[MAGNOLIA-7582] Detect and break circular redirects in virtual mappings to prevent infinite loops. Created: 15/Jul/19  Updated: 18/Aug/21

Status: Accepted
Project: Magnolia
Component/s: Virtual URI mappings
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Neutral
Reporter: Jan Haderka Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: maintenance
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

On occasion it is possible to construct series of redirects that would result in the infinite loop. E.g. Redirect from uri A forwarding to B and existing redirect from B redirecting back to A in simplest case or in more complicated example uri A forwarding to B, B forwarding to C and C forwarding back to A.
Magnolia should detect such loops and if occurring break them down.

Please note multiple possible mechanisms of such redirects working. Apart from possibility of regexp being used in "fromURI" parameters, there's also possible combination of includes, forwards and permanent redirects some of which result in triggering from browser thus make detection more difficult (e.g. browser callback can reach another public instance in multi-instance load-balanced setup).

Without implying what solution should be, some means of tracking the fact that call is a redirect as part of the link when browser is involved will most likely be necessary.



 Comments   
Comment by Espen Jervidalo [ 15/Jul/19 ]

Thanks had. For completeness sake: The infinite redirect/forward is still just a suspicion. Might be that the relative '..' just triggered a bug also.

See https://wiki.magnolia-cms.com/display/SRE/2019-07-10+100+percent+CPU+on+magnolia-mkg+public+istances for the causing configuration.

Comment by Viet Nguyen [ 26/Jun/20 ]

I am having a concept for this in
https://wiki.magnolia-cms.com/display/DEV/Concept+-+Cyclic+detection+for+Virtual+URI+Mappings
Feel free to discuss and hope this helps!

Comment by Espen Jervidalo [ 09/Jul/20 ]

Thanks viet.nguyen. I was wondering if instead of trying to solve the problem of loops, we could just prevent it in the first place by not allowing the chaining of redirects/forwards.

Tracking the operation by adding a header parameter to the request and just ignore the consecutive operations, forward/redirect, in case of the presence of such parameter.

Similar concepts exist for proxy forwards. E.g. Max-Forwards: https://en.wikipedia.org/wiki/List_of_HTTP_header_fields

Comment by Viet Nguyen [ 10/Jul/20 ]

Yes ejervidalo,

we could just prevent it in the first place by not allowing the chaining of redirects/forwards

--> from the proposal, we detect the cyclic referencing once customer register a new redirect/forward or update an existing one.

Tracking the operation by adding a header parameter to the request and just ignore the consecutive operations, forward/redirect, in case of the presence of such parameter (Max-Forwards).

--> That's great, we didn't known of that before. Just a limitation is that it could only detect forwards, sometimes the cyclic referencing might happen to be a mixed of redirects + forwards also which may need some more tweaks for detecting.

Cheers,

Generated at Mon Feb 12 04:25:01 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.