geofffranks
commented
6 years ago Doesn’t look like this is currently possible, but it sounds like adding negation support to the acls defined in ha_proxy.http_request_deny_conditions might solve it in a more general-purpose way. Does that seem accurate?
Sent from my iPhone
On Oct 3, 2018, at 9:36 PM, Shannon Coen notifications@github.com wrote:
Currently this release supports a list of domains, and a list of cidrs. Presumably all specified domains are protected, and accessible from all specified cidrs.
https://github.com/cloudfoundry-incubator/haproxy-boshrelease/blob/master/jobs/haproxy/spec#L58-L63
I have a customer who wants the following rules:
public.com should be accessible only from private.com should be accessible only from public.com should not be accessible from private networking, and private.com should not be accessible from WAF This seems like an array of protected domains and their whitelisted cidrs.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
Currently this release supports a list of domains, and a list of cidrs. Presumably all specified domains are protected, and accessible from all specified cidrs.
https://github.com/cloudfoundry-incubator/haproxy-boshrelease/blob/master/jobs/haproxy/spec#L58-L63
I have a customer who wants the following rules:
public.comshould be accessible only fromprivate.comshould be accessible only frompublic.comshould not be accessible from private network, andprivate.comshould not be accessible from WAFThis seems like an array of protected domains and their whitelisted cidrs.