You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Bryan Call (JIRA)" <ji...@apache.org> on 2012/08/14 23:27:38 UTC
[jira] [Created] (TS-1407) ATS blocks unknown methods (eg PROPFIND)
and doesn't work with webdav
Bryan Call created TS-1407:
------------------------------
Summary: ATS blocks unknown methods (eg PROPFIND) and doesn't work with webdav
Key: TS-1407
URL: https://issues.apache.org/jira/browse/TS-1407
Project: Traffic Server
Issue Type: Bug
Components: Security
Affects Versions: 3.2.0
Reporter: Bryan Call
Setting the ip-allow.config to ALL for the method type doesn't include methods not known to ATS. Currently the method PROPFIND can't work in ATS making it not work with webdav.
The way the ALL_METHOD_MASK is created is by turning the bits on for the number of methods that ATS knows about. I am going to change the code to turn on all bits in the mask:
void IpAllow::InitInstance() {
ALL_METHOD_MASK = ~0;
}
Right now:
[bcall@snowball trafficserver]$ sudo proxy/traffic_server -T ip-allow
[Aug 14 14:24:34.476] Server {0x7f6cbff5c700} DEBUG: (ip-allow) Quick filter denial on 192.168.1.12:(null) with mask 7ff
[bcall@snowball trafficserver]$ curl -D - -X PROPFIND -x snowball:8080 http://caldav.calendar.yahoo.com/
HTTP/1.1 403 Access Denied
After the change:
[bcall@snowball trafficserver]$ sudo proxy/traffic_server -T ip-allow
[Aug 14 14:26:13.046] Server {0x7f97c815d700} DEBUG: (ip-allow) Quick filter denial on 192.168.1.12:(null) with mask ffffffff and method: ffffffff
[bcall@snowball trafficserver]$ curl -D - -X PROPFIND -x snowball:8080 http://caldav.calendar.yahoo.com/
HTTP/1.1 401 Unauthorized <---- error from origin, ATS is proxying...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (TS-1407) ATS blocks unknown methods (eg
PROPFIND) and doesn't work with webdav
Posted by "James Peach (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-1407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Peach reassigned TS-1407:
-------------------------------
Assignee: Bryan Call
> ATS blocks unknown methods (eg PROPFIND) and doesn't work with webdav
> ---------------------------------------------------------------------
>
> Key: TS-1407
> URL: https://issues.apache.org/jira/browse/TS-1407
> Project: Traffic Server
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.2.0
> Reporter: Bryan Call
> Assignee: Bryan Call
>
> Setting the ip-allow.config to ALL for the method type doesn't include methods not known to ATS. Currently the method PROPFIND can't work in ATS making it not work with webdav.
> The way the ALL_METHOD_MASK is created is by turning the bits on for the number of methods that ATS knows about. I am going to change the code to turn on all bits in the mask:
> void IpAllow::InitInstance() {
> ALL_METHOD_MASK = ~0;
> }
> Right now:
> [bcall@snowball trafficserver]$ sudo proxy/traffic_server -T ip-allow
> [Aug 14 14:24:34.476] Server {0x7f6cbff5c700} DEBUG: (ip-allow) Quick filter denial on 192.168.1.12:(null) with mask 7ff
> [bcall@snowball trafficserver]$ curl -D - -X PROPFIND -x snowball:8080 http://caldav.calendar.yahoo.com/
> HTTP/1.1 403 Access Denied
> After the change:
> [bcall@snowball trafficserver]$ sudo proxy/traffic_server -T ip-allow
> [Aug 14 14:26:13.046] Server {0x7f97c815d700} DEBUG: (ip-allow) Quick filter denial on 192.168.1.12:(null) with mask ffffffff and method: ffffffff
> [bcall@snowball trafficserver]$ curl -D - -X PROPFIND -x snowball:8080 http://caldav.calendar.yahoo.com/
> HTTP/1.1 401 Unauthorized <---- error from origin, ATS is proxying...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (TS-1407) ATS blocks unknown methods (eg
PROPFIND) and doesn't work with webdav
Posted by "Bryan Call (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-1407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13434547#comment-13434547 ]
Bryan Call commented on TS-1407:
--------------------------------
commit 55b0009176790706a4ca501db31c9fb7fcc435aa
Author: Bryan Call <bc...@apache.org>
Date: Tue Aug 14 14:38:58 2012 -0700
TS-1407 Change the ip allow/quick filter ALL mask to allow all methods.
> ATS blocks unknown methods (eg PROPFIND) and doesn't work with webdav
> ---------------------------------------------------------------------
>
> Key: TS-1407
> URL: https://issues.apache.org/jira/browse/TS-1407
> Project: Traffic Server
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.2.0
> Reporter: Bryan Call
> Assignee: Bryan Call
>
> Setting the ip-allow.config to ALL for the method type doesn't include methods not known to ATS. Currently the method PROPFIND can't work in ATS making it not work with webdav.
