[GitHub] [trafficserver] d2r commented on issue #4145: Adds configurable behavior on redirect to loopback

Wed, 12 Sep 2018 14:57:02 -0700 

```Diff
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index 09455e5d7..950501ef8 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -1546,36 +1546,6 @@ HttpTransact::OSDNSLookup(State *s)
     TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, nullptr);
   }
 
-  if (s->redirect_info.redirect_in_process) {
-    RedirectEnabled::Action action = RedirectEnabled::Action::INVALID;
-    if (true == Machine::instance()->is_self(s->host_db_info.ip())) {
-      action = s->http_config_param->redirect_actions_self_action;
-    } else {
-      ink_release_assert(s->http_config_param->redirect_actions_map != 
nullptr);
-      ink_release_assert(
-        
s->http_config_param->redirect_actions_map->contains(s->host_db_info.ip(), 
reinterpret_cast<void **>(&action)));
-    }
-    switch (action) {
-    case RedirectEnabled::Action::FOLLOW:
-      TxnDebug("http_trans", "[OSDNSLookup] Invalid redirect address. 
Following");
-      break;
-    case RedirectEnabled::Action::REJECT:
-      TxnDebug("http_trans", "[OSDNSLookup] Invalid redirect address. 
Rejecting.");
-      build_error_response(s, HTTP_STATUS_FORBIDDEN, nullptr, 
"request#syntax_error");
-      SET_VIA_STRING(VIA_DETAIL_TUNNEL, VIA_DETAIL_TUNNEL_NO_FORWARD);
-      TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, nullptr);
-      break;
-    case RedirectEnabled::Action::RETURN:
-      TxnDebug("http_trans", "[OSDNSLookup] Configured to return on invalid 
redirect address.");
-      // fall-through
-    default:
-      // Return this 3xx to the client as-is.
-      TxnDebug("http_trans", "[OSDNSLookup] Invalid redirect address. 
Returning.");
-      build_response_copy(s, &s->hdr_info.server_response, 
&s->hdr_info.client_response, s->client_info.http_version);
-      TRANSACT_RETURN(SM_ACTION_INTERNAL_CACHE_NOOP, nullptr);
-    }
-  }
-
   // detect whether we are about to self loop. the client may have
   // specified the proxy as the origin server (badness).
   // Check if this procedure is already done - YTS Team, yamsat
@@ -1637,6 +1607,37 @@ HttpTransact::OSDNSLookup(State *s)
   ink_assert(s->dns_info.lookup_success);
   TxnDebug("http_seq", "[HttpTransact::OSDNSLookup] DNS Lookup successful");
 
+  if (s->redirect_info.redirect_in_process) {
+    // If dns lookup was not successful, the code below will handle the error.
+    RedirectEnabled::Action action = RedirectEnabled::Action::INVALID;
+    if (true == Machine::instance()->is_self(s->host_db_info.ip())) {
+      action = s->http_config_param->redirect_actions_self_action;
+    } else {
+      ink_release_assert(s->http_config_param->redirect_actions_map != 
nullptr);
+      ink_release_assert(
+        
s->http_config_param->redirect_actions_map->contains(s->host_db_info.ip(), 
reinterpret_cast<void **>(&action)));
+    }
+    switch (action) {
+    case RedirectEnabled::Action::FOLLOW:
+      TxnDebug("http_trans", "[OSDNSLookup] Invalid redirect address. 
Following");
+      break;
+    case RedirectEnabled::Action::REJECT:
+      TxnDebug("http_trans", "[OSDNSLookup] Invalid redirect address. 
Rejecting.");
+      build_error_response(s, HTTP_STATUS_FORBIDDEN, nullptr, 
"request#syntax_error");
+      SET_VIA_STRING(VIA_DETAIL_TUNNEL, VIA_DETAIL_TUNNEL_NO_FORWARD);
+      TRANSACT_RETURN(SM_ACTION_SEND_ERROR_CACHE_NOOP, nullptr);
+      break;
+    case RedirectEnabled::Action::RETURN:
+      TxnDebug("http_trans", "[OSDNSLookup] Configured to return on invalid 
redirect address.");
+      // fall-through
+    default:
+      // Return this 3xx to the client as-is.
+      TxnDebug("http_trans", "[OSDNSLookup] Invalid redirect address. 
Returning.");
+      build_response_copy(s, &s->hdr_info.server_response, 
&s->hdr_info.client_response, s->client_info.http_version);
+      TRANSACT_RETURN(SM_ACTION_INTERNAL_CACHE_NOOP, nullptr);
+    }
+  }
+
   if (DNSLookupInfo::OS_Addr::OS_ADDR_TRY_HOSTDB == s->dns_info.os_addr_style) 
{
     // We've backed off from a client supplied address and found some
     // HostDB addresses. We use those if they're different from the CTA.
diff --git a/tests/gold_tests/redirect/redirect_actions.test.py 
b/tests/gold_tests/redirect/redirect_actions.test.py
index d679f9808..ae4e0f441 100644
--- a/tests/gold_tests/redirect/redirect_actions.test.py
+++ b/tests/gold_tests/redirect/redirect_actions.test.py
@@ -26,7 +26,7 @@ Test redirection behavior to invalid addresses
 '''
 
 Test.SkipIf(Condition.true('autest sometimes does not capture output on the 
last test case of a scenario'))
-Test.ContinueOnFail = True
+Test.ContinueOnFail = False
 
 Test.Setup.Copy(os.path.join(Test.Variables.AtsTestToolsDir,'tcp_client.py'))
 
@@ -82,6 +82,8 @@ def normalizeForAutest(value):
     annoying characters.
     This means we can also use them in URLs.
     '''
+    if not value:
+        return None
     return re.sub(r'[^a-z0-9-]', '_', value, flags=re.I)
 
 def makeTestCase(redirectTarget, expectedAction, scenario):
@@ -126,7 +128,8 @@ def makeTestCase(redirectTarget, expectedAction, scenario):
     testDomain = 'testdomain{0}.test'.format(normRedirectTarget)
     # The micro DNS server can't tell us whether it has a record of the domain 
already, so we use a dictionary to avoid duplicates.
     # We remove any surrounding brackets that are common to IPv6 addresses.
-    dnsRecords[testDomain] = [redirectTarget.strip('[]')]
+    if redirectTarget:
+        dnsRecords[testDomain] = [redirectTarget.strip('[]')]
 
     # A GET request parameterized on the config and on the target.
     request_header = {
@@ -178,6 +181,9 @@ class ActionE(Enum):
     Reject = {'config':'reject', 'expectedStatusLine':'HTTP/1.1 403 
Forbidden\r\n'}
     Follow = {'config':'follow', 'expectedStatusLine':'HTTP/1.1 204 No 
Content\r\n'}
 
+    # Added to test failure modes.
+    Break  = {'expectedStatusLine': 'HTTP/1.1 502 Cannot find server.\r\n'}
+
 scenarios = [
     {
         # Follow to loopback, but alternately reject/return others.
@@ -228,6 +234,9 @@ for scenario in scenarios:
             expectedAction = scenario[addressClass] if addressClass in 
scenario else scenario[AddressE.Default]
             makeTestCase(redirectTarget=address, 
expectedAction=expectedAction, scenario=scenario)
 
+    # Test redirects to names that cannot be resolved.
+    makeTestCase(redirectTarget=None, expectedAction=ActionE.Break, 
scenario=scenario)
+
 dns.addRecords(records=dnsRecords)
 
 # Make sure this runs only after local files have been created.
```

Rebased with the fix for HostDB lookup failure and test cases that cover that 
failure mode.

Previous commit was 9001a5dfdcdfc7dcca1a7a5d40a8d39fe7f1dbc4.

[ Full content available at: https://github.com/apache/trafficserver/pull/4145 ]
This message was relayed via gitbox.apache.org for [email protected]

Reply via email to