Multi tenant ip whitelist
Hi,
Has anyone managed to successfully implement a multi tenant IP firewall using VCL? If so would you mind sharing some code.
Our problem is that we can’t compare our client.ip
with any ips loaded from edge-dictionaries and having one giant acl
isn’t ideal when you have multiple tenants. We are trying to do something like this:
acl amazon_web_services {
#list of ips
}
if (req.url ~ "/^\/([A-z0-9-]*)/") {
set req.http.tenant_name = re.group.1;
}
set req.http.tenant_ip_whitelist = table.lookup(tenant_ip_whitelists, req.http.tenant_name);
if(!req.http.Fastly-FF && (client.ip !~ amazon_web_services || client.ip !~ req.http.tenant_ip_whitelist)) {
error 405 "Not allowed.";
}
Thanks.
Please sign in to leave a comment.
Comments
0 comments