IPWhiteList¶

限制客户使用特定IP

IpWhiteList

IPWhitelist接受/拒绝基于客户端IP的请求.

Configuration Examples¶

Docker

# Accepts request from defined IP
labels:
  - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"

Kubernetes

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: test-ipwhitelist
spec:
  ipWhiteList:
    sourceRange:
      - 127.0.0.1/32
      - 192.168.1.7

Marathon

"labels": {
  "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7"
}

Rancher

# Accepts request from defined IP
labels:
  - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"

文件（TOML）

# Accepts request from defined IP
[http.middlewares]
  [http.middlewares.test-ipwhitelist.ipWhiteList]
    sourceRange = ["127.0.0.1/32", "192.168.1.7"]

档案（YAML）

# Accepts request from defined IP
http:
  middlewares:
    test-ipwhitelist:
      ipWhiteList:
        sourceRange:
          - "127.0.0.1/32"
          - "192.168.1.7"

Configuration Options¶

`sourceRange`¶

sourceRange选项设置允许的IP（或允许的IP范围）.

`ipStrategy`¶

该ipStrategy选项定义两个参数如何设定Traefik将决定客户端IP： depth和excludedIPs .

`ipStrategy.depth`¶

depth选项告诉Traefik使用X-Forwarded-For标头，并获取位于depth位置（从右开始）的IP.

深度和X-Forwarded-For的示例

Docker

# Whitelisting Based on `X-Forwarded-For` with `depth=2`
labels:
  - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
  - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"

Kubernetes

# Whitelisting Based on `X-Forwarded-For` with `depth=2`
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: testIPwhitelist
spec:
  ipWhiteList:
    sourceRange:
      - 127.0.0.1/32
      - 192.168.1.7
    ipStrategy:
      depth: 2

Rancher

# Whitelisting Based on `X-Forwarded-For` with `depth=2`
labels:
  - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
  - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"

Marathon

"labels": {
  "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7",
  "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth": "2"
}

文件（TOML）

# Whitelisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares]
  [http.middlewares.test-ipwhitelist.ipWhiteList]
    sourceRange = ["127.0.0.1/32", "192.168.1.7"]
    [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
      depth = 2

档案（YAML）

# Whitelisting Based on `X-Forwarded-For` with `depth=2`
http:
  middlewares:
    test-ipwhitelist:
      ipWhiteList:
        sourceRange:
          - "127.0.0.1/32"
          - "192.168.1.7"
        ipStrategy:
          depth: 2

如果depth等于2，并且请求X-Forwarded-For标头是"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"那么"实际"客户端IP将是"10.0.0.1" （在深度4），但用于白名单的IP将为"12.0.0.1" （ depth=2 ）.

更多例子

`X-Forwarded-For`	`depth`	clientIP
`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`	`1`	`"13.0.0.1"`
`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`	`3`	`"11.0.0.1"`
`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`	`5`	`""`

Info

如果depth大于X-Forwarded-For的IP总数，则客户端IP将为空.
如果depth的值小于或等于0，则将被忽略.

`ipStrategy.excludedIPs`¶

Docker

# Exclude from `X-Forwarded-For`
labels:
    - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"

Kubernetes

# Exclude from `X-Forwarded-For`
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: test-ipwhitelist
spec:
  ipWhiteList:
    ipStrategy:
      excludedIPs:
        - 127.0.0.1/32
        - 192.168.1.7

Rancher

# Exclude from `X-Forwarded-For`
labels:
  - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"

Marathon

"labels": {
  "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
}

文件（TOML）

# Exclude from `X-Forwarded-For`
[http.middlewares]
  [http.middlewares.test-ipwhitelist.ipWhiteList]
    [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
      excludedIPs = ["127.0.0.1/32", "192.168.1.7"]

档案（YAML）

# Exclude from `X-Forwarded-For`
http:
  middlewares:
    test-ipwhitelist:
      ipWhiteList:
        ipStrategy:
          excludedIPs:
            - "127.0.0.1/32"
            - "192.168.1.7"

excludedIPs告诉Traefik扫描X-Forwarded-For标题和挑头IP不在列表中.

如果指定了depth ，则会忽略excludedIPs的IP.

排除的IP和X-Forwarded-For的示例

`X-Forwarded-For`	`excludedIPs`	clientIP
`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`	`"12.0.0.1,13.0.0.1"`	`"11.0.0.1"`
`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`	`"15.0.0.1,13.0.0.1"`	`"12.0.0.1"`
`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`	`"10.0.0.1,13.0.0.1"`	`"12.0.0.1"`
`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`	`"15.0.0.1,16.0.0.1"`	`"13.0.0.1"`
`"10.0.0.1,11.0.0.1"`	`"10.0.0.1,11.0.0.1"`	`""`

IPWhiteList¶

Configuration Examples¶

Configuration Options¶

sourceRange¶

ipStrategy¶

ipStrategy.depth¶

ipStrategy.excludedIPs¶

by ICOPY.SITE

`sourceRange`¶

`ipStrategy`¶

`ipStrategy.depth`¶

`ipStrategy.excludedIPs`¶