Remove dst ACL dependency on HTTP request message existence

The ACL checklist dst_addr member can be used in cases where the HTTP
message is not provided. Such as ssl_bump, ICAP outgoing IP, or peer
selection probes.

diff --git a/src/acl/DestinationIp.cc b/src/acl/DestinationIp.cc
index c4c199b60c02ad1c3f036b4435f5d93664e6b208..97ae96d25cf2dd5b209dab0799c2af703b3054d9 100644 (file)
--- a/src/acl/DestinationIp.cc
+++ b/src/acl/DestinationIp.cc
@@ -29,6 +29,10 @@ ACLDestinationIP::match(ACLChecklist *cl)
 {
     ACLFilledChecklist *checklist = Filled(cl);
 
+    // if there is no HTTP request details fallback to the dst_addr
+    if (!checklist->request)
+        return ACLIP::match(checklist->dst_addr);
+
     // Bug 3243: CVE 2009-0801
     // Bypass of browser same-origin access control in intercepted communication
     // To resolve this we will force DIRECT and only to the original client destination.

diff --git a/src/acl/DestinationIp.h b/src/acl/DestinationIp.h
index 90d74cc75f17b102db350aa4f744d5089051e875..2a31c885b3ce5e84e5723b91debd6775d0c142f1 100644 (file)
--- a/src/acl/DestinationIp.h
+++ b/src/acl/DestinationIp.h
@@ -33,7 +33,6 @@ public:
     ACLDestinationIP(): ACLIP(ACLDestinationIP::SupportedFlags) {}
     virtual char const *typeString() const;
     virtual int match(ACLChecklist *checklist);
-    virtual bool requiresRequest() const {return true;}
 
     virtual ACL *clone()const;