Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Cache] Unathorized clients should be blocked before accessing cache #899

Closed
vankoven opened this issue Feb 1, 2018 · 0 comments
Closed

[Cache] Unathorized clients should be blocked before accessing cache #899

vankoven opened this issue Feb 1, 2018 · 0 comments
Assignees
@vankoven
Labels
enhancement performance security
Milestone
0.6 Tempesta TLS

Comments

@vankoven
Copy link
Contributor

vankoven commented Feb 1, 2018

When a new request is received it's forwarded to cache first:

tempesta/tempesta_fw/http.c

Line 2373 in 195d85e

if (tfw_cache_process(req, NULL, tfw_http_req_cache_cb)) {

and only after that sticky cookie is checked:

tempesta/tempesta_fw/http.c

Lines 1966 to 1970 in 195d85e

r = tfw_http_sess_obtain(req);
if (r < 0)
goto send_500;
if (r > 0) /* Response sent, nothing to do. */
return;

That leads to unnecessary cache lookup for requests with violated or expired sticky cookie. Early blocking of unauthorized clients will help us to save resources under DDOS attacks.
@krizhanovsky krizhanovsky added this to the 0.8 TDB v0.2 milestone Feb 2, 2018
@krizhanovsky krizhanovsky modified the milestones: 0.8 TDB v0.2, 0.6 KTLS Mar 22, 2018
vankoven added a commit that referenced this issue May 9, 2018
@vankoven
fix #899; check for sticky cookie before passing request to cache
87a4090
vankoven added a commit that referenced this issue May 9, 2018
@vankoven
fix #899; check for sticky cookie before passing request to cache
7d43a57
vankoven added a commit that referenced this issue May 9, 2018
@vankoven
fix #899; check for sticky cookie before passing request to cache
81901ca
@vankoven vankoven mentioned this issue Jul 25, 2018
Closed
vankoven added a commit that referenced this issue Sep 13, 2018
@vankoven
fix #899; check for sticky cookie before passing request to cache
3f398e7
vankoven added a commit that referenced this issue Sep 24, 2018
@vankoven
Fix #899: check for sticky cookie before passing request to cache
db89972
@vankoven vankoven mentioned this issue Sep 25, 2018
Closed
@vankoven vankoven mentioned this issue Oct 8, 2018
Closed
vankoven added a commit that referenced this issue Dec 21, 2018
@vankoven
Fix #899: check for sticky cookie before passing request to cache
6101588
@vankoven vankoven mentioned this issue Dec 21, 2018
Merged
vankoven added a commit that referenced this issue Dec 22, 2018
@vankoven
Fix #899: check for sticky cookie before passing request to cache
e8eb431
vankoven added a commit that referenced this issue Jan 17, 2019
@vankoven
Fix #899: check for sticky cookie before passing request to cache
8f04861
krizhanovsky pushed a commit that referenced this issue Jan 26, 2019
@vankoven
Fix #899: check for sticky cookie before passing request to cache
65bf41f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vankoven vankoven

Labels
enhancement performance security
Projects
None yet
Milestone
0.6 Tempesta TLS
Development

Successfully merging a pull request may close this issue.

Streaming mode of operation. Part I: request streaming tempesta-tech/tempesta
3 participants
@krizhanovsky @vankoven @aleksostapenko