til
til copied to clipboard
Published
20 hours ago •
xluffy
xluffy
Block CIDRs in ingress-nginx
Block CIDRs in Ingress nginx with block-user-agents
ginkgo.It("should block CIDRs defined in the ConfigMap", func() {
f.UpdateNginxConfigMapData("block-cidrs", "172.16.0.0/12,192.168.0.0/16,10.0.0.0/8")
f.WaitForNginxConfiguration(
func(cfg string) bool {
return strings.Contains(cfg, "deny 172.16.0.0/12;") &&
strings.Contains(cfg, "deny 192.168.0.0/16;") &&
strings.Contains(cfg, "deny 10.0.0.0/8;")
})
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusForbidden)
})
https://github.com/kubernetes/ingress-nginx/blob/7f723c59855e82614582ff7b2efd1783b1afc2ee/test/e2e/settings/global_access_block.go#L39
And wow, I don't know about denylist-source-range (Sets the default denylisted IPs for each server block)
