Whitelist / acceslist in routers

Hello,

I'm new with traefik, so i'm sorry if my question is a bit odd. I've tried to search the web for a solution but could not find anything. So i was hoping somebody could help me here.

So why i'm moving to Traefik? I first used Nginx Proxy Manager, but do a recent youtube video about security i've decided to move to Traefik. On my Nginx Proxy Manager I had acceslists, so I could enter my application only from home and work.

I'll but a fake config example here:"

http:
  routers:
    fake-service:
      entryPoints:
        - "https"
      rule: "Host(`fake.fakedomein.com`)"
      middlewares:
        - default-headers
      tls:
        certResolver: http
      service: fake-service

  services:
    fake-service:
      loadBalancer:
        servers:
          - url: "http://10.0.0.105:80"
        passHostHeader: true

  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https
    
    default-headers:
      headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true

    default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/23"
        - "84.100.245.80/32"
        ipStrategy:
          depth: 0

    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers

So what i want is the following: I want a acceslist / whitelist in there routers / services so my application is not open for the whole world. Is it possible? I've found some things about ClientIP but could not get it to work.

Thanx in advanced!

You can use IPWhiteList middleware.

First define it:

# Accepts request from defined IP
http:
  middlewares:
    test-ipwhitelist:
      ipWhiteList:
        sourceRange:
          - "127.0.0.1/32"
          - "192.168.1.7"

Then assign it:

http:
  routers:
    fake-service:
      entryPoints:
        - "https"
      rule: "Host(`fake.fakedomein.com`)"
      middlewares:
        - default-headers
        - test-ipwhitelist

Thank you for you're quick reply, Traefik gives me a error now..

My config file looks like this:

http:
  routers:
    fake-service:
      entryPoints:
        - "https"
      rule: "Host(`fake-service.fakedomain.com`)"
      middlewares:
        - default-headers
	- default-whitelist
      tls:
        certResolver: http
      service: fake-service

  services:
    fake-service:
      loadBalancer:
        servers:
          - url: "http://10.0.0.105:80"
        passHostHeader: true

  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https
    
    default-headers:
      headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true

    default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/23"
        - "84.100.245.80/32"
        ipStrategy:
          depth: 0

    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers

The Traefik error i'm getting is:
time="2023-07-12T08:39:15+02:00" level=info msg="Configuration loaded from file: /traefik.yml"

time="2023-07-12T08:39:15+02:00" level=error msg="Error while building configuration (for the first time): yaml: line 16: found a tab character that violates indentation" providerName=file

time="2023-07-12T08:39:16+02:00" level=error msg="middleware "https-redirect@file" does not exist" routerName=code@docker entryPointName=http

time="2023-07-12T08:39:16+02:00" level=error msg="middleware "secured@file" does not exist" entryPointName=https routerName=code-secure@docker

Oooh wauw, i've found it.... I used tabs... And I need to used space (in the config....)