Hi Wido, yes I have and http proxy in between. Your right, bucket filtering on the proxy and ACL on the bucket will be simple enough, but I don't know if it will be good enough. I know it's far-fetched but, if, for whatever reason, the access/secret key are leaked, and I have a security issue on the rgw (edge node) then the data could be exposed after modifying the proxy filtering rules. Maybe I could have two proxy, one on the edge node fronting the public network, without filtering, forwarding to a second proxy in the private network, doing the bucket filtering... Thanks! JS _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |