Add ability for TR to strip its special query params from responses

CHANGELOG.md

@@ -22,6 +22,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - Traffic Portal: Adds the ability for operations/admin users to create a CDN-level notification.
 - Traffic Portal: upgraded delivery service UI tables to use more powerful/performant ag-grid component
 - Traffic Router: added new 'dnssec.rrsig.cache.enabled' profile parameter to enable new DNSSEC RRSIG caching functionality. Enabling this greatly reduces CPU usage during the DNSSEC signing process.
+- Traffic Router: added new 'strip.special.query.params' profile parameter to enable stripping the 'trred' and 'fakeClientIpAddress' query parameters from responses: [#1065](https://github.com/apache/trafficcontrol/issues/1065)
 - [#5316](https://github.com/apache/trafficcontrol/issues/5316) - Add router host names and ports on a per interface basis, rather than a per server basis.
 - Traffic Ops: Adds API endpoints to fetch (GET), create (POST) or delete (DELETE) a cdn notification. Create and delete are limited to users with operations or admin role.
 - Added ACME certificate renewals and ACME account registration using external account binding

docs/source/admin/traffic_router.rst

@@ -217,6 +217,9 @@ Much of a Traffic Router's configuration can be obtained through the :term:`Para
 	| client.steering.forced.diversity        | CRConfig.json                | When this :term:`Parameter` exists and is exactly "true", it enables the "Client Steering Forced Diversity" feature to diversify      |
 	|                                         |                              | CLIENT_STEERING results by including more unique :term:`Edge-tier cache servers` in the response to the client's request.             |
 	+-----------------------------------------+------------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
+	| strip.special.query.params              | CRConfig.json                | If "true", Traffic Router will strip its special query parameters (namely "trred" and "fakeClientIpAddress") from its responses.      |
+	|                                         |                              | Note: the special query parameter "format" is not stripped due to its generality.                                                     |
+	+-----------------------------------------+------------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
 	| tld.soa.expire                          | CRConfig.json                | The value for the "expire" field the Traffic Router DNS Server will respond with on :abbr:`SOA (Start of Authority)` records.         |
 	+-----------------------------------------+------------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
 	| tld.soa.minimum                         | CRConfig.json                | The value for the minimum field the Traffic Router DNS Server will respond with on :abbr:`SOA (Start of Authority)` records.          |

traffic_router/core/src/main/java/org/apache/traffic_control/traffic_router/core/router/TrafficRouter.java

@@ -34,6 +34,7 @@
 import org.apache.traffic_control.traffic_router.core.edge.Node.IPVersions;
 import org.apache.traffic_control.traffic_router.core.edge.TrafficRouterLocation;
 import org.apache.traffic_control.traffic_router.core.hash.ConsistentHasher;
+import org.apache.traffic_control.traffic_router.core.http.RouterFilter;
 import org.apache.traffic_control.traffic_router.core.loc.AnonymousIp;
 import org.apache.traffic_control.traffic_router.core.loc.AnonymousIpDatabaseService;
 import org.apache.traffic_control.traffic_router.core.loc.FederationRegistry;
@@ -58,6 +59,7 @@
 import org.apache.log4j.Logger;
 import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
+import org.springframework.web.util.UriComponentsBuilder;
 import org.xbill.DNS.Name;
 import org.xbill.DNS.Type;
 import org.xbill.DNS.Zone;
@@ -105,6 +107,7 @@ public class TrafficRouter {
 	public static final String DNSSEC_ENABLED = "dnssec.enabled";
 	public static final String DNSSEC_ZONE_DIFFING = "dnssec.zone.diffing.enabled";
 	public static final String DNSSEC_RRSIG_CACHE_ENABLED = "dnssec.rrsig.cache.enabled";
+	public static final String STRIP_SPECIAL_QUERY_PARAMS = "strip.special.query.params";
 	private static final long DEFAULT_EDGE_NS_TTL = 3600;
 	private static final int DEFAULT_EDGE_TR_LIMIT = 4;
 
