PageCache/AccessList: Add CIDR support #37809
Conversation
|
Hi @tdgroot. Thank you for your contribution! Add the comment under your pull request to deploy test or vanilla Magento instance:
❗ Automated tests can be triggered manually with an appropriate comment:
Allowed build names are:
You can find more information about the builds here For more details, review the Code Contributions documentation. |
tdgroot
force-pushed
the
page_cache_acl_cidr
branch
from
24526c2 to
1c7183c
Compare
engcom-Hotel
added
the
Priority: P2
|
@magento run all tests |
|
@magento create issue |
engcom-Hotel
added
Triage: Need PO Confirmation
|
Hello @tdgroot, Thanks for the contribution! But as this is feature enhancement, we need a PO confirmation to proceed with this PR. We have started the process for the same. Meanwhile we are moving this PR Thanks |
|
@magento run all tests |
|
Hello @tdgroot, We have received an approval for this PR for further evaluation. Hence moving it to appropriate bucket. Thanks |
There was a problem hiding this comment.
Hello @tdgroot,
Thank you for your contribution to add CIDR notation support to PageCache access lists. This is a valuable enhancement that would allow for more flexible IP-based access control.
However, the PR currently only modifies the validation pattern without implementing the actual CIDR functionality. For full CIDR support, we need changes in:
- The component that performs IP matching against the access list
- A utility method to properly compare an IP against a CIDR range
Thanks
| @@ -24,7 +24,7 @@ public function beforeSave() | |||
| parent::beforeSave(); | |||
|
|
|||
| $value = $this->getValue(); | |||
| if (!is_string($value) || !preg_match('/^[\w\s\.\-\,\:]+$/', $value)) { | |||
| if (!is_string($value) || !preg_match('/^[\w\s\.\-\,\:(\/\d+)?]+$/', $value)) { | |||
There was a problem hiding this comment.
- The pattern places
(\/\d+)?inside a character class([...]), which means these are treated as individual characters rather than a sequence. - The pattern remains overly permissive and would validate strings like "this is: a more / or less, valid string.... oh, lets add numbers 12345" which aren't valid IP addresses or CIDR notations
There was a problem hiding this comment.
The extra CIDR validation regex should indeed be moved outside of the character class, so should become something like this: ^[\w\s\.\-\,\:]+(\/\d+)?$
Good remark!
engcom-Hotel
removed
the
Triage: Need PO Confirmation
engcom-Hotel
moved this from Review in Progress
to Changes Requested
in Pull Requests Dashboard
ct-prd-projects-boards-automation
bot
added
Progress: needs update
and removed
Progress: review
labels
That's not really true, the only place where we use this configuration value is over here: Which is used to output the access list into the VCL file that Magento generates for Varnish. Varnish already supports CIDR notation in ACL's, so there is no need for extra matching or parsing. One thing that I'm not sure about, but maybe @tdgroot can clarify, is that the Varnish docs say to put the IP address in double quotes and the CIDR part outside of those quotes: https://varnish-cache.org/docs/trunk/users-guide/vcl-example-acls.html#acls |
ct-prd-projects-boards-automation
bot
moved this to Changes Requested
in Community Dashboard
Description (*)
When accepting purge requests within a network, it's easier to just supply a CIDR range.
Related Pull Requests
None.
Fixed Issues (if relevant)
None.
Manual testing scenarios (*)
172.16.0.1/24Questions or comments
Contribution checklist (*)
Resolved issues: