Provided by: trafficserver_7.1.2+ds-3_amd64 bug

NAME

       ip_allow.config - Traffic Server IP access control configuration file

       The  ip_allow.config  file  controls  client  access to the Traffic Server proxy cache and
       Traffic Server connections to the servers. You can specify ranges of IP addresses that are
       allowed  to use the Traffic Server as a web proxy cache or that are allowed to be remapped
       by Traffic Server. After you modify the ip_allow.config  file,  navigate  to  the  Traffic
       Server  bin directory and run the traffic_ctl config reload command to apply changes. When
       you apply the changes to a node in a cluster, Traffic  Server  automatically  applies  the
       changes to all other nodes in the cluster.

FORMAT

       Each line in the ip_allow.config file must have the following format:

          src_ip=<range of IP addresses> action=<action> [method=<list of methods separated by '|'>]
          dest_ip=<range of IP addresses> action=<action> [method=<list of methods separated by '|'>]

       where  src_ip  is  the IP address or range of IP addresses of the client(s) and dest_ip is
       the IP address or range of IP addresses of the server(s). When src_ip  is  indicated,  the
       action  ip_allow enables the specified client(s) to access the Traffic Server proxy cache,
       and ip_deny denies the specified client(s) to access the Traffic Server proxy cache.  When
       dest_ip  is  indicated,  the  action  ip_allow  enables  the  Traffic Server to access the
       specified server(s), and ip_deny  denies  the  Traffic  Server  to  access  the  specified
       server(s).   Multiple  method  keywords  can  be  specified  (method=GET  method=HEAD), or
       multiple methods can be separated by an  '|'  (method=GET|HEAD).  The  method  keyword  is
       optional  and it is defaulted to ALL. This supports ANY string as the HTTP method, meaning
       no validation is done to check whether it is a valid  HTTP  method.  This  allows  you  to
       create  filters  for any method that your origin may require, this is especially useful if
       you use newer methods that aren't know to trafficserver (such  as  PROPFIND)  or  if  your
       origin uses an http-ish protocol.

       By  default,  the  ip_allow.config  file  contains  the  following lines, which allows all
       methods to localhost to access the Traffic Server proxy cache and denies PUSH,  PURGE  and
       DELETE to all IPs (note this allows all other methods to all IPs):

          src_ip=127.0.0.1                                  action=ip_allow method=ALL
          src_ip=::1                                        action=ip_allow method=ALL
          src_ip=0.0.0.0-255.255.255.255                    action=ip_deny  method=PUSH|PURGE|DELETE
          src_ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff action=ip_deny  method=PUSH|PURGE|DELETE

EXAMPLES

       The following example enables all clients to access the Traffic Server proxy cache:

          src_ip=0.0.0.0-255.255.255.255 action=ip_allow

       The following example allows all clients on a specific subnet to access the Traffic Server
       proxy cache:

          src_ip=123.12.3.000-123.12.3.123 action=ip_allow

       The following example denies all clients on a specific subnet to access the Traffic Server
       proxy cache:

          src_ip=123.45.6.0-123.45.6.123 action=ip_deny

       The following example enables the Traffic Server to access all servers:

          dest_ip=0.0.0.0-255.255.255.255 action=ip_allow

       The  following  example  denies  the  Traffic  Server  to access all servers on a specific
       subnet:

          dest_ip=10.0.0.0-10.0.0.255 action=ip_deny

COPYRIGHT

       2018, dev@trafficserver.apache.org