maskit commented on PR #12338: URL: https://github.com/apache/trafficserver/pull/12338#issuecomment-3222084527
@jeredfloyd Unfortunately, `@in_ip` doesn't work as you expect. It's just an additional ACL that will be checked AFTER remapping. If I have this remap rule below on my remap.config and I accessed the ATS like `curl http://127.0.0.1:8080/`, it returns `403 Access Denied`. Not `404 Not Found on Accelerator`. ``` map / http://origin:8888/file1 @action=allow @in_ip=192.168.0.1 ``` That means the remap rule matched where the interface/address used is 127.0.0.1. And having these two causes an error and ATS doesn't start up, because the mapping rules are identical from remap perspective. ``` map / http://origin:8888/file1 @action=allow @in_ip=192.168.0.1 map / http://origin:8888/file2 @action=allow @in_ip=127.0.0.1 ``` So `@in_proto` could be added as an ACL condition, but it can't be used when ATS lookups a remap rule that matches. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: github-unsubscr...@trafficserver.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
