Repository: trafficserver Updated Branches: refs/heads/master e26aeb9cb -> 95cd99da5
TS-3459: Create a new config to disallow Post w/ Expect: 100-continue Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a30afc0c Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a30afc0c Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a30afc0c Branch: refs/heads/master Commit: a30afc0c8b97d5427797f2a53a0b7e89f186f5f3 Parents: e26aeb9 Author: Brian Geffon <bri...@apache.org> Authored: Fri Mar 20 09:45:13 2015 -0700 Committer: Brian Geffon <bri...@apache.org> Committed: Fri Mar 20 09:45:13 2015 -0700 ---------------------------------------------------------------------- mgmt/RecordsConfig.cc | 2 ++ proxy/http/HttpConfig.cc | 6 ++++++ proxy/http/HttpConfig.h | 5 ++++- proxy/http/HttpTransact.cc | 18 ++++++++++++++++++ 4 files changed, 30 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a30afc0c/mgmt/RecordsConfig.cc ---------------------------------------------------------------------- diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index 03a32ec..c9212eb 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -440,6 +440,8 @@ static const RecordElement RecordsConfig[] = , {RECT_CONFIG, "proxy.config.http.send_408_post_timeout_response", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_NULL, NULL, RECA_NULL} , + {RECT_CONFIG, "proxy.config.http.disallow_post_100_continue", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_NULL, NULL, RECA_NULL} + , {RECT_CONFIG, "proxy.config.http.share_server_sessions", RECD_INT, "2", RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL} , {RECT_CONFIG, "proxy.config.http.server_session_sharing.match", RECD_STRING, "both", RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL} http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a30afc0c/proxy/http/HttpConfig.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc index ab560d3..b57795e 100644 --- a/proxy/http/HttpConfig.cc +++ b/proxy/http/HttpConfig.cc @@ -1081,6 +1081,10 @@ register_stat_callbacks() (int) http_ua_msecs_counts_other_unclassified_stat, RecRawStatSyncIntMsecsToFloatSeconds); RecRegisterRawStat(http_rsb, RECT_PROCESS, + "proxy.process.http.disallowed_post_100_continue", + RECD_COUNTER, RECP_PERSISTENT, (int) disallowed_post_100_continue, RecRawStatSyncCount); + + RecRegisterRawStat(http_rsb, RECT_PROCESS, "proxy.process.http.total_x_redirect_count", RECD_COUNTER, RECP_PERSISTENT, (int) http_total_x_redirect_stat, RecRawStatSyncCount); @@ -1289,6 +1293,7 @@ HttpConfig::startup() HttpEstablishStaticConfigByte(c.send_100_continue_response, "proxy.config.http.send_100_continue_response"); HttpEstablishStaticConfigByte(c.send_408_post_timeout_response, "proxy.config.http.send_408_post_timeout_response"); + HttpEstablishStaticConfigByte(c.disallow_post_100_continue, "proxy.config.http.disallow_post_100_continue"); HttpEstablishStaticConfigByte(c.parser_allow_non_http, "proxy.config.http.parse.allow_non_http"); HttpEstablishStaticConfigByte(c.oride.cache_when_to_revalidate, "proxy.config.http.cache.when_to_revalidate"); @@ -1547,6 +1552,7 @@ HttpConfig::reconfigure() params->send_100_continue_response = INT_TO_BOOL(m_master.send_100_continue_response); params->send_408_post_timeout_response = INT_TO_BOOL(m_master.send_408_post_timeout_response); + params->disallow_post_100_continue = INT_TO_BOOL(m_master.disallow_post_100_continue); params->parser_allow_non_http = INT_TO_BOOL(m_master.parser_allow_non_http); params->oride.cache_when_to_revalidate = m_master.oride.cache_when_to_revalidate; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a30afc0c/proxy/http/HttpConfig.h ---------------------------------------------------------------------- diff --git a/proxy/http/HttpConfig.h b/proxy/http/HttpConfig.h index 9722144..8f678d5 100644 --- a/proxy/http/HttpConfig.h +++ b/proxy/http/HttpConfig.h @@ -228,6 +228,8 @@ enum http_ua_msecs_counts_errors_other_stat, http_ua_msecs_counts_other_unclassified_stat, + disallowed_post_100_continue, + http_total_x_redirect_stat, // Times @@ -733,6 +735,7 @@ public: MgmtByte send_100_continue_response; MgmtByte send_408_post_timeout_response; + MgmtByte disallow_post_100_continue; MgmtByte parser_allow_non_http; OverridableHttpConfigParams oride; @@ -743,7 +746,6 @@ public: MgmtInt autoconf_port; MgmtByte autoconf_localhost_only; - private: ///////////////////////////////////// // operator = and copy constructor // @@ -889,6 +891,7 @@ HttpConfigParams::HttpConfigParams() ignore_accept_charset_mismatch(0), send_100_continue_response(0), send_408_post_timeout_response(0), + disallow_post_100_continue(0), parser_allow_non_http(1), autoconf_port(0), autoconf_localhost_only(0) http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a30afc0c/proxy/http/HttpTransact.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc index 0078ef1..2cd36bd 100644 --- a/proxy/http/HttpTransact.cc +++ b/proxy/http/HttpTransact.cc @@ -1255,6 +1255,24 @@ HttpTransact::HandleRequest(State* s) // client keep-alive, cache action, etc. initialize_state_variables_from_request(s, &s->hdr_info.client_request); + // The following chunk of code allows you to disallow post w/ expect 100-continue (TS-3459) + if (s->hdr_info.request_content_length && s->http_config_param->disallow_post_100_continue) { + MIMEField *expect = s->hdr_info.client_request.field_find(MIME_FIELD_EXPECT, MIME_LEN_EXPECT); + + if (expect != NULL) { + const char *expect_hdr_val = NULL; + int expect_hdr_val_len = 0; + expect_hdr_val = expect->value_get(&expect_hdr_val_len); + if (ptr_len_casecmp(expect_hdr_val, expect_hdr_val_len, HTTP_VALUE_100_CONTINUE, HTTP_LEN_100_CONTINUE) == 0) { + // Let's error out this request. + DebugTxn("http_trans", "Client sent a post expect: 100-continue, sending 405."); + HTTP_INCREMENT_TRANS_STAT(disallowed_post_100_continue); + build_error_response(s, HTTP_STATUS_METHOD_NOT_ALLOWED, "Method Not Allowed", "request#method_unsupported", NULL); + TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, NULL); + } + } + } + // Cache lookup or not will be decided later at DecideCacheLookup(). // Before it's decided to do a cache lookup, // assume no cache lookup and using proxy (not tunneling)