Renaming IPWhiteList to IPAllowList

This commit is contained in:
Wambugu 2022-10-26 18:16:05 +03:00 committed by GitHub
parent e86f21ae7b
commit 1b9873cae9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
69 changed files with 523 additions and 506 deletions

Binary file not shown.

Before

Width:  |  Height:  |  Size: 58 KiB

View file

@ -15,7 +15,7 @@ It makes reusing the same groups easier.
## Configuration Example ## Configuration Example
Below is an example of a Chain containing `WhiteList`, `BasicAuth`, and `RedirectScheme`. Below is an example of a Chain containing `AllowList`, `BasicAuth`, and `RedirectScheme`.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
@ -25,7 +25,7 @@ labels:
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
- "traefik.http.services.service1.loadbalancer.server.port=80" - "traefik.http.services.service1.loadbalancer.server.port=80"
``` ```
@ -80,7 +80,7 @@ kind: Middleware
metadata: metadata:
name: known-ips name: known-ips
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 192.168.1.7 - 192.168.1.7
- 127.0.0.1/32 - 127.0.0.1/32
@ -93,7 +93,7 @@ spec:
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
- "traefik.http.services.service1.loadbalancer.server.port=80" - "traefik.http.services.service1.loadbalancer.server.port=80"
``` ```
@ -105,7 +105,7 @@ spec:
"traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users", "traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users",
"traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"traefik.http.middlewares.https-only.redirectscheme.scheme": "https", "traefik.http.middlewares.https-only.redirectscheme.scheme": "https",
"traefik.http.middlewares.known-ips.ipwhitelist.sourceRange": "192.168.1.7,127.0.0.1/32", "traefik.http.middlewares.known-ips.ipallowlist.sourceRange": "192.168.1.7,127.0.0.1/32",
"traefik.http.services.service1.loadbalancer.server.port": "80" "traefik.http.services.service1.loadbalancer.server.port": "80"
} }
``` ```
@ -118,7 +118,7 @@ labels:
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
- "traefik.http.services.service1.loadbalancer.server.port=80" - "traefik.http.services.service1.loadbalancer.server.port=80"
``` ```
@ -150,7 +150,7 @@ http:
scheme: https scheme: https
known-ips: known-ips:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "192.168.1.7" - "192.168.1.7"
- "127.0.0.1/32" - "127.0.0.1/32"
@ -180,7 +180,7 @@ http:
[http.middlewares.https-only.redirectScheme] [http.middlewares.https-only.redirectScheme]
scheme = "https" scheme = "https"
[http.middlewares.known-ips.ipWhiteList] [http.middlewares.known-ips.ipAllowList]
sourceRange = ["192.168.1.7", "127.0.0.1/32"] sourceRange = ["192.168.1.7", "127.0.0.1/32"]
[http.services] [http.services]

View file

@ -1,32 +1,30 @@
--- ---
title: "Traefik HTTP Middlewares IPWhiteList" title: "Traefik HTTP Middlewares IPAllowList"
description: "Learn how to use IPWhiteList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." description: "Learn how to use IPAllowList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
--- ---
# IPWhiteList # IPAllowList
Limiting Clients to Specific IPs Limiting Clients to Specific IPs
{: .subtitle } {: .subtitle }
![IpWhiteList](../../assets/img/middleware/ipwhitelist.png) IPAllowList accepts / refuses requests based on the client IP.
IPWhitelist accepts / refuses requests based on the client IP.
## Configuration Examples ## Configuration Examples
```yaml tab="Docker" ```yaml tab="Docker"
# Accepts request from defined IP # Accepts request from defined IP
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: test-ipwhitelist name: test-ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@ -34,27 +32,27 @@ spec:
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Accepts request from defined IP # Accepts request from defined IP
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7" "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Accepts request from defined IP # Accepts request from defined IP
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Accepts request from defined IP # Accepts request from defined IP
http: http:
middlewares: middlewares:
test-ipwhitelist: test-ipallowlist:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
@ -63,7 +61,7 @@ http:
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Accepts request from defined IP # Accepts request from defined IP
[http.middlewares] [http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList] [http.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"] sourceRange = ["127.0.0.1/32", "192.168.1.7"]
``` ```
@ -86,7 +84,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
!!! example "Examples of Depth & X-Forwarded-For" !!! example "Examples of Depth & X-Forwarded-For"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting is `"12.0.0.1"` (`depth=2`). If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`).
| `X-Forwarded-For` | `depth` | clientIP | | `X-Forwarded-For` | `depth` | clientIP |
|-----------------------------------------|---------|--------------| |-----------------------------------------|---------|--------------|
@ -95,20 +93,20 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` | | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
```yaml tab="Docker" ```yaml tab="Docker"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: test-ipwhitelist name: test-ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@ -117,31 +115,31 @@ spec:
``` ```
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7", "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32, 192.168.1.7",
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth": "2" "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth": "2"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
http: http:
middlewares: middlewares:
test-ipwhitelist: test-ipallowlist:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
@ -150,11 +148,11 @@ http:
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares] [http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList] [http.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"] sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
depth = 2 depth = 2
``` ```
@ -177,7 +175,7 @@ http:
```yaml tab="Docker" ```yaml tab="Docker"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -185,9 +183,9 @@ labels:
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: test-ipwhitelist name: test-ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
ipStrategy: ipStrategy:
excludedIPs: excludedIPs:
- 127.0.0.1/32 - 127.0.0.1/32
@ -196,27 +194,27 @@ spec:
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7" "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
http: http:
middlewares: middlewares:
test-ipwhitelist: test-ipallowlist:
ipWhiteList: ipAllowList:
ipStrategy: ipStrategy:
excludedIPs: excludedIPs:
- "127.0.0.1/32" - "127.0.0.1/32"
@ -226,7 +224,7 @@ http:
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
[http.middlewares] [http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList] [http.middlewares.test-ipallowlist.ipAllowList]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"] excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
``` ```

View file

@ -142,7 +142,7 @@ http:
| [Errors](errorpages.md) | Defines custom error pages | Request Lifecycle | | [Errors](errorpages.md) | Defines custom error pages | Request Lifecycle |
| [ForwardAuth](forwardauth.md) | Delegates Authentication | Security, Authentication | | [ForwardAuth](forwardauth.md) | Delegates Authentication | Security, Authentication |
| [Headers](headers.md) | Adds / Updates headers | Security | | [Headers](headers.md) | Adds / Updates headers | Security |
| [IPWhiteList](ipwhitelist.md) | Limits the allowed client IPs | Security, Request lifecycle | | [IPAllowList](ipallowlist.md) | Limits the allowed client IPs | Security, Request lifecycle |
| [InFlightReq](inflightreq.md) | Limits the number of simultaneous connections | Security, Request lifecycle | | [InFlightReq](inflightreq.md) | Limits the number of simultaneous connections | Security, Request lifecycle |
| [PassTLSClientCert](passtlsclientcert.md) | Adds Client Certificates in a Header | Security | | [PassTLSClientCert](passtlsclientcert.md) | Adds Client Certificates in a Header | Security |
| [RateLimit](ratelimit.md) | Limits the call frequency | Security, Request lifecycle | | [RateLimit](ratelimit.md) | Limits the call frequency | Security, Request lifecycle |

View file

@ -1,30 +1,30 @@
--- ---
title: "Traefik TCP Middlewares IPWhiteList" title: "Traefik TCP Middlewares IPAllowList"
description: "Learn how to use IPWhiteList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." description: "Learn how to use IPAllowList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
--- ---
# IPWhiteList # IPAllowList
Limiting Clients to Specific IPs Limiting Clients to Specific IPs
{: .subtitle } {: .subtitle }
IPWhitelist accepts / refuses connections based on the client IP. IPAllowList accepts / refuses connections based on the client IP.
## Configuration Examples ## Configuration Examples
```yaml tab="Docker" ```yaml tab="Docker"
# Accepts connections from defined IP # Accepts connections from defined IP
labels: labels:
- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: test-ipwhitelist name: test-ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@ -32,25 +32,25 @@ spec:
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Accepts request from defined IP # Accepts request from defined IP
- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7" "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Accepts request from defined IP # Accepts request from defined IP
labels: labels:
- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Accepts request from defined IP # Accepts request from defined IP
[tcp.middlewares] [tcp.middlewares]
[tcp.middlewares.test-ipwhitelist.ipWhiteList] [tcp.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"] sourceRange = ["127.0.0.1/32", "192.168.1.7"]
``` ```
@ -58,8 +58,8 @@ labels:
# Accepts request from defined IP # Accepts request from defined IP
tcp: tcp:
middlewares: middlewares:
test-ipwhitelist: test-ipallowlist:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"

View file

@ -18,10 +18,10 @@ whoami:
# A container that exposes an API to show its IP address # A container that exposes an API to show its IP address
image: traefik/whoami image: traefik/whoami
labels: labels:
# Create a middleware named `foo-ip-whitelist` # Create a middleware named `foo-ip-allowlist`
- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
# Apply the middleware named `foo-ip-whitelist` to the router named `router1` # Apply the middleware named `foo-ip-allowlist` to the router named `router1`
- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@docker" - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@docker"
``` ```
```yaml tab="Kubernetes IngressRoute" ```yaml tab="Kubernetes IngressRoute"
@ -43,9 +43,9 @@ spec:
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: foo-ip-whitelist name: foo-ip-allowlist
spec: spec:
ipWhiteList: ipAllowList:
sourcerange: sourcerange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@ -60,30 +60,30 @@ spec:
routes: routes:
# more fields... # more fields...
middlewares: middlewares:
- name: foo-ip-whitelist - name: foo-ip-allowlist
``` ```
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Create a middleware named `foo-ip-whitelist` # Create a middleware named `foo-ip-allowlist`
- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
# Apply the middleware named `foo-ip-whitelist` to the router named `router1` # Apply the middleware named `foo-ip-allowlist` to the router named `router1`
- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@consulcatalog" - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@consulcatalog"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7", "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7",
"traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@marathon" "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@marathon"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# As a Rancher Label # As a Rancher Label
labels: labels:
# Create a middleware named `foo-ip-whitelist` # Create a middleware named `foo-ip-allowlist`
- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
# Apply the middleware named `foo-ip-whitelist` to the router named `router1` # Apply the middleware named `foo-ip-allowlist` to the router named `router1`
- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@rancher" - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@rancher"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -91,11 +91,11 @@ labels:
[tcp.routers] [tcp.routers]
[tcp.routers.router1] [tcp.routers.router1]
service = "myService" service = "myService"
middlewares = ["foo-ip-whitelist"] middlewares = ["foo-ip-allowlist"]
rule = "Host(`example.com`)" rule = "Host(`example.com`)"
[tcp.middlewares] [tcp.middlewares]
[tcp.middlewares.foo-ip-whitelist.ipWhiteList] [tcp.middlewares.foo-ip-allowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"] sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[tcp.services] [tcp.services]
@ -114,12 +114,12 @@ tcp:
router1: router1:
service: myService service: myService
middlewares: middlewares:
- "foo-ip-whitelist" - "foo-ip-allowlist"
rule: "Host(`example.com`)" rule: "Host(`example.com`)"
middlewares: middlewares:
foo-ip-whitelist: foo-ip-allowlist:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
@ -137,4 +137,4 @@ tcp:
| Middleware | Purpose | Area | | Middleware | Purpose | Area |
|-------------------------------------------|---------------------------------------------------|-----------------------------| |-------------------------------------------|---------------------------------------------------|-----------------------------|
| [InFlightConn](inflightconn.md) | Limits the number of simultaneous connections. | Security, Request lifecycle | | [InFlightConn](inflightconn.md) | Limits the number of simultaneous connections. | Security, Request lifecycle |
| [IPWhiteList](ipwhitelist.md) | Limit the allowed client IPs. | Security, Request lifecycle | | [IPAllowList](ipallowlist.md) | Limit the allowed client IPs. | Security, Request lifecycle |

View file

@ -0,0 +1,18 @@
---
title: "Traefik V3 Migration Documentation"
description: "Migrate from Traefik Proxy v2 to v3 and update all the necessary configurations to take advantage of all the improvements. Read the technical documentation."
---
# Migration Guide: From v2 to v3
How to Migrate from Traefik v2 to Traefik v3.
{: .subtitle }
The version 3 of Traefik introduces a number of breaking changes,
which require one to update their configuration when they migrate from v2 to v3.
The goal of this page is to recapitulate all of these changes, and in particular to give examples,
feature by feature, of how the configuration looked like in v2, and how it now looks like in v3.
## IPWhiteList
In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration.

