Renaming IPWhiteList to IPAllowList

docs/content/middlewares/http/chain.md

@@ -15,7 +15,7 @@ It makes reusing the same groups easier.
 
 ## Configuration Example
 
-Below is an example of a Chain containing `WhiteList`, `BasicAuth`, and `RedirectScheme`.
+Below is an example of a Chain containing `AllowList`, `BasicAuth`, and `RedirectScheme`.
 
 ```yaml tab="Docker"
 labels:
@@ -25,7 +25,7 @@ labels:
   - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
   - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
   - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
-  - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
+  - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
   - "traefik.http.services.service1.loadbalancer.server.port=80"
 ```
 
@@ -80,7 +80,7 @@ kind: Middleware
 metadata:
   name: known-ips
 spec:
-  ipWhiteList:
+  ipAllowList:
     sourceRange:
     - 192.168.1.7
     - 127.0.0.1/32
@@ -93,7 +93,7 @@ spec:
 - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
 - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
 - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
-- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
+- "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
 - "traefik.http.services.service1.loadbalancer.server.port=80"
 ```
 
@@ -105,7 +105,7 @@ spec:
   "traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users",
   "traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
   "traefik.http.middlewares.https-only.redirectscheme.scheme": "https",
-  "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange": "192.168.1.7,127.0.0.1/32",
+  "traefik.http.middlewares.known-ips.ipallowlist.sourceRange": "192.168.1.7,127.0.0.1/32",
   "traefik.http.services.service1.loadbalancer.server.port": "80"
 }
 ```
@@ -118,7 +118,7 @@ labels:
   - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
   - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
   - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
-  - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
+  - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
   - "traefik.http.services.service1.loadbalancer.server.port=80"
 ```
 
@@ -150,7 +150,7 @@ http:
         scheme: https
 
     known-ips:
-      ipWhiteList:
+      ipAllowList:
         sourceRange:
           - "192.168.1.7"
           - "127.0.0.1/32"
@@ -180,7 +180,7 @@ http:
   [http.middlewares.https-only.redirectScheme]
     scheme = "https"
 
-  [http.middlewares.known-ips.ipWhiteList]
+  [http.middlewares.known-ips.ipAllowList]
     sourceRange = ["192.168.1.7", "127.0.0.1/32"]
 
 [http.services]

docs/content/middlewares/http/ipallowlist.md

@@ -1,32 +1,30 @@
 ---
-title: "Traefik HTTP Middlewares IPWhiteList"
+title: "Traefik HTTP Middlewares IPAllowList"
-description: "Learn how to use IPWhiteList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
+description: "Learn how to use IPAllowList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
 ---
 
-# IPWhiteList
+# IPAllowList
 
 Limiting Clients to Specific IPs
 {: .subtitle }
 
-![IpWhiteList](../../assets/img/middleware/ipwhitelist.png)
+IPAllowList accepts / refuses requests based on the client IP.
-
-IPWhitelist accepts / refuses requests based on the client IP.
 
 ## Configuration Examples
 
 ```yaml tab="Docker"
 # Accepts request from defined IP
 labels:
-  - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
 ```
 
 ```yaml tab="Kubernetes"
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
-  name: test-ipwhitelist
+  name: test-ipallowlist
 spec:
-  ipWhiteList:
+  ipAllowList:
     sourceRange:
       - 127.0.0.1/32
       - 192.168.1.7
@@ -34,27 +32,27 @@ spec:
 
 ```yaml tab="Consul Catalog"
 # Accepts request from defined IP
-- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
 ```
 
 ```json tab="Marathon"
 "labels": {
-  "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7"
+  "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
 }
 ```
 
 ```yaml tab="Rancher"
 # Accepts request from defined IP
 labels:
-  - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
 ```
 
 ```yaml tab="File (YAML)"
 # Accepts request from defined IP
 http:
   middlewares:
-    test-ipwhitelist:
+    test-ipallowlist:
-      ipWhiteList:
+      ipAllowList:
         sourceRange:
           - "127.0.0.1/32"
           - "192.168.1.7"
@@ -63,7 +61,7 @@ http:
 ```toml tab="File (TOML)"
 # Accepts request from defined IP
 [http.middlewares]
-  [http.middlewares.test-ipwhitelist.ipWhiteList]
+  [http.middlewares.test-ipallowlist.ipAllowList]
     sourceRange = ["127.0.0.1/32", "192.168.1.7"]
 ```
 
@@ -86,7 +84,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
 
 !!! example "Examples of Depth & X-Forwarded-For"
 
-    If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting is `"12.0.0.1"` (`depth=2`).
+    If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`).
 
     | `X-Forwarded-For`                       | `depth` | clientIP     |
     |-----------------------------------------|---------|--------------|
@@ -95,20 +93,20 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
     | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5`     | `""`         |
 
 ```yaml tab="Docker"
-# Whitelisting Based on `X-Forwarded-For` with `depth=2`
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
 labels:
-  - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
-  - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2"
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
 ```
 
 ```yaml tab="Kubernetes"
-# Whitelisting Based on `X-Forwarded-For` with `depth=2`
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
-  name: test-ipwhitelist
+  name: test-ipallowlist
 spec:
-  ipWhiteList:
+  ipAllowList:
     sourceRange:
       - 127.0.0.1/32
       - 192.168.1.7
@@ -117,31 +115,31 @@ spec:
 ```
 
 ```yaml tab="Consul Catalog"
-# Whitelisting Based on `X-Forwarded-For` with `depth=2`
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
-- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
-- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2"
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
 ```
 
 ```json tab="Marathon"
 "labels": {
-  "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7",
+  "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32, 192.168.1.7",
-  "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth": "2"
+  "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth": "2"
 }
 ```
 
 ```yaml tab="Rancher"
-# Whitelisting Based on `X-Forwarded-For` with `depth=2`
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
 labels:
-  - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
-  - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2"
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
 ```
 
 ```yaml tab="File (YAML)"
-# Whitelisting Based on `X-Forwarded-For` with `depth=2`
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
 http:
   middlewares:
-    test-ipwhitelist:
+    test-ipallowlist:
-      ipWhiteList:
+      ipAllowList:
         sourceRange:
           - "127.0.0.1/32"
           - "192.168.1.7"
@@ -150,11 +148,11 @@ http:
 ```
 
 ```toml tab="File (TOML)"
-# Whitelisting Based on `X-Forwarded-For` with `depth=2`
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
 [http.middlewares]
-  [http.middlewares.test-ipwhitelist.ipWhiteList]
+  [http.middlewares.test-ipallowlist.ipAllowList]
     sourceRange = ["127.0.0.1/32", "192.168.1.7"]
-    [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
+    [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
       depth = 2
 ```
 
@@ -177,7 +175,7 @@ http:
 ```yaml tab="Docker"
 # Exclude from `X-Forwarded-For`
 labels:
-    - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
+    - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 
 ```yaml tab="Kubernetes"
@@ -185,9 +183,9 @@ labels:
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
-  name: test-ipwhitelist
+  name: test-ipallowlist
 spec:
-  ipWhiteList:
+  ipAllowList:
     ipStrategy:
       excludedIPs:
         - 127.0.0.1/32
@@ -196,27 +194,27 @@ spec:
 
 ```yaml tab="Consul Catalog"
 # Exclude from `X-Forwarded-For`
-- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 
 ```json tab="Marathon"
 "labels": {
-  "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
+  "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
 }
 ```
 
 ```yaml tab="Rancher"
 # Exclude from `X-Forwarded-For`
 labels:
-  - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 
 ```yaml tab="File (YAML)"
 # Exclude from `X-Forwarded-For`
 http:
   middlewares:
-    test-ipwhitelist:
+    test-ipallowlist:
-      ipWhiteList:
+      ipAllowList:
         ipStrategy:
           excludedIPs:
             - "127.0.0.1/32"
@@ -226,7 +224,7 @@ http:
 ```toml tab="File (TOML)"
 # Exclude from `X-Forwarded-For`
 [http.middlewares]
-  [http.middlewares.test-ipwhitelist.ipWhiteList]
+  [http.middlewares.test-ipallowlist.ipAllowList]
-    [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
+    [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
       excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
 ```

docs/content/middlewares/http/overview.md

@@ -142,7 +142,7 @@ http:
 | [Errors](errorpages.md)                   | Defines custom error pages                        | Request Lifecycle           |
 | [ForwardAuth](forwardauth.md)             | Delegates Authentication                          | Security, Authentication    |
 | [Headers](headers.md)                     | Adds / Updates headers                            | Security                    |
-| [IPWhiteList](ipwhitelist.md)             | Limits the allowed client IPs                     | Security, Request lifecycle |
+| [IPAllowList](ipallowlist.md)             | Limits the allowed client IPs                     | Security, Request lifecycle |
 | [InFlightReq](inflightreq.md)             | Limits the number of simultaneous connections     | Security, Request lifecycle |
 | [PassTLSClientCert](passtlsclientcert.md) | Adds Client Certificates in a Header              | Security                    |
 | [RateLimit](ratelimit.md)                 | Limits the call frequency                         | Security, Request lifecycle |

docs/content/middlewares/tcp/ipallowlist.md

@@ -1,30 +1,30 @@
 ---
-title: "Traefik TCP Middlewares IPWhiteList"
+title: "Traefik TCP Middlewares IPAllowList"
-description: "Learn how to use IPWhiteList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
+description: "Learn how to use IPAllowList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
 ---
 
-# IPWhiteList
+# IPAllowList
 
 Limiting Clients to Specific IPs
 {: .subtitle }
 
-IPWhitelist accepts / refuses connections based on the client IP.
+IPAllowList accepts / refuses connections based on the client IP.
 
 ## Configuration Examples
 
 ```yaml tab="Docker"
 # Accepts connections from defined IP
 labels:
-  - "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
+  - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
 ```
 
 ```yaml tab="Kubernetes"
 apiVersion: traefik.containo.us/v1alpha1
 kind: MiddlewareTCP
 metadata:
-  name: test-ipwhitelist
+  name: test-ipallowlist
 spec:
-  ipWhiteList:
+  ipAllowList:
     sourceRange:
       - 127.0.0.1/32
       - 192.168.1.7
@@ -32,25 +32,25 @@ spec:
 
 ```yaml tab="Consul Catalog"
 # Accepts request from defined IP
-- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
+- "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
 ```
 
 ```json tab="Marathon"
 "labels": {
-  "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7"
+  "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
 }
 ```
 
 ```yaml tab="Rancher"
 # Accepts request from defined IP
 labels:
-  - "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
+  - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
 ```
 
 ```toml tab="File (TOML)"
 # Accepts request from defined IP
 [tcp.middlewares]
-  [tcp.middlewares.test-ipwhitelist.ipWhiteList]
+  [tcp.middlewares.test-ipallowlist.ipAllowList]
     sourceRange = ["127.0.0.1/32", "192.168.1.7"]
 ```
 
@@ -58,8 +58,8 @@ labels:
 # Accepts request from defined IP
 tcp:
   middlewares:
-    test-ipwhitelist:
+    test-ipallowlist:
-      ipWhiteList:
+      ipAllowList:
         sourceRange:
           - "127.0.0.1/32"
           - "192.168.1.7"

docs/content/middlewares/tcp/overview.md

@@ -18,10 +18,10 @@ whoami:
   #  A container that exposes an API to show its IP address
   image: traefik/whoami
   labels:
-    # Create a middleware named `foo-ip-whitelist`
+    # Create a middleware named `foo-ip-allowlist`
-    - "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
+    - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
-    # Apply the middleware named `foo-ip-whitelist` to the router named `router1`
+    # Apply the middleware named `foo-ip-allowlist` to the router named `router1`
-    - "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@docker"
+    - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@docker"
 ```
 
 ```yaml tab="Kubernetes IngressRoute"
@@ -43,9 +43,9 @@ spec:
 apiVersion: traefik.containo.us/v1alpha1
 kind: MiddlewareTCP
 metadata:
-  name: foo-ip-whitelist
+  name: foo-ip-allowlist
 spec:
-  ipWhiteList:
+  ipAllowList:
     sourcerange:
       - 127.0.0.1/32
       - 192.168.1.7
@@ -60,30 +60,30 @@ spec:
   routes:
     # more fields...
     middlewares:
-      - name: foo-ip-whitelist
+      - name: foo-ip-allowlist
 ```
 
 ```yaml tab="Consul Catalog"
-# Create a middleware named `foo-ip-whitelist`
+# Create a middleware named `foo-ip-allowlist`
-- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
+- "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
-# Apply the middleware named `foo-ip-whitelist` to the router named `router1`
+# Apply the middleware named `foo-ip-allowlist` to the router named `router1`
-- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@consulcatalog"
+- "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@consulcatalog"
 ```
 
 ```json tab="Marathon"
 "labels": {
-  "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7",
+  "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7",
-  "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@marathon"
+  "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@marathon"
 }
 ```
 
 ```yaml tab="Rancher"
 # As a Rancher Label
 labels:
-  # Create a middleware named `foo-ip-whitelist`
+  # Create a middleware named `foo-ip-allowlist`
-  - "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
+  - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
-  # Apply the middleware named `foo-ip-whitelist` to the router named `router1`
+  # Apply the middleware named `foo-ip-allowlist` to the router named `router1`
-  - "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@rancher"
+  - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@rancher"
 ```
 
 ```toml tab="File (TOML)"
@@ -91,11 +91,11 @@ labels:
 [tcp.routers]
   [tcp.routers.router1]
     service = "myService"
-    middlewares = ["foo-ip-whitelist"]
+    middlewares = ["foo-ip-allowlist"]
     rule = "Host(`example.com`)"
 
 [tcp.middlewares]
-  [tcp.middlewares.foo-ip-whitelist.ipWhiteList]
+  [tcp.middlewares.foo-ip-allowlist.ipAllowList]
     sourceRange = ["127.0.0.1/32", "192.168.1.7"]
 
 [tcp.services]
@@ -114,12 +114,12 @@ tcp:
     router1:
       service: myService
       middlewares:
-        - "foo-ip-whitelist"
+        - "foo-ip-allowlist"
       rule: "Host(`example.com`)"
 
   middlewares:
-    foo-ip-whitelist:
+    foo-ip-allowlist:
-      ipWhiteList:
+      ipAllowList:
         sourceRange:
           - "127.0.0.1/32"
           - "192.168.1.7"
@@ -137,4 +137,4 @@ tcp:
 | Middleware                                | Purpose                                           | Area                        |
 |-------------------------------------------|---------------------------------------------------|-----------------------------|
 | [InFlightConn](inflightconn.md)           | Limits the number of simultaneous connections.    | Security, Request lifecycle |
-| [IPWhiteList](ipwhitelist.md)             | Limit the allowed client IPs.                     | Security, Request lifecycle |
+| [IPAllowList](ipallowlist.md)             | Limit the allowed client IPs.                     | Security, Request lifecycle |

docs/content/migration/v2-to-v3.md

@@ -0,0 +1,18 @@
+---
+title: "Traefik V3 Migration Documentation"
+description: "Migrate from Traefik Proxy v2 to v3 and update all the necessary configurations to take advantage of all the improvements. Read the technical documentation."
+---
+
+# Migration Guide: From v2 to v3
+
+How to Migrate from Traefik v2 to Traefik v3.
+{: .subtitle }
+
+The version 3 of Traefik introduces a number of breaking changes,
+which require one to update their configuration when they migrate from v2 to v3.
+The goal of this page is to recapitulate all of these changes, and in particular to give examples,
+feature by feature, of how the configuration looked like in v2, and how it now looks like in v3.
+
+## IPWhiteList
+
+In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration. 

docs/content/operations/dashboard.md

@@ -72,7 +72,7 @@ to allow defining:
 
 - One or more security features through [middlewares](../middlewares/overview.md)
   like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md),
-  [forwardAuth](../middlewares/http/forwardauth.md)) or [whitelisting](../middlewares/http/ipwhitelist.md).
+  [forwardAuth](../middlewares/http/forwardauth.md)) or [allowlisting](../middlewares/http/ipallowlist.md).
 
 - A [router rule](#dashboard-router-rule) for accessing the dashboard,
   through Traefik itself (sometimes referred as "Traefik-ception").

docs/content/providers/file.md

@@ -18,7 +18,7 @@ It supports providing configuration through a [single configuration file](#filen
 
 !!! tip
 
-    The file provider can be a good solution for reusing common elements from other providers (e.g. declaring whitelist middlewares, basic authentication, ...)
+    The file provider can be a good solution for reusing common elements from other providers (e.g. declaring allowlist middlewares, basic authentication, ...)
 
 ## Configuration Examples
 

docs/content/reference/dynamic-configuration/docker-labels.yml

@@ -71,9 +71,9 @@
 - "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true"
 - "traefik.http.middlewares.middleware10.headers.stspreload=true"
 - "traefik.http.middlewares.middleware10.headers.stsseconds=42"
-- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth=42"
+- "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth=42"
-- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
+- "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips=foobar, foobar"
-- "traefik.http.middlewares.middleware11.ipwhitelist.sourcerange=foobar, foobar"
+- "traefik.http.middlewares.middleware11.ipallowlist.sourcerange=foobar, foobar"
 - "traefik.http.middlewares.middleware12.inflightreq.amount=42"
 - "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42"
 - "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
@@ -166,7 +166,7 @@
 - "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true"
 - "traefik.http.services.service01.loadbalancer.server.port=foobar"
 - "traefik.http.services.service01.loadbalancer.server.scheme=foobar"
-- "traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange=foobar, foobar"
+- "traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange=foobar, foobar"
 - "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42"
 - "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar"
 - "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar"

docs/content/reference/dynamic-configuration/file.toml

@@ -203,9 +203,9 @@
           name0 = "foobar"
           name1 = "foobar"
     [http.middlewares.Middleware11]
-      [http.middlewares.Middleware11.ipWhiteList]
+      [http.middlewares.Middleware11.ipAllowList]
         sourceRange = ["foobar", "foobar"]
-        [http.middlewares.Middleware11.ipWhiteList.ipStrategy]
+        [http.middlewares.Middleware11.ipAllowList.ipStrategy]
           depth = 42
           excludedIPs = ["foobar", "foobar"]
     [http.middlewares.Middleware12]
@@ -402,7 +402,7 @@
           weight = 42
   [tcp.middlewares]
     [tcp.middlewares.TCPMiddleware00]
-      [tcp.middlewares.TCPMiddleware00.ipWhiteList]
+      [tcp.middlewares.TCPMiddleware00.ipAllowList]
         sourceRange = ["foobar", "foobar"]
     [tcp.middlewares.TCPMiddleware01]
       [tcp.middlewares.TCPMiddleware01.inFlightConn]

docs/content/reference/dynamic-configuration/file.yaml

@@ -230,7 +230,7 @@ http:
         permissionsPolicy: foobar
         isDevelopment: true
     Middleware11:
-      ipWhiteList:
+      ipAllowList:
         sourceRange:
           - foobar
           - foobar
@@ -443,7 +443,7 @@ tcp:
             weight: 42
   middlewares:
     TCPMiddleware00:
-      ipWhiteList:
+      ipAllowList:
         sourceRange:
           - foobar
           - foobar

docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml

@@ -1149,7 +1149,7 @@ spec:
                     properties:
                       ipStrategy:
                         description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -1174,14 +1174,14 @@ spec:
                         type: boolean
                     type: object
                 type: object
-              ipWhiteList:
+              ipAllowList:
-                description: 'IPWhiteList holds the IP whitelist middleware configuration.
+                description: 'IPAllowList holds the IP allowlist middleware configuration.
                   This middleware accepts / refuses requests based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/'
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/'
                 properties:
                   ipStrategy:
                     description: 'IPStrategy holds the IP strategy configuration used
-                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
                     properties:
                       depth:
                         description: Depth tells Traefik to use the X-Forwarded-For
@@ -1345,7 +1345,7 @@ spec:
                     properties:
                       ipStrategy:
                         description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -1541,8 +1541,8 @@ spec:
                     format: int64
                     type: integer
                 type: object
-              ipWhiteList:
+              ipAllowList:
-                description: IPWhiteList defines the IPWhiteList middleware configuration.
+                description: IPAllowList defines the IPAllowList middleware configuration.
                 properties:
                   sourceRange:
                     description: SourceRange defines the allowed IPs (or ranges of

docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml

@@ -148,7 +148,7 @@ spec:
         - name: whoamitcp
           port: 8080
       middlewares:
-        - name: ipwhitelist
+        - name: ipallowlist
   tls:
     secretName: foosecret
     passthrough: false

docs/content/reference/dynamic-configuration/kv-ref.md

@@ -84,11 +84,11 @@
 | `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` |
 | `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` |
 | `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/depth` | `42` |
+| `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/0` | `foobar` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/1` | `foobar` |
 | `traefik/http/middlewares/Middleware12/inFlightReq/amount` | `42` |
 | `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` |
 | `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
@@ -247,8 +247,8 @@
 | `traefik/http/services/Service04/failover/fallback` | `foobar` |
 | `traefik/http/services/Service04/failover/healthCheck` | `` |
 | `traefik/http/services/Service04/failover/service` | `foobar` |
-| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/0` | `foobar` |
+| `traefik/tcp/middlewares/TCPMiddleware00/ipAllowList/sourceRange/0` | `foobar` |
-| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/1` | `foobar` |
+| `traefik/tcp/middlewares/TCPMiddleware00/ipAllowList/sourceRange/1` | `foobar` |
 | `traefik/tcp/middlewares/TCPMiddleware01/inFlightConn/amount` | `42` |
 | `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` |
 | `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` |

docs/content/reference/dynamic-configuration/marathon-labels.json

@@ -71,9 +71,9 @@
 "traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true",
 "traefik.http.middlewares.middleware10.headers.stspreload": "true",
 "traefik.http.middlewares.middleware10.headers.stsseconds": "42",
-"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth": "42",
+"traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth": "42",
-"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips": "foobar, foobar",
+"traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips": "foobar, foobar",
-"traefik.http.middlewares.middleware11.ipwhitelist.sourcerange": "foobar, foobar",
+"traefik.http.middlewares.middleware11.ipallowlist.sourcerange": "foobar, foobar",
 "traefik.http.middlewares.middleware12.inflightreq.amount": "42",
 "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth": "42",
 "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
@@ -166,7 +166,7 @@
 "traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true",
 "traefik.http.services.service01.loadbalancer.server.port": "foobar",
 "traefik.http.services.service01.loadbalancer.server.scheme": "foobar",
-"traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange": "foobar, foobar",
+"traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange": "foobar, foobar",
 "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount": "42",
 "traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar",
 "traefik.tcp.routers.tcprouter0.middlewares": "foobar, foobar",

docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml

@@ -572,7 +572,7 @@ spec:
                     properties:
                       ipStrategy:
                         description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -597,14 +597,14 @@ spec:
                         type: boolean
                     type: object
                 type: object
-              ipWhiteList:
+              ipAllowList:
-                description: 'IPWhiteList holds the IP whitelist middleware configuration.
+                description: 'IPAllowList holds the IP allowlist middleware configuration.
                   This middleware accepts / refuses requests based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/'
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/'
                 properties:
                   ipStrategy:
                     description: 'IPStrategy holds the IP strategy configuration used
-                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
                     properties:
                       depth:
                         description: Depth tells Traefik to use the X-Forwarded-For
@@ -768,7 +768,7 @@ spec:
                     properties:
                       ipStrategy:
                         description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For

docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml

@@ -47,8 +47,8 @@ spec:
                     format: int64
                     type: integer
                 type: object
-              ipWhiteList:
+              ipAllowList:
-                description: IPWhiteList defines the IPWhiteList middleware configuration.
+                description: IPAllowList defines the IPAllowList middleware configuration.
                 properties:
                   sourceRange:
                     description: SourceRange defines the allowed IPs (or ranges of

docs/content/routing/providers/kubernetes-crd.md

@@ -1287,9 +1287,9 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
     apiVersion: traefik.containo.us/v1alpha1
     kind: MiddlewareTCP
     metadata:
-      name: ipwhitelist
+      name: ipallowlist
     spec:
-      ipWhiteList:
+      ipAllowList:
         sourceRange:
           - 127.0.0.1/32
           - 192.168.1.7
@@ -1305,13 +1305,13 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
       entryPoints:
         - web
       routes:
-      - match: Host(`example.com`) && PathPrefix(`/whitelist`)
+      - match: Host(`example.com`) && PathPrefix(`/allowlist`)
         kind: Rule
         services:
         - name: whoami
           port: 80
         middlewares:
-        - name: ipwhitelist
+        - name: ipallowlist
           namespace: foo
     ```
 

docs/content/routing/routers/index.md

@@ -986,7 +986,7 @@ The middlewares will take effect only if the rule matches, and before connecting
       [tcp.routers.my-router]
         rule = "HostSNI(`*`)"
         # declared elsewhere
-        middlewares = ["ipwhitelist"]
+        middlewares = ["ipallowlist"]
         service = "service-foo"
     ```
 
@@ -998,7 +998,7 @@ The middlewares will take effect only if the rule matches, and before connecting
           rule: "HostSNI(`*`)"
           # declared elsewhere
           middlewares:
-          - ipwhitelist
+          - ipallowlist
           service: service-foo
     ```
 

docs/mkdocs.yml

@@ -126,7 +126,7 @@ nav:
         - 'Errors': 'middlewares/http/errorpages.md'
         - 'ForwardAuth': 'middlewares/http/forwardauth.md'
         - 'Headers': 'middlewares/http/headers.md'
-        - 'IpWhitelist': 'middlewares/http/ipwhitelist.md'
+        - 'IpAllowList': 'middlewares/http/ipallowlist.md'
         - 'InFlightReq': 'middlewares/http/inflightreq.md'
         - 'PassTLSClientCert': 'middlewares/http/passtlsclientcert.md'
         - 'RateLimit': 'middlewares/http/ratelimit.md'
@@ -140,7 +140,7 @@ nav:
     - 'TCP':
         - 'Overview': 'middlewares/tcp/overview.md'
         - 'InFlightConn': 'middlewares/tcp/inflightconn.md'
-        - 'IpWhitelist': 'middlewares/tcp/ipwhitelist.md'
+        - 'IpAllowList': 'middlewares/tcp/ipallowlist.md'
   - 'Traefik Hub': 'traefik-hub/index.md'
   - 'Plugins & Plugin Catalog': 'plugins/index.md'
   - 'Operations':
@@ -177,6 +177,7 @@ nav:
           - 'HTTP Challenge': 'user-guides/docker-compose/acme-http/index.md'
           - 'DNS Challenge': 'user-guides/docker-compose/acme-dns/index.md'
   - 'Migration':
+      - 'Traefik v2 to v3': 'migration/v2-to-v3.md'
       - 'Traefik v2 minor migrations': 'migration/v2.md'
       - 'Traefik v1 to v2': 'migration/v1-to-v2.md'
   - 'Contributing':

integration/access_log_test.go

@@ -435,7 +435,7 @@ func (s *AccessLogSuite) TestAccessLogBackendNotFound(c *check.C) {
 	checkNoOtherTraefikProblems(c)
 }
 
-func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
+func (s *AccessLogSuite) TestAccessLogFrontendAllowlist(c *check.C) {
 	ensureWorkingDirectoryIsClean()
 
 	expected := []accessLogValue{
@@ -443,7 +443,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
 			formatOnly: false,
 			code:       "403",
 			user:       "-",
-			routerName: "rt-frontendWhitelist",
+			routerName: "rt-frontendAllowlist",
 			serviceURL: "-",
 		},
 	}
@@ -458,7 +458,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
 
 	checkStatsForLogFile(c)
 
-	waitForTraefik(c, "frontendWhitelist")
+	waitForTraefik(c, "frontendAllowlist")
 
 	// Verify Traefik started OK
 	checkTraefikStarted(c)
@@ -466,7 +466,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
 	// Test rate limit
 	req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
 	c.Assert(err, checker.IsNil)
-	req.Host = "frontend.whitelist.docker.local"
+	req.Host = "frontend.allowlist.docker.local"
 
 	err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusForbidden), try.HasBody())
 	c.Assert(err, checker.IsNil)

integration/fixtures/k8s/01-traefik-crd.yml

@@ -1149,7 +1149,7 @@ spec:
                     properties:
                       ipStrategy:
                         description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -1174,14 +1174,14 @@ spec:
                         type: boolean
                     type: object
                 type: object
-              ipWhiteList:
+              ipAllowList:
-                description: 'IPWhiteList holds the IP whitelist middleware configuration.
+                description: 'IPAllowList holds the IP allowlist middleware configuration.
                   This middleware accepts / refuses requests based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/'
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/'
                 properties:
                   ipStrategy:
                     description: 'IPStrategy holds the IP strategy configuration used
-                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
                     properties:
                       depth:
                         description: Depth tells Traefik to use the X-Forwarded-For
@@ -1345,7 +1345,7 @@ spec:
                     properties:
                       ipStrategy:
                         description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -1541,8 +1541,8 @@ spec:
                     format: int64
                     type: integer
                 type: object
-              ipWhiteList:
+              ipAllowList:
-                description: IPWhiteList defines the IPWhiteList middleware configuration.
+                description: IPAllowList defines the IPAllowList middleware configuration.
                 properties:
                   sourceRange:
                     description: SourceRange defines the allowed IPs (or ranges of

integration/fixtures/tcp/ipallowlist.toml

@@ -23,7 +23,7 @@
       entryPoints = ["tcp"]
       rule = "HostSNI(`whoami-a.test`)"
       service = "whoami-a"
-      middlewares = ["blocking-ipwhitelist"]
+      middlewares = ["blocking-ipallowlist"]
       [tcp.routers.to-whoami-a.tls]
         passthrough = true
 
@@ -31,7 +31,7 @@
       entryPoints = ["tcp"]
       rule = "HostSNI(`whoami-b.test`)"
       service = "whoami-b"
-      middlewares = ["allowing-ipwhitelist"]
+      middlewares = ["allowing-ipallowlist"]
       [tcp.routers.to-whoami-b.tls]
         passthrough = true
 
@@ -45,7 +45,7 @@
         address = "{{ .WhoamiB }}"
 
   [tcp.middlewares]
-    [tcp.middlewares.allowing-ipwhitelist.ipWhiteList]
+    [tcp.middlewares.allowing-ipallowlist.ipAllowList]
       sourceRange = ["127.0.0.1/32"]
-    [tcp.middlewares.blocking-ipwhitelist.ipWhiteList]
+    [tcp.middlewares.blocking-ipallowlist.ipAllowList]
       sourceRange = ["127.127.127.127/32"]

integration/resources/compose/access_log.yml

@@ -75,14 +75,14 @@ services:
       traefik.http.middlewares.rate.ratelimit.burst: 2
       traefik.http.services.service3.loadbalancer.server.port: 80
 
-  frontendWhitelist:
+  frontendAllowlist:
     image: traefik/whoami
     labels:
       traefik.enable: true
-      traefik.http.routers.rt-frontendWhitelist.entryPoints: web
+      traefik.http.routers.rt-frontendAllowlist.entryPoints: web
-      traefik.http.routers.rt-frontendWhitelist.rule: Host(`frontend.whitelist.docker.local`)
+      traefik.http.routers.rt-frontendAllowlist.rule: Host(`frontend.allowlist.docker.local`)
-      traefik.http.routers.rt-frontendWhitelist.middlewares: wl
+      traefik.http.routers.rt-frontendAllowlist.middlewares: wl
-      traefik.http.middlewares.wl.ipwhitelist.sourcerange: 8.8.8.8/32
+      traefik.http.middlewares.wl.ipallowlist.sourcerange: 8.8.8.8/32
       traefik.http.services.service3.loadbalancer.server.port: 80
 
 networks:

integration/resources/compose/allowlist.yml

@@ -0,0 +1,41 @@
+version: "3.8"
+services:
+  noOverrideAllowlist:
+    image: traefik/whoami
+    labels:
+      traefik.enable: true
+      traefik.http.routers.rt1.rule: Host(`no.override.allowlist.docker.local`)
+      traefik.http.routers.rt1.middlewares: wl1
+      traefik.http.middlewares.wl1.ipallowList.sourceRange: 8.8.8.8
+
+  overrideIPStrategyRemoteAddrAllowlist:
+    image: traefik/whoami
+    labels:
+      traefik.enable: true
+      traefik.http.routers.rt2.rule: Host(`override.remoteaddr.allowlist.docker.local`)
+      traefik.http.routers.rt2.middlewares: wl2
+      traefik.http.middlewares.wl2.ipallowlist.sourceRange: 8.8.8.8
+      traefik.http.middlewares.wl2.ipallowlist.ipStrategy: true
+
+  overrideIPStrategyDepthAllowlist:
+    image: traefik/whoami
+    labels:
+      traefik.enable: true
+      traefik.http.routers.rt3.rule: Host(`override.depth.allowlist.docker.local`)
+      traefik.http.routers.rt3.middlewares: wl3
+      traefik.http.middlewares.wl3.ipallowlist.sourceRange: 8.8.8.8
+      traefik.http.middlewares.wl3.ipallowlist.ipStrategy.depth: 3
+
+  overrideIPStrategyExcludedIPsAllowlist:
+    image: traefik/whoami
+    labels:
+      traefik.enable: true
+      traefik.http.routers.rt4.rule: Host(`override.excludedips.allowlist.docker.local`)
+      traefik.http.routers.rt4.middlewares: wl4
+      traefik.http.middlewares.wl4.ipallowlist.sourceRange: 8.8.8.8
+      traefik.http.middlewares.wl4.ipallowlist.ipStrategy.excludedIPs: 10.0.0.1,10.0.0.2
+
+networks:
+  default:
+    name: traefik-test-network
+    external: true

integration/resources/compose/whitelist.yml

@@ -1,41 +0,0 @@
-version: "3.8"
-services:
-  noOverrideWhitelist:
-    image: traefik/whoami
-    labels:
-      traefik.enable: true
-      traefik.http.routers.rt1.rule: Host(`no.override.whitelist.docker.local`)
-      traefik.http.routers.rt1.middlewares: wl1
-      traefik.http.middlewares.wl1.ipwhiteList.sourceRange: 8.8.8.8
-
-  overrideIPStrategyRemoteAddrWhitelist:
-    image: traefik/whoami
-    labels:
-      traefik.enable: true
-      traefik.http.routers.rt2.rule: Host(`override.remoteaddr.whitelist.docker.local`)
-      traefik.http.routers.rt2.middlewares: wl2
-      traefik.http.middlewares.wl2.ipwhitelist.sourceRange: 8.8.8.8
-      traefik.http.middlewares.wl2.ipwhitelist.ipStrategy: true
-
-  overrideIPStrategyDepthWhitelist:
-    image: traefik/whoami
-    labels:
-      traefik.enable: true
-      traefik.http.routers.rt3.rule: Host(`override.depth.whitelist.docker.local`)
-      traefik.http.routers.rt3.middlewares: wl3
-      traefik.http.middlewares.wl3.ipwhitelist.sourceRange: 8.8.8.8
-      traefik.http.middlewares.wl3.ipwhitelist.ipStrategy.depth: 3
-
-  overrideIPStrategyExcludedIPsWhitelist:
-    image: traefik/whoami
-    labels:
-      traefik.enable: true
-      traefik.http.routers.rt4.rule: Host(`override.excludedips.whitelist.docker.local`)
-      traefik.http.routers.rt4.middlewares: wl4
-      traefik.http.middlewares.wl4.ipwhitelist.sourceRange: 8.8.8.8
-      traefik.http.middlewares.wl4.ipwhitelist.ipStrategy.excludedIPs: 10.0.0.1,10.0.0.2
-
-networks:
-  default:
-    name: traefik-test-network
-    external: true

integration/simple_test.go

@@ -397,13 +397,13 @@ func (s *SimpleSuite) TestMultipleProviderSameBackendName(c *check.C) {
 	c.Assert(err, checker.IsNil)
 }
 
-func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
+func (s *SimpleSuite) TestIPStrategyAllowlist(c *check.C) {
-	s.createComposeProject(c, "whitelist")
+	s.createComposeProject(c, "allowlist")
 
 	s.composeUp(c)
 	defer s.composeDown(c)
 
-	cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml"))
+	cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_allowlist.toml"))
 	defer output(c)
 
 	err := cmd.Start()
@@ -413,7 +413,7 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
 	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override"))
 	c.Assert(err, checker.IsNil)
 
-	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.whitelist.docker.local"))
+	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.allowlist.docker.local"))
 	c.Assert(err, checker.IsNil)
 
 	testCases := []struct {
@@ -425,31 +425,31 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
 		{
 			desc:               "override remote addr reject",
 			xForwardedFor:      "8.8.8.8,8.8.8.8",
-			host:               "override.remoteaddr.whitelist.docker.local",
+			host:               "override.remoteaddr.allowlist.docker.local",
 			expectedStatusCode: 403,
 		},
 		{
 			desc:               "override depth accept",
 			xForwardedFor:      "8.8.8.8,10.0.0.1,127.0.0.1",
-			host:               "override.depth.whitelist.docker.local",
+			host:               "override.depth.allowlist.docker.local",
 			expectedStatusCode: 200,
 		},
 		{
 			desc:               "override depth reject",
 			xForwardedFor:      "10.0.0.1,8.8.8.8,127.0.0.1",
-			host:               "override.depth.whitelist.docker.local",
+			host:               "override.depth.allowlist.docker.local",
 			expectedStatusCode: 403,
 		},
 		{
 			desc:               "override excludedIPs reject",
 			xForwardedFor:      "10.0.0.3,10.0.0.1,10.0.0.2",
-			host:               "override.excludedips.whitelist.docker.local",
+			host:               "override.excludedips.allowlist.docker.local",
 			expectedStatusCode: 403,
 		},
 		{
 			desc:               "override excludedIPs accept",
 			xForwardedFor:      "8.8.8.8,10.0.0.1,10.0.0.2",
-			host:               "override.excludedips.whitelist.docker.local",
+			host:               "override.excludedips.allowlist.docker.local",
 			expectedStatusCode: 200,
 		},
 	}
@@ -468,12 +468,12 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
 }
 
 func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) {
-	s.createComposeProject(c, "whitelist")
+	s.createComposeProject(c, "allowlist")
 
 	s.composeUp(c)
 	defer s.composeDown(c)
 
-	cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml"))
+	cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_allowlist.toml"))
 	defer output(c)
 
 	err := cmd.Start()
@@ -481,13 +481,13 @@ func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) {
 	defer s.killCmd(cmd)
 
 	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second,
-		try.BodyContains("override.remoteaddr.whitelist.docker.local"))
+		try.BodyContains("override.remoteaddr.allowlist.docker.local"))
 	c.Assert(err, checker.IsNil)
 
 	req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil)
 	c.Assert(err, checker.IsNil)
 
-	req.Host = "override.depth.whitelist.docker.local"
+	req.Host = "override.depth.allowlist.docker.local"
 	req.Header.Set("X-Forwarded-For", "8.8.8.8,10.0.0.1,127.0.0.1")
 
 	err = try.Request(req, 1*time.Second,

integration/tcp_test.go

@@ -241,8 +241,8 @@ func (s *TCPSuite) TestCatchAllNoTLSWithHTTPS(c *check.C) {
 	c.Assert(err, checker.IsNil)
 }
 
-func (s *TCPSuite) TestMiddlewareWhiteList(c *check.C) {
+func (s *TCPSuite) TestMiddlewareAllowList(c *check.C) {
-	file := s.adaptFile(c, "fixtures/tcp/ip-whitelist.toml", struct {
+	file := s.adaptFile(c, "fixtures/tcp/ipallowlist.toml", struct {
 		WhoamiA string
 		WhoamiB string
 	}{
@@ -261,7 +261,7 @@ func (s *TCPSuite) TestMiddlewareWhiteList(c *check.C) {
 	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 5*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains("HostSNI(`whoami-a.test`)"))
 	c.Assert(err, checker.IsNil)
 
-	// Traefik not passes through, ipWhitelist closes connection
+	// Traefik not passes through, ipAllowList closes connection
 	_, err = guessWhoTLSPassthrough("127.0.0.1:8093", "whoami-a.test")
 	c.Assert(err, checker.ErrorMatches, "EOF")
 

pkg/api/handler_overview_test.go

@@ -173,24 +173,24 @@ func TestHandler_Overview(t *testing.T) {
 					},
 				},
 				TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
-					"ipwhitelist1@myprovider": {
+					"ipallowlist1@myprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
 						Status: runtime.StatusEnabled,
 					},
-					"ipwhitelist2@myprovider": {
+					"ipallowlist2@myprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
 					},
-					"ipwhitelist3@myprovider": {
+					"ipallowlist3@myprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},

pkg/api/handler_tcp_test.go

@@ -512,25 +512,25 @@ func TestHandler_TCP(t *testing.T) {
 			path: "/api/tcp/middlewares",
 			conf: runtime.Configuration{
 				TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
-					"ipwhitelist1@myprovider": {
+					"ipallowlist1@myprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
 						UsedBy: []string{"bar@myprovider", "test@myprovider"},
 					},
-					"ipwhitelist2@myprovider": {
+					"ipallowlist2@myprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.2/32"},
 							},
 						},
 						UsedBy: []string{"test@myprovider"},
 					},
-					"ipwhitelist1@anotherprovider": {
+					"ipallowlist1@anotherprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
@@ -549,27 +549,27 @@ func TestHandler_TCP(t *testing.T) {
 			path: "/api/tcp/middlewares?status=enabled",
 			conf: runtime.Configuration{
 				TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
-					"ipwhitelist@myprovider": {
+					"ipallowlist@myprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
 						UsedBy: []string{"bar@myprovider", "test@myprovider"},
 						Status: runtime.StatusEnabled,
 					},
-					"ipwhitelist2@myprovider": {
+					"ipallowlist2@myprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.2/32"},
 							},
 						},
 						UsedBy: []string{"test@myprovider"},
 						Status: runtime.StatusDisabled,
 					},
-					"ipwhitelist@anotherprovider": {
+					"ipallowlist@anotherprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
@@ -586,30 +586,30 @@ func TestHandler_TCP(t *testing.T) {
 		},
 		{
 			desc: "middlewares filtered by search",
-			path: "/api/tcp/middlewares?search=ipwhitelist",
+			path: "/api/tcp/middlewares?search=ipallowlist",
 			conf: runtime.Configuration{
 				TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
 					"bad@myprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
 						UsedBy: []string{"bar@myprovider", "test@myprovider"},
 						Status: runtime.StatusEnabled,
 					},
-					"ipwhitelist@myprovider": {
+					"ipallowlist@myprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
 						UsedBy: []string{"test@myprovider"},
 						Status: runtime.StatusDisabled,
 					},
-					"ipwhitelist@anotherprovider": {
+					"ipallowlist@anotherprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
@@ -629,25 +629,25 @@ func TestHandler_TCP(t *testing.T) {
 			path: "/api/tcp/middlewares?page=2&per_page=1",
 			conf: runtime.Configuration{
 				TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
-					"ipwhitelist@myprovider": {
+					"ipallowlist@myprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
 						UsedBy: []string{"bar@myprovider", "test@myprovider"},
 					},
-					"ipwhitelist2@myprovider": {
+					"ipallowlist2@myprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.2/32"},
 							},
 						},
 						UsedBy: []string{"test@myprovider"},
 					},
-					"ipwhitelist@anotherprovider": {
+					"ipallowlist@anotherprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
@@ -663,28 +663,28 @@ func TestHandler_TCP(t *testing.T) {
 		},
 		{
 			desc: "one middleware by id",
-			path: "/api/tcp/middlewares/ipwhitelist@myprovider",
+			path: "/api/tcp/middlewares/ipallowlist@myprovider",
 			conf: runtime.Configuration{
 				TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
-					"ipwhitelist@myprovider": {
+					"ipallowlist@myprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
 						UsedBy: []string{"bar@myprovider", "test@myprovider"},
 					},
-					"ipwhitelist2@myprovider": {
+					"ipallowlist2@myprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.2/32"},
 							},
 						},
 						UsedBy: []string{"test@myprovider"},
 					},
-					"ipwhitelist@anotherprovider": {
+					"ipallowlist@anotherprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
@@ -694,7 +694,7 @@ func TestHandler_TCP(t *testing.T) {
 			},
 			expected: expected{
 				statusCode: http.StatusOK,
-				jsonFile:   "testdata/tcpmiddleware-ipwhitelist.json",
+				jsonFile:   "testdata/tcpmiddleware-ipallowlist.json",
 			},
 		},
 		{
@@ -702,9 +702,9 @@ func TestHandler_TCP(t *testing.T) {
 			path: "/api/tcp/middlewares/foo@myprovider",
 			conf: runtime.Configuration{
 				TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
-					"ipwhitelist@myprovider": {
+					"ipallowlist@myprovider": {
 						TCPMiddleware: &dynamic.TCPMiddleware{
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},

pkg/api/testdata/tcpmiddleware-ipallowlist.json

@@ -1,13 +1,13 @@
 {
-	"ipWhiteList": {
+	"ipAllowList": {
 		"sourceRange": ["127.0.0.1/32"]
 	},
-	"name": "ipwhitelist@myprovider",
+	"name": "ipallowlist@myprovider",
 	"provider": "myprovider",
 	"status": "enabled",
-	"type": "ipwhitelist",
+	"type": "ipallowlist",
 	"usedBy": [
 		"bar@myprovider",
 		"test@myprovider"
 	]
-}
+}

pkg/api/testdata/tcpmiddlewares-filtered-search.json

@@ -1,26 +1,26 @@
 [
 	{
-		"ipWhiteList": {
+		"ipAllowList": {
 			"sourceRange": ["127.0.0.1/32"]
 		},
-		"name": "ipwhitelist@anotherprovider",
+		"name": "ipallowlist@anotherprovider",
 		"provider": "anotherprovider",
 		"status": "enabled",
-		"type": "ipwhitelist",
+		"type": "ipallowlist",
 		"usedBy": [
 			"bar@myprovider"
 		]
 	},
 	{
-		"ipWhiteList": {
+		"ipAllowList": {
 			"sourceRange": ["127.0.0.1/32"]
 		},
-		"name": "ipwhitelist@myprovider",
+		"name": "ipallowlist@myprovider",
 		"provider": "myprovider",
 		"status": "disabled",
-		"type": "ipwhitelist",
+		"type": "ipallowlist",
 		"usedBy": [
 			"test@myprovider"
 		]
 	}
-]
+]

pkg/api/testdata/tcpmiddlewares-filtered-status.json

@@ -1,27 +1,27 @@
 [
 	{
-		"ipWhiteList": {
+		"ipAllowList": {
 			"sourceRange": ["127.0.0.1/32"]
 		},
-		"name": "ipwhitelist@anotherprovider",
+		"name": "ipallowlist@anotherprovider",
 		"provider": "anotherprovider",
 		"status": "enabled",
-		"type": "ipwhitelist",
+		"type": "ipallowlist",
 		"usedBy": [
 			"bar@myprovider"
 		]
 	},
 	{
-		"ipWhiteList": {
+		"ipAllowList": {
 			"sourceRange": ["127.0.0.1/32"]
 		},
-		"name": "ipwhitelist@myprovider",
+		"name": "ipallowlist@myprovider",
 		"provider": "myprovider",
 		"status": "enabled",
-		"type": "ipwhitelist",
+		"type": "ipallowlist",
 		"usedBy": [
 			"bar@myprovider",
 			"test@myprovider"
 		]
 	}
-]
+]

pkg/api/testdata/tcpmiddlewares-page2.json

@@ -1,14 +1,14 @@
 [
 	{
-		"ipWhiteList": {
+		"ipAllowList": {
 			"sourceRange": ["127.0.0.1/32"]
 		},
-		"name": "ipwhitelist@anotherprovider",
+		"name": "ipallowlist@anotherprovider",
 		"provider": "anotherprovider",
 		"status": "enabled",
-		"type": "ipwhitelist",
+		"type": "ipallowlist",
 		"usedBy": [
 			"bar@myprovider"
 		]
 	}
-]
+]

pkg/api/testdata/tcpmiddlewares.json

@@ -1,39 +1,39 @@
 [
 	{
-		"ipWhiteList": {
+		"ipAllowList": {
 			"sourceRange": ["127.0.0.1/32"]
 		},
-		"name": "ipwhitelist1@anotherprovider",
+		"name": "ipallowlist1@anotherprovider",
 		"provider": "anotherprovider",
 		"status": "enabled",
-		"type": "ipwhitelist",
+		"type": "ipallowlist",
 		"usedBy": [
 			"bar@myprovider"
 		]
 	},
 	{
-		"ipWhiteList": {
+		"ipAllowList": {
 			"sourceRange": ["127.0.0.1/32"]
 		},
-		"name": "ipwhitelist1@myprovider",
+		"name": "ipallowlist1@myprovider",
 		"provider": "myprovider",
 		"status": "enabled",
-		"type": "ipwhitelist",
+		"type": "ipallowlist",
 		"usedBy": [
 			"bar@myprovider",
 			"test@myprovider"
 		]
 	},
 	{
-		"ipWhiteList": {
+		"ipAllowList": {
 			"sourceRange": ["127.0.0.2/32"]
 		},
-		"name": "ipwhitelist2@myprovider",
+		"name": "ipallowlist2@myprovider",
 		"provider": "myprovider",
 		"status": "enabled",
-		"type": "ipwhitelist",
+		"type": "ipallowlist",
 		"usedBy": [
 			"test@myprovider"
 		]
 	}
-]
+]

pkg/config/dynamic/fixtures/sample.toml

@@ -358,11 +358,11 @@
       [http.middlewares.Middleware5.chain]
         middlewares = ["foobar", "foobar"]
     [http.middlewares.Middleware6]
-      [http.middlewares.Middleware6.ipWhiteList]
+      [http.middlewares.Middleware6.ipAllowList]
         sourceRange = ["foobar", "foobar"]
     [http.middlewares.Middleware7]
-      [http.middlewares.Middleware7.ipWhiteList]
+      [http.middlewares.Middleware7.ipAllowList]
-        [http.middlewares.Middleware7.ipWhiteList.ipStrategy]
+        [http.middlewares.Middleware7.ipAllowList.ipStrategy]
           depth = 42
           excludedIPs = ["foobar", "foobar"]
     [http.middlewares.Middleware8]

pkg/config/dynamic/middlewares.go

@@ -18,7 +18,7 @@ type Middleware struct {
 	ReplacePath       *ReplacePath       `json:"replacePath,omitempty" toml:"replacePath,omitempty" yaml:"replacePath,omitempty" export:"true"`
 	ReplacePathRegex  *ReplacePathRegex  `json:"replacePathRegex,omitempty" toml:"replacePathRegex,omitempty" yaml:"replacePathRegex,omitempty" export:"true"`
 	Chain             *Chain             `json:"chain,omitempty" toml:"chain,omitempty" yaml:"chain,omitempty" export:"true"`
-	IPWhiteList       *IPWhiteList       `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"`
+	IPAllowList       *IPAllowList       `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"`
 	Headers           *Headers           `json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"`
 	Errors            *ErrorPage         `json:"errors,omitempty" toml:"errors,omitempty" yaml:"errors,omitempty" export:"true"`
 	RateLimit         *RateLimit         `json:"rateLimit,omitempty" toml:"rateLimit,omitempty" yaml:"rateLimit,omitempty" export:"true"`
@@ -346,7 +346,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
 // +k8s:deepcopy-gen=true
 
 // IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
-// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy
+// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy
 type IPStrategy struct {
 	// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
 	Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
@@ -385,10 +385,10 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
 
 // +k8s:deepcopy-gen=true
 
-// IPWhiteList holds the IP whitelist middleware configuration.
+// IPAllowList holds the IP allowlist middleware configuration.
 // This middleware accepts / refuses requests based on the client IP.
-// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/
+// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/
-type IPWhiteList struct {
+type IPAllowList struct {
 	// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
 	SourceRange []string    `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
 	IPStrategy  *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty"  label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`

pkg/config/dynamic/tcp_middlewares.go

@@ -5,7 +5,7 @@ package dynamic
 // TCPMiddleware holds the TCPMiddleware configuration.
 type TCPMiddleware struct {
 	InFlightConn *TCPInFlightConn `json:"inFlightConn,omitempty" toml:"inFlightConn,omitempty" yaml:"inFlightConn,omitempty" export:"true"`
-	IPWhiteList  *TCPIPWhiteList  `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"`
+	IPAllowList  *TCPIPAllowList  `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"`
 }
 
 // +k8s:deepcopy-gen=true
@@ -22,9 +22,9 @@ type TCPInFlightConn struct {
 
 // +k8s:deepcopy-gen=true
 
-// TCPIPWhiteList holds the TCP IPWhiteList middleware configuration.
+// TCPIPAllowList holds the TCP IPAllowList middleware configuration.
 // This middleware accepts/refuses connections based on the client IP.
-type TCPIPWhiteList struct {
+type TCPIPAllowList struct {
 	// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
 	SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
 }

pkg/config/dynamic/zz_generated.deepcopy.go

@@ -532,6 +532,32 @@ func (in *HealthCheck) DeepCopy() *HealthCheck {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *IPAllowList) DeepCopyInto(out *IPAllowList) {
+	*out = *in
+	if in.SourceRange != nil {
+		in, out := &in.SourceRange, &out.SourceRange
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.IPStrategy != nil {
+		in, out := &in.IPStrategy, &out.IPStrategy
+		*out = new(IPStrategy)
+		(*in).DeepCopyInto(*out)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAllowList.
+func (in *IPAllowList) DeepCopy() *IPAllowList {
+	if in == nil {
+		return nil
+	}
+	out := new(IPAllowList)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *IPStrategy) DeepCopyInto(out *IPStrategy) {
 	*out = *in
@@ -553,32 +579,6 @@ func (in *IPStrategy) DeepCopy() *IPStrategy {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *IPWhiteList) DeepCopyInto(out *IPWhiteList) {
-	*out = *in
-	if in.SourceRange != nil {
-		in, out := &in.SourceRange, &out.SourceRange
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.IPStrategy != nil {
-		in, out := &in.IPStrategy, &out.IPStrategy
-		*out = new(IPStrategy)
-		(*in).DeepCopyInto(*out)
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPWhiteList.
-func (in *IPWhiteList) DeepCopy() *IPWhiteList {
-	if in == nil {
-		return nil
-	}
-	out := new(IPWhiteList)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *InFlightReq) DeepCopyInto(out *InFlightReq) {
 	*out = *in
@@ -654,9 +654,9 @@ func (in *Middleware) DeepCopyInto(out *Middleware) {
 		*out = new(Chain)
 		(*in).DeepCopyInto(*out)
 	}
-	if in.IPWhiteList != nil {
+	if in.IPAllowList != nil {
-		in, out := &in.IPWhiteList, &out.IPWhiteList
+		in, out := &in.IPAllowList, &out.IPAllowList
-		*out = new(IPWhiteList)
+		*out = new(IPAllowList)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.Headers != nil {
@@ -1382,7 +1382,7 @@ func (in *TCPConfiguration) DeepCopy() *TCPConfiguration {
 }
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) {
+func (in *TCPIPAllowList) DeepCopyInto(out *TCPIPAllowList) {
 	*out = *in
 	if in.SourceRange != nil {
 		in, out := &in.SourceRange, &out.SourceRange
@@ -1392,12 +1392,12 @@ func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) {
 	return
 }
 
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPWhiteList.
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPAllowList.
-func (in *TCPIPWhiteList) DeepCopy() *TCPIPWhiteList {
+func (in *TCPIPAllowList) DeepCopy() *TCPIPAllowList {
 	if in == nil {
 		return nil
 	}
-	out := new(TCPIPWhiteList)
+	out := new(TCPIPAllowList)
 	in.DeepCopyInto(out)
 	return out
 }
@@ -1426,9 +1426,9 @@ func (in *TCPMiddleware) DeepCopyInto(out *TCPMiddleware) {
 		*out = new(TCPInFlightConn)
 		**out = **in
 	}
-	if in.IPWhiteList != nil {
+	if in.IPAllowList != nil {
-		in, out := &in.IPWhiteList, &out.IPWhiteList
+		in, out := &in.IPAllowList, &out.IPAllowList
-		*out = new(TCPIPWhiteList)
+		*out = new(TCPIPAllowList)
 		(*in).DeepCopyInto(*out)
 	}
 	return

pkg/config/label/label_test.go

@@ -82,9 +82,9 @@ func TestDecodeConfiguration(t *testing.T) {
 		"traefik.http.middlewares.Middleware8.headers.stsincludesubdomains":                        "true",
 		"traefik.http.middlewares.Middleware8.headers.stspreload":                                  "true",
 		"traefik.http.middlewares.Middleware8.headers.stsseconds":                                  "42",
-		"traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.depth":                        "42",
+		"traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.depth":                        "42",
-		"traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.excludedips":                  "foobar, fiibar",
+		"traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.excludedips":                  "foobar, fiibar",
-		"traefik.http.middlewares.Middleware9.ipwhitelist.sourcerange":                             "foobar, fiibar",
+		"traefik.http.middlewares.Middleware9.ipallowlist.sourcerange":                             "foobar, fiibar",
