Remove dst ACL dependency on HTTP request message existence

The ACL checklist dst_addr member can be used in cases where the HTTP
message is not provided. Such as ssl_bump, ICAP outgoing IP, or peer
selection probes.

diff --git a/src/acl/DestinationIp.cc b/src/acl/DestinationIp.cc
index f861b526e6123900bdb8a66b60ee082a91aa1fec..4200f54642c597387a7af5959e896f3287906a71 100644 (file)
--- a/src/acl/DestinationIp.cc
+++ b/src/acl/DestinationIp.cc
@@ -52,6 +52,10 @@ ACLDestinationIP::match(ACLChecklist *cl)
 {
     ACLFilledChecklist *checklist = Filled(cl);
 
+    // if there is no HTTP request details fallback to the dst_addr
+    if (!checklist->request)
+        return ACLIP::match(checklist->dst_addr);
+
     // Bug 3243: CVE 2009-0801
     // Bypass of browser same-origin access control in intercepted communication
     // To resolve this we will force DIRECT and only to the original client destination.

diff --git a/src/acl/DestinationIp.h b/src/acl/DestinationIp.h
index f58cf3ffd52db4e204305ced337e6c128baf6c48..a61fab08a7bd31c610db798bd247dbc1ad745cfb 100644 (file)
--- a/src/acl/DestinationIp.h
+++ b/src/acl/DestinationIp.h
@@ -58,7 +58,6 @@ public:
     ACLDestinationIP(): ACLIP(ACLDestinationIP::SupportedFlags) {}
     virtual char const *typeString() const;
     virtual int match(ACLChecklist *checklist);
-    virtual bool requiresRequest() const {return true;}
 
     virtual ACL *clone()const;