View file

@ -72,7 +72,7 @@ to allow defining:
- One or more security features through [middlewares](../middlewares/overview.md) - One or more security features through [middlewares](../middlewares/overview.md)
like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md), like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md),
[forwardAuth](../middlewares/http/forwardauth.md)) or [whitelisting](../middlewares/http/ipwhitelist.md). [forwardAuth](../middlewares/http/forwardauth.md)) or [allowlisting](../middlewares/http/ipallowlist.md).
- A [router rule](#dashboard-router-rule) for accessing the dashboard, - A [router rule](#dashboard-router-rule) for accessing the dashboard,
through Traefik itself (sometimes referred as "Traefik-ception"). through Traefik itself (sometimes referred as "Traefik-ception").

View file

@ -18,7 +18,7 @@ It supports providing configuration through a [single configuration file](#filen
!!! tip !!! tip
The file provider can be a good solution for reusing common elements from other providers (e.g. declaring whitelist middlewares, basic authentication, ...) The file provider can be a good solution for reusing common elements from other providers (e.g. declaring allowlist middlewares, basic authentication, ...)
## Configuration Examples ## Configuration Examples

View file

@ -71,9 +71,9 @@
- "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true" - "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.middleware10.headers.stspreload=true" - "traefik.http.middlewares.middleware10.headers.stspreload=true"
- "traefik.http.middlewares.middleware10.headers.stsseconds=42" - "traefik.http.middlewares.middleware10.headers.stsseconds=42"
- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth=42" - "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips=foobar, foobar" - "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware11.ipwhitelist.sourcerange=foobar, foobar" - "traefik.http.middlewares.middleware11.ipallowlist.sourcerange=foobar, foobar"
- "traefik.http.middlewares.middleware12.inflightreq.amount=42" - "traefik.http.middlewares.middleware12.inflightreq.amount=42"
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42" - "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar" - "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
@ -166,7 +166,7 @@
- "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true" - "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true"
- "traefik.http.services.service01.loadbalancer.server.port=foobar" - "traefik.http.services.service01.loadbalancer.server.port=foobar"
- "traefik.http.services.service01.loadbalancer.server.scheme=foobar" - "traefik.http.services.service01.loadbalancer.server.scheme=foobar"
- "traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange=foobar, foobar" - "traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange=foobar, foobar"
- "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42" - "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42"
- "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar" - "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar"
- "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar" - "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar"

View file

@ -203,9 +203,9 @@
name0 = "foobar" name0 = "foobar"
name1 = "foobar" name1 = "foobar"
[http.middlewares.Middleware11] [http.middlewares.Middleware11]
[http.middlewares.Middleware11.ipWhiteList] [http.middlewares.Middleware11.ipAllowList]
sourceRange = ["foobar", "foobar"] sourceRange = ["foobar", "foobar"]
[http.middlewares.Middleware11.ipWhiteList.ipStrategy] [http.middlewares.Middleware11.ipAllowList.ipStrategy]
depth = 42 depth = 42
excludedIPs = ["foobar", "foobar"] excludedIPs = ["foobar", "foobar"]
[http.middlewares.Middleware12] [http.middlewares.Middleware12]
@ -402,7 +402,7 @@
weight = 42 weight = 42
[tcp.middlewares] [tcp.middlewares]
[tcp.middlewares.TCPMiddleware00] [tcp.middlewares.TCPMiddleware00]
[tcp.middlewares.TCPMiddleware00.ipWhiteList] [tcp.middlewares.TCPMiddleware00.ipAllowList]
sourceRange = ["foobar", "foobar"] sourceRange = ["foobar", "foobar"]
[tcp.middlewares.TCPMiddleware01] [tcp.middlewares.TCPMiddleware01]
[tcp.middlewares.TCPMiddleware01.inFlightConn] [tcp.middlewares.TCPMiddleware01.inFlightConn]

View file

@ -230,7 +230,7 @@ http:
permissionsPolicy: foobar permissionsPolicy: foobar
isDevelopment: true isDevelopment: true
Middleware11: Middleware11:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- foobar - foobar
- foobar - foobar
@ -443,7 +443,7 @@ tcp:
weight: 42 weight: 42
middlewares: middlewares:
TCPMiddleware00: TCPMiddleware00:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- foobar - foobar
- foobar - foobar

View file

@ -1149,7 +1149,7 @@ spec:
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1174,14 +1174,14 @@ spec:
type: boolean type: boolean
type: object type: object
type: object type: object
ipWhiteList: ipAllowList:
description: 'IPWhiteList holds the IP whitelist middleware configuration. description: 'IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/'
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used description: 'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1345,7 +1345,7 @@ spec:
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1541,8 +1541,8 @@ spec:
format: int64 format: int64
type: integer type: integer
type: object type: object
ipWhiteList: ipAllowList:
description: IPWhiteList defines the IPWhiteList middleware configuration. description: IPAllowList defines the IPAllowList middleware configuration.
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of

View file

@ -148,7 +148,7 @@ spec:
- name: whoamitcp - name: whoamitcp
port: 8080 port: 8080
middlewares: middlewares:
- name: ipwhitelist - name: ipallowlist
tls: tls:
secretName: foosecret secretName: foosecret
passthrough: false passthrough: false

View file

@ -84,11 +84,11 @@
| `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` |
| `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` |
| `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` | | `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/depth` | `42` | | `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/depth` | `42` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` | | `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/0` | `foobar` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` | | `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/1` | `foobar` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/0` | `foobar` | | `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/0` | `foobar` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/1` | `foobar` | | `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/1` | `foobar` |
| `traefik/http/middlewares/Middleware12/inFlightReq/amount` | `42` | | `traefik/http/middlewares/Middleware12/inFlightReq/amount` | `42` |
| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` | | `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` |
| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` | | `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
@ -247,8 +247,8 @@
| `traefik/http/services/Service04/failover/fallback` | `foobar` | | `traefik/http/services/Service04/failover/fallback` | `foobar` |
| `traefik/http/services/Service04/failover/healthCheck` | `` | | `traefik/http/services/Service04/failover/healthCheck` | `` |
| `traefik/http/services/Service04/failover/service` | `foobar` | | `traefik/http/services/Service04/failover/service` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/0` | `foobar` | | `traefik/tcp/middlewares/TCPMiddleware00/ipAllowList/sourceRange/0` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/1` | `foobar` | | `traefik/tcp/middlewares/TCPMiddleware00/ipAllowList/sourceRange/1` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware01/inFlightConn/amount` | `42` | | `traefik/tcp/middlewares/TCPMiddleware01/inFlightConn/amount` | `42` |
| `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` | | `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` | | `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` |

View file

@ -71,9 +71,9 @@
"traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true", "traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true",
"traefik.http.middlewares.middleware10.headers.stspreload": "true", "traefik.http.middlewares.middleware10.headers.stspreload": "true",
"traefik.http.middlewares.middleware10.headers.stsseconds": "42", "traefik.http.middlewares.middleware10.headers.stsseconds": "42",
"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth": "42", "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth": "42",
"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips": "foobar, foobar", "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips": "foobar, foobar",
"traefik.http.middlewares.middleware11.ipwhitelist.sourcerange": "foobar, foobar", "traefik.http.middlewares.middleware11.ipallowlist.sourcerange": "foobar, foobar",
"traefik.http.middlewares.middleware12.inflightreq.amount": "42", "traefik.http.middlewares.middleware12.inflightreq.amount": "42",
"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth": "42", "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth": "42",
"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar", "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
@ -166,7 +166,7 @@
"traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true", "traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true",
"traefik.http.services.service01.loadbalancer.server.port": "foobar", "traefik.http.services.service01.loadbalancer.server.port": "foobar",
"traefik.http.services.service01.loadbalancer.server.scheme": "foobar", "traefik.http.services.service01.loadbalancer.server.scheme": "foobar",
"traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange": "foobar, foobar", "traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange": "foobar, foobar",
"traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount": "42", "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount": "42",
"traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar", "traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar",
"traefik.tcp.routers.tcprouter0.middlewares": "foobar, foobar", "traefik.tcp.routers.tcprouter0.middlewares": "foobar, foobar",

View file

@ -572,7 +572,7 @@ spec:
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -597,14 +597,14 @@ spec:
type: boolean type: boolean
type: object type: object
type: object type: object
ipWhiteList: ipAllowList:
description: 'IPWhiteList holds the IP whitelist middleware configuration. description: 'IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/'
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used description: 'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -768,7 +768,7 @@ spec:
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For

View file

@ -47,8 +47,8 @@ spec:
format: int64 format: int64
type: integer type: integer
type: object type: object
ipWhiteList: ipAllowList:
description: IPWhiteList defines the IPWhiteList middleware configuration. description: IPAllowList defines the IPAllowList middleware configuration.
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of

