IP Whitelists for Frontend (with Docker- & Kubernetes-Provider Support)

server/server.go

@@ -716,6 +716,14 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 							negroni.Use(metricsMiddlewareBackend)
 						}
 					}
+					ipWhitelistMiddleware, err := configureIPWhitelistMiddleware(frontend.WhitelistSourceRange)
+					if err != nil {
+						log.Fatalf("Error creating IP Whitelister: %s", err)
+					} else if ipWhitelistMiddleware != nil {
+						negroni.Use(ipWhitelistMiddleware)
+						log.Infof("Configured IP Whitelists: %s", frontend.WhitelistSourceRange)
+					}
+
 					if len(frontend.BasicAuth) > 0 {
 						users := types.Users{}
 						for _, user := range frontend.BasicAuth {
@@ -770,6 +778,21 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 	return serverEntryPoints, nil
 }
 
+func configureIPWhitelistMiddleware(whitelistSourceRanges []string) (negroni.Handler, error) {
+	if len(whitelistSourceRanges) > 0 {
+		ipSourceRanges := whitelistSourceRanges
+		ipWhitelistMiddleware, err := middlewares.NewIPWhitelister(ipSourceRanges)
+
+		if err != nil {
+			return nil, err
+		}
+
+		return ipWhitelistMiddleware, nil
+	}
+
+	return nil, nil
+}
+
 func (server *Server) wireFrontendBackend(serverRoute *serverRoute, handler http.Handler) {
 	// path replace - This needs to always be the very last on the handler chain (first in the order in this function)
 	// -- Replacing Path should happen at the very end of the Modifier chain, after all the Matcher+Modifiers ran