02/13/2023, 6:20 PM
Hi, I noticed an issue today. It might be obvious but to me it was troublesome. Im running haproxy (kubernetes-ingress) using hostport. I protected a service (exposing an ingress) and used a group for allowing access from specific subnets. (servers are behind a F5 so forwarded headers are used) client-a: blocked client-b: allowed 1. request from client-a is blocked 2. request from client-b open but running an request from client-a directly after request from client-b is not blocked(!). In haproxy I need to set
http-connection-mode: http-server-close
It seems that keep-alive from ingress to service breaks security. Im not sure if this is an issue with nginx. Appreciate any comments.