Re: [jetty-dev] Ability to specify negative rules in IPAccessHandler

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-dev] Ability to specify negative rules in IPAccessHandler

From: Jesse McConnell <jesse.mcconnell@xxxxxxxxx>
Date: Thu, 17 Oct 2013 16:53:12 -0500
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-dev>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>

sorry, we have been swamped....these should be looked at soon, hang in there :)
--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx


On Sat, Oct 5, 2013 at 7:14 AM, Constantine <theaspect@xxxxxxxxx> wrote:
> Well, finally I've submitted https://git.eclipse.org/r/17070 and
> https://git.eclipse.org/r/17071
>
>
>
> 2013/9/23 Greg Wilkins <gregw@xxxxxxxxxxx>
>>
>>
>> Firstly the white list implementation needs to be changed from
>> IPAddresMap<PathMap<>> to a PathMap<IPAddressmap<Boolean>>
>> Then we need an option to like
>>
>>   setWhiteListByPath(boolean byPath)
>>
>> which if set to true means that the white list only applies if the path
>> matches.
>>
>> ....or something similar.
>>
>> Looking forward to patch!
>>
>> thanks in advance.
>>
>>
>>
>> On 23 September 2013 14:58, Constantine <theaspect@xxxxxxxxx> wrote:
>>>
>>> You're right. It was counter-intuitive (at least for me) that item in WL
>>> implicitly blocks other items. How do you propose to switch mode? Add option
>>> (boolean or enum) to jetty-ipaccess.xml?
>>>
>>>
>>> 2013/9/23 Greg Wilkins <gregw@xxxxxxxxxxx>
>>>>
>>>> So the semantic is that for /foo/bar only you want a white list of
>>>> 127.0.0.1
>>>> I guess that is the same as saying that for /foo/bar you have a black
>>>> list of all IP's except 127.0.0.1
>>>>
>>>> So how would it work if you wanted to allows requests from 127.0.0.1 and
>>>> 127.0.0.2?  In that case I think white list semantic works better.
>>>>
>>>> So perhaps we need a mode in which a request is white listed IFF it has
>>>> a matching URL in the white list, otherwise the black list applies?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 23 September 2013 14:21, Constantine <theaspect@xxxxxxxxx> wrote:
>>>>>
>>>>> If I add <Item>127.0.0.1|/foo/bar</Item> to whitelist then all URLs
>>>>> except this item will be blocked
>>>>>
>>>>>
>>>>> 2013/9/23 Greg Wilkins <gregw@xxxxxxxxxxx>
>>>>>>
>>>>>> Constantine,
>>>>>>
>>>>>> How is a negative entry in the black list different from just adding
>>>>>> an entry to the white list?
>>>>>>
>>>>>> If you can explain the difference, then patches are very much welcome!
>>>>>> Preferred method is gerrit - see
>>>>>> http://www.eclipse.org/jetty/documentation/current/contributing-patches.html
>>>>>>
>>>>>> cheers
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 22 September 2013 19:28, Constantine <theaspect@xxxxxxxxx> wrote:
>>>>>>>
>>>>>>> e.g. I have single URL which must be accessed only from localhost, so
>>>>>>> I add "^127.0.0.1|/foo/bar" to black list, so whitelist remain empty. I
>>>>>>> could implement it and send a patch.
>>>>>>>
>>>>>>> --
>>>>>>> With Best Regards,
>>>>>>> Constantine
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> jetty-dev mailing list
>>>>>>> jetty-dev@xxxxxxxxxxx
>>>>>>> https://dev.eclipse.org/mailman/listinfo/jetty-dev
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> jetty-dev mailing list
>>>>>> jetty-dev@xxxxxxxxxxx
>>>>>> https://dev.eclipse.org/mailman/listinfo/jetty-dev
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> With Best Regards,
>>>>> Constantine
>>>>>
>>>>> _______________________________________________
>>>>> jetty-dev mailing list
>>>>> jetty-dev@xxxxxxxxxxx
>>>>> https://dev.eclipse.org/mailman/listinfo/jetty-dev
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> jetty-dev mailing list
>>>> jetty-dev@xxxxxxxxxxx
>>>> https://dev.eclipse.org/mailman/listinfo/jetty-dev
>>>>
>>>
>>>
>>>
>>> --
>>> With Best Regards,
>>> Constantine
>>>
>>> _______________________________________________
>>> jetty-dev mailing list
>>> jetty-dev@xxxxxxxxxxx
>>> https://dev.eclipse.org/mailman/listinfo/jetty-dev
>>>
>>
>>
>> _______________________________________________
>> jetty-dev mailing list
>> jetty-dev@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/jetty-dev
>>
>
>
>
> --
> With Best Regards,
> Constantine
>
> _______________________________________________
> jetty-dev mailing list
> jetty-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-dev
>

Follow-Ups:
- Re: [jetty-dev] Ability to specify negative rules in IPAccessHandler
  - From: Constantine

References:
- [jetty-dev] Ability to specify negative rules in IPAccessHandler
  - From: Constantine
- Re: [jetty-dev] Ability to specify negative rules in IPAccessHandler
  - From: Greg Wilkins
- Re: [jetty-dev] Ability to specify negative rules in IPAccessHandler
  - From: Constantine
- Re: [jetty-dev] Ability to specify negative rules in IPAccessHandler
  - From: Greg Wilkins
- Re: [jetty-dev] Ability to specify negative rules in IPAccessHandler
  - From: Constantine
- Re: [jetty-dev] Ability to specify negative rules in IPAccessHandler
  - From: Greg Wilkins
- Re: [jetty-dev] Ability to specify negative rules in IPAccessHandler
  - From: Constantine

Prev by Date: Re: [jetty-dev] Continuation.suspend(4000) migrating to Jetty9
Next by Date: Re: [jetty-dev] Ability to specify negative rules in IPAccessHandler
Previous by thread: Re: [jetty-dev] Ability to specify negative rules in IPAccessHandler
Next by thread: Re: [jetty-dev] Ability to specify negative rules in IPAccessHandler
Index(es):
- Date
- Thread

Breadcrumbs