[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Support #CWN-205523]: What is type of pattern matching in ALLOW



Neil,

> Does the pattern matching restrictions for the ldmd.conf ALLOW syntax
> require a REGEX or EREGEX expression, or is it like std grep where a
> character substring match will suffice?

The LDM package uses extended regular expressions everywhere. The LDM webpage 
on this is 
<http://www.unidata.ucar.edu/software/ldm/ldm-current/basics/ERE.html>.

> eg,
> upstream EXP product :
> 
> LYLOUT_HSTNLMA_130326_215500_0060.dat.gz
> 
> upstream ALLOW:
> ALLOW   EXP     165.91.70.28    HSTN

The ALLOW entry should be written as follows:

    ALLOW EXP ^165\.91\.70\.28$ HSTN

The "\"s are necessary in order to only match a period. The "^" and "$" are 
necessary to avoid matching, for example, "165.91.70.28.evil.domain".

> Problem -- downstream (165.91.70.28) is currently being denied access by
> upstream 129.138.41.11
> 
> eg., at downstream
> 
> coriolis{ldm}116% notifyme -vl - -h 129.138.41.11 -f EXP
> Apr 03 17:13:59 notifyme[3143] NOTE: Starting Up: 129.138.41.11: 
> 20130403171359.883 TS_ENDT {{EXP,  ".*"}}
> Apr 03 17:13:59 notifyme[3143] NOTE: LDM-5 desired product-class: 
> 20130403171359.883 TS_ENDT {{EXP,  ".*"}}
> Apr 03 17:13:59 notifyme[3143] ERROR: NOTIFYME(129.138.41.11): 7: Access 
> denied by remote server
> 
> or
> 
> coriolis{ldm}117% notifyme -vl - -h 129.138.41.11 -f EXP -p HSTN
> Apr 03 17:14:43 notifyme[3145] NOTE: Starting Up: 129.138.41.11: 
> 20130403171443.772 TS_ENDT {{EXP,  "HSTN"}}
> Apr 03 17:14:43 notifyme[3145] NOTE: LDM-5 desired product-class: 
> 20130403171443.772 TS_ENDT {{EXP,  "HSTN"}}
> Apr 03 17:14:43 notifyme[3145] ERROR: NOTIFYME(129.138.41.11): 7: Access 
> denied by remote server
> 
> and
> coriolis{ldm}118% notifyme -vl - -h 129.138.41.11 -f EXP -p ".*HSTN.*" 
> Adjusting pathological regular-expression: ".*HSTN.*"
> Apr 03 17:15:10 notifyme[3164] NOTE: Starting Up: 129.138.41.11: 
> 20130403171510.196 TS_ENDT {{EXP,  "HSTN.*"}}
> Apr 03 17:15:10 notifyme[3164] NOTE: LDM-5 desired product-class: 
> 20130403171510.196 TS_ENDT {{EXP,  "HSTN.*"}}
> Apr 03 17:16:00 notifyme[3164] NOTE: LDM-5 desired product-class: 
> 20130403171510.196 TS_ENDT {{EXP,  "HSTN.*"}}
> Apr 03 17:16:50 notifyme[3164] NOTE: LDM-5 desired product-class: 
> 20130403171510.196 TS_ENDT {{EXP,  "HSTN.*"}}
> Apr 03 17:17:40 notifyme[3164] NOTE: LDM-5 desired product-class: 
> 20130403171510.196 TS_ENDT {{EXP,  "HSTN.*"}}
> Apr 03 17:17:40 notifyme[3164] ERROR: NOTIFYME(129.138.41.11): 7: Access 
> denied by remote server
> 
> 
> There may be other reasons for the denial, but I thought the ALLOW
> syntax required a REGEX like ".*HSTN.*, or "HSTN.*" as the case may be.
> (I'll have to review my REGEX rules)

Adding a ".*" prefix or suffix to "HSTN" accomplishes nothing but slowing down 
any matching.

If the upstream LDM is denying access, then it will log a message to that 
effect. What does it indicate?

> -Neil
> 
> ---
> Neil Smith  address@hidden   979.845.6272
> Senior IT Specialist, Atmospheric Sciences, TAMU

Regards,
Steve Emmerson

Ticket Details
===================
Ticket ID: CWN-205523
Department: Support LDM
Priority: Normal
Status: Closed