This is only implemented on Agent. There is no way to configure it on Press.
[ ] Support this configuration for benches and sites
[ ] Dashboard UI (Validate IP address / CIDR)
This will be trivial for benches because allow and deny directives work for http, server, location, limit_except blocks.
Each container is implemented as a server block. So we can store the allow list in ReleaseGroup.bench_config and Bench.bench_config. Sites are a little different since we'll need to create separate server blocks for these sites.
With https://github.com/frappe/agent/commit/a499bf8a4acfa8798bc35c03f83008d790d2f762 we can whitelist specific IPs and drop all other HTTP traffic (on the entire server).
This is only implemented on Agent. There is no way to configure it on Press.
This will be trivial for benches because
allowanddenydirectives work forhttp, server, location, limit_exceptblocks.Each container is implemented as a server block. So we can store the allow list in ReleaseGroup.bench_config and Bench.bench_config. Sites are a little different since we'll need to create separate server blocks for these sites.
References:
Note: Always whitelist press and monitor server public IPs