DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Provide possibility to block CIDRs, User-Agents and Referers globally

Browse source
This commit is contained in:
Pavel Sinkevych 2018-08-27 16:50:04 +03:00
parent 3f6314aa2f
commit 7212d0081b
6 changed files with 263 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
internal/ingress/controller/config/config.go
View file

@ -533,12 +533,22 @@ type Configuration struct {
// Checksum contains a checksum of the configmap configuration
Checksum string `json:"-"`
// Block all requests from given IPs
BlockCIDRs []string `json:"block-cidrs"`
// Block all requests with given User-Agent headers
BlockUserAgents []string `json:"block-user-agents"`
// Block all requests with given Referer headers
BlockReferers []string `json:"block-referers"`
}
// NewDefault returns the default nginx configuration
func NewDefault() Configuration {
defIPCIDR := make([]string, 0)
defBindAddress := make([]string, 0)
defBlockEntity := make([]string, 0)
defNginxStatusIpv4Whitelist := make([]string, 0)
defNginxStatusIpv6Whitelist := make([]string, 0)
@ -552,6 +562,9 @@ func NewDefault() Configuration {
AccessLogPath: "/var/log/nginx/access.log",
WorkerCpuAffinity: "",
ErrorLogPath: "/var/log/nginx/error.log",
BlockCIDRs: defBlockEntity,
BlockUserAgents: defBlockEntity,
BlockReferers: defBlockEntity,
BrotliLevel: 4,
BrotliTypes: brotliTypes,
ClientHeaderBufferSize: "1k",