Hi,

I think what you need is currently missing from the ts_lua plugin.
We can provide something like this 

ts.server_request.server_addr.get_addr()

similar to 

ts.client_request.client_addr.get_addr()

as mentioned here - https://docs.trafficserver.apache.org/en/latest/reference/plugins/ts_lua.en.html 

It should be using the ts api TSHttpTxnServerAddrGet() behind the scene. 

I have already filed a new Jira ticket for it - https://issues.apache.org/jira/browse/TS-3290

I can work on it by Wednesday or Thursday after i am done with my other errands.

Thanks.

Kit


On Sun, Jan 11, 2015 at 7:40 PM, Mark Moseley <moseleymark@gmail.com> wrote:
Hi. I'm looking at the TS_LUA_HOOK_OS_DNS hook or TS_LUA_HOOK_SEND_REQUEST_HDR as a way to do a fail-safe way of filtering *origin* IPs. Obviously this could be done at the onboard firewall level, but I thought it'd be neat to be able to do something a bit more in-line (and it's fun to play with Lua).

But despite the aforementioned hooks, there doesn't seem to be anywhere in the 'ts' table that holds what the origin's DNS hostname was resolved to. Does that get stored anywhere that ts_lua has access to? ts.server_request seemed most promising but none of the functions in there seem to return anything like the origin IP.

If there were something accessible with the origin IP, then I could do a sanity check like, pseudo-code-wise: for ip in goodips, does origin IP match ip, and if none match, then return a 403 or 400 or something.

I'm coming up blank looking through the API and source code, but I may be missing something obvious (or more likely, just looking for the wrong thing).

Even better (and I've had no luck finding this either) would be something built-in that contains a list of permitted origin IP blocks, like ip_allow.config but for the backend request (and again, there might be but I'm grepping+googling for the wrong thing).

Thanks!