New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add rejectStatusCode
option to IPAllowList
middleware
#10130
Add rejectStatusCode
option to IPAllowList
middleware
#10130
Conversation
Hello, can you rebase your PR onto the branch v3.0? This will be completely off-topic. I'm happy to talk to a cuber who helps with software around cubing, I'm also a cuber (not as speedy as young people). |
bfb94fe
to
eca58f3
Compare
@ldez, done! For the record, I based this branch off of master because of this documentation:
Should that documentation be updated? Or is this PR not an "Enhancement"?
Ha! Yeah, the young people are quite fast (so many of them were born after my first competition 😲!). |
It's more complex: currently, the v3 is in beta so we continue integrating enhancements and breaking changes. It was not the initial plan but it's the current status. |
Per traefik#10130 (comment): > It's more complex: currently, the v3 is in beta so we continue > integrating enhancements and breaking changes. It was not the initial > plan but it's the current status.
Sounds good. I've submitted #10131 to update the PR template accordingly. |
@ldez any chance of getting this merged up? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, the feature is similar to #10147
@geraldcroes, thanks for the approval. What's next in terms of getting this merged? |
We need 2 other reviews. I'll ask during triage tomorrow if others can tackle it quickly since the feature is straightforward |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @jfly,
Thanks for this contribution!
There are a few things missing, and I left a comment for that on the ipallowlist.md
.
There is also an update of the dynamic configuration reference files that is missing (file.toml
, file.yaml
, docker-labels.yaml
, etc...) in docs/content/reference/dynamic-configuration
directory.
@rtribotte, thanks for the review! I've updated the PR in light of your feedback. |
6811662
to
df222d9
Compare
Hello @jfly, Thanks for the recent changes! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @jfly for this PR.
Could you please add tests and ensure that invalid status codes are handled correctly?
Adding the |
b91a0a2
to
f198c97
Compare
@rtribotte, @mmatur, I've added the requested tests to CI failed on |
@mmatur, @rtribotte, could I get another review here? Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks 👍
If not specified, this defaults to the old behavior (returning a HTTP 403 Forbidden). Sometimes it's preferable to return a 404 rather than a 403 when rejecting a request. For example, you may not want to leak the fact that a page even exists. I see some other people have asked for this. See: - https://www.reddit.com/r/Traefik/comments/xkcxhb/hide_forbidden_pages_from_public_view/ - traefik#2039: It's not clear to me if the OP was requesting something specific to the `IPAllowList` or not, but there are definitely some people asking for this in the thread.
f198c97
to
3847a84
Compare
Thanks, @rtribotte! |
What does this PR do?
Add
rejectStatusCode
option toIPAllowList
middleware. If not specified, this defaults to the old behavior (returning a HTTP 403 Forbidden).Motivation
Sometimes it's preferable to return a 404 rather than a 403 when rejecting a request. For example, you may not want to leak the fact that a page even exists.
I see other people have asked for this. See:
IPAllowList
or not, but there are definitely some people asking for this in the thread.More