Repository: trafficserver Updated Branches: refs/heads/master 9725e10f8 -> be6c95ba2
TS-3631: add config option to limit post size Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/eadc9cfa Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/eadc9cfa Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/eadc9cfa Branch: refs/heads/master Commit: eadc9cfa4020799859c4c65be6608990b6f0fe80 Parents: 9725e10 Author: Brian Geffon <bri...@apache.org> Authored: Fri May 22 00:22:24 2015 -0700 Committer: Brian Geffon <bri...@apache.org> Committed: Fri May 22 00:22:24 2015 -0700 ---------------------------------------------------------------------- mgmt/RecordsConfig.cc | 3 ++- proxy/hdrs/HTTP.h | 1 + proxy/http/HttpConfig.cc | 7 ++++++- proxy/http/HttpConfig.h | 4 +++- proxy/http/HttpTransact.cc | 10 ++++++++++ proxy/logging/Log.cc | 1 + 6 files changed, 23 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/eadc9cfa/mgmt/RecordsConfig.cc ---------------------------------------------------------------------- diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index 8fa1ba4..ebcb8fd 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -482,7 +482,8 @@ static const RecordElement RecordsConfig[] = , {RECT_CONFIG, "proxy.config.http.auth_server_session_private", RECD_INT, "1", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-1]", RECA_NULL} , - + {RECT_CONFIG, "proxy.config.http.max_post_size", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_INT, "^[0-9]+$", RECA_NULL} + , // ############################## // # parent proxy configuration # // ############################## http://git-wip-us.apache.org/repos/asf/trafficserver/blob/eadc9cfa/proxy/hdrs/HTTP.h ---------------------------------------------------------------------- diff --git a/proxy/hdrs/HTTP.h b/proxy/hdrs/HTTP.h index 78de824..a1f6e8f 100644 --- a/proxy/hdrs/HTTP.h +++ b/proxy/hdrs/HTTP.h @@ -136,6 +136,7 @@ enum SquidLogCode { SQUID_LOG_UDP_FUTURE_2 = 'o', SQUID_LOG_ERR_READ_TIMEOUT = 'p', SQUID_LOG_ERR_LIFETIME_EXP = 'q', + SQUID_LOG_ERR_POST_ENTITY_TOO_LARGE = 'L', SQUID_LOG_ERR_NO_CLIENTS_BIG_OBJ = 'r', SQUID_LOG_ERR_READ_ERROR = 's', SQUID_LOG_ERR_CLIENT_ABORT = 't', http://git-wip-us.apache.org/repos/asf/trafficserver/blob/eadc9cfa/proxy/http/HttpConfig.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc index 1b36d2e..54955e5 100644 --- a/proxy/http/HttpConfig.cc +++ b/proxy/http/HttpConfig.cc @@ -854,7 +854,9 @@ register_stat_callbacks() (int)https_incoming_requests_stat, RecRawStatSyncCount); RecRegisterRawStat(http_rsb, RECT_PROCESS, "proxy.process.https.total_client_connections", RECD_COUNTER, RECP_PERSISTENT, (int)https_total_client_connections_stat, RecRawStatSyncCount); - + RecRegisterRawStat(http_rsb, RECT_PROCESS, + "proxy.process.http.post_body_too_large", + RECD_COUNTER, RECP_PERSISTENT, (int) http_post_body_too_large, RecRawStatSyncCount); // milestones RecRegisterRawStat(http_rsb, RECT_PROCESS, "proxy.process.http.milestone.ua_begin", RECD_COUNTER, RECP_PERSISTENT, (int)http_ua_begin_time_stat, RecRawStatSyncSum); @@ -1146,6 +1148,8 @@ HttpConfig::startup() // Stat Page Info HttpEstablishStaticConfigByte(c.enable_http_info, "proxy.config.http.enable_http_info"); + HttpEstablishStaticConfigLongLong(c.max_post_size, "proxy.config.http.max_post_size"); + //############################################################################## //# //# Redirection @@ -1361,6 +1365,7 @@ HttpConfig::reconfigure() params->cache_open_write_fail_action = m_master.cache_open_write_fail_action; params->oride.cache_when_to_revalidate = m_master.oride.cache_when_to_revalidate; + params->max_post_size = m_master.max_post_size; params->oride.cache_required_headers = m_master.oride.cache_required_headers; params->oride.cache_range_lookup = INT_TO_BOOL(m_master.oride.cache_range_lookup); http://git-wip-us.apache.org/repos/asf/trafficserver/blob/eadc9cfa/proxy/http/HttpConfig.h ---------------------------------------------------------------------- diff --git a/proxy/http/HttpConfig.h b/proxy/http/HttpConfig.h index 813e4df..4534c6c 100644 --- a/proxy/http/HttpConfig.h +++ b/proxy/http/HttpConfig.h @@ -228,6 +228,7 @@ enum { http_ua_msecs_counts_other_unclassified_stat, disallowed_post_100_continue, + http_post_body_too_large, http_total_x_redirect_stat, @@ -744,6 +745,7 @@ public: MgmtByte disallow_post_100_continue; MgmtByte parser_allow_non_http; MgmtInt cache_open_write_fail_action; + MgmtInt max_post_size; OverridableHttpConfigParams oride; @@ -853,7 +855,7 @@ inline HttpConfigParams::HttpConfigParams() cluster_time_delta(0), redirection_enabled(0), redirection_host_no_port(0), number_of_redirections(1), post_copy_size(2048), ignore_accept_mismatch(0), ignore_accept_language_mismatch(0), ignore_accept_encoding_mismatch(0), ignore_accept_charset_mismatch(0), send_100_continue_response(0), send_408_post_timeout_response(0), - disallow_post_100_continue(0), parser_allow_non_http(1), cache_open_write_fail_action(0), autoconf_port(0), + disallow_post_100_continue(0), parser_allow_non_http(1), cache_open_write_fail_action(0), max_post_size(0), autoconf_port(0), autoconf_localhost_only(0) { } http://git-wip-us.apache.org/repos/asf/trafficserver/blob/eadc9cfa/proxy/http/HttpTransact.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc index 1149d23..ae52df4 100644 --- a/proxy/http/HttpTransact.cc +++ b/proxy/http/HttpTransact.cc @@ -1252,6 +1252,16 @@ HttpTransact::HandleRequest(State *s) // client keep-alive, cache action, etc. initialize_state_variables_from_request(s, &s->hdr_info.client_request); + // The following code is configurable to allow a user to control the max post size (TS-3631) + if (s->http_config_param->max_post_size > 0 && s->hdr_info.request_content_length > 0 && s->hdr_info.request_content_length > s->http_config_param->max_post_size) { + DebugTxn("http_trans", "Max post size %" PRId64 " Client tried to post a body that was too large.", s->http_config_param->max_post_size); + HTTP_INCREMENT_TRANS_STAT(http_post_body_too_large); + bootstrap_state_variables_from_request(s, &s->hdr_info.client_request); + build_error_response(s, HTTP_STATUS_REQUEST_ENTITY_TOO_LARGE, "Request Entity Too Large", "request#entity_too_large", NULL); + s->squid_codes.log_code = SQUID_LOG_ERR_POST_ENTITY_TOO_LARGE; + TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, NULL); + } + // The following chunk of code allows you to disallow post w/ expect 100-continue (TS-3459) if (s->hdr_info.request_content_length && s->http_config_param->disallow_post_100_continue) { MIMEField *expect = s->hdr_info.client_request.field_find(MIME_FIELD_EXPECT, MIME_LEN_EXPECT); http://git-wip-us.apache.org/repos/asf/trafficserver/blob/eadc9cfa/proxy/logging/Log.cc ---------------------------------------------------------------------- diff --git a/proxy/logging/Log.cc b/proxy/logging/Log.cc index 36a81c5..842bf16 100644 --- a/proxy/logging/Log.cc +++ b/proxy/logging/Log.cc @@ -501,6 +501,7 @@ Log::init_fields() SQUID_LOG_UDP_HIT_OBJ, "UDP_HIT_OBJ", SQUID_LOG_UDP_MISS, "UDP_MISS", SQUID_LOG_UDP_DENIED, "UDP_DENIED", SQUID_LOG_UDP_INVALID, "UDP_INVALID", SQUID_LOG_UDP_RELOADING, "UDP_RELOADING", SQUID_LOG_UDP_FUTURE_1, "UDP_FUTURE_1", SQUID_LOG_UDP_FUTURE_2, "UDP_FUTURE_2", SQUID_LOG_ERR_READ_TIMEOUT, "ERR_READ_TIMEOUT", SQUID_LOG_ERR_LIFETIME_EXP, "ERR_LIFETIME_EXP", + SQUID_LOG_ERR_POST_ENTITY_TOO_LARGE, "ERR_POST_ENTITY_TOO_LARGE", SQUID_LOG_ERR_NO_CLIENTS_BIG_OBJ, "ERR_NO_CLIENTS_BIG_OBJ", SQUID_LOG_ERR_READ_ERROR, "ERR_READ_ERROR", SQUID_LOG_ERR_CLIENT_ABORT, "ERR_CLIENT_ABORT", SQUID_LOG_ERR_CONNECT_FAIL, "ERR_CONNECT_FAIL", SQUID_LOG_ERR_INVALID_REQ, "ERR_INVALID_REQ", SQUID_LOG_ERR_UNSUP_REQ, "ERR_UNSUP_REQ", SQUID_LOG_ERR_INVALID_URL, "ERR_INVALID_URL", SQUID_LOG_ERR_NO_FDS,