Allowed Proxy Configuration
The allowed proxy feature facilitates you to learn the true IP address of the REST clients from the audit logs when the client is connecting to the CipherTrust Manager through a load balancer or proxy. This functionality allows to whitelist the trusted IP addresses of the load balancers or proxies. The following operations can be performed:
-
Add proxy (http_proxy, https_proxy, load balancer)
-
Get/list/update proxy
-
Delete proxy
-
Reset proxy
Note
The CipherTrust Manager gets the true IP addresses of the NAE/KMIP clients without considering the proxy whitelisting APIs. The CipherTrust Manager doesn't whitelist the proxies, rather fetches the true client IPs behind all the proxies for NAE/KMIP clients.
Adding allowed proxies
To add the allowed proxies, run:
Syntax
ksctl proxyprotocolallowproxies add --ip-address <allowed/trusted IP address> --description <description>
Example Request
ksctl proxyprotocolallowproxies add --ip-address 10.102.12.1/24 --description aws
Response
{
"id": "068616c1-6213-42fe-8487-58cd918c35dc",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-03-06T07:01:44.742506Z",
"updatedAt": "2023-03-06T07:01:44.742506Z",
"ip_address": "10.102.12.1/24",
"description": "aws"
}
Note
The allowed/trusted IP addresses limit is 1000.
Getting details of allowed proxies
To fetch the details of a proxy, run:
Syntax
ksctl proxyprotocolallowproxies get --id <proxy-id>
Example Request
ksctl proxyprotocolallowproxies get --id 10.12.12.1/24
Response
{
"id": "d73a3417-ca7c-4e69-b6bd-d36cdd3577b5",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-03-06T07:05:21.540765Z",
"updatedAt": "2023-03-06T07:05:21.540765Z",
"ip_address": "10.12.12.1/24",
"description": "aws"
}
Getting list of allowed proxies
To list all the allowed proxies, run:
Syntax
ksctl proxyprotocolallowproxies list
Example Request
ksctl proxyprotocolallowproxies list
Response
{
"skip": 0,
"limit": 10,
"total": 3,
"resources": [
{
"id": "d73a3417-ca7c-4e69-b6bd-d36cdd3577b5",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-03-06T07:05:21.540765Z",
"updatedAt": "2023-03-06T07:05:21.540765Z",
"ip_address": "10.12.12.1/24",
"description": "aws"
},
{
"id": "8856b773-ef84-402a-852f-4114ab4fa9de",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-03-06T07:05:16.567795Z",
"updatedAt": "2023-03-06T07:05:16.567795Z",
"ip_address": "10.102.12.1/24",
"description": "aws"
},
{
"id": "35dbe9b2-9f81-488a-943b-bf744027204c",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-02-14T06:41:10.22379Z",
"updatedAt": "2023-02-14T06:41:10.22379Z",
"ip_address": "10.142.12.12/24"
}
]
}
Updating the allowed proxies
To update a proxy, run:
Syntax
ksctl proxyprotocolallowproxies update --id <proxy-id> --ip_address <http-proxy> --description <description>
Example Request
ksctl proxyprotocolallowproxies update --id cef9ca86-1fb7-4e9b-9d78-13e3a2fdace9 --ip-address 10.102.12.1/24 --description google
Response
{
"id": "068616c1-6213-42fe-8487-58cd918c35dc",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-03-06T07:01:44.742506Z",
"updatedAt": "2023-03-06T07:01:44.742506Z",
"ip_address": "10.102.12.1/24",
"description": "google"
}
Deleting the allowed proxies
To delete a allowed proxy, run;
Syntax
ksctl proxyprotocolallowproxies delete --id <proxy-id>
Example Request
ksctl proxyprotocolallowproxies delete --id 10.102.12.1/24
There will be no response if the proxy is deleted successfully.
Resetting the allowed proxies
To reset the allowed proxies to the default setting, run:
Syntax
ksctl proxyprotocolallowproxies reset
Example Request
ksctl proxyprotocolallowproxies reset
There will be no response if reset happened successfully.