Hey all, We noticed recently that the parameter purge_allow_ip does not fully do what is documented here: https://traffic-control-cdn.readthedocs.io/en/latest/overview/profiles_and_parameters.html?highlight=purge_allow_ip - ip-allow-config<https://traffic-control-cdn.readthedocs.io/en/latest/overview/profiles_and_parameters.html?highlight=purge_allow_ip#ip-allow-config>
The purge allow IP parameter is supposed to configure ATS to allow PURGE requests over the specified addresses. This functionality works as documented for the edge tier, but on the mid tier this falls apart because atscfg prepends a PURGE/PUSH deny all rule to the very beginning of the file. This leaves us with the inability to purge content at all on the mid tier. I have opened up the following PR today to allow PURGE requests over localhost on mids so that we can accomplish mid tier purges. This is meant as a short term solution. https://github.com/apache/trafficcontrol/pull/5619 Since today purge_allow_ip is only half working as documented, I would like to propose that moving forward purge_allow_ip is depreciated entirely and instead move to a model where PURGE is simply allowed over localhost on ATS. Perhaps we can add a parameter to disable that feature if we want disallowing all PURGE requests to be configurable. Please let me know what you think! - Dylan Souza
