baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

docs: excludedIPs with IPWhiteList and IPAllowList middleware

Browse source
This commit is contained in:
Michel Loiseleur 2024-04-04 11:32:05 +02:00 committed by GitHub
parent 945ff9b0f9
commit d3516aec31
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 100 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
docs/content/middlewares/http/ipallowlist.md
View file

@ -8,11 +8,11 @@ description: "Learn how to use IPAllowList in HTTP middleware for limiting clien
Limiting Clients to Specific IPs Limiting Clients to Specific IPs
{: .subtitle } {: .subtitle }
IPAllowList accepts / refuses requests based on the client IP. IPAllowList limits allowed requests based on the client IP.
## Configuration Examples ## Configuration Examples
```yaml tab="Docker & Swarm" ```yaml tab="Docker"
# Accepts request from defined IP # Accepts request from defined IP
labels: labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
@ -35,6 +35,18 @@ spec:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
}
```
```yaml tab="Rancher"
# Accepts request from defined IP
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Accepts request from defined IP # Accepts request from defined IP
http: http:
@ -57,6 +69,8 @@ http:
### `sourceRange` ### `sourceRange`
_Required_
The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation). The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).
### `ipStrategy` ### `ipStrategy`
@ -83,7 +97,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` | | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` | | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
```yaml tab="Docker & Swarm" ```yaml tab="Docker"
# Allowlisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
labels: labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
@ -111,6 +125,20 @@ spec:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
``` ```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32, 192.168.1.7",
"traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth": "2"
}
```
```yaml tab="Rancher"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Allowlisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
http: http:
@ -149,9 +177,10 @@ http:
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` | | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` | | `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` |
```yaml tab="Docker & Swarm" ```yaml tab="Docker"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
labels: labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
@ -163,6 +192,9 @@ metadata:
name: test-ipallowlist name: test-ipallowlist
spec: spec:
ipAllowList: ipAllowList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.0/24
ipStrategy: ipStrategy:
excludedIPs: excludedIPs:
- 127.0.0.1/32 - 127.0.0.1/32
@ -171,6 +203,21 @@ spec:
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
"traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
}
```
```yaml tab="Rancher"
# Exclude from `X-Forwarded-For`
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
@ -180,16 +227,20 @@ http:
middlewares: middlewares:
test-ipallowlist: test-ipallowlist:
ipAllowList: ipAllowList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.0/24
ipStrategy: ipStrategy:
excludedIPs: excludedIPs:
- "127.0.0.1/32" - 127.0.0.1/32
- "192.168.1.7" - 192.168.1.7
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
[http.middlewares] [http.middlewares]
[http.middlewares.test-ipallowlist.ipAllowList] [http.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.0/24"]
[http.middlewares.test-ipallowlist.ipAllowList.ipStrategy] [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"] excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
``` ```

19
docs/content/middlewares/http/ipwhitelist.md
View file

@ -10,7 +10,7 @@ Limiting Clients to Specific IPs
![IPWhiteList](../../assets/img/middleware/ipwhitelist.png) ![IPWhiteList](../../assets/img/middleware/ipwhitelist.png)
IPWhiteList accepts / refuses requests based on the client IP. IPWhiteList limits allowed requests based on the client IP.
!!! warning !!! warning
@ -75,6 +75,8 @@ http:
### `sourceRange` ### `sourceRange`
_Required_
The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation). The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).
### `ipStrategy` ### `ipStrategy`
@ -184,6 +186,7 @@ http:
```yaml tab="Docker" ```yaml tab="Docker"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
@ -196,6 +199,9 @@ metadata:
spec: spec:
ipWhiteList: ipWhiteList:
ipStrategy: ipStrategy:
sourceRange:
- 127.0.0.1/32
- 192.168.1.0/24
excludedIPs: excludedIPs:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@ -203,11 +209,13 @@ spec:
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7" "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
} }
``` ```
@ -215,6 +223,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
@ -224,16 +233,20 @@ http:
middlewares: middlewares:
test-ipwhitelist: test-ipwhitelist:
ipWhiteList: ipWhiteList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.0/24
ipStrategy: ipStrategy:
excludedIPs: excludedIPs:
- "127.0.0.1/32" - 127.0.0.1/32
- "192.168.1.7" - 192.168.1.7
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
[http.middlewares] [http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList] [http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.0/24"]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"] excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
``` ```

2
docs/content/middlewares/tcp/ipallowlist.md
View file

@ -8,7 +8,7 @@ description: "Learn how to use IPAllowList in TCP middleware for limiting client
Limiting Clients to Specific IPs Limiting Clients to Specific IPs
{: .subtitle } {: .subtitle }
IPAllowList accepts / refuses connections based on the client IP. IPAllowList limits allowed requests based on the client IP.
## Configuration Examples ## Configuration Examples

12
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View file

@ -1241,7 +1241,7 @@ spec:
ipAllowList: ipAllowList:
description: |- description: |-
IPAllowList holds the IP allowlist middleware configuration. IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/ More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
@ -1271,7 +1271,7 @@ spec:
ipWhiteList: ipWhiteList:
description: |- description: |-
IPWhiteList holds the IP whitelist middleware configuration. IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/ More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
Deprecated: please use IPAllowList instead. Deprecated: please use IPAllowList instead.
properties: properties:
@ -1294,7 +1294,7 @@ spec:
type: object type: object
sourceRange: sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges description: SourceRange defines the set of allowed IPs (or ranges
of allowed IPs by using CIDR notation). of allowed IPs by using CIDR notation). Required.
items: items:
type: string type: string
type: array type: array
@ -3671,7 +3671,7 @@ spec:
ipAllowList: ipAllowList:
description: |- description: |-
IPAllowList holds the IP allowlist middleware configuration. IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/ More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
@ -3701,7 +3701,7 @@ spec:
ipWhiteList: ipWhiteList:
description: |- description: |-
IPWhiteList holds the IP whitelist middleware configuration. IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/ More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
Deprecated: please use IPAllowList instead. Deprecated: please use IPAllowList instead.
properties: properties:
@ -3724,7 +3724,7 @@ spec:
type: object type: object
sourceRange: sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges description: SourceRange defines the set of allowed IPs (or ranges
of allowed IPs by using CIDR notation). of allowed IPs by using CIDR notation). Required.
items: items:
type: string type: string
type: array type: array

6
docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
View file

@ -626,7 +626,7 @@ spec:
ipAllowList: ipAllowList:
description: |- description: |-
IPAllowList holds the IP allowlist middleware configuration. IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/ More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
@ -656,7 +656,7 @@ spec:
ipWhiteList: ipWhiteList:
description: |- description: |-
IPWhiteList holds the IP whitelist middleware configuration. IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/ More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
Deprecated: please use IPAllowList instead. Deprecated: please use IPAllowList instead.
properties: properties:
@ -679,7 +679,7 @@ spec:
type: object type: object
sourceRange: sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges description: SourceRange defines the set of allowed IPs (or ranges
of allowed IPs by using CIDR notation). of allowed IPs by using CIDR notation). Required.
items: items:
type: string type: string
type: array type: array

6
docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
View file

@ -626,7 +626,7 @@ spec:
ipAllowList: ipAllowList:
description: |- description: |-
IPAllowList holds the IP allowlist middleware configuration. IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/ More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
@ -656,7 +656,7 @@ spec:
ipWhiteList: ipWhiteList:
description: |- description: |-
IPWhiteList holds the IP whitelist middleware configuration. IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/ More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
Deprecated: please use IPAllowList instead. Deprecated: please use IPAllowList instead.
properties: properties:
@ -679,7 +679,7 @@ spec:
type: object type: object
sourceRange: sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges description: SourceRange defines the set of allowed IPs (or ranges
of allowed IPs by using CIDR notation). of allowed IPs by using CIDR notation). Required.
items: items:
type: string type: string
type: array type: array

12
integration/fixtures/k8s/01-traefik-crd.yml
View file

@ -1241,7 +1241,7 @@ spec:
ipAllowList: ipAllowList:
description: |- description: |-
IPAllowList holds the IP allowlist middleware configuration. IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/ More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
@ -1271,7 +1271,7 @@ spec:
ipWhiteList: ipWhiteList:
description: |- description: |-
IPWhiteList holds the IP whitelist middleware configuration. IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/ More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
Deprecated: please use IPAllowList instead. Deprecated: please use IPAllowList instead.
properties: properties:
@ -1294,7 +1294,7 @@ spec:
type: object type: object
sourceRange: sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges description: SourceRange defines the set of allowed IPs (or ranges
of allowed IPs by using CIDR notation). of allowed IPs by using CIDR notation). Required.
items: items:
type: string type: string
type: array type: array
@ -3671,7 +3671,7 @@ spec:
ipAllowList: ipAllowList:
description: |- description: |-
IPAllowList holds the IP allowlist middleware configuration. IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/ More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
@ -3701,7 +3701,7 @@ spec:
ipWhiteList: ipWhiteList:
description: |- description: |-
IPWhiteList holds the IP whitelist middleware configuration. IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/ More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
Deprecated: please use IPAllowList instead. Deprecated: please use IPAllowList instead.
properties: properties:
@ -3724,7 +3724,7 @@ spec:
type: object type: object
sourceRange: sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges description: SourceRange defines the set of allowed IPs (or ranges
of allowed IPs by using CIDR notation). of allowed IPs by using CIDR notation). Required.
items: items:
type: string type: string
type: array type: array

6
pkg/config/dynamic/middlewares.go
View file

@ -387,11 +387,11 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// IPWhiteList holds the IP whitelist middleware configuration. // IPWhiteList holds the IP whitelist middleware configuration.
// This middleware accepts / refuses requests based on the client IP. // This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/ // More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
// Deprecated: please use IPAllowList instead. // Deprecated: please use IPAllowList instead.
type IPWhiteList struct { type IPWhiteList struct {
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). // SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). Required.
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"` IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`
} }
@ -399,7 +399,7 @@ type IPWhiteList struct {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// IPAllowList holds the IP allowlist middleware configuration. // IPAllowList holds the IP allowlist middleware configuration.
// This middleware accepts / refuses requests based on the client IP. // This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/ // More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
type IPAllowList struct { type IPAllowList struct {
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). // SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).

5
pkg/config/dynamic/tcp_middlewares.go
View file

@ -24,6 +24,9 @@ type TCPInFlightConn struct {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// TCPIPWhiteList holds the TCP IPWhiteList middleware configuration. // TCPIPWhiteList holds the TCP IPWhiteList middleware configuration.
// This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
// Deprecated: please use IPAllowList instead.
type TCPIPWhiteList struct { type TCPIPWhiteList struct {
// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation). // SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
@ -32,6 +35,8 @@ type TCPIPWhiteList struct {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// TCPIPAllowList holds the TCP IPAllowList middleware configuration. // TCPIPAllowList holds the TCP IPAllowList middleware configuration.
// This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/
type TCPIPAllowList struct { type TCPIPAllowList struct {
// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation). // SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`