Hi there, just started using zrok as I needed a quick way for publicly sharing my webserver. Firstly, just wanted to say it is incredibly useful and quick to setup. I am using zrok frontdoor for generating a public url for my webserver. However, I am stuck at trying to whitelist/allow certain domains to access my webserver. May I ask what are the best practices for this? I only saw authentication via email(oauth2) or basic HTTP user/password auth, but is there an option to whitelist certain domains?
1 Like
Hi @fishy, welcome to the community and to zrok (and OpenZiti)! We're glad you're enjoying zrok.
I don't belive there is any way for you to accomplish this. zrok is either a public endpoint or a private endpoint. There's no ip-whitelisting. I am not exactly sure what you mean by allowing certain domains. At this time, OIDC and basic auth are the only ways I know of as to how to secure your zrok share.
1 Like
If you require OAuth for your zrok public share, you may allow certain email domain suffixes.
Here's what it looks like if you're running zrok interactively.
zrok reserve public 80 --oauth-email-domains "@example.com" --oauth-email-domains "@acme.example.org"
Since you're using zrok frontdoor, you're probably using configuration variables to set the OAuth emails like this.
ZROK_OAUTH_PROVIDER=google
ZROK_OAUTH_EMAILS="@example.com @acme.example.org"