The ts.server_request.server_addr.get_addr() patch patches just fine against 5.2.0 (or at least the .c files do; I didn't try the CHANGES or ts_lua.en.rst files) and is *exactly* what I was looking for.
Now with a hook into TS_LUA_HOOK_OS_DNS, I can check the backend IP and return a 403 via ts.server_intercept (though I'll take any advice on the most efficient hook and most efficient way of doing the 403 -- I was also setting the status manually and returning 1 from the hook previously, but I don't think that gets cached). Thanks! On Tue, Jan 13, 2015 at 1:09 AM, Luca Rea <[email protected]> wrote: > Hi, > I’ve compiled ATS to run as “ats” user (uid: 501) and configured iptables > to filter origin IPs: > > > -A OUTPUT -m tcp -p tcp ! --sport 8080 -m owner --uid-owner 501 -d > 172.16.0.0/12 -j REJECT >
