> You might want to add another option to add non-routable IPs to the list too.
Now this checks loopback, private* , link-local, and multicast. (* See below) > I would create a configuration option called > proxy.config.http.redirect_enabled (with all the options) and start with 0 as > off and set proxy.config.http.number_of_redirections to 1 as the default. So what I have are the three options for Return (default), Reject, and Follow; and I renamed the config to `redirect_enabled`. This may not be as granular as you suggested. Let me know if we need more fine-tuning. I am not sure what you mean by `number_of_redirections`. If this is `0`, then all redirects will return, not just abnormal addresses. > When checking for localhost you should resolve the ip and check to see if it > matches any of the IPs on the server. That could be a long list if there > servers has many IP aliases. Added. The lookup should be _O(1)_. > This still doesn’t block IPs used by other servers in the same network. True; however I added "private" addresses to the checks, which would include non-publicly routable IP addresses. Often this will mean redirects to other machines on the same network are Rejected/Returned if so configured. I think this may be undesirable for some use-cases though, and I welcome others' thoughts on this. [ Full content available at: https://github.com/apache/trafficserver/pull/4145 ] This message was relayed via gitbox.apache.org for [email protected]
