> On Jan 12, 2015, at 11:42 AM, James Peach <[email protected]> wrote:
>
>
>> On Jan 12, 2015, at 9:23 AM, Paul Tader <[email protected]> wrote:
>>
>>>
>>> On Jan 9, 2015, at 3:51 PM, Paul Tader <[email protected]> wrote:
>>>
>>>>
>>>> On Jan 9, 2015, at 3:38 PM, Leif Hedstrom <[email protected]> wrote:
>>>>
>>>>
>>>>> On Jan 9, 2015, at 2:29 PM, Paul Tader <[email protected]> wrote:
>>>>>
>>>>> Doesn’t this break the forward proxy then?
>>>>>
>>>>> # To enable forward proxy, you must turn off remap_required
>>>>> CONFIG proxy.config.url_remap.remap_required INT 1
>>>>
>>>> That’s somewhat confusing. remap_required disables “open forward
>>>> proxying”. ATS actually doesn’t know / care about forward vs reverse
>>>> proxy, it’s just a matter of what requests you allow through. What this
>>>> setting is saying “Without an explicit rule matching in remap.config, deny
>>>> the request”. There’s a similar one for reverse proxy.
>>>>
>>>> — Leif
>>>>
>>>
>>> Ok, thanks for clearing that up. What that said, I kept the setting at “1”
>>> and changed the remap.config file to what’s listed below. Unfortunately I
>>> was still able to to connect to sites not listed in remap.config.
>>>
>>> .defflt internal_only @action=allow @src_ip=10.0.0.0-255.255.255.255
>>>
>>> .useflt internal_only
>>> map https://www.facebook.com https://www.facebook.com
>>> map https://www.yahoo.com https://www.yahoo.com
>>> map http://finance.yahoo.com http://finance.yahoo.com
>>>
>>>
>>> 1420840183.867 126 10.1.2.3 TCP_MISS/200 38458 GET
>>> http://www.oracle.com/index.html - DIRECT/www.oracle.com text/html -
>>>
>>> Not sure it matters, but I also have our networks IP’s listed in
>>> ip_allow.config.
>>>
>>
>> Is there an equivilent to .deactivatefilter in ATS 3?
>
> "unusefilter", "deactivatefilter", "unactivefilter", deuseflt", and
> "unuseflt" are all synonyms. I thought that they had all been there forever,
> but maybe some synonyms were not present in 3 ...
>
> J
I was hoping, but I don’t see those directives in the documentation and when
adding that text I’m met with an error:
[Jan 12 18:23:54.607] Server {47752783210240} WARNING: Could not add rule at
line #151; Aborting!
I was hoping to replicate what is in later ATS versions, for example:
[remap.config]
.defflt disable_all @action=deny
.defflt internal_only @action=allow
.useflt disable_all
.useflt internal_only
map http://url.com <http://url.com/> http://url.com <http://url.com/>
map http://url2.com <http://url2.com/> http://url2.com <http://url2.com/>
map http://url3.com <http://url3.com/> http://url3.com <http://url3.com/>
.disableflt internal_only
(all other sites should be blocked).
[remap.config end]
…kind of replicating what iptables does, fall through until you match a rule.
