[AAI] Request blocking enhancement for AAI
Enable configuration of HAProxy ACL to block incoming requests
Issue-ID: OOM-2920
Signed-off-by: Suresh Charan <suresh.charan@amdocs.com>
Change-Id: Icacaa7642f018b76b6c738b325c3d2a12702495e
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
index 9fa6d2e..6e7acef 100644
--- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
+++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
@@ -88,6 +88,15 @@
http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)]
http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)]
http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
+#######################################
+## Request blocking configuration ###
+#######################################
+ {{- if eq $.Values.haproxy.requestBlocking.enabled true }}
+ {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }}
+ {{ $custom_config }}
+ {{- end }}
+ {{- end }}
+
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 8443
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
index 1db4add..1accff9 100644
--- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg
+++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
@@ -119,6 +119,15 @@
http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)]
http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)]
http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
+#######################################
+## Request blocking configuration ###
+#######################################
+ {{- if eq $.Values.haproxy.requestBlocking.enabled true }}
+ {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }}
+ {{ $custom_config }}
+ {{- end }}
+ {{- end }}
+
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 8443
{{- end }}