vmod_proxy: restrict all $Functions to client context

Since all functions of vmod_proxy use ctx->req, they should then be restricted to client context only

vmod_proxy: restrict all $Functions to client context
Since all functions of vmod_proxy use ctx->req, they should then be restricted to client context only
7cd8cca0 · Walid Boudebouda · Nils Goroll · 0d2fe019 · 7cd8cca0
Commit 7cd8cca0 authored Mar 09, 2023 by Walid Boudebouda Committed by Nils Goroll Apr 24, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 0 deletions

vmod_proxy.vcc vmod/vmod_proxy.vcc +22 -0

No files found.
--- a/vmod/vmod_proxy.vcc
+++ b/vmod/vmod_proxy.vcc
@@ -45,6 +45,8 @@ Example::
 	set req.http.alpn = proxy.alpn();
+$Restrict client
 $Function STRING authority()
 Extract authority attribute. This corresponds to SNI from a TLS
@@ -54,6 +56,8 @@ Example::
 	set req.http.authority = proxy.authority();
+$Restrict client
 $Function BOOL is_ssl()
 Report if proxy-protocol-v2 has SSL TLV.
@@ -64,16 +68,22 @@ Example::
 		set req.http.ssl-version = proxy.ssl_version();
 	}
+$Restrict client
 $Function BOOL client_has_cert_sess()
 Report if the client provided a certificate at least once over the TLS
 session this connection belongs to.
+$Restrict client
 $Function BOOL client_has_cert_conn()
 Report if the client provided a certificate over the current
 connection.
+$Restrict client
 $Function INT ssl_verify_result()
 Report the SSL_get_verify_result from a TLS session. It only matters
@@ -86,6 +96,8 @@ Example::
 		set req.http.ssl-verify = "ok";
 	}
+$Restrict client
 $Function STRING ssl_version()
 Extract SSL version attribute.
@@ -94,6 +106,8 @@ Example::
 	set req.http.ssl-version = proxy.ssl_version();
+$Restrict client
 $Function STRING client_cert_cn()
 Extract the common name attribute of the client certificate's.
@@ -101,6 +115,8 @@ Extract the common name attribute of the client certificate's.
 Example::
 	set req.http.cert-cn = proxy.client_cert_cn();
+$Restrict client
 $Function STRING ssl_cipher()
 Extract the SSL cipher attribute.
@@ -109,6 +125,8 @@ Example::
 	set req.http.ssl-cipher = proxy.ssl_cipher();
+$Restrict client
 $Function STRING cert_sign()
 Extract the certificate signature algorithm attribute.
@@ -117,6 +135,8 @@ Example::
 	set req.http.cert-sign = proxy.cert_sign();
+$Restrict client
 $Function STRING cert_key()
 Extract the certificate key algorithm attribute.
@@ -125,6 +145,8 @@ Example::
 	set req.http.cert-key = proxy.cert_key();
+$Restrict client
 SEE ALSO
 ========