Bryan Call created TS-1407:
------------------------------
Summary: ATS blocks unknown methods (eg PROPFIND) and doesn't work
with webdav
Key: TS-1407
URL: https://issues.apache.org/jira/browse/TS-1407
Project: Traffic Server
Issue Type: Bug
Components: Security
Affects Versions: 3.2.0
Reporter: Bryan Call
Setting the ip-allow.config to ALL for the method type doesn't include methods
not known to ATS. Currently the method PROPFIND can't work in ATS making it
not work with webdav.
The way the ALL_METHOD_MASK is created is by turning the bits on for the number
of methods that ATS knows about. I am going to change the code to turn on all
bits in the mask:
void IpAllow::InitInstance() {
ALL_METHOD_MASK = ~0;
}
Right now:
[bcall@snowball trafficserver]$ sudo proxy/traffic_server -T ip-allow
[Aug 14 14:24:34.476] Server {0x7f6cbff5c700} DEBUG: (ip-allow) Quick filter
denial on 192.168.1.12:(null) with mask 7ff
[bcall@snowball trafficserver]$ curl -D - -X PROPFIND -x snowball:8080
http://caldav.calendar.yahoo.com/
HTTP/1.1 403 Access Denied
After the change:
[bcall@snowball trafficserver]$ sudo proxy/traffic_server -T ip-allow
[Aug 14 14:26:13.046] Server {0x7f97c815d700} DEBUG: (ip-allow) Quick filter
denial on 192.168.1.12:(null) with mask ffffffff and method: ffffffff
[bcall@snowball trafficserver]$ curl -D - -X PROPFIND -x snowball:8080
http://caldav.calendar.yahoo.com/
HTTP/1.1 401 Unauthorized <---- error from origin, ATS is proxying...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
