Created
March 13, 2020 16:39
-
-
Save xandout/028389abb12d0a131ded4088b9b69fc0 to your computer and use it in GitHub Desktop.
K8S Ingress showing how to block access based on the client's User-Agent
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: Ingress | |
| metadata: | |
| name: web-app-ingress | |
| annotations: | |
| nginx.ingress.kubernetes.io/configuration-snippet: | | |
| if ($http_user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36" ) { | |
| # use more_set_headers here instead of add_header for kubernetes(openresty). | |
| more_set_headers "Content-Type: application/json"; | |
| return 426 '{"error":"please upgrade your client"}'; | |
| } | |
| labels: | |
| k8s-app: web-app | |
| spec: | |
| rules: | |
| - host: "mysite.com" | |
| http: &http_rule | |
| paths: | |
| - path: /the/path/you/want/to/block/traffic/based/on/user-agent | |
| backend: | |
| serviceName: web-app-svc | |
| servicePort: 8080 | |
| tls: | |
| - hosts: | |
| - "mysite.com" | |
| secretName: letsencrypt-prod |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment