trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: forward proxy - Restricting domains.
Date Mon, 12 Jan 2015 17:42:10 GMT

> On Jan 12, 2015, at 9:23 AM, Paul Tader <ptader@collectivei.com> wrote:
> 
>> 
>> On Jan 9, 2015, at 3:51 PM, Paul Tader <ptader@collectivei.com> wrote:
>> 
>>> 
>>> On Jan 9, 2015, at 3:38 PM, Leif Hedstrom <zwoop@apache.org> wrote:
>>> 
>>> 
>>>> On Jan 9, 2015, at 2:29 PM, Paul Tader <ptader@collectivei.com> wrote:
>>>> 
>>>> Doesn’t this break the forward proxy then?
>>>> 
>>>>  # To enable forward proxy, you must turn off remap_required
>>>> CONFIG proxy.config.url_remap.remap_required INT 1
>>> 
>>> That’s somewhat confusing. remap_required disables “open forward proxying”.
ATS actually doesn’t know / care about forward vs reverse proxy, it’s just a matter of
what requests you allow through. What this setting is saying “Without an explicit rule matching
in remap.config, deny the request”. There’s a similar one for reverse proxy.
>>> 
>>> — Leif
>>> 
>> 
>> Ok, thanks for clearing that up.  What that said, I kept the setting at “1” and
changed the remap.config file to what’s listed below.  Unfortunately I was still able to
to connect to sites not listed in remap.config.  
>> 
>> .defflt  internal_only @action=allow  @src_ip=10.0.0.0-255.255.255.255
>> 
>> .useflt internal_only
>> map https://www.facebook.com    https://www.facebook.com
>> map https://www.yahoo.com       https://www.yahoo.com
>> map http://finance.yahoo.com    http://finance.yahoo.com
>> 
>> 
>> 1420840183.867 126 10.1.2.3 TCP_MISS/200 38458 GET http://www.oracle.com/index.html
- DIRECT/www.oracle.com text/html -
>> 
>> Not sure it matters, but I also have our networks IP’s listed in ip_allow.config.
 
>> 
> 
> Is there an equivilent to .deactivatefilter in ATS 3?

"unusefilter", "deactivatefilter", "unactivefilter", deuseflt", and "unuseflt" are all synonyms.
I thought that they had all been there forever, but maybe some synonyms were not present in
3 ...

J
Mime
View raw message