Closed zs-ko closed 1 month ago
ah thanks for also debugging this one @zs-ko . This feature is based on the data from the X-Forwarded-For
header which is not available for TLSRoute. This is not an error but can be highlighted in status similar to the Overwritten
reason
@arkodg ah ok. are there any plans to support cidr filtering on routes or gateways for tcp/tls streams?
@zs-ko can you create a separate GH issue for the feature ?
This issue has been automatically marked as stale because it has not had activity in the last 30 days.
Description:
when applying a security policy against a gateway with authorization and a rule with principal clientCIDRS the gateway still accepts connections that is not permitted.
Expected rule to apply to gateway and block traffic as defaultAction is Deny. Status of the security policy is accepted but the config is not changed to reflect this.
Repro steps:
create gateway apply security policy try to open a tls connection against gateway
After lookin at the code is seems for me that only httproute is supported for authorization and clientcidrs
Environment:
using envoyproxy/gateway:v1.1.1 and envoyproxy/envoy:distroless-v1.31.0
Logs: