4:55 a.m.
Hi,
I want to restrict the access to admin console by checking if the `CF-Connecting-IP` does
not exist for a specific path.
I’ve checked this
documentation: http://undertow.io/undertow-docs/undertow-docs-2.0.0/#predicates-attributes-and-handlers
And I’ve come this far, but undertow complains that my expression is not valid:
<expression-filtermodule="io.undertow.core"
name="restrict-admin-console-access"
expression="path-prefix(/auth/admin/console) and not exists(%{i,
CF-Connecting-IP})" />
Any clue?
Thanks
Mark
11:19 a.m.
Hello Mark,
Try this:
<expression-filter module="io.undertow.core"
name="restrict-admin-console-access"
expression="path-prefix(/auth/admin/master/console) and not
exists(%{i,CF-Connecting-IP}) -> response-code(403)" />
First, there should be no space between the comma and the header name. Second, you need to
provide a handler (response code in your case).
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Tue, 2019-02-05 at 11:55 +0100, Mark de Jng wrote:
Hi,
I want to restrict the access to admin console by checking if the `CF-Connecting-IP` does
not exist for a specific path.
I’ve checked this
documentation: http://undertow.io/undertow-docs/undertow-docs-2.0.0/#predicates-attributes-and-handlers
And I’ve come this far, but undertow complains that my expression is not valid:
<expression-filtermodule="io.undertow.core"
name="restrict-admin-console-access"
expression="path-prefix(/auth/admin/console) and not exists(%{i,
CF-Connecting-IP})" />
Any clue?
Thanks
Mark
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2166
days inactive
2166
days old
1 comments
2 participants
participants (2)
-
Dmitry Telegin -
Mark de Jng