trafficserver icon indicating copy to clipboard operation
trafficserver copied to clipboard
verified publisher icon apache

proxy.config.http.per_client.connection.exempt_list.filename

Open bneradt opened this issue 7 months ago • 2 comments

This implements proxy.config.http.per_client.connection.exempt_list.filename, a configuration for the user to be able to provide a set of IP addresses that are not counted against proxy.config.net.per_client.max_connections_in.

bneradt avatar Apr 17 '25 20:04 bneradt

allow_ sounds a little strange, exempt_ would be better.

zwoop avatar Apr 17 '25 20:04 zwoop

allow_ sounds a little strange, exempt_ would be better.

Agreed. Changed to exempt terminology.

bneradt avatar Apr 24 '25 20:04 bneradt

I'm wondering how this kind of lists should be on ATS config.

proxy_protocol_allowlist is just a comma-separated string (it's probably because the previous config format could not have a real list structure). And per_client.connection.exempt_list is a string too but a filename.

I do see the benefit of having the list in a separate file, but I also think inconsistency should be avoided. Most settings that have filenames are ones that had different formats, and now we are trying to make all of them YAML. We can have real lists in records.yaml. It may be a time to think about what should be separated from records.yaml.

maskit avatar Jun 25 '25 17:06 maskit

I'm wondering how this kind of lists should be on ATS config.

proxy_protocol_allowlist is just a comma-separated string (it's probably because the previous config format could not have a real list structure). And per_client.connection.exempt_list is a string too but a filename.

I do see the benefit of having the list in a separate file, but I also think inconsistency should be avoided. Most settings that have filenames are ones that had different formats, and now we are trying to make all of them YAML. We can have real lists in records.yaml. It may be a time to think about what should be separated from records.yaml.

My internal implementation initially had this as a comma separated list, but ops asked me to make it separate file. And, as you point out, that's a pretty reasonable ask. It makes deployment of this easier. Would a rename of this configuration help things? Maybe exempt_list_filename?

bneradt avatar Jun 27 '25 16:06 bneradt

Would a rename of this configuration help things? Maybe exempt_list_filename?

I'm not sure if we want to rename it. Depends on what we are going to do in the future.

The bigger issue I tried to raise was that one could ask for separating out any part of ATS config and we don't have a policy for it. proxy_protocol_allowlist currently cannot be in a separate file. Should we introduce proxy_protocol_allowlist_filename as well for consistency? Somebody might want to have entire http config in another file. Would we support it?

It could be a discussion topic for ATS summit or a hackathon.

maskit avatar Jun 27 '25 20:06 maskit