Comments (4)
iyangsj
commented on June 13, 2024
1
1 这个功能内部版本BFE是支持的,可以考虑将这个功能开源出来
- 如果基于开源版本直接实现,可以调用 web_monitor库的 InitReloadACL() 来定制允许的源地址
2 一些外部用户采用了如下方案来解决这类问题,供参考: @AFreeCoder
- Step1 配置一个特殊的Product及Cluster,Cluster仅包含一个后端实例,指向了“127.0.0.1:<monitor_port>”
- Step2 配置特殊的路由规则,将热加载请求转发到相应Prodcut及Cluster
(例如:热加载请求使用约定的Host及特殊Header) - Step3 配置访问控制规则,仅允许受限的访问
(例如:基于访问源地址、基于请求认证等)
from bfe.
mileszhang2016
commented on June 13, 2024
从安全角度考虑,BFE对发起reload的客户端来源地址确实做了限制,只允许从同机发起。
一种可能的解决方案是对于web-monitor端口的访问增加认证控制机制,从而允许远程触发reload。
如果哪位同学有兴趣,也欢迎贡献这方面的功能代码。
from bfe.
kwanhur
commented on June 13, 2024
建议先将允许的来源地址转移至bfe_server.conf配置文件,而非硬编码在代码中。
from bfe.
bhavyastar
commented on June 13, 2024
Can I work on this issue? @iyangsj @mileszhang2016
from bfe.
Related Issues (20)
- 容器无法运行,这是bug还是我没配置好? HOT 1
- release-v1.4.0在go1.13.8环境编译失败 HOT 1
- 是否支持 域名 转发呢 HOT 2
- 使用默认配置并发时产生500错误 HOT 4
- 源码安装失败 HOT 1
- bfe初始化时没有加载mod_auth_jwt HOT 1
- What is the status of bfe? HOT 1
- CNCF TOC annual review due HOT 1
- 直接docker下来的 bfe 无法直接启动
- http_conn.go有段代码写得不规范或者逻辑不合理 HOT 1
- is there any compression algorithm used in BFE to accelerate the performance? gZip? HOT 1
- 长连接异常断开 HOT 2
- 运行bfe,提示“maxprocs: Leaving GOMAXPROCS=1: CPU quota undefined”错误 HOT 1
- bfe怎么配置,能像nginx一样对某个url地址,允许固定ip访问?
- bfe1.6版本bfe_http transponrt.go的putIdleConn细节处理 HOT 2
- BFE后端服务如何支持https
- Website does not have the correct trademark disclaimer
- slice是否可以去掉在某些情况下的copy动作 HOT 1
- bfe的开源版本大概是基于go1.2 http transport内核开发的,后续是否会升级版本。 HOT 1
- bfe_server.go在InitConfig()漏掉了对WriteTimeout的赋值 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bfe.