You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bc...@apache.org on 2014/07/23 16:44:11 UTC
git commit: limit access to synthetic healthcheck
Repository: trafficserver
Updated Branches:
refs/heads/master 7bb4e9bf2 -> 0ba0432a2
limit access to synthetic healthcheck
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/0ba0432a
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/0ba0432a
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/0ba0432a
Branch: refs/heads/master
Commit: 0ba0432a21781a7503b9c4cbb6184d3c48f496da
Parents: 7bb4e9b
Author: Bryan Call <bc...@apache.org>
Authored: Tue Jul 22 17:56:27 2014 -0700
Committer: Bryan Call <bc...@apache.org>
Committed: Tue Jul 22 17:56:27 2014 -0700
----------------------------------------------------------------------
mgmt/RecordsConfig.cc | 2 +-
mgmt/web2/WebIntrMain.cc | 19 +++++++++++--------
proxy/http/HttpConfig.cc | 8 ++++++++
proxy/http/HttpConfig.h | 11 ++++++++++-
proxy/http/HttpTransact.cc | 7 ++++++-
5 files changed, 36 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0ba0432a/mgmt/RecordsConfig.cc
----------------------------------------------------------------------
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index d1702cb..245ddba 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -244,7 +244,7 @@ RecordElement RecordsConfig[] = {
,
{RECT_CONFIG, "proxy.config.admin.autoconf.doc_root", RECD_STRING, TS_BUILD_SYSCONFDIR, RECU_NULL, RR_REQUIRED, RECC_NULL, NULL, RECA_NULL}
,
- {RECT_CONFIG, "proxy.config.admin.autoconf.localhost_only", RECD_INT, "0", RECU_RESTART_TM, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
+ {RECT_CONFIG, "proxy.config.admin.autoconf.localhost_only", RECD_INT, "1", RECU_RESTART_TM, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
,
{RECT_CONFIG, "proxy.config.admin.autoconf.pac_filename", RECD_STRING, "proxy.pac", RECU_DYNAMIC, RR_NULL, RECC_NULL, NULL, RECA_NULL}
,
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0ba0432a/mgmt/web2/WebIntrMain.cc
----------------------------------------------------------------------
diff --git a/mgmt/web2/WebIntrMain.cc b/mgmt/web2/WebIntrMain.cc
index 41d8e35..81f8a39 100644
--- a/mgmt/web2/WebIntrMain.cc
+++ b/mgmt/web2/WebIntrMain.cc
@@ -54,6 +54,7 @@ extern "C"
#endif
typedef int fd;
+static RecInt autoconf_localhost_only = 1;
#define SOCKET_TIMEOUT 10*60
@@ -62,14 +63,14 @@ WebInterFaceGlobals wGlobals;
// There are two web ports maintained
//
-// One is for adminstration. This port serves
+// One is for administration. This port serves
// all the configuration and monitoring info.
// Most sites will have some security features
// (authentication and SSL) active on this
// port since it system administrator access
// The other is for things that we want to serve
// insecurely. Client auto configuration falls
-// in this catagory. The public key for the
+// in this category. The public key for the
// administration server is another example
//
WebContext autoconfContext;
@@ -83,7 +84,7 @@ int aconf_port_arg = -1;
// directory exists and that the default file
// exists
//
-// returns 0 if everthing is OK
+// returns 0 if everything is OK
// returns 1 if something is missing
//
int
@@ -223,7 +224,11 @@ newTcpSocket(int port)
memset(&socketInfo, 0, sizeof(socketInfo));
socketInfo.sin_family = AF_INET;
socketInfo.sin_port = htons(port);
- socketInfo.sin_addr.s_addr = htonl(INADDR_ANY);
+ if (autoconf_localhost_only == 1) {
+ socketInfo.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ } else {
+ socketInfo.sin_addr.s_addr = htonl(INADDR_ANY);
+ }
// Allow for immediate re-binding to port
if (setsockopt(socketFD, SOL_SOCKET, SO_REUSEADDR, (char *) &one, sizeof(int)) < 0) {
@@ -329,7 +334,6 @@ webIntr_main(void *)
RecInt tempInt;
bool found;
- int autoconf_localhost_only = 0;
int addrLen;
int i;
@@ -362,8 +366,7 @@ webIntr_main(void *)
ink_mutex_init(&wGlobals.submitLock, "Submission Mutex");
// Fix for INKqa10514
- found = (RecGetRecordInt("proxy.config.admin.autoconf.localhost_only", &tempInt) == REC_ERR_OKAY);
- autoconf_localhost_only = (int) tempInt;
+ found = (RecGetRecordInt("proxy.config.admin.autoconf.localhost_only", &autoconf_localhost_only) == REC_ERR_OKAY);
ink_assert(found);
// Set up the client autoconfiguration context
@@ -377,7 +380,7 @@ webIntr_main(void *)
publicPort = (int) tempInt;
ink_assert(found);
}
- Debug("ui", "[WebIntrMain] Starting Client AutoConfig Server on Port %d\n", publicPort);
+ Debug("ui", "[WebIntrMain] Starting Client AutoConfig Server on Port %d", publicPort);
found = (RecGetRecordString_Xmalloc("proxy.config.admin.autoconf.doc_root", &(autoconfContext.docRoot)) == REC_ERR_OKAY);
ink_assert(found);
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0ba0432a/proxy/http/HttpConfig.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc
index b4d21ac..b1727be 100644
--- a/proxy/http/HttpConfig.cc
+++ b/proxy/http/HttpConfig.cc
@@ -1461,6 +1461,10 @@ HttpConfig::startup()
HttpEstablishStaticConfigLongLong(c.number_of_redirections, "proxy.config.http.number_of_redirections");
HttpEstablishStaticConfigLongLong(c.post_copy_size, "proxy.config.http.post_copy_size");
+ // Local Manager
+ HttpEstablishStaticConfigLongLong(c.autoconf_port, "proxy.config.admin.autoconf_port");
+ HttpEstablishStaticConfigByte(c.autoconf_localhost_only, "proxy.config.admin.autoconf.localhost_only");
+
// Cluster time delta gets it own callback since it needs
// to use ink_atomic_swap
c.cluster_time_delta = 0;
@@ -1704,6 +1708,10 @@ params->push_method_enabled = INT_TO_BOOL(m_master.push_method_enabled);
params->number_of_redirections = m_master.number_of_redirections;
params->post_copy_size = m_master.post_copy_size;
+ // Local Manager
+ params->autoconf_port = m_master.autoconf_port;
+ params->autoconf_localhost_only = m_master.autoconf_localhost_only;
+
m_id = configProcessor.set(m_id, params);
#undef INT_TO_BOOL
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0ba0432a/proxy/http/HttpConfig.h
----------------------------------------------------------------------
diff --git a/proxy/http/HttpConfig.h b/proxy/http/HttpConfig.h
index bcd805c..df819db 100644
--- a/proxy/http/HttpConfig.h
+++ b/proxy/http/HttpConfig.h
@@ -778,6 +778,13 @@ public:
OverridableHttpConfigParams oride;
+ ////////////////////
+ // Local Manager //
+ ////////////////////
+ MgmtInt autoconf_port;
+ MgmtByte autoconf_localhost_only;
+
+
private:
/////////////////////////////////////
// operator = and copy constructor //
@@ -922,7 +929,9 @@ HttpConfigParams::HttpConfigParams()
ignore_accept_language_mismatch(0),
ignore_accept_encoding_mismatch(0),
ignore_accept_charset_mismatch(0),
- send_100_continue_response(0)
+ send_100_continue_response(0),
+ autoconf_port(0),
+ autoconf_localhost_only(0)
{
}
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0ba0432a/proxy/http/HttpTransact.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index 60cb53e..0a8f93a 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -781,11 +781,16 @@ HttpTransact::StartRemapRequest(State* s)
int host_len, path_len;
const char *host = url->host_get(&host_len);
const char *path = url->path_get(&path_len);
+ const int port = url->port_get();
const char syntxt[] = "synthetic.txt";
s->cop_test_page = (ptr_len_cmp(host, host_len, local_host_ip_str, sizeof(local_host_ip_str) - 1) == 0) &&
- (ptr_len_cmp(path, path_len, syntxt, sizeof(syntxt) - 1) == 0);
+ (ptr_len_cmp(path, path_len, syntxt, sizeof(syntxt) - 1) == 0) &&
+ port == s->http_config_param->autoconf_port &&
+ s->method == HTTP_WKSIDX_GET &&
+ s->orig_scheme == URL_WKSIDX_HTTP &&
+ (!s->http_config_param->autoconf_localhost_only || ats_ip4_addr_cast(&s->client_info.addr.sa) == htonl(INADDR_LOOPBACK));
//////////////////////////////////////////////////////////////////
// FIX: this logic seems awfully convoluted and hard to follow; //