Skip to content

Accept traffics to the reverse proxy #38

Description

@snwnde

Per the current principal of operation, traffics within the subnet are dropped unless they are already established or from the whitelisted containers (most likely just the reverse proxy container).

However, there are legitimate cases for containers to initiate connection to the reverse proxy as well. For example, an SSO integration would need to have access to the auth service via the reverse proxy.

With the current implementation, one can either 1. add the containers to the whitelist or 2. turn on ALLOW_HOST_TRAFFIC and make the connection via host port, but both would have a larger attack surface than allowing some containers to initiate the connection to the reverse proxy within the subnet.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions