On Wed, Jul 22, 2020 at 8:22 AM Trilok Nathreddy <[email protected]> wrote:
> Team, > > Need advise on the below queries in forward proxy deployment as we are > exploring possibilites to embrace ATS as solution. > > - ATS by default allows everything on port 8080, do we have any option to > configure only specific URL only to be forwarded out and if any source ip > based restrictions be deployed. > That shouldn't be true. By default, ATS shouldn't allow anything through - the default config should return "404 - Not Found on Accelerator". This is because the default is to only forward requests that are matched in "remap.config". There is an option to disable this and make an open forwarding proxy, but that should be off in a default build. https://docs.trafficserver.apache.org/en/8.0.x/admin-guide/files/records.config.en.html?highlight=remap_required#proxy.config.url_remap.remap_required There is the "ip_allow.yaml" which provides some source based IP controls. You may also be able to put source IP address restrictions on remap rules. https://docs.trafficserver.apache.org/en/8.0.x/admin-guide/files/remap.config.en.html#acl-filters but there have been reports that it's a bit flaky. If you're willing to be bold, one of my projects is a plugin with this feature, Transaction Box. We have deployed it internally in production but it's still mostly alpha state. http://docs.solidwallofcode.com/txn_box/ > -Is it possible to have multiple listeners, is it we can add multiple > lines for server ports in the records.config file > You can list multiple listen ports for ATS. There really isn't a fixed upper limit, but eventually you'll run out of resources. You should easily be able to have 100+ listening ports. > -Does it support vrrp in case we dont wish to use NLB > I'm not aware of any, > -Do we have any option of centralised mgmt > The best option there might be Traffic Control - https://trafficcontrol.apache.org/ > > Appreciate your response > > Regards > Trilok > 9949994745 > >
