make IPWhiteList support redirect

pkg/config/dynamic/middlewares.go

@@ -277,6 +277,7 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
 type IPWhiteList struct {
 	SourceRange []string    `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
 	IPStrategy  *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty"  label:"allowEmpty"`
+	Redirect    string      `json:"redirect,omitempty" toml:"redirect,omitempty" yaml:"redirect,omitempty"`
 }
 
 // +k8s:deepcopy-gen=true

pkg/middlewares/ipwhitelist/ip_whitelist.go

@@ -24,6 +24,7 @@ type ipWhiteLister struct {
 	whiteLister *ip.Checker
 	strategy    ip.Strategy
 	name        string
+	redirect    string
 }
 
 // New builds a new IPWhiteLister given a list of CIDR-Strings to whitelist
@@ -52,6 +53,7 @@ func New(ctx context.Context, next http.Handler, config dynamic.IPWhiteList, nam
 		whiteLister: checker,
 		next:        next,
 		name:        name,
+		redirect:    config.Redirect,
 	}, nil
 }
 
@@ -68,15 +70,20 @@ func (wl *ipWhiteLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 		logMessage := fmt.Sprintf("rejecting request %+v: %v", req, err)
 		logger.Debug(logMessage)
 		tracing.SetErrorWithEvent(req, logMessage)
-		reject(ctx, rw)
+		reject(ctx, rw, req, wl.redirect)
 		return
 	}
 	logger.Debugf("Accept %s: %+v", wl.strategy.GetIP(req), req)
 
 	wl.next.ServeHTTP(rw, req)
 }
 
-func reject(ctx context.Context, rw http.ResponseWriter) {
+func reject(ctx context.Context, rw http.ResponseWriter, req *http.Request, redirect string) {
+	if redirect != "" {
+		http.Redirect(rw, req, redirect, http.StatusTemporaryRedirect)
+		return
+	}
+
 	statusCode := http.StatusForbidden
 
 	rw.WriteHeader(statusCode)