-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IP whitelisting? #190
Comments
Sure, you could pretty easily do that with: https://github.com/travisghansen/external-auth-server/blob/master/PLUGINS.md#request_js Or a dedicated plugin could easily be created to support that as well. |
Oh, interesting! Kinda had thought the JS ran browser-side; that's neat. Any docs on which context the snippet runs in (vars, funcs, methods, ...)? |
Super easy: https://github.com/travisghansen/external-auth-server/blob/master/src/plugin/request_js/index.js#L29 You don't need to return anything, just set the values on the response object (ie: set 200). |
Hello there!
I have been trying out a few auth proxies for Traefik but so far, none of them actually implemented whitelisting IP CIDRs.
Essentially, my kubernetes cluster runs at home and is exposed publicy. When I am at home, I would like to be able to use most of my services without needing to go through the login flow. But when I am away, or share access by creating users in Keycloak, I would like them to need to authenticate. Effectively, I want to whitelist my home network's CIDR, and enforce auth everywhere else.
Traefik is configured to receive the real request IP (with
hostNetwork
and an apropriatednsPolicy
and whatnot). So all that I need now is the ability to use that to figure out if it matches my home network's CIDR or not.Is that possible?
Thanks and kind regards,
Ingwie
The text was updated successfully, but these errors were encountered: