Leif suggested in slack using "exempt" instead of "allow" terminology. I agree. It communicates the idea of the behavior better. I'll update the PR with *proxy.config.http.per_client.connection.exempt_list.filename* and update the docs accordingly in the PR.
On Thu, Apr 17, 2025 at 3:38 PM Brian Neradt <brian.ner...@gmail.com> wrote: > Hi dev@trafficserver.apache.org, > > ATS has a feature to restrict the number of per client connections ATS > will receive: > proxy.config.net.per_client.max_connections_in > > The intention of the configuration is to mitigate certain DOS situations > via malicious or otherwise misbehaving clients which consume an inordinate > amount of resources by spinning up a lot of connections. > > It is possible, though, that certain clients can be expected to initiate a > lot of connections to a box. For instance, certain networking > configurations may result in ATS peers within a data center initiating many > connections to each other. In such situations, it would be good to "allow > list" a set of IP addresses for whom the per_client.max_connections_in will > not be applied. > > I've created a PR that demonstrates such a feature: > https://github.com/apache/trafficserver/pull/12198 > > It adds *proxy.config.http.per_client.connection.allow_list.filename* as > a configuration that points to a yaml file that contains a sequence of IP > address ranges for whom per_client.max_connections_in will not be > enforced. It is implemented with the libswoc net library used in other > components in ATS which supports the following formats: > > > 10.0.2.123 Ignore a single IP Address. > 10.0.3.1-10.0.3.254 Ignore a range of IP address. > 10.0.4.0/24 Ignore a range of IP address specified by CIDR > notation. > > Here is an example YAML file ignoring some address ranges: > > allow_list: > - 10.0.2.123 > - 172.16.0.0/20 > - 192.168.1.0/24 > > Please let me know if you have suggestions or concerns about this > configuration. > > Thanks, > Brian Neradt > -- > "Come to Me, all who are weary and heavy-laden, and I will > give you rest. Take My yoke upon you and learn from Me, for > I am gentle and humble in heart, and you will find rest for > your souls. For My yoke is easy and My burden is light." > > ~ Matthew 11:28-30 > -- "Come to Me, all who are weary and heavy-laden, and I will give you rest. Take My yoke upon you and learn from Me, for I am gentle and humble in heart, and you will find rest for your souls. For My yoke is easy and My burden is light." ~ Matthew 11:28-30
