trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alan Carroll <>
Subject Re: Traffic Server as Forward Proxy
Date Mon, 19 Jun 2017 14:33:21 GMT
ip_allow.config would also work to allow inbound connections only from specific (client) IP
addresses. Note that remap works for forward proxy therefore a remap.config could force all
requests to the target. Alternatively, since ip_allow.config now supports outbound controls
that could be set to allow outbound connections to only that specific IP address.

On Monday, June 19, 2017, 8:36:22 AM CDT, Leif Hedstrom <> wrote:

Why can't you run this as a reverse proxy? Have all your service names in DNS point to the
same IP running the proxy server, and add appropriate map rules for each one to the respective
service IP (which are 1918 ranges I assume). You then want to require remap n the config she,
which disables ATS as an open forward proxy.
In this scenario you likely want to enable the pristine host header configuration as well.
-- Leif 
On Jun 19, 2017, at 5:24 AM, salil GK <> wrote:

Hi James 
Yes traffic server has different mechanism to do authentication. Most secure way is to make
the port as ssl port 
CONFIG proxy.config.http.server_ports STRING 8445:ssl

take a look at the following parameter on how to control client access
CONFIG proxy.config.ssl.client.certification_level INT 2

origin server access can be controlled by writing/modifying plugin. for authentication you
may consider auth plugin

On 19 June 2017 at 16:02, James P <> wrote:

I have an application (C# software) that has been running on several clients. This application
access a webservice from another company (ABC, for instance). However, in order to ensure
protection, ABC company is now forcing us to use a single IP to use its webservice. Therefore,
all my C# applications (in several different clients) needs to access using same IP. 
I have installed Apache Traffic Server as forward proxy and everything is working fine. The
problem is that it is working as an open proxy and I know this is very risky. 
How can I keep this solution with Traffic Server and add some security?
1. Is it possible to use some form of authenticated requests in Traffic Server?2. Is it possible
to force the proxy to redirect all access the a domain? Therefore,
it would not be an open proxy.

View raw message