3. Security and Validation

accessControl

Version

Applies access control rules to incoming requests based on the peer address.

The interceptor evaluates the configured child rules in order and uses the first rule that matches the peer to decide whether the request is permitted. If no rule matches, access is denied. A denied request is rejected with 403.

Rules can match on IPv4/IPv6 (optionally with CIDR prefix) or on a hostname pattern. Hostname matching requires the peer hostname to be resolved and is performed only when at least one configured rule uses a hostname target.

See the examples under examples/security/access-control-list and the tutorial tutorials/security/60-Access-Control-Lists.yaml.

Example Configuration

api:
port: 2000
flow:
- accessControl:
- allow: "10.0.0.0/8"
- deny: "0.0.0.0/0"
api:
   port: 2000
   flow:
     - accessControl:
         - allow: "10.0.0.0/8"
         - deny: "0.0.0.0/0"

Syntax

accessControl:
- <rules>
accessControl:
  - <rules>

Child Structure

ElementCardinalityDescription
rules0..*Configures the ordered list of access rules that will be evaluated for each request.

Can be used in