maskit commented on PR #9767: URL: https://github.com/apache/trafficserver/pull/9767#issuecomment-1573943324
> Interesting. To be clear, are you suggesting we remove the corresponding tunnel_route's ability to use matched groups from the fqdn? Oh that relies on pcre? I didn't know it. Then it doesn't need to be completely removed, but as #9736 explains, using many pcre has negative impact in performance. And current pattern matching is not quite right. If you have `fqdn: *.example.com`, it actually matches `foo.bar.example.com.evil.com`, which sounds scary although I don't think of any bad ways to use the bug. I suggest having `name` (and `pattern` if we can't remove pcre matching) for server name matching. - `name`: Follows the regular server name matching (include just one wildcard for a subdomain) which is used for cert validation. - `pattern`: PCRE, which requires user to set a real regex (no implicit `^` and `$`) And for the new feature, I'd suggest a separate key `ports` as a sibling of "name". -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
