You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Thach Tran (JIRA)" <ji...@apache.org> on 2013/06/27 17:13:19 UTC

[jira] [Created] (TS-1981) Url remap method filtering is broken with invalid method

Thach Tran created TS-1981:
------------------------------

             Summary: Url remap method filtering is broken with invalid method
                 Key: TS-1981
                 URL: https://issues.apache.org/jira/browse/TS-1981
             Project: Traffic Server
          Issue Type: Bug
          Components: Configuration, Security
            Reporter: Thach Tran


ACL filtering based on HTTP's method is ignored if method received from client is invalid.

To reproduce, with the default 8080 {{server_ports}} configure the {{remap.conf}} as follows.

{noformat}
map http://localhost:8080/ http://www.google.com/ @method=GET
{noformat}

Then run the following curl command.

{noformat}
$ curl -v -X AAAAAA http://localhost:8080/
{noformat}

Notice that a 200 OK response is received by the client with some (empty) HTML from google.com.

If the following curl command is issued instead

{noformat}
$ curl -v -X PUT http://localhost:8080/
{noformat}

One will see that TS sends back a 403 Access Denied as expected.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira