Ubuntu Manpage: ip_allow.config - Traffic Server IP access control configuration file

Provided by: trafficserver_5.3.0-2ubuntu2_amd64

NAME

       ip_allow.config - Traffic Server IP access control configuration file

       The ip_allow.config file controls client access to the Traffic Server proxy cache. You can specify ranges
       of  IP  addresses  that  are allowed to use the Traffic Server as a web proxy cache. After you modify the
       ip_allow.config file, navigate to the Traffic Server bin directory and run the traffic_line -x command to
       apply changes. When you apply the changes to a node in a cluster, Traffic  Server  automatically  applies
       the changes to all other nodes in the cluster.

FORMAT

       Each line in the ip_allow.config file must have the following format:

          src_ip=<range of IP addresses> action=<action> [method=<list of methods separated by '|'>]

       where src_ip is the IP address or range of IP addresses of the client(s). The action ip_allow enables the
       specified  client(s) to access the Traffic Server proxy cache, and ip_deny denies the specified client(s)
       to access the Traffic  Server  proxy  cache.  Multiple  method  keywords  can  be  specified  (method=GET
       method=HEAD),  or  multiple  methods  can be separated by an '|' (method=GET|HEAD). The method keyword is
       optional and it is defaulted to ALL. This supports ANY string as the HTTP method, meaning  no  validation
       is  done to check wether it is a valid HTTP method. This allows you to create filters for any method that
       your origin may require, this is especially  useful  if  you  use  newer  methods  that  aren't  know  to
       trafficserver (such as PROPFIND) or if your origin uses an http-ish protocol.

       By  default, the ip_allow.config file contains the following lines, which allows all methods to localhost
       to access the Traffic Server proxy cache and denies PUSH, PURGE and DELETE to all IPs (note  this  allows
       all other methods to all IPs):

          src_ip=127.0.0.1                                  action=ip_allow method=ALL
          src_ip=::1                                        action=ip_allow method=ALL
          src_ip=0.0.0.0-255.255.255.255                    action=ip_deny  method=PUSH|PURGE|DELETE
          src_ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff action=ip_deny  method=PUSH|PURGE|DELETE

EXAMPLES

       The following example enables all clients to access the Traffic Server proxy cache:

          src_ip=0.0.0.0-255.255.255.255 action=ip_allow

       The following example allows all clients on a specific subnet to access the Traffic Server proxy cache:

          src_ip=123.12.3.000-123.12.3.123 action=ip_allow

       The following example denies all clients on a specific subnet to access the Traffic Server proxy cache:

          src_ip=123.45.6.0-123.45.6.123 action=ip_deny

COPYRIGHT

       2014, dev@trafficserver.apache.org

5.3                                              April 18, 2016                               IP_ALLOW.CONFIG(5)