Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Limit IPs #166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 26, 2023
Merged

Limit IPs #166

merged 3 commits into from
Nov 26, 2023

Conversation

@umputun
Copy link
Owner

@umputun umputun commented Nov 26, 2023

Implements #119

This PR adds support for the "remote" configuration parameter to all the providers except the basic one (static). If set, it will restrict access to a given route for source IPs or networks. This is what it looks like with the file provider:

srv.example.com:
  - {route: "/something/restricted", dest: "http://127.0.0.2:8082/", "remote": "192.168.1.0/24, 124.0.0.1"}
  - {route: "^/api/svc2/(.*)", dest: "http://127.0.0.2:8080/blah2/$1/abc"}

By default, the remote address from the request is used, however in some cases (proxy in front, docker with bridge network, etc) user may want to use X-Real-IP and X-Forwarded-For headers. This options is off by default, and to turn it on --remote-lookup-headers param or REMOTE_LOOKUP_HEADERS=1 env can be set. It should be used only in trusted environments where bad actors can't set/change those headers.

@umputun
update and vendoring
7e91ccb 
update realip deps

regroup deps, keep all indirect separately
@umputun umputun force-pushed the limit-ips branch 2 times, most recently from 7b08f15 to 6fdaabb Compare November 26, 2023 22:14
@umputun
add middleware to optionally allow requests from giving ips/ranges
218854a 
add new remote param to docker and file providers

lint: http nil body

add support of remote ips to consul provider

local implementation of onlyfrom middleware

lint: missing comment

make proxy tests more readable

preffer public IP if any forwwarded
@umputun
add docs for remote ip limiting
a25f762 
add more info and fix typos

add info to readme
@umputun umputun merged commit 899b552 into master Nov 26, 2023
@umputun umputun deleted the limit-ips branch November 26, 2023 22:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@umputun