Added explicit "allow restarts" permission.

This commit is contained in:
Andre Zoledziowski 2019-01-21 14:02:01 +01:00 committed by Jairo Llopis
parent 3a1d5bb03a
commit 5a7bc8fd17
2 changed files with 3 additions and 1 deletions

View File

@ -1,7 +1,8 @@
FROM haproxy:1.9-alpine FROM haproxy:1.9-alpine
EXPOSE 2375 EXPOSE 2375
ENV AUTH=0 \ ENV ALLOW_RESTARTS=0 \
AUTH=0 \
BUILD=0 \ BUILD=0 \
COMMIT=0 \ COMMIT=0 \
CONFIGS=0 \ CONFIGS=0 \

View File

@ -42,6 +42,7 @@ backend dockerbackend
frontend dockerfrontend frontend dockerfrontend
bind :2375 bind :2375
http-request deny unless METH_GET || { env(POST) -m bool } http-request deny unless METH_GET || { env(POST) -m bool }
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[^/]+/((stop)|(restart)|(kill)) } ! { env(ALLOW_RESTARTS) -m bool }
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } ! { env(AUTH) -m bool } http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } ! { env(AUTH) -m bool }
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } ! { env(BUILD) -m bool } http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } ! { env(BUILD) -m bool }
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } ! { env(COMMIT) -m bool } http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } ! { env(COMMIT) -m bool }