Since removing IPs from the server can be completely destructive (both in 1.x and 2.x, btw), we should instead have individual entries in the frontend for managing IP addresses.

So concretely, instead of a single textarea, we should have one line per IP with a delete button. To add a batch of IPs, we should parse CIDR notations (https://en.wikipedia.org/wiki/CIDR#CIDR_notation).

This will allow us to refuse deleting of IP addresses that are in use or even renumbering IP addresses (although batch renumbers could still prove difficult without special scripting).

This is a regression introduced in #1126640: move the SSL IP allocation to the frontend.

Comments

anarcat’s picture

anarcat CreditAttribution: anarcat commented

Just to link issues: I quickly considered dropping this in favor of SNI (#1926520: Support Server Name Indication (SNI) for SSL) but thought otherwise as 64% of users in China still use Windows XP, and it doesn't seem right to ditch all those users.

So let's hammer this in 2.x at last! I'll probably do this next week.

anarcat’s picture

anarcat CreditAttribution: anarcat commented
Version: 7.x-2.x-dev » 6.x-2.x-dev
Status: Active » Fixed

alright! i got it working!

it would need more pretty ajaxy things, but at least it works and now people can't delete IPs if they are associated with a certificate. wheee!!

this is all on 2.x, commit a90cee6

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Anonymous’s picture

(not verified) CreditAttribution: commented
Issue summary: View changes

this is actually a regression