data) = host_header_option {
+    match header_data.to_str() {
+      Ok(host_header) => {
+        let host_header_lower_case = host_header.to_lowercase();
+        if host_header_lower_case != *host_header {
+          let host_header_value = match HeaderValue::from_str(&host_header_lower_case) {
+            Ok(host_header_value) => host_header_value,
+            Err(err) => {
+              if error_log_enabled {
+                logger
+                  .send(LogMessage::new(
+                    format!("Host header sanitation error: {}", err),
+                    true,
+                  ))
+                  .await
+                  .unwrap_or_default();
+              }
+              let response = Response::builder()
+                .status(StatusCode::BAD_REQUEST)
+                .header(header::CONTENT_TYPE, "text/html")
+                .body(
+                  Full::new(Bytes::from(generate_default_error_page(
+                    StatusCode::BAD_REQUEST,
+                    None,
+                  )))
+                  .map_err(|e| match e {})
+                  .boxed(),
+                )
+                .unwrap_or_default();
+
+              if log_enabled {
+                log_combined(
+                  &logger,
+                  socket_data.remote_addr.ip(),
+                  None,
+                  log_method,
+                  log_request_path,
+                  log_protocol,
+                  response.status().as_u16(),
+                  match response.headers().get(header::CONTENT_LENGTH) {
+                    Some(header_value) => match header_value.to_str() {
+                      Ok(header_value) => match header_value.parse::<u64>() {
+                        Ok(content_length) => Some(content_length),
+                        Err(_) => response.body().size_hint().exact(),
+                      },
+                      Err(_) => response.body().size_hint().exact(),
+                    },
+                    None => response.body().size_hint().exact(),
+                  },
+                  log_referrer,
+                  log_user_agent,
+                )
+                .await;
+              }
+              let (mut response_parts, response_body) = response.into_parts();
+              if let Some(http3_alt_port) = http3_alt_port {
+                if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+                  Some(value) => HeaderValue::from_bytes(
+                    format!(
+                      "{}, h3=\":{}\", h3-29=\":{}\"",
+                      String::from_utf8_lossy(value.as_bytes()),
+                      http3_alt_port,
+                      http3_alt_port
+                    )
+                    .as_bytes(),
+                  ),
+                  None => HeaderValue::from_bytes(
+                    format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+                  ),
+                } {
+                  response_parts.headers.insert(header::ALT_SVC, header_value);
+                }
+              }
+              response_parts
+                .headers
+                .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+              return Ok(Response::from_parts(response_parts, response_body));
+            }
+          };
+
+          request
+            .headers_mut()
+            .insert(header::HOST, host_header_value);
+        }
+      }
+      Err(err) => {
+        if error_log_enabled {
+          logger
+            .send(LogMessage::new(
+              format!("Host header sanitation error: {}", err),
+              true,
+            ))
+            .await
+            .unwrap_or_default();
+        }
+        let response = Response::builder()
+          .status(StatusCode::BAD_REQUEST)
+          .header(header::CONTENT_TYPE, "text/html")
+          .body(
+            Full::new(Bytes::from(generate_default_error_page(
+              StatusCode::BAD_REQUEST,
+              None,
+            )))
+            .map_err(|e| match e {})
+            .boxed(),
+          )
+          .unwrap_or_default();
+        if log_enabled {
+          log_combined(
+            &logger,
+            socket_data.remote_addr.ip(),
+            None,
+            log_method,
+            log_request_path,
+            log_protocol,
+            response.status().as_u16(),
+            match response.headers().get(header::CONTENT_LENGTH) {
+              Some(header_value) => match header_value.to_str() {
+                Ok(header_value) => match header_value.parse::<u64>() {
+                  Ok(content_length) => Some(content_length),
+                  Err(_) => response.body().size_hint().exact(),
+                },
+                Err(_) => response.body().size_hint().exact(),
+              },
+              None => response.body().size_hint().exact(),
+            },
+            log_referrer,
+            log_user_agent,
+          )
+          .await;
+        }
+        let (mut response_parts, response_body) = response.into_parts();
+        if let Some(http3_alt_port) = http3_alt_port {
+          if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+            Some(value) => HeaderValue::from_bytes(
+              format!(
+                "{}, h3=\":{}\", h3-29=\":{}\"",
+                String::from_utf8_lossy(value.as_bytes()),
+                http3_alt_port,
+                http3_alt_port
+              )
+              .as_bytes(),
+            ),
+            None => HeaderValue::from_bytes(
+              format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+            ),
+          } {
+            response_parts.headers.insert(header::ALT_SVC, header_value);
+          }
+        }
+        response_parts
+          .headers
+          .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+        return Ok(Response::from_parts(response_parts, response_body));
+      }
+    }
+  };
+
+  // Combine the server configuration
+  let combined_config = match combine_config(
+    config,
+    match is_proxy_request || is_connect_proxy_request {
+      false => match request.headers().get(header::HOST) {
+        Some(value) => value.to_str().ok(),
+        None => None,
+      },
+      true => None,
+    },
+    local_address.ip(),
+    request.uri().path(),
+  ) {
+    Some(config) => config,
+    None => {
+      if error_log_enabled {
+        logger
+          .send(LogMessage::new(
+            String::from("Cannot determine server configuration"),
+            true,
+          ))
+          .await
+          .unwrap_or_default();
+      }
+      let response = Response::builder()
+        .status(StatusCode::INTERNAL_SERVER_ERROR)
+        .header(header::CONTENT_TYPE, "text/html")
+        .body(
+          Full::new(Bytes::from(generate_default_error_page(
+            StatusCode::INTERNAL_SERVER_ERROR,
+            None,
+          )))
+          .map_err(|e| match e {})
+          .boxed(),
+        )
+        .unwrap_or_default();
+      if log_enabled {
+        log_combined(
+          &logger,
+          socket_data.remote_addr.ip(),
+          None,
+          log_method,
+          log_request_path,
+          log_protocol,
+          response.status().as_u16(),
+          match response.headers().get(header::CONTENT_LENGTH) {
+            Some(header_value) => match header_value.to_str() {
+              Ok(header_value) => match header_value.parse::<u64>() {
+                Ok(content_length) => Some(content_length),
+                Err(_) => response.body().size_hint().exact(),
+              },
+              Err(_) => response.body().size_hint().exact(),
+            },
+            None => response.body().size_hint().exact(),
+          },
+          log_referrer,
+          log_user_agent,
+        )
+        .await;
+      }
+      let (mut response_parts, response_body) = response.into_parts();
+      if let Some(http3_alt_port) = http3_alt_port {
+        if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+          Some(value) => HeaderValue::from_bytes(
+            format!(
+              "{}, h3=\":{}\", h3-29=\":{}\"",
+              String::from_utf8_lossy(value.as_bytes()),
+              http3_alt_port,
+              http3_alt_port
+            )
+            .as_bytes(),
+          ),
+          None => HeaderValue::from_bytes(
+            format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+          ),
+        } {
+          response_parts.headers.insert(header::ALT_SVC, header_value);
+        }
+      }
+      response_parts
+        .headers
+        .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+      return Ok(Response::from_parts(response_parts, response_body));
+    }
+  };
+
+  let url_pathname = request.uri().path();
+  let sanitized_url_pathname = match sanitize_url(
+    url_pathname,
+    combined_config["allowDoubleSlashes"]
+      .as_bool()
+      .unwrap_or_default(),
+  ) {
+    Ok(sanitized_url) => sanitized_url,
+    Err(err) => {
+      if error_log_enabled {
+        logger
+          .send(LogMessage::new(
+            format!("URL sanitation error: {}", err),
+            true,
+          ))
+          .await
+          .unwrap_or_default();
+      }
+      let response =
+        generate_error_response(StatusCode::BAD_REQUEST, &combined_config, &None).await;
+      if log_enabled {
+        log_combined(
+          &logger,
+          socket_data.remote_addr.ip(),
+          None,
+          log_method,
+          log_request_path,
+          log_protocol,
+          response.status().as_u16(),
+          match response.headers().get(header::CONTENT_LENGTH) {
+            Some(header_value) => match header_value.to_str() {
+              Ok(header_value) => match header_value.parse::<u64>() {
+                Ok(content_length) => Some(content_length),
+                Err(_) => response.body().size_hint().exact(),
+              },
+              Err(_) => response.body().size_hint().exact(),
+            },
+            None => response.body().size_hint().exact(),
+          },
+          log_referrer,
+          log_user_agent,
+        )
+        .await;
+      }
+      let (mut response_parts, response_body) = response.into_parts();
+      if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+        let custom_headers_hash_iter = custom_headers_hash.iter();
+        for (header_name, header_value) in custom_headers_hash_iter {
+          if let Some(header_name) = header_name.as_str() {
+            if let Some(header_value) = header_value.as_str() {
+              if !response_parts.headers.contains_key(header_name) {
+                if let Ok(header_value) =
+                  HeaderValue::from_str(&header_value.replace("{path}", url_pathname))
+                {
+                  if let Ok(header_name) = HeaderName::from_str(header_name) {
+                    response_parts.headers.insert(header_name, header_value);
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+      if let Some(http3_alt_port) = http3_alt_port {
+        if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+          Some(value) => HeaderValue::from_bytes(
+            format!(
+              "{}, h3=\":{}\", h3-29=\":{}\"",
+              String::from_utf8_lossy(value.as_bytes()),
+              http3_alt_port,
+              http3_alt_port
+            )
+            .as_bytes(),
+          ),
+          None => HeaderValue::from_bytes(
+            format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+          ),
+        } {
+          response_parts.headers.insert(header::ALT_SVC, header_value);
+        }
+      }
+      response_parts
+        .headers
+        .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+      return Ok(Response::from_parts(response_parts, response_body));
+    }
+  };
+
+  if sanitized_url_pathname != url_pathname {
+    let (mut parts, body) = request.into_parts();
+    let mut url_parts = parts.uri.into_parts();
+    url_parts.path_and_query = Some(
+      match format!(
+        "{}{}",
+        sanitized_url_pathname,
+        match url_parts.path_and_query {
+          Some(path_and_query) => {
+            match path_and_query.query() {
+              Some(query) => format!("?{}", query),
+              None => String::from(""),
+            }
+          }
+          None => String::from(""),
+        }
+      )
+      .parse()
+      {
+        Ok(path_and_query) => path_and_query,
+        Err(err) => {
+          if error_log_enabled {
+            logger
+              .send(LogMessage::new(
+                format!("URL sanitation error: {}", err),
+                true,
+              ))
+              .await
+              .unwrap_or_default();
+          }
+          let response =
+            generate_error_response(StatusCode::BAD_REQUEST, &combined_config, &None).await;
+          if log_enabled {
+            log_combined(
+              &logger,
+              socket_data.remote_addr.ip(),
+              None,
+              log_method,
+              log_request_path,
+              log_protocol,
+              response.status().as_u16(),
+              match response.headers().get(header::CONTENT_LENGTH) {
+                Some(header_value) => match header_value.to_str() {
+                  Ok(header_value) => match header_value.parse::<u64>() {
+                    Ok(content_length) => Some(content_length),
+                    Err(_) => response.body().size_hint().exact(),
+                  },
+                  Err(_) => response.body().size_hint().exact(),
+                },
+                None => response.body().size_hint().exact(),
+              },
+              log_referrer,
+              log_user_agent,
+            )
+            .await;
+          }
+          let (mut response_parts, response_body) = response.into_parts();
+          if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+            let custom_headers_hash_iter = custom_headers_hash.iter();
+            for (header_name, header_value) in custom_headers_hash_iter {
+              if let Some(header_name) = header_name.as_str() {
+                if let Some(header_value) = header_value.as_str() {
+                  if !response_parts.headers.contains_key(header_name) {
+                    if let Ok(header_value) = HeaderValue::from_str(
+                      &header_value.replace("{path}", &sanitized_url_pathname),
+                    ) {
+                      if let Ok(header_name) = HeaderName::from_str(header_name) {
+                        response_parts.headers.insert(header_name, header_value);
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
+          if let Some(http3_alt_port) = http3_alt_port {
+            if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+              Some(value) => HeaderValue::from_bytes(
+                format!(
+                  "{}, h3=\":{}\", h3-29=\":{}\"",
+                  String::from_utf8_lossy(value.as_bytes()),
+                  http3_alt_port,
+                  http3_alt_port
+                )
+                .as_bytes(),
+              ),
+              None => HeaderValue::from_bytes(
+                format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+              ),
+            } {
+              response_parts.headers.insert(header::ALT_SVC, header_value);
+            }
+          }
+          response_parts
+            .headers
+            .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+          return Ok(Response::from_parts(response_parts, response_body));
+        }
+      },
+    );
+    parts.uri = match hyper::Uri::from_parts(url_parts) {
+      Ok(uri) => uri,
+      Err(err) => {
+        if error_log_enabled {
+          logger
+            .send(LogMessage::new(
+              format!("URL sanitation error: {}", err),
+              true,
+            ))
+            .await
+            .unwrap_or_default();
+        }
+        let response =
+          generate_error_response(StatusCode::BAD_REQUEST, &combined_config, &None).await;
+        if log_enabled {
+          log_combined(
+            &logger,
+            socket_data.remote_addr.ip(),
+            None,
+            log_method,
+            log_request_path,
+            log_protocol,
+            response.status().as_u16(),
+            match response.headers().get(header::CONTENT_LENGTH) {
+              Some(header_value) => match header_value.to_str() {
+                Ok(header_value) => match header_value.parse::<u64>() {
+                  Ok(content_length) => Some(content_length),
+                  Err(_) => response.body().size_hint().exact(),
+                },
+                Err(_) => response.body().size_hint().exact(),
+              },
+              None => response.body().size_hint().exact(),
+            },
+            log_referrer,
+            log_user_agent,
+          )
+          .await;
+        }
+        let (mut response_parts, response_body) = response.into_parts();
+        if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+          let custom_headers_hash_iter = custom_headers_hash.iter();
+          for (header_name, header_value) in custom_headers_hash_iter {
+            if let Some(header_name) = header_name.as_str() {
+              if let Some(header_value) = header_value.as_str() {
+                if !response_parts.headers.contains_key(header_name) {
+                  if let Ok(header_value) =
+                    HeaderValue::from_str(&header_value.replace("{path}", &sanitized_url_pathname))
+                  {
+                    if let Ok(header_name) = HeaderName::from_str(header_name) {
+                      response_parts.headers.insert(header_name, header_value);
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+        if let Some(http3_alt_port) = http3_alt_port {
+          if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+            Some(value) => HeaderValue::from_bytes(
+              format!(
+                "{}, h3=\":{}\", h3-29=\":{}\"",
+                String::from_utf8_lossy(value.as_bytes()),
+                http3_alt_port,
+                http3_alt_port
+              )
+              .as_bytes(),
+            ),
+            None => HeaderValue::from_bytes(
+              format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+            ),
+          } {
+            response_parts.headers.insert(header::ALT_SVC, header_value);
+          }
+        }
+        response_parts
+          .headers
+          .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+        return Ok(Response::from_parts(response_parts, response_body));
+      }
+    };
+    request = Request::from_parts(parts, body);
+  }
+
+  if request.uri().path() == "*" {
+    let response = match request.method() {
+      &Method::OPTIONS => Response::builder()
+        .status(StatusCode::NO_CONTENT)
+        .header(header::ALLOW, "GET, POST, HEAD, OPTIONS")
+        .body(Empty::new().map_err(|e| match e {}).boxed())
+        .unwrap_or_default(),
+      _ => {
+        let mut header_map = HeaderMap::new();
+        if let Ok(header_value) = HeaderValue::from_str("GET, POST, HEAD, OPTIONS") {
+          header_map.insert(header::ALLOW, header_value);
+        };
+        generate_error_response(StatusCode::BAD_REQUEST, &combined_config, &Some(header_map)).await
+      }
+    };
+    if log_enabled {
+      log_combined(
+        &logger,
+        socket_data.remote_addr.ip(),
+        None,
+        log_method,
+        log_request_path,
+        log_protocol,
+        response.status().as_u16(),
+        match response.headers().get(header::CONTENT_LENGTH) {
+          Some(header_value) => match header_value.to_str() {
+            Ok(header_value) => match header_value.parse::<u64>() {
+              Ok(content_length) => Some(content_length),
+              Err(_) => response.body().size_hint().exact(),
+            },
+            Err(_) => response.body().size_hint().exact(),
+          },
+          None => response.body().size_hint().exact(),
+        },
+        log_referrer,
+        log_user_agent,
+      )
+      .await;
+    }
+    let (mut response_parts, response_body) = response.into_parts();
+    if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+      let custom_headers_hash_iter = custom_headers_hash.iter();
+      for (header_name, header_value) in custom_headers_hash_iter {
+        if let Some(header_name) = header_name.as_str() {
+          if let Some(header_value) = header_value.as_str() {
+            if !response_parts.headers.contains_key(header_name) {
+              if let Ok(header_value) =
+                HeaderValue::from_str(&header_value.replace("{path}", &sanitized_url_pathname))
+              {
+                if let Ok(header_name) = HeaderName::from_str(header_name) {
+                  response_parts.headers.insert(header_name, header_value);
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+    if let Some(http3_alt_port) = http3_alt_port {
+      if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+        Some(value) => HeaderValue::from_bytes(
+          format!(
+            "{}, h3=\":{}\", h3-29=\":{}\"",
+            String::from_utf8_lossy(value.as_bytes()),
+            http3_alt_port,
+            http3_alt_port
+          )
+          .as_bytes(),
+        ),
+        None => HeaderValue::from_bytes(
+          format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+        ),
+      } {
+        response_parts.headers.insert(header::ALT_SVC, header_value);
+      }
+    }
+    response_parts
+      .headers
+      .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+    return Ok(Response::from_parts(response_parts, response_body));
+  }
+
+  // HTTP-01 ACME challenge for automatic TLS
+  if let Some(acme_http01_resolver) = acme_http01_resolver_option {
+    if let Some(challenge_token) = request
+      .uri()
+      .path()
+      .strip_prefix("/.well-known/acme-challenge/")
+    {
+      if let Some(acme_response) = acme_http01_resolver.get_http_01_key_auth(challenge_token) {
+        let response = Response::builder()
+          .status(StatusCode::OK)
+          .header(
+            CONTENT_TYPE,
+            HeaderValue::from_static("application/octet-stream"),
+          )
+          .body(
+            Full::new(Bytes::from(acme_response))
+              .map_err(|e| match e {})
+              .boxed(),
+          )
+          .unwrap_or_default();
+
+        let (mut response_parts, response_body) = response.into_parts();
+        if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+          let custom_headers_hash_iter = custom_headers_hash.iter();
+          for (header_name, header_value) in custom_headers_hash_iter {
+            if let Some(header_name) = header_name.as_str() {
+              if let Some(header_value) = header_value.as_str() {
+                if !response_parts.headers.contains_key(header_name) {
+                  if let Ok(header_value) =
+                    HeaderValue::from_str(&header_value.replace("{path}", &sanitized_url_pathname))
+                  {
+                    if let Ok(header_name) = HeaderName::from_str(header_name) {
+                      response_parts.headers.insert(header_name, header_value);
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+        if let Some(http3_alt_port) = http3_alt_port {
+          if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+            Some(value) => HeaderValue::from_bytes(
+              format!(
+                "{}, h3=\":{}\", h3-29=\":{}\"",
+                String::from_utf8_lossy(value.as_bytes()),
+                http3_alt_port,
+                http3_alt_port
+              )
+              .as_bytes(),
+            ),
+            None => HeaderValue::from_bytes(
+              format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+            ),
+          } {
+            response_parts.headers.insert(header::ALT_SVC, header_value);
+          }
+        }
+        response_parts
+          .headers
+          .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+        let response = Response::from_parts(response_parts, response_body);
+
+        if log_enabled {
+          log_combined(
+            &logger,
+            socket_data.remote_addr.ip(),
+            None,
+            log_method,
+            log_request_path,
+            log_protocol,
+            response.status().as_u16(),
+            match response.headers().get(header::CONTENT_LENGTH) {
+              Some(header_value) => match header_value.to_str() {
+                Ok(header_value) => match header_value.parse::<u64>() {
+                  Ok(content_length) => Some(content_length),
+                  Err(_) => response.body().size_hint().exact(),
+                },
+                Err(_) => response.body().size_hint().exact(),
+              },
+              None => response.body().size_hint().exact(),
+            },
+            log_referrer,
+            log_user_agent,
+          )
+          .await;
+        }
+        return Ok(response);
+      }
+    }
+  };
+
+  let cloned_logger = logger.clone();
+  let error_logger = match error_log_enabled {
+    true => ErrorLogger::new(cloned_logger),
+    false => ErrorLogger::without_logger(),
+  };
+
+  if is_connect_proxy_request {
+    let mut connect_proxy_handlers = None;
+    for mut handlers in handlers_vec {
+      if handlers.does_connect_proxy_requests() {
+        connect_proxy_handlers = Some(handlers);
+        break;
+      }
+    }
+
+    if let Some(mut connect_proxy_handlers) = connect_proxy_handlers {
+      if let Some(connect_address) = request.uri().authority().map(|auth| auth.to_string()) {
+        // Variables moved to before "tokio::spawn" to avoid issues with moved values
+        let client_ip = socket_data.remote_addr.ip();
+        let custom_headers_yaml = combined_config["customHeaders"].clone();
+
+        tokio::spawn(async move {
+          match hyper::upgrade::on(request).await {
+            Ok(upgraded_request) => {
+              let result = connect_proxy_handlers
+                .connect_proxy_request_handler(
+                  upgraded_request,
+                  &connect_address,
+                  &combined_config,
+                  &socket_data,
+                  &error_logger,
+                )
+                .await;
+              match result {
+                Ok(_) => (),
+                Err(err) => {
+                  error_logger
+                    .log(&format!("Unexpected error for CONNECT request: {}", err))
+                    .await;
+                }
+              }
+            }
+            Err(err) => {
+              error_logger
+                .log(&format!(
+                  "Error while upgrading HTTP CONNECT request: {}",
+                  err
+                ))
+                .await
+            }
+          }
+        });
+
+        let response = Response::builder()
+          .body(Empty::new().map_err(|e| match e {}).boxed())
+          .unwrap_or_default();
+
+        if log_enabled {
+          log_combined(
+            &logger,
+            client_ip,
+            None,
+            log_method,
+            log_request_path,
+            log_protocol,
+            response.status().as_u16(),
+            match response.headers().get(header::CONTENT_LENGTH) {
+              Some(header_value) => match header_value.to_str() {
+                Ok(header_value) => match header_value.parse::<u64>() {
+                  Ok(content_length) => Some(content_length),
+                  Err(_) => response.body().size_hint().exact(),
+                },
+                Err(_) => response.body().size_hint().exact(),
+              },
+              None => response.body().size_hint().exact(),
+            },
+            log_referrer,
+            log_user_agent,
+          )
+          .await;
+        }
+
+        let (mut response_parts, response_body) = response.into_parts();
+        if let Some(custom_headers_hash) = custom_headers_yaml.as_hash() {
+          let custom_headers_hash_iter = custom_headers_hash.iter();
+          for (header_name, header_value) in custom_headers_hash_iter {
+            if let Some(header_name) = header_name.as_str() {
+              if let Some(header_value) = header_value.as_str() {
+                if !response_parts.headers.contains_key(header_name) {
+                  if let Ok(header_value) =
+                    HeaderValue::from_str(&header_value.replace("{path}", &sanitized_url_pathname))
+                  {
+                    if let Ok(header_name) = HeaderName::from_str(header_name) {
+                      response_parts.headers.insert(header_name, header_value);
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+        if let Some(http3_alt_port) = http3_alt_port {
+          if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+            Some(value) => HeaderValue::from_bytes(
+              format!(
+                "{}, h3=\":{}\", h3-29=\":{}\"",
+                String::from_utf8_lossy(value.as_bytes()),
+                http3_alt_port,
+                http3_alt_port
+              )
+              .as_bytes(),
+            ),
+            None => HeaderValue::from_bytes(
+              format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+            ),
+          } {
+            response_parts.headers.insert(header::ALT_SVC, header_value);
+          }
+        }
+        response_parts
+          .headers
+          .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+        Ok(Response::from_parts(response_parts, response_body))
+      } else {
+        let response = Response::builder()
+          .status(StatusCode::BAD_REQUEST)
+          .body(Empty::new().map_err(|e| match e {}).boxed())
+          .unwrap_or_default();
+
+        if log_enabled {
+          log_combined(
+            &logger,
+            socket_data.remote_addr.ip(),
+            None,
+            log_method,
+            log_request_path,
+            log_protocol,
+            response.status().as_u16(),
+            match response.headers().get(header::CONTENT_LENGTH) {
+              Some(header_value) => match header_value.to_str() {
+                Ok(header_value) => match header_value.parse::<u64>() {
+                  Ok(content_length) => Some(content_length),
+                  Err(_) => response.body().size_hint().exact(),
+                },
+                Err(_) => response.body().size_hint().exact(),
+              },
+              None => response.body().size_hint().exact(),
+            },
+            log_referrer,
+            log_user_agent,
+          )
+          .await;
+        }
+        let (mut response_parts, response_body) = response.into_parts();
+        if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+          let custom_headers_hash_iter = custom_headers_hash.iter();
+          for (header_name, header_value) in custom_headers_hash_iter {
+            if let Some(header_name) = header_name.as_str() {
+              if let Some(header_value) = header_value.as_str() {
+                if !response_parts.headers.contains_key(header_name) {
+                  if let Ok(header_value) =
+                    HeaderValue::from_str(&header_value.replace("{path}", &sanitized_url_pathname))
+                  {
+                    if let Ok(header_name) = HeaderName::from_str(header_name) {
+                      response_parts.headers.insert(header_name, header_value);
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+        if let Some(http3_alt_port) = http3_alt_port {
+          if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+            Some(value) => HeaderValue::from_bytes(
+              format!(
+                "{}, h3=\":{}\", h3-29=\":{}\"",
+                String::from_utf8_lossy(value.as_bytes()),
+                http3_alt_port,
+                http3_alt_port
+              )
+              .as_bytes(),
+            ),
+            None => HeaderValue::from_bytes(
+              format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+            ),
+          } {
+            response_parts.headers.insert(header::ALT_SVC, header_value);
+          }
+        }
+        response_parts
+          .headers
+          .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+        Ok(Response::from_parts(response_parts, response_body))
+      }
+    } else {
+      let response = Response::builder()
+        .status(StatusCode::NOT_IMPLEMENTED)
+        .body(Empty::new().map_err(|e| match e {}).boxed())
+        .unwrap_or_default();
+
+      if log_enabled {
+        log_combined(
+          &logger,
+          socket_data.remote_addr.ip(),
+          None,
+          log_method,
+          log_request_path,
+          log_protocol,
+          response.status().as_u16(),
+          match response.headers().get(header::CONTENT_LENGTH) {
+            Some(header_value) => match header_value.to_str() {
+              Ok(header_value) => match header_value.parse::<u64>() {
+                Ok(content_length) => Some(content_length),
+                Err(_) => response.body().size_hint().exact(),
+              },
+              Err(_) => response.body().size_hint().exact(),
+            },
+            None => response.body().size_hint().exact(),
+          },
+          log_referrer,
+          log_user_agent,
+        )
+        .await;
+      }
+      let (mut response_parts, response_body) = response.into_parts();
+      if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+        let custom_headers_hash_iter = custom_headers_hash.iter();
+        for (header_name, header_value) in custom_headers_hash_iter {
+          if let Some(header_name) = header_name.as_str() {
+            if let Some(header_value) = header_value.as_str() {
+              if !response_parts.headers.contains_key(header_name) {
+                if let Ok(header_value) =
+                  HeaderValue::from_str(&header_value.replace("{path}", &sanitized_url_pathname))
+                {
+                  if let Ok(header_name) = HeaderName::from_str(header_name) {
+                    response_parts.headers.insert(header_name, header_value);
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+      if let Some(http3_alt_port) = http3_alt_port {
+        if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+          Some(value) => HeaderValue::from_bytes(
+            format!(
+              "{}, h3=\":{}\", h3-29=\":{}\"",
+              String::from_utf8_lossy(value.as_bytes()),
+              http3_alt_port,
+              http3_alt_port
+            )
+            .as_bytes(),
+          ),
+          None => HeaderValue::from_bytes(
+            format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+          ),
+        } {
+          response_parts.headers.insert(header::ALT_SVC, header_value);
+        }
+      }
+      response_parts
+        .headers
+        .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+      Ok(Response::from_parts(response_parts, response_body))
+    }
+  } else {
+    let is_websocket_request = is_upgrade_request(&request);
+    let mut request_data = RequestData::new(request, None, None);
+    let mut latest_auth_data = None;
+    let mut executed_handlers = Vec::new();
+    for mut handlers in handlers_vec {
+      if is_websocket_request && handlers.does_websocket_requests(&combined_config, &socket_data) {
+        let (request, _, _) = request_data.into_parts();
+
+        // Variables moved to before "tokio::spawn" to avoid issues with moved values
+        let client_ip = socket_data.remote_addr.ip();
+        let custom_headers_yaml = combined_config["customHeaders"].clone();
+        let request_uri = request.uri().to_owned();
+
+        let (original_response, websocket) = match hyper_tungstenite::upgrade(request, None) {
+          Ok(data) => data,
+          Err(err) => {
+            error_logger
+              .log(&format!("Error while upgrading WebSocket request: {}", err))
+              .await;
+            let response = Response::builder()
+              .status(StatusCode::INTERNAL_SERVER_ERROR)
+              .body(
+                Full::new(Bytes::from(generate_default_error_page(
+                  StatusCode::INTERNAL_SERVER_ERROR,
+                  None,
+                )))
+                .map_err(|e| match e {})
+                .boxed(),
+              )
+              .unwrap_or_default();
+
+            if log_enabled {
+              log_combined(
+                &logger,
+                socket_data.remote_addr.ip(),
+                None,
+                log_method,
+                log_request_path,
+                log_protocol,
+                response.status().as_u16(),
+                match response.headers().get(header::CONTENT_LENGTH) {
+                  Some(header_value) => match header_value.to_str() {
+                    Ok(header_value) => match header_value.parse::<u64>() {
+                      Ok(content_length) => Some(content_length),
+                      Err(_) => response.body().size_hint().exact(),
+                    },
+                    Err(_) => response.body().size_hint().exact(),
+                  },
+                  None => response.body().size_hint().exact(),
+                },
+                log_referrer,
+                log_user_agent,
+              )
+              .await;
+            }
+            let (mut response_parts, response_body) = response.into_parts();
+            if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+              let custom_headers_hash_iter = custom_headers_hash.iter();
+              for (header_name, header_value) in custom_headers_hash_iter {
+                if let Some(header_name) = header_name.as_str() {
+                  if let Some(header_value) = header_value.as_str() {
+                    if !response_parts.headers.contains_key(header_name) {
+                      if let Ok(header_value) = HeaderValue::from_str(
+                        &header_value.replace("{path}", &sanitized_url_pathname),
+                      ) {
+                        if let Ok(header_name) = HeaderName::from_str(header_name) {
+                          response_parts.headers.insert(header_name, header_value);
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            }
+            if let Some(http3_alt_port) = http3_alt_port {
+              if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+                Some(value) => HeaderValue::from_bytes(
+                  format!(
+                    "{}, h3=\":{}\", h3-29=\":{}\"",
+                    String::from_utf8_lossy(value.as_bytes()),
+                    http3_alt_port,
+                    http3_alt_port
+                  )
+                  .as_bytes(),
+                ),
+                None => HeaderValue::from_bytes(
+                  format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+                ),
+              } {
+                response_parts.headers.insert(header::ALT_SVC, header_value);
+              }
+            }
+            response_parts
+              .headers
+              .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+            return Ok(Response::from_parts(response_parts, response_body));
+          }
+        };
+
+        tokio::spawn(async move {
+          let result = handlers
+            .websocket_request_handler(
+              websocket,
+              &request_uri,
+              &combined_config,
+              &socket_data,
+              &error_logger,
+            )
+            .await;
+          match result {
+            Ok(_) => (),
+            Err(err) => {
+              error_logger
+                .log(&format!("Unexpected error for WebSocket request: {}", err))
+                .await;
+            }
+          }
+        });
+
+        let response = original_response.map(|body| body.map_err(|err| match err {}).boxed());
+
+        if log_enabled {
+          log_combined(
+            &logger,
+            client_ip,
+            None,
+            log_method,
+            log_request_path,
+            log_protocol,
+            response.status().as_u16(),
+            match response.headers().get(header::CONTENT_LENGTH) {
+              Some(header_value) => match header_value.to_str() {
+                Ok(header_value) => match header_value.parse::<u64>() {
+                  Ok(content_length) => Some(content_length),
+                  Err(_) => response.body().size_hint().exact(),
+                },
+                Err(_) => response.body().size_hint().exact(),
+              },
+              None => response.body().size_hint().exact(),
+            },
+            log_referrer,
+            log_user_agent,
+          )
+          .await;
+        }
+
+        let (mut response_parts, response_body) = response.into_parts();
+        if let Some(custom_headers_hash) = custom_headers_yaml.as_hash() {
+          let custom_headers_hash_iter = custom_headers_hash.iter();
+          for (header_name, header_value) in custom_headers_hash_iter {
+            if let Some(header_name) = header_name.as_str() {
+              if let Some(header_value) = header_value.as_str() {
+                if !response_parts.headers.contains_key(header_name) {
+                  if let Ok(header_value) =
+                    HeaderValue::from_str(&header_value.replace("{path}", &sanitized_url_pathname))
+                  {
+                    if let Ok(header_name) = HeaderName::from_str(header_name) {
+                      response_parts.headers.insert(header_name, header_value);
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+        if let Some(http3_alt_port) = http3_alt_port {
+          if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+            Some(value) => HeaderValue::from_bytes(
+              format!(
+                "{}, h3=\":{}\", h3-29=\":{}\"",
+                String::from_utf8_lossy(value.as_bytes()),
+                http3_alt_port,
+                http3_alt_port
+              )
+              .as_bytes(),
+            ),
+            None => HeaderValue::from_bytes(
+              format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+            ),
+          } {
+            response_parts.headers.insert(header::ALT_SVC, header_value);
+          }
+        }
+        response_parts
+          .headers
+          .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+        return Ok(Response::from_parts(response_parts, response_body));
+      }
+
+      let response_result = match is_proxy_request {
+        true => {
+          handlers
+            .proxy_request_handler(request_data, &combined_config, &socket_data, &error_logger)
+            .await
+        }
+        false => {
+          handlers
+            .request_handler(request_data, &combined_config, &socket_data, &error_logger)
+            .await
+        }
+      };
+
+      executed_handlers.push(handlers);
+      match response_result {
+        Ok(response) => {
+          let (
+            request_option,
+            auth_data,
+            original_url,
+            response,
+            status,
+            headers,
+            new_remote_address,
+            parallel_fn,
+          ) = response.into_parts();
+          latest_auth_data = auth_data.clone();
+          if let Some(new_remote_address) = new_remote_address {
+            socket_data.remote_addr = new_remote_address;
+          };
+          if let Some(parallel_fn) = parallel_fn {
+            // Spawn the function in the web server's Tokio runtime.
+            // We have implemented parallel_fn parameter in the ResponseData
+            // because tokio::spawn doesn't work on dynamic libraries,
+            // see https://github.com/tokio-rs/tokio/issues/6927
+            tokio::spawn(parallel_fn);
+          }
+          match response {
+            Some(response) => {
+              let (mut response_parts, response_body) = response.into_parts();
+              if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+                let custom_headers_hash_iter = custom_headers_hash.iter();
+                for (header_name, header_value) in custom_headers_hash_iter {
+                  if let Some(header_name) = header_name.as_str() {
+                    if let Some(header_value) = header_value.as_str() {
+                      if !response_parts.headers.contains_key(header_name) {
+                        if let Ok(header_value) = HeaderValue::from_str(
+                          &header_value.replace("{path}", &sanitized_url_pathname),
+                        ) {
+                          if let Ok(header_name) = HeaderName::from_str(header_name) {
+                            response_parts.headers.insert(header_name, header_value);
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+              if let Some(http3_alt_port) = http3_alt_port {
+                if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+                  Some(value) => HeaderValue::from_bytes(
+                    format!(
+                      "{}, h3=\":{}\", h3-29=\":{}\"",
+                      String::from_utf8_lossy(value.as_bytes()),
+                      http3_alt_port,
+                      http3_alt_port
+                    )
+                    .as_bytes(),
+                  ),
+                  None => HeaderValue::from_bytes(
+                    format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+                  ),
+                } {
+                  response_parts.headers.insert(header::ALT_SVC, header_value);
+                }
+              }
+              response_parts
+                .headers
+                .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+              let mut response = Response::from_parts(response_parts, response_body);
+
+              while let Some(mut executed_handler) = executed_handlers.pop() {
+                let response_status = match is_proxy_request {
+                  true => {
+                    executed_handler
+                      .proxy_response_modifying_handler(response)
+                      .await
+                  }
+                  false => executed_handler.response_modifying_handler(response).await,
+                };
+                response = match response_status {
+                  Ok(response) => response,
+                  Err(err) => {
+                    if error_log_enabled {
+                      logger
+                        .send(LogMessage::new(
+                          format!("Unexpected error while serving a request: {}", err),
+                          true,
+                        ))
+                        .await
+                        .unwrap_or_default();
+                    }
+
+                    let response = generate_error_response(
+                      StatusCode::INTERNAL_SERVER_ERROR,
+                      &combined_config,
+                      &headers,
+                    )
+                    .await;
+                    if log_enabled {
+                      log_combined(
+                        &logger,
+                        socket_data.remote_addr.ip(),
+                        auth_data,
+                        log_method,
+                        log_request_path,
+                        log_protocol,
+                        response.status().as_u16(),
+                        match response.headers().get(header::CONTENT_LENGTH) {
+                          Some(header_value) => match header_value.to_str() {
+                            Ok(header_value) => match header_value.parse::<u64>() {
+                              Ok(content_length) => Some(content_length),
+                              Err(_) => response.body().size_hint().exact(),
+                            },
+                            Err(_) => response.body().size_hint().exact(),
+                          },
+                          None => response.body().size_hint().exact(),
+                        },
+                        log_referrer,
+                        log_user_agent,
+                      )
+                      .await;
+                    }
+                    let (mut response_parts, response_body) = response.into_parts();
+                    if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+                      let custom_headers_hash_iter = custom_headers_hash.iter();
+                      for (header_name, header_value) in custom_headers_hash_iter {
+                        if let Some(header_name) = header_name.as_str() {
+                          if let Some(header_value) = header_value.as_str() {
+                            if !response_parts.headers.contains_key(header_name) {
+                              if let Ok(header_value) = HeaderValue::from_str(
+                                &header_value.replace("{path}", &sanitized_url_pathname),
+                              ) {
+                                if let Ok(header_name) = HeaderName::from_str(header_name) {
+                                  response_parts.headers.insert(header_name, header_value);
+                                }
+                              }
+                            }
+                          }
+                        }
+                      }
+                    }
+                    if let Some(http3_alt_port) = http3_alt_port {
+                      if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+                        Some(value) => HeaderValue::from_bytes(
+                          format!(
+                            "{}, h3=\":{}\", h3-29=\":{}\"",
+                            String::from_utf8_lossy(value.as_bytes()),
+                            http3_alt_port,
+                            http3_alt_port
+                          )
+                          .as_bytes(),
+                        ),
+                        None => HeaderValue::from_bytes(
+                          format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port)
+                            .as_bytes(),
+                        ),
+                      } {
+                        response_parts.headers.insert(header::ALT_SVC, header_value);
+                      }
+                    }
+                    response_parts
+                      .headers
+                      .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+                    return Ok(Response::from_parts(response_parts, response_body));
+                  }
+                };
+              }
+
+              if log_enabled {
+                log_combined(
+                  &logger,
+                  socket_data.remote_addr.ip(),
+                  auth_data,
+                  log_method,
+                  log_request_path,
+                  log_protocol,
+                  response.status().as_u16(),
+                  match response.headers().get(header::CONTENT_LENGTH) {
+                    Some(header_value) => match header_value.to_str() {
+                      Ok(header_value) => match header_value.parse::<u64>() {
+                        Ok(content_length) => Some(content_length),
+                        Err(_) => response.body().size_hint().exact(),
+                      },
+                      Err(_) => response.body().size_hint().exact(),
+                    },
+                    None => response.body().size_hint().exact(),
+                  },
+                  log_referrer,
+                  log_user_agent,
+                )
+                .await;
+              }
+
+              return Ok(response);
+            }
+            None => match status {
+              Some(status) => {
+                let response = generate_error_response(status, &combined_config, &headers).await;
+                let (mut response_parts, response_body) = response.into_parts();
+                if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+                  let custom_headers_hash_iter = custom_headers_hash.iter();
+                  for (header_name, header_value) in custom_headers_hash_iter {
+                    if let Some(header_name) = header_name.as_str() {
+                      if let Some(header_value) = header_value.as_str() {
+                        if !response_parts.headers.contains_key(header_name) {
+                          if let Ok(header_value) = HeaderValue::from_str(
+                            &header_value.replace("{path}", &sanitized_url_pathname),
+                          ) {
+                            if let Ok(header_name) = HeaderName::from_str(header_name) {
+                              response_parts.headers.insert(header_name, header_value);
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+                if let Some(http3_alt_port) = http3_alt_port {
+                  if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+                    Some(value) => HeaderValue::from_bytes(
+                      format!(
+                        "{}, h3=\":{}\", h3-29=\":{}\"",
+                        String::from_utf8_lossy(value.as_bytes()),
+                        http3_alt_port,
+                        http3_alt_port
+                      )
+                      .as_bytes(),
+                    ),
+                    None => HeaderValue::from_bytes(
+                      format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port)
+                        .as_bytes(),
+                    ),
+                  } {
+                    response_parts.headers.insert(header::ALT_SVC, header_value);
+                  }
+                }
+                response_parts
+                  .headers
+                  .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+                let mut response = Response::from_parts(response_parts, response_body);
+
+                while let Some(mut executed_handler) = executed_handlers.pop() {
+                  let response_status = match is_proxy_request {
+                    true => {
+                      executed_handler
+                        .proxy_response_modifying_handler(response)
+                        .await
+                    }
