我的书签
添加书签
移除书签IPWhiteList
IPWhitelist accepts / refuses requests based on the client IP.
Docker
Kubernetes
apiVersion: traefik.containo.us/v1alpha1kind: Middlewaremetadata:name: test-ipwhitelistspec:ipWhiteList:sourceRange:- 127.0.0.1/32- 192.168.1.7
Consul Catalog
# Accepts request from defined IP- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
Marathon
"labels": {"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7"}
Rancher
# Accepts request from defined IPlabels:- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
File (YAML)
# Accepts request from defined IPhttp:middlewares:test-ipwhitelist:ipWhiteList:sourceRange:- "127.0.0.1/32"- "192.168.1.7"
File (TOML)
# Accepts request from defined IP[http.middlewares][http.middlewares.test-ipwhitelist.ipWhiteList]sourceRange = ["127.0.0.1/32", "192.168.1.7"]
Configuration Options
ipStrategy
The ipStrategy option defines two parameters that set how Traefik determines the client IP: depth, and excludedIPs.
ipStrategy.depth
The depth option tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
depthis ignored if its value is less than or equal to 0.
Examples of Depth & X-Forwarded-For
If depth is set to 2, and the request X-Forwarded-For header is "10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1" then the “real” client IP is "10.0.0.1" (at depth 4) but the IP used for the whitelisting is "12.0.0.1" (depth=2).
Docker
Kubernetes
# Whitelisting Based on `X-Forwarded-For` with `depth=2`apiVersion: traefik.containo.us/v1alpha1kind: Middlewaremetadata:name: test-ipwhitelistspec:ipWhiteList:sourceRange:- 127.0.0.1/32- 192.168.1.7ipStrategy:depth: 2
Consul Catalog
# Whitelisting Based on `X-Forwarded-For` with `depth=2`- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2"
Marathon
"labels": {"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7","traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth": "2"}
Rancher
# Whitelisting Based on `X-Forwarded-For` with `depth=2`labels:- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`http:middlewares:test-ipwhitelist:ipWhiteList:sourceRange:- "127.0.0.1/32"- "192.168.1.7"ipStrategy:depth: 2
File (TOML)
# Whitelisting Based on `X-Forwarded-For` with `depth=2`[http.middlewares.test-ipwhitelist.ipWhiteList]sourceRange = ["127.0.0.1/32", "192.168.1.7"][http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]depth = 2
ipStrategy.excludedIPs
excludedIPs configures Traefik to scan the header and select the first IP not in the list.
If depth is specified, excludedIPs is ignored.
Example of ExcludedIPs & X-Forwarded-For
X-Forwarded-For | excludedIPs | clientIP |
|---|---|---|
“10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1” | “12.0.0.1,13.0.0.1” | “11.0.0.1” |
“10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1” | “15.0.0.1,13.0.0.1” | “12.0.0.1” |
“10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1” | “10.0.0.1,13.0.0.1” | “12.0.0.1” |
“10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1” | “15.0.0.1,16.0.0.1” | “13.0.0.1” |
“10.0.0.1,11.0.0.1” | “10.0.0.1,11.0.0.1” | “” |
Docker
Kubernetes
# Exclude from `X-Forwarded-For`apiVersion: traefik.containo.us/v1alpha1kind: Middlewaremetadata:name: test-ipwhitelistspec:ipWhiteList:ipStrategy:excludedIPs:- 127.0.0.1/32- 192.168.1.7
Consul Catalog
# Exclude from `X-Forwarded-For`- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
Marathon
"labels": {"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"}
Rancher
# Exclude from `X-Forwarded-For`labels:- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
# Exclude from `X-Forwarded-For`http:middlewares:test-ipwhitelist:ipWhiteList:ipStrategy:excludedIPs:- "127.0.0.1/32"- "192.168.1.7"
File (TOML)
# Exclude from `X-Forwarded-For`[http.middlewares][http.middlewares.test-ipwhitelist.ipWhiteList]
