Mailing-List: contact users-help@trafficserver.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@trafficserver.apache.org
Received-SPF: pass (athena.apache.org: domain of moseleymark@gmail.com
 designates 209.85.223.175 as permitted sender)
MIME-Version: 1.0
Date: Sun, 11 Jan 2015 19:40:46 -0800
Message-ID: 
 <CAOH1cH=FBXfCmfS35mXK0zZUN=svbXCRtpU9ccxgkcnZK672sA@mail.gmail.com>
Subject: Get Origin IP in Lua
From: Mark Moseley <moseleymark@gmail.com>
To: users@trafficserver.apache.org
Content-Type: multipart/alternative; boundary=001a113ebbf8919534050c6c45d0

--001a113ebbf8919534050c6c45d0
Content-Type: text/plain; charset=UTF-8

Hi. I'm looking at the TS_LUA_HOOK_OS_DNS hook or
TS_LUA_HOOK_SEND_REQUEST_HDR as a way to do a fail-safe way of filtering
*origin* IPs. Obviously this could be done at the onboard firewall level,
but I thought it'd be neat to be able to do something a bit more in-line
(and it's fun to play with Lua).

But despite the aforementioned hooks, there doesn't seem to be anywhere in
the 'ts' table that holds what the origin's DNS hostname was resolved to.
Does that get stored anywhere that ts_lua has access to? ts.server_request
seemed most promising but none of the functions in there seem to return
anything like the origin IP.

If there were something accessible with the origin IP, then I could do a
sanity check like, pseudo-code-wise: for ip in goodips, does origin IP
match ip, and if none match, then return a 403 or 400 or something.

I'm coming up blank looking through the API and source code, but I may be
missing something obvious (or more likely, just looking for the wrong
thing).

Even better (and I've had no luck finding this either) would be something
built-in that contains a list of permitted origin IP blocks, like
ip_allow.config but for the backend request (and again, there might be but
I'm grepping+googling for the wrong thing).

Thanks!

--001a113ebbf8919534050c6c45d0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi. I&#39;m looking at the TS_LUA_HOOK_OS_DNS hook or TS_L=
UA_HOOK_SEND_REQUEST_HDR as a way to do a fail-safe way of=C2=A0filtering *=
origin* IPs. Obviously this could be done at the onboard firewall level, bu=
t I thought it&#39;d be neat to be able to do something a bit more in-line =
(and it&#39;s fun to play with Lua).<div><br></div><div>But despite the afo=
rementioned hooks, there doesn&#39;t seem to be anywhere in the &#39;ts&#39=
; table that holds what the origin&#39;s DNS hostname was resolved to. Does=
 that get stored anywhere that ts_lua has access to? ts.server_request seem=
ed most promising but none of the functions in there seem to return anythin=
g like the origin IP.</div><div><br></div><div>If there were something acce=
ssible with the origin IP, then I could do a sanity check like, pseudo-code=
-wise: for ip in goodips, does origin IP match ip, and if none match, then =
return a 403 or 400 or something.<br><div><br><div>I&#39;m coming up blank =
looking through the API and source code, but I may be missing something obv=
ious (or more likely, just looking for the wrong thing).</div></div></div><=
div><br></div><div>Even better (and I&#39;ve had no luck finding this eithe=
r) would be something built-in that contains a list of permitted origin IP =
blocks, like ip_allow.config but for the backend request (and again, there =
might be but I&#39;m grepping+googling for the wrong thing).</div><div><br>=
</div><div>Thanks!</div></div>

--001a113ebbf8919534050c6c45d0--