View file

@ -1287,9 +1287,9 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@ -1305,13 +1305,13 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
entryPoints: entryPoints:
- web - web
routes: routes:
- match: Host(`example.com`) && PathPrefix(`/whitelist`) - match: Host(`example.com`) && PathPrefix(`/allowlist`)
kind: Rule kind: Rule
services: services:
- name: whoami - name: whoami
port: 80 port: 80
middlewares: middlewares:
- name: ipwhitelist - name: ipallowlist
namespace: foo namespace: foo
``` ```

View file

@ -986,7 +986,7 @@ The middlewares will take effect only if the rule matches, and before connecting
[tcp.routers.my-router] [tcp.routers.my-router]
rule = "HostSNI(`*`)" rule = "HostSNI(`*`)"
# declared elsewhere # declared elsewhere
middlewares = ["ipwhitelist"] middlewares = ["ipallowlist"]
service = "service-foo" service = "service-foo"
``` ```
@ -998,7 +998,7 @@ The middlewares will take effect only if the rule matches, and before connecting
rule: "HostSNI(`*`)" rule: "HostSNI(`*`)"
# declared elsewhere # declared elsewhere
middlewares: middlewares:
- ipwhitelist - ipallowlist
service: service-foo service: service-foo
``` ```

View file

@ -126,7 +126,7 @@ nav:
- 'Errors': 'middlewares/http/errorpages.md' - 'Errors': 'middlewares/http/errorpages.md'
- 'ForwardAuth': 'middlewares/http/forwardauth.md' - 'ForwardAuth': 'middlewares/http/forwardauth.md'
- 'Headers': 'middlewares/http/headers.md' - 'Headers': 'middlewares/http/headers.md'
- 'IpWhitelist': 'middlewares/http/ipwhitelist.md' - 'IpAllowList': 'middlewares/http/ipallowlist.md'
- 'InFlightReq': 'middlewares/http/inflightreq.md' - 'InFlightReq': 'middlewares/http/inflightreq.md'
- 'PassTLSClientCert': 'middlewares/http/passtlsclientcert.md' - 'PassTLSClientCert': 'middlewares/http/passtlsclientcert.md'
- 'RateLimit': 'middlewares/http/ratelimit.md' - 'RateLimit': 'middlewares/http/ratelimit.md'
@ -140,7 +140,7 @@ nav:
- 'TCP': - 'TCP':
- 'Overview': 'middlewares/tcp/overview.md' - 'Overview': 'middlewares/tcp/overview.md'
- 'InFlightConn': 'middlewares/tcp/inflightconn.md' - 'InFlightConn': 'middlewares/tcp/inflightconn.md'
- 'IpWhitelist': 'middlewares/tcp/ipwhitelist.md' - 'IpAllowList': 'middlewares/tcp/ipallowlist.md'
- 'Traefik Hub': 'traefik-hub/index.md' - 'Traefik Hub': 'traefik-hub/index.md'
- 'Plugins & Plugin Catalog': 'plugins/index.md' - 'Plugins & Plugin Catalog': 'plugins/index.md'
- 'Operations': - 'Operations':
@ -177,6 +177,7 @@ nav:
- 'HTTP Challenge': 'user-guides/docker-compose/acme-http/index.md' - 'HTTP Challenge': 'user-guides/docker-compose/acme-http/index.md'
- 'DNS Challenge': 'user-guides/docker-compose/acme-dns/index.md' - 'DNS Challenge': 'user-guides/docker-compose/acme-dns/index.md'
- 'Migration': - 'Migration':
- 'Traefik v2 to v3': 'migration/v2-to-v3.md'
- 'Traefik v2 minor migrations': 'migration/v2.md' - 'Traefik v2 minor migrations': 'migration/v2.md'
- 'Traefik v1 to v2': 'migration/v1-to-v2.md' - 'Traefik v1 to v2': 'migration/v1-to-v2.md'
- 'Contributing': - 'Contributing':

View file

@ -435,7 +435,7 @@ func (s *AccessLogSuite) TestAccessLogBackendNotFound(c *check.C) {
checkNoOtherTraefikProblems(c) checkNoOtherTraefikProblems(c)
} }
func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) { func (s *AccessLogSuite) TestAccessLogFrontendAllowlist(c *check.C) {
ensureWorkingDirectoryIsClean() ensureWorkingDirectoryIsClean()
expected := []accessLogValue{ expected := []accessLogValue{
@ -443,7 +443,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
formatOnly: false, formatOnly: false,
code: "403", code: "403",
user: "-", user: "-",
routerName: "rt-frontendWhitelist", routerName: "rt-frontendAllowlist",
serviceURL: "-", serviceURL: "-",
}, },
} }
@ -458,7 +458,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
checkStatsForLogFile(c) checkStatsForLogFile(c)
waitForTraefik(c, "frontendWhitelist") waitForTraefik(c, "frontendAllowlist")
// Verify Traefik started OK // Verify Traefik started OK
checkTraefikStarted(c) checkTraefikStarted(c)
@ -466,7 +466,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendWhitelist(c *check.C) {
// Test rate limit // Test rate limit
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil) req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
req.Host = "frontend.whitelist.docker.local" req.Host = "frontend.allowlist.docker.local"
err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusForbidden), try.HasBody()) err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusForbidden), try.HasBody())
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)

View file

@ -1149,7 +1149,7 @@ spec:
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1174,14 +1174,14 @@ spec:
type: boolean type: boolean
type: object type: object
type: object type: object
ipWhiteList: ipAllowList:
description: 'IPWhiteList holds the IP whitelist middleware configuration. description: 'IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/'
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used description: 'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1345,7 +1345,7 @@ spec:
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1541,8 +1541,8 @@ spec:
format: int64 format: int64
type: integer type: integer
type: object type: object
ipWhiteList: ipAllowList:
description: IPWhiteList defines the IPWhiteList middleware configuration. description: IPAllowList defines the IPAllowList middleware configuration.
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of

View file

@ -23,7 +23,7 @@
entryPoints = ["tcp"] entryPoints = ["tcp"]
rule = "HostSNI(`whoami-a.test`)" rule = "HostSNI(`whoami-a.test`)"
service = "whoami-a" service = "whoami-a"
middlewares = ["blocking-ipwhitelist"] middlewares = ["blocking-ipallowlist"]
[tcp.routers.to-whoami-a.tls] [tcp.routers.to-whoami-a.tls]
passthrough = true passthrough = true
@ -31,7 +31,7 @@
entryPoints = ["tcp"] entryPoints = ["tcp"]
rule = "HostSNI(`whoami-b.test`)" rule = "HostSNI(`whoami-b.test`)"
service = "whoami-b" service = "whoami-b"
middlewares = ["allowing-ipwhitelist"] middlewares = ["allowing-ipallowlist"]
[tcp.routers.to-whoami-b.tls] [tcp.routers.to-whoami-b.tls]
passthrough = true passthrough = true
@ -45,7 +45,7 @@
address = "{{ .WhoamiB }}" address = "{{ .WhoamiB }}"
[tcp.middlewares] [tcp.middlewares]
[tcp.middlewares.allowing-ipwhitelist.ipWhiteList] [tcp.middlewares.allowing-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32"] sourceRange = ["127.0.0.1/32"]
[tcp.middlewares.blocking-ipwhitelist.ipWhiteList] [tcp.middlewares.blocking-ipallowlist.ipAllowList]
sourceRange = ["127.127.127.127/32"] sourceRange = ["127.127.127.127/32"]

View file

@ -75,14 +75,14 @@ services:
traefik.http.middlewares.rate.ratelimit.burst: 2 traefik.http.middlewares.rate.ratelimit.burst: 2
traefik.http.services.service3.loadbalancer.server.port: 80 traefik.http.services.service3.loadbalancer.server.port: 80
frontendWhitelist: frontendAllowlist:
image: traefik/whoami image: traefik/whoami
labels: labels:
traefik.enable: true traefik.enable: true
traefik.http.routers.rt-frontendWhitelist.entryPoints: web traefik.http.routers.rt-frontendAllowlist.entryPoints: web
traefik.http.routers.rt-frontendWhitelist.rule: Host(`frontend.whitelist.docker.local`) traefik.http.routers.rt-frontendAllowlist.rule: Host(`frontend.allowlist.docker.local`)
traefik.http.routers.rt-frontendWhitelist.middlewares: wl traefik.http.routers.rt-frontendAllowlist.middlewares: wl
traefik.http.middlewares.wl.ipwhitelist.sourcerange: 8.8.8.8/32 traefik.http.middlewares.wl.ipallowlist.sourcerange: 8.8.8.8/32
traefik.http.services.service3.loadbalancer.server.port: 80 traefik.http.services.service3.loadbalancer.server.port: 80
networks: networks:

View file

@ -0,0 +1,41 @@
version: "3.8"
services:
noOverrideAllowlist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt1.rule: Host(`no.override.allowlist.docker.local`)
traefik.http.routers.rt1.middlewares: wl1
traefik.http.middlewares.wl1.ipallowList.sourceRange: 8.8.8.8
overrideIPStrategyRemoteAddrAllowlist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt2.rule: Host(`override.remoteaddr.allowlist.docker.local`)
traefik.http.routers.rt2.middlewares: wl2
traefik.http.middlewares.wl2.ipallowlist.sourceRange: 8.8.8.8
traefik.http.middlewares.wl2.ipallowlist.ipStrategy: true
overrideIPStrategyDepthAllowlist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt3.rule: Host(`override.depth.allowlist.docker.local`)
traefik.http.routers.rt3.middlewares: wl3
traefik.http.middlewares.wl3.ipallowlist.sourceRange: 8.8.8.8
traefik.http.middlewares.wl3.ipallowlist.ipStrategy.depth: 3
overrideIPStrategyExcludedIPsAllowlist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt4.rule: Host(`override.excludedips.allowlist.docker.local`)
traefik.http.routers.rt4.middlewares: wl4
traefik.http.middlewares.wl4.ipallowlist.sourceRange: 8.8.8.8
traefik.http.middlewares.wl4.ipallowlist.ipStrategy.excludedIPs: 10.0.0.1,10.0.0.2
networks:
default:
name: traefik-test-network
external: true

View file

@ -1,41 +0,0 @@
version: "3.8"
services:
noOverrideWhitelist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt1.rule: Host(`no.override.whitelist.docker.local`)
traefik.http.routers.rt1.middlewares: wl1
traefik.http.middlewares.wl1.ipwhiteList.sourceRange: 8.8.8.8
overrideIPStrategyRemoteAddrWhitelist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt2.rule: Host(`override.remoteaddr.whitelist.docker.local`)
traefik.http.routers.rt2.middlewares: wl2
traefik.http.middlewares.wl2.ipwhitelist.sourceRange: 8.8.8.8
traefik.http.middlewares.wl2.ipwhitelist.ipStrategy: true
overrideIPStrategyDepthWhitelist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt3.rule: Host(`override.depth.whitelist.docker.local`)
traefik.http.routers.rt3.middlewares: wl3
traefik.http.middlewares.wl3.ipwhitelist.sourceRange: 8.8.8.8
traefik.http.middlewares.wl3.ipwhitelist.ipStrategy.depth: 3
overrideIPStrategyExcludedIPsWhitelist:
image: traefik/whoami
labels:
traefik.enable: true
traefik.http.routers.rt4.rule: Host(`override.excludedips.whitelist.docker.local`)
traefik.http.routers.rt4.middlewares: wl4
traefik.http.middlewares.wl4.ipwhitelist.sourceRange: 8.8.8.8
traefik.http.middlewares.wl4.ipwhitelist.ipStrategy.excludedIPs: 10.0.0.1,10.0.0.2
networks:
default:
name: traefik-test-network
external: true

View file

@ -397,13 +397,13 @@ func (s *SimpleSuite) TestMultipleProviderSameBackendName(c *check.C) {
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
} }
func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) { func (s *SimpleSuite) TestIPStrategyAllowlist(c *check.C) {
s.createComposeProject(c, "whitelist") s.createComposeProject(c, "allowlist")
s.composeUp(c) s.composeUp(c)
defer s.composeDown(c) defer s.composeDown(c)
cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml")) cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_allowlist.toml"))
defer output(c) defer output(c)
err := cmd.Start() err := cmd.Start()
@ -413,7 +413,7 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override")) err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override"))
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.whitelist.docker.local")) err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, try.BodyContains("override.remoteaddr.allowlist.docker.local"))
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
testCases := []struct { testCases := []struct {
@ -425,31 +425,31 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
{ {
desc: "override remote addr reject", desc: "override remote addr reject",
xForwardedFor: "8.8.8.8,8.8.8.8", xForwardedFor: "8.8.8.8,8.8.8.8",
host: "override.remoteaddr.whitelist.docker.local", host: "override.remoteaddr.allowlist.docker.local",
expectedStatusCode: 403, expectedStatusCode: 403,
}, },
{ {
desc: "override depth accept", desc: "override depth accept",
xForwardedFor: "8.8.8.8,10.0.0.1,127.0.0.1", xForwardedFor: "8.8.8.8,10.0.0.1,127.0.0.1",
host: "override.depth.whitelist.docker.local", host: "override.depth.allowlist.docker.local",
expectedStatusCode: 200, expectedStatusCode: 200,
}, },
{ {
desc: "override depth reject", desc: "override depth reject",
xForwardedFor: "10.0.0.1,8.8.8.8,127.0.0.1", xForwardedFor: "10.0.0.1,8.8.8.8,127.0.0.1",
host: "override.depth.whitelist.docker.local", host: "override.depth.allowlist.docker.local",
expectedStatusCode: 403, expectedStatusCode: 403,
}, },
{ {
desc: "override excludedIPs reject", desc: "override excludedIPs reject",
xForwardedFor: "10.0.0.3,10.0.0.1,10.0.0.2", xForwardedFor: "10.0.0.3,10.0.0.1,10.0.0.2",
host: "override.excludedips.whitelist.docker.local", host: "override.excludedips.allowlist.docker.local",
expectedStatusCode: 403, expectedStatusCode: 403,
}, },
{ {
desc: "override excludedIPs accept", desc: "override excludedIPs accept",
xForwardedFor: "8.8.8.8,10.0.0.1,10.0.0.2", xForwardedFor: "8.8.8.8,10.0.0.1,10.0.0.2",
host: "override.excludedips.whitelist.docker.local", host: "override.excludedips.allowlist.docker.local",
expectedStatusCode: 200, expectedStatusCode: 200,
}, },
} }
@ -468,12 +468,12 @@ func (s *SimpleSuite) TestIPStrategyWhitelist(c *check.C) {
} }
func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) { func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) {
s.createComposeProject(c, "whitelist") s.createComposeProject(c, "allowlist")
s.composeUp(c) s.composeUp(c)
defer s.composeDown(c) defer s.composeDown(c)
cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_whitelist.toml")) cmd, output := s.traefikCmd(withConfigFile("fixtures/simple_allowlist.toml"))
defer output(c) defer output(c)
err := cmd.Start() err := cmd.Start()
@ -481,13 +481,13 @@ func (s *SimpleSuite) TestXForwardedHeaders(c *check.C) {
defer s.killCmd(cmd) defer s.killCmd(cmd)
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second, err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second,
try.BodyContains("override.remoteaddr.whitelist.docker.local")) try.BodyContains("override.remoteaddr.allowlist.docker.local"))
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil) req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil)
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
req.Host = "override.depth.whitelist.docker.local" req.Host = "override.depth.allowlist.docker.local"
req.Header.Set("X-Forwarded-For", "8.8.8.8,10.0.0.1,127.0.0.1") req.Header.Set("X-Forwarded-For", "8.8.8.8,10.0.0.1,127.0.0.1")
err = try.Request(req, 1*time.Second, err = try.Request(req, 1*time.Second,

View file

@ -241,8 +241,8 @@ func (s *TCPSuite) TestCatchAllNoTLSWithHTTPS(c *check.C) {
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
} }
func (s *TCPSuite) TestMiddlewareWhiteList(c *check.C) { func (s *TCPSuite) TestMiddlewareAllowList(c *check.C) {
file := s.adaptFile(c, "fixtures/tcp/ip-whitelist.toml", struct { file := s.adaptFile(c, "fixtures/tcp/ipallowlist.toml", struct {
WhoamiA string WhoamiA string
WhoamiB string WhoamiB string
}{ }{
@ -261,7 +261,7 @@ func (s *TCPSuite) TestMiddlewareWhiteList(c *check.C) {
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 5*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains("HostSNI(`whoami-a.test`)")) err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 5*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains("HostSNI(`whoami-a.test`)"))
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
// Traefik not passes through, ipWhitelist closes connection // Traefik not passes through, ipAllowList closes connection
_, err = guessWhoTLSPassthrough("127.0.0.1:8093", "whoami-a.test") _, err = guessWhoTLSPassthrough("127.0.0.1:8093", "whoami-a.test")
c.Assert(err, checker.ErrorMatches, "EOF") c.Assert(err, checker.ErrorMatches, "EOF")

View file

@ -173,24 +173,24 @@ func TestHandler_Overview(t *testing.T) {
}, },
}, },
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist1@myprovider": { "ipallowlist1@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
Status: runtime.StatusEnabled, Status: runtime.StatusEnabled,
}, },
"ipwhitelist2@myprovider": { "ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
}, },
"ipwhitelist3@myprovider": { "ipallowlist3@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },

View file

@ -512,25 +512,25 @@ func TestHandler_TCP(t *testing.T) {
path: "/api/tcp/middlewares", path: "/api/tcp/middlewares",
conf: runtime.Configuration{ conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist1@myprovider": { "ipallowlist1@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
UsedBy: []string{"bar@myprovider", "test@myprovider"}, UsedBy: []string{"bar@myprovider", "test@myprovider"},
}, },
"ipwhitelist2@myprovider": { "ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.2/32"}, SourceRange: []string{"127.0.0.2/32"},
}, },
}, },
UsedBy: []string{"test@myprovider"}, UsedBy: []string{"test@myprovider"},
}, },
"ipwhitelist1@anotherprovider": { "ipallowlist1@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -549,27 +549,27 @@ func TestHandler_TCP(t *testing.T) {
path: "/api/tcp/middlewares?status=enabled", path: "/api/tcp/middlewares?status=enabled",
conf: runtime.Configuration{ conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist@myprovider": { "ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
UsedBy: []string{"bar@myprovider", "test@myprovider"}, UsedBy: []string{"bar@myprovider", "test@myprovider"},
Status: runtime.StatusEnabled, Status: runtime.StatusEnabled,
}, },
"ipwhitelist2@myprovider": { "ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.2/32"}, SourceRange: []string{"127.0.0.2/32"},
}, },
}, },
UsedBy: []string{"test@myprovider"}, UsedBy: []string{"test@myprovider"},
Status: runtime.StatusDisabled, Status: runtime.StatusDisabled,
}, },
"ipwhitelist@anotherprovider": { "ipallowlist@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -586,30 +586,30 @@ func TestHandler_TCP(t *testing.T) {
}, },
{ {
desc: "middlewares filtered by search", desc: "middlewares filtered by search",
path: "/api/tcp/middlewares?search=ipwhitelist", path: "/api/tcp/middlewares?search=ipallowlist",
conf: runtime.Configuration{ conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"bad@myprovider": { "bad@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
UsedBy: []string{"bar@myprovider", "test@myprovider"}, UsedBy: []string{"bar@myprovider", "test@myprovider"},
Status: runtime.StatusEnabled, Status: runtime.StatusEnabled,
}, },
"ipwhitelist@myprovider": { "ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
UsedBy: []string{"test@myprovider"}, UsedBy: []string{"test@myprovider"},
Status: runtime.StatusDisabled, Status: runtime.StatusDisabled,
}, },
"ipwhitelist@anotherprovider": { "ipallowlist@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -629,25 +629,25 @@ func TestHandler_TCP(t *testing.T) {
path: "/api/tcp/middlewares?page=2&per_page=1", path: "/api/tcp/middlewares?page=2&per_page=1",
conf: runtime.Configuration{ conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist@myprovider": { "ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
UsedBy: []string{"bar@myprovider", "test@myprovider"}, UsedBy: []string{"bar@myprovider", "test@myprovider"},
}, },
"ipwhitelist2@myprovider": { "ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.2/32"}, SourceRange: []string{"127.0.0.2/32"},
}, },
}, },
UsedBy: []string{"test@myprovider"}, UsedBy: []string{"test@myprovider"},
}, },
"ipwhitelist@anotherprovider": { "ipallowlist@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -663,28 +663,28 @@ func TestHandler_TCP(t *testing.T) {
}, },
{ {
desc: "one middleware by id", desc: "one middleware by id",
path: "/api/tcp/middlewares/ipwhitelist@myprovider", path: "/api/tcp/middlewares/ipallowlist@myprovider",
conf: runtime.Configuration{ conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist@myprovider": { "ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
UsedBy: []string{"bar@myprovider", "test@myprovider"}, UsedBy: []string{"bar@myprovider", "test@myprovider"},
}, },
"ipwhitelist2@myprovider": { "ipallowlist2@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.2/32"}, SourceRange: []string{"127.0.0.2/32"},
}, },
}, },
UsedBy: []string{"test@myprovider"}, UsedBy: []string{"test@myprovider"},
}, },
"ipwhitelist@anotherprovider": { "ipallowlist@anotherprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -694,7 +694,7 @@ func TestHandler_TCP(t *testing.T) {
}, },
expected: expected{ expected: expected{
statusCode: http.StatusOK, statusCode: http.StatusOK,
jsonFile: "testdata/tcpmiddleware-ipwhitelist.json", jsonFile: "testdata/tcpmiddleware-ipallowlist.json",
}, },
}, },
{ {
@ -702,9 +702,9 @@ func TestHandler_TCP(t *testing.T) {
path: "/api/tcp/middlewares/foo@myprovider", path: "/api/tcp/middlewares/foo@myprovider",
conf: runtime.Configuration{ conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"ipwhitelist@myprovider": { "ipallowlist@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{ TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },

View file

@ -1,13 +1,13 @@
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist@myprovider", "name": "ipallowlist@myprovider",
"provider": "myprovider", "provider": "myprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"bar@myprovider", "bar@myprovider",
"test@myprovider" "test@myprovider"
] ]
} }

View file

@ -1,26 +1,26 @@
[ [
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist@anotherprovider", "name": "ipallowlist@anotherprovider",
"provider": "anotherprovider", "provider": "anotherprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"bar@myprovider" "bar@myprovider"
] ]
}, },
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist@myprovider", "name": "ipallowlist@myprovider",
"provider": "myprovider", "provider": "myprovider",
"status": "disabled", "status": "disabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"test@myprovider" "test@myprovider"
] ]
} }
] ]

View file

@ -1,27 +1,27 @@
[ [
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist@anotherprovider", "name": "ipallowlist@anotherprovider",
"provider": "anotherprovider", "provider": "anotherprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"bar@myprovider" "bar@myprovider"
] ]
}, },
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist@myprovider", "name": "ipallowlist@myprovider",
"provider": "myprovider", "provider": "myprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"bar@myprovider", "bar@myprovider",
"test@myprovider" "test@myprovider"
] ]
} }
] ]

View file

@ -1,14 +1,14 @@
[ [
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist@anotherprovider", "name": "ipallowlist@anotherprovider",
"provider": "anotherprovider", "provider": "anotherprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"bar@myprovider" "bar@myprovider"
] ]
} }
] ]

View file

@ -1,39 +1,39 @@
[ [
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist1@anotherprovider", "name": "ipallowlist1@anotherprovider",
"provider": "anotherprovider", "provider": "anotherprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"bar@myprovider" "bar@myprovider"
] ]
}, },
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.1/32"] "sourceRange": ["127.0.0.1/32"]
}, },
"name": "ipwhitelist1@myprovider", "name": "ipallowlist1@myprovider",
"provider": "myprovider", "provider": "myprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"bar@myprovider", "bar@myprovider",
"test@myprovider" "test@myprovider"
] ]
}, },
{ {
"ipWhiteList": { "ipAllowList": {
"sourceRange": ["127.0.0.2/32"] "sourceRange": ["127.0.0.2/32"]