 		"traefik.http.middlewares.Middleware10.inflightreq.amount":                                 "42",
 		"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.depth":       "42",
 		"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, fiibar",
@@ -180,7 +180,7 @@ func TestDecodeConfiguration(t *testing.T) {
 		"traefik.http.services.Service1.loadbalancer.sticky":                           "false",
 		"traefik.http.services.Service1.loadbalancer.sticky.cookie.name":               "fui",
 
-		"traefik.tcp.middlewares.Middleware0.ipwhitelist.sourcerange":      "foobar, fiibar",
+		"traefik.tcp.middlewares.Middleware0.ipallowlist.sourcerange":      "foobar, fiibar",
 		"traefik.tcp.middlewares.Middleware2.inflightconn.amount":          "42",
 		"traefik.tcp.routers.Router0.rule":                                 "foobar",
 		"traefik.tcp.routers.Router0.priority":                             "42",
@@ -244,7 +244,7 @@ func TestDecodeConfiguration(t *testing.T) {
 			},
 			Middlewares: map[string]*dynamic.TCPMiddleware{
 				"Middleware0": {
-					IPWhiteList: &dynamic.TCPIPWhiteList{
+					IPAllowList: &dynamic.TCPIPAllowList{
 						SourceRange: []string{"foobar", "fiibar"},
 					},
 				},
@@ -611,7 +611,7 @@ func TestDecodeConfiguration(t *testing.T) {
 					},
 				},
 				"Middleware9": {
-					IPWhiteList: &dynamic.IPWhiteList{
+					IPAllowList: &dynamic.IPAllowList{
 						SourceRange: []string{
 							"foobar",
 							"fiibar",
@@ -741,7 +741,7 @@ func TestEncodeConfiguration(t *testing.T) {
 			},
 			Middlewares: map[string]*dynamic.TCPMiddleware{
 				"Middleware0": {
-					IPWhiteList: &dynamic.TCPIPWhiteList{
+					IPAllowList: &dynamic.TCPIPAllowList{
 						SourceRange: []string{"foobar", "fiibar"},
 					},
 				},
@@ -1113,7 +1113,7 @@ func TestEncodeConfiguration(t *testing.T) {
 					},
 				},
 				"Middleware9": {
-					IPWhiteList: &dynamic.IPWhiteList{
+					IPAllowList: &dynamic.IPAllowList{
 						SourceRange: []string{
 							"foobar",
 							"fiibar",
@@ -1265,9 +1265,9 @@ func TestEncodeConfiguration(t *testing.T) {
 		"traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains":                        "true",
 		"traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload":                                  "true",
 		"traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds":                                  "42",
-		"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.Depth":                        "42",
+		"traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.Depth":                        "42",
-		"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.ExcludedIPs":                  "foobar, fiibar",
+		"traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.ExcludedIPs":                  "foobar, fiibar",
-		"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.SourceRange":                             "foobar, fiibar",
+		"traefik.HTTP.Middlewares.Middleware9.IPAllowList.SourceRange":                             "foobar, fiibar",
 		"traefik.HTTP.Middlewares.Middleware10.InFlightReq.Amount":                                 "42",
 		"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.Depth":       "42",
 		"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.ExcludedIPs": "foobar, fiibar",
@@ -1360,7 +1360,7 @@ func TestEncodeConfiguration(t *testing.T) {
 		"traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme":                    "foobar",
 		"traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0":        "foobar",
 
-		"traefik.TCP.Middlewares.Middleware0.IPWhiteList.SourceRange": "foobar, fiibar",
+		"traefik.TCP.Middlewares.Middleware0.IPAllowList.SourceRange": "foobar, fiibar",
 		"traefik.TCP.Middlewares.Middleware2.InFlightConn.Amount":     "42",
 		"traefik.TCP.Routers.Router0.Rule":                            "foobar",
 		"traefik.TCP.Routers.Router0.Priority":                        "42",

pkg/ip/checker_test.go

@@ -11,25 +11,25 @@ import (
 func TestIsAuthorized(t *testing.T) {
 	testCases := []struct {
 		desc       string
-		whiteList  []string
+		allowList  []string
 		remoteAddr string
 		authorized bool
 	}{
 		{
 			desc:       "remoteAddr not in range",
-			whiteList:  []string{"1.2.3.4/24"},
+			allowList:  []string{"1.2.3.4/24"},
 			remoteAddr: "10.2.3.1:123",
 			authorized: false,
 		},
 		{
 			desc:       "remoteAddr in range",
-			whiteList:  []string{"1.2.3.4/24"},
+			allowList:  []string{"1.2.3.4/24"},
 			remoteAddr: "1.2.3.1:123",
 			authorized: true,
 		},
 		{
 			desc:       "octal ip in remoteAddr",
-			whiteList:  []string{"127.2.3.4/24"},
+			allowList:  []string{"127.2.3.4/24"},
 			remoteAddr: "0127.2.3.1:123",
 			authorized: false,
 		},
@@ -40,7 +40,7 @@ func TestIsAuthorized(t *testing.T) {
 		t.Run(test.desc, func(t *testing.T) {
 			t.Parallel()
 
-			ipChecker, err := NewChecker(test.whiteList)
+			ipChecker, err := NewChecker(test.allowList)
 			require.NoError(t, err)
 
 			err = ipChecker.IsAuthorized(test.remoteAddr)

pkg/middlewares/ipallowlist/ip_allowlist.go

@@ -1,4 +1,4 @@
-package ipwhitelist
+package ipallowlist
 
 import (
 	"context"
@@ -15,29 +15,29 @@ import (
 )
 
 const (
-	typeName = "IPWhiteLister"
+	typeName = "IPAllowLister"
 )
 
-// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists.
+// ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists.
-type ipWhiteLister struct {
+type ipAllowLister struct {
 	next        http.Handler
-	whiteLister *ip.Checker
+	allowLister *ip.Checker
 	strategy    ip.Strategy
 	name        string
 }
 
-// New builds a new IPWhiteLister given a list of CIDR-Strings to whitelist.
+// New builds a new IPAllowLister given a list of CIDR-Strings to allow.
-func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, name string) (http.Handler, error) {
+func New(ctx context.Context, next http.Handler, config dynamic.IPAllowList, name string) (http.Handler, error) {
 	logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName))
 	logger.Debug("Creating middleware")
 
 	if len(config.SourceRange) == 0 {
-		return nil, errors.New("sourceRange is empty, IPWhiteLister not created")
+		return nil, errors.New("sourceRange is empty, IPAllowLister not created")
 	}
 
 	checker, err := ip.NewChecker(config.SourceRange)
 	if err != nil {
-		return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err)
+		return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err)
 	}
 
 	strategy, err := config.IPStrategy.Get()
@@ -45,26 +45,26 @@ func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, nam
 		return nil, err
 	}
 
-	logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange)
+	logger.Debugf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange)
 
-	return &ipWhiteLister{
+	return &ipAllowLister{
 		strategy:    strategy,
-		whiteLister: checker,
+		allowLister: checker,
 		next:        next,
 		name:        name,
 	}, nil
 }
 
-func (wl *ipWhiteLister) GetTracingInformation() (string, ext.SpanKindEnum) {
+func (al *ipAllowLister) GetTracingInformation() (string, ext.SpanKindEnum) {
-	return wl.name, tracing.SpanKindNoneEnum
+	return al.name, tracing.SpanKindNoneEnum
 }
 
-func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
+func (al *ipAllowLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
-	ctx := middlewares.GetLoggerCtx(req.Context(), wl.name, typeName)
+	ctx := middlewares.GetLoggerCtx(req.Context(), al.name, typeName)
 	logger := log.FromContext(ctx)
 
-	clientIP := wl.strategy.GetIP(req)
+	clientIP := al.strategy.GetIP(req)
-	err := wl.whiteLister.IsAuthorized(clientIP)
+	err := al.allowLister.IsAuthorized(clientIP)
 	if err != nil {
 		msg := fmt.Sprintf("Rejecting IP %s: %v", clientIP, err)
 		logger.Debug(msg)
@@ -74,7 +74,7 @@ func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	}
 	logger.Debugf("Accepting IP %s", clientIP)
 
-	wl.next.ServeHTTP(rw, req)
+	al.next.ServeHTTP(rw, req)
 }
 
 func reject(ctx context.Context, rw http.ResponseWriter) {

pkg/middlewares/ipallowlist/ip_allowlist_test.go

@@ -1,4 +1,4 @@
-package ipwhitelist
+package ipallowlist
 
 import (
 	"context"
@@ -11,22 +11,22 @@ import (
 	"github.com/traefik/traefik/v2/pkg/config/dynamic"
 )
 
-func TestNewIPWhiteLister(t *testing.T) {
+func TestNewIPAllowLister(t *testing.T) {
 	testCases := []struct {
 		desc          string
-		whiteList     dynamic.IPWhiteList
+		allowList     dynamic.IPAllowList
 		expectedError bool
 	}{
 		{
 			desc: "invalid IP",
-			whiteList: dynamic.IPWhiteList{
+			allowList: dynamic.IPAllowList{
 				SourceRange: []string{"foo"},
 			},
 			expectedError: true,
 		},
 		{
 			desc: "valid IP",
-			whiteList: dynamic.IPWhiteList{
+			allowList: dynamic.IPAllowList{
 				SourceRange: []string{"10.10.10.10"},
 			},
 		},
@@ -38,28 +38,28 @@ func TestNewIPWhiteLister(t *testing.T) {
 			t.Parallel()
 
 			next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-			whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest")
+			allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
 
 			if test.expectedError {
 				assert.Error(t, err)
 			} else {
 				require.NoError(t, err)
-				assert.NotNil(t, whiteLister)
+				assert.NotNil(t, allowLister)
 			}
 		})
 	}
 }
 
-func TestIPWhiteLister_ServeHTTP(t *testing.T) {
+func TestIPAllowLister_ServeHTTP(t *testing.T) {
 	testCases := []struct {
 		desc       string
-		whiteList  dynamic.IPWhiteList
+		allowList  dynamic.IPAllowList
 		remoteAddr string
 		expected   int
 	}{
 		{
 			desc: "authorized with remote address",
-			whiteList: dynamic.IPWhiteList{
+			allowList: dynamic.IPAllowList{
 				SourceRange: []string{"20.20.20.20"},
 			},
 			remoteAddr: "20.20.20.20:1234",
@@ -67,7 +67,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
 		},
 		{
 			desc: "non authorized with remote address",
-			whiteList: dynamic.IPWhiteList{
+			allowList: dynamic.IPAllowList{
 				SourceRange: []string{"20.20.20.20"},
 			},
 			remoteAddr: "20.20.20.21:1234",
@@ -81,7 +81,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
 			t.Parallel()
 
 			next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-			whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest")
+			allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
 			require.NoError(t, err)
 
 			recorder := httptest.NewRecorder()
@@ -92,7 +92,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
 				req.RemoteAddr = test.remoteAddr
 			}
 
-			whiteLister.ServeHTTP(recorder, req)
+			allowLister.ServeHTTP(recorder, req)
 
 			assert.Equal(t, test.expected, recorder.Code)
 		})

pkg/middlewares/tcp/ipallowlist/ip_allowlist.go

@@ -1,4 +1,4 @@
-package tcpipwhitelist
+package tcpipallowlist
 
 import (
 	"context"
@@ -13,46 +13,46 @@ import (
 )
 
 const (
-	typeName = "IPWhiteListerTCP"
+	typeName = "IPAllowListerTCP"
 )
 
-// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists.
+// ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists.
-type ipWhiteLister struct {
+type ipAllowLister struct {
 	next        tcp.Handler
-	whiteLister *ip.Checker
+	allowLister *ip.Checker
 	name        string
 }
 
-// New builds a new TCP IPWhiteLister given a list of CIDR-Strings to whitelist.
+// New builds a new TCP IPAllowLister given a list of CIDR-Strings to allow.
-func New(ctx context.Context, next tcp.Handler, config dynamic.TCPIPWhiteList, name string) (tcp.Handler, error) {
+func New(ctx context.Context, next tcp.Handler, config dynamic.TCPIPAllowList, name string) (tcp.Handler, error) {
 	logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName))
 	logger.Debug("Creating middleware")
 
 	if len(config.SourceRange) == 0 {
-		return nil, errors.New("sourceRange is empty, IPWhiteLister not created")
+		return nil, errors.New("sourceRange is empty, IPAllowLister not created")
 	}
 
 	checker, err := ip.NewChecker(config.SourceRange)
 	if err != nil {
-		return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err)
+		return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err)
 	}
 
