Add rejectStatusCode option to IPAllowList middleware

[jfly]

What does this PR do?

Add rejectStatusCode option to IPAllowList middleware. If not specified, this defaults to the old behavior (returning a HTTP 403 Forbidden).

Motivation

Sometimes it's preferable to return a 404 rather than a 403 when rejecting a request. For example, you may not want to leak the fact that a page even exists.

I see other people have asked for this. See:

• https://www.reddit.com/r/Traefik/comments/xkcxhb/hide_forbidden_pages_from_public_view/
• Feature Request (Error Pages): Possibility to change status code #2039: It's not clear to me if the OP was requesting something specific to the IPAllowList or not, but there are definitely some people asking for this in the thread.

More

• Added/updated tests
  • I tried to fix the failing tests. Please let me know if I should add a new test for this new functionality.
• Added/updated documentation

[ldez]

Hello,

can you rebase your PR onto the branch v3.0?

---

This will be completely off-topic.

I'm happy to talk to a cuber who helps with software around cubing, I'm also a cuber (not as speedy as young people).

[jfly]

can you rebase your PR onto the branch v3.0?

@ldez, done! For the record, I based this branch off of master because of this documentation:

Enhancements: [...] for Traefik v3: use branch master

Should that documentation be updated? Or is this PR not an "Enhancement"?

I'm also a cuber (not as speedy as young people).

Ha! Yeah, the young people are quite fast (so many of them were born after my first competition 😲!).

[ldez]

Should that documentation be updated? Or is this PR not an "Enhancement"?

It's more complex: currently, the v3 is in beta so we continue integrating enhancements and breaking changes. It was not the initial plan but it's the current status.

[jfly]

Sounds good. I've submitted #10131 to update the PR template accordingly.

[jfly]

@ldez any chance of getting this merged up?

[geraldcroes]

LGTM, the feature is similar to #10147

[jfly]

@geraldcroes, thanks for the approval. What's next in terms of getting this merged?

[geraldcroes]

We need 2 other reviews. I'll ask during triage tomorrow if others can tackle it quickly since the feature is straightforward

[rtribotte]

Hello @jfly,

Thanks for this contribution!

There are a few things missing, and I left a comment for that on the ipallowlist.md.
There is also an update of the dynamic configuration reference files that is missing (file.toml, file.yaml, docker-labels.yaml, etc...) in docs/content/reference/dynamic-configuration directory.

[jfly]

@rtribotte, thanks for the review! I've updated the PR in light of your feedback.

[rtribotte]

Hello @jfly,

Thanks for the recent changes!
The last thing I would suggest to do is to test this new option in ip_allowlist_test.go.

[mmatur]

Thanks @jfly for this PR.

Could you please add tests and ensure that invalid status codes are handled correctly?

[rtribotte]

Adding the waiting-for-corrections label while waiting for the unit tests to be updated.

[jfly]

@rtribotte, @mmatur, I've added the requested tests to ip_allowlist_test.go.

CI failed on TestServiceHealthChecker_Launch/healthy_grpc_server_becoming_sick, but I don't think that's my fault, as the same test passes locally.

[jfly]

@mmatur, @rtribotte, could I get another review here? Thanks!

[mmatur]

LGTM

[rtribotte]

Thanks 👍

[jfly]

Thanks, @rtribotte!