diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2021-09-16 19:33:24 +0200 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2021-09-16 22:38:46 +0200 |
| commit | 61c1d7d3658fdcd4b32f8b071cef7941120f8abc (patch) | |
| tree | 0c98275aabc5b839becc3b5d589d62b9f67a6595 | |
| parent | 883a12310a4130370965eab0a710a2c8fae6cc09 (diff) | |
Add AllowRange option to disable HTTP Range usage
apt makes heavy usage of HTTP1.1 features including Range and If-Range.
Sadly it is not obvious if the involved server(s) (and proxies) actually
support them all. The Acquire::http::AllowRange option defaults to true
as before, but now a user can disable Range usage if it is known that
the involved server is not dealing with such requests correctly.
| -rw-r--r-- | doc/examples/configure-index | 7 | ||||
| -rw-r--r-- | methods/basehttp.cc | 4 | ||||
| -rwxr-xr-x | test/integration/test-http-if-range | 77 |
3 files changed, 83 insertions, 5 deletions
diff --git a/doc/examples/configure-index b/doc/examples/configure-index index 4eca100f5..d519e010b 100644 --- a/doc/examples/configure-index +++ b/doc/examples/configure-index @@ -281,7 +281,8 @@ Acquire Timeout "30"; ConnectionAttemptDelayMsec "250"; Pipeline-Depth "5"; - AllowRedirect "true"; + AllowRanges "<BOOL>"; + AllowRedirect "<BOOL>"; // Cache Control. Note these do not work with Squid 2.0.2 No-Cache "false"; @@ -304,11 +305,11 @@ Acquire SslCert "/etc/apt/some.pem"; CaPath "/etc/ssl/certs"; Verify-Host "true"; - AllowRedirect "true"; + AllowRanges "<BOOL>"; + AllowRedirect "<BOOL>"; Timeout "30"; ConnectionAttemptDelayMsec "250"; - AllowRedirect "true"; // Cache Control. Note these do not work with Squid 2.0.2 No-Cache "false"; diff --git a/methods/basehttp.cc b/methods/basehttp.cc index f2c4156e1..396b33999 100644 --- a/methods/basehttp.cc +++ b/methods/basehttp.cc @@ -246,7 +246,7 @@ bool RequestState::HeaderLine(string const &Line) /*{{{*/ return true; } - if (stringcasecmp(Tag, "Accept-Ranges:") == 0) + if (Server->RangesAllowed && stringcasecmp(Tag, "Accept-Ranges:") == 0) { std::string ranges = ',' + Val + ','; ranges.erase(std::remove(ranges.begin(), ranges.end(), ' '), ranges.end()); @@ -276,7 +276,6 @@ void ServerState::Reset() /*{{{*/ Persistent = false; Pipeline = false; PipelineAllowed = true; - RangesAllowed = true; PipelineAnswersReceived = 0; } /*}}}*/ @@ -607,6 +606,7 @@ int BaseHttpMethod::Loop() setPostfixForMethodNames(::URI(Queue->Uri).Host.c_str()); AllowRedirect = ConfigFindB("AllowRedirect", true); PipelineDepth = ConfigFindI("Pipeline-Depth", 10); + Server->RangesAllowed = ConfigFindB("AllowRanges", true); Debug = DebugEnabled(); } diff --git a/test/integration/test-http-if-range b/test/integration/test-http-if-range new file mode 100755 index 000000000..7eb667ba7 --- /dev/null +++ b/test/integration/test-http-if-range @@ -0,0 +1,77 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" +setupenvironment +configarchitecture 'amd64' + +changetowebserver + +TESTFILE='aptarchive/testfile' +HTTPFILE="http://localhost:${APTHTTPPORT}/testfile" +DOWNFILE='./downloaded/testfile' +DOWNLOADLOG='rootdir/tmp/testdownloadfile.log' + +testdownloadfile() { + rm -f "$DOWNLOADLOG" + msgtest "Testing download of file with" "$1" + if ! downloadfile "$HTTPFILE" "$DOWNFILE" > "$DOWNLOADLOG"; then + cat >&2 "$DOWNLOADLOG" + msgfail + else + msgpass + fi +} + +nopartialfile() { + rm -f "$DOWNFILE" +} +validpartialfile() { + head -n 5 "$TESTFILE" > "$DOWNFILE" + touch -d "$(stat --format '%y' "${TESTFILE}")" "$DOWNFILE" +} +badpartialfile() { + head -n 5 "$TESTFILE" > "$DOWNFILE" + touch -d 'now + 1hour' "$DOWNFILE" +} +fullfile() { + cp -a "$TESTFILE" "$DOWNFILE" +} + +cp -a "${TESTDIR}/framework" "$TESTFILE" + +testrun() { + nopartialfile + testdownloadfile "no file $1" + testwebserverlaststatuscode "$2" "$DOWNLOADLOG" + testsuccess cmp "$TESTFILE" "$DOWNFILE" + + validpartialfile + testdownloadfile "good partial file $1" + testwebserverlaststatuscode "$3" "$DOWNLOADLOG" + testsuccess cmp "$TESTFILE" "$DOWNFILE" + + badpartialfile + testdownloadfile "bad partial file $1" + testwebserverlaststatuscode "$4" "$DOWNLOADLOG" + testsuccess cmp "$TESTFILE" "$DOWNFILE" + + fullfile + testdownloadfile "complete file $1" + testwebserverlaststatuscode "$5" "$DOWNLOADLOG" + testsuccess cmp "$TESTFILE" "$DOWNFILE" +} + +testrun 'defaults' '200' '206' '200' '416' + +webserverconfig 'aptwebserver::support::range' 'false' +testrun 'no ranges' '200' '200' '200' '200' +webserverconfig 'aptwebserver::support::range' 'true' + +webserverconfig 'aptwebserver::support::if-range' 'false' +# the second 206 is bad, but we are unable to detect this +testrun 'buggy server' '200' '206' '206' '416' +echo 'Acquire::http::localhost::AllowRanges "false";' > rootdir/etc/apt/apt.conf.d/noallowranges +testrun 'range disabled by conf' '200' '200' '200' '200' +rm rootdir/etc/apt/apt.conf.d/noallowranges |