Repository: trafficserver Updated Branches: refs/heads/5.0.x 5379350a6 -> 3cf9b6d6a
limit access to synthetic healthcheck Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/c1244fb7 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/c1244fb7 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/c1244fb7 Branch: refs/heads/5.0.x Commit: c1244fb73f6e2bae9e640f08fd3390e5d22943d7 Parents: 5379350 Author: Bryan Call <[email protected]> Authored: Tue Jul 22 17:56:27 2014 -0700 Committer: Bryan Call <[email protected]> Committed: Tue Jul 22 17:58:01 2014 -0700 ---------------------------------------------------------------------- mgmt/RecordsConfig.cc | 2 +- mgmt/web2/WebIntrMain.cc | 19 +++++++++++-------- proxy/http/HttpConfig.cc | 8 ++++++++ proxy/http/HttpConfig.h | 11 ++++++++++- proxy/http/HttpTransact.cc | 7 ++++++- 5 files changed, 36 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c1244fb7/mgmt/RecordsConfig.cc ---------------------------------------------------------------------- diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index 3b2977c..f02912a 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -244,7 +244,7 @@ RecordElement RecordsConfig[] = { , {RECT_CONFIG, "proxy.config.admin.autoconf.doc_root", RECD_STRING, TS_BUILD_SYSCONFDIR, RECU_NULL, RR_REQUIRED, RECC_NULL, NULL, RECA_NULL} , - {RECT_CONFIG, "proxy.config.admin.autoconf.localhost_only", RECD_INT, "0", RECU_RESTART_TM, RR_NULL, RECC_INT, "[0-1]", RECA_NULL} + {RECT_CONFIG, "proxy.config.admin.autoconf.localhost_only", RECD_INT, "1", RECU_RESTART_TM, RR_NULL, RECC_INT, "[0-1]", RECA_NULL} , {RECT_CONFIG, "proxy.config.admin.autoconf.pac_filename", RECD_STRING, "proxy.pac", RECU_DYNAMIC, RR_NULL, RECC_NULL, NULL, RECA_NULL} , http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c1244fb7/mgmt/web2/WebIntrMain.cc ---------------------------------------------------------------------- diff --git a/mgmt/web2/WebIntrMain.cc b/mgmt/web2/WebIntrMain.cc index 0dc220d..3cd6988 100644 --- a/mgmt/web2/WebIntrMain.cc +++ b/mgmt/web2/WebIntrMain.cc @@ -54,6 +54,7 @@ extern "C" #endif typedef int fd; +static RecInt autoconf_localhost_only = 1; #define SOCKET_TIMEOUT 10*60 @@ -62,14 +63,14 @@ WebInterFaceGlobals wGlobals; // There are two web ports maintained // -// One is for adminstration. This port serves +// One is for administration. This port serves // all the configuration and monitoring info. // Most sites will have some security features // (authentication and SSL) active on this // port since it system administrator access // The other is for things that we want to serve // insecurely. Client auto configuration falls -// in this catagory. The public key for the +// in this category. The public key for the // administration server is another example // WebContext autoconfContext; @@ -83,7 +84,7 @@ int aconf_port_arg = -1; // directory exists and that the default file // exists // -// returns 0 if everthing is OK +// returns 0 if everything is OK // returns 1 if something is missing // int @@ -223,7 +224,11 @@ newTcpSocket(int port) memset(&socketInfo, 0, sizeof(socketInfo)); socketInfo.sin_family = AF_INET; socketInfo.sin_port = htons(port); - socketInfo.sin_addr.s_addr = htonl(INADDR_ANY); + if (autoconf_localhost_only == 1) { + socketInfo.