ipAllowList with httproute does not allow anything

Hi,

I have a httproute which I want to be only reachable from inside my network with the ipAllowList middleware.

I followed the documentation for middleware here

However, I get a forbidden page from both the allowed and disallowed networks.
The HTTPRoute works correctly without the middleware.

Can anyone help please?

Traefik version 3.2.0
Here is my config:

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: local-network
spec:
  ipAllowList:
    sourceRange:
      - 172.16.1.0/24
    # Trying with depth didn't change anything
    # ipStrategy:
    #   depth: 1
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: service-httproute
spec:
  parentRefs:
    - name: traefik-gateway
      namespace: traefik
      sectionName: websecure
  hostnames:
    - service.xyz.com
  rules:
    - matches:
      - path:
          type: PathPrefix
          value: /subpath
      backendRefs:
        - name: service
          namespace: default
          port: 80
      filters:
        - type: ExtensionRef
          extensionRef:
            group: traefik.io
            kind: Middleware
            name: local-network

Ok, I fixed it.
The problem was in the setup of the traefik service where I had to set externalTrafficPolicy: Local as suggested here

When it was not set, the source IP address changed to a cluster address.

1 Like