Next Back Top
Languages:

The bypass.config file contains static bypass rules that Traffic Server uses in transparent proxy caching mode. Static bypass rules instruct Traffic Server to bypass certain incoming client requests so they are served by the origin server. The bypass.config file also accepts Dynamic Deny Bypass Rules.

You can configure three types of static bypass rules:

  • Source bypass rules configure Traffic Server to bypass a particular source IP address or range of IP addresses. For example: bypass clients that do not want to use caching.

  • Destination bypass rules configure Traffic Server to bypass a particular destination IP address or range of IP addresses. For example: bypass origin servers that use IP authentication based on the client's real IP address.

    IMPORTANT: Destination bypass rules prevent Traffic Server from caching an entire site. You will experience hit rate impacts if the site you bypass is popular.

  • Source/destination pair bypass rules configure Traffic Server to bypass requests that originate from the specified source to the specified destination. For example: route around specific client-server pairs that experience broken IP authentication or out-of-band HTTP traffic problems when cached. Source/destination bypass rules can be preferable to destination rules because they block a destination server only for users that experience problems.

IMPORTANT: After you modify the bypass.config file, you must restart Traffic Server.

Format

Bypass rules follow the format below:

bypass src ipaddress | dst ipaddress | src ipaddress AND dst ipaddress

The following list describes the variables.

src ipaddress

Specifies the source (client) IP address in incoming requests Traffic Server must bypass.

The variable ipaddress can be one of the following:

  • A simple IP address, such as 123.45.67.8
  • In CIDR (Classless Inter-Domain Routing) format, such as 1.1.1.0/24
  • A range separated by a dash, such as 1.1.1.1-2.2.2.2
  • Any combination of the above separated by commas, such as 1.1.1.0/24, 25.25.25.25, 123.1.23.1-123.1.23.123
dst ipaddress

Specifies the destination (origin server) IP address in incoming requests Traffic Server must bypass.

The variable ipaddress can be one of the following:

  • A simple IP address, such as 123.45.67.8
  • In CIDR (Classless Inter-Domain Routing) format, such as 1.1.1.0/24
  • A range separated by a dash, such as 1.1.1.1-2.2.2.2
  • Any combination of the above separated by commas, such as 1.1.1.0/24, 25.25.25.25, 123.1.23.1-123.1.23.123
src ipaddress AND dst ipaddress

Specifies the source and destination IP address pair Traffic Server must bypass.

The variable ipaddress must be a single IP address, such as 123.45.67.8

Dynamic Deny Bypass Rules

In addition to static bypass rules, the bypass.config file also accepts dynamic deny bypass rules that prevent Traffic Server from bypassing certain incoming client requests dynamically (a deny bypass rule can prevent Traffic Server from bypassing itself). Dynamic deny bypass rules can be source, destination, or source/destination and have the following format:

deny_dyn_bypass src ipaddress | dst ipaddress | src ipaddresss AND ipaddress

For a description of the options, refer to the table above. For the dynamic deny bypass rules to work, you must set the variable proxy.config.arm.bypass_dynamic_enabled to 1 in the records.config file.

IMPORTANT: Static bypass rules overwrite dynamic deny bypass rules. If a static bypass rule and a dynamic bypass rule contain the same IP address, then the dynamic deny bypass rule will be ignored.

Examples

The following example shows source, destination, and source/destination bypass rules:

bypass src 1.1.1.0/24, 25.25.25.25, 128.252.11.11-128.252.11.255
bypass dst 24.24.24.0/24
bypass src 25.25.25.25 AND dst 24.24.24.0

The following example shows source, destination, and source/destination dynamic deny bypass rules:

deny_dyn_bypass src 128.252.11.11-128.252.11.255
deny_dyn_bypass dst 111.111.11.1
deny_dyn_bypass src 111.11.11.1 AND dst 111.11.1.1