[GitHub] trafficserver pull request #732: [TS-4270] Make stats_over_http a remap plug...

[calavera]

GitHub user calavera opened a pull request:

    https://github.com/apache/trafficserver/pull/732

    [TS-4270] Make stats_over_http a remap plugin.

    I'm opening this Pull Request to get feedback about the current remap 
behavior.
    
    I'd like to restrict all access to the stats over http using remap rules, 
like this one:
    
        map /_stats /_stats @plugin=stats_over_http.so @action=allow 
@src_ip=127.0.0.1
    
    However, the remap action is validated after a plugin is loaded. This is 
problematic for plugins that intercept the server request, because they can 
send a response before this validation happen, like it's the case of 
stats_over_http.
    
    I modified RemapProcessor to call `PerformACLFiltering` before a plugin is 
loaded, but I don't know if that's the right way to solve this problem. 
Specifically, because with this change, that filtering happens twice, before 
and after loading the plugin.
    
    I'd really appreciate some feedback to solve this problem.
    
    Signed-off-by: David Calavera <david.calav...@gmail.com>

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/calavera/trafficserver stats_remap_plugin

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/trafficserver/pull/732.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #732
    
----
commit 4266a6a880cb5cccaebe0ea4532f6794298a654f
Author: David Calavera <david.calav...@gmail.com>
Date:   2016-06-22T16:58:52Z

    [TS-4270] Make stats_over_http a remap plugin.
    
    Validate ACL before calling the plugin, so it can apply action rules.
    For example:
    
    map /_stats /_stats @plugin=stats_over_http.so @action=allow 
@src_ip=127.0.0.1
    
    Signed-off-by: David Calavera <david.calav...@gmail.com>

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---