mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-06 06:46:26 +01:00
53 lines
1.4 KiB
Plaintext
53 lines
1.4 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * authentication/configuring_user_agent.adoc
|
|
|
|
[id="user-agent-configuring_{context}"]
|
|
= Configuring the user agent
|
|
|
|
As an administrator, you can prevent clients from accessing the
|
|
API with the `userAgentMatching` configuration setting of a master
|
|
configuration.
|
|
|
|
|
|
.Procedure
|
|
|
|
* Modify the master configuration file to include the user agent configuration.
|
|
For example, the following user agent denies the Kubernetes 1.2 client binary,
|
|
OKD 1.1.3 binary, and the POST and PUT `httpVerbs`:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
policyConfig:
|
|
userAgentMatchingConfig:
|
|
defaultRejectionMessage: "Your client is too old. Go to https://example.org to update it."
|
|
deniedClients:
|
|
- regex: '\w+/v(?:(?:1\.1\.1)|(?:1\.0\.1)) \(.+/.+\) openshift/\w{7}'
|
|
- regex: '\w+/v(?:1\.1\.3) \(.+/.+\) openshift/\w{7}'
|
|
httpVerbs:
|
|
- POST
|
|
- PUT
|
|
- regex: '\w+/v1\.2\.0 \(.+/.+\) kubernetes/\w{7}'
|
|
httpVerbs:
|
|
- POST
|
|
- PUT
|
|
requiredClients: null
|
|
----
|
|
+
|
|
The following example denies clients that do not exactly match an expected
|
|
client:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
policyConfig:
|
|
userAgentMatchingConfig:
|
|
defaultRejectionMessage: "Your client is too old. Go to https://example.org to update it."
|
|
deniedClients: []
|
|
requiredClients:
|
|
- regex: '\w+/v1\.1\.3 \(.+/.+\) openshift/\w{7}'
|
|
- regex: '\w+/v1\.2\.0 \(.+/.+\) kubernetes/\w{7}'
|
|
httpVerbs:
|
|
- POST
|
|
- PUT
|
|
----
|