Skip to content
铭师堂的云原生升级实践Know more

IP Access Restriction

Function Description

The ip-restriction plugin can restrict access to services or routes by whitelisting or blacklisting IP addresses. It supports restrictions on a single IP address, multiple IP addresses, and CIDR ranges like 10.10.10.0/24.

Running Attributes

Plugin execution phase: Authentication Phase

Plugin execution priority: 210

Configuration Description

Configuration ItemTypeRequiredDefault ValueDescription
ip_source_typestringNoorigin-sourceOptional values: 1. Peer socket IP: origin-source; 2. Get from header: header
ip_header_namestringNox-forwarded-forWhen ip_source_type is header, specify the custom IP source header
allowarrayNo[]Whitelist
denyarrayNo[]Blacklist
statusintNo403HTTP status code when access is denied
messagestringNoYour IP address is blocked.Return message when access is denied
ip_source_type: origin-source
allow:
- 10.0.0.1
- 192.168.0.0/16
ip_source_type: header
ip_header_name: x-real-iP
deny:
- 10.0.0.1
- 192.169.0.0/16