trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Susan Hinrichs <shinr...@verizonmedia.com>
Subject Re: Query regarding proxy.config.ssl.client.certification_level
Date Tue, 03 Dec 2019 15:12:07 GMT
Yes, ip_allow takes a list of IP's.  I think it takes ranges as well.  You
may also need a fqdn value.

No, sni.yaml does not make an appearance until 8.x as
ssl_server_name.yaml.  The file becomes sni.yaml in 9.0.x.

Susan

On Tue, Dec 3, 2019 at 8:23 AM supraja sridhar <suprajasridhar95@gmail.com>
wrote:

> Also, does sni.yaml exist in ATS 7.1.1?
>
> Thanks
> Supraja
>
> On Tue, Dec 3, 2019 at 9:32 AM supraja sridhar <suprajasridhar95@gmail.com>
> wrote:
>
>> Thanks. Will ip_allow take IPs as input. Is the following a valid example
>> ?
>> sni
>>     ip_allow: x.y.z.a
>>     verify_client: MODERATE
>>
>>
>> On Mon, Nov 25, 2019 at 11:59 PM Susan Hinrichs <
>> shinrich@verizonmedia.com> wrote:
>>
>>> You can specialize the client certificate requirements using sni.yaml.
>>> So only request it for specific domain names.  There is also an ip_allow
>>> action in sni.yaml (which I see is not documented) which would allow to
>>> control requiring client certificate based on the peer's IP.
>>>
>>>
>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/sni.yaml.en.html?highlight=sni%20yaml#std:configfile-sni.yaml
>>>
>>> I'll work on putting up a PR with some documentation on the ip_allow
>>> action.
>>>
>>> Susan
>>>
>>> On Sun, Nov 24, 2019 at 11:09 PM supraja sridhar <
>>> suprajasridhar95@gmail.com> wrote:
>>>
>>>> Hello,
>>>>
>>>> I understand that -
>>>> proxy.config.ssl.client.certification_level provides the option to
>>>> enable/disable client certificate verification across all connections. Is
>>>> it possible to skip client certificate verification based on source IP?
>>>>
>>>>
>>>> Thanks,
>>>> Supraja
>>>>
>>>
>>
>> --
>> Regards,
>> S.SUPRAJA
>> MIT
>>
>
>
> --
> Regards,
> S.SUPRAJA
> MIT
>

Mime
View raw message