-	logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange)
+	logger.Debugf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange)
 
-	return &ipWhiteLister{
+	return &ipAllowLister{
-		whiteLister: checker,
+		allowLister: checker,
 		next:        next,
 		name:        name,
 	}, nil
 }
 
-func (wl *ipWhiteLister) ServeTCP(conn tcp.WriteCloser) {
+func (al *ipAllowLister) ServeTCP(conn tcp.WriteCloser) {
-	ctx := middlewares.GetLoggerCtx(context.Background(), wl.name, typeName)
+	ctx := middlewares.GetLoggerCtx(context.Background(), al.name, typeName)
 	logger := log.FromContext(ctx)
 
 	addr := conn.RemoteAddr().String()
 
-	err := wl.whiteLister.IsAuthorized(addr)
+	err := al.allowLister.IsAuthorized(addr)
 	if err != nil {
 		logger.Errorf("Connection from %s rejected: %v", addr, err)
 		conn.Close()
@@ -61,5 +61,5 @@ func (wl *ipWhiteLister) ServeTCP(conn tcp.WriteCloser) {
 
 	logger.Debugf("Connection from %s accepted", addr)
 
-	wl.next.ServeTCP(conn)
+	al.next.ServeTCP(conn)
 }

pkg/middlewares/tcp/ipallowlist/ip_allowlist_test.go

@@ -1,4 +1,4 @@
-package tcpipwhitelist
+package tcpipallowlist
 
 import (
 	"context"
@@ -12,27 +12,27 @@ import (
 	"github.com/traefik/traefik/v2/pkg/tcp"
 )
 
-func TestNewIPWhiteLister(t *testing.T) {
+func TestNewIPAllowLister(t *testing.T) {
 	testCases := []struct {
 		desc          string
-		whiteList     dynamic.TCPIPWhiteList
+		allowList     dynamic.TCPIPAllowList
 		expectedError bool
 	}{
 		{
 			desc:          "Empty config",
-			whiteList:     dynamic.TCPIPWhiteList{},
+			allowList:     dynamic.TCPIPAllowList{},
 			expectedError: true,
 		},
 		{
 			desc: "invalid IP",
-			whiteList: dynamic.TCPIPWhiteList{
+			allowList: dynamic.TCPIPAllowList{
 				SourceRange: []string{"foo"},
 			},
 			expectedError: true,
 		},
 		{
 			desc: "valid IP",
-			whiteList: dynamic.TCPIPWhiteList{
+			allowList: dynamic.TCPIPAllowList{
 				SourceRange: []string{"10.10.10.10"},
 			},
 		},
@@ -44,28 +44,28 @@ func TestNewIPWhiteLister(t *testing.T) {
 			t.Parallel()
 
 			next := tcp.HandlerFunc(func(conn tcp.WriteCloser) {})
-			whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest")
+			allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
 
 			if test.expectedError {
 				assert.Error(t, err)
 			} else {
 				require.NoError(t, err)
-				assert.NotNil(t, whiteLister)
+				assert.NotNil(t, allowLister)
 			}
 		})
 	}
 }
 
-func TestIPWhiteLister_ServeHTTP(t *testing.T) {
+func TestIPAllowLister_ServeHTTP(t *testing.T) {
 	testCases := []struct {
 		desc       string
-		whiteList  dynamic.TCPIPWhiteList
+		allowList  dynamic.TCPIPAllowList
 		remoteAddr string
 		expected   string
 	}{
 		{
 			desc: "authorized with remote address",
-			whiteList: dynamic.TCPIPWhiteList{
+			allowList: dynamic.TCPIPAllowList{
 				SourceRange: []string{"20.20.20.20"},
 			},
 			remoteAddr: "20.20.20.20:1234",
@@ -73,7 +73,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
 		},
 		{
 			desc: "non authorized with remote address",
-			whiteList: dynamic.TCPIPWhiteList{
+			allowList: dynamic.TCPIPAllowList{
 				SourceRange: []string{"20.20.20.20"},
 			},
 			remoteAddr: "20.20.20.21:1234",
@@ -94,13 +94,13 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
 				require.NoError(t, err)
 			})
 
-			whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest")
+			allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
 			require.NoError(t, err)
 
 			server, client := net.Pipe()
 
 			go func() {
-				whiteLister.ServeTCP(&contextWriteCloser{client, addr{test.remoteAddr}})
+				allowLister.ServeTCP(&contextWriteCloser{client, addr{test.remoteAddr}})
 			}()
 
 			read, err := io.ReadAll(server)

pkg/provider/consulcatalog/config_test.go

@@ -2022,7 +2022,7 @@ func Test_buildConfiguration(t *testing.T) {
 					Name: "Test",
 					Labels: map[string]string{
 						"traefik.tcp.routers.Test.rule":                               "HostSNI(`foo.bar`)",
-						"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar",
+						"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
 						"traefik.tcp.routers.Test.middlewares":                        "Middleware1",
 					},
 					Address: "127.0.0.1",
@@ -2041,7 +2041,7 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					Middlewares: map[string]*dynamic.TCPMiddleware{
 						"Middleware1": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"foobar", "fiibar"},
 							},
 						},

pkg/provider/docker/config_test.go

@@ -2611,7 +2611,7 @@ func Test_buildConfiguration(t *testing.T) {
 					Name:        "Test",
 					Labels: map[string]string{
 						"traefik.tcp.routers.Test.rule":                               "HostSNI(`foo.bar`)",
-						"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar",
+						"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
 						"traefik.tcp.routers.Test.middlewares":                        "Middleware1",
 					},
 					NetworkSettings: networkSettings{
@@ -2638,7 +2638,7 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					Middlewares: map[string]*dynamic.TCPMiddleware{
 						"Middleware1": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"foobar", "fiibar"},
 							},
 						},

pkg/provider/ecs/config_test.go

@@ -2333,7 +2333,7 @@ func Test_buildConfiguration(t *testing.T) {
 					name("Test"),
 					labels(map[string]string{
 						"traefik.tcp.routers.Test.rule":                               "HostSNI(`foo.bar`)",
-						"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar",
+						"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
 						"traefik.tcp.routers.Test.middlewares":                        "Middleware1",
 					}),
 					iMachine(
@@ -2356,7 +2356,7 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					Middlewares: map[string]*dynamic.TCPMiddleware{
 						"Middleware1": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"foobar", "fiibar"},
 							},
 						},

pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware.yml

@@ -1,10 +1,10 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: MiddlewareTCP
 metadata:
-  name: ipwhitelist
+  name: ipallowlist
   namespace: default
 spec:
-  ipWhiteList:
+  ipAllowList:
     sourceRange:
       - 127.0.0.1/32
 
@@ -12,10 +12,10 @@ spec:
 apiVersion: traefik.containo.us/v1alpha1
 kind: MiddlewareTCP
 metadata:
-  name: ipwhitelist
+  name: ipallowlist
   namespace: foo
 spec:
-  ipWhiteList:
+  ipAllowList:
     sourceRange:
       - 127.0.0.1/32
 ---
@@ -36,6 +36,6 @@ spec:
           port: 8000
 
       middlewares:
-        - name: ipwhitelist
+        - name: ipallowlist
-        - name: ipwhitelist
+        - name: ipallowlist
           namespace: foo

pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_crossprovider.yml

@@ -1,10 +1,10 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: MiddlewareTCP
 metadata:
-  name: ipwhitelist
+  name: ipallowlist
   namespace: default
 spec:
-  ipWhiteList:
+  ipAllowList:
     sourceRange:
       - 127.0.0.1/32
 
@@ -12,10 +12,10 @@ spec:
 apiVersion: traefik.containo.us/v1alpha1
 kind: MiddlewareTCP
 metadata:
-  name: ipwhitelist
+  name: ipallowlist
   namespace: foo
 spec:
-  ipWhiteList:
+  ipAllowList:
     sourceRange:
       - 127.0.0.1/32
 ---
@@ -36,9 +36,9 @@ spec:
           port: 8000
 
       middlewares:
-        - name: ipwhitelist
+        - name: ipallowlist
-        - name: ipwhitelist
+        - name: ipallowlist
           namespace: foo
-        - name: ipwhitelist@file
+        - name: ipallowlist@file
-        - name: ipwhitelist-foo@file
+        - name: ipallowlist-foo@file
           namespace: foo

pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_multiple_hyphens.yml

@@ -4,7 +4,7 @@ metadata:
   name: multiple---hyphens
   namespace: default
 spec:
-  ipWhiteList:
+  ipAllowList:
     sourceRange:
       - 127.0.0.1/32
 

pkg/provider/kubernetes/crd/fixtures/tcp/with_middleware_with_cross_namespace.yml

@@ -1,10 +1,10 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: MiddlewareTCP
 metadata:
-  name: ipwhitelist
+  name: ipallowlist
   namespace: default
 spec:
-  ipWhiteList:
+  ipAllowList:
     sourceRange:
       - 127.0.0.1/32
 
@@ -12,10 +12,10 @@ spec:
 apiVersion: traefik.containo.us/v1alpha1
 kind: MiddlewareTCP
 metadata:
-  name: ipwhitelist
+  name: ipallowlist
   namespace: cross-ns
 spec:
-  ipWhiteList:
+  ipAllowList:
     sourceRange:
       - 127.0.0.1/32
 ---
@@ -36,7 +36,7 @@ spec:
           port: 8000
 
       middlewares:
-        - name: ipwhitelist
+        - name: ipallowlist
 
     - match: HostSNI(`bar.com`)
       services:
@@ -44,5 +44,5 @@ spec:
           port: 8000
 
       middlewares:
-        - name: ipwhitelist
+        - name: ipallowlist
           namespace: cross-ns

pkg/provider/kubernetes/crd/kubernetes.go

@@ -263,7 +263,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
 			ReplacePath:       middleware.Spec.ReplacePath,
 			ReplacePathRegex:  middleware.Spec.ReplacePathRegex,
 			Chain:             createChainMiddleware(ctxMid, middleware.Namespace, middleware.Spec.Chain),
-			IPWhiteList:       middleware.Spec.IPWhiteList,
+			IPAllowList:       middleware.Spec.IPAllowList,
 			Headers:           middleware.Spec.Headers,
 			Errors:            errorPage,
 			RateLimit:         rateLimit,
@@ -288,7 +288,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
 
 		conf.TCP.Middlewares[id] = &dynamic.TCPMiddleware{
 			InFlightConn: middlewareTCP.Spec.InFlightConn,
-			IPWhiteList:  middlewareTCP.Spec.IPWhiteList,
+			IPAllowList:  middlewareTCP.Spec.IPAllowList,
 		}
 	}
 

pkg/provider/kubernetes/crd/kubernetes_test.go

@@ -119,18 +119,18 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
 						"default-test.route-fdd3e9338e47a45efefc": {
 							EntryPoints: []string{"foo"},
 							Service:     "default-test.route-fdd3e9338e47a45efefc",
-							Middlewares: []string{"default-ipwhitelist", "foo-ipwhitelist"},
+							Middlewares: []string{"default-ipallowlist", "foo-ipallowlist"},
 							Rule:        "HostSNI(`foo.com`)",
 						},
 					},
 					Middlewares: map[string]*dynamic.TCPMiddleware{
-						"default-ipwhitelist": {
+						"default-ipallowlist": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
-						"foo-ipwhitelist": {
+						"foo-ipallowlist": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
@@ -178,7 +178,7 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
 					},
 					Middlewares: map[string]*dynamic.TCPMiddleware{
 						"default-multiple-hyphens": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
@@ -220,18 +220,18 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
 						"default-test.route-fdd3e9338e47a45efefc": {
 							EntryPoints: []string{"foo"},
 							Service:     "default-test.route-fdd3e9338e47a45efefc",
-							Middlewares: []string{"default-ipwhitelist", "foo-ipwhitelist", "ipwhitelist@file", "ipwhitelist-foo@file"},
+							Middlewares: []string{"default-ipallowlist", "foo-ipallowlist", "ipallowlist@file", "ipallowlist-foo@file"},
 							Rule:        "HostSNI(`foo.com`)",
 						},
 					},
 					Middlewares: map[string]*dynamic.TCPMiddleware{
-						"default-ipwhitelist": {
+						"default-ipallowlist": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
-						"foo-ipwhitelist": {
+						"foo-ipallowlist": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
@@ -5459,18 +5459,18 @@ func TestCrossNamespace(t *testing.T) {
 						"default-test.route-fdd3e9338e47a45efefc": {
 							EntryPoints: []string{"foo"},
 							Service:     "default-test.route-fdd3e9338e47a45efefc",
-							Middlewares: []string{"default-ipwhitelist"},
+							Middlewares: []string{"default-ipallowlist"},
 							Rule:        "HostSNI(`foo.com`)",
 						},
 					},
 					Middlewares: map[string]*dynamic.TCPMiddleware{
-						"default-ipwhitelist": {
+						"default-ipallowlist": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
-						"cross-ns-ipwhitelist": {
+						"cross-ns-ipallowlist": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
@@ -5513,24 +5513,24 @@ func TestCrossNamespace(t *testing.T) {
 						"default-test.route-fdd3e9338e47a45efefc": {
 							EntryPoints: []string{"foo"},
 							Service:     "default-test.route-fdd3e9338e47a45efefc",
-							Middlewares: []string{"default-ipwhitelist"},
+							Middlewares: []string{"default-ipallowlist"},
 							Rule:        "HostSNI(`foo.com`)",
 						},
 						"default-test.route-f44ce589164e656d231c": {
 							EntryPoints: []string{"foo"},
 							Service:     "default-test.route-f44ce589164e656d231c",
-							Middlewares: []string{"cross-ns-ipwhitelist"},
+							Middlewares: []string{"cross-ns-ipallowlist"},
 							Rule:        "HostSNI(`bar.com`)",
 						},
 					},
 					Middlewares: map[string]*dynamic.TCPMiddleware{
-						"default-ipwhitelist": {
+						"default-ipallowlist": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},
-						"cross-ns-ipwhitelist": {
+						"cross-ns-ipallowlist": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"127.0.0.1/32"},
 							},
 						},

pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go

@@ -32,7 +32,7 @@ type MiddlewareSpec struct {
 	ReplacePath       *dynamic.ReplacePath       `json:"replacePath,omitempty"`
 	ReplacePathRegex  *dynamic.ReplacePathRegex  `json:"replacePathRegex,omitempty"`
 	Chain             *Chain                     `json:"chain,omitempty"`
-	IPWhiteList       *dynamic.IPWhiteList       `json:"ipWhiteList,omitempty"`
+	IPAllowList       *dynamic.IPAllowList       `json:"ipAllowList,omitempty"`
 	Headers           *dynamic.Headers           `json:"headers,omitempty"`
 	Errors            *ErrorPage                 `json:"errors,omitempty"`
 	RateLimit         *RateLimit                 `json:"rateLimit,omitempty"`

pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go

@@ -25,8 +25,8 @@ type MiddlewareTCP struct {
 type MiddlewareTCPSpec struct {
 	// InFlightConn defines the InFlightConn middleware configuration.
 	InFlightConn *dynamic.TCPInFlightConn `json:"inFlightConn,omitempty"`
-	// IPWhiteList defines the IPWhiteList middleware configuration.
+	// IPAllowList defines the IPAllowList middleware configuration.
-	IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"`
+	IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go

@@ -689,9 +689,9 @@ func (in *MiddlewareSpec) DeepCopyInto(out *MiddlewareSpec) {
 		*out = new(Chain)
 		(*in).DeepCopyInto(*out)
 	}
-	if in.IPWhiteList != nil {
+	if in.IPAllowList != nil {
-		in, out := &in.IPWhiteList, &out.IPWhiteList
+		in, out := &in.IPAllowList, &out.IPAllowList
-		*out = new(dynamic.IPWhiteList)
+		*out = new(dynamic.IPAllowList)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.Headers != nil {
@@ -857,9 +857,9 @@ func (in *MiddlewareTCPSpec) DeepCopyInto(out *MiddlewareTCPSpec) {
 		*out = new(dynamic.TCPInFlightConn)
 		**out = **in
 	}
-	if in.IPWhiteList != nil {
+	if in.IPAllowList != nil {
-		in, out := &in.IPWhiteList, &out.IPWhiteList
+		in, out := &in.IPAllowList, &out.IPAllowList
-		*out = new(dynamic.TCPIPWhiteList)
+		*out = new(dynamic.TCPIPAllowList)
 		(*in).DeepCopyInto(*out)
 	}
 	return

pkg/provider/kv/kv_test.go

@@ -140,11 +140,11 @@ func Test_buildConfiguration(t *testing.T) {
 		"traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name0":                   "foobar",
 		"traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name1":                   "foobar",
 		"traefik/http/middlewares/Middleware09/headers/browserXssFilter":                             "true",
-		"traefik/http/middlewares/Middleware10/ipWhiteList/sourceRange/0":                            "foobar",
+		"traefik/http/middlewares/Middleware10/ipAllowList/sourceRange/0":                            "foobar",
-		"traefik/http/middlewares/Middleware10/ipWhiteList/sourceRange/1":                            "foobar",
+		"traefik/http/middlewares/Middleware10/ipAllowList/sourceRange/1":                            "foobar",
-		"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/excludedIPs/0":                 "foobar",
+		"traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/excludedIPs/0":                 "foobar",
-		"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/excludedIPs/1":                 "foobar",
+		"traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/excludedIPs/1":                 "foobar",
-		"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/depth":                         "42",
+		"traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/depth":                         "42",
 		"traefik/http/middlewares/Middleware11/inFlightReq/amount":                                   "42",
 		"traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/requestHost":              "true",
 		"traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/ipStrategy/depth":         "42",
@@ -340,7 +340,7 @@ func Test_buildConfiguration(t *testing.T) {
 			},
 			Middlewares: map[string]*dynamic.Middleware{
 				"Middleware10": {
-					IPWhiteList: &dynamic.IPWhiteList{
+					IPAllowList: &dynamic.IPAllowList{
 						SourceRange: []string{
 							"foobar",
 							"foobar",

pkg/provider/marathon/config_test.go

@@ -196,14 +196,14 @@ func TestBuildConfiguration(t *testing.T) {
 			},
 		},
 		{
-			desc: "TCP with IP whitelist",
+			desc: "TCP with IP allowlist",
 			applications: withApplications(
 				application(
 					appID("/app"),
 					appPorts(80),
 
 					withLabel("traefik.tcp.routers.Test.rule", "HostSNI(`foo.bar`)"),
-					withLabel("traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange", "foobar, fiibar"),
+					withLabel("traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange", "foobar, fiibar"),
 					withLabel("traefik.tcp.routers.Test.middlewares", "Middleware1"),
 					withTasks(localhostTask(taskPorts(80))),
 				)),
@@ -218,7 +218,7 @@ func TestBuildConfiguration(t *testing.T) {
 					},
 					Middlewares: map[string]*dynamic.TCPMiddleware{
 						"Middleware1": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"foobar", "fiibar"},
 							},
 						},

pkg/provider/nomad/config_test.go

@@ -1621,7 +1621,7 @@ func Test_buildConfig(t *testing.T) {
 					Name: "Test",
 					Tags: []string{
 						"traefik.tcp.routers.Test.rule = HostSNI(`foo.bar`)",
-						"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange = foobar, fiibar",
+						"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange = foobar, fiibar",
 						"traefik.tcp.routers.Test.middlewares = Middleware1",
 					},
 					Address:   "127.0.0.1",
@@ -1640,7 +1640,7 @@ func Test_buildConfig(t *testing.T) {
 					},
 					Middlewares: map[string]*dynamic.TCPMiddleware{
 						"Middleware1": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"foobar", "fiibar"},
 							},
 						},

pkg/provider/rancher/config_test.go

@@ -508,7 +508,7 @@ func Test_buildConfiguration(t *testing.T) {
 					Name: "Test",
 					Labels: map[string]string{
 						"traefik.tcp.routers.Test.rule":                               "HostSNI(`foo.bar`)",
-						"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar",
+						"traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
 						"traefik.tcp.routers.Test.middlewares":                        "Middleware1",
 					},
 					Port:       "80/tcp",
@@ -528,7 +528,7 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					Middlewares: map[string]*dynamic.TCPMiddleware{
 						"Middleware1": {
-							IPWhiteList: &dynamic.TCPIPWhiteList{
+							IPAllowList: &dynamic.TCPIPAllowList{
 								SourceRange: []string{"foobar", "fiibar"},
 							},
 						},

pkg/redactor/redactor_config_test.go

@@ -191,7 +191,7 @@ func init() {
 				Chain: &dynamic.Chain{
 					Middlewares: []string{"foo"},
 				},
-				IPWhiteList: &dynamic.IPWhiteList{
+				IPAllowList: &dynamic.IPAllowList{
 					SourceRange: []string{"foo"},
 					IPStrategy: &dynamic.IPStrategy{
 						Depth:       42,

pkg/redactor/testdata/anonymized-dynamic-config.json

@@ -119,7 +119,7 @@
             "foo"
           ]
         },
-        "ipWhiteList": {
+        "ipAllowList": {
           "sourceRange": [
             "xxxx"
           ],
@@ -475,4 +475,4 @@
       }
     }
   }
-}
+}

pkg/redactor/testdata/secured-dynamic-config.json

@@ -119,7 +119,7 @@
             "foo"
           ]
         },
-        "ipWhiteList": {
+        "ipAllowList": {
           "sourceRange": [
             "foo"
           ],
@@ -483,4 +483,4 @@
       }
     }
   }
-}
+}

pkg/server/middleware/middlewares.go

@@ -19,7 +19,7 @@ import (
 	"github.com/traefik/traefik/v2/pkg/middlewares/customerrors"
 	"github.com/traefik/traefik/v2/pkg/middlewares/headers"
 	"github.com/traefik/traefik/v2/pkg/middlewares/inflightreq"
-	"github.com/traefik/traefik/v2/pkg/middlewares/ipwhitelist"
+	"github.com/traefik/traefik/v2/pkg/middlewares/ipallowlist"
 	"github.com/traefik/traefik/v2/pkg/middlewares/passtlsclientcert"
 	"github.com/traefik/traefik/v2/pkg/middlewares/ratelimiter"
 	"github.com/traefik/traefik/v2/pkg/middlewares/redirect"
@@ -229,13 +229,13 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (
 		}
 	}
 
-	// IPWhiteList
+	// IPAllowList
-	if config.IPWhiteList != nil {
+	if config.IPAllowList != nil {
 		if middleware != nil {
 			return nil, badConf
 		}
 		middleware = func(next http.Handler) (http.Handler, error) {
-			return ipwhitelist.New(ctx, next, *config.IPWhiteList, middlewareName)
+			return ipallowlist.New(ctx, next, *config.IPAllowList, middlewareName)
 		}
 	}
 

pkg/server/middleware/tcp/middlewares.go

@@ -7,7 +7,7 @@ import (
 
 	"github.com/traefik/traefik/v2/pkg/config/runtime"
 	inflightconn "github.com/traefik/traefik/v2/pkg/middlewares/tcp/inflightconn"
-	ipwhitelist "github.com/traefik/traefik/v2/pkg/middlewares/tcp/ipwhitelist"
+	ipallowlist "github.com/traefik/traefik/v2/pkg/middlewares/tcp/ipallowlist"
 	"github.com/traefik/traefik/v2/pkg/server/provider"
 	"github.com/traefik/traefik/v2/pkg/tcp"
 )
@@ -94,10 +94,10 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (
 		}
 	}
 
-	// IPWhiteList
+	// IPAllowList
-	if config.IPWhiteList != nil {
+	if config.IPAllowList != nil {
 		middleware = func(next tcp.Handler) (tcp.Handler, error) {
-			return ipwhitelist.New(ctx, next, *config.IPWhiteList, middlewareName)
+			return ipallowlist.New(ctx, next, *config.IPAllowList, middlewareName)
 		}
 	}
 

webui/src/components/_commons/PanelMiddlewares.vue

@@ -675,8 +675,8 @@
             </div>
           </q-card-section>
 
-          <!-- EXTRA FIELDS FROM MIDDLEWARES - [ipWhiteList] - sourceRange -->
+          <!-- EXTRA FIELDS FROM MIDDLEWARES - [ipAllowList] - sourceRange -->
-          <q-card-section v-if="middleware.ipWhiteList">
+          <q-card-section v-if="middleware.ipAllowList">
             <div class="row items-start no-wrap">
               <div class="col">
                 <div class="text-subtitle2">Source Range</div>
@@ -689,8 +689,8 @@
               </div>
             </div>
           </q-card-section>
-          <!-- EXTRA FIELDS FROM MIDDLEWARES - [ipWhiteList] - ipStrategy -->
+          <!-- EXTRA FIELDS FROM MIDDLEWARES - [ipAllowList] - ipStrategy -->
-          <q-card-section v-if="middleware.ipWhiteList">
+          <q-card-section v-if="middleware.ipAllowList">
             <div class="row items-start">
               <div class="col-12">
                 <div class="text-subtitle2">IP Strategy</div>
@@ -1076,8 +1076,8 @@
         </q-card-section>
 
         <q-card-section v-if="protocol === 'tcp'">
-          <!-- EXTRA FIELDS FROM MIDDLEWARES - [ipWhiteList] - sourceRange -->
+          <!-- EXTRA FIELDS FROM MIDDLEWARES - [ipAllowList] - sourceRange -->
-          <q-card-section v-if="middleware.ipWhiteList">
+          <q-card-section v-if="middleware.ipAllowList">
             <div class="row items-start no-wrap">
               <div class="col">
                 <div class="text-subtitle2">Source Range</div>