trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: Limit access based on source and destination
Date Tue, 10 May 2016 18:10:56 GMT


Am 10.05.2016 um 20:04 schrieb Eagen, Dave:
> We have TrafficServer 6.1.1 running as a forward proxy and would like to
> restrict access to some destination IPs. Those IPs should be reachable
> through the proxy only for a different set of source IPs. I can see in
> ip_allow.config that I can control whether a given set of source IPs are
> able to use the proxy server at all but not how I can allow them to use
> the proxy for everything except the restricted destination IPs.
>
> How can we implement this kind of access control?

such restrictions really don't belong to the proxy but on the backend 
server, running a reverse proxy without translate source ip addresses is 
in general unwise and so if you setup is done right you make your 
restrictions on the backend server as if there would be no proxy at all 
(directly on the backend server or inside the application sicne 
REMOTE_ADDR for scripts is also transprant translated)

or in other words: your backend config and application should not need 
to be aware that there is a proxy at all in front

https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html

for leagy servers running apache in outdated versions there is a 
"mod_rafp" 3rd party module available



Mime
View raw message