The workaround would have to be implemented, in WI 1.14, to add http DELETE method. There hasn't been a fix yet, in version 1.14, hence the need to apply the same workaround.
Release: 1.14.50
You will need to follow the below guidance. This is a sample of what's been done in the lab environment.
[email protected]:/opt/fireglass/current/ci_infra/ats/config$ sudo docker ps | grep fireproxy
2fab07a50e58 fireglass/fireproxy:1.14.33 "/run.sh" 5 months ago Up 3 months trafficserver_mK0gF
docker exec -it 2fab07a50e58 bash
[email protected]:/opt/fireglass/current/ci_infra/ats/config$ docker exec -it 2fab07a50e58 bash
[email protected]:/# cd /etc
[email protected]:/etc# cd trafficserver/
[email protected]:/etc/trafficserver# pwd
/etc/trafficserver
Then, follow the article with the URL below.
https://docs.trafficserver.apache.org/en/7.1.x/admin-guide/files/ip_allow.config.en.html
Note 1: Take a backup of the file (ip_allow.config), before changing in 1.14, as the proxy is now in a docker
Follow the below, to list the files.
[email protected]:/etc/trafficserver# ls
body_factory congestion.config hosting.config ip_allow.config_1 metrics.config parent.config_9 records.config_8 socks.config ssl_multicert.config_1 vaddrs.config
cache.config congestion.config_1 hosting.config_1 logging.config metrics.config_1 plugin.config records.config_9 socks.config_1 storage.config vaddrs.config_1
cache.config_1 fgl_mitm icp.config logging.config_1 parent.config plugin.config_1 remap.config splitdns.config storage.config_1 volume.config
cluster.config fgl_mitm.cfg icp.config_1 log_hosts.config parent.config_7 records.config remap.config_1 splitdns.config_1 trafficserver.logrotate volume.config_1
cluster.config_1 fireglass ip_allow.config log_hosts.config_1 parent.config_8 records.config_7 snapshots ssl_multicert.config trafficserver-release
See the snippet below, for how the file would look, after it's opened.
The file is highlighted above. To open the file, the "vi" vi editor command is required. See the below.
[email protected]:/etc/trafficserver# vi ip_allow.config
You should have an output similar to the below.
Note 2: This is a vi editor and you will need to utilize vi editor commands, to modify the file, save the file, and exit from the vi editor.
Modify the lines in "white" to the below. Please note that the http DELETE method is added only under the localhost (127.0.0.1). This has been allowed using the "method=ALL" allow action.
src_ip=127.0.0.1 action=ip_allow method=ALL
src_ip=::1 action=ip_allow method=ALL
src_ip=0.0.0.0-255.255.255.255 action=ip_deny method=PUSH|PURGE
src_ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff action=ip_deny method=PUSH|PURGE
The entries in white should be exactly as the above. The first two lines ensure that the http DELETE method is added, as requested.
These two lines, below, apply to all other IP addresses for the 3 methods → purge, delete, push
src_ip=0.0.0.0-255.255.255.255 action=ip_deny method=PUSH|PURGE|DELETE
src_ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff action=ip_deny method=PUSH|PURGE|DELETE