------------------------------------------------------------ revno: 13215 revision-id: squid3@treenet.co.nz-20150201094212-w3mu2drisuwjd4cm parent: squid3@treenet.co.nz-20150124051320-9xq5zs1vhcnqjgyd committer: Amos Jeffries branch nick: 3.4 timestamp: Sun 2015-02-01 01:42:12 -0800 message: Remove dst ACL dependency on HTTP request message existence The ACL checklist dst_addr member can be used in cases where the HTTP message is not provided. Such as ssl_bump, ICAP outgoing IP, or peer selection probes. ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20150201094212-w3mu2drisuwjd4cm # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 # testament_sha1: 2a5df5129d3c18220f75e8c70b86468c8806b706 # timestamp: 2015-02-01 09:45:27 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 # base_revision_id: squid3@treenet.co.nz-20150124051320-\ # 9xq5zs1vhcnqjgyd # # Begin patch === modified file 'src/acl/DestinationIp.cc' --- src/acl/DestinationIp.cc 2013-05-13 23:32:23 +0000 +++ src/acl/DestinationIp.cc 2015-02-01 09:42:12 +0000 @@ -52,6 +52,10 @@ { ACLFilledChecklist *checklist = Filled(cl); + // if there is no HTTP request details fallback to the dst_addr + if (!checklist->request) + return ACLIP::match(checklist->dst_addr); + // Bug 3243: CVE 2009-0801 // Bypass of browser same-origin access control in intercepted communication // To resolve this we will force DIRECT and only to the original client destination. === modified file 'src/acl/DestinationIp.h' --- src/acl/DestinationIp.h 2013-01-27 17:35:07 +0000 +++ src/acl/DestinationIp.h 2015-02-01 09:42:12 +0000 @@ -58,7 +58,6 @@ ACLDestinationIP(): ACLIP(ACLDestinationIP::SupportedFlags) {} virtual char const *typeString() const; virtual int match(ACLChecklist *checklist); - virtual bool requiresRequest() const {return true;} virtual ACL *clone()const;