Due to the vast majority of drupal sites using the default directory, random hosts can get into the boost cache by sending a host header to the servers IP. What I'm proposing is a whitelist where one can type in a list of hostnames that are good.

If you have the domain access module installed then it will use the domains from there as the whitelist.

whitelist can do things like *.example.com
blacklist would then do bad.example.com

if this feature is disabled then display all hosts in the boost_cache table.

CommentFileSizeAuthor
#1 boost_domain_whitelisting.patch14.45 KBcotto
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

cotto’s picture

cotto CreditAttribution: cotto commented
Assigned: Unassigned » cotto
FileSize
boost_domain_whitelisting.patch14.45 KB

Attached is a patch that adds optional whitelisting (with wildcards) and blacklisting for domain caching. I tried to avoid taking up more config ui space than necessary for the majority of users who won't care about this, and tried to make the descriptions on the admin form as clear as I could for the ones who will. The patch should also have no significant cost to users who don't use it and a minimal cost for those who do. I tried to keep whatever processing I could in the admin form submit handler to minimize the amount of work that the code in boost_is_cacheable would need to do.

Improvements and suggestions are welcome, but I'm also comfortable with the patch being applied as-is.

mikeytown2’s picture

mikeytown2 CreditAttribution: mikeytown2 commented
Status: Active » Needs review
mikeytown2’s picture

mikeytown2 CreditAttribution: mikeytown2 commented
Status: Needs review » Fixed

thanks & committed!
http://drupal.org/cvs?commit=503614

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.