This is an automated email from the ASF dual-hosted git repository.
eze pushed a commit to branch 8.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/8.1.x by this push:
new b49ae06363 Deny the TRACE method by default (#9789)
b49ae06363 is described below
commit b49ae063632b1f40b9bd45aa66524924e2c26600
Author: Bryan Call <[email protected]>
AuthorDate: Tue Jun 6 15:08:08 2023 -0700
Deny the TRACE method by default (#9789)
---
configs/ip_allow.config.default | 4 ++--
doc/admin-guide/files/ip_allow.config.en.rst | 12 ++++++------
tests/gold_tests/autest-site/min_cfg/ip_allow.config | 4 ++--
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/configs/ip_allow.config.default b/configs/ip_allow.config.default
index 264d0786d3..0bf3b6e446 100644
--- a/configs/ip_allow.config.default
+++ b/configs/ip_allow.config.default
@@ -23,5 +23,5 @@
src_ip=127.0.0.1 action=ip_allow method=ALL
src_ip=::1 action=ip_allow method=ALL
# Deny PURGE, DELETE, and PUSH for all (this implies allow other methods for
all)
-src_ip=0.0.0.0-255.255.255.255 action=ip_deny
method=PUSH|PURGE|DELETE
-src_ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff action=ip_deny
method=PUSH|PURGE|DELETE
+src_ip=0.0.0.0-255.255.255.255 action=ip_deny
method=PUSH|PURGE|DELETE|TRACE
+src_ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff action=ip_deny
method=PUSH|PURGE|DELETE|TRACE
diff --git a/doc/admin-guide/files/ip_allow.config.en.rst
b/doc/admin-guide/files/ip_allow.config.en.rst
index 537afcb6ea..2917c12663 100644
--- a/doc/admin-guide/files/ip_allow.config.en.rst
+++ b/doc/admin-guide/files/ip_allow.config.en.rst
@@ -70,20 +70,20 @@ deny, one explicit and the other implicit. The ``src_ip``
rules are checked when
to |TS|. The ``dst_ip`` rules are checked when |TS| connects to another host.
By default the :file:`ip_allow.config` file contains the following lines,
which allows all methods
-to connections from localhost and denies the ``PUSH``, ``PURGE`` and
``DELETE`` methods to all other
-IP addresses (note this allows all other methods to all IP addresses)::
+to connections from localhost and denies the ``PUSH``, ``PURGE``, ``DELETE``
and ``TRACE`` methods
+to all other IP addresses (note this allows all other methods to all IP
addresses)::
src_ip=127.0.0.1 action=ip_allow
method=ALL
src_ip=::1 action=ip_allow
method=ALL
- src_ip=0.0.0.0-255.255.255.255 action=ip_deny
method=PUSH|PURGE|DELETE
- src_ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff action=ip_deny
method=PUSH|PURGE|DELETE
+ src_ip=0.0.0.0-255.255.255.255 action=ip_deny
method=PUSH|PURGE|DELETE|TRACE
+ src_ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff action=ip_deny
method=PUSH|PURGE|DELETE|TRACE
This could also be specified as::
src_ip=127.0.0.1 action=ip_allow method=ALL
src_ip=::1 action=ip_allow method=ALL
- src_ip=0/0 action=ip_deny method=PUSH|PURGE|DELETE
- src_ip=::/0 action=ip_deny method=PUSH|PURGE|DELETE
+ src_ip=0/0 action=ip_deny method=PUSH|PURGE|DELETE|TRACE
+ src_ip=::/0 action=ip_deny method=PUSH|PURGE|DELETE|TRACE
Examples
========
diff --git a/tests/gold_tests/autest-site/min_cfg/ip_allow.config
b/tests/gold_tests/autest-site/min_cfg/ip_allow.config
index 061bbe5c0b..b795a59cad 100644
--- a/tests/gold_tests/autest-site/min_cfg/ip_allow.config
+++ b/tests/gold_tests/autest-site/min_cfg/ip_allow.config
@@ -1,4 +1,4 @@
src_ip=127.0.0.1 action=ip_allow method=ALL
src_ip=::1 action=ip_allow method=ALL
-src_ip=0.0.0.0-255.255.255.255 action=ip_deny method=PUSH|PURGE|DELETE
-src_ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff action=ip_deny
method=PUSH|PURGE|DELETE
\ No newline at end of file
+src_ip=0.0.0.0-255.255.255.255 action=ip_deny method=PUSH|PURGE|DELETE|TRACE
+src_ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff action=ip_deny
method=PUSH|PURGE|DELETE|TRACE
