[jira] [Commented] (TS-1423) Blind tunneling of garbage/invalid requests when using transparent interception

Wed, 12 Dec 2012 14:13:24 -0800 

    [ 
https://issues.apache.org/jira/browse/TS-1423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13530414#comment-13530414
 ] 

Yossi Gottlieb commented on TS-1423:
------------------------------------

Regarding comment 1, just being (too?) defensive against anyone who'll use that 
reader in the future for other things.  It's probably redundant.

Regarding the config option, I suppose having a per-listener flag is more 
powerful as it can allow the admin to enable/disable this capability based on 
criteria other than destination port (doing that in iptables and TPROXYing 
accordingly).  In theory this could also be used instead of configuring 
explicit destination ports to allow pass-through to, but it would be ugly to 
have multiple listeners only for that.

So I guess the cleanest and most powerful config would include a per-listener 
flag and a global restricted pass-through port list (which by default can be 
empty to indicate all ports are allowed).
                
> Blind tunneling of garbage/invalid requests when using transparent 
> interception
> -------------------------------------------------------------------------------
>
>                 Key: TS-1423
>                 URL: https://issues.apache.org/jira/browse/TS-1423
>             Project: Traffic Server
>          Issue Type: New Feature
>    Affects Versions: 3.2.0
>         Environment: 3.2 with TProxy inteception and 
> proxy.config.http.use_client_target_addr == 1
>            Reporter: B Wyatt
>            Assignee: Alan M. Carroll
>             Fix For: 3.3.3
>
>         Attachments: transparent_passthrough.diff
>
>
> Presently, when ATS encounters a request that it cannot parse or that is 
> malformed in any way, it sends an error response to the client.
> When using transparent interception and 
> proxy.config.http.use_client_target_addr ATS should have enough information 
> to blindly tunnel the original "transmission" to the desired endpoint and 
> maintain the service regardless of HTTP/1.x compliance and moreover if it is 
> non-HTTP communication over port 80. 
> Bonus would be support for supporting alien protocols where the server speaks 
> first however, ambiguity over a slow incoming request and an expectation that 
> the server speaks first can make that difficult.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to