[ https://issues.apache.org/jira/browse/TS-4098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15453224#comment-15453224 ]
Quinn Lertratanakul edited comment on TS-4098 at 8/31/16 8:26 PM: ------------------------------------------------------------------ Under attachments is the current remaps being applied and tested on functionality (remap.config). >From testing by hand, the ACL filters are not behaving in the expected LIFO >manner. For example, when we have 3 embedded filters where the GET method is >allowed and then denied and then allowed again, a curl command requesting GET >returns a 403. In addressing the behavior of allow on methods, doing {code} @action=allow @method=GET{code} returns 400 for a nonstandard method and 403 for a standard method (ie HEAD). While stepping through gdb for a nonstandard method, {{match}} is true under {{PerformACLFiltering}} in {{UrlRewrite.cc}} and the request is not blocked. was (Author: kawaiirice): Under attachments is the current remaps being applied and tested on functionality (remap.config). >From testing by hand, the ACL filters are not behaving in the expected LIFO >manner. For example, when we have 3 embedded filters where the GET method is >allowed and then denied and then allowed again, a curl command requesting GET >returns a 403. In addressing the behavior of allow on methods, doing {code} @action=allow @method=GET{code} returns 400 for a nonstandard method and 403 for a standard method (ie HEAD). While stepping through gdb for a nonstandard method, {example}match{example} is true under PerformACLFiltering in UrlRewrite.cc and the request is not blocked. > Remap filtering isn't working to only allow certain methods > ----------------------------------------------------------- > > Key: TS-4098 > URL: https://issues.apache.org/jira/browse/TS-4098 > Project: Traffic Server > Issue Type: Bug > Components: HTTP > Reporter: Bryan Call > Assignee: Quinn Lertratanakul > Fix For: 7.0.0 > > Attachments: remap.config > > > Limiting a remap rule to only use a certain methods doesn't work. Also the > Via header comes back with wrong information: > {code} > Proxy request results: > Request headers received from client:simple request (not conditional) > Result of Traffic Server cache lookup for URL:no cache lookup performed > Response information received from origin server:no server connection needed > Result of document write-to-cache:no cache write performed > Proxy operation result:unknown? > Error codes (if any):no error > Operational results: > Tunnel info:tunneling due to a method (e.g. CONNECT) > Cache-type and cache-lookup cache result values:cache miss or no cache lookup > / no cache lookup > ICP status:no icp > Parent proxy connection status:no parent proxy > Origin server connection status:connection opened successfully > {code} > Example remap rule: > {code} > map / http://127.0.0.1/ @method=GET @action=allow > {code} > Curl request and the 501 is from the origin: > {code} > curl -s -D - -o /dev/null -X xxx http://127.0.0.1:8080/ > HTTP/1.1 501 Not Implemented > Date: Tue, 22 Dec 2015 19:34:43 GMT > Server: ATS/6.1.0 > Allow: GET,HEAD,POST,OPTIONS,TRACE > Content-Length: 201 > Content-Type: text/html; charset=iso-8859-1 > Age: 0 > Connection: keep-alive > Via: http/1.1 homer.bryancall.com (ApacheTrafficServer/6.1.0 [uSc s f p > eN:tMc i p sS]) > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)