Repository: trafficserver Updated Branches: refs/heads/master 4e2647c9e -> 802065570
TS-2423: Add option for server sessions that use auth headers that can be placed into the shared pool Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/80206557 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/80206557 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/80206557 Branch: refs/heads/master Commit: 8020655706f012ffe0daa7990ca7a75abeb5cb21 Parents: 4e2647c Author: Bryan Call <[email protected]> Authored: Mon Aug 18 20:29:53 2014 -0700 Committer: Bryan Call <[email protected]> Committed: Mon Aug 18 20:29:53 2014 -0700 ---------------------------------------------------------------------- CHANGES | 6 +++++- mgmt/RecordsConfig.cc | 2 ++ proxy/http/HttpConfig.h | 3 ++- proxy/http/HttpSM.cc | 5 +++-- 4 files changed, 12 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/80206557/CHANGES ---------------------------------------------------------------------- diff --git a/CHANGES b/CHANGES index be539ef..9f73841 100644 --- a/CHANGES +++ b/CHANGES @@ -1,9 +1,13 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 5.1.0 + *) [TS-2423] Add option for server sessions that use auth headers that can + be placed into the shared pool + *) [TS-2635] remove unused include <net/ppp_defs.h> - *) [TS-3001] GlobalSign responds 403 when OCSP request posted without Host header + *) [TS-3001] GlobalSign responds 403 when OCSP request posted without Host + header *) [TS-2722] authproxy: Eliminate the DNS lookup state, just use the client http://git-wip-us.apache.org/repos/asf/trafficserver/blob/80206557/mgmt/RecordsConfig.cc ---------------------------------------------------------------------- diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index d69724e..7aa6f80 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -460,6 +460,8 @@ RecordElement RecordsConfig[] = { , {RECT_CONFIG, "proxy.config.http.referer_default_redirect", RECD_STRING, "http://www.example.com/";, RECU_DYNAMIC, RR_NULL, RECC_NULL, NULL, RECA_NULL} , + {RECT_CONFIG, "proxy.config.http.auth_server_session_private", RECD_INT, "1", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-1]", RECA_NULL} + , // ############################## // # parent proxy configuration # http://git-wip-us.apache.org/repos/asf/trafficserver/blob/80206557/proxy/http/HttpConfig.h ---------------------------------------------------------------------- diff --git a/proxy/http/HttpConfig.h b/proxy/http/HttpConfig.h index ae670f7..c465043 100644 --- a/proxy/http/HttpConfig.h +++ b/proxy/http/HttpConfig.h @@ -395,7 +395,7 @@ struct OverridableHttpConfigParams { keep_alive_enabled_in(1), keep_alive_enabled_out(1), keep_alive_post_out(1), server_session_sharing_match(TS_SERVER_SESSION_SHARING_MATCH_BOTH), server_session_sharing_pool(TS_SERVER_SESSION_SHARING_POOL_THREAD), - fwd_proxy_auth_to_parent(0), insert_age_in_response(1), + auth_server_session_private(1), fwd_proxy_auth_to_parent(0), insert_age_in_response(1), anonymize_remove_from(0), anonymize_remove_referer(0), anonymize_remove_user_agent(0), anonymize_remove_cookie(0), anonymize_remove_client_ip(0), anonymize_insert_client_ip(1), proxy_response_server_enabled(1), proxy_response_hsts_max_age(-1), proxy_response_hsts_include_subdomains(0), @@ -452,6 +452,7 @@ struct OverridableHttpConfigParams { MgmtByte server_session_sharing_match; MgmtByte server_session_sharing_pool; // MgmtByte share_server_sessions; + MgmtByte auth_server_session_private; MgmtByte fwd_proxy_auth_to_parent; MgmtByte insert_age_in_response; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/80206557/proxy/http/HttpSM.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 7de3692..6b5ace8 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -5629,9 +5629,10 @@ HttpSM::setup_server_send_request() hdr_length += server_entry->write_buffer->write(t_state.internal_msg_buffer, msg_len); server_request_body_bytes = msg_len; } + // If we are sending authorizations headers, mark the connection private - if (t_state.hdr_info.server_request.presence(MIME_PRESENCE_AUTHORIZATION | MIME_PRESENCE_PROXY_AUTHORIZATION - | MIME_PRESENCE_WWW_AUTHENTICATE)) { + if (t_state.txn_conf->auth_server_session_private == 1 && + t_state.hdr_info.server_request.presence(MIME_PRESENCE_AUTHORIZATION | MIME_PRESENCE_PROXY_AUTHORIZATION | MIME_PRESENCE_WWW_AUTHENTICATE)) { server_session->private_session = true; DebugSM("http_ss", "Setting server session to private for authorization header"); }
