From 79f959435ff2fc6636820e44b884e4cf4f6ded4d Mon Sep 17 00:00:00 2001 From: Vijay Mamidi Date: Thu, 19 Aug 2021 12:09:33 -0700 Subject: [PATCH 1/4] Do not turn off cache for internal requests --- plugins/authproxy/authproxy.cc | 9 --------- 1 file changed, 9 deletions(-) diff --git a/plugins/authproxy/authproxy.cc b/plugins/authproxy/authproxy.cc index 88dadd09c6a..982a7382821 100644 --- a/plugins/authproxy/authproxy.cc +++ b/plugins/authproxy/authproxy.cc @@ -635,15 +635,6 @@ AuthProxyGlobalHook(TSCont /* cont ATS_UNUSED */, TSEvent event, void *edata) case TS_EVENT_HTTP_POST_REMAP: // Ignore internal requests since we generated them. if (TSHttpTxnIsInternal(txn)) { - // All our internal requests *must* hit the origin since it is the - // agent that needs to make the authorization decision. We can't - // allow that to be cached. Note that this only affects the remap - // rule that this plugin is instantiated for, *unless* you are using - // it as a global plugin (not highly recommended). Also remember that - // the HEAD auth request might trip a different remap rule, particularly - // if you do not have pristine host-headers enabled. - TSHttpTxnConfigIntSet(txn, TS_CONFIG_HTTP_CACHE_HTTP, 0); - AuthLogDebug("re-enabling internal transaction"); TSHttpTxnReenable(txn, TS_EVENT_HTTP_CONTINUE); return TS_EVENT_NONE; From cbd07377623221f5fec49af2c285781b932ef221 Mon Sep 17 00:00:00 2001 From: Vijay Mamidi Date: Mon, 13 Dec 2021 11:33:40 -0800 Subject: [PATCH 2/4] Allow configuration to enable/disable caching internal requests --- plugins/authproxy/authproxy.cc | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/plugins/authproxy/authproxy.cc b/plugins/authproxy/authproxy.cc index 982a7382821..c9fc424bdc2 100644 --- a/plugins/authproxy/authproxy.cc +++ b/plugins/authproxy/authproxy.cc @@ -58,6 +58,7 @@ struct AuthOptions { int hostport = -1; AuthRequestTransform transform = nullptr; bool force = false; + bool cache_internal_requests = false; AuthOptions() = default; ~AuthOptions() = default; @@ -624,6 +625,14 @@ AuthRequestIsTagged(TSHttpTxn txn) return AuthTaggedRequestArg != -1 && TSUserArgGet(txn, AuthTaggedRequestArg) != nullptr; } +// Return true if the internal requests can be cached. +static bool +CacheInternalRequests(TSHttpTxn txn) +{ + AuthOptions *opt = static_cast(TSUserArgGet(txn, AuthTaggedRequestArg)); + return opt ? opt->cache_internal_requests : false; +} + static int AuthProxyGlobalHook(TSCont /* cont ATS_UNUSED */, TSEvent event, void *edata) { @@ -635,6 +644,17 @@ AuthProxyGlobalHook(TSCont /* cont ATS_UNUSED */, TSEvent event, void *edata) case TS_EVENT_HTTP_POST_REMAP: // Ignore internal requests since we generated them. if (TSHttpTxnIsInternal(txn)) { + // All our internal requests *must* hit the origin since it is the + // agent that needs to make the authorization decision. We can't + // allow that to be cached. Note that this only affects the remap + // rule that this plugin is instantiated for, *unless* you are using + // it as a global plugin (not highly recommended). Also remember that + // the HEAD auth request might trip a different remap rule, particularly + // if you do not have pristine host-headers enabled. + if (CacheInternalRequests(txn)) + TSHttpTxnConfigIntSet(txn, TS_CONFIG_HTTP_CACHE_HTTP, 1); + else + TSHttpTxnConfigIntSet(txn, TS_CONFIG_HTTP_CACHE_HTTP, 0); AuthLogDebug("re-enabling internal transaction"); TSHttpTxnReenable(txn, TS_EVENT_HTTP_CONTINUE); return TS_EVENT_NONE; @@ -665,6 +685,7 @@ AuthParseOptions(int argc, const char **argv) {const_cast("auth-port"), required_argument, nullptr, 'p'}, {const_cast("auth-transform"), required_argument, nullptr, 't'}, {const_cast("force-cacheability"), no_argument, nullptr, 'c'}, + {const_cast("cache-internal"), no_argument, nullptr, 'i'}, {nullptr, 0, nullptr, 0}, }; @@ -686,6 +707,9 @@ AuthParseOptions(int argc, const char **argv) case 'c': options->force = true; break; + case 'i': + options->cache_internal_requests = true; + break; case 't': if (strcasecmp(optarg, "redirect") == 0) { options->transform = AuthWriteRedirectedRequest; From d15209517ba5df6c037b20c15d4d392f5031a339 Mon Sep 17 00:00:00 2001 From: Vijay Mamidi Date: Thu, 16 Dec 2021 11:04:15 -0800 Subject: [PATCH 3/4] do not enable cache --- plugins/authproxy/authproxy.cc | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/plugins/authproxy/authproxy.cc b/plugins/authproxy/authproxy.cc index c9fc424bdc2..aa52696362e 100644 --- a/plugins/authproxy/authproxy.cc +++ b/plugins/authproxy/authproxy.cc @@ -651,9 +651,7 @@ AuthProxyGlobalHook(TSCont /* cont ATS_UNUSED */, TSEvent event, void *edata) // it as a global plugin (not highly recommended). Also remember that // the HEAD auth request might trip a different remap rule, particularly // if you do not have pristine host-headers enabled. - if (CacheInternalRequests(txn)) - TSHttpTxnConfigIntSet(txn, TS_CONFIG_HTTP_CACHE_HTTP, 1); - else + if (!CacheInternalRequests(txn)) TSHttpTxnConfigIntSet(txn, TS_CONFIG_HTTP_CACHE_HTTP, 0); AuthLogDebug("re-enabling internal transaction"); TSHttpTxnReenable(txn, TS_EVENT_HTTP_CONTINUE); From d039f07468804de52e163f8133b3d990f0ef3c56 Mon Sep 17 00:00:00 2001 From: Vijay Mamidi Date: Tue, 11 Jan 2022 10:56:41 -0800 Subject: [PATCH 4/4] documentation updated --- doc/admin-guide/plugins/authproxy.en.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/admin-guide/plugins/authproxy.en.rst b/doc/admin-guide/plugins/authproxy.en.rst index 02d3a393468..b17984aa7cb 100644 --- a/doc/admin-guide/plugins/authproxy.en.rst +++ b/doc/admin-guide/plugins/authproxy.en.rst @@ -87,6 +87,11 @@ Plugin Options that by setting the :ts:cv:`proxy.config.http.cache.ignore_authentication` option on the request. +--cache-internal + The option will allow the Traffic Server to cache internal + requests. By default, internally generated requests are + not cached as the agent needs to take the authorization decisions. + Examples --------