dneuman64 opened a new issue #5038: URL: https://github.com/apache/trafficcontrol/issues/5038
<!-- ************ STOP!! ************ If this issue identifies a security vulnerability, DO NOT submit it! Instead, contact the Apache Software Foundation Security Team at [email protected] and follow the guidelines at https://www.apache.org/security/ regarding vulnerability disclosure. - For *SUPPORT QUESTIONS*, use the [Traffic Control slack channels](https://traffic-control-cdn.slack.com) or [Traffic Control mailing lists](http://trafficcontrol.apache.org/mailing_lists/). - Before submitting, please **SEARCH GITHUB** for a similar issue or PR. --> ## I'm submitting a ... <!-- delete all those that don't apply --> <!--- security vulnerability (STOP!! - see above)--> - new feature / enhancement request ## Traffic Control components affected ... <!-- delete all those that don't apply --> - Documentation - Traffic Portal ## Current behavior: <!-- Describe how the bug manifests / how the current features are insufficient. --> Currently, a user can add an IP for a server with an unreasonable CIDR. This is specifically true for IPv6 where CIDRs are commonly included with the IP Address. We would usually expect a /64 with an IP but a user can enter something like a /12. This leads to issues with the way ip_allow.config is generated on caches which can result in requests being incorrectly denied. ## Expected / new behavior: <!-- Describe what the behavior would be without the bug / how the feature would improve Traffic Control --> If a user enters less than a /64 for IPv6 and less than a /27 for Ipv4, Traffic Portal should show the user a warning and make sure they really want to enter a CIDR that large. ## Minimal reproduction of the problem with instructions: <!-- If the current behavior is a bug or you can illustrate your feature request better with an example, please provide the *STEPS TO REPRODUCE* and include the applicable TC version. --> Create a new server, add an IPv6 with a /30 and a IPv4 with a /24. ## Anything else: <!-- e.g. stacktraces, related issues, suggestions how to fix --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
