Re: Source IP ACLs
You could certainly build a route service to support this use case. Userstoggle quoted messageShow quoted text
would create a service instance of the service, configure it to block
specified IPs (on create, bind, or out-of-band), then bind it to the route,
causing requests to the route to be forwarded to the service instance,
which would block the requests or pass them through. All applications
mapped to the route would be protected.
Route Services opens a whole new class of services which could be offered
in the marketplace by exposing an point of extension. Now all these
features don't have be to implemented directly in the router itself.
Our work on support for Route Services has nearly reached MVP. The backend
work is nearly complete, and we've started work on the CLI commands. Soon
we'll publish documentation for service broker authors as well as end users.
I'll also be sending a request for feedback shortly on a header we're using
in the integration that must be handled by the services. With a few changes
we could support standard forwarding proxies as Route Services per the http
rfc, but it comes with tradeoffs. Stay tuned.
For now, you can refer to these docs for info about the Route Services
- UX proposal:
- Original proposal:
- Tracker epics: https://www.pivotaltracker.com/epic/show/1884060 and
Please let me know if you have any questions.
Product Manager, Cloud Foundry
On Sat, Oct 31, 2015 at 1:33 AM, Noburou TANIGUCHI <dev(a)nota.m001.jp> wrote:
We have proprietarily implemented the feature into Gorouter, but now