You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by GitBox <gi...@apache.org> on 2020/07/29 07:30:02 UTC

[GitHub] [trafficserver] mtorluemke opened a new issue #7053: ip_allow does not work with /0 rules

mtorluemke opened a new issue #7053:
URL: https://github.com/apache/trafficserver/issues/7053


   Needs another test/triage/debug, but it appears that adding a /0 rule does not work (such as allowing GET from /0 v4 and /0 v6), and returns 403s to the client.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] randall edited a comment on issue #7053: ip_allow does not work with /0 rules

Posted by GitBox <gi...@apache.org>.

randall edited a comment on issue #7053:
URL: https://github.com/apache/trafficserver/issues/7053#issuecomment-665124372






----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] randall commented on issue #7053: ip_allow does not work with /0 rules

Posted by GitBox <gi...@apache.org>.

randall commented on issue #7053:
URL: https://github.com/apache/trafficserver/issues/7053#issuecomment-665092318






----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] SolidWallOfCode edited a comment on issue #7053: ip_allow does not work with /0 rules

Posted by GitBox <gi...@apache.org>.

SolidWallOfCode edited a comment on issue #7053:
URL: https://github.com/apache/trafficserver/issues/7053#issuecomment-697817297


   I  think this is working as documented. E.g. "The rules are matched in order, by IP address". Therefore in this case, if the first rule is "0/0", that matches all IPv4 addresses and no other IPv4 rules will apply. That is, if the first rule is
   ```
     - apply: in
       ip_addrs: 0/0
       action: allow
       methods: GET
   ```
   then only `GET` will be allowed for IPv4. It would be some work to change that to "blend" the rules, basically requiring updating `IpMap` to the [IPSpace](http://docs.solidwallofcode.com/libswoc/code/IPSpace.en.html#ipspace) from libSWOC.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] SolidWallOfCode commented on issue #7053: ip_allow does not work with /0 rules

Posted by GitBox <gi...@apache.org>.

SolidWallOfCode commented on issue #7053:
URL: https://github.com/apache/trafficserver/issues/7053#issuecomment-666514328


   Interesting. I'll try to look at this.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] SolidWallOfCode commented on issue #7053: ip_allow does not work with /0 rules

Posted by GitBox <gi...@apache.org>.

SolidWallOfCode commented on issue #7053:
URL: https://github.com/apache/trafficserver/issues/7053#issuecomment-697817297


   I  think this is working as documented. E.g. "The rules are matched in order, by IP address". Therefore in this case, if the first rule is "0/0", that matches all IPv4 addresses and no other IPv4 rules will apply. That is, if the first rule is
   ```
     - apply: in
       ip_addrs: 0/0
       action: allow
       methods: GET
   ```
   then only `GET` will be allowed for IPv4. It would be some work to change that to "blend" the rules, basically requiring updating `IpMap` to the `IPSpace` from libSWOC.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] SolidWallOfCode closed issue #7053: ip_allow does not work with /0 rules

Posted by GitBox <gi...@apache.org>.

SolidWallOfCode closed issue #7053:
URL: https://github.com/apache/trafficserver/issues/7053


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org