security: add tenant allowlist and WAF canary proof

2026-06-18 16:21:08 -05:00
parent bd050c3d9b
commit 9cef99739a
5 changed files with 90 additions and 8 deletions
--- a/apps-gx10/fc-tenant-andrew/ingressroute-andrew-web.json
+++ b/apps-gx10/fc-tenant-andrew/ingressroute-andrew-web.json
@@ -30,6 +30,31 @@
            "port": 8080
          }
        ]
+      },
+      {
+        "kind": "Rule",
+        "match": "(Host(`bluejay.dev`) || Host(`www.bluejay.dev`)) && PathPrefix(`/admin-allowlist-proof`)",
+        "middlewares": [
+          {
+            "name": "andrew-admin-ip-allowlist",
+            "namespace": "fc-tenant-andrew"
+          },
+          {
+            "name": "andrew-tenant-rate-limit",
+            "namespace": "fc-tenant-andrew"
+          },
+          {
+            "name": "andrew-tenant-secure-headers",
+            "namespace": "fc-tenant-andrew"
+          }
+        ],
+        "priority": 300,
+        "services": [
+          {
+            "name": "andrew-web-waf",
+            "port": 8080
+          }
+        ]
      }
    ],
    "tls": {