Thank you for the response, Shannon,

Our work on support for Route Services has nearly reached MVP.

Great!

- UX proposal:
https://drive.google.com/open?id=1SfwaQ1hnngfopXC_Q24cT6lbo0yFwvbAbPcCPEHeNPY
- Original proposal:
https://docs.google.com/document/d/1bGOQxiKkmaw6uaRWGd-sXpxL0Y28d3QihcluI15FiIA/edit?usp=sharing
- Tracker epics: https://www.pivotaltracker.com/epic/show/1884060 and
https://www.pivotaltracker.com/epic/show/2031344

I will read them. Thanks.


--
Noburou TANIGUCHI



shannon wrote

You could certainly build a route service to support this use case. Users
would create a service instance of the service, configure it to block
specified IPs (on create, bind, or out-of-band), then bind it to the
route,
causing requests to the route to be forwarded to the service instance,
which would block the requests or pass them through. All applications
mapped to the route would be protected.

Route Services opens a whole new class of services which could be offered
in the marketplace by exposing an point of extension. Now all these
features don't have be to implemented directly in the router itself.

Our work on support for Route Services has nearly reached MVP. The backend
work is nearly complete, and we've started work on the CLI commands. Soon
we'll publish documentation for service broker authors as well as end
users.

I'll also be sending a request for feedback shortly on a header we're
using
in the integration that must be handled by the services. With a few
changes
we could support standard forwarding proxies as Route Services per the
http
rfc, but it comes with tradeoffs. Stay tuned.

For now, you can refer to these docs for info about the Route Services
feature:
- UX proposal:
https://drive.google.com/open?id=1SfwaQ1hnngfopXC_Q24cT6lbo0yFwvbAbPcCPEHeNPY
- Original proposal:
https://docs.google.com/document/d/1bGOQxiKkmaw6uaRWGd-sXpxL0Y28d3QihcluI15FiIA/edit?usp=sharing
- Tracker epics: https://www.pivotaltracker.com/epic/show/1884060 and
https://www.pivotaltracker.com/epic/show/2031344

Please let me know if you have any questions.

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Sat, Oct 31, 2015 at 1:33 AM, Noburou TANIGUCHI <

dev(a).m001

> wrote:

We have proprietarily implemented the feature into Gorouter, but now
similar
functionality will probably achieved by Route Service [1]. There seems
little information [2] about it and I also want to know the progress.

[1]

https://docs.google.com/document/d/1bGOQxiKkmaw6uaRWGd-sXpxL0Y28d3QihcluI15FiIA/edit#heading=h.8djffzes9pnb

[2] https://www.pivotaltracker.com/n/projects/966314


Carlo Alberto Ferraris-2 wrote

Is there any provision for restricting the source IPs that are allowed

to

access a certain application (or route)? Or the only way to do this is

to

place a reverse proxy in front of the gorouter?
In case the reverse proxy is the only way to go, would there be

interest

to have something like this implemented inside the gorouter itself?

(we're

willing to contribute)

-----
I'm not a ...
noburou taniguchi
--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-Source-IP-ACLs-tp2518p2544.html
Sent from the CF Dev mailing list archive at Nabble.com.

-----
I'm not a ...
noburou taniguchi
--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-Source-IP-ACLs-tp2518p2628.html
Sent from the CF Dev mailing list archive at Nabble.com.