@@ -117,6 +120,7 @@ public class TrafficRouter {
 	private final boolean consistentDNSRouting;
 	private final boolean clientSteeringDiversityEnabled;
 	private final boolean dnssecZoneDiffingEnabled;
+	private final boolean stripSpecialQueryParamsEnabled;
 	private final boolean edgeDNSRouting;
 	private final boolean edgeHTTPRouting;
 	private final long edgeNSttl; // 1 hour default
@@ -152,6 +156,7 @@ public TrafficRouter(final CacheRegister cr,
 		this.anonymousIpService = anonymousIpService;
 		this.federationRegistry = federationRegistry;
 		this.clientSteeringDiversityEnabled = JsonUtils.optBoolean(cr.getConfig(), CLIENT_STEERING_DIVERSITY);
+		this.stripSpecialQueryParamsEnabled = JsonUtils.optBoolean(cr.getConfig(), STRIP_SPECIAL_QUERY_PARAMS);
 		this.dnssecZoneDiffingEnabled = JsonUtils.optBoolean(cr.getConfig(), DNSSEC_ENABLED) && JsonUtils.optBoolean(cr.getConfig(), DNSSEC_ZONE_DIFFING);
 		this.consistentDNSRouting = JsonUtils.optBoolean(cr.getConfig(), "consistent.dns.routing"); // previous/default behavior
 		this.edgeDNSRouting =  JsonUtils.optBoolean(cr.getConfig(), "edge.dns.routing") && cr.hasEdgeTrafficRouters();
@@ -1164,10 +1169,29 @@ public String buildPatternBasedHashString(final String regex, final String reque
 	public HTTPRouteResult route(final HTTPRequest request, final Track track) throws MalformedURLException, GeolocationException {
 		track.setRouteType(RouteType.HTTP, request.getHostname());
 
+		final HTTPRouteResult result;
 		if (isMultiRouteRequest(request)) {
-			return multiRoute(request, track);
+			result = multiRoute(request, track);
 		} else {
-			return singleRoute(request, track);
+			result = singleRoute(request, track);
+		}
+		if (stripSpecialQueryParamsEnabled) {
+		    stripSpecialQueryParams(result);
+		}
+		return result;
+	}
+
+	public void stripSpecialQueryParams(final HTTPRouteResult result) throws MalformedURLException {
+		if (result != null && result.getUrls() != null) {
+			for (int i = 0; i < result.getUrls().size(); i++) {
+				final URL url = result.getUrls().get(i);
+				if (url != null) {
+					result.getUrls().set(i, UriComponentsBuilder.fromHttpUrl(url.toString())
+							.replaceQueryParam(HTTPRequest.FAKE_IP)
+							.replaceQueryParam(RouterFilter.REDIRECT_QUERY_PARAM)
+							.build().toUri().toURL());
+				}
+			}
 		}
 	}
 

traffic_router/core/src/test/java/org/apache/traffic_control/traffic_router/core/router/TrafficRouterTest.java

@@ -36,6 +36,8 @@
 import org.xbill.DNS.Name;
 import org.xbill.DNS.Type;
 
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashSet;
@@ -98,6 +100,7 @@ public void before() throws Exception {
         when(trafficRouter.singleRoute(any(HTTPRequest.class), any(Track.class))).thenCallRealMethod();
         when(trafficRouter.selectDeliveryService(any(Request.class))).thenReturn(deliveryService);
         when(trafficRouter.consistentHashDeliveryService(any(DeliveryService.class), any(HTTPRequest.class), any())).thenCallRealMethod();
+        doCallRealMethod().when(trafficRouter).stripSpecialQueryParams(any(HTTPRouteResult.class));
     }
 
     @Test
@@ -324,4 +327,16 @@ public void itRetainsPathElementsInURI() throws Exception {
 
         assertThat(deliveryService.createURIString(httpRequest, cache), equalTo(dest.toString()));
     }
+
+    @Test
+    public void itStripsSpecialQueryParameters() throws MalformedURLException {
+        HTTPRouteResult result = new HTTPRouteResult(false);
+        result.setUrl(new URL("http://example.org/foo?trred=false&fakeClientIpAddress=192.168.0.2"));
+        trafficRouter.stripSpecialQueryParams(result);
+        assertThat(result.getUrl().toString(), equalTo("http://example.org/foo"));
+
+        result.setUrl(new URL("http://example.org/foo?b=1&trred=false&a=2&asdf=foo&fakeClientIpAddress=192.168.0.2&c=3"));
+        trafficRouter.stripSpecialQueryParams(result);
+        assertThat(result.getUrl().toString(), equalTo("http://example.org/foo?b=1&a=2&asdf=foo&c=3"));
+    }
 }