Traffic Portal warning when user enters unusually large CIDR #5038
Assignees
Labels
good first issue
first-time committers will find this easy to resolve
new feature
A new feature, capability or behavior
Traffic Ops
related to Traffic Ops
Traffic Portal v1
related to Traffic Portal version 1
Comments
dneuman64
added
new feature
|
Not sure if this should be done in TP (before save) or in the TO API (after save)....or both. TO API (Go) probably has better IP parsing tools... |
|
CIDR parsing is trivial to extract, though. We already have regular expressions that can match IPv4 and IPv6, and after that's known you can just extract the CIDR with a simple |
dneuman64
changed the title
|
something like this @dneuman64 ?
|
7 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm submitting a ...
Traffic Control components affected ...
Current behavior:
Currently, a user can add an IP for a server with an unreasonable CIDR. This is specifically true for IPv6 where CIDRs are commonly included with the IP Address. We would usually expect a /64 with an IP but a user can enter something like a /12. This leads to issues with the way ip_allow.config is generated on caches which can result in requests being incorrectly denied.
Expected / new behavior:
If a user enters less than a /64 for IPv6 and less than a /27 for Ipv4, Traffic Portal should show the user a warning and make sure they really want to enter a CIDR that large.
Minimal reproduction of the problem with instructions:
Create a new server, add an IPv6 with a /30 and a IPv4 with a /24.
Anything else:
The text was updated successfully, but these errors were encountered: