*Sorry for the duplicate email Sebastian - the users list rejected the
original mail*

You would need a customized haproxy config template but you could add
something like this in the 2 frontends public[_ssl] (or to specific
backends if you need more granular control on a per-backend basis):

acl allowed 10.1.2.3 10.4.5.6 172.16.10.0/24 192.168.1.0/24
block if !allowed

Or alternatively you can check if the src is in a whitelist ala:

tcp-request connection accept if { src -f /path/to/allowed.lst }     #  or
... connection reject if { src -f /path/to/denied.lst }

And its also possible to do the same with maps (and map_ip) - allow/deny
list.

You'd need to use a config map for your customized template. See:
https://docs.openshift.org/latest/install_config/router/customized_haproxy_
router.html#using-configmap-replace-template

HTH

On Mon, Oct 17, 2016 at 2:39 AM, Sebastian Wieseler <
sebast...@myrepublic.com.sg> wrote:

> Hi guys,
>
> Is it possible with router (s, sharding) to restrict access on IP level?
>
> We want to expose various applications via various routers, but
> restrict access via source IP addresses,
> so that different source IP addresses can only access allowed applications.
>
> How can we do that?
>
> Thanks a lot in advance.
> Greetings,
>   Sebastian
>
> _______________________________________________
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>



-- 
Ram//
main(O,s){s=--O;10<putchar(3^O?97-(15&7183>>4*s)*(O++?-1:1):10)&&\
main(++O,s++);}
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to