From: Amos Jeffries Date: Sun, 1 Feb 2015 09:42:12 +0000 (-0800) Subject: Remove dst ACL dependency on HTTP request message existence X-Git-Tag: SQUID_3_4_12~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f6df4b86ecb259e5794a4a3a4b22753ace41b585;p=thirdparty%2Fsquid.git Remove dst ACL dependency on HTTP request message existence The ACL checklist dst_addr member can be used in cases where the HTTP message is not provided. Such as ssl_bump, ICAP outgoing IP, or peer selection probes. --- diff --git a/src/acl/DestinationIp.cc b/src/acl/DestinationIp.cc index f861b526e6..4200f54642 100644 --- a/src/acl/DestinationIp.cc +++ b/src/acl/DestinationIp.cc @@ -52,6 +52,10 @@ ACLDestinationIP::match(ACLChecklist *cl) { ACLFilledChecklist *checklist = Filled(cl); + // if there is no HTTP request details fallback to the dst_addr + if (!checklist->request) + return ACLIP::match(checklist->dst_addr); + // Bug 3243: CVE 2009-0801 // Bypass of browser same-origin access control in intercepted communication // To resolve this we will force DIRECT and only to the original client destination. diff --git a/src/acl/DestinationIp.h b/src/acl/DestinationIp.h index f58cf3ffd5..a61fab08a7 100644 --- a/src/acl/DestinationIp.h +++ b/src/acl/DestinationIp.h @@ -58,7 +58,6 @@ public: ACLDestinationIP(): ACLIP(ACLDestinationIP::SupportedFlags) {} virtual char const *typeString() const; virtual int match(ACLChecklist *checklist); - virtual bool requiresRequest() const {return true;} virtual ACL *clone()const;