change: if we don't set any IP list, then any IP access is allowed by default for admin API.

2024-11-30 11:07:59 +08:00 · 2019-08-29 15:55:13 +08:00 · 2019-08-29 15:55:13 +08:00 · 2400c048b7
commit 2400c048b7
parent 124a49f267
2 changed files with 21 additions and 16 deletions
--- a/bin/apisix
+++ b/bin/apisix
@ -146,11 +146,12 @@ http {
        listen {* port_admin *};

        location /apisix/admin/ {
-            {% for _, allow_ip in ipairs(allow_admin or {}) do %}
-            allow {*allow_ip*};
-            {% end %}
-            deny all;
-
+            {%if allow_admin then%}
+                {% for _, allow_ip in ipairs(allow_admin) do %}
+                allow {*allow_ip*};
+                {% end %}
+                deny all;
+            {%end%}
            content_by_lua_block {
                apisix.http_admin()
            }
@ -180,10 +181,12 @@ http {

        {% if enable_admin and not port_admin then %}
        location /apisix/admin {
-            {% for _, allow_ip in ipairs(allow_admin) do %}
-            allow {*allow_ip*};
-            {% end %}
-            deny all;
+            {%if allow_admin then%}
+                {% for _, allow_ip in ipairs(allow_admin) do %}
+                allow {*allow_ip*};
+                {% end %}
+                deny all;
+            {%end%}

            content_by_lua_block {
                apisix.http_admin()
@ -197,10 +200,12 @@ http {

        location /apisix/dashboard/ {
            index index.html;
-            {% for _, allow_ip in ipairs(allow_admin) do %}
-            allow {*allow_ip*};
-            {% end %}
-            deny all;
+            {%if allow_admin then%}
+                {% for _, allow_ip in ipairs(allow_admin) do %}
+                allow {*allow_ip*};
+                {% end %}
+                deny all;
+            {%end%}

            alias dashboard/;

--- a/conf/config.yaml
+++ b/conf/config.yaml
@ -5,9 +5,9 @@ apisix:
  enable_admin: true
  enable_debug: false
  enable_ipv6: true
-  allow_admin:                    # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
-    - 127.0.0.0/24
-    - "::/64"
+  # allow_admin:                  # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
+  #   - 127.0.0.0/24              # If we don't set any IP list, then any IP access is allowed by default.
+  #   - "::/64"
  # port_admin: 9180              # use a separate port
  real_ip_header: "X-Real-IP"     # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
  real_ip_from:                   # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from