> The way the ALL_METHOD_MASK is created is by turning the bits on for the number of methods that ATS knows about. I am going to change the code to turn on all bits in the mask:
> void IpAllow::InitInstance() {
> ALL_METHOD_MASK = ~0;
> }
> Right now:
> [bcall@snowball trafficserver]$ sudo proxy/traffic_server -T ip-allow
> [Aug 14 14:24:34.476] Server {0x7f6cbff5c700} DEBUG: (ip-allow) Quick filter denial on 192.168.1.12:(null) with mask 7ff
> [bcall@snowball trafficserver]$ curl -D - -X PROPFIND -x snowball:8080 http://caldav.calendar.yahoo.com/
> HTTP/1.1 403 Access Denied
> After the change:
> [bcall@snowball trafficserver]$ sudo proxy/traffic_server -T ip-allow
> [Aug 14 14:26:13.046] Server {0x7f97c815d700} DEBUG: (ip-allow) Quick filter denial on 192.168.1.12:(null) with mask ffffffff and method: ffffffff
> [bcall@snowball trafficserver]$ curl -D - -X PROPFIND -x snowball:8080 http://caldav.calendar.yahoo.com/
> HTTP/1.1 401 Unauthorized <---- error from origin, ATS is proxying...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (TS-1407) ATS blocks unknown methods (eg
PROPFIND) and doesn't work with webdav
Posted by "Bryan Call (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-1407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Call resolved TS-1407.
----------------------------
Resolution: Fixed
Fix Version/s: 3.3.1
> ATS blocks unknown methods (eg PROPFIND) and doesn't work with webdav
> ---------------------------------------------------------------------
>
> Key: TS-1407
> URL: https://issues.apache.org/jira/browse/TS-1407
> Project: Traffic Server
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.2.0
> Reporter: Bryan Call
> Assignee: Bryan Call
> Fix For: 3.3.1
>
>
> Setting the ip-allow.config to ALL for the method type doesn't include methods not known to ATS. Currently the method PROPFIND can't work in ATS making it not work with webdav.
> The way the ALL_METHOD_MASK is created is by turning the bits on for the number of methods that ATS knows about. I am going to change the code to turn on all bits in the mask:
> void IpAllow::InitInstance() {
> ALL_METHOD_MASK = ~0;
> }
> Right now:
> [bcall@snowball trafficserver]$ sudo proxy/traffic_server -T ip-allow
> [Aug 14 14:24:34.476] Server {0x7f6cbff5c700} DEBUG: (ip-allow) Quick filter denial on 192.168.1.12:(null) with mask 7ff
> [bcall@snowball trafficserver]$ curl -D - -X PROPFIND -x snowball:8080 http://caldav.calendar.yahoo.com/
> HTTP/1.1 403 Access Denied
> After the change:
> [bcall@snowball trafficserver]$ sudo proxy/traffic_server -T ip-allow
> [Aug 14 14:26:13.046] Server {0x7f97c815d700} DEBUG: (ip-allow) Quick filter denial on 192.168.1.12:(null) with mask ffffffff and method: ffffffff
> [bcall@snowball trafficserver]$ curl -D - -X PROPFIND -x snowball:8080 http://caldav.calendar.yahoo.com/
> HTTP/1.1 401 Unauthorized <---- error from origin, ATS is proxying...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (TS-1407) ATS blocks unknown methods (eg PROPFIND)
and doesn't work with webdav
Posted by "Igor Galić (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-1407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Igor Galić updated TS-1407:
---------------------------
Backport to Version: 3.2.3
> ATS blocks unknown methods (eg PROPFIND) and doesn't work with webdav
> ---------------------------------------------------------------------
>
> Key: TS-1407
> URL: https://issues.apache.org/jira/browse/TS-1407
> Project: Traffic Server
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.2.0
> Reporter: Bryan Call
> Assignee: Bryan Call
> Fix For: 3.3.1
>
>
> Setting the ip-allow.config to ALL for the method type doesn't include methods not known to ATS. Currently the method PROPFIND can't work in ATS making it not work with webdav.
> The way the ALL_METHOD_MASK is created is by turning the bits on for the number of methods that ATS knows about. I am going to change the code to turn on all bits in the mask:
> void IpAllow::InitInstance() {
> ALL_METHOD_MASK = ~0;
> }
> Right now:
> [bcall@snowball trafficserver]$ sudo proxy/traffic_server -T ip-allow
> [Aug 14 14:24:34.476] Server {0x7f6cbff5c700} DEBUG: (ip-allow) Quick filter denial on 192.168.1.12:(null) with mask 7ff
> [bcall@snowball trafficserver]$ curl -D - -X PROPFIND -x snowball:8080 http://caldav.calendar.yahoo.com/
> HTTP/1.1 403 Access Denied
> After the change:
> [bcall@snowball trafficserver]$ sudo proxy/traffic_server -T ip-allow
> [Aug 14 14:26:13.046] Server {0x7f97c815d700} DEBUG: (ip-allow) Quick filter denial on 192.168.1.12:(null) with mask ffffffff and method: ffffffff
> [bcall@snowball trafficserver]$ curl -D - -X PROPFIND -x snowball:8080 http://caldav.calendar.yahoo.com/
> HTTP/1.1 401 Unauthorized <---- error from origin, ATS is proxying...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira