Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

L7 IP blocking #216

Open
7 tasks
krizhanovsky opened this issue Apr 17, 2022 · 0 comments
Open
7 tasks

L7 IP blocking #216

krizhanovsky opened this issue Apr 17, 2022 · 0 comments
Labels
enhancement New feature or request
Milestone
Backlog

Comments

@krizhanovsky
Copy link
Contributor

krizhanovsky commented Apr 17, 2022
edited
Loading

Need to test functionality from tempesta-tech/tempesta#934 :

  • check block_ip on with and without the new trusted_ip_from option without any forwarded headers
  • the same as before, but for Forwarded, X-Forwarded-For, X-Real-IP (see [RFC 7239] Forwarded HTTP header & X-Real-IP tempesta#1350) . One value per a header and different order of the headers must be tested.
  • Forwarded, X-Forwarded-For, X-Real-IP should be mangled, probably on the fuzzer level
  • test HTTP limits - the client key must be computed the resolved client IP (e.g. there should be 2 different resource usage counters for the same IP and different Forwarded values)
  • test that trusted_ip_from works in recursive fashion, i.e. doesn't stop on a trusted IP
  • check that IPs and subnets in both IPv4 and IPv6 formats are correctly handled for trusted_ip_from. Test many entries for the config option.
  • Test dynamic configuration reloading with different trusted_ip_from values
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
1 participant
@krizhanovsky