[
https://issues.apache.org/jira/browse/TS-4098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15441643#comment-15441643
]
Alan M. Carroll commented on TS-4098:
-------------------------------------
At least that. Let me outline how I think it should work.
The ACL filters should act in a LIFO manner, so the most recently added filter
is checked first. The result is the policy for the first match. The IpAllow
ACLS are treated as the first in, last matched rules. I think this is the
easiest model to use. Conceptually it is identical to lexical scoping, with the
IpAllow rules filling in for globals. Each {{.addfilter}} creates a scope in
which it applies, with nested {{.addfilter}} overriding (on match) the previous
filters. Filter rules applied directly to a rule are matched first.
* IPAllow application is easy to explain - if no filter in {{remap.config}}
applies, then IPAllow rules apply.
* Making exceptions is easy - for a single rule, just put it on the rule. For
more than one, {{.addfilter}} before and {{.removefilter}} after.
* Changing the default for remap is easy, just put a {{.addfilter}} at the top
of {{remap.config}}.
* This should be easy to implement.
The current documentation is so vague that I think we could just change it to
say this and not contradict what's there now.
Bryan's case is handled by setting a global deny rule at the top of the file.
Then the rule will behave as desired.
> Remap filtering isn't working to only allow certain methods
> -----------------------------------------------------------
>
> Key: TS-4098
> URL: https://issues.apache.org/jira/browse/TS-4098
> Project: Traffic Server
> Issue Type: Bug
> Components: HTTP
> Reporter: Bryan Call
> Assignee: Quinn Lertratanakul
> Fix For: 7.0.0
>
>
> Limiting a remap rule to only use a certain methods doesn't work. Also the
> Via header comes back with wrong information:
> {code}
> Proxy request results:
> Request headers received from client:simple request (not conditional)
> Result of Traffic Server cache lookup for URL:no cache lookup performed
> Response information received from origin server:no server connection needed
> Result of document write-to-cache:no cache write performed
> Proxy operation result:unknown?
> Error codes (if any):no error
> Operational results:
> Tunnel info:tunneling due to a method (e.g. CONNECT)
> Cache-type and cache-lookup cache result values:cache miss or no cache lookup
> / no cache lookup
> ICP status:no icp
> Parent proxy connection status:no parent proxy
> Origin server connection status:connection opened successfully
> {code}
> Example remap rule:
> {code}
> map / http://127.0.0.1/ @method=GET @action=allow
> {code}
> Curl request and the 501 is from the origin:
> {code}
> curl -s -D - -o /dev/null -X xxx http://127.0.0.1:8080/
> HTTP/1.1 501 Not Implemented
> Date: Tue, 22 Dec 2015 19:34:43 GMT
> Server: ATS/6.1.0
> Allow: GET,HEAD,POST,OPTIONS,TRACE
> Content-Length: 201
> Content-Type: text/html; charset=iso-8859-1
> Age: 0
> Connection: keep-alive
> Via: http/1.1 homer.bryancall.com (ApacheTrafficServer/6.1.0 [uSc s f p
> eN:tMc i p sS])
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
