DEVHIDE
Login Or Sign up

I want to restrict access of my azure Kubernetes nginx ingress only for a particular location (api path) , only to be accessed from azure front door

92 Views Asked by At

I want to restrict access of my azure Kubernetes nginx ingress only for a particular location (api path) , only to be accessed from azure front door.

I have a configuration snippet, but how to apply it to only a particular path

nginx.ingress.kubernetes.io/configuration-snippet: |
if ($http_x_azure_fdid !~* "xxxxx-xxx-xxx-xxxxxx")
{
return 403;
}
kubernetes nginx azure-aks nginx-ingress azure-front-door
Original Q&A
1

There are 1 best solutions below

0
Arko On

To restrict access of your Azure Kubernetes nginx ingress only for a particular location (api path), and only to be accessed from Azure Front Door, you can use the nginx.ingress.kubernetes.io/configuration-snippet annotation in your ingress YAML file. The snippet you provided is a good start, but you need to modify it to apply only to a particular path. Azure Front Door doesn't automatically add an X-Azure-FDID header to requests. You will need to manually configure Azure Front Door to add a custom header to its requests if you want to use a custom header for filtering. Assuming you have configured Azure Front Door to add an X-Azure-FDID header to its requests, here is an example of how you can modify the snippet to apply only to the /api path:

nginx.ingress.kubernetes.io/configuration-snippet: |
  location /api {
    if ($http_x_azure_fdid !~* "xxxxx-xxx-xxx-xxxxxx") {
      return 403;
    }
  }

This snippet will only apply to requests that match the /api path. Requests to other paths will not be affected by this snippet.

Ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: frontdoor-ingress
  namespace: default
  annotations:
    nginx.ingress.kubernetes.io/configuration-snippet: |
      if ($http_x_azure_fdid !~* "xxxxx-xxx-xxx-xxxxxx") {
        return 403;
      }
spec:
  ingressClassName: nginx
  rules:
  - host: <yourcustomdomain.com>
    http:
      paths:
      - path: /api/restricted
        pathType: Prefix
        backend:
          service:
            name: your-service
            port:
              number: 80

enter image description here

References:

Related Questions in KUBERNETES

Related Questions in NGINX

Related Questions in AZURE-AKS

Related Questions in NGINX-INGRESS

Related Questions in AZURE-FRONT-DOOR

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.