Return-Path: X-Original-To: apmail-trafficserver-users-archive@www.apache.org Delivered-To: apmail-trafficserver-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E3DAEDAE0 for ; Tue, 23 Oct 2012 20:58:10 +0000 (UTC) Received: (qmail 80090 invoked by uid 500); 23 Oct 2012 20:58:10 -0000 Delivered-To: apmail-trafficserver-users-archive@trafficserver.apache.org Received: (qmail 80045 invoked by uid 500); 23 Oct 2012 20:58:10 -0000 Mailing-List: contact users-help@trafficserver.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@trafficserver.apache.org Delivered-To: mailing list users@trafficserver.apache.org Received: (qmail 80037 invoked by uid 99); 23 Oct 2012 20:58:10 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Oct 2012 20:58:10 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS,T_FRT_CONTACT X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of luca.rea@contactlab.com designates 93.94.35.252 as permitted sender) Received: from [93.94.35.252] (HELO mail1.corporate.smtp.contactlab.it) (93.94.35.252) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Oct 2012 20:58:03 +0000 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=corp02; d=contactlab.com; h=From:To:Subject:Date:Message-ID:In-Reply-To:Content-Type:Content-Transfer-Encoding:MIME-Version; i=luca.rea@contactlab.com; bh=4A+/stRyLqNgJp+hNsIEc454t5I=; b=Nxjnk5Y3DIbquTYZNW1m1VcXt8hd4uaTCvTZr/AK9EisxxVSS6q4V4H66hmHIfYJkVIgxDtR5Wb4 AwBQzPrIjEzkU5wxmLtaqzHgRQO15aPO+wO0et7hTFWqc13MYJCm04KwQRhK9ZfJ1u3mtKlxFfyq RZIp0vlnZtn4kpzxkks= Received: by mail1.corporate.smtp.contactlab.it id hgs2dm196dsr for ; Tue, 23 Oct 2012 22:57:43 +0200 (envelope-from ) From: Luca Rea To: "'users@trafficserver.apache.org'" Subject: R: Re: Allow only one host access to sub-url Thread-Topic: Re: Allow only one host access to sub-url Thread-Index: AQHNsVFp70rQjfBpfEOCY/xgz37tfpfHRNEM///hqgCAADj2fg== Date: Tue, 23 Oct 2012 20:57:39 +0000 Message-ID: <954D23549BF60D4488191378EE57420B026BB40B@BEAR.tomatowin.local> In-Reply-To: Accept-Language: it-IT, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.16.7.108] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org map https://www.example.com/service/ http://backend.example.com/service/ @src_ip=3D0.0.0.0-192.168.11.10 @action=3Ddeny @src_ip=3D192.168.11.11 @action=3Dallow @src_ip=3D192.168.11.12-254.254.254.254 @action=3Ddeny Luca Rea Reparto IT System engineer __________________________________ ContactLab s.r.l. Via Natale Battaglia 12 20127 Milano Tel. +39.02.283118.1 Fax. +39.02.70030269 http://www.contactlab.com __________________________________ E-mail & E-marketing Evolution ----- Messaggio originale ----- Da: Jan-Frode Myklebust [mailto:janfrode@tanso.net] Inviato: Tuesday, October 23, 2012 09:33 PM=0A= A: users@trafficserver.apache.org Oggetto: Re: Allow only one host access to sub-url On Tue, Oct 23, 2012 at 9:22 PM, Luca Rea wrote: > Try this: > map https://www.example.com/service/ > http://backend.example.com/service/ @src_ip=3D0.0.0.0-8.8.8.7 @action=3Dd= eny @src_ip=3D8.8.8.8 @action=3Dallow > @src_ip=3D8.8.8.9-254.254.254.254 @action=3Ddeny > I tried this now: map https://www.example.com/service/ http://backend.example.com/service/ @src_ip=3D0.0.0.0-192.168.11.10 @action=3Ddeny @src_ip=3D192.168.11.11 @action=3Dallow @src_ip=3D192.168.11.12-254.254.254.254 @action=3Ddeny and when connecting from 192.168.11.11 i get 403: $ GET https://www.example.com/service/ |head -1 Access Denied and in the common.log: 192.168.11.11 - - [23/Oct/2012:21:31:13 +0100] "GET http://backend.example.com/service/ HTTP/1.1" 403 228 -jf