trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alan Carroll <solidwallofc...@verizonmedia.com>
Subject Re: IP Allow depending on source IP and destIP?
Date Wed, 20 Mar 2019 18:48:28 GMT
That's not possible via ip_allow.config. There is some limited support for
IP address based control of remap rules, which is mostly broken but should
work well enough to handle your use case. The basic idea is to set up remap
rules for the destinations (e.g. mydomain.local), even if it's an identity
remap. You can then disable that rule based on the IP address of the user
agent (enable doesn't work as expected - see issue #1971). Something like

map http://mydomain.local http://mydomain.local
 @action=deny @src_ip=~192.168.1.2

This will cause the remap rule to not trigger for address that are not
192.168.1.2 (because of the tilde). Such a request can either (1) get a 404
"Not found on accelerator" error or (2) be sent by another remap rule to an
error page. Note the address can be specified as a range of two IP
addresses separated by a dash '-'.

See
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/remap.config.en.html#acl-filters


On Wed, Mar 20, 2019 at 2:42 AM Alexander Rabenstein
<Alexander.Rabenstein@mail.schwarz> wrote:

> Hi,
>
>
>
> I am trying to figure out if its possible to do something like this in
> ip_allow.config:
>
>
>
> src_ip=192.168.1.1 dest_ip=mydomain.local action=ip_allow method=all
>
> Src_ip=192.168.1.2 dest_ip=mydomain.local action=ip_deny method=all
>
>
>
> So allowing access to certain origins depending on the source IP.
>
>
>
> Is this possible with traffic server?
>
>
>
> Kind regards
>
>
>
> Alexander Rabenstein
>
> Professional
>
> Application Management - Retail
>
> --
>
>
>
> Schwarz IT KG
>
> Stiftsbergstraße 1 · D-74172 Neckarsulm
>
> Büro: D-74074 Heilbronn · Ferdinand-Braun-Straße
>
>
>
> Telefon: +49 (0) 7132 30 455 077 <%20+49713230455077>
>
> Alexander.Rabenstein@mail.schwarz
>
>
>
> Kommanditgesellschaft · Sitz: Neckarsulm
>
> Registergericht Stuttgart · HRA 730995
>
>
>

Mime
View raw message