Since removing IPs from the server can be completely destructive (both in 1.x and 2.x, btw), we should instead have individual entries in the frontend for managing IP addresses.
So concretely, instead of a single textarea, we should have one line per IP with a delete button. To add a batch of IPs, we should parse CIDR notations (https://en.wikipedia.org/wiki/CIDR#CIDR_notation).
This will allow us to refuse deleting of IP addresses that are in use or even renumbering IP addresses (although batch renumbers could still prove difficult without special scripting).
This is a regression introduced in #1126640: move the SSL IP allocation to the frontend.
Comments
Comment #1
anarcat CreditAttribution: anarcat commentedJust to link issues: I quickly considered dropping this in favor of SNI (#1926520: Support Server Name Indication (SNI) for SSL) but thought otherwise as 64% of users in China still use Windows XP, and it doesn't seem right to ditch all those users.
So let's hammer this in 2.x at last! I'll probably do this next week.
Comment #2
anarcat CreditAttribution: anarcat commentedalright! i got it working!
it would need more pretty ajaxy things, but at least it works and now people can't delete IPs if they are associated with a certificate. wheee!!
this is all on 2.x, commit a90cee6
Comment #3.0
(not verified) CreditAttribution: commentedthis is actually a regression