[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[IDD #NDI-257345]: "ALLOW" behaviour

Subject: [IDD #NDI-257345]: "ALLOW" behaviour
Date: Tue, 09 Jun 2009 08:42:59 -0600

Hi Art,

re:
> So... without an assumption that downstream sites request feeds on
> separate request lines, I can really only have one allow per requesting
> address because potentially only the first entry will be used...?

My earlier reply should have been more specific.  The first ALLOW line
for a particular feed for a specific site will be the one used, not
just one allow for a site.

> E.g. if some.univ.edu has a request line of:
> 
> request UNIDATA|NIMAGE ".*" ldm.meteo.psu.edu
> 
> and ldm.meteo.psu.edu has two allow lines:
> 
> allow   UNIDATA   some.univ.edu
> allow   NIMAGE    some.univ.edu
> 
> ...then NIMAGE will be denied because it's not listed in the first allow?

No, since the feeds are different, the different ALLOWs are used.
The following, however, will result in the first one being used:

allow   ANY-UNIDATA   some.univ.edu
allow   UNIWISC   some.univ.edu

UNIDATA (which is WMO|UNIWISC) is explicitly denied by the first
ALLOW.  Allowing it in a second should not work.

> On the other hand, if I understand this correctly, if some.univ.edu had
> request lines of:
> 
> request UNIDATA ".*" ldm.meteo.psu.edu
> request NIMAGE ".*"  ldm.meteo.psu.edu
> 
> Then, both feeds would come through... correct?

Correct.

> I'm trying to configure my relays so I can ingest the MADIS data without
> redistributing it to most downstream sites by using the
> OK_pattern/NOT_pattern feature of the ALLOW entries, but I didn't want to
> apply these restrictions to feeds other than FSL to avoid potential
> restriction conflicts with other data and to avoid the overhead of
> checking every header that comes through the ldm for these RE's.

I understand.  We do much the same thing on the toplevel IDD relays that
we maintain -- we ingest everything and only ALLOW feeds of non-restricted
data to non-UCAR sites.

> Is there any way to do this?

Yes.  Put the explicit allows before the general/blanket ones.

Cheers,

Tom
--
****************************************************************************
Unidata User Support                                    UCAR Unidata Program
(303) 497-8642                                                 P.O. Box 3000
address@hidden                                   Boulder, CO 80307
----------------------------------------------------------------------------
Unidata HomePage                       http://www.unidata.ucar.edu
****************************************************************************


Ticket Details
===================
Ticket ID: NDI-257345
Department: Support IDD
Priority: Normal
Status: Closed

Prev by Date: [IDD #NDI-257345]: "ALLOW" behaviour
Next by Date: [LDM #LOB-749740]: Acquiring specific data via LDM
Previous by thread: [IDD #NDI-257345]: "ALLOW" behaviour
Next by thread: [IDD #NDI-257345]: "ALLOW" behaviour
Index(es):
- Date
- Thread