IP Filtering on specific path #1205
Comments
|
Hi @sgasquet I can suggest two approaches: (1) Take a look at this example -- https://github.com/nginxinc/kubernetes-ingress/tree/v1.9.0/examples-of-custom-resources/access-control In the example, an access control policy is applied for all paths. However, you can also apply it per path (like "/b" and "/c" from your example). The example relies on VirtualServer and Policy resources. (2) Insert location snippets ( nginx.org/location-snippets: |
allow a.a.a.a/24;
deny all;To apply different location snippets to different paths, you can split an Ingress resource into multiple. Take a look at mergeable ingresses example -- https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/mergeable-ingress-types Hope that helps |
|
Hey @pleshakov ! Thanks for the tips. Will try that thanks a lot man ! |
|
And it works (the location-snippets in mergeable ingresses way), thank you again @pleshakov have a nice day :). Closing this issue 👍 |
Is your feature request related to a problem? Please describe.
I couldn't find any explanation about this "classic" behavior which is to have inside the ingress of deployment :
Ingress:
/a -> openbar
/b -> restricted to specific range of IP
/c/admin/auth -> restricted to a specific IP
Describe the solution you'd like
The server-snippets could answer this need by this kind of configuration :
nginx.org/server-snippets: |
location /b {
allow a.a.a.a/24;
deny all;
}
location /c/admin/auth {
allow b.b.b.b;
deny all;
}
Describe alternatives you've considered
Currently this configuration won't work as every endpoint listed won't be configured to proxy-pass to the backend and will show a HTTP 404.
So currently, what is the best practice in this case and if not implemented yet is it planned ?
[EDIT]
Maybe having several ingress definitions, serving a specific path, would work but it seems to be more a workaround than a real solution
[\EDIT]
Thanks for your help !
The text was updated successfully, but these errors were encountered: