summary |
shortlog |
log |
commit | commitdiff |
review |
tree
raw |
patch |
inline | side by side (from parent 1:
adbc2b7)
Enable configuration of HAProxy ACL to block incoming requests
Issue-ID: OOM-2920
Signed-off-by: Suresh Charan <suresh.charan@amdocs.com>
Change-Id: Icacaa7642f018b76b6c738b325c3d2a12702495e
http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)]
http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)]
http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)]
http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)]
http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
+#######################################
+## Request blocking configuration ###
+#######################################
+ {{- if eq $.Values.haproxy.requestBlocking.enabled true }}
+ {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }}
+ {{ $custom_config }}
+ {{- end }}
+ {{- end }}
+
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 8443
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 8443
http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)]
http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)]
http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)]
http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)]
http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
+#######################################
+## Request blocking configuration ###
+#######################################
+ {{- if eq $.Values.haproxy.requestBlocking.enabled true }}
+ {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }}
+ {{ $custom_config }}
+ {{- end }}
+ {{- end }}
+
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 8443
{{- end }}
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 8443
{{- end }}
+# HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns
+haproxy:
+ requestBlocking:
+ enabled: false
+ customConfigs: []
+
# probe configuration parameters
liveness:
initialDelaySeconds: 10
# probe configuration parameters
liveness:
initialDelaySeconds: 10