Traefik Ingress: Is blacklisting possible?

Question

Whitelisting ips is possible with this annotation: ingress.kubernetes.io/whitelist-source-range: "1.1.1.1/24"

Is it possible to do the same with blacklisting? would be nice to block some suspicous requests.

Unless those IPs are fixed, you really wouldn't want to have to edit the Ingress object every time just to block IPs. That said, [the configuration snippet](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#configuration-snippet) is the way one can inject arbitrary nginx config blocks into a location, allowing you to do whatever you wish. It also seems modern nginx ingress controllers [support an opensource WAF](https://kubernetes.github.io/ingress-nginx/user-guide/third-party-addons/modsecurity/) which may help, too — mdaniel, Feb 28 '21 at 18:29
I have a traefik ingress in my cluster, so nginx options don't help — 8bit, Feb 28 '21 at 21:07
Oh, I see the line in your question where you didn't write that down -- my mistake for not breaking into your cluster to guess that. Good luck with your question — mdaniel, Mar 01 '21 at 01:35

score 2 · Accepted Answer · answered Mar 01 '21 at 09:09

Unfortunately support for blocking ip addresses is not supported natively by traefik and any requests were declined with a comment:

We want to keep the IP filtering section as simple as possible and we think that your use case could be addressed differently.

We think that a blacklisting task can be better achieved using a firewall.

So, for now, and I insist on the "for now", we will decline your pull request.

For the same reason #7926 was declined.

You may be interested though in the those two plugins:

Can I use those plugins with the traefik installed in k3s? – 8bit Mar 01 '21 at 20:59 — 8bit, Mar 01 '21 at 20:59

Traefik Ingress: Is blacklisting possible?

1 Answers1