+                    false => executed_handler.response_modifying_handler(response).await,
+                  };
+                  response = match response_status {
+                    Ok(response) => response,
+                    Err(err) => {
+                      if error_log_enabled {
+                        logger
+                          .send(LogMessage::new(
+                            format!("Unexpected error while serving a request: {}", err),
+                            true,
+                          ))
+                          .await
+                          .unwrap_or_default();
+                      }
+
+                      let response = generate_error_response(
+                        StatusCode::INTERNAL_SERVER_ERROR,
+                        &combined_config,
+                        &headers,
+                      )
+                      .await;
+                      if log_enabled {
+                        log_combined(
+                          &logger,
+                          socket_data.remote_addr.ip(),
+                          auth_data,
+                          log_method,
+                          log_request_path,
+                          log_protocol,
+                          response.status().as_u16(),
+                          match response.headers().get(header::CONTENT_LENGTH) {
+                            Some(header_value) => match header_value.to_str() {
+                              Ok(header_value) => match header_value.parse::<u64>() {
+                                Ok(content_length) => Some(content_length),
+                                Err(_) => response.body().size_hint().exact(),
+                              },
+                              Err(_) => response.body().size_hint().exact(),
+                            },
+                            None => response.body().size_hint().exact(),
+                          },
+                          log_referrer,
+                          log_user_agent,
+                        )
+                        .await;
+                      }
+                      let (mut response_parts, response_body) = response.into_parts();
+                      if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash()
+                      {
+                        let custom_headers_hash_iter = custom_headers_hash.iter();
+                        for (header_name, header_value) in custom_headers_hash_iter {
+                          if let Some(header_name) = header_name.as_str() {
+                            if let Some(header_value) = header_value.as_str() {
+                              if !response_parts.headers.contains_key(header_name) {
+                                if let Ok(header_value) = HeaderValue::from_str(
+                                  &header_value.replace("{path}", &sanitized_url_pathname),
+                                ) {
+                                  if let Ok(header_name) = HeaderName::from_str(header_name) {
+                                    response_parts.headers.insert(header_name, header_value);
+                                  }
+                                }
+                              }
+                            }
+                          }
+                        }
+                      }
+                      if let Some(http3_alt_port) = http3_alt_port {
+                        if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC)
+                        {
+                          Some(value) => HeaderValue::from_bytes(
+                            format!(
+                              "{}, h3=\":{}\", h3-29=\":{}\"",
+                              String::from_utf8_lossy(value.as_bytes()),
+                              http3_alt_port,
+                              http3_alt_port
+                            )
+                            .as_bytes(),
+                          ),
+                          None => HeaderValue::from_bytes(
+                            format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port)
+                              .as_bytes(),
+                          ),
+                        } {
+                          response_parts.headers.insert(header::ALT_SVC, header_value);
+                        }
+                      }
+                      response_parts
+                        .headers
+                        .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+                      return Ok(Response::from_parts(response_parts, response_body));
+                    }
+                  };
+                }
+
+                if log_enabled {
+                  log_combined(
+                    &logger,
+                    socket_data.remote_addr.ip(),
+                    auth_data,
+                    log_method,
+                    log_request_path,
+                    log_protocol,
+                    response.status().as_u16(),
+                    match response.headers().get(header::CONTENT_LENGTH) {
+                      Some(header_value) => match header_value.to_str() {
+                        Ok(header_value) => match header_value.parse::<u64>() {
+                          Ok(content_length) => Some(content_length),
+                          Err(_) => response.body().size_hint().exact(),
+                        },
+                        Err(_) => response.body().size_hint().exact(),
+                      },
+                      None => response.body().size_hint().exact(),
+                    },
+                    log_referrer,
+                    log_user_agent,
+                  )
+                  .await;
+                }
+                return Ok(response);
+              }
+              None => match request_option {
+                Some(request) => {
+                  request_data = RequestData::new(request, auth_data, original_url);
+                  continue;
+                }
+                None => {
+                  break;
+                }
+              },
+            },
+          }
+        }
+        Err(err) => {
+          let response =
+            generate_error_response(StatusCode::INTERNAL_SERVER_ERROR, &combined_config, &None)
+              .await;
+
+          let (mut response_parts, response_body) = response.into_parts();
+          if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+            let custom_headers_hash_iter = custom_headers_hash.iter();
+            for (header_name, header_value) in custom_headers_hash_iter {
+              if let Some(header_name) = header_name.as_str() {
+                if let Some(header_value) = header_value.as_str() {
+                  if !response_parts.headers.contains_key(header_name) {
+                    if let Ok(header_value) = HeaderValue::from_str(
+                      &header_value.replace("{path}", &sanitized_url_pathname),
+                    ) {
+                      if let Ok(header_name) = HeaderName::from_str(header_name) {
+                        response_parts.headers.insert(header_name, header_value);
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
+          if let Some(http3_alt_port) = http3_alt_port {
+            if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+              Some(value) => HeaderValue::from_bytes(
+                format!(
+                  "{}, h3=\":{}\", h3-29=\":{}\"",
+                  String::from_utf8_lossy(value.as_bytes()),
+                  http3_alt_port,
+                  http3_alt_port
+                )
+                .as_bytes(),
+              ),
+              None => HeaderValue::from_bytes(
+                format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+              ),
+            } {
+              response_parts.headers.insert(header::ALT_SVC, header_value);
+            }
+          }
+          response_parts
+            .headers
+            .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+          let mut response = Response::from_parts(response_parts, response_body);
+
+          while let Some(mut executed_handler) = executed_handlers.pop() {
+            let response_status = match is_proxy_request {
+              true => {
+                executed_handler
+                  .proxy_response_modifying_handler(response)
+                  .await
+              }
+              false => executed_handler.response_modifying_handler(response).await,
+            };
+            response = match response_status {
+              Ok(response) => response,
+              Err(err) => {
+                if error_log_enabled {
+                  logger
+                    .send(LogMessage::new(
+                      format!("Unexpected error while serving a request: {}", err),
+                      true,
+                    ))
+                    .await
+                    .unwrap_or_default();
+                }
+
+                let response = generate_error_response(
+                  StatusCode::INTERNAL_SERVER_ERROR,
+                  &combined_config,
+                  &None,
+                )
+                .await;
+                if log_enabled {
+                  log_combined(
+                    &logger,
+                    socket_data.remote_addr.ip(),
+                    latest_auth_data,
+                    log_method,
+                    log_request_path,
+                    log_protocol,
+                    response.status().as_u16(),
+                    match response.headers().get(header::CONTENT_LENGTH) {
+                      Some(header_value) => match header_value.to_str() {
+                        Ok(header_value) => match header_value.parse::<u64>() {
+                          Ok(content_length) => Some(content_length),
+                          Err(_) => response.body().size_hint().exact(),
+                        },
+                        Err(_) => response.body().size_hint().exact(),
+                      },
+                      None => response.body().size_hint().exact(),
+                    },
+                    log_referrer,
+                    log_user_agent,
+                  )
+                  .await;
+                }
+                let (mut response_parts, response_body) = response.into_parts();
+                if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+                  let custom_headers_hash_iter = custom_headers_hash.iter();
+                  for (header_name, header_value) in custom_headers_hash_iter {
+                    if let Some(header_name) = header_name.as_str() {
+                      if let Some(header_value) = header_value.as_str() {
+                        if !response_parts.headers.contains_key(header_name) {
+                          if let Ok(header_value) = HeaderValue::from_str(
+                            &header_value.replace("{path}", &sanitized_url_pathname),
+                          ) {
+                            if let Ok(header_name) = HeaderName::from_str(header_name) {
+                              response_parts.headers.insert(header_name, header_value);
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+                if let Some(http3_alt_port) = http3_alt_port {
+                  if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+                    Some(value) => HeaderValue::from_bytes(
+                      format!(
+                        "{}, h3=\":{}\", h3-29=\":{}\"",
+                        String::from_utf8_lossy(value.as_bytes()),
+                        http3_alt_port,
+                        http3_alt_port
+                      )
+                      .as_bytes(),
+                    ),
+                    None => HeaderValue::from_bytes(
+                      format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port)
+                        .as_bytes(),
+                    ),
+                  } {
+                    response_parts.headers.insert(header::ALT_SVC, header_value);
+                  }
+                }
+                response_parts
+                  .headers
+                  .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+                return Ok(Response::from_parts(response_parts, response_body));
+              }
+            };
+          }
+
+          if error_log_enabled {
+            logger
+              .send(LogMessage::new(
+                format!("Unexpected error while serving a request: {}", err),
+                true,
+              ))
+              .await
+              .unwrap_or_default();
+          }
+
+          if log_enabled {
+            log_combined(
+              &logger,
+              socket_data.remote_addr.ip(),
+              latest_auth_data,
+              log_method,
+              log_request_path,
+              log_protocol,
+              response.status().as_u16(),
+              match response.headers().get(header::CONTENT_LENGTH) {
+                Some(header_value) => match header_value.to_str() {
+                  Ok(header_value) => match header_value.parse::<u64>() {
+                    Ok(content_length) => Some(content_length),
+                    Err(_) => response.body().size_hint().exact(),
+                  },
+                  Err(_) => response.body().size_hint().exact(),
+                },
+                None => response.body().size_hint().exact(),
+              },
+              log_referrer,
+              log_user_agent,
+            )
+            .await;
+          }
+          return Ok(response);
+        }
+      }
+    }
+
+    let response = generate_error_response(StatusCode::NOT_FOUND, &combined_config, &None).await;
+
+    let (mut response_parts, response_body) = response.into_parts();
+    if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+      let custom_headers_hash_iter = custom_headers_hash.iter();
+      for (header_name, header_value) in custom_headers_hash_iter {
+        if let Some(header_name) = header_name.as_str() {
+          if let Some(header_value) = header_value.as_str() {
+            if !response_parts.headers.contains_key(header_name) {
+              if let Ok(header_value) =
+                HeaderValue::from_str(&header_value.replace("{path}", &sanitized_url_pathname))
+              {
+                if let Ok(header_name) = HeaderName::from_str(header_name) {
+                  response_parts.headers.insert(header_name, header_value);
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+    if let Some(http3_alt_port) = http3_alt_port {
+      if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+        Some(value) => HeaderValue::from_bytes(
+          format!(
+            "{}, h3=\":{}\", h3-29=\":{}\"",
+            String::from_utf8_lossy(value.as_bytes()),
+            http3_alt_port,
+            http3_alt_port
+          )
+          .as_bytes(),
+        ),
+        None => HeaderValue::from_bytes(
+          format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+        ),
+      } {
+        response_parts.headers.insert(header::ALT_SVC, header_value);
+      }
+    }
+    response_parts
+      .headers
+      .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+    let mut response = Response::from_parts(response_parts, response_body);
+
+    while let Some(mut executed_handler) = executed_handlers.pop() {
+      let response_status = match is_proxy_request {
+        true => {
+          executed_handler
+            .proxy_response_modifying_handler(response)
+            .await
+        }
+        false => executed_handler.response_modifying_handler(response).await,
+      };
+      response = match response_status {
+        Ok(response) => response,
+        Err(err) => {
+          if error_log_enabled {
+            logger
+              .send(LogMessage::new(
+                format!("Unexpected error while serving a request: {}", err),
+                true,
+              ))
+              .await
+              .unwrap_or_default();
+          }
+
+          let response =
+            generate_error_response(StatusCode::INTERNAL_SERVER_ERROR, &combined_config, &None)
+              .await;
+          if log_enabled {
+            log_combined(
+              &logger,
+              socket_data.remote_addr.ip(),
+              latest_auth_data,
+              log_method,
+              log_request_path,
+              log_protocol,
+              response.status().as_u16(),
+              match response.headers().get(header::CONTENT_LENGTH) {
+                Some(header_value) => match header_value.to_str() {
+                  Ok(header_value) => match header_value.parse::<u64>() {
+                    Ok(content_length) => Some(content_length),
+                    Err(_) => response.body().size_hint().exact(),
+                  },
+                  Err(_) => response.body().size_hint().exact(),
+                },
+                None => response.body().size_hint().exact(),
+              },
+              log_referrer,
+              log_user_agent,
+            )
+            .await;
+          }
+          let (mut response_parts, response_body) = response.into_parts();
+          if let Some(custom_headers_hash) = combined_config["customHeaders"].as_hash() {
+            let custom_headers_hash_iter = custom_headers_hash.iter();
+            for (header_name, header_value) in custom_headers_hash_iter {
+              if let Some(header_name) = header_name.as_str() {
+                if let Some(header_value) = header_value.as_str() {
+                  if !response_parts.headers.contains_key(header_name) {
+                    if let Ok(header_value) = HeaderValue::from_str(
+                      &header_value.replace("{path}", &sanitized_url_pathname),
+                    ) {
+                      if let Ok(header_name) = HeaderName::from_str(header_name) {
+                        response_parts.headers.insert(header_name, header_value);
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
+          if let Some(http3_alt_port) = http3_alt_port {
+            if let Ok(header_value) = match response_parts.headers.get(header::ALT_SVC) {
+              Some(value) => HeaderValue::from_bytes(
+                format!(
+                  "{}, h3=\":{}\", h3-29=\":{}\"",
+                  String::from_utf8_lossy(value.as_bytes()),
+                  http3_alt_port,
+                  http3_alt_port
+                )
+                .as_bytes(),
+              ),
+              None => HeaderValue::from_bytes(
+                format!("h3=\":{}\", h3-29=\":{}\"", http3_alt_port, http3_alt_port).as_bytes(),
+              ),
+            } {
+              response_parts.headers.insert(header::ALT_SVC, header_value);
+            }
+          }
+          response_parts
+            .headers
+            .insert(header::SERVER, HeaderValue::from_static(SERVER_SOFTWARE));
+
+          return Ok(Response::from_parts(response_parts, response_body));
+        }
+      };
+    }
+
+    if log_enabled {
+      log_combined(
+        &logger,
+        socket_data.remote_addr.ip(),
+        latest_auth_data,
+        log_method,
+        log_request_path,
+        log_protocol,
+        response.status().as_u16(),
+        match response.headers().get(header::CONTENT_LENGTH) {
+          Some(header_value) => match header_value.to_str() {
+            Ok(header_value) => match header_value.parse::<u64>() {
+              Ok(content_length) => Some(content_length),
+              Err(_) => response.body().size_hint().exact(),
+            },
+            Err(_) => response.body().size_hint().exact(),
+          },
+          None => response.body().size_hint().exact(),
+        },
+        log_referrer,
+        log_user_agent,
+      )
+      .await;
+    }
+    Ok(response)
+  }
+}
+
+#[allow(clippy::too_many_arguments)]
+pub async fn request_handler(
+  request: Request<BoxBody<Bytes, std::io::Error>>,
+  remote_address: SocketAddr,
+  local_address: SocketAddr,
+  encrypted: bool,
+  config: Arc<Yaml>,
+  logger: Sender<LogMessage>,
+  handlers_vec: Vec<Box<dyn ServerModuleHandlers + Send>>,
+  acme_http01_resolver_option: Option<Arc<ResolvesServerCertAcme>>,
+  http3_alt_port: Option<u16>,
+) -> Result<Response<BoxBody<Bytes, std::io::Error>>, anyhow::Error> {
+  let timeout_yaml = &config["global"]["timeout"];
+  if timeout_yaml.is_null() {
+    request_handler_wrapped(
+      request,
+      remote_address,
+      local_address,
+      encrypted,
+      config,
+      logger,
+      handlers_vec,
+      acme_http01_resolver_option,
+      http3_alt_port,
+    )
+    .await
+    .map_err(|e| anyhow::anyhow!(e))
+  } else {
+    let timeout_millis = timeout_yaml.as_i64().unwrap_or(300000) as u64;
+    match timeout(
+      Duration::from_millis(timeout_millis),
+      request_handler_wrapped(
+        request,
+        remote_address,
+        local_address,
+        encrypted,
+        config,
+        logger,
+        handlers_vec,
+        acme_http01_resolver_option,
+        http3_alt_port,
+      ),
+    )
+    .await
+    {
+      Ok(response) => response.map_err(|e| anyhow::anyhow!(e)),
+      Err(_) => Err(anyhow::anyhow!("The client or server has timed out")),
+    }
+  }
+}

ferron/src/res/server_software.rs

@@ -0,0 +1 @@
+pub const SERVER_SOFTWARE: &str = "Ferron";