forked from praxis-proxy/praxis
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathip-acl.yaml
More file actions
47 lines (43 loc) · 1.21 KB
/
Copy pathip-acl.yaml
File metadata and controls
47 lines (43 loc) · 1.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# IP Access Control List (ACL)
#
# Allow or deny requests by source IP/CIDR. When `allow` is set,
# only matching IPs are permitted (implicit deny-all). Use `deny`
# to block specific IPs while allowing everything else. Both
# IPv4 and IPv6 CIDR ranges are supported. Configuring both
# `allow` and `deny` is rejected as an error.
#
# Usage:
# cargo run -p praxis -- -c examples/configs/security/ip-acl.yaml
#
# Exercise:
# curl http://localhost:8080/ # allowed (loopback)
# curl http://localhost:8080/admin # allowed (loopback)
listeners:
- name: default
address: "127.0.0.1:8080"
filter_chains:
- main
filter_chains:
- name: main
filters:
- filter: ip_acl
allow:
# IPv4 loopback
- "127.0.0.0/8"
# IPv4 ranges
- "10.0.0.0/8"
# IPv6 loopback
- "::1/128"
# IPv6 Unique Local Address (ULA) range
- "fd00::/8"
# IPv6 documentation prefix (RFC 3849)
- "2001:db8::/32"
- filter: router
routes:
- path_prefix: "/"
cluster: backend
- filter: load_balancer
clusters:
- name: backend
endpoints:
- "127.0.0.1:3000"