You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by br...@apache.org on 2015/05/22 09:25:28 UTC
[1/3] trafficserver git commit: TS-3631: add config option to limit
post size
Repository: trafficserver
Updated Branches:
refs/heads/master 9725e10f8 -> be6c95ba2
TS-3631: add config option to limit post size
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/eadc9cfa
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/eadc9cfa
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/eadc9cfa
Branch: refs/heads/master
Commit: eadc9cfa4020799859c4c65be6608990b6f0fe80
Parents: 9725e10
Author: Brian Geffon <br...@apache.org>
Authored: Fri May 22 00:22:24 2015 -0700
Committer: Brian Geffon <br...@apache.org>
Committed: Fri May 22 00:22:24 2015 -0700
----------------------------------------------------------------------
mgmt/RecordsConfig.cc | 3 ++-
proxy/hdrs/HTTP.h | 1 +
proxy/http/HttpConfig.cc | 7 ++++++-
proxy/http/HttpConfig.h | 4 +++-
proxy/http/HttpTransact.cc | 10 ++++++++++
proxy/logging/Log.cc | 1 +
6 files changed, 23 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/eadc9cfa/mgmt/RecordsConfig.cc
----------------------------------------------------------------------
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index 8fa1ba4..ebcb8fd 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -482,7 +482,8 @@ static const RecordElement RecordsConfig[] =
,
{RECT_CONFIG, "proxy.config.http.auth_server_session_private", RECD_INT, "1", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
,
-
+ {RECT_CONFIG, "proxy.config.http.max_post_size", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_INT, "^[0-9]+$", RECA_NULL}
+ ,
// ##############################
// # parent proxy configuration #
// ##############################
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/eadc9cfa/proxy/hdrs/HTTP.h
----------------------------------------------------------------------
diff --git a/proxy/hdrs/HTTP.h b/proxy/hdrs/HTTP.h
index 78de824..a1f6e8f 100644
--- a/proxy/hdrs/HTTP.h
+++ b/proxy/hdrs/HTTP.h
@@ -136,6 +136,7 @@ enum SquidLogCode {
SQUID_LOG_UDP_FUTURE_2 = 'o',
SQUID_LOG_ERR_READ_TIMEOUT = 'p',
SQUID_LOG_ERR_LIFETIME_EXP = 'q',
+ SQUID_LOG_ERR_POST_ENTITY_TOO_LARGE = 'L',
SQUID_LOG_ERR_NO_CLIENTS_BIG_OBJ = 'r',
SQUID_LOG_ERR_READ_ERROR = 's',
SQUID_LOG_ERR_CLIENT_ABORT = 't',
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/eadc9cfa/proxy/http/HttpConfig.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc
index 1b36d2e..54955e5 100644
--- a/proxy/http/HttpConfig.cc
+++ b/proxy/http/HttpConfig.cc
@@ -854,7 +854,9 @@ register_stat_callbacks()
(int)https_incoming_requests_stat, RecRawStatSyncCount);
RecRegisterRawStat(http_rsb, RECT_PROCESS, "proxy.process.https.total_client_connections", RECD_COUNTER, RECP_PERSISTENT,
(int)https_total_client_connections_stat, RecRawStatSyncCount);
-
+ RecRegisterRawStat(http_rsb, RECT_PROCESS,
+ "proxy.process.http.post_body_too_large",
+ RECD_COUNTER, RECP_PERSISTENT, (int) http_post_body_too_large, RecRawStatSyncCount);
// milestones
RecRegisterRawStat(http_rsb, RECT_PROCESS, "proxy.process.http.milestone.ua_begin", RECD_COUNTER, RECP_PERSISTENT,
(int)http_ua_begin_time_stat, RecRawStatSyncSum);
@@ -1146,6 +1148,8 @@ HttpConfig::startup()
// Stat Page Info
HttpEstablishStaticConfigByte(c.enable_http_info, "proxy.config.http.enable_http_info");
+ HttpEstablishStaticConfigLongLong(c.max_post_size, "proxy.config.http.max_post_size");
+
//##############################################################################
//#
//# Redirection
@@ -1361,6 +1365,7 @@ HttpConfig::reconfigure()
params->cache_open_write_fail_action = m_master.cache_open_write_fail_action;
params->oride.cache_when_to_revalidate = m_master.oride.cache_when_to_revalidate;
+ params->max_post_size = m_master.max_post_size;
params->oride.cache_required_headers = m_master.oride.cache_required_headers;
params->oride.cache_range_lookup = INT_TO_BOOL(m_master.oride.cache_range_lookup);
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/eadc9cfa/proxy/http/HttpConfig.h
----------------------------------------------------------------------
diff --git a/proxy/http/HttpConfig.h b/proxy/http/HttpConfig.h
index 813e4df..4534c6c 100644
--- a/proxy/http/HttpConfig.h
+++ b/proxy/http/HttpConfig.h
@@ -228,6 +228,7 @@ enum {
http_ua_msecs_counts_other_unclassified_stat,
disallowed_post_100_continue,
+ http_post_body_too_large,
http_total_x_redirect_stat,
@@ -744,6 +745,7 @@ public:
MgmtByte disallow_post_100_continue;
MgmtByte parser_allow_non_http;
MgmtInt cache_open_write_fail_action;
+ MgmtInt max_post_size;
OverridableHttpConfigParams oride;
@@ -853,7 +855,7 @@ inline HttpConfigParams::HttpConfigParams()
cluster_time_delta(0), redirection_enabled(0), redirection_host_no_port(0), number_of_redirections(1), post_copy_size(2048),
ignore_accept_mismatch(0), ignore_accept_language_mismatch(0), ignore_accept_encoding_mismatch(0),
ignore_accept_charset_mismatch(0), send_100_continue_response(0), send_408_post_timeout_response(0),
- disallow_post_100_continue(0), parser_allow_non_http(1), cache_open_write_fail_action(0), autoconf_port(0),
+ disallow_post_100_continue(0), parser_allow_non_http(1), cache_open_write_fail_action(0), max_post_size(0), autoconf_port(0),
autoconf_localhost_only(0)
{
}
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/eadc9cfa/proxy/http/HttpTransact.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index 1149d23..ae52df4 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -1252,6 +1252,16 @@ HttpTransact::HandleRequest(State *s)
// client keep-alive, cache action, etc.
initialize_state_variables_from_request(s, &s->hdr_info.client_request);
+ // The following code is configurable to allow a user to control the max post size (TS-3631)
+ if (s->http_config_param->max_post_size > 0 && s->hdr_info.request_content_length > 0 && s->hdr_info.request_content_length > s->http_config_param->max_post_size) {
+ DebugTxn("http_trans", "Max post size %" PRId64 " Client tried to post a body that was too large.", s->http_config_param->max_post_size);
+ HTTP_INCREMENT_TRANS_STAT(http_post_body_too_large);
+ bootstrap_state_variables_from_request(s, &s->hdr_info.client_request);
+ build_error_response(s, HTTP_STATUS_REQUEST_ENTITY_TOO_LARGE, "Request Entity Too Large", "request#entity_too_large", NULL);
+ s->squid_codes.log_code = SQUID_LOG_ERR_POST_ENTITY_TOO_LARGE;
+ TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, NULL);
+ }
+
// The following chunk of code allows you to disallow post w/ expect 100-continue (TS-3459)
if (s->hdr_info.request_content_length && s->http_config_param->disallow_post_100_continue) {
MIMEField *expect = s->hdr_info.client_request.field_find(MIME_FIELD_EXPECT, MIME_LEN_EXPECT);
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/eadc9cfa/proxy/logging/Log.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/Log.cc b/proxy/logging/Log.cc
index 36a81c5..842bf16 100644
--- a/proxy/logging/Log.cc
+++ b/proxy/logging/Log.cc
@@ -501,6 +501,7 @@ Log::init_fields()
SQUID_LOG_UDP_HIT_OBJ, "UDP_HIT_OBJ", SQUID_LOG_UDP_MISS, "UDP_MISS", SQUID_LOG_UDP_DENIED, "UDP_DENIED", SQUID_LOG_UDP_INVALID,
"UDP_INVALID", SQUID_LOG_UDP_RELOADING, "UDP_RELOADING", SQUID_LOG_UDP_FUTURE_1, "UDP_FUTURE_1", SQUID_LOG_UDP_FUTURE_2,
"UDP_FUTURE_2", SQUID_LOG_ERR_READ_TIMEOUT, "ERR_READ_TIMEOUT", SQUID_LOG_ERR_LIFETIME_EXP, "ERR_LIFETIME_EXP",
+ SQUID_LOG_ERR_POST_ENTITY_TOO_LARGE, "ERR_POST_ENTITY_TOO_LARGE",
SQUID_LOG_ERR_NO_CLIENTS_BIG_OBJ, "ERR_NO_CLIENTS_BIG_OBJ", SQUID_LOG_ERR_READ_ERROR, "ERR_READ_ERROR",
SQUID_LOG_ERR_CLIENT_ABORT, "ERR_CLIENT_ABORT", SQUID_LOG_ERR_CONNECT_FAIL, "ERR_CONNECT_FAIL", SQUID_LOG_ERR_INVALID_REQ,
"ERR_INVALID_REQ", SQUID_LOG_ERR_UNSUP_REQ, "ERR_UNSUP_REQ", SQUID_LOG_ERR_INVALID_URL, "ERR_INVALID_URL", SQUID_LOG_ERR_NO_FDS,
[2/3] trafficserver git commit: TS-3631: add config option to limit
post size: UPDATE CHANGES
Posted by br...@apache.org.
TS-3631: add config option to limit post size: UPDATE CHANGES
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a6eb0bd4
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a6eb0bd4
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a6eb0bd4
Branch: refs/heads/master
Commit: a6eb0bd4a92406ce5838098691d7abad261d6a7f
Parents: eadc9cf
Author: Brian Geffon <br...@apache.org>
Authored: Fri May 22 00:22:41 2015 -0700
Committer: Brian Geffon <br...@apache.org>
Committed: Fri May 22 00:22:41 2015 -0700
----------------------------------------------------------------------
CHANGES | 2 ++
1 file changed, 2 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a6eb0bd4/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 4dc8b33..35222fc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
-*- coding: utf-8 -*-
Changes with Apache Traffic Server 6.0.0
+ *) [TS-3631] Add config option to limit post size
+
*) [TS-3628] Unable to use disks larger than 16T
*) [TS-2080] Remove arbitrary 1 year max age limit on the cache, use
[3/3] trafficserver git commit: TS-3631: add config option to limit
post size: UPDATE DOCS
Posted by br...@apache.org.
TS-3631: add config option to limit post size: UPDATE DOCS
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/be6c95ba
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/be6c95ba
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/be6c95ba
Branch: refs/heads/master
Commit: be6c95ba2778e6c871f935c991695403f7ca5a57
Parents: a6eb0bd
Author: Brian Geffon <br...@apache.org>
Authored: Fri May 22 00:25:11 2015 -0700
Committer: Brian Geffon <br...@apache.org>
Committed: Fri May 22 00:25:11 2015 -0700
----------------------------------------------------------------------
doc/reference/configuration/records.config.en.rst | 8 ++++++++
1 file changed, 8 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/be6c95ba/doc/reference/configuration/records.config.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/configuration/records.config.en.rst b/doc/reference/configuration/records.config.en.rst
index 1435895..694d338 100644
--- a/doc/reference/configuration/records.config.en.rst
+++ b/doc/reference/configuration/records.config.en.rst
@@ -1204,6 +1204,14 @@ Security
a filtering rule in the ip_allow.config file to allow only certain
machines to push content into the cache.
+.. ts:cv:: CONFIG proxy.config.http.max_post_size INT 0
+ :reloadable:
+
+ This feature is disabled by default with a value of (``0``), any positive
+ value will limit the size of post bodies. If a request is received with a
+ post body larger than this limit the response will be terminated with
+ 413 - Request Entity Too Large and logged accordingly.
+
Cache Control
=============