Change Details

This feature would allow flexible and fine-grained IP-based access control on [sub]domain level, i.e.: ``` set load-balancing reverse-proxy service my-new-api backend 'new-bk-01' set load-balancing reverse-proxy service my-new-api mode 'http' set load-balancing reverse-proxy service my-new-api port '443' set load-balancing reverse-proxy service my-new-api rule 10 domain-name 'example.com' set load-balancing reverse-proxy service my-new-api rule 10 allow ip '10.10.10.0/24' set load-balancing reverse-proxy service my-new-api rule 10 allow ip '10.10.11.0/24' set load-balancing reverse-proxy service my-new-api rule 20 domain-name 'new.example.com' set load-balancing reverse-proxy service my-new-api rule 20 deny ip !'10.10.12.0/24' set load-balancing reverse-proxy service my-new-api ssl certificate 'my-new-api-cert' set load-balancing reverse-proxy backend bk-01 balance 'round-robin' set load-balancing reverse-proxy backend bk-01 mode 'http' set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11' set load-balancing reverse-proxy backend bk-01 server srv01 port '80' ``` the rule 10 in the example above would **allow** access to //example.com// only for two subnets(//10.10.10.0/24// and //10.10.11.0/24//), while rule 20 would **deny** access to //new.example.com// for everything but //10.10.12.0/24//.

This feature would allow flexible and fine-grained IP-based access control on [sub]domain level, i.e.: ``` set load-balancing reverse-proxy service my-new-api backend 'new-bk-01' set load-balancing reverse-proxy service my-new-api mode 'http' set load-balancing reverse-proxy service my-new-api port '443' set load-balancing reverse-proxy service my-new-api rule 10 domain-name 'example.com' set load-balancing reverse-proxy service my-new-api rule 10 allow ip '10.10.10.0/24' set load-balancing reverse-proxy service my-new-api rule 10 allow ip '10.10.11.0/24' set load-balancing reverse-proxy service my-new-api rule 20 domain-name 'new.example.com' set load-balancing reverse-proxy service my-new-api rule 20 deny ip '10.10.12.0/24' set load-balancing reverse-proxy service my-new-api ssl certificate 'my-new-api-cert' set load-balancing reverse-proxy backend bk-01 balance 'round-robin' set load-balancing reverse-proxy backend bk-01 mode 'http' set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11' set load-balancing reverse-proxy backend bk-01 server srv01 port '80' ``` the rule 10 in the example above would **allow** access to //example.com// only for two subnets(//10.10.10.0/24// and //10.10.11.0/24//), while rule 20 would **deny** access to //new.example.com// for //10.10.12.0/24//.

This feature would allow flexible and fine-grained IP-based access control on [sub]domain level, i.e.: ``` set load-balancing reverse-proxy service my-new-api backend 'new-bk-01' set load-balancing reverse-proxy service my-new-api mode 'http' set load-balancing reverse-proxy service my-new-api port '443' set load-balancing reverse-proxy service my-new-api rule 10 domain-name 'example.com' set load-balancing reverse-proxy service my-new-api rule 10 allow ip '10.10.10.0/24' set load-balancing reverse-proxy service my-new-api rule 10 allow ip '10.10.11.0/24' set load-balancing reverse-proxy service my-new-api rule 20 domain-name 'new.example.com' set load-balancing reverse-proxy service my-new-api rule 20 deny ip !'10.10.12.0/24' set load-balancing reverse-proxy service my-new-api ssl certificate 'my-new-api-cert' set load-balancing reverse-proxy backend bk-01 balance 'round-robin' set load-balancing reverse-proxy backend bk-01 mode 'http' set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11' set load-balancing reverse-proxy backend bk-01 server srv01 port '80' ``` the rule 10 in the example above would **allow** access to //example.com// only for two subnets(//10.10.10.0/24// and //10.10.11.0/24//), while rule 20 would **deny** access to //new.example.com// for everything but //10.10.12.0/24//.