Hi, I am trying to write a Traffic Server plugin that will allow the scanning of the request and response data and either let the data through or block it.
Initially I read the headers in the INK_EVENT_HTTP_READ_REQUEST_HDR and the INK_EVENT_HTTP_READ_RESPONSE_HDR hooks and then added transform hooks so the data could be scanned. In the transform hooks I buffered up the data and then scanned it. Once scanned the data was either sent as it was or I created a new response that contained a block page that was sent to the client instead. This worked apart from the fact that I could not block requests. So I then returned INK_EVENT_HTTP_ERROR from the INK_EVENT_HTTP_READ_REQUEST_HDR if the URL or headers should be blocked – and then returned a block page. This was OK but then I realised that I could not block request data. The only way it seems you can scan request data (i.e. POSTs) without Traffic Server making a connection to the origin server is to use InkHttpTxnIntercept. The problem with this approach is that you then have to handle INK_EVENT_NET_ACCEPT and reading and writing of data to the client by use INKVConnRead and INKVConnWrite and handling INK_EVENT_VCONN_READ_READY, INK_EVENT_VCONN_WRITE_READY. This seems quite low level and you do not have a transaction reference anymore. The problem with this is that if the POST data should be let through then there does not seem to be a way of continuing the original transaction anymore. It seems that you have to open the connection yourself to the origin server and send the request. I have now created a much simpler plugin that always uses InkHttpTxnIntercept - looks up the host IP address (INKHostLookup), connects to the origin server (INKNetConnect), buffers up all the request and response data, and sends and receives this data from the client and server by using the standard INKVConnRead and INKVConnWrite methods. I already have classes that can buffer up and interpret HTTP request and responses so I do not need to use the provided HTTP header functions. This seems to be much simpler with no need for transformation hooks (which seem to be designed to transform data – not block it). So my questions are: 1. Is there any way of continuing the main HTTP transaction after using InkHttpTxnIntercept if you do not want to block the request – i.e. getting back to INK_EVENT_HTTP_SEND_REQUEST_HEADER? I did try and keep the INK_EVENT_HTTP_SEND_REQUEST_HEADER active while reading request data after calling InkHttpTxnIntercept but it was called as soon as I called INKVConnRead. 2. Is there any way of once data has been read in a transform hook to not write the data but block the request at that point by writing data back to the client? 3. Is it better to just use the simpler solution with no transformations? The problem with this solution is that it will probably lose some of the benefits of Traffic Server like server connection pooling which I guess Traffic Server provides because I will be manually opening the connections to the origin servers. 4. Will the plugin be faster if I am not using transformation hooks and using the more low level simpler solution? Thank you for reading this rather long email and I hope someone can provide some advice.
