IP whitelisting? #190
Comments
|
Sure, you could pretty easily do that with: https://github.com/travisghansen/external-auth-server/blob/master/PLUGINS.md#request_js Or a dedicated plugin could easily be created to support that as well. |
|
Oh, interesting! Kinda had thought the JS ran browser-side; that's neat. Any docs on which context the snippet runs in (vars, funcs, methods, ...)? |
|
Super easy: https://github.com/travisghansen/external-auth-server/blob/master/src/plugin/request_js/index.js#L29 You don't need to return anything, just set the values on the response object (ie: set 200). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello there!
I have been trying out a few auth proxies for Traefik but so far, none of them actually implemented whitelisting IP CIDRs.
Essentially, my kubernetes cluster runs at home and is exposed publicy. When I am at home, I would like to be able to use most of my services without needing to go through the login flow. But when I am away, or share access by creating users in Keycloak, I would like them to need to authenticate. Effectively, I want to whitelist my home network's CIDR, and enforce auth everywhere else.
Traefik is configured to receive the real request IP (with
hostNetworkand an apropriatednsPolicyand whatnot). So all that I need now is the ability to use that to figure out if it matches my home network's CIDR or not.Is that possible?
Thanks and kind regards,
Ingwie
The text was updated successfully, but these errors were encountered: