From 4870961f5b3e5763f277343bcb9aa3ff40f0a9b2 Mon Sep 17 00:00:00 2001
From: Sonny Kieu <sonny.kieu@salsa.digital>
Date: Tue, 10 Oct 2023 19:01:02 +1100
Subject: [PATCH] [DEVOPS-40] Blocked access to Prometheus Exporter metrics
 except from within the cluster.

---
 .../nginx/helpers/208-prometheus-metrics.conf | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .docker/images/nginx/helpers/208-prometheus-metrics.conf

diff --git a/.docker/images/nginx/helpers/208-prometheus-metrics.conf b/.docker/images/nginx/helpers/208-prometheus-metrics.conf
new file mode 100644
index 000000000..b87d385be
--- /dev/null
+++ b/.docker/images/nginx/helpers/208-prometheus-metrics.conf
@@ -0,0 +1,20 @@
+###
+### Deny access to Prometheus Exporter Metrics except from within the cluster.
+### @see https://www.govcms.support/a/solutions/articles/51000005182
+###
+
+location /metrics {
+  allow 13.237.126.195;
+  allow 3.24.141.165;
+  allow 54.66.94.21;
+  allow 3.105.154.56;
+  allow 3.105.156.50;
+  allow 3.24.221.135;
+  allow 13.239.94.234;
+  allow 13.55.172.241;
+  allow 54.252.25.106;
+  allow 3.105.36.208;
+  allow 54.66.105.170;
+  allow 3.105.153.49;
+  deny all;
+}