The ip_allow.config file controls client access to the Traffic Server proxy cache. You can specify ranges of IP addresses that are allowed to use the Traffic Server as a web proxy cache. After you modify the ip_allow.config file, navigate to the Traffic Server bin directory and run the traffic_line -x command to apply changes. When you apply the changes to a node in a cluster, Traffic Server automatically applies the changes to all other nodes in the cluster.

Format

Each line in the ip_allow.config file must have the following format:

src_ip=ipaddress action=ip_allow | ip_deny

where ipaddress is the IP address or range of IP addresses of the clients allowed to access the Traffic Server proxy cache, the action ip_allow enables the specified clients to access the Traffic Server proxy cache, and ip_deny denies the specified clients to access the Traffic Server proxy cache.

By default, the ip_allow.config file contains the following line, which allows all clients to access the Traffic Server proxy cache. To restrict access, comment out or delete this line before adding rules:

src_ip=0.0.0.0-255.255.255.255 action=ip_allow

Examples

The following example enables all clients to access the Traffic Server proxy cache:

src_ip=0.0.0.0-255.255.255.255 action=ip_allow

The following example allows all clients on a specific subnet to access the Traffic Server proxy cache:

src_ip=123.12.3.000-123.12.3.123 action=ip_allow

The following example denies all clients on a specific subnet to access the Traffic Server proxy cache:

src_ip=123.45.6.0-123.45.6.123 action=ip_deny

Administrators's Guide - Overview