traeak commented on code in PR #13160:
URL: https://github.com/apache/trafficserver/pull/13160#discussion_r3274169099
##########
plugins/experimental/maxmind_acl/mmdb.cc:
##########
@@ -503,6 +540,48 @@ Acl::loaddb(const YAML::Node &dbNode)
return true;
}
+bool
+Acl::check_bypass(TSHttpTxn txnp) const
+{
+ if (_bypass_header.empty()) {
+ return false;
+ }
+
+ TSMBuffer mbuf;
+ TSMLoc hdr_loc;
+ if (TS_SUCCESS != TSHttpTxnClientReqGet(txnp, &mbuf, &hdr_loc)) {
+ Dbg(dbg_ctl, "check_bypass: failed to get client request headers");
+ return false;
+ }
+
+ TSMLoc field_loc = TSMimeHdrFieldFind(mbuf, hdr_loc, _bypass_header.c_str(),
static_cast<int>(_bypass_header.size()));
+ if (TS_NULL_MLOC == field_loc) {
+ TSHandleMLocRelease(mbuf, TS_NULL_MLOC, hdr_loc);
+ return false;
+ }
+
+ bool bypassed = false;
+ if (_bypass_header_value.empty()) {
+ // presence-only check
+ Dbg(dbg_ctl, "check_bypass: bypass header '%s' present",
_bypass_header.c_str());
+ bypassed = true;
Review Comment:
This is intentional. Simple configuration is to allow just the presence of a
header to indicate that the geo check should be bypassed. This is intended
only for use with other plugins. Documentation is clear that the header itself
should in practice be properly managed (ie: scrubbed) when the transaction
starts.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