}, },
"name": "ipwhitelist2@myprovider", "name": "ipallowlist2@myprovider",
"provider": "myprovider", "provider": "myprovider",
"status": "enabled", "status": "enabled",
"type": "ipwhitelist", "type": "ipallowlist",
"usedBy": [ "usedBy": [
"test@myprovider" "test@myprovider"
] ]
} }
] ]

View file

@ -358,11 +358,11 @@
[http.middlewares.Middleware5.chain] [http.middlewares.Middleware5.chain]
middlewares = ["foobar", "foobar"] middlewares = ["foobar", "foobar"]
[http.middlewares.Middleware6] [http.middlewares.Middleware6]
[http.middlewares.Middleware6.ipWhiteList] [http.middlewares.Middleware6.ipAllowList]
sourceRange = ["foobar", "foobar"] sourceRange = ["foobar", "foobar"]
[http.middlewares.Middleware7] [http.middlewares.Middleware7]
[http.middlewares.Middleware7.ipWhiteList] [http.middlewares.Middleware7.ipAllowList]
[http.middlewares.Middleware7.ipWhiteList.ipStrategy] [http.middlewares.Middleware7.ipAllowList.ipStrategy]
depth = 42 depth = 42
excludedIPs = ["foobar", "foobar"] excludedIPs = ["foobar", "foobar"]
[http.middlewares.Middleware8] [http.middlewares.Middleware8]

View file

@ -18,7 +18,7 @@ type Middleware struct {
ReplacePath *ReplacePath `json:"replacePath,omitempty" toml:"replacePath,omitempty" yaml:"replacePath,omitempty" export:"true"` ReplacePath *ReplacePath `json:"replacePath,omitempty" toml:"replacePath,omitempty" yaml:"replacePath,omitempty" export:"true"`
ReplacePathRegex *ReplacePathRegex `json:"replacePathRegex,omitempty" toml:"replacePathRegex,omitempty" yaml:"replacePathRegex,omitempty" export:"true"` ReplacePathRegex *ReplacePathRegex `json:"replacePathRegex,omitempty" toml:"replacePathRegex,omitempty" yaml:"replacePathRegex,omitempty" export:"true"`
Chain *Chain `json:"chain,omitempty" toml:"chain,omitempty" yaml:"chain,omitempty" export:"true"` Chain *Chain `json:"chain,omitempty" toml:"chain,omitempty" yaml:"chain,omitempty" export:"true"`
IPWhiteList *IPWhiteList `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"` IPAllowList *IPAllowList `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"`
Headers *Headers `json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"` Headers *Headers `json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"`
Errors *ErrorPage `json:"errors,omitempty" toml:"errors,omitempty" yaml:"errors,omitempty" export:"true"` Errors *ErrorPage `json:"errors,omitempty" toml:"errors,omitempty" yaml:"errors,omitempty" export:"true"`
RateLimit *RateLimit `json:"rateLimit,omitempty" toml:"rateLimit,omitempty" yaml:"rateLimit,omitempty" export:"true"` RateLimit *RateLimit `json:"rateLimit,omitempty" toml:"rateLimit,omitempty" yaml:"rateLimit,omitempty" export:"true"`
@ -346,7 +346,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. // IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy // More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/#ipstrategy
type IPStrategy struct { type IPStrategy struct {
// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). // Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"` Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
@ -385,10 +385,10 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// IPWhiteList holds the IP whitelist middleware configuration. // IPAllowList holds the IP allowlist middleware configuration.
// This middleware accepts / refuses requests based on the client IP. // This middleware accepts / refuses requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/ // More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipallowlist/
type IPWhiteList struct { type IPAllowList struct {
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). // SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"` IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`

View file

@ -5,7 +5,7 @@ package dynamic
// TCPMiddleware holds the TCPMiddleware configuration. // TCPMiddleware holds the TCPMiddleware configuration.
type TCPMiddleware struct { type TCPMiddleware struct {
InFlightConn *TCPInFlightConn `json:"inFlightConn,omitempty" toml:"inFlightConn,omitempty" yaml:"inFlightConn,omitempty" export:"true"` InFlightConn *TCPInFlightConn `json:"inFlightConn,omitempty" toml:"inFlightConn,omitempty" yaml:"inFlightConn,omitempty" export:"true"`
IPWhiteList *TCPIPWhiteList `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"` IPAllowList *TCPIPAllowList `json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true"`
} }
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
@ -22,9 +22,9 @@ type TCPInFlightConn struct {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// TCPIPWhiteList holds the TCP IPWhiteList middleware configuration. // TCPIPAllowList holds the TCP IPAllowList middleware configuration.
// This middleware accepts/refuses connections based on the client IP. // This middleware accepts/refuses connections based on the client IP.
type TCPIPWhiteList struct { type TCPIPAllowList struct {
// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation). // SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
} }

View file

@ -532,6 +532,32 @@ func (in *HealthCheck) DeepCopy() *HealthCheck {
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IPAllowList) DeepCopyInto(out *IPAllowList) {
*out = *in
if in.SourceRange != nil {
in, out := &in.SourceRange, &out.SourceRange
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.IPStrategy != nil {
in, out := &in.IPStrategy, &out.IPStrategy
*out = new(IPStrategy)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAllowList.
func (in *IPAllowList) DeepCopy() *IPAllowList {
if in == nil {
return nil
}
out := new(IPAllowList)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IPStrategy) DeepCopyInto(out *IPStrategy) { func (in *IPStrategy) DeepCopyInto(out *IPStrategy) {
*out = *in *out = *in
@ -553,32 +579,6 @@ func (in *IPStrategy) DeepCopy() *IPStrategy {
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IPWhiteList) DeepCopyInto(out *IPWhiteList) {
*out = *in
if in.SourceRange != nil {
in, out := &in.SourceRange, &out.SourceRange
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.IPStrategy != nil {
in, out := &in.IPStrategy, &out.IPStrategy
*out = new(IPStrategy)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPWhiteList.
func (in *IPWhiteList) DeepCopy() *IPWhiteList {
if in == nil {
return nil
}
out := new(IPWhiteList)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *InFlightReq) DeepCopyInto(out *InFlightReq) { func (in *InFlightReq) DeepCopyInto(out *InFlightReq) {
*out = *in *out = *in
@ -654,9 +654,9 @@ func (in *Middleware) DeepCopyInto(out *Middleware) {
*out = new(Chain) *out = new(Chain)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
if in.IPWhiteList != nil { if in.IPAllowList != nil {
in, out := &in.IPWhiteList, &out.IPWhiteList in, out := &in.IPAllowList, &out.IPAllowList
*out = new(IPWhiteList) *out = new(IPAllowList)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
if in.Headers != nil { if in.Headers != nil {
@ -1382,7 +1382,7 @@ func (in *TCPConfiguration) DeepCopy() *TCPConfiguration {
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) { func (in *TCPIPAllowList) DeepCopyInto(out *TCPIPAllowList) {
*out = *in *out = *in
if in.SourceRange != nil { if in.SourceRange != nil {
in, out := &in.SourceRange, &out.SourceRange in, out := &in.SourceRange, &out.SourceRange
@ -1392,12 +1392,12 @@ func (in *TCPIPWhiteList) DeepCopyInto(out *TCPIPWhiteList) {
return return
} }
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPWhiteList. // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPIPAllowList.
func (in *TCPIPWhiteList) DeepCopy() *TCPIPWhiteList { func (in *TCPIPAllowList) DeepCopy() *TCPIPAllowList {
if in == nil { if in == nil {
return nil return nil
} }
out := new(TCPIPWhiteList) out := new(TCPIPAllowList)
in.DeepCopyInto(out) in.DeepCopyInto(out)
return out return out
} }
@ -1426,9 +1426,9 @@ func (in *TCPMiddleware) DeepCopyInto(out *TCPMiddleware) {
*out = new(TCPInFlightConn) *out = new(TCPInFlightConn)
**out = **in **out = **in
} }
if in.IPWhiteList != nil { if in.IPAllowList != nil {
in, out := &in.IPWhiteList, &out.IPWhiteList in, out := &in.IPAllowList, &out.IPAllowList
*out = new(TCPIPWhiteList) *out = new(TCPIPAllowList)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
return return

View file

@ -82,9 +82,9 @@ func TestDecodeConfiguration(t *testing.T) {
"traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true", "traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true",
"traefik.http.middlewares.Middleware8.headers.stspreload": "true", "traefik.http.middlewares.Middleware8.headers.stspreload": "true",
"traefik.http.middlewares.Middleware8.headers.stsseconds": "42", "traefik.http.middlewares.Middleware8.headers.stsseconds": "42",
"traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.depth": "42", "traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.depth": "42",
"traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.excludedips": "foobar, fiibar", "traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.excludedips": "foobar, fiibar",
"traefik.http.middlewares.Middleware9.ipwhitelist.sourcerange": "foobar, fiibar", "traefik.http.middlewares.Middleware9.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.http.middlewares.Middleware10.inflightreq.amount": "42", "traefik.http.middlewares.Middleware10.inflightreq.amount": "42",
"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.depth": "42", "traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.depth": "42",
"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, fiibar", "traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, fiibar",
@ -180,7 +180,7 @@ func TestDecodeConfiguration(t *testing.T) {
"traefik.http.services.Service1.loadbalancer.sticky": "false", "traefik.http.services.Service1.loadbalancer.sticky": "false",
"traefik.http.services.Service1.loadbalancer.sticky.cookie.name": "fui", "traefik.http.services.Service1.loadbalancer.sticky.cookie.name": "fui",
"traefik.tcp.middlewares.Middleware0.ipwhitelist.sourcerange": "foobar, fiibar", "traefik.tcp.middlewares.Middleware0.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.middlewares.Middleware2.inflightconn.amount": "42", "traefik.tcp.middlewares.Middleware2.inflightconn.amount": "42",
"traefik.tcp.routers.Router0.rule": "foobar", "traefik.tcp.routers.Router0.rule": "foobar",
"traefik.tcp.routers.Router0.priority": "42", "traefik.tcp.routers.Router0.priority": "42",
@ -244,7 +244,7 @@ func TestDecodeConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware0": { "Middleware0": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },
@ -611,7 +611,7 @@ func TestDecodeConfiguration(t *testing.T) {
}, },
}, },
"Middleware9": { "Middleware9": {
IPWhiteList: &dynamic.IPWhiteList{ IPAllowList: &dynamic.IPAllowList{
SourceRange: []string{ SourceRange: []string{
"foobar", "foobar",
"fiibar", "fiibar",
@ -741,7 +741,7 @@ func TestEncodeConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware0": { "Middleware0": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },
@ -1113,7 +1113,7 @@ func TestEncodeConfiguration(t *testing.T) {
}, },
}, },
"Middleware9": { "Middleware9": {
IPWhiteList: &dynamic.IPWhiteList{ IPAllowList: &dynamic.IPAllowList{
SourceRange: []string{ SourceRange: []string{
"foobar", "foobar",
"fiibar", "fiibar",
@ -1265,9 +1265,9 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42", "traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42",
"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.Depth": "42", "traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.Depth": "42",
"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.ExcludedIPs": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.ExcludedIPs": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware9.IPWhiteList.SourceRange": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware9.IPAllowList.SourceRange": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.Amount": "42", "traefik.HTTP.Middlewares.Middleware10.InFlightReq.Amount": "42",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.Depth": "42", "traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.Depth": "42",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.ExcludedIPs": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.ExcludedIPs": "foobar, fiibar",
@ -1360,7 +1360,7 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme": "foobar", "traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme": "foobar",
"traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0": "foobar", "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0": "foobar",
"traefik.TCP.Middlewares.Middleware0.IPWhiteList.SourceRange": "foobar, fiibar", "traefik.TCP.Middlewares.Middleware0.IPAllowList.SourceRange": "foobar, fiibar",
"traefik.TCP.Middlewares.Middleware2.InFlightConn.Amount": "42", "traefik.TCP.Middlewares.Middleware2.InFlightConn.Amount": "42",
"traefik.TCP.Routers.Router0.Rule": "foobar", "traefik.TCP.Routers.Router0.Rule": "foobar",
"traefik.TCP.Routers.Router0.Priority": "42", "traefik.TCP.Routers.Router0.Priority": "42",

View file

@ -11,25 +11,25 @@ import (
func TestIsAuthorized(t *testing.T) { func TestIsAuthorized(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
whiteList []string allowList []string
remoteAddr string remoteAddr string
authorized bool authorized bool
}{ }{
{ {
desc: "remoteAddr not in range", desc: "remoteAddr not in range",
whiteList: []string{"1.2.3.4/24"}, allowList: []string{"1.2.3.4/24"},
remoteAddr: "10.2.3.1:123", remoteAddr: "10.2.3.1:123",
authorized: false, authorized: false,
}, },
{ {
desc: "remoteAddr in range", desc: "remoteAddr in range",
whiteList: []string{"1.2.3.4/24"}, allowList: []string{"1.2.3.4/24"},
remoteAddr: "1.2.3.1:123", remoteAddr: "1.2.3.1:123",
authorized: true, authorized: true,
}, },
{ {
desc: "octal ip in remoteAddr", desc: "octal ip in remoteAddr",
whiteList: []string{"127.2.3.4/24"}, allowList: []string{"127.2.3.4/24"},
remoteAddr: "0127.2.3.1:123", remoteAddr: "0127.2.3.1:123",
authorized: false, authorized: false,
}, },
@ -40,7 +40,7 @@ func TestIsAuthorized(t *testing.T) {
t.Run(test.desc, func(t *testing.T) { t.Run(test.desc, func(t *testing.T) {
t.Parallel() t.Parallel()
ipChecker, err := NewChecker(test.whiteList) ipChecker, err := NewChecker(test.allowList)
require.NoError(t, err) require.NoError(t, err)
err = ipChecker.IsAuthorized(test.remoteAddr) err = ipChecker.IsAuthorized(test.remoteAddr)

View file

@ -1,4 +1,4 @@
package ipwhitelist package ipallowlist
import ( import (
"context" "context"
@ -15,29 +15,29 @@ import (
) )
const ( const (
typeName = "IPWhiteLister" typeName = "IPAllowLister"
) )
// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists. // ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists.
type ipWhiteLister struct { type ipAllowLister struct {
next http.Handler next http.Handler
whiteLister *ip.Checker allowLister *ip.Checker
strategy ip.Strategy strategy ip.Strategy
name string name string
} }
// New builds a new IPWhiteLister given a list of CIDR-Strings to whitelist. // New builds a new IPAllowLister given a list of CIDR-Strings to allow.
func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, name string) (http.Handler, error) { func New(ctx context.Context, next http.Handler, config dynamic.IPAllowList, name string) (http.Handler, error) {
logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName)) logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName))
logger.Debug("Creating middleware") logger.Debug("Creating middleware")
if len(config.SourceRange) == 0 { if len(config.SourceRange) == 0 {
return nil, errors.New("sourceRange is empty, IPWhiteLister not created") return nil, errors.New("sourceRange is empty, IPAllowLister not created")
} }
checker, err := ip.NewChecker(config.SourceRange) checker, err := ip.NewChecker(config.SourceRange)
if err != nil { if err != nil {
return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err) return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err)
} }
strategy, err := config.IPStrategy.Get() strategy, err := config.IPStrategy.Get()
@ -45,26 +45,26 @@ func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, nam
return nil, err return nil, err
} }
logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange) logger.Debugf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange)
return &ipWhiteLister{ return &ipAllowLister{
strategy: strategy, strategy: strategy,
whiteLister: checker, allowLister: checker,
next: next, next: next,
name: name, name: name,
}, nil }, nil
} }
func (wl *ipWhiteLister) GetTracingInformation() (string, ext.SpanKindEnum) { func (al *ipAllowLister) GetTracingInformation() (string, ext.SpanKindEnum) {
return wl.name, tracing.SpanKindNoneEnum return al.name, tracing.SpanKindNoneEnum
} }
func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) { func (al *ipAllowLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
ctx := middlewares.GetLoggerCtx(req.Context(), wl.name, typeName) ctx := middlewares.GetLoggerCtx(req.Context(), al.name, typeName)
logger := log.FromContext(ctx) logger := log.FromContext(ctx)
clientIP := wl.strategy.GetIP(req) clientIP := al.strategy.GetIP(req)
err := wl.whiteLister.IsAuthorized(clientIP) err := al.allowLister.IsAuthorized(clientIP)
if err != nil { if err != nil {
msg := fmt.Sprintf("Rejecting IP %s: %v", clientIP, err) msg := fmt.Sprintf("Rejecting IP %s: %v", clientIP, err)
logger.Debug(msg) logger.Debug(msg)
@ -74,7 +74,7 @@ func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
} }
logger.Debugf("Accepting IP %s", clientIP) logger.Debugf("Accepting IP %s", clientIP)
wl.next.ServeHTTP(rw, req) al.next.ServeHTTP(rw, req)
} }
func reject(ctx context.Context, rw http.ResponseWriter) { func reject(ctx context.Context, rw http.ResponseWriter) {

View file

@ -1,4 +1,4 @@
package ipwhitelist package ipallowlist
import ( import (
"context" "context"
@ -11,22 +11,22 @@ import (
"github.com/traefik/traefik/v2/pkg/config/dynamic" "github.com/traefik/traefik/v2/pkg/config/dynamic"
) )
func TestNewIPWhiteLister(t *testing.T) { func TestNewIPAllowLister(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
whiteList dynamic.IPWhiteList allowList dynamic.IPAllowList
expectedError bool expectedError bool
}{ }{
{ {
desc: "invalid IP", desc: "invalid IP",
whiteList: dynamic.IPWhiteList{ allowList: dynamic.IPAllowList{
SourceRange: []string{"foo"}, SourceRange: []string{"foo"},
}, },
expectedError: true, expectedError: true,
}, },
{ {
desc: "valid IP", desc: "valid IP",
whiteList: dynamic.IPWhiteList{ allowList: dynamic.IPAllowList{
SourceRange: []string{"10.10.10.10"}, SourceRange: []string{"10.10.10.10"},
}, },
}, },
@ -38,28 +38,28 @@ func TestNewIPWhiteLister(t *testing.T) {
t.Parallel() t.Parallel()
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}) next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
if test.expectedError { if test.expectedError {
assert.Error(t, err) assert.Error(t, err)
} else { } else {
require.NoError(t, err) require.NoError(t, err)
assert.NotNil(t, whiteLister) assert.NotNil(t, allowLister)
} }
}) })
} }
} }
func TestIPWhiteLister_ServeHTTP(t *testing.T) { func TestIPAllowLister_ServeHTTP(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
whiteList dynamic.IPWhiteList allowList dynamic.IPAllowList
remoteAddr string remoteAddr string
expected int expected int
}{ }{
{ {
desc: "authorized with remote address", desc: "authorized with remote address",
whiteList: dynamic.IPWhiteList{ allowList: dynamic.IPAllowList{
SourceRange: []string{"20.20.20.20"}, SourceRange: []string{"20.20.20.20"},
}, },
remoteAddr: "20.20.20.20:1234", remoteAddr: "20.20.20.20:1234",
@ -67,7 +67,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
}, },
{ {
desc: "non authorized with remote address", desc: "non authorized with remote address",
whiteList: dynamic.IPWhiteList{ allowList: dynamic.IPAllowList{
SourceRange: []string{"20.20.20.20"}, SourceRange: []string{"20.20.20.20"},
}, },
remoteAddr: "20.20.20.21:1234", remoteAddr: "20.20.20.21:1234",
@ -81,7 +81,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
t.Parallel() t.Parallel()
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}) next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
require.NoError(t, err) require.NoError(t, err)
recorder := httptest.NewRecorder() recorder := httptest.NewRecorder()
@ -92,7 +92,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
req.RemoteAddr = test.remoteAddr req.RemoteAddr = test.remoteAddr
} }
whiteLister.ServeHTTP(recorder, req) allowLister.ServeHTTP(recorder, req)
assert.Equal(t, test.expected, recorder.Code) assert.Equal(t, test.expected, recorder.Code)
}) })

View file

@ -1,4 +1,4 @@
package tcpipwhitelist package tcpipallowlist
import ( import (
"context" "context"
@ -13,46 +13,46 @@ import (
) )
const ( const (
typeName = "IPWhiteListerTCP" typeName = "IPAllowListerTCP"
) )
// ipWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists. // ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists.
type ipWhiteLister struct { type ipAllowLister struct {
next tcp.Handler next tcp.Handler
whiteLister *ip.Checker allowLister *ip.Checker
name string name string
} }
// New builds a new TCP IPWhiteLister given a list of CIDR-Strings to whitelist. // New builds a new TCP IPAllowLister given a list of CIDR-Strings to allow.
func New(ctx context.Context, next tcp.Handler, config dynamic.TCPIPWhiteList, name string) (tcp.Handler, error) { func New(ctx context.Context, next tcp.Handler, config dynamic.TCPIPAllowList, name string) (tcp.Handler, error) {
logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName)) logger := log.FromContext(middlewares.GetLoggerCtx(ctx, name, typeName))
logger.Debug("Creating middleware") logger.Debug("Creating middleware")
if len(config.SourceRange) == 0 { if len(config.SourceRange) == 0 {
return nil, errors.New("sourceRange is empty, IPWhiteLister not created") return nil, errors.New("sourceRange is empty, IPAllowLister not created")
} }
checker, err := ip.NewChecker(config.SourceRange) checker, err := ip.NewChecker(config.SourceRange)
if err != nil { if err != nil {
return nil, fmt.Errorf("cannot parse CIDR whitelist %s: %w", config.SourceRange, err) return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err)
} }
logger.Debugf("Setting up IPWhiteLister with sourceRange: %s", config.SourceRange) logger.Debugf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange)
return &ipWhiteLister{ return &ipAllowLister{
whiteLister: checker, allowLister: checker,
next: next, next: next,
name: name, name: name,
}, nil }, nil
} }
func (wl *ipWhiteLister) ServeTCP(conn tcp.WriteCloser) { func (al *ipAllowLister) ServeTCP(conn tcp.WriteCloser) {
ctx := middlewares.GetLoggerCtx(context.Background(), wl.name, typeName) ctx := middlewares.GetLoggerCtx(context.Background(), al.name, typeName)
logger := log.FromContext(ctx) logger := log.FromContext(ctx)
addr := conn.RemoteAddr().String() addr := conn.RemoteAddr().String()
err := wl.whiteLister.IsAuthorized(addr) err := al.allowLister.IsAuthorized(addr)
if err != nil { if err != nil {
logger.Errorf("Connection from %s rejected: %v", addr, err) logger.Errorf("Connection from %s rejected: %v", addr, err)
conn.Close() conn.Close()
@ -61,5 +61,5 @@ func (wl *ipWhiteLister) ServeTCP(conn tcp.WriteCloser) {
logger.Debugf("Connection from %s accepted", addr) logger.Debugf("Connection from %s accepted", addr)
