This repository was archived by the owner on May 30, 2023. It is now read-only.
This repository was archived by the owner on May 30, 2023. It is now read-only.
Add support for IP regexps in allow list #6
Description
AWS LBs (ELB+ALB+NLB) have a really bad habit of using one of the IP Addresses of the LB as the Host Header when making Health checks against instances. It would be nice to be able to allow list 10.[0-9]+.[0-9]+.[0-9]+ to at least somewhat lock down these requests. Obviously this is a weakness, since an attacker could compromise an internal host and route through that, but other solutions would involve using NGINX to rewrite IPs to arbitrary hostnames, or trying to keep track on the changing LB IPs (which can change at will, for ELBs and ALBs). Right now the provided hostnames are escaped, so I can't pass my own regexps in. Thoughts?