To allow tenant users to define IP allow or deny policies on buckets, you must activate IP forwarding.

The different storage platforms support IP forwarding as follows:
Table 1.
Platform IP Forwarding Support
Cloudian Supported with additional configuration of the Cloudian nodes to activate the handling of X-Forwarded-For header.
ECS Supported.
AWS Not supported.
MinIO Not supported.
OSIS Supported only on platforms that can identify the X-Forwarded-For header.

Prerequisites

Verify that the object storage platform accepts the X-Forwarded-For (XFF) header.

Procedure

  1. (Optional) Configure your storage platform to activate IP forwarding.
    If your storage platform requires additional configuration, see the official documentation of the storage platform for the configuration steps.
  2. Configure VMware Cloud Director Object Storage Extension to activate IP forwarding by running the following command:
    ose args set --k=s3.client.ip-forwarded.enabled --v=true
  3. Restart the VMware Cloud Director Object Storage Extension server by running the following command:
    ose service restart

Results

Tenant users can now configure the bucket policy with IP restriction.