Add rejectStatusCode option to IPAllowList middleware

2024-01-09 11:26:05 -08:00 · 2024-01-09 11:26:05 -08:00 · ccf3a9995a
commit ccf3a9995a
parent fea94a3393
12 changed files with 108 additions and 12 deletions
--- a/docs/content/middlewares/http/ipallowlist.md
+++ b/docs/content/middlewares/http/ipallowlist.md
@ -207,3 +207,45 @@ http:
    [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
      excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
 ```
+
+### `rejectStatusCode`
+
+The `rejectStatusCode` option sets HTTP status code for refused requests. If not set, the default is 403 (Forbidden).
+
+```yaml tab="Docker & Swarm"
+# Reject requests with a 404 rather than a 403
+labels:
+    - "traefik.http.middlewares.test-ipallowlist.ipallowlist.rejectstatuscode=404"
+```
+
+```yaml tab="Kubernetes"
+# Reject requests with a 404 rather than a 403
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: test-ipallowlist
+spec:
+  ipAllowList:
+    rejectStatusCode: 404
+```
+
+```yaml tab="Consul Catalog"
+# Reject requests with a 404 rather than a 403
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.rejectstatuscode=404"
+```
+
+```yaml tab="File (YAML)"
+# Reject requests with a 404 rather than a 403
+http:
+  middlewares:
+    test-ipallowlist:
+      ipAllowList:
+        rejectStatusCode: 404
+```
+
+```toml tab="File (TOML)"
+# Reject requests with a 404 rather than a 403
+[http.middlewares]
+  [http.middlewares.test-ipallowlist.ipAllowList]
+    rejectStatusCode = 404
+```
--- a/docs/content/reference/dynamic-configuration/docker-labels.yml
+++ b/docs/content/reference/dynamic-configuration/docker-labels.yml
@ -68,6 +68,7 @@
 - "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth=42"
 - "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips=foobar, foobar"
 - "traefik.http.middlewares.middleware11.ipallowlist.sourcerange=foobar, foobar"
+- "traefik.http.middlewares.middleware11.ipallowlist.rejectstatuscode=404"
 - "traefik.http.middlewares.middleware12.inflightreq.amount=42"
 - "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42"
 - "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
--- a/docs/content/reference/dynamic-configuration/file.toml
+++ b/docs/content/reference/dynamic-configuration/file.toml
@ -199,6 +199,7 @@
    [http.middlewares.Middleware11]
      [http.middlewares.Middleware11.ipAllowList]
        sourceRange = ["foobar", "foobar"]
+        rejectStatusCode = 404
        [http.middlewares.Middleware11.ipAllowList.ipStrategy]
          depth = 42
          excludedIPs = ["foobar", "foobar"]
--- a/docs/content/reference/dynamic-configuration/file.yaml
+++ b/docs/content/reference/dynamic-configuration/file.yaml
@ -225,6 +225,7 @@ http:
        isDevelopment: true
    Middleware11:
      ipAllowList:
+        rejectStatusCode: 404
        sourceRange:
          - foobar
          - foobar
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
@ -1181,6 +1181,10 @@ spec:
                          type: string
                        type: array
                    type: object
+                  rejectStatusCode:
+                    description: RejectStatusCode defines the HTTP status code used
+                      for refused requests. If not set, the default is 403 (Forbidden).
+                    type: integer
                  sourceRange:
                    description: SourceRange defines the set of allowed IPs (or ranges
                      of allowed IPs by using CIDR notation).
--- a/docs/content/reference/dynamic-configuration/kv-ref.md
+++ b/docs/content/reference/dynamic-configuration/kv-ref.md
@ -81,6 +81,7 @@
 | `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/depth` | `42` |
 | `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/0` | `foobar` |
 | `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/ipAllowList/rejectStatusCode` | `404` |
 | `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/0` | `foobar` |
 | `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/1` | `foobar` |
 | `traefik/http/middlewares/Middleware12/inFlightReq/amount` | `42` |
--- a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
@ -606,6 +606,10 @@ spec:
                          type: string
                        type: array
                    type: object
+                  rejectStatusCode:
+                    description: RejectStatusCode defines the HTTP status code used
+                      for refused requests. If not set, the default is 403 (Forbidden).
+                    type: integer
                  sourceRange:
                    description: SourceRange defines the set of allowed IPs (or ranges
                      of allowed IPs by using CIDR notation).