.\" Man page generated from reStructuredText. . .TH "IP_ALLOW.CONFIG" "5" "January 24, 2017" "7.0" "Apache Traffic Server" .SH NAME ip_allow.config \- Traffic Server IP access control configuration file . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .sp The \fI\%ip_allow.config\fP file controls client access to the Traffic Server proxy cache. You can specify ranges of IP addresses that are allowed to use the Traffic Server as a web proxy cache. After you modify the \fI\%ip_allow.config\fP file, navigate to the Traffic Server bin directory and run the \fItraffic_ctl config reload\fP command to apply changes. When you apply the changes to a node in a cluster, Traffic Server automatically applies the changes to all other nodes in the cluster. .SH FORMAT .sp Each line in the \fI\%ip_allow.config\fP file must have the following format: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C src_ip= action= [method=] .ft P .fi .UNINDENT .UNINDENT .sp where src_ip is the IP address or range of IP addresses of the client(s). The action \fBip_allow\fP enables the specified client(s) to access the Traffic Server proxy cache, and \fBip_deny\fP denies the specified client(s) to access the Traffic Server proxy cache. Multiple method keywords can be specified (method=GET method=HEAD), or multiple methods can be separated by an \(aq|\(aq (method=GET|HEAD). The method keyword is optional and it is defaulted to ALL. This supports ANY string as the HTTP method, meaning no validation is done to check wether it is a valid HTTP method. This allows you to create filters for any method that your origin may require, this is especially useful if you use newer methods that aren\(aqt know to trafficserver (such as PROPFIND) or if your origin uses an http\-ish protocol. .sp By default, the \fI\%ip_allow.config\fP file contains the following lines, which allows all methods to localhost to access the Traffic Server proxy cache and denies PUSH, PURGE and DELETE to all IPs (note this allows all other methods to all IPs): .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C src_ip=127.0.0.1 action=ip_allow method=ALL src_ip=::1 action=ip_allow method=ALL src_ip=0.0.0.0\-255.255.255.255 action=ip_deny method=PUSH|PURGE|DELETE src_ip=::\-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff action=ip_deny method=PUSH|PURGE|DELETE .ft P .fi .UNINDENT .UNINDENT .SH EXAMPLES .sp The following example enables all clients to access the Traffic Server proxy cache: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C src_ip=0.0.0.0\-255.255.255.255 action=ip_allow .ft P .fi .UNINDENT .UNINDENT .sp The following example allows all clients on a specific subnet to access the Traffic Server proxy cache: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C src_ip=123.12.3.000\-123.12.3.123 action=ip_allow .ft P .fi .UNINDENT .UNINDENT .sp The following example denies all clients on a specific subnet to access the Traffic Server proxy cache: .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C src_ip=123.45.6.0\-123.45.6.123 action=ip_deny .ft P .fi .UNINDENT .UNINDENT .SH COPYRIGHT 2015, dev@trafficserver.apache.org .\" Generated by docutils manpage writer. .