Hi, I think what you need is currently missing from the ts_lua plugin. We can provide something like this
ts.server_request.server_addr.get_addr() similar to ts.client_request.client_addr.get_addr() as mentioned here - https://docs.trafficserver.apache.org/en/latest/reference/plugins/ts_lua.en.html It should be using the ts api TSHttpTxnServerAddrGet() behind the scene. I have already filed a new Jira ticket for it - https://issues.apache.org/jira/browse/TS-3290 I can work on it by Wednesday or Thursday after i am done with my other errands. Thanks. Kit On Sun, Jan 11, 2015 at 7:40 PM, Mark Moseley <[email protected]> wrote: > Hi. I'm looking at the TS_LUA_HOOK_OS_DNS hook or > TS_LUA_HOOK_SEND_REQUEST_HDR as a way to do a fail-safe way of filtering > *origin* IPs. Obviously this could be done at the onboard firewall level, > but I thought it'd be neat to be able to do something a bit more in-line > (and it's fun to play with Lua). > > But despite the aforementioned hooks, there doesn't seem to be anywhere in > the 'ts' table that holds what the origin's DNS hostname was resolved to. > Does that get stored anywhere that ts_lua has access to? ts.server_request > seemed most promising but none of the functions in there seem to return > anything like the origin IP. > > If there were something accessible with the origin IP, then I could do a > sanity check like, pseudo-code-wise: for ip in goodips, does origin IP > match ip, and if none match, then return a 403 or 400 or something. > > I'm coming up blank looking through the API and source code, but I may be > missing something obvious (or more likely, just looking for the wrong > thing). > > Even better (and I've had no luck finding this either) would be something > built-in that contains a list of permitted origin IP blocks, like > ip_allow.config but for the backend request (and again, there might be but > I'm grepping+googling for the wrong thing). > > Thanks! >
