I am OK with it. I would add a default tag, so you can specify what action to take by default if there is no match (e.g. routable:follow,default:reject).
-Bryan > On Aug 24, 2018, at 9:16 AM, Alan Carroll <solidwallofc...@oath.com.INVALID> > wrote: > > Derek and I discussed this earlier this morning and we think the best > option is to have a new configuration variable instead of bringing back the > old one, something like "proxy.config.,http.redirect.actions STRING". > > The string would be of the format "tag[:action],tag[:action],...". > > The tag would be one of the enumerations > > * private : Private (non-routable, RFC-1918) addresses. > * loopback: Loopback address (all of 127/8 and IPv6 loopback) > * multicast: Multicast address > * link-local: IPv6 link local address > * routable: Globally routable address. > * self: Addresses assigned to this host. > > The action must be one of > > * follow: Internally follow the redirect up to the maximum count. > * return: Do not process the redirect, send it as the proxy response. > * reject: Do not process the redirect, send a 403 as the proxy response. > > or omitted, in which case it is treated as "follow", although Derek would > prefer to require the action in all cases. > > If a tag is omitted, it is treated as if it were "tag:return". > > This provides very fine grained control. The default would be > "routable:follow", which means "follow routable redirects, return all other > redirects".
