Restrict connections to pod by service source

12/2/2019

My application is running in a openshift environment. My Apache server is providing the server-status via the ‘SetHandler server-status’. I can limit this access by mentioning the ‘require ip’ parameter in the apache configuration file. But I want to know if we could do the same by using service name ? I mean can I use two services to this pod and allow only access from one service to this server-status ? I have tried setting the ‘require host service-name’ but when I check the source hostname, it can’t identify the source : AH01753: access check of ‘service-name’ to /server-status/ failed, reason: unable to get the remote host name

We use the same build in different region and configmap is the only option I see to mention the source IP address for each region. Any other thought to restict the access by service name would be helpful.

Thanks, Gops

-- theG
apache
health-monitoring
kubernetes-service
openshift
security

0 Answers