Implementation of the ability to send js challenge according with custom rules. #2131
Conversation
biathlon3
force-pushed
the
ag_2104-implement-ability-to-send-js-challenge-according-custom-rules
branch
from
30ffc30 to
14766c3
Compare
biathlon3
force-pushed
the
ag_2104-implement-ability-to-send-js-challenge-according-custom-rules
branch
from
acbebd6 to
f920564
Compare
| @@ -499,6 +503,10 @@ tfw_cfgop_http_rule(TfwCfgSpec *cs, TfwCfgEntry *e) | |||
| rule->act.type = TFW_HTTP_MATCH_ACT_CACHE_TTL; | |||
| rule->act.cache_ttl = act_val_parsed; | |||
| } | |||
| else if (!strcasecmp(action, "jsch")) { | |||
| is_jsch_global = false; | |||
There was a problem hiding this comment.
Here is inconsistent behavior - you change global variable only if one jsch is set.
For example:
config = """
http_chain {
host == "aaa" -> jsch;
host == "bbb" -> good;
}
If host == "aaa" ->jsch is set we don't support js challenge for "bbb". But if it is not set we support it! Why? How host == "aaa" -> jsch; deal with host "bbb"?
| if (test_bit(TFW_HTTP_B_HAS_STICKY, req->flags)) | ||
| return 0; | ||
| return tfw_http_sticky_add(resp, cache); | ||
| if (req->need_jsch) { |
There was a problem hiding this comment.
This function is called for all types of cookies which are set by tempesta. It is not only about js_challenge, so this check is wrong
| switch (tfw_http_sess_obtain(req)) { | ||
| case TFW_HTTP_SESS_SUCCESS: | ||
| break; | ||
| if (req->need_jsch) { |
There was a problem hiding this comment.
This check here is wrong. tfw_http_sess_obtain called not only because of js challenge! see cookie learned. I add new tests for it.
| */ | ||
| BUG_ON(r < __TFW_HTTP_SESS_PUB_CODE_MAX); | ||
| return tfw_http_sticky_challenge_start(req); | ||
| if (req->need_jsch) { |
There was a problem hiding this comment.
This check is wrong here. We get cookies for cookie learn also.
| @@ -666,6 +668,8 @@ tfw_http_sess_check_jsch(StickyVal *sv, TfwHttpReq* req) | |||
| { | |||
| unsigned long min_time; | |||
| TfwCfgJsCh *js_ch = req->vhost->cookie->js_challenge; | |||
| if (!req->need_jsch) | |||
There was a problem hiding this comment.
Please combine it with the next check in one if
| @@ -156,6 +156,10 @@ tfw_http_tbl_scan(TfwMsg *msg, TfwHttpTable *table, TfwHttpActionResult *action) | |||
| return 0; | |||
| case TFW_HTTP_MATCH_ACT_BLOCK: | |||
| return -1; | |||
| case TFW_HTTP_MATCH_ACT_JSCH: | |||
| action->type = TFW_HTTP_RES_JSCH; | |||
| action->vhost = tfw_vhost_lookup_default(); | |||
There was a problem hiding this comment.
Its wrong. I add test to check it.
http_chain {{
uri == "*1.html" -> jsch;
host == "good" -> good;
-> default;
}}
For such configuration if host is good and uri == "*1.html" it should go to good vhost not default!
krizhanovsky
requested review from
EvgeniiMekhanik and
enuribekov-tempesta
and removed request for
enuribekov-tempesta
No description provided.