Re: OPTIONS/TRACE denial patch condition is wrong

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 03 Sep 2010 13:59:15 +1200

Alex Rousskov wrote:
>> (08:28:14 AM) amosjeffries: rousskov: two priority things for you.
>> please review the OPTIONS/TRACE denial patch against your intentions.
>> the new return condition is wrong. false==emit 400, true == continue
>> processing/passthru the request. (sorry)
>
> Hi Amos,
>
> The code looks correct to me. The outcome is also correct:
>
>> Max-Forwards URL Action
>> 0 nonstar 501
>> 0 * 501
>> 1+ nonstar forwarded
>> 1+ * 501
>> none nonstar forwarded
>> none * 501
>
>
> You may be confused because the first two 501s mean "here is our
> compliant response to your OPTIONS request directed at Squid" while the
> other two 501s mean "we do not support forwarding of OPTIONS requests
> with a * URI". These two cases might become different if we start
> providing some useful information in the OPTIONS responses directed at us.
>
> FWIW, if we let *-URIs through the urlCheckRequest() check, the user
> will get a misleading ERR_DNS_FAIL when Squid tries to forward the
> request. Fixing *-URI forwarding is outside the scope of the committed
> patch.
>
> Hope this clarifies,

It does. And thanks for the extra code docs.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.7
   Beta testers wanted for 3.2.0.1
Received on Fri Sep 03 2010 - 01:59:20 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 03 2010 - 12:00:09 MDT