[jira] [Commented] (TS-1423) Blind tunneling of garbage/invalid requests when using transparent interception

Thu, 13 Dec 2012 10:42:13 -0800 

    [ 
https://issues.apache.org/jira/browse/TS-1423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13531310#comment-13531310
 ] 

Alan M. Carroll commented on TS-1423:
-------------------------------------

One other issue I want to write up for future reference (not required for this 
fix) is the potential for bad forwarding. Right now this just checks for 
PARSE_ERROR on reading the header. I wonder if we should be more restrictive on 
the forwarding and basically check for the first GET line on the connection. If 
that doesn't parse, forward. But if it's a valid HTTP first line, don't. It 
looks to me like you could do this by checking the m_parsing_http flag in the 
parser (set when working on the first line, reset when parsing the fields). I'd 
appreciate feedback on that from Yossi, but I don't want to slow the patch on 
that account.
                
> Blind tunneling of garbage/invalid requests when using transparent 
> interception
> -------------------------------------------------------------------------------
>
>                 Key: TS-1423
>                 URL: https://issues.apache.org/jira/browse/TS-1423
>             Project: Traffic Server
>          Issue Type: New Feature
>    Affects Versions: 3.2.0
>         Environment: 3.2 with TProxy inteception and 
> proxy.config.http.use_client_target_addr == 1
>            Reporter: B Wyatt
>            Assignee: Alan M. Carroll
>             Fix For: 3.3.3
>
>         Attachments: transparent_passthrough.diff
>
>
> Presently, when ATS encounters a request that it cannot parse or that is 
> malformed in any way, it sends an error response to the client.
> When using transparent interception and 
> proxy.config.http.use_client_target_addr ATS should have enough information 
> to blindly tunnel the original "transmission" to the desired endpoint and 
> maintain the service regardless of HTTP/1.x compliance and moreover if it is 
> non-HTTP communication over port 80. 
> Bonus would be support for supporting alien protocols where the server speaks 
> first however, ambiguity over a slow incoming request and an expectation that 
> the server speaks first can make that difficult.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to