Closed shalako closed 5 years ago
Doesn’t look like this is currently possible, but it sounds like adding negation support to the acls defined in ha_proxy.http_request_deny_conditions might solve it in a more general-purpose way. Does that seem accurate?
Sent from my iPhone
On Oct 3, 2018, at 9:36 PM, Shannon Coen notifications@github.com wrote:
Currently this release supports a list of domains, and a list of cidrs. Presumably all specified domains are protected, and accessible from all specified cidrs.
https://github.com/cloudfoundry-incubator/haproxy-boshrelease/blob/master/jobs/haproxy/spec#L58-L63
I have a customer who wants the following rules:
public.com should be accessible only from private.com should be accessible only from public.com should not be accessible from private networking, and private.com should not be accessible from WAF This seems like an array of protected domains and their whitelisted cidrs.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
Negation support was recently added to ha_proxy.http_request_deny_conditions
, which should allow these behaviors now
Currently this release supports a list of domains, and a list of cidrs. Presumably all specified domains are protected, and accessible from all specified cidrs.
https://github.com/cloudfoundry-incubator/haproxy-boshrelease/blob/master/jobs/haproxy/spec#L58-L63
I have a customer who wants the following rules:
public.com
should be accessible only fromprivate.com
should be accessible only frompublic.com
should not be accessible from private network, andprivate.com
should not be accessible from WAFThis seems like an array of protected domains and their whitelisted cidrs.