mirror of
https://gitee.com/iresty/apisix.git
synced 2024-12-14 17:01:20 +08:00
2.0 KiB
2.0 KiB
Summary
Name
The ip-restriction can restrict access to a Service or a Route by either
whitelisting or blacklisting IP addresses. Single IPs, multiple IPs or ranges
in CIDR notation like 10.10.10.0/24 can be used(will support IPv6 soon).
Attributes
| name | option | description |
|---|---|---|
| whitelist | option | List of IPs or CIDR ranges to whitelist |
| blacklist | option | List of IPs or CIDR ranges to blacklist |
One of whitelist or blacklist must be specified, and they can not work
together.
How To Enable
Two steps are required:
- creates a route or service object, and enable plugin
ip-restriction.
curl http://127.0.0.1:9080/apisix/admin/routes/1 -X PUT -d '
{
"uri": "/hello",
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
},
"plugins": {
"ip-restriction": {
"whitelist": [
"127.0.0.1",
"113.74.26.106/24"
]
}
}
}'
Test Plugin
Requests to 127.0.0.1:
$ curl http://127.0.0.1:9080/index.html
HTTP/1.1 200 OK
...
Requests to 127.0.0.2:
$ curl http://127.0.0.2:9080/index.html -i
HTTP/1.1 403 Unauthorized
...
{"message":"Your IP address is not allowed"}
Disable Plugin
When you want to disable the ip-restriction plugin, it is very simple,
you can delete the corresponding json configuration in the plugin configuration,
no need to restart the service, it will take effect immediately:
$ curl http://127.0.0.1:2379/v2/keys/apisix/routes/1 -X PUT -d value='
{
"uri": "/index.html",
"plugins": {},
"upstream": {
"type": "roundrobin",
"nodes": {
"39.97.63.215:80": 1
}
}
}'
The ip-restriction plugin has been disabled now. It works for other plugins.