I am trying to whitelist incoming traffic for a service outside the mesh based on its host, not its IP.
For IP, it sort of comes down to this simple ipBlocks attribute from the source as far as I understand. But is there a solution to whitelist based on the host such as apps.esignlive.com for instance?
(See below)
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: ingress-policy
namespace: istio-system
spec:
selector:
matchLabels:
app: istio-ingressgateway
action: ALLOW
rules:
- from:
- source:
ipBlocks: [“1.2.3.4”, “5.6.7.0/24”]
- source: