rivasj commented on issue #3286: Pattern-based consistent hashing feature for TR/TO/TP URL: https://github.com/apache/trafficcontrol/pull/3286#issuecomment-461950874 > I was able to test the new DS field in TP and saw that it made its all the way to the cr-config, so that looks good. > > Using the TP Test Regex tool, I was able to get the Traffic Router spinning its wheels on an evil regex. > Regex: /(a+)+$ > String: /aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaax > > I don't see catastrophic backtracking to be a common occurance with how this will be used, but it is possible to spike the router CPU with bad requests like the one above. > > The Match and Pattern libraries being used do not offer configurable safeguards for this, so a word of warning in the documentation might be useful. Either this or you can use an interrupt to kill off regex processing that is taking too long. Added restrictions in both TP and the TR API to restrict the length of request paths hitting the endpoint to safeguard TR from inputs like those in this comment.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
