traefik_plugin_custom_mtls

package module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2025 License: MIT Imports: 9 Imported by: 0

README

Traefik Plugin For More Liberal mTLS Authentication

This Traefik plugin allows you to define a more fine-grained validation / verification of client certificates. Especially, it allows you to ignore unhandled critical extensions in the client certificate.

Use with care, as this plugin can be used to bypass security mechanisms.

Sample Configuration

The following code snippet is a sample configuration for the dynamic file based provider, but as usual, this plugin should work with all other configuration providers as well.

[http]
[http.routers]
[http.routers.router0]
entryPoints = ["http"]
service = "service-foo"
rule = "Path(`/foo`)"
middlewares = ["test-custom-mtls", "test-passtlsclientcert"]

[http.middlewares]
[http.middlewares.custom-mtls.plugin.customMTLS]
caFiles = ["/path/to/ca.pem"]
allowExtensions = ["1.2.3.4"]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
pem = true

Configuration

This plugin supports the following configuration parameters:

  • caFiles List of CAs to verify against. Mirrors the clientAuth.caFiles setting in Traefik. Default: []
  • allowExtensions (Optional) pass a list of critical extensions that should be ignored despite being unhandled. If empty, all unhandled critical extensions will be ignored. Default: []

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New 

func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error)

New creates a new instance of this plugin

Types

type Config 

type Config struct {
	CAFiles         []FileOrContent `json:"caFiles,omitempty" toml:"caFiles,omitempty" yaml:"caFiles,omitempty"`
	AllowExtensions []string        `json:"allowExtensions,omitempty" toml:"allowExtensions,omitempty" yaml:"allowExtensions,omitempty"`
}

Config is the configuration for this plugin

func CreateConfig 

func CreateConfig() *Config

CreateConfig creates a new configuration for this plugin

type CustomMTLS 

type CustomMTLS struct {
	// contains filtered or unexported fields
}

CustomMTLS represents the basic properties of this plugin

func (*CustomMTLS) ServeHTTP 

func (e *CustomMTLS) ServeHTTP(rw http.ResponseWriter, req *http.Request)

type FileOrContent 

type FileOrContent string

FileOrContent holds a file path or content.

func (FileOrContent) IsPath 

func (f FileOrContent) IsPath() bool

IsPath returns true if the FileOrContent is a file path, otherwise returns false.

func (FileOrContent) Read 

func (f FileOrContent) Read() ([]byte, error)

Read returns the content after reading the FileOrContent variable.

func (FileOrContent) String 

func (f FileOrContent) String() string

String returns the FileOrContent in string format.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.