search

zevenet / zlb

ZEVENET becomes SKUDONET and RELIANOID
Other
143 stars 29 forks source link

ACLs #124

Open Sysadminfromhell opened 1 year ago

Sysadminfromhell commented 1 year ago

Hello everyone,

maybe I´m blind but is it possible to setup or configure ACLs for a Farm/Service?

Kind regards,

emiliocampos-zevenet commented 1 year ago

Hi, can you give us some kind of example about ACLs or what kind of actions you want to perform really? Maybe it can be done without any ACL or a similar concept.

Thanks!

El vie, 10 mar 2023 a las 18:31, Sysadminfromhell @.***>) escribió:

Hello everyone,

maybe I´m blind but is it possible to setup or configure ACLs for a Farm/Service?

Kind regards,

— Reply to this email directly, view it on GitHub https://github.com/zevenet/zlb/issues/124, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFBQEPCY557EZDW55IZCVVLW3NQO7ANCNFSM6AAAAAAVWXUKG4 . You are receiving this because you are subscribed to this thread.Message ID: @.***>

-- Emilio CamposZEVENET Teamwww.zevenet.com

Review ZEVENET Product at Gartner Insights https://gtnr.io/LfXtqnsSr https://www.linkedin.com/company/zevenet https://twitter.com/zevenet https://www.facebook.com/zevenet https://github.com/zevenet [image: ZEVENET] https://www.zevenet.com/signature/

DISCLAIMER: This message contains confidential information and is intended only for the individual named. If you are not the named addressee please notify the sender immediately by email if you have received it by mistake and delete it from your system, you should not disseminate, distribute or copy this email in whole or in part.

Sysadminfromhell commented 1 year ago

I looking for an action to let a specific Network / IP access a service in a farm. So that for example only the network 10.0.1.0/24 can access the grafana service.

Kind regards,

emiliocampos-zevenet commented 1 year ago

Hi, this can be done but not natively, ZEVENET uses zproxy and it implements a WAF with ModSecurity and it can be done with ModSecurity rules, not implemented in the web GUI, btw zproxy requires to be compiled with ModSecurity support, not included by default.

We could create an article about how to compile and use modsecurity with zproxy and ZEVENET CE.

Regards

El vie, 10 mar 2023 a las 18:36, Sysadminfromhell @.***>) escribió:

I looking for an action to let a specific Network / IP access a service in a farm. So that for example only the network 10.0.1.0/24 can access the grafana service.

Kind regards,

— Reply to this email directly, view it on GitHub https://github.com/zevenet/zlb/issues/124#issuecomment-1464142218, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFBQEPFLIPZ7C7G7J3ZOGUDW3NRCDANCNFSM6AAAAAAVWXUKG4 . You are receiving this because you commented.Message ID: @.***>

-- Emilio CamposZEVENET Teamwww.zevenet.com

Review ZEVENET Product at Gartner Insights https://gtnr.io/LfXtqnsSr https://www.linkedin.com/company/zevenet https://twitter.com/zevenet https://www.facebook.com/zevenet https://github.com/zevenet [image: ZEVENET] https://www.zevenet.com/signature/

DISCLAIMER: This message contains confidential information and is intended only for the individual named. If you are not the named addressee please notify the sender immediately by email if you have received it by mistake and delete it from your system, you should not disseminate, distribute or copy this email in whole or in part.

Sysadminfromhell commented 1 year ago

I would love that articel then how to do it so I can use this feature. Its needed for security reasons.