shenyu icon indicating copy to clipboard operation
shenyu copied to clipboard
verified publisher icon apache

wafplugin cache bug

Open crazyStar00 opened this issue 2 years ago • 6 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Current Behavior

  1. The access to the system using the network segment 192.168.40 is blocked, as expected
  2. The network segment 192.168.42 is used to access the system. The forwarding is normal and meets expectations
  3. The network segment 192.168.40 is used to access the system, and the forwarding is normal

Cause of the problem:

  1. When network segment 192.168.42 accesses the system and no rule is matched, an empty rule is added to the MatchDataCache.RULE_DATA_MAP cache
  2. When the 192.168.40 network segment is used again, the null rule is obtained from the MatchDataCache.RULE_DATA_MAP cache, and the actual rule does not take effect

Temporary solutions:

  1. Modify defaultMatchRule in AbstractShenyuPlugin to write the empty rule rule to cached code comments

image

image

I don't understand. Why do we need to cache empty rules?

crazyStar00 avatar Nov 06 '23 08:11 crazyStar00

can you fix it?

moremind avatar Nov 09 '23 08:11 moremind

can you fix it?

I'd like to, but I don't understand why an empty object is put in the cache when no data is retrieved

crazyStar00 avatar Nov 14 '23 06:11 crazyStar00

can you fix it?

I'd like to, but I don't understand why an empty object is put in the cache when no data is retrieved

image I did this directly, I wonder if it is OK?

crazyStar00 avatar Nov 14 '23 06:11 crazyStar00

no, empty rule data or selector data means can't match the rule or selector

moremind avatar Nov 14 '23 06:11 moremind

you can close the match cache to avoid cache error.

moremind avatar Nov 14 '23 06:11 moremind

thanks

crazyStar00 avatar Nov 14 '23 08:11 crazyStar00