I found a workaround using header_rewrite plugin
cond %{READ_REQUEST_HDR_HOOK} [AND]
cond %{METHOD} =PURGE [AND]
cond %{CLIENT-HEADER:x-some-header} =somesecret [AND,NOT]
set-status 403
On Mon, 27 Jul 2020 at 14:22, Cameron Braid <[email protected]> wrote:
> Hi,
>
> I am running ats in a kubernetes cluster with istio. The ip based rules
> are not usable in this configuration as every connection comes from
> 127.0.0.1 due to the traffic originating from the istio sidecar proxy
>
> I would like to block access to PURGE requests from the public at large,
> but allow it from an internal service. Is there an alternative way to
> achieve this ?
>
> Cheers
>
> Cameron
>
>
>
