From: Amos Jeffries Date: Sun, 25 Jan 2015 04:48:21 +0000 (-0800) Subject: Remove dst ACL dependency on HTTP request message existence X-Git-Tag: merge-candidate-3-v1~316 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a3c5c08169c066a3e78d600609a7fc614d90f522;p=thirdparty%2Fsquid.git Remove dst ACL dependency on HTTP request message existence The ACL checklist dst_addr member can be used in cases where the HTTP message is not provided. Such as ssl_bump, ICAP outgoing IP, or peer selection probes. --- diff --git a/src/acl/DestinationIp.cc b/src/acl/DestinationIp.cc index c4c199b60c..97ae96d25c 100644 --- a/src/acl/DestinationIp.cc +++ b/src/acl/DestinationIp.cc @@ -29,6 +29,10 @@ ACLDestinationIP::match(ACLChecklist *cl) { ACLFilledChecklist *checklist = Filled(cl); + // if there is no HTTP request details fallback to the dst_addr + if (!checklist->request) + return ACLIP::match(checklist->dst_addr); + // Bug 3243: CVE 2009-0801 // Bypass of browser same-origin access control in intercepted communication // To resolve this we will force DIRECT and only to the original client destination. diff --git a/src/acl/DestinationIp.h b/src/acl/DestinationIp.h index 90d74cc75f..2a31c885b3 100644 --- a/src/acl/DestinationIp.h +++ b/src/acl/DestinationIp.h @@ -33,7 +33,6 @@ public: ACLDestinationIP(): ACLIP(ACLDestinationIP::SupportedFlags) {} virtual char const *typeString() const; virtual int match(ACLChecklist *checklist); - virtual bool requiresRequest() const {return true;} virtual ACL *clone()const;