search

tempesta-tech / tempesta

All-in-one solution for high performance web content delivery and advanced protection against DDoS and web attacks
https://tempesta-tech.com/
GNU General Public License v2.0
615 stars 103 forks source link

Only the first location uses the default frang configuration. #2119

Open biathlon3 opened 4 months ago

biathlon3 commented 4 months ago

Motivation

Only the first location uses the default frang configuration, and the rest use the empty frang configuration if frang_limits is absent in global part of config file before vhosts and locations.

Before implementation #2078 everything is allowed, after implementation everything will be forbidden for the second and next locations.

Scope

With this configuration only location suffix ".jpg" will use default frang configuration

listen 80;
listen 443 proto=h2;
server 127.0.0.3:8000;
cache 2;

vhost default {
    proxy_pass default;
    tls_match_any_server_name;
    tls_certificate /tmp/tempesta/tempesta.crt;
    tls_certificate_key /tmp/tempesta/tempesta.key;

    location suffix ".jpg" {
        proxy_pass default;
        cache_fulfill * *;
    }

    location prefix "/bypassed" {
        proxy_pass default;
        cache_bypass * *;
    }

    location prefix "/nonidempotent" {
        proxy_pass default;
        cache_fulfill * *;
        nonidempotent GET * *;
        nonidempotent HEAD * *;
        nonidempotent POST * *;
    }
}

Testing

cache.test_cache.TestCacheLocationH2.test_prefix_bypassed fails on PR#2078

krizhanovsky commented 4 months ago

2121 seems a generalization of this issue