[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Support #CWN-205523]: What is type of pattern matching in ALLOW



Neil,

> Does the pattern matching restrictions for the ldmd.conf ALLOW syntax
> require a REGEX or EREGEX expression, or is it like std grep where a
> character substring match will suffice?

The LDM package uses extended regular expressions everywhere. The LDM webpage 
on this is 
<http://www.unidata.ucar.edu/software/ldm/ldm-current/basics/ERE.html>.

> eg,
> upstream EXP product :
> 
> LYLOUT_HSTNLMA_130326_215500_0060.dat.gz
> 
> upstream ALLOW:
> ALLOW   EXP     165.91.70.28    HSTN

The ALLOW entry should be written as follows:

    ALLOW EXP ^165\.91\.70\.28$ HSTN

The "\"s are necessary in order to only match a period. The "^" and "$" are 
necessary to avoid matching, for example, "165.91.70.28.evil.domain".

> Problem -- downstream (165.91.70.28) is currently being denied access by
> upstream 129.138.41.11
> 
> eg., at downstream
> 
> coriolis{ldm}116% notifyme -vl - -h 129.138.41.11 -f EXP
> Apr 03 17:13:59 notifyme[3143] NOTE: Starting Up: 129.138.41.11: 
> 20130403171359.883 TS_ENDT {{EXP,  ".*"}}
> Apr 03 17:13:59 notifyme[3143] NOTE: LDM-5 desired product-class: 
> 20130403171359.883 TS_ENDT {{EXP,  ".*"}}
> Apr 03 17:13:59 notifyme[3143] ERROR: NOTIFYME(129.138.41.11): 7: Access 
> denied by remote server
> 
> or
> 
> coriolis{ldm}117% notifyme -vl - -h 129.138.41.11 -f EXP -p HSTN
> Apr 03 17:14:43 notifyme[3145] NOTE: Starting Up: 129.138.41.11: 
> 20130403171443.772 TS_ENDT {{EXP,  "HSTN"}}
> Apr 03 17:14:43 notifyme[3145] NOTE: LDM-5 desired product-class: 
> 20130403171443.772 TS_ENDT {{EXP,  "HSTN"}}
> Apr 03 17:14:43 notifyme[3145] ERROR: NOTIFYME(129.138.41.11): 7: Access 
> denied by remote server
> 
> and
> coriolis{ldm}118% notifyme -vl - -h 129.138.41.11 -f EXP -p ".*HSTN.*" 
> Adjusting pathological regular-expression: ".*HSTN.*"
> Apr 03 17:15:10 notifyme[3164] NOTE: Starting Up: 129.138.41.11: 
> 20130403171510.196 TS_ENDT {{EXP,  "HSTN.*"}}
> Apr 03 17:15:10 notifyme[3164] NOTE: LDM-5 desired product-class: 
> 20130403171510.196 TS_ENDT {{EXP,  "HSTN.*"}}
> Apr 03 17:16:00 notifyme[3164] NOTE: LDM-5 desired product-class: 
> 20130403171510.196 TS_ENDT {{EXP,  "HSTN.*"}}
> Apr 03 17:16:50 notifyme[3164] NOTE: LDM-5 desired product-class: 
> 20130403171510.196 TS_ENDT {{EXP,  "HSTN.*"}}
> Apr 03 17:17:40 notifyme[3164] NOTE: LDM-5 desired product-class: 
> 20130403171510.196 TS_ENDT {{EXP,  "HSTN.*"}}
> Apr 03 17:17:40 notifyme[3164] ERROR: NOTIFYME(129.138.41.11): 7: Access 
> denied by remote server
> 
> 
> There may be other reasons for the denial, but I thought the ALLOW
> syntax required a REGEX like ".*HSTN.*, or "HSTN.*" as the case may be.
> (I'll have to review my REGEX rules)

Adding a ".*" prefix or suffix to "HSTN" accomplishes nothing but slowing down 
any matching.

If the upstream LDM is denying access, then it will log a message to that 
effect. What does it indicate?

> -Neil
> 
> ---
> Neil Smith  address@hidden   979.845.6272
> Senior IT Specialist, Atmospheric Sciences, TAMU

Regards,
Steve Emmerson

Ticket Details
===================
Ticket ID: CWN-205523
Department: Support LDM
Priority: Normal
Status: Closed


NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.