DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deny location mapping in case of specific errors

Browse source
This commit is contained in:
Manuel de Brito Fontes 2016-12-29 17:02:06 -03:00
parent c49b03facc
commit 597a0e691a
34 changed files with 968 additions and 333 deletions
Download patch file Download diff file Expand all files Collapse all files

7
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -240,6 +240,7 @@ http {
{{ end }}
location {{ $path }} {
{{ if isLocationAllowed $location }}
{{ if gt (len $location.Whitelist.CIDR) 0 }}
{{ range $ip := $location.Whitelist.CIDR }}
allow {{ $ip }};{{ end }}
@ -312,6 +313,10 @@ http {
set $proxy_upstream_name "{{ $location.Backend }}";
{{ buildProxyPass $backends $location }}
{{ else }}
#{{ $location.Denied }}
return 503;
{{ end }}
}
{{ end }}
@ -326,6 +331,7 @@ http {
# with an external software (like sysdig)
location /nginx_status {
allow 127.0.0.1;
allow ::1;
deny all;
access_log off;
@ -365,6 +371,7 @@ http {
# TODO: enable extraction for vts module.
location /internal_nginx_status {
allow 127.0.0.1;
allow ::1;
deny all;
access_log off;