[TS-1407] ATS blocks unknown methods (eg PROPFIND) and doesn't work with webdav - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.2.0
Fix Version/s: 3.3.1
Component/s: Security
Labels:
None

Backport to Version:

3.2.3

Description

Setting the ip-allow.config to ALL for the method type doesn't include methods not known to ATS. Currently the method PROPFIND can't work in ATS making it not work with webdav.

The way the ALL_METHOD_MASK is created is by turning the bits on for the number of methods that ATS knows about. I am going to change the code to turn on all bits in the mask:

void IpAllow::InitInstance() {
ALL_METHOD_MASK = ~0;
}

Right now:
[bcall@snowball trafficserver]$ sudo proxy/traffic_server -T ip-allow
[Aug 14 14:24:34.476] Server

{0x7f6cbff5c700}

DEBUG: (ip-allow) Quick filter denial on 192.168.1.12:(null) with mask 7ff

[bcall@snowball trafficserver]$ curl -D - -X PROPFIND -x snowball:8080 http://caldav.calendar.yahoo.com/
HTTP/1.1 403 Access Denied

After the change:

[bcall@snowball trafficserver]$ sudo proxy/traffic_server -T ip-allow
[Aug 14 14:26:13.046] Server

{0x7f97c815d700}

DEBUG: (ip-allow) Quick filter denial on 192.168.1.12:(null) with mask ffffffff and method: ffffffff

[bcall@snowball trafficserver]$ curl -D - -X PROPFIND -x snowball:8080 http://caldav.calendar.yahoo.com/
HTTP/1.1 401 Unauthorized <---- error from origin, ATS is proxying...

Attachments

Issue Links

is duplicated by

TS-1393 Unable to disable quick_filter

Closed

TS-1232 Support unknown methods in HTTP requests

Closed

Activity

People

Assignee:: Bryan Call

Reporter:: Bryan Call

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 14/Aug/12 21:27

Updated:: 05/Jun/13 22:44

Resolved:: 14/Aug/12 22:15