File tree Expand file tree Collapse file tree 3 files changed +7
-0
lines changed Expand file tree Collapse file tree 3 files changed +7
-0
lines changed Original file line number Diff line number Diff line change @@ -2,6 +2,8 @@ FROM haproxy:2.2-alpine
22
33EXPOSE 2375
44ENV ALLOW_RESTARTS=0 \
5+ ALLOW_STOP=0 \
6+ ALLOW_START=0 \
57 AUTH=0 \
68 BUILD=0 \
79 COMMIT=0 \
Original file line number Diff line number Diff line change @@ -125,6 +125,9 @@ extremely critical but can expose some information that your service does not ne
125125- ` COMMIT `
126126- ` CONFIGS `
127127- ` CONTAINERS `
128+ - ` ALLOW_START ` (containers/` id ` /` start ` )
129+ - ` ALLOW_STOP ` (containers/` id ` /` stop ` )
130+ - ` ALLOW_RESTARTS ` (containers/` id ` /` stop ` |` restart ` |` kill ` )
128131- ` DISTRIBUTION `
129132- ` EXEC `
130133- ` GRPC `
Original file line number Diff line number Diff line change @@ -47,6 +47,8 @@ frontend dockerfrontend
4747 bind :2375
4848 http-request deny unless METH_GET || { env(POST) -m bool }
4949 http-request allow if { path,url_dec -m reg -i ^(/v[\ d\ .]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
50+ http-request allow if { path,url_dec -m reg -i ^(/v[\ d\ .]+)?/containers/[a-zA-Z0-9_.-]+/start } { env(ALLOW_START) -m bool }
51+ http-request allow if { path,url_dec -m reg -i ^(/v[\ d\ .]+)?/containers/[a-zA-Z0-9_.-]+/stop } { env(ALLOW_STOP) -m bool }
5052 http-request allow if { path,url_dec -m reg -i ^(/v[\ d\ .]+)?/auth } { env(AUTH) -m bool }
5153 http-request allow if { path,url_dec -m reg -i ^(/v[\ d\ .]+)?/build } { env(BUILD) -m bool }
5254 http-request allow if { path,url_dec -m reg -i ^(/v[\ d\ .]+)?/commit } { env(COMMIT) -m bool }
You can’t perform that action at this time.
0 commit comments