feature: support useragent and ip allow/blocking, and namespace interval idling overrides #20
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
shreddedbacon
force-pushed
the
support-ip-useragent-blocking
branch
2 times, most recently
from
1b41e03 to
970818a
Compare
shreddedbacon
force-pushed
the
support-ip-useragent-blocking
branch
from
970818a to
aecc326
Compare
shreddedbacon
force-pushed
the
support-ip-useragent-blocking
branch
from
5f242c5 to
db37b41
Compare
shreddedbacon
force-pushed
the
support-ip-useragent-blocking
branch
from
db37b41 to
7fa150b
Compare
shreddedbacon
changed the title
shreddedbacon
force-pushed
the
support-ip-useragent-blocking
branch
6 times, most recently
from
e69e12d to
09a03cf
Compare
shreddedbacon
force-pushed
the
support-ip-useragent-blocking
branch
from
09a03cf to
e71e12e
Compare
shreddedbacon
force-pushed
the
support-ip-useragent-blocking
branch
from
b2f920b to
ac55dde
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds support for being able to define
/lists/allowedipsfile which is a single line per entry of ip address to allow/lists/blockedipsfile which is a single line per entry of ip address to block/lists/allowedagentsfile which is a single line per entry of useragents or regex patterns to match against. These must begobased regular expressions./lists/blockedagentsfile which is a single line per entry of useragents or regex patterns to match against. These must begobased regular expressions.There are also annotations that can be added to specific ingress objects that allow for ip allowlist or specific user agent blocking.
idling.amazee.io/ip-allow-list- a comma separated list of ip addresses to allow, will be checked against x-forward-for, but if true-client-ip is provided it will prefer this.idling.amazee.io/ip-block-list- a comma separated list of ip addresses to allow, will be checked against x-forward-for, but if true-client-ip is provided it will prefer this.idling.amazee.io/allowed-agents- a comma separated list of user agents or regex patterns to allow.idling.amazee.io/blocked-agents- a comma separated list of user agents or regex patterns to block.Additionally, you can add annotations to a namespace to allow the interval checks within the namespace to be different to the globally applied intervals.
idling.amazee.io/prometheus-interval- set this to the time interval for prometheus checks, the format must be in 30m|4h|1h30m notationidling.amazee.io/pod-interval- set this to the time interval for pod uptime checks, the format must be in 30m|4h|1h30m notationAlso requests can be forced to verify by using a javascript snippet in the unidling page to call back to aergia to prove that they are a user and not a bot or some other automated system. See the README on how to turn this feature on and also the annotation to disable this per namespace if required.
Using these features would allow a platform operator to restrict how environments are unidled.