This filter restricts access to the proxied microservice based on the user's Distinguished Name (DN). The whitelist
will allow given DNs, and the blacklist
will forbid given DNs. The behavior of each list is slightly different:
whitelist
- allows all by default, but then allows only the specified DNs if given a non-default string.blacklist
- denies none, but then denies only the specified DNs when given a non-default string.
The users DN comes from the USER_DN
host header. These headers must be supplied by the user, or can set by the gm.inheaders filter somewhere up the connection stream.
Example
Each list is pipe (e.g. "|") delimited.
http_filters:
- name: gm.listauth
config: { whitelist: "cn=luke.skywalker|cn=han.solo", blacklist:"cn=darth.vader" }
Per-Route configuration
{
"blacklist": <string>,
"whitelist": <string>
}
The per-route configuration mirrors the filter configuration.