Hi, I have developed a new feature of refusing access to a customer service based on IP filtering
Although the access policy can be implemented directly in the backend, my
company required to avoid the proxy connection to the backend. The production
proxy hosts multiple services, so that a customer should be able to connect to
those without access is denied.
With this patch, it adds a new directive whose syntax is:
Deny <IPs separated by a blank space> (see example below)
Configuration example:
ListenHTTP
Address 192.168.86.10
Port 80
Service
HostRequire "www.example1.com.*"
BackEnd
Address 192.168.86.30
Port 80
End
End
Service
HostRequire "www.example2.com.*"
Deny "192.168.86.11 192.168.86.12 192.168.86.13"
BackEnd
Address 192.168.86.30
Port 81
End
End
End
IPClient(192.168.86.12) ------ www.example1.com --------> Proxy ------>
Backend (192.168.86.30:80)
IPClient(192.168.86.12) <----- HTTP 200 OK -------- Proxy <-----
Backend (192.168.86.30:80)
IPClient(192.168.86.12) ------ www.example2.com ------> Proxy
IPClient(192.168.86.12) <----- HTTP 403 Forbidden ------- Proxy
Attached the patch and I hope your comments. Thank you very much.
Greetings
--
Jose Manuel Rodriguez Caro
[email protected]
DenyPolicy.patch
Description: Binary data