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + } else { + socketInfo.sin_addr.s_addr = htonl(INADDR_ANY); + } // Allow for immediate re-binding to port if (setsockopt(socketFD, SOL_SOCKET, SO_REUSEADDR, (char *) &one, sizeof(int)) < 0) { @@ -333,7 +338,6 @@ webIntr_main(void *) RecInt tempInt; bool found; - int autoconf_localhost_only = 0; int addrLen; int i; @@ -375,8 +379,7 @@ webIntr_main(void *) ink_mutex_init(&wGlobals.submitLock, "Submission Mutex"); // Fix for INKqa10514 - found = (RecGetRecordInt("proxy.config.admin.autoconf.localhost_only", &tempInt) == REC_ERR_OKAY); - autoconf_localhost_only = (int) tempInt; + found = (RecGetRecordInt("proxy.config.admin.autoconf.localhost_only", &autoconf_localhost_only) == REC_ERR_OKAY); ink_assert(found); // Set up the client autoconfiguration context @@ -390,7 +393,7 @@ webIntr_main(void *) publicPort = (int) tempInt; ink_assert(found); } - Debug("ui", "[WebIntrMain] Starting Client AutoConfig Server on Port %d\n", publicPort); + Debug("ui", "[WebIntrMain] Starting Client AutoConfig Server on Port %d", publicPort); found = (RecGetRecordString_Xmalloc("proxy.config.admin.autoconf.doc_root", &(autoconfContext.docRoot)) == REC_ERR_OKAY); ink_assert(found); http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c1244fb7/proxy/http/HttpConfig.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc index d5184ae..974ead7 100644 --- a/proxy/http/HttpConfig.cc +++ b/proxy/http/HttpConfig.cc @@ -1463,6 +1463,10 @@ HttpConfig::startup() HttpEstablishStaticConfigLongLong(c.number_of_redirections, "proxy.config.http.number_of_redirections"); HttpEstablishStaticConfigLongLong(c.post_copy_size, "proxy.config.http.post_copy_size"); + // Local Manager + HttpEstablishStaticConfigLongLong(c.autoconf_port, "proxy.config.admin.autoconf_port"); + HttpEstablishStaticConfigByte(c.autoconf_localhost_only, "proxy.config.admin.autoconf.localhost_only"); + // Cluster time delta gets it own callback since it needs // to use ink_atomic_swap c.cluster_time_delta = 0; @@ -1707,6 +1711,10 @@ params->push_method_enabled = INT_TO_BOOL(m_master.push_method_enabled); params->number_of_redirections = m_master.number_of_redirections; params->post_copy_size = m_master.post_copy_size; + // Local Manager + params->autoconf_port = m_master.autoconf_port; + params->autoconf_localhost_only = m_master.autoconf_localhost_only; + m_id = configProcessor.set(m_id, params); #undef INT_TO_BOOL http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c1244fb7/proxy/http/HttpConfig.h ---------------------------------------------------------------------- diff --git a/proxy/http/HttpConfig.h b/proxy/http/HttpConfig.h index e30257b..cf52b51 100644 --- a/proxy/http/HttpConfig.h +++ b/proxy/http/HttpConfig.h @@ -789,6 +789,13 @@ public: OverridableHttpConfigParams oride; + //////////////////// + // Local Manager // + //////////////////// + MgmtInt autoconf_port; + MgmtByte autoconf_localhost_only; + + private: ///////////////////////////////////// // operator = and copy constructor // @@ -934,7 +941,9 @@ HttpConfigParams::HttpConfigParams() ignore_accept_language_mismatch(0), ignore_accept_encoding_mismatch(0), ignore_accept_charset_mismatch(0), - send_100_continue_response(0) + send_100_continue_response(0), + autoconf_port(0), + autoconf_localhost_only(0) { } http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c1244fb7/proxy/http/HttpTransact.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc index 1d099b0..bcb931b 100644 --- a/proxy/http/HttpTransact.cc +++ b/proxy/http/HttpTransact.cc @@ -781,11 +781,16 @@ HttpTransact::StartRemapRequest(State* s) int host_len, path_len; const char *host = url->host_get(&host_len); const char *path = url->path_get(&path_len); + const int port = url->port_get(); const char syntxt[] = "synthetic.txt"; s->cop_test_page = (ptr_len_cmp(host, host_len, local_host_ip_str, sizeof(local_host_ip_str) - 1) == 0) && - (ptr_len_cmp(path, path_len, syntxt, sizeof(syntxt) - 1) == 0); + (ptr_len_cmp(path, path_len, syntxt, sizeof(syntxt) - 1) == 0) && + port == s->http_config_param->autoconf_port && + s->method == HTTP_WKSIDX_GET && + s->orig_scheme == URL_WKSIDX_HTTP && + (!s->http_config_param->autoconf_localhost_only || ats_ip4_addr_cast(&s->client_info.addr.sa) == htonl(INADDR_LOOPBACK)); ////////////////////////////////////////////////////////////////// // FIX: this logic seems awfully convoluted and hard to follow; //
