search

nginxinc / kubernetes-ingress

NGINX and NGINX Plus Ingress Controllers for Kubernetes
https://docs.nginx.com/nginx-ingress-controller
Apache License 2.0
4.64k stars 1.96k forks source link

NGINX App Protect DoS - Allow List feature #5843

Closed pasmant closed 2 months ago

pasmant commented 3 months ago

Is your feature request related to a problem? Please describe. Currently the new feature of nginx app protect dos is not implemented over NIC. The allow list describe here: Allow List

Resolves https://github.com/nginxinc/kubernetes-ingress/pull/5824

Describe the solution you'd like I would like to have an allow list option added to the DOS protected resource Custom Resource Definition (CRD). This allow list should enable specific IP addresses, specified with their subnet masks, to never be blocked by the DOS protection. For example, the new field allowList should hold a list of IPs with their respective masks as shown below:

DosProtectedResource yaml

....
allowList:
  - ipWithMask: "192.168.1.1/24"
  - ipWithMask: "10.244.0.1/32"

Describe alternatives you've considered No alternatives.

github-actions[bot] commented 3 months ago

Hi @pasmant thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this :slightly_smiling_face:

Cheers!