DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor whitelist from map to standard allow directives

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2019-05-27 04:55:38 -04:00
parent 24cb0e5d0b
commit c4597522bf
No known key found for this signature in database
GPG key ID: 786136016A8BA02A
2 changed files with 6 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

27
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -419,27 +419,6 @@ http {
{{ end }}
}
{{/* build the maps that will be use to validate the Whitelist */}}
{{ range $server := $servers }}
{{ $enforceRegex := enforceRegexModifier $server.Locations }}
{{ range $location := $server.Locations }}
{{ $path := buildLocation $location $enforceRegex }}
{{ if isLocationAllowed $location }}
{{ if gt (len $location.Whitelist.CIDR) 0 }}
# Deny for {{ print $server.Hostname $path }}
geo $the_real_ip {{ buildDenyVariable (print $server.Hostname "_" $path) }} {
default 1;
{{ range $ip := $location.Whitelist.CIDR }}
{{ $ip }} 0;{{ end }}
}
{{ end }}
{{ end }}
{{ end }}
{{ end }}
{{ range $rl := (filterRateLimits $servers ) }}
# Ratelimit {{ $rl.Name }}
geo $the_real_ip $whitelist_{{ $rl.ID }} {
@ -1134,9 +1113,9 @@ stream {
{{ if isLocationAllowed $location }}
{{ if gt (len $location.Whitelist.CIDR) 0 }}
if ({{ buildDenyVariable (print $server.Hostname "_" $path) }}) {
return 403;
}
{{ range $ip := $location.Whitelist.CIDR }}
allow {{ $ip }};{{ end }}
deny all;
{{ end }}
{{ if not (isLocationInLocationList $location $all.Cfg.NoAuthLocations) }}