K
Q

Restrict connections to pod by service source

12/2/2019

My application is running in a openshift environment. My Apache server is providing the server-status via the ‘SetHandler server-status’. I can limit this access by mentioning the ‘require ip’ parameter in the apache configuration file. But I want to know if we could do the same by using service name ? I mean can I use two services to this pod and allow only access from one service to this server-status ? I have tried setting the ‘require host service-name’ but when I check the source hostname, it can’t identify the source : AH01753: access check of ‘service-name’ to /server-status/ failed, reason: unable to get the remote host name

We use the same build in different region and configmap is the only option I see to mention the source IP address for each region. Any other thought to restict the access by service name would be helpful.

Thanks, Gops

-- theG
apache
health-monitoring
kubernetes-service
openshift
security

Similar Questions

Kubernetes service account role using OIDC
Kubernetes deployment high memory usage
Google debug: How to debug a library in executable jar - Error : File was not found in the executable
Can we have static Kubernetes PV names with dynamic hostpath provisioner(rancher) ..?
NumberFormatException when starting Quarkus on Kubernetes
container restart reason OOMKilled with exit code 1

0 Answers