github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 14:37:00 +00:00
Code Issues Projects Releases Wiki Activity

Made blacklist stricter to deal with alternate versions of true

Browse Source
This commit is contained in:
Isaac Hollander McCreery 2017-08-28 09:04:42 -07:00
parent 98a7311afc
commit 86c0579ee5
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cluster/addons/metadata-proxy/gce/metadata-proxy-configmap.yaml
View File

@ -28,13 +28,13 @@ data:
# Allow for REST discovery.
location = / {
if ($args ~ "recursive=true") {
if ($args ~* "recursive") {
return 403 "?recursive calls are not allowed by the metadata proxy.";
}
proxy_pass http://169.254.169.254;
}
location = /computeMetadata/ {
if ($args ~ "recursive=true") {
if ($args ~* "recursive") {
return 403 "?recursive calls are not allowed by the metadata proxy.";
}
proxy_pass http://169.254.169.254;
@ -42,19 +42,19 @@ data:
# By default, allow the v0.1, v1beta1, and v1 APIs.
location /0.1/ {
if ($args ~ "recursive=true") {
if ($args ~* "recursive") {
return 403 "?recursive calls are not allowed by the metadata proxy.";
}
proxy_pass http://169.254.169.254;
}
location /computeMetadata/v1beta1/ {
if ($args ~ "recursive=true") {
if ($args ~* "recursive") {
return 403 "?recursive calls are not allowed by the metadata proxy.";
}
proxy_pass http://169.254.169.254;
}
location /computeMetadata/v1/ {
if ($args ~ "recursive=true") {
if ($args ~* "recursive") {
return 403 "?recursive calls are not allowed by the metadata proxy.";
}
proxy_pass http://169.254.169.254;