trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bri...@apache.org
Subject [1/3] trafficserver git commit: TS-3459: Create a new config to disallow Post w/ Expect: 100-continue
Date Fri, 20 Mar 2015 16:49:20 GMT 
Repository: trafficserver
Updated Branches:
  refs/heads/master e26aeb9cb -> 95cd99da5


TS-3459: Create a new config to disallow Post w/ Expect: 100-continue


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a30afc0c
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a30afc0c
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a30afc0c

Branch: refs/heads/master
Commit: a30afc0c8b97d5427797f2a53a0b7e89f186f5f3
Parents: e26aeb9
Author: Brian Geffon <briang@apache.org>
Authored: Fri Mar 20 09:45:13 2015 -0700
Committer: Brian Geffon <briang@apache.org>
Committed: Fri Mar 20 09:45:13 2015 -0700

----------------------------------------------------------------------
 mgmt/RecordsConfig.cc      |  2 ++
 proxy/http/HttpConfig.cc   |  6 ++++++
 proxy/http/HttpConfig.h    |  5 ++++-
 proxy/http/HttpTransact.cc | 18 ++++++++++++++++++
 4 files changed, 30 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a30afc0c/mgmt/RecordsConfig.cc
----------------------------------------------------------------------
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index 03a32ec..c9212eb 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -440,6 +440,8 @@ static const RecordElement RecordsConfig[] =
   ,
   {RECT_CONFIG, "proxy.config.http.send_408_post_timeout_response", RECD_INT, "0", RECU_DYNAMIC,
RR_NULL, RECC_NULL, NULL, RECA_NULL}
   ,
+  {RECT_CONFIG, "proxy.config.http.disallow_post_100_continue", RECD_INT, "0", RECU_DYNAMIC,
RR_NULL, RECC_NULL, NULL, RECA_NULL}
+  ,
   {RECT_CONFIG, "proxy.config.http.share_server_sessions", RECD_INT, "2", RECU_RESTART_TS,
RR_NULL, RECC_NULL, NULL, RECA_NULL}
   ,
   {RECT_CONFIG, "proxy.config.http.server_session_sharing.match", RECD_STRING, "both", RECU_RESTART_TS,
RR_NULL, RECC_NULL, NULL, RECA_NULL}

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a30afc0c/proxy/http/HttpConfig.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc
index ab560d3..b57795e 100644
--- a/proxy/http/HttpConfig.cc
+++ b/proxy/http/HttpConfig.cc
@@ -1081,6 +1081,10 @@ register_stat_callbacks()
                      (int) http_ua_msecs_counts_other_unclassified_stat, RecRawStatSyncIntMsecsToFloatSeconds);
 
   RecRegisterRawStat(http_rsb, RECT_PROCESS,
+                     "proxy.process.http.disallowed_post_100_continue",
+                     RECD_COUNTER, RECP_PERSISTENT, (int) disallowed_post_100_continue, RecRawStatSyncCount);
+
+  RecRegisterRawStat(http_rsb, RECT_PROCESS,
                      "proxy.process.http.total_x_redirect_count",
                      RECD_COUNTER, RECP_PERSISTENT,
                      (int) http_total_x_redirect_stat, RecRawStatSyncCount);
@@ -1289,6 +1293,7 @@ HttpConfig::startup()
 
   HttpEstablishStaticConfigByte(c.send_100_continue_response, "proxy.config.http.send_100_continue_response");
   HttpEstablishStaticConfigByte(c.send_408_post_timeout_response, "proxy.config.http.send_408_post_timeout_response");
+  HttpEstablishStaticConfigByte(c.disallow_post_100_continue, "proxy.config.http.disallow_post_100_continue");
   HttpEstablishStaticConfigByte(c.parser_allow_non_http, "proxy.config.http.parse.allow_non_http");
 
   HttpEstablishStaticConfigByte(c.oride.cache_when_to_revalidate, "proxy.config.http.cache.when_to_revalidate");
@@ -1547,6 +1552,7 @@ HttpConfig::reconfigure()
 
   params->send_100_continue_response = INT_TO_BOOL(m_master.send_100_continue_response);
   params->send_408_post_timeout_response = INT_TO_BOOL(m_master.send_408_post_timeout_response);
+  params->disallow_post_100_continue = INT_TO_BOOL(m_master.disallow_post_100_continue);
   params->parser_allow_non_http = INT_TO_BOOL(m_master.parser_allow_non_http);
 
   params->oride.cache_when_to_revalidate = m_master.oride.cache_when_to_revalidate;

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a30afc0c/proxy/http/HttpConfig.h
----------------------------------------------------------------------
diff --git a/proxy/http/HttpConfig.h b/proxy/http/HttpConfig.h
index 9722144..8f678d5 100644
--- a/proxy/http/HttpConfig.h
+++ b/proxy/http/HttpConfig.h
@@ -228,6 +228,8 @@ enum
   http_ua_msecs_counts_errors_other_stat,
   http_ua_msecs_counts_other_unclassified_stat,
 
+  disallowed_post_100_continue,
+
   http_total_x_redirect_stat,
 
   // Times
@@ -733,6 +735,7 @@ public:
 
   MgmtByte send_100_continue_response;
   MgmtByte send_408_post_timeout_response;
+  MgmtByte disallow_post_100_continue;
   MgmtByte parser_allow_non_http;
 
   OverridableHttpConfigParams oride;
@@ -743,7 +746,6 @@ public:
   MgmtInt autoconf_port;
   MgmtByte autoconf_localhost_only;
 
-
 private:
   /////////////////////////////////////
   // operator = and copy constructor //
@@ -889,6 +891,7 @@ HttpConfigParams::HttpConfigParams()
     ignore_accept_charset_mismatch(0),
     send_100_continue_response(0),
     send_408_post_timeout_response(0),
+    disallow_post_100_continue(0),
     parser_allow_non_http(1),
     autoconf_port(0),
     autoconf_localhost_only(0)

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a30afc0c/proxy/http/HttpTransact.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index 0078ef1..2cd36bd 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -1255,6 +1255,24 @@ HttpTransact::HandleRequest(State* s)
   // client keep-alive, cache action, etc.
   initialize_state_variables_from_request(s, &s->hdr_info.client_request);
 
+  // The following chunk of code allows you to disallow post w/ expect 100-continue (TS-3459)
+  if (s->hdr_info.request_content_length && s->http_config_param->disallow_post_100_continue)
{
+    MIMEField *expect = s->hdr_info.client_request.field_find(MIME_FIELD_EXPECT, MIME_LEN_EXPECT);
+
+    if (expect != NULL) {
+      const char *expect_hdr_val = NULL;
+      int expect_hdr_val_len = 0;
+      expect_hdr_val = expect->value_get(&expect_hdr_val_len);
+      if (ptr_len_casecmp(expect_hdr_val, expect_hdr_val_len, HTTP_VALUE_100_CONTINUE, HTTP_LEN_100_CONTINUE)
== 0) {
+        // Let's error out this request.
+        DebugTxn("http_trans", "Client sent a post expect: 100-continue, sending 405.");
+        HTTP_INCREMENT_TRANS_STAT(disallowed_post_100_continue);
+        build_error_response(s, HTTP_STATUS_METHOD_NOT_ALLOWED, "Method Not Allowed", "request#method_unsupported",
NULL);
+        TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, NULL);
+      }
+    }
+  }
+
   // Cache lookup or not will be decided later at DecideCacheLookup().
   // Before it's decided to do a cache lookup,
   // assume no cache lookup and using proxy (not tunneling)
Mime
View raw message