[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: source IP restriction on routes

*Sorry for the duplicate email Sebastian - the users list rejected the original mail*

You would need a customized haproxy config template but you could add something like this in the 2 frontends public[_ssl] (or to specific backends if you need more granular control on a per-backend basis): 

acl allowed
block if !allowed

Or alternatively you can check if the src is in a whitelist ala:

tcp-request connection accept if { src -f /path/to/allowed.lst }     #  or ... connection reject if { src -f /path/to/denied.lst }

And its also possible to do the same with maps (and map_ip) - allow/deny list. 

You'd need to use a config map for your customized template. See: https://docs.openshift.org/latest/install_config/router/customized_haproxy_router.html#using-configmap-replace-template


On Mon, Oct 17, 2016 at 2:39 AM, Sebastian Wieseler <sebastian myrepublic com sg> wrote:
Hi guys,

Is it possible with router (s, sharding) to restrict access on IP level?

We want to expose various applications via various routers, but
restrict access via source IP addresses,
so that different source IP addresses can only access allowed applications.

How can we do that?

Thanks a lot in advance.

users mailing list
users lists openshift redhat com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]