You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bc...@apache.org on 2014/05/30 23:05:18 UTC
[46/50] [abbrv] git commit: TS-1981 Url remap method filtering is
broken with invalid method.
TS-1981 Url remap method filtering is broken with invalid method.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/3e818112
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/3e818112
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/3e818112
Branch: refs/heads/5.0.x
Commit: 3e818112374b5ea4e2d92fb2292bc16a7fdc01ae
Parents: e8b88af
Author: Thach Tran <tr...@gmail.com>
Authored: Fri May 30 11:15:16 2014 -0600
Committer: Leif Hedstrom <zw...@apache.org>
Committed: Fri May 30 11:16:21 2014 -0600
----------------------------------------------------------------------
CHANGES | 3 ++
proxy/http/remap/UrlRewrite.cc | 60 ++++++++++++++++++-------------------
2 files changed, 32 insertions(+), 31 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3e818112/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 49cfaf4..cfca250 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache Traffic Server 5.0.0
+ *) [TS-1981] Url remap method filtering is broken with invalid method.
+ Author: Thach Tran <tr...@gmail.com>
+
*) [TS-2792] Large request header causes unexpected remap.
Author: Masakazu Kitajo <m4...@gmail.com>
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3e818112/proxy/http/remap/UrlRewrite.cc
----------------------------------------------------------------------
diff --git a/proxy/http/remap/UrlRewrite.cc b/proxy/http/remap/UrlRewrite.cc
index 7a7bb73..ab61b3b 100644
--- a/proxy/http/remap/UrlRewrite.cc
+++ b/proxy/http/remap/UrlRewrite.cc
@@ -427,43 +427,41 @@ UrlRewrite::PerformACLFiltering(HttpTransact::State *s, url_mapping *map)
if (map->filter) {
int i, res, method;
i = (method = s->hdr_info.client_request.method_get_wksidx()) - HTTP_WKSIDX_CONNECT;
- if (likely(i >= 0 && i < ACL_FILTER_MAX_METHODS)) {
- bool client_enabled_flag = true;
- ink_release_assert(ats_is_ip(&s->client_info.addr));
- for (acl_filter_rule * rp = map->filter; rp; rp = rp->next) {
- bool match = true;
- if (rp->method_valid) {
- if (rp->method_idx[i] != method)
- match = false;
+ bool client_enabled_flag = true;
+ ink_release_assert(ats_is_ip(&s->client_info.addr));
+ for (acl_filter_rule * rp = map->filter; rp && client_enabled_flag; rp = rp->next) { // stop as soon as a filter denies
+ bool match = true;
+ if (rp->method_valid) {
+ if (likely(i >= 0 && i < ACL_FILTER_MAX_METHODS)) {
+ match = rp->method_idx[i] == method;
}
- if (match && rp->src_ip_valid) {
- match = false;
- for (int j = 0; j < rp->src_ip_cnt && !match; j++) {
- res = rp->src_ip_array[j].contains(s->client_info.addr) ? 1 : 0;
- if (rp->src_ip_array[j].invert) {
- if (res != 1)
- match = true;
- } else {
- if (res == 1)
- match = true;
- }
- }
+ else {
+ match = false;
}
- if (match && client_enabled_flag) { //make sure that a previous filter did not DENY
- Debug("url_rewrite", "matched ACL filter rule, %s request", rp->allow_flag ? "allowing" : "denying");
- client_enabled_flag = rp->allow_flag ? true : false;
- } else {
- if (!client_enabled_flag) {
- Debug("url_rewrite", "Previous ACL filter rule denied request, continuing to deny it");
+ }
+ if (match && rp->src_ip_valid) {
+ match = false;
+ for (int j = 0; j < rp->src_ip_cnt && !match; j++) {
+ res = rp->src_ip_array[j].contains(s->client_info.addr) ? 1 : 0;
+ if (rp->src_ip_array[j].invert) {
+ if (res != 1)
+ match = true;
} else {
- Debug("url_rewrite", "did NOT match ACL filter rule, %s request", rp->allow_flag ? "denying" : "allowing");
- client_enabled_flag = rp->allow_flag ? false : true;
+ if (res == 1)
+ match = true;
}
}
+ }
+ if (match) {
+ Debug("url_rewrite", "matched ACL filter rule, %s request", rp->allow_flag ? "allowing" : "denying");
+ client_enabled_flag = rp->allow_flag ? true : false;
+ } else {
+ Debug("url_rewrite", "did NOT match ACL filter rule, %s request", rp->allow_flag ? "denying" : "allowing");
+ client_enabled_flag = rp->allow_flag ? false : true;
+ }
- } /* end of for(rp = map->filter;rp;rp = rp->next) */
- s->client_connection_enabled = client_enabled_flag;
- }
+ } /* end of for(rp = map->filter;rp;rp = rp->next) */
+ s->client_connection_enabled = client_enabled_flag;
}
}