Filter input paths on nginx-ingress to protect backend

10/1/2020

I have a very simple config but didn't find a direct answer yet. So there is nginx-ingress and gunicorn service behind. I want to protect gunicorn backend from all the bots bruteforcing urls. So I want to redirect only few URLs like:

  • /
  • /one/*
  • /two/*
  • /three/*

What is the simplest ingress config to achieve this goal?

-- TPRLab
kubernetes
nginx-ingress

1 Answer

10/3/2020

You can try this config:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: app
  labels:
    app.kubernetes.io/name: app
  annotations:
    nginx.ingress.kubernetes.io/use-regex: "true"
spec:
  rules:
    - host: app.domain.com
      http:
        paths:
        - path: /(one|two|three)/
          backend:
            serviceName: app
            servicePort: 5000
        - path: /(.+)
          backend:
            serviceName: app2
            servicePort: 5000
        - path: /
          backend:
            serviceName: app
            servicePort: 5000

In this example:

  • app - your application
  • app2 - application, that responding with 403 or other error
-- Vladimir Baranov
Source: StackOverflow