Added explicit "allow restarts" permission.
This commit is contained in:
Andre Zoledziowski
Jairo Llopis
parent
3a1d5bb03a
commit
5a7bc8fd17
@ -1,7 +1,8 @@
|
|||||||
FROM haproxy:1.9-alpine
|
FROM haproxy:1.9-alpine
|
||||||
|
|
||||||
EXPOSE 2375
|
EXPOSE 2375
|
||||||
ENV AUTH=0 \
|
ENV ALLOW_RESTARTS=0 \
|
||||||
|
AUTH=0 \
|
||||||
BUILD=0 \
|
BUILD=0 \
|
||||||
COMMIT=0 \
|
COMMIT=0 \
|
||||||
CONFIGS=0 \
|
CONFIGS=0 \
|
||||||
|
|||||||
@ -42,6 +42,7 @@ backend dockerbackend
|
|||||||
frontend dockerfrontend
|
frontend dockerfrontend
|
||||||
bind :2375
|
bind :2375
|
||||||
http-request deny unless METH_GET || { env(POST) -m bool }
|
http-request deny unless METH_GET || { env(POST) -m bool }
|
||||||
|
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[^/]+/((stop)|(restart)|(kill)) } ! { env(ALLOW_RESTARTS) -m bool }
|
||||||
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } ! { env(AUTH) -m bool }
|
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } ! { env(AUTH) -m bool }
|
||||||
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } ! { env(BUILD) -m bool }
|
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } ! { env(BUILD) -m bool }
|
||||||
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } ! { env(COMMIT) -m bool }
|
http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } ! { env(COMMIT) -m bool }
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user