ip_allow.config would also work to allow inbound connections only from specific (client) IP addresses. Note that remap works for forward proxy therefore a remap.config could force all requests to the target. Alternatively, since ip_allow.config now supports outbound controls that could be set to allow outbound connections to only that specific IP address.
On Monday, June 19, 2017, 8:36:22 AM CDT, Leif Hedstrom <[email protected]> wrote: Why can't you run this as a reverse proxy? Have all your service names in DNS point to the same IP running the proxy server, and add appropriate map rules for each one to the respective service IP (which are 1918 ranges I assume). You then want to require remap n the config she, which disables ATS as an open forward proxy. In this scenario you likely want to enable the pristine host header configuration as well. -- Leif On Jun 19, 2017, at 5:24 AM, salil GK <[email protected]> wrote: Hi James Yes traffic server has different mechanism to do authentication. Most secure way is to make the port as ssl port CONFIG proxy.config.http.server_ports STRING 8445:ssl take a look at the following parameter on how to control client access CONFIG proxy.config.ssl.client.certification_level INT 2 origin server access can be controlled by writing/modifying plugin. for authentication you may consider auth plugin Thanks~S On 19 June 2017 at 16:02, James P <[email protected]> wrote: I have an application (C# software) that has been running on several clients. This application access a webservice from another company (ABC, for instance). However, in order to ensure protection, ABC company is now forcing us to use a single IP to use its webservice. Therefore, all my C# applications (in several different clients) needs to access using same IP. I have installed Apache Traffic Server as forward proxy and everything is working fine. The problem is that it is working as an open proxy and I know this is very risky. How can I keep this solution with Traffic Server and add some security? 1. Is it possible to use some form of authenticated requests in Traffic Server?2. Is it possible to force the proxy to redirect all access the a webservice.abc-company.com domain? Therefore, it would not be an open proxy. Regards,Jameshdx80
