Update docs from commit a7a22ed7db1ba52972ea2aeb0ed423cf2a2dde82
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol-website/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol-website/commit/6546951e Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol-website/tree/6546951e Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol-website/diff/6546951e Branch: refs/heads/asf-site Commit: 6546951e218ffe4730d87a62a0dd36e60414f625 Parents: 98cf8d9 Author: jenkins <bui...@apache.org> Authored: Mon May 14 17:27:07 2018 +0000 Committer: jenkins <bui...@apache.org> Committed: Mon May 14 17:27:07 2018 +0000 ---------------------------------------------------------------------- docs/master/_images/anonymous_blocking01.png | Bin 0 -> 109855 bytes docs/master/_images/anonymous_blocking02.png | Bin 0 -> 28800 bytes .../quick_howto/anonymous_blocking.rst.txt | 87 + .../_sources/admin/quick_howto/index.rst.txt | 1 + .../_sources/api/v12/deliveryservice.rst.txt | 2141 +++++++++--------- docs/master/admin/index.html | 2 + .../admin/quick_howto/anonymous_blocking.html | 355 +++ docs/master/admin/quick_howto/index.html | 16 +- docs/master/api/v12/deliveryservice.html | 1041 ++++----- docs/master/api/v12/index.html | 3 +- docs/master/objects.inv | Bin 4927 -> 4965 bytes docs/master/searchindex.js | 2 +- 12 files changed, 2057 insertions(+), 1591 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol-website/blob/6546951e/docs/master/_images/anonymous_blocking01.png ---------------------------------------------------------------------- diff --git a/docs/master/_images/anonymous_blocking01.png b/docs/master/_images/anonymous_blocking01.png new file mode 100644 index 0000000..bda89db Binary files /dev/null and b/docs/master/_images/anonymous_blocking01.png differ http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol-website/blob/6546951e/docs/master/_images/anonymous_blocking02.png ---------------------------------------------------------------------- diff --git a/docs/master/_images/anonymous_blocking02.png b/docs/master/_images/anonymous_blocking02.png new file mode 100644 index 0000000..0b74046 Binary files /dev/null and b/docs/master/_images/anonymous_blocking02.png differ http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol-website/blob/6546951e/docs/master/_sources/admin/quick_howto/anonymous_blocking.rst.txt ---------------------------------------------------------------------- diff --git a/docs/master/_sources/admin/quick_howto/anonymous_blocking.rst.txt b/docs/master/_sources/admin/quick_howto/anonymous_blocking.rst.txt new file mode 100644 index 0000000..4ee0ad5 --- /dev/null +++ b/docs/master/_sources/admin/quick_howto/anonymous_blocking.rst.txt @@ -0,0 +1,87 @@ +.. +.. +.. Licensed under the Apache License, Version 2.0 (the "License"); +.. you may not use this file except in compliance with the License. +.. You may obtain a copy of the License at +.. +.. http://www.apache.org/licenses/LICENSE-2.0 +.. +.. Unless required by applicable law or agreed to in writing, software +.. distributed under the License is distributed on an "AS IS" BASIS, +.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +.. See the License for the specific language governing permissions and +.. limitations under the License. +.. + +.. _rl-anonymous_blocking-qht: + +************************************** +Configure Anonymous Blocking +************************************** + +.. Note:: Anonymous Blocking is only supported for HTTP delivery services. + +1) Prepare the Anonymous Blocking configuration file + +Anonymous Blocking uses a configuration file in JSON format to define blocking rules for delivery services. The file needs to be put on an HTTP server accessible to Traffic Router. An example of the JSON is as follows:: + + { + + "customer": "YourCompany", + "version": "1", + "date" : "2017-05-23 03:28:25", + "name": "Anonymous IP Blocking Policy", + + "anonymousIp": { "blockAnonymousVPN": true, + "blockHostingProvider": true, + "blockPublicProxy": true, + "blockTorExitNode": true}, + + "ip4Whitelist": ["192.168.30.0/24", "10.0.2.0/24", "10.1.1.1/32"], + + "ip6Whitelist": ["2001:550:90a::/48", "::1/128"], + + "redirectUrl": "http://youvebeenblocked.com" + } + +* âanonymousIpâ contains the types of IPs which can be checked against the Anonymous IP Database. There are 4 types of IPs which can be checked: VPNs, Hosting Providers, Public Proxies, and Tor Exit Nodes. Each type of IP can be enabled or disabled. If the value is true, IPs which match this type will be blocked when the feature is enabled in the delivery service. If the value is false, IPs which match this type will not be blocked. If an IP matches more than 1 type and any type is enabled, the IP will be blocked. + +* âredirectUrlâ is the URL that will be returned to the blocked clients. Without a redirectUrl, the clients will receive an HTTP response code 403. With a redirectUrl, the clients will be redirected with an HTTP response code 302. + +* âipWhiteListâ is an optional element. It includes a list of CIDR (Classless Inter-Domain Routing) blocks indicating the IPv4 and IPv6 subnets that are allowed by the rule. If this list exists and the value is not empty, client IP will be matched against the CIDR list, and if there is any match, the request will be allowed. If there is no match in the white list, further anonymous blocking logic will continue. + + +2) Add Anonymous Blocking parameters on Traffic Ops + +The following three new parameters are required to be added into CRConfig.json: + +* "anonymousip.policy.configuration": the HTTP URL of the Anonymous Blocking configuration file. Traffic Router will fetch the file from this URL. +* "anonymousip.polling.url": the HTTP URL of the Anonymous IP Database. Traffic Router will fetch the file from this URL. +* "anonymousip.polling.interval": the interval that Traffic Router polls the Anonymous Blocking configuration file and Anonymous IP Database. + +.. image:: anonymous_blocking01.png + :scale: 100% + :align: center + +3) Enable Anonmyous Blocking for a delivery service + +.. image:: anonymous_blocking02.png + :scale: 100% + :align: center + +4) Make configuration effective + +Go to Tools->Snapshot CRConfig, perform âDiff CRConfigâ and click "Write CRConfig". + +.. image:: regionalgeo03.png + :scale: 70% + :align: center + +5) Traffic Router access log with Anonymous Blocking + +Anonymous Blocking extends the field of "rtype" and adds a new field "ANON_BLOCK" in Traffic Router access.log to help to monitor the working of this feature. + +If rtype=ANON_BLOCK then the client's IP was found in the Anonymous IP Database and was blocked. + + + http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol-website/blob/6546951e/docs/master/_sources/admin/quick_howto/index.rst.txt ---------------------------------------------------------------------- diff --git a/docs/master/_sources/admin/quick_howto/index.rst.txt b/docs/master/_sources/admin/quick_howto/index.rst.txt index d04a019..4c6b6dc 100644 --- a/docs/master/_sources/admin/quick_howto/index.rst.txt +++ b/docs/master/_sources/admin/quick_howto/index.rst.txt @@ -27,6 +27,7 @@ Traffic Ops dnssec.rst federations.rst regionalgeo.rst + anonymous_blocking.rst steering.rst Traffic Portal