*Sorry for the duplicate email Sebastian - the users list rejected the
original mail*
You would need a customized haproxy config template but you could add
something like this in the 2 frontends public[_ssl] (or to specific
backends if you need more granular control on a per-backend basis):
acl allowed 10.1.2.3 10.4.5.6 172.16.10.0/24 192.168.1.0/24
block if !allowed
Or alternatively you can check if the src is in a whitelist ala:
tcp-request connection accept if { src -f /path/to/allowed.lst } # or
... connection reject if { src -f /path/to/denied.lst }
And its also possible to do the same with maps (and map_ip) - allow/deny
list.
You'd need to use a config map for your customized template. See:
https://docs.openshift.org/latest/install_config/router/customized_haproxy_
router.html#using-configmap-replace-template
HTH
On Mon, Oct 17, 2016 at 2:39 AM, Sebastian Wieseler <
[email protected]> wrote:
> Hi guys,
>
> Is it possible with router (s, sharding) to restrict access on IP level?
>
> We want to expose various applications via various routers, but
> restrict access via source IP addresses,
> so that different source IP addresses can only access allowed applications.
>
> How can we do that?
>
> Thanks a lot in advance.
> Greetings,
> Sebastian
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
--
Ram//
main(O,s){s=--O;10<putchar(3^O?97-(15&7183>>4*s)*(O++?-1:1):10)&&\
main(++O,s++);}
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
