From c1aa75883eda55ab5e68cc60ba7d68ec27d1d126 Mon Sep 17 00:00:00 2001 From: Suresh Charan Date: Mon, 31 Jan 2022 06:25:37 -0500 Subject: [AAI] Request blocking enhancement for AAI Enable configuration of HAProxy ACL to block incoming requests Issue-ID: OOM-2920 Signed-off-by: Suresh Charan Change-Id: Icacaa7642f018b76b6c738b325c3d2a12702495e --- .../aai/resources/config/haproxy/haproxy-pluggable-security.cfg | 9 +++++++++ kubernetes/aai/resources/config/haproxy/haproxy.cfg | 9 +++++++++ 2 files changed, 18 insertions(+) (limited to 'kubernetes/aai/resources') diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg index 9fa6d2ee9b..6e7acef17f 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg @@ -88,6 +88,15 @@ frontend IST_8443 http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)] http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)] http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)] +####################################### +## Request blocking configuration ### +####################################### + {{- if eq $.Values.haproxy.requestBlocking.enabled true }} + {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }} + {{ $custom_config }} + {{- end }} + {{- end }} + reqadd X-Forwarded-Proto:\ https reqadd X-Forwarded-Port:\ 8443 diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg index 1db4addb5a..1accff9935 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg @@ -119,6 +119,15 @@ frontend IST_8443 http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)] http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)] http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)] +####################################### +## Request blocking configuration ### +####################################### + {{- if eq $.Values.haproxy.requestBlocking.enabled true }} + {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }} + {{ $custom_config }} + {{- end }} + {{- end }} + reqadd X-Forwarded-Proto:\ https reqadd X-Forwarded-Port:\ 8443 {{- end }} -- cgit 1.2.3-korg