You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bc...@apache.org on 2014/05/30 23:05:18 UTC

[46/50] [abbrv] git commit: TS-1981 Url remap method filtering is broken with invalid method.

TS-1981 Url remap method filtering is broken with invalid method.


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/3e818112
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/3e818112
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/3e818112

Branch: refs/heads/5.0.x
Commit: 3e818112374b5ea4e2d92fb2292bc16a7fdc01ae
Parents: e8b88af
Author: Thach Tran <tr...@gmail.com>
Authored: Fri May 30 11:15:16 2014 -0600
Committer: Leif Hedstrom <zw...@apache.org>
Committed: Fri May 30 11:16:21 2014 -0600

----------------------------------------------------------------------
 CHANGES                        |  3 ++
 proxy/http/remap/UrlRewrite.cc | 60 ++++++++++++++++++-------------------
 2 files changed, 32 insertions(+), 31 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3e818112/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 49cfaf4..cfca250 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache Traffic Server 5.0.0
 
+  *) [TS-1981] Url remap method filtering is broken with invalid method.
+   Author: Thach Tran <tr...@gmail.com>
+
   *) [TS-2792] Large request header causes unexpected remap.
    Author: Masakazu Kitajo <m4...@gmail.com>
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3e818112/proxy/http/remap/UrlRewrite.cc
----------------------------------------------------------------------
diff --git a/proxy/http/remap/UrlRewrite.cc b/proxy/http/remap/UrlRewrite.cc
index 7a7bb73..ab61b3b 100644
--- a/proxy/http/remap/UrlRewrite.cc
+++ b/proxy/http/remap/UrlRewrite.cc
@@ -427,43 +427,41 @@ UrlRewrite::PerformACLFiltering(HttpTransact::State *s, url_mapping *map)
   if (map->filter) {
     int i, res, method;
     i = (method = s->hdr_info.client_request.method_get_wksidx()) - HTTP_WKSIDX_CONNECT;
-    if (likely(i >= 0 && i < ACL_FILTER_MAX_METHODS)) {
-      bool client_enabled_flag = true;
-      ink_release_assert(ats_is_ip(&s->client_info.addr));
-      for (acl_filter_rule * rp = map->filter; rp; rp = rp->next) {
-        bool match = true;
-        if (rp->method_valid) {
-          if (rp->method_idx[i] != method)
-            match = false;
+    bool client_enabled_flag = true;
+    ink_release_assert(ats_is_ip(&s->client_info.addr));
+    for (acl_filter_rule * rp = map->filter; rp && client_enabled_flag; rp = rp->next) { // stop as soon as a filter denies
+      bool match = true;
+      if (rp->method_valid) {
+        if (likely(i >= 0 && i < ACL_FILTER_MAX_METHODS)) {
+            match = rp->method_idx[i] == method;
         }
-        if (match && rp->src_ip_valid) {
-          match = false;
-          for (int j = 0; j < rp->src_ip_cnt && !match; j++) {
-            res = rp->src_ip_array[j].contains(s->client_info.addr) ? 1 : 0;
-            if (rp->src_ip_array[j].invert) {
-              if (res != 1)
-                match = true;
-            } else {
-              if (res == 1)
-                match = true;
-            }
-          }
+        else {
+            match = false;
         }
-        if (match && client_enabled_flag) {     //make sure that a previous filter did not DENY
-          Debug("url_rewrite", "matched ACL filter rule, %s request", rp->allow_flag ? "allowing" : "denying");
-          client_enabled_flag = rp->allow_flag ? true : false;
-        } else {
-          if (!client_enabled_flag) {
-            Debug("url_rewrite", "Previous ACL filter rule denied request, continuing to deny it");
+      }
+      if (match && rp->src_ip_valid) {
+        match = false;
+        for (int j = 0; j < rp->src_ip_cnt && !match; j++) {
+          res = rp->src_ip_array[j].contains(s->client_info.addr) ? 1 : 0;
+          if (rp->src_ip_array[j].invert) {
+            if (res != 1)
+              match = true;
           } else {
-            Debug("url_rewrite", "did NOT match ACL filter rule, %s request", rp->allow_flag ? "denying" : "allowing");
-              client_enabled_flag = rp->allow_flag ? false : true;
+            if (res == 1)
+              match = true;
           }
         }
+      }
+      if (match) {
+        Debug("url_rewrite", "matched ACL filter rule, %s request", rp->allow_flag ? "allowing" : "denying");
+        client_enabled_flag = rp->allow_flag ? true : false;
+      } else {
+        Debug("url_rewrite", "did NOT match ACL filter rule, %s request", rp->allow_flag ? "denying" : "allowing");
+        client_enabled_flag = rp->allow_flag ? false : true;
+      }
 
-      }                         /* end of for(rp = map->filter;rp;rp = rp->next) */
-      s->client_connection_enabled = client_enabled_flag;
-    }
+    }                         /* end of for(rp = map->filter;rp;rp = rp->next) */
+    s->client_connection_enabled = client_enabled_flag;
   }
 }