[SR-Users] permissions.allow in conjunction with trusted table
Ben Hood
0x6e6562 at gmail.com
Mon Mar 5 17:40:55 CET 2018
On Mon, Mar 5, 2018 at 9:42 AM, Ben Hood <0x6e6562 at gmail.com> wrote:
> I'd like to trust HTTP requests from internal subnets and use the
> trusted table to manage permissions from external networks.
>
> Is there a way to configure permissions.allow to trust everything on a
> local subnet and use the DB table for everything else? Does the
> permissions module even work in that way (i.e. to use two sources of
> trust)?
>
> If so, what is the permissions.allow syntax to trust a CIDR?
In the end I put a subnet check into the xhttp route:
event_route[xhttp:request] {
if(src_ip!=172.16.176.0/24) {
xhttp_reply("403", "Forbidden", "text/html", "<html><body>Really
not allowed from $si</body></html>");
exit;
}
...
}
This HTTP event handling appears to be independent of the permissions
module, which is what I wanted to achieve.
More information about the sr-users
mailing list