cluster s3-true-ip-config

This command configures the VAST cluster to recognize and process the original client IP address that the proxy passes along in an HTTP header of an S3 request. With the configuration in place, the original client IP is used for IP-based access control, logging of client operations, and data flow reporting. If not configured (which is the default), the IP of the proxy is used.

Usage

To display existing configuration for use of original client IPs:
```
cluster s3-true-ip-config --get
```

To configure use of original client IPs:

cluster s3-true-ip-config --true-client-ip-header HEADER
                          --included-addresses IP-RANGES

Options

--get

Displays the existing configuration for use of original client IPs.

--true-client-ip-header HEADER

Sets the name of the HTTP header used to pass the original client IP.

The header name is case-insensitive and can be no more than 50 characters. It can include letters A-Z, a-z, digits (0-9) and the following special characters: ! # $ % & ' * + - . ^ _ | ~

--included-addresses IP-RANGES

Specifies one or more ranges of IPv4 addresses representing proxy IPs that can send the header containing the original client IP.

Enter IP-RANGES as a JSON string that contains a comma-separated list of IP ranges, where:

start_ip is the starting IP of the range. The value must be an IPv4 address. IPv6 is not supported.
range is the total number of IPs in the range.

For example: [{\"start_ip\": \"172.16.2.2\", \"range\": 16}, {\"start_ip\": \"192.168.1.1\", \"range\": 16}]

Examples

To display the current configuration:

vcli: admin> cluster s3-true-ip-config --get
S3 True IP Configuration for cluster 1:
  True Client IP Header: None
  Included Addresses: None

To create a configuration:

vcli: admin> cluster s3-true-ip-config --true-client-ip-header 'True-Client-IP' --included-addresses [{\"start_ip\": \"172.16.2.2\", \"range\": 16}, {\"start_ip\": \"192.168.1.1\", \"range\": 24}]