wl.next.ServeTCP(conn) al.next.ServeTCP(conn)
} }

View file

@ -1,4 +1,4 @@
package tcpipwhitelist package tcpipallowlist
import ( import (
"context" "context"
@ -12,27 +12,27 @@ import (
"github.com/traefik/traefik/v2/pkg/tcp" "github.com/traefik/traefik/v2/pkg/tcp"
) )
func TestNewIPWhiteLister(t *testing.T) { func TestNewIPAllowLister(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
whiteList dynamic.TCPIPWhiteList allowList dynamic.TCPIPAllowList
expectedError bool expectedError bool
}{ }{
{ {
desc: "Empty config", desc: "Empty config",
whiteList: dynamic.TCPIPWhiteList{}, allowList: dynamic.TCPIPAllowList{},
expectedError: true, expectedError: true,
}, },
{ {
desc: "invalid IP", desc: "invalid IP",
whiteList: dynamic.TCPIPWhiteList{ allowList: dynamic.TCPIPAllowList{
SourceRange: []string{"foo"}, SourceRange: []string{"foo"},
}, },
expectedError: true, expectedError: true,
}, },
{ {
desc: "valid IP", desc: "valid IP",
whiteList: dynamic.TCPIPWhiteList{ allowList: dynamic.TCPIPAllowList{
SourceRange: []string{"10.10.10.10"}, SourceRange: []string{"10.10.10.10"},
}, },
}, },
@ -44,28 +44,28 @@ func TestNewIPWhiteLister(t *testing.T) {
t.Parallel() t.Parallel()
next := tcp.HandlerFunc(func(conn tcp.WriteCloser) {}) next := tcp.HandlerFunc(func(conn tcp.WriteCloser) {})
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
if test.expectedError { if test.expectedError {
assert.Error(t, err) assert.Error(t, err)
} else { } else {
require.NoError(t, err) require.NoError(t, err)
assert.NotNil(t, whiteLister) assert.NotNil(t, allowLister)
} }
}) })
} }
} }
func TestIPWhiteLister_ServeHTTP(t *testing.T) { func TestIPAllowLister_ServeHTTP(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
whiteList dynamic.TCPIPWhiteList allowList dynamic.TCPIPAllowList
remoteAddr string remoteAddr string
expected string expected string
}{ }{
{ {
desc: "authorized with remote address", desc: "authorized with remote address",
whiteList: dynamic.TCPIPWhiteList{ allowList: dynamic.TCPIPAllowList{
SourceRange: []string{"20.20.20.20"}, SourceRange: []string{"20.20.20.20"},
}, },
remoteAddr: "20.20.20.20:1234", remoteAddr: "20.20.20.20:1234",
@ -73,7 +73,7 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
}, },
{ {
desc: "non authorized with remote address", desc: "non authorized with remote address",
whiteList: dynamic.TCPIPWhiteList{ allowList: dynamic.TCPIPAllowList{
SourceRange: []string{"20.20.20.20"}, SourceRange: []string{"20.20.20.20"},
}, },
remoteAddr: "20.20.20.21:1234", remoteAddr: "20.20.20.21:1234",
@ -94,13 +94,13 @@ func TestIPWhiteLister_ServeHTTP(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
}) })
whiteLister, err := New(context.Background(), next, test.whiteList, "traefikTest") allowLister, err := New(context.Background(), next, test.allowList, "traefikTest")
require.NoError(t, err) require.NoError(t, err)
server, client := net.Pipe() server, client := net.Pipe()
go func() { go func() {
whiteLister.ServeTCP(&contextWriteCloser{client, addr{test.remoteAddr}}) allowLister.ServeTCP(&contextWriteCloser{client, addr{test.remoteAddr}})
}() }()
read, err := io.ReadAll(server) read, err := io.ReadAll(server)

View file

@ -2022,7 +2022,7 @@ func Test_buildConfiguration(t *testing.T) {
Name: "Test", Name: "Test",
Labels: map[string]string{ Labels: map[string]string{
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.routers.Test.middlewares": "Middleware1", "traefik.tcp.routers.Test.middlewares": "Middleware1",
}, },
Address: "127.0.0.1", Address: "127.0.0.1",
@ -2041,7 +2041,7 @@ func Test_buildConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": { "Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },

View file

@ -2611,7 +2611,7 @@ func Test_buildConfiguration(t *testing.T) {
Name: "Test", Name: "Test",
Labels: map[string]string{ Labels: map[string]string{
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.routers.Test.middlewares": "Middleware1", "traefik.tcp.routers.Test.middlewares": "Middleware1",
}, },
NetworkSettings: networkSettings{ NetworkSettings: networkSettings{
@ -2638,7 +2638,7 @@ func Test_buildConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": { "Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },

View file

@ -2333,7 +2333,7 @@ func Test_buildConfiguration(t *testing.T) {
name("Test"), name("Test"),
labels(map[string]string{ labels(map[string]string{
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.routers.Test.middlewares": "Middleware1", "traefik.tcp.routers.Test.middlewares": "Middleware1",
}), }),
iMachine( iMachine(
@ -2356,7 +2356,7 @@ func Test_buildConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": { "Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },

View file

@ -1,10 +1,10 @@
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
namespace: default namespace: default
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
@ -12,10 +12,10 @@ spec:
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
namespace: foo namespace: foo
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
--- ---
@ -36,6 +36,6 @@ spec:
port: 8000 port: 8000
middlewares: middlewares:
- name: ipwhitelist - name: ipallowlist
- name: ipwhitelist - name: ipallowlist
namespace: foo namespace: foo

View file

@ -1,10 +1,10 @@
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
namespace: default namespace: default
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
@ -12,10 +12,10 @@ spec:
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
namespace: foo namespace: foo
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
--- ---
@ -36,9 +36,9 @@ spec:
port: 8000 port: 8000
middlewares: middlewares:
- name: ipwhitelist - name: ipallowlist
- name: ipwhitelist - name: ipallowlist
namespace: foo namespace: foo
- name: ipwhitelist@file - name: ipallowlist@file
- name: ipwhitelist-foo@file - name: ipallowlist-foo@file
namespace: foo namespace: foo

View file

@ -4,7 +4,7 @@ metadata:
name: multiple---hyphens name: multiple---hyphens
namespace: default namespace: default
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32

View file

@ -1,10 +1,10 @@
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
namespace: default namespace: default
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
@ -12,10 +12,10 @@ spec:
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
namespace: cross-ns namespace: cross-ns
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
--- ---
@ -36,7 +36,7 @@ spec:
port: 8000 port: 8000
middlewares: middlewares:
- name: ipwhitelist - name: ipallowlist
- match: HostSNI(`bar.com`) - match: HostSNI(`bar.com`)
services: services:
@ -44,5 +44,5 @@ spec:
port: 8000 port: 8000
middlewares: middlewares:
- name: ipwhitelist - name: ipallowlist
namespace: cross-ns namespace: cross-ns

View file

@ -263,7 +263,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
ReplacePath: middleware.Spec.ReplacePath, ReplacePath: middleware.Spec.ReplacePath,
ReplacePathRegex: middleware.Spec.ReplacePathRegex, ReplacePathRegex: middleware.Spec.ReplacePathRegex,
Chain: createChainMiddleware(ctxMid, middleware.Namespace, middleware.Spec.Chain), Chain: createChainMiddleware(ctxMid, middleware.Namespace, middleware.Spec.Chain),
IPWhiteList: middleware.Spec.IPWhiteList, IPAllowList: middleware.Spec.IPAllowList,
Headers: middleware.Spec.Headers, Headers: middleware.Spec.Headers,
Errors: errorPage, Errors: errorPage,
RateLimit: rateLimit, RateLimit: rateLimit,
@ -288,7 +288,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
conf.TCP.Middlewares[id] = &dynamic.TCPMiddleware{ conf.TCP.Middlewares[id] = &dynamic.TCPMiddleware{
InFlightConn: middlewareTCP.Spec.InFlightConn, InFlightConn: middlewareTCP.Spec.InFlightConn,
IPWhiteList: middlewareTCP.Spec.IPWhiteList, IPAllowList: middlewareTCP.Spec.IPAllowList,
} }
} }

View file

@ -119,18 +119,18 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
"default-test.route-fdd3e9338e47a45efefc": { "default-test.route-fdd3e9338e47a45efefc": {
EntryPoints: []string{"foo"}, EntryPoints: []string{"foo"},
Service: "default-test.route-fdd3e9338e47a45efefc", Service: "default-test.route-fdd3e9338e47a45efefc",
Middlewares: []string{"default-ipwhitelist", "foo-ipwhitelist"}, Middlewares: []string{"default-ipallowlist", "foo-ipallowlist"},
Rule: "HostSNI(`foo.com`)", Rule: "HostSNI(`foo.com`)",
}, },
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"default-ipwhitelist": { "default-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
"foo-ipwhitelist": { "foo-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -178,7 +178,7 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"default-multiple-hyphens": { "default-multiple-hyphens": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -220,18 +220,18 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
"default-test.route-fdd3e9338e47a45efefc": { "default-test.route-fdd3e9338e47a45efefc": {
EntryPoints: []string{"foo"}, EntryPoints: []string{"foo"},
Service: "default-test.route-fdd3e9338e47a45efefc", Service: "default-test.route-fdd3e9338e47a45efefc",
Middlewares: []string{"default-ipwhitelist", "foo-ipwhitelist", "ipwhitelist@file", "ipwhitelist-foo@file"}, Middlewares: []string{"default-ipallowlist", "foo-ipallowlist", "ipallowlist@file", "ipallowlist-foo@file"},
Rule: "HostSNI(`foo.com`)", Rule: "HostSNI(`foo.com`)",
}, },
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"default-ipwhitelist": { "default-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
"foo-ipwhitelist": { "foo-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -5459,18 +5459,18 @@ func TestCrossNamespace(t *testing.T) {
"default-test.route-fdd3e9338e47a45efefc": { "default-test.route-fdd3e9338e47a45efefc": {
EntryPoints: []string{"foo"}, EntryPoints: []string{"foo"},
Service: "default-test.route-fdd3e9338e47a45efefc", Service: "default-test.route-fdd3e9338e47a45efefc",
Middlewares: []string{"default-ipwhitelist"}, Middlewares: []string{"default-ipallowlist"},
Rule: "HostSNI(`foo.com`)", Rule: "HostSNI(`foo.com`)",
}, },
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"default-ipwhitelist": { "default-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
"cross-ns-ipwhitelist": { "cross-ns-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
@ -5513,24 +5513,24 @@ func TestCrossNamespace(t *testing.T) {
"default-test.route-fdd3e9338e47a45efefc": { "default-test.route-fdd3e9338e47a45efefc": {
EntryPoints: []string{"foo"}, EntryPoints: []string{"foo"},
Service: "default-test.route-fdd3e9338e47a45efefc", Service: "default-test.route-fdd3e9338e47a45efefc",
Middlewares: []string{"default-ipwhitelist"}, Middlewares: []string{"default-ipallowlist"},
Rule: "HostSNI(`foo.com`)", Rule: "HostSNI(`foo.com`)",
}, },
"default-test.route-f44ce589164e656d231c": { "default-test.route-f44ce589164e656d231c": {
EntryPoints: []string{"foo"}, EntryPoints: []string{"foo"},
Service: "default-test.route-f44ce589164e656d231c", Service: "default-test.route-f44ce589164e656d231c",
Middlewares: []string{"cross-ns-ipwhitelist"}, Middlewares: []string{"cross-ns-ipallowlist"},
Rule: "HostSNI(`bar.com`)", Rule: "HostSNI(`bar.com`)",
}, },
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"default-ipwhitelist": { "default-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },
"cross-ns-ipwhitelist": { "cross-ns-ipallowlist": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"127.0.0.1/32"}, SourceRange: []string{"127.0.0.1/32"},
}, },
}, },

View file

@ -32,7 +32,7 @@ type MiddlewareSpec struct {
ReplacePath *dynamic.ReplacePath `json:"replacePath,omitempty"` ReplacePath *dynamic.ReplacePath `json:"replacePath,omitempty"`
ReplacePathRegex *dynamic.ReplacePathRegex `json:"replacePathRegex,omitempty"` ReplacePathRegex *dynamic.ReplacePathRegex `json:"replacePathRegex,omitempty"`
Chain *Chain `json:"chain,omitempty"` Chain *Chain `json:"chain,omitempty"`
IPWhiteList *dynamic.IPWhiteList `json:"ipWhiteList,omitempty"` IPAllowList *dynamic.IPAllowList `json:"ipAllowList,omitempty"`
Headers *dynamic.Headers `json:"headers,omitempty"` Headers *dynamic.Headers `json:"headers,omitempty"`
Errors *ErrorPage `json:"errors,omitempty"` Errors *ErrorPage `json:"errors,omitempty"`
RateLimit *RateLimit `json:"rateLimit,omitempty"` RateLimit *RateLimit `json:"rateLimit,omitempty"`

View file

@ -25,8 +25,8 @@ type MiddlewareTCP struct {
type MiddlewareTCPSpec struct { type MiddlewareTCPSpec struct {
// InFlightConn defines the InFlightConn middleware configuration. // InFlightConn defines the InFlightConn middleware configuration.
InFlightConn *dynamic.TCPInFlightConn `json:"inFlightConn,omitempty"` InFlightConn *dynamic.TCPInFlightConn `json:"inFlightConn,omitempty"`
// IPWhiteList defines the IPWhiteList middleware configuration. // IPAllowList defines the IPAllowList middleware configuration.
IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"` IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"`
} }
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

View file

@ -689,9 +689,9 @@ func (in *MiddlewareSpec) DeepCopyInto(out *MiddlewareSpec) {
*out = new(Chain) *out = new(Chain)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
if in.IPWhiteList != nil { if in.IPAllowList != nil {
in, out := &in.IPWhiteList, &out.IPWhiteList in, out := &in.IPAllowList, &out.IPAllowList
*out = new(dynamic.IPWhiteList) *out = new(dynamic.IPAllowList)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
if in.Headers != nil { if in.Headers != nil {
@ -857,9 +857,9 @@ func (in *MiddlewareTCPSpec) DeepCopyInto(out *MiddlewareTCPSpec) {
*out = new(dynamic.TCPInFlightConn) *out = new(dynamic.TCPInFlightConn)
**out = **in **out = **in
} }
if in.IPWhiteList != nil { if in.IPAllowList != nil {
in, out := &in.IPWhiteList, &out.IPWhiteList in, out := &in.IPAllowList, &out.IPAllowList
*out = new(dynamic.TCPIPWhiteList) *out = new(dynamic.TCPIPAllowList)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
return return

View file

@ -140,11 +140,11 @@ func Test_buildConfiguration(t *testing.T) {
"traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name0": "foobar", "traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name0": "foobar",
"traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name1": "foobar", "traefik/http/middlewares/Middleware09/headers/customRequestHeaders/name1": "foobar",
"traefik/http/middlewares/Middleware09/headers/browserXssFilter": "true", "traefik/http/middlewares/Middleware09/headers/browserXssFilter": "true",
"traefik/http/middlewares/Middleware10/ipWhiteList/sourceRange/0": "foobar", "traefik/http/middlewares/Middleware10/ipAllowList/sourceRange/0": "foobar",
"traefik/http/middlewares/Middleware10/ipWhiteList/sourceRange/1": "foobar", "traefik/http/middlewares/Middleware10/ipAllowList/sourceRange/1": "foobar",
"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/excludedIPs/0": "foobar", "traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/excludedIPs/0": "foobar",
"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/excludedIPs/1": "foobar", "traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/excludedIPs/1": "foobar",
"traefik/http/middlewares/Middleware10/ipWhiteList/ipStrategy/depth": "42", "traefik/http/middlewares/Middleware10/ipAllowList/ipStrategy/depth": "42",
"traefik/http/middlewares/Middleware11/inFlightReq/amount": "42", "traefik/http/middlewares/Middleware11/inFlightReq/amount": "42",
"traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/requestHost": "true", "traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/requestHost": "true",
"traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/ipStrategy/depth": "42", "traefik/http/middlewares/Middleware11/inFlightReq/sourceCriterion/ipStrategy/depth": "42",
@ -340,7 +340,7 @@ func Test_buildConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.Middleware{ Middlewares: map[string]*dynamic.Middleware{
"Middleware10": { "Middleware10": {
IPWhiteList: &dynamic.IPWhiteList{ IPAllowList: &dynamic.IPAllowList{
SourceRange: []string{ SourceRange: []string{
"foobar", "foobar",
"foobar", "foobar",

View file

@ -196,14 +196,14 @@ func TestBuildConfiguration(t *testing.T) {
}, },
}, },
{ {
desc: "TCP with IP whitelist", desc: "TCP with IP allowlist",
applications: withApplications( applications: withApplications(
application( application(
appID("/app"), appID("/app"),
appPorts(80), appPorts(80),
withLabel("traefik.tcp.routers.Test.rule", "HostSNI(`foo.bar`)"), withLabel("traefik.tcp.routers.Test.rule", "HostSNI(`foo.bar`)"),
withLabel("traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange", "foobar, fiibar"), withLabel("traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange", "foobar, fiibar"),
withLabel("traefik.tcp.routers.Test.middlewares", "Middleware1"), withLabel("traefik.tcp.routers.Test.middlewares", "Middleware1"),
withTasks(localhostTask(taskPorts(80))), withTasks(localhostTask(taskPorts(80))),
)), )),
@ -218,7 +218,7 @@ func TestBuildConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": { "Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },

View file

@ -1621,7 +1621,7 @@ func Test_buildConfig(t *testing.T) {
Name: "Test", Name: "Test",
Tags: []string{ Tags: []string{
"traefik.tcp.routers.Test.rule = HostSNI(`foo.bar`)", "traefik.tcp.routers.Test.rule = HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange = foobar, fiibar", "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange = foobar, fiibar",
"traefik.tcp.routers.Test.middlewares = Middleware1", "traefik.tcp.routers.Test.middlewares = Middleware1",
}, },
Address: "127.0.0.1", Address: "127.0.0.1",
@ -1640,7 +1640,7 @@ func Test_buildConfig(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": { "Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },

View file

@ -508,7 +508,7 @@ func Test_buildConfiguration(t *testing.T) {
Name: "Test", Name: "Test",
Labels: map[string]string{ Labels: map[string]string{
"traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)", "traefik.tcp.routers.Test.rule": "HostSNI(`foo.bar`)",
"traefik.tcp.middlewares.Middleware1.ipwhitelist.sourcerange": "foobar, fiibar", "traefik.tcp.middlewares.Middleware1.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.tcp.routers.Test.middlewares": "Middleware1", "traefik.tcp.routers.Test.middlewares": "Middleware1",
}, },
Port: "80/tcp", Port: "80/tcp",
@ -528,7 +528,7 @@ func Test_buildConfiguration(t *testing.T) {
}, },
Middlewares: map[string]*dynamic.TCPMiddleware{ Middlewares: map[string]*dynamic.TCPMiddleware{
"Middleware1": { "Middleware1": {
IPWhiteList: &dynamic.TCPIPWhiteList{ IPAllowList: &dynamic.TCPIPAllowList{
SourceRange: []string{"foobar", "fiibar"}, SourceRange: []string{"foobar", "fiibar"},
}, },
}, },

View file

@ -191,7 +191,7 @@ func init() {
Chain: &dynamic.Chain{ Chain: &dynamic.Chain{
Middlewares: []string{"foo"}, Middlewares: []string{"foo"},
}, },
IPWhiteList: &dynamic.IPWhiteList{ IPAllowList: &dynamic.IPAllowList{
SourceRange: []string{"foo"}, SourceRange: []string{"foo"},
IPStrategy: &dynamic.IPStrategy{ IPStrategy: &dynamic.IPStrategy{
Depth: 42, Depth: 42,

View file

@ -119,7 +119,7 @@
"foo" "foo"
] ]
}, },
"ipWhiteList": { "ipAllowList": {
"sourceRange": [ "sourceRange": [
"xxxx" "xxxx"
], ],
@ -475,4 +475,4 @@
} }
} }
} }
} }

View file

@ -119,7 +119,7 @@
"foo" "foo"
] ]
}, },
"ipWhiteList": { "ipAllowList": {
"sourceRange": [ "sourceRange": [
"foo" "foo"
], ],
@ -483,4 +483,4 @@
} }
} }
} }
} }

View file

@ -19,7 +19,7 @@ import (
"github.com/traefik/traefik/v2/pkg/middlewares/customerrors" "github.com/traefik/traefik/v2/pkg/middlewares/customerrors"
"github.com/traefik/traefik/v2/pkg/middlewares/headers" "github.com/traefik/traefik/v2/pkg/middlewares/headers"
"github.com/traefik/traefik/v2/pkg/middlewares/inflightreq" "github.com/traefik/traefik/v2/pkg/middlewares/inflightreq"
"github.com/traefik/traefik/v2/pkg/middlewares/ipwhitelist" "github.com/traefik/traefik/v2/pkg/middlewares/ipallowlist"
"github.com/traefik/traefik/v2/pkg/middlewares/passtlsclientcert" "github.com/traefik/traefik/v2/pkg/middlewares/passtlsclientcert"
"github.com/traefik/traefik/v2/pkg/middlewares/ratelimiter" "github.com/traefik/traefik/v2/pkg/middlewares/ratelimiter"
"github.com/traefik/traefik/v2/pkg/middlewares/redirect" "github.com/traefik/traefik/v2/pkg/middlewares/redirect"
@ -229,13 +229,13 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (
} }
} }
// IPWhiteList // IPAllowList
if config.IPWhiteList != nil { if config.IPAllowList != nil {
if middleware != nil { if middleware != nil {
return nil, badConf return nil, badConf
} }
middleware = func(next http.Handler) (http.Handler, error) { middleware = func(next http.Handler) (http.Handler, error) {
return ipwhitelist.New(ctx, next, *config.IPWhiteList, middlewareName) return ipallowlist.New(ctx, next, *config.IPAllowList, middlewareName)
} }
} }

View file

@ -7,7 +7,7 @@ import (
"github.com/traefik/traefik/v2/pkg/config/runtime" "github.com/traefik/traefik/v2/pkg/config/runtime"
inflightconn "github.com/traefik/traefik/v2/pkg/middlewares/tcp/inflightconn" inflightconn "github.com/traefik/traefik/v2/pkg/middlewares/tcp/inflightconn"
ipwhitelist "github.com/traefik/traefik/v2/pkg/middlewares/tcp/ipwhitelist" ipallowlist "github.com/traefik/traefik/v2/pkg/middlewares/tcp/ipallowlist"
"github.com/traefik/traefik/v2/pkg/server/provider" "github.com/traefik/traefik/v2/pkg/server/provider"
"github.com/traefik/traefik/v2/pkg/tcp" "github.com/traefik/traefik/v2/pkg/tcp"
) )
@ -94,10 +94,10 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (
} }
} }
// IPWhiteList // IPAllowList
if config.IPWhiteList != nil { if config.IPAllowList != nil {
middleware = func(next tcp.Handler) (tcp.Handler, error) { middleware = func(next tcp.Handler) (tcp.Handler, error) {
return ipwhitelist.New(ctx, next, *config.IPWhiteList, middlewareName) return ipallowlist.New(ctx, next, *config.IPAllowList, middlewareName)
} }
} }

View file

@ -675,8 +675,8 @@
</div> </div>
</q-card-section> </q-card-section>
<!-- EXTRA FIELDS FROM MIDDLEWARES - [ipWhiteList] - sourceRange --> <!-- EXTRA FIELDS FROM MIDDLEWARES - [ipAllowList] - sourceRange -->
<q-card-section v-if="middleware.ipWhiteList"> <q-card-section v-if="middleware.ipAllowList">
<div class="row items-start no-wrap"> <div class="row items-start no-wrap">
<div class="col"> <div class="col">
<div class="text-subtitle2">Source Range</div> <div class="text-subtitle2">Source Range</div>
@ -689,8 +689,8 @@
</div> </div>
</div> </div>
</q-card-section> </q-card-section>
<!-- EXTRA FIELDS FROM MIDDLEWARES - [ipWhiteList] - ipStrategy --> <!-- EXTRA FIELDS FROM MIDDLEWARES - [ipAllowList] - ipStrategy -->
<q-card-section v-if="middleware.ipWhiteList"> <q-card-section v-if="middleware.ipAllowList">
<div class="row items-start"> <div class="row items-start">
<div class="col-12"> <div class="col-12">
<div class="text-subtitle2">IP Strategy</div> <div class="text-subtitle2">IP Strategy</div>
@ -1076,8 +1076,8 @@
</q-card-section> </q-card-section>
<q-card-section v-if="protocol === 'tcp'"> <q-card-section v-if="protocol === 'tcp'">
<!-- EXTRA FIELDS FROM MIDDLEWARES - [ipWhiteList] - sourceRange --> <!-- EXTRA FIELDS FROM MIDDLEWARES - [ipAllowList] - sourceRange -->
<q-card-section v-if="middleware.ipWhiteList"> <q-card-section v-if="middleware.ipAllowList">
<div class="row items-start no-wrap"> <div class="row items-start no-wrap">
<div class="col"> <div class="col">
<div class="text-subtitle2">Source Range</div> <div class="text-subtitle2">Source Range</div>