masaori335 commented on code in PR #11635:
URL: https://github.com/apache/trafficserver/pull/11635#discussion_r1701102030
##########
doc/admin-guide/files/remap.config.en.rst:
##########
@@ -662,32 +749,63 @@ This is an example of in-line filter, named filters in
:file:`remap.config`, and
map http://www.example.com/ http://internal.example.com/ @action=deny
@method=POST
-With the "Match on IP and Method Policy", the evaluation applied from left to
right until match is found:
+With the "Legacy" policy, the evaluation applied from left to right until
match is found:
====== ============== ============== ============== ================
=============
Method In-line Filter Named Filter 1 Named Filter 2 ip_allow.yaml result
====== ============== ============== ============== ================
=============
GET \- \- \- allow (implicit) allowed
(200)
-POST deny \- \- \- denied
(403)
-HEAD \- allow \- \- allowed
(200)
-DELETE \- \- deny \- denied
(403)
+POST deny \- \- allow (implicit) denied
(403)
+HEAD \- allow \- allow (implicit) allowed
(200)
+DELETE \- \- deny allow (implicit) denied
(403)
PURGE \- \- \- deny denied
(403)
PUSH \- \- \- deny denied
(403)
====== ============== ============== ============== ================
=============
-With the "Match on IP only Policy", the in-line filter works like an
:file:`ip_allow.yaml` rule applies to all requests to
-``www.example.com`` that denies ``POST`` requests and implicitly allows all
other methods:
-
-====== ================ ============== ============== =============
=============
-Method In-line Filter Named Filter 1 Named Filter 2 ip_allow.yaml result
-====== ================ ============== ============== =============
=============
-GET allow (implicit) \- \- \- allowed
(200)
-POST deny \- \- \- denied
(403)
-HEAD allow (implicit) allow \- \- allowed
(200)
-DELETE allow (implicit) \- deny \- allowed
(200)
-PURGE allow (implicit) \- \- deny allowed
(200)
-PUSH allow (implicit) \- \- deny allowed
(200)
-====== ================ ============== ============== =============
=============
+With the "Modern" policy, the :file:`ip_allow.yaml` rule as well as all of the
+filter rules would trigger a fatal error message and |TS| would not start. The
+user would need to transition to ``set_allow``, ``set_deny``, ``add_allow``,
and
+``add_deny`` actions.
+
+So let's try a set of conversions like that and consider the following updated
example:
+
+::
+
+ # ip_allow.yaml
+ ip_allow:
+ - apply: in
+ ip_addrs: [0/0, ::/0]
+ action: set_deny
+ method: [PURGE, PUSH]
+
+ # remap.config
+ .definefilter named-filter-1 @action=add_allow @method=HEAD
+ .definefilter named-filter-2 @action=add_deny @method=DELETE
+
+ .activatefilter named-filter-1
+ .activatefilter named-filter-2
+
+ map http://www.example.com/ http://internal.example.com/ @action=set_deny
@method=POST
+
+
+In this case, we changed the :file:`ip_allow.yaml` rule to use ``set_deny``
+instead of ``deny``. This makes it function as it did before in the previous
+example. Also, we changed the two named filter actions to ``add_allow`` and
+``add_deny``. Again, this makes them function as they did in legacy mode.
+Finally, we changed the in-line filter action to ``set_deny`` which changes its
+behavior to be like that of an :file:`ip_allow.yaml` rule: it will deny all
POST
+requests and allow all other requests.
+
+====== ================ ============== ============== ================
=============
+Method In-line Filter Named Filter 1 Named Filter 2 ip_allow.yaml result
+====== ================ ============== ============== ================
=============
+GET allow \- \- allow (implicit) allowed
(200)
+POST deny \- \- allow (implicit) denied
(403)
+HEAD allow allow \- allow (implicit) allowed
(200)
+DELETE allow \- deny allow (implicit) allowed
(200)
+PURGE allow \- \- delete allowed
(200)
+PUSH allow \- \- delete allowed
(200)
+====== ================ ============== ============== ================
=============
Review Comment:
We can simply say like this
```
====== ================ ============== ============== =============
=============
Method In-line Filter Named Filter 1 Named Filter 2 ip_allow.yaml result
====== ================ ============== ============== =============
=============
GET allow \- \- allow allowed
(200)
POST deny \- \- allow denied
(403)
HEAD allow allow \- allow allowed
(200)
DELETE allow \- deny allow allowed
(200)
PURGE allow \- \- deny allowed
(200)
PUSH allow \- \- deny allowed
(200)
====== ================ ============== ============== =